Achieve IT Spend & Staffing Transparency

  • IT spend has increased in volume and complexity, but how IT spend decisions are made has not kept pace.
  • In most organizations, technology has evolved faster than the business’ understanding of what it is, how it works, and what it can do for them.
  • How traditional financial accounting methods are applied to IT expenditure don’t align well to modern IT realities.
  • IT is often directed to make cuts when cost optimization and targeted investment are what’s really needed to sustain and grow the organization in the long term.

Our Advice

Critical Insight

  • Meaningful conversations about IT spend don’t happen nearly as frequently as they should. When they do happen, they are often inhibited by a lack of IT financial management (ITFM) maturity combined with the absence of a shared vocabulary between IT, the CFO, and other business function leaders.
  • Supporting data about actual technology spend taking place that would inform decision making is often scattered and incomplete.
  • Creating transparency in your IT financial data is essential to powering collaborative and informed technology spend decisions.

Impact and Result

  • Understand the uses and benefits of making your IT spend more transparent.
  • Discover and organize your IT financial data.
  • Map your organization’s total technology spend against four IT stakeholder views: CFO, CIO, CXO, and CEO.
  • Gain vocabulary and facts that will help you tell the true story of IT spend.

Members may also be interested in Info-Tech's IT Spend & Staffing Benchmarking Service.

Achieve IT Spend & Staffing Transparency Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Achieve IT Spend & Staffing Transparency Deck – A detailed, do-it-yourself framework and process for clearly mapping your organization’s total technology spend.

This deck mirrors Info-Tech’s own internal methods for delivering its IT Spend & Staffing Benchmarking Service in a do-it-yourself format. Based on Info-Tech’s proven ITFM Cost Model, it includes an IT spend mapping readiness assessment, expert advice for sourcing and organizing your financial data, a methodology for mapping IT staff and vendor spend according to four key stakeholder views (CFO, CIO, CXO, and CEO), and guidance on how to analyze and share your results.

  • Achieve IT Spend & Staffing Transparency Storyboard

2. IT Spend & Staffing Transparency Workbook – A structured Excel tool that allows you to allocate your IT spend across four key stakeholder views and generate high-impact visualizations.

This workbook offers a step-by-step approach for mapping and visualizing your organization’s true IT spend.

  • IT Spend & Staffing Transparency Workbook

3. IT Spend & Staffing Transparency Executive Presentation Template – A PowerPoint template that helps you summarize and showcase key results from your IT spend transparency exercise.

This presentation template offers a recommended structure for introducing key executive stakeholders to your organization’s true IT spending behavior and IT financial management as a whole.

  • IT Spend & Staffing Transparency Executive Presentation Template

Infographic

Further reading

Achieve IT Spend & Staffing Transparency

Lay a foundation for meaningful conversations with the business.

Analyst Perspective

Take the first step in your IT spend journey.

Talking about money is hard. Talking to the CEO, CFO, and other business leaders about money is even harder, especially if IT is seen as just a cost center, is not understood by stakeholders, or is simply taken for granted. In times of economic hardship, already lean IT operations are tasked with becoming even leaner.

When there's little fat to trim, making IT spend decisions without understanding the spend's origin, location, extent, and purpose can lead to mistakes that weaken, not strengthen, the organization.

The first step in optimizing IT spend decisions is setting a baseline. This means having a comprehensive and transparent view of all technology spend, organization-wide. This baseline is the only way to have meaningful, data-driven conversations with stakeholders and approvers around what IT delivers to the business and the implications of making changes to IT funding.

Before stepping forward in your IT financial management journey, know exactly where you're standing today.

Jennifer Perrier, Principal Research Director, ITFM Practice

Jennifer Perrier
Principal Research Director, ITFM Practice
Info-Tech Research Group

Executive Summary

Your Challenge Common Obstacles Info-Tech's Approach
IT spend has increased in volume and complexity, but how IT spend decisions are made has not kept pace:
  • Technology has evolved faster than the business' understanding of what it is, how it works, and what it can do for them.
  • How traditional financial accounting methods are applied doesn't align well to modern IT realities.
  • IT is directed to make cuts when cost optimization and targeted investment are what's really needed to sustain and grow the organization in the long-term.
Meaningful conversations about IT spend don't happen nearly as much as they should. This is often due to:
  • A lack of maturity in how ITFM (IT financial management) is executed within IT and across the organization as a whole.
  • The absence of a shared vocabulary between IT, the CFO, and other business function leaders.
  • Scattered and incomplete data about the actual technology spend taking place in the organization.
Lay a foundation for meaningful conversations and informed decision-making around IT spend.
  • Understand the uses and benefits of making your IT spend more transparent.
  • Discover and organize your IT financial data.
  • Map your organization's total technology spend against four IT stakeholder views: CFO, CIO, CXO, and CEO.
  • Gain both vocabulary and facts that will help you tell the true story of IT spend.

Info-Tech Insight
Create transparency in your IT financial data to power both collaborative and informed technology spend decisions.

IT spend has grown alongside IT complexity

IT spend has grown alongside IT complexity

Growth creates change ... and challenges

IT has become more integral to business operations and achievement of strategic goals, driving complexity in how IT funds are allocated and managed.

How IT funds are spent has changed
Value demonstration is two-pronged. The first is return on performance investment, focused on formal and objective goals, metrics, and KPIs. The second is stakeholder satisfaction, a more subjective measure driven by IT-business alignment and relationship. IT leaders must do both well to prove and promote IT's value.
Funding decision cadence has sped up
Many organizations have moved from three- to five-year strategic planning cycles to one-year planning horizons or less, most noticeably since the 2008/2009 recession. Not only has the pace of technological change accelerated, but so too has volatility in the broader business and economic environments, forcing rapid response.
Justification rigor around IT spend has increased
The need for formal business cases, proposals, and participation in formal governance processes has increased, as has demand for financial transparency. With many IT departments still reporting into the CFO, there's no getting around it - today's IT leaders need to possess financial management savvy.
Clearly showing business value has become priority
IT spend has moved from the purchase of discrete hardware and software tools traditionally associated with IT to the need to address larger-scale issues around interoperability, integration, and virtualized cloud solutions. Today's focus is more on big-picture architecture than on day-to-day operations.

ITFM capabilities haven't grown with IT spend

IT still needs to prove itself.

Increased integration with the core business has made it a priority for the head of IT to be well-versed in business language and practice, specifically in the areas of measurement and financial management.

However, IT staff across all industries aren't very confident in how well IT is doing in managing its finances via three core processes:

  • Accounting of costs and budgets.
  • Optimizing costs to gain the best return on investment.
  • Demonstrating IT's value to the business.

Recent data from 4,137 respondents to Info-Tech's IT Management & Governance Diagnostic shows that while most IT staff feel that these three financial management processes are important, notably fewer feel that IT management is effective at executing them.

IT leadership's capabilities around fundamental cost data capture appear to be lagging, not to mention the essential value-added capabilities around optimizing costs and showing how IT contributes to business value.

Graph of Cost and Budget Management

Graph of Cost Optimization

Questions for support transition

Source: IT Management & Governance Diagnostic, Info-Tech Research Group, 2022.

Take the perspective of key IT stakeholders as a first step in ITFM capability improvement

Other business unit leaders need to deliver on their own specific and unique accountabilities. Create true IT spend transparency by accounting for these multiple perspectives.

Exactly how is IT spending all that money we give them?
Many IT costs, like back-end infrastructure and apps maintenance, can be invisible to the business.

Why doesn't my department get more support from IT?
Some business needs won't align with spend priorities, while others seem to take more than their fair share.

Does the amount we spend on each IT service make sense?
IT will get little done or fall short of meeting service level requirements without appropriate funding.

I know what IT costs us, but what is it really worth?
Questions about value arise as IT investment and spend increase. How to answer these questions is critical.

At the end of the day, telling IT's spend story to the business is a significant challenge if you don't understand your audience, have a shared vocabulary, or use a repeatable framework.

Mapping your IT spend against a reusable framework helps generate transparency

A framework makes transparency possible by simplifying methods, creating common language, and reducing noise.

However, the best methodological framework won't work if the materials and information plugged into it are weak. With IT spend, the materials and information are your staff and your vendor financial data. To achieve true transparency, inputs must have the following three characteristics:

Availability Reliability Usability
The data and information are up-to-date and accessible when needed. The data and information are accurate, complete, and verifiable. The data and information are clearly defined, consistently and predictably organized, consumable, and meaningful for decision-making.

A framework is an organizing principle. When it comes to better understanding your IT spend, the things being organized by a framework are your method and your data.

If your IT spend information is transparent, you have an excellent foundation for having the right conversations with the right people in order to make strategically impactful decisions.

Info-Tech's approach enables meaningful dialogue with stakeholders about IT spend

View of meaningful dialogue with stakeholders about IT spend

Investing time in preparing and mapping your IT spend data enables better IT governance

While other IT spend transparency methods exist, Info-Tech's is designed to be straightforward and tactical.

Info-Tech method for IT spend transparency

Put your data to work instead of being put to work by your data.

Introducing Info-Tech's methodology for creating transparency on technology spend

1. Know your objectives 2. Gather required data 3. Map your IT staff spend 4. Map your IT vendor spend 5. Identify implications for IT
Phase Steps
  1. Review your business context
  2. Set IT staff and vendor spend transparency objectives
  3. Assess effort and readiness
  1. Collect IT staff spend data
  2. Collect IT vendor spend data
  3. Define industry-specific CXO Business View categories
  1. Categorize IT staff spend in each of the four views
  2. Validate
  1. Categorize IT vendor spend in each of the four views
  2. Validate
  1. Analyze your findings
  2. Craft your key messages
  3. Create an executive presentation
Phase Outcomes Goals and scope for your IT spend and staffing transparency effort. Information and data required to perform the IT staff and vendor spend transparency initiative. A mapping of the allocation of IT staff spend across the four views of the Info-Tech ITFM Cost Model. A mapping of the allocation of IT vendor spend across the four views of the Info-Tech ITFM Cost Model. An analysis of your results and a presentation to aid your communication of findings with stakeholders.

Insight Summary

Overarching insight
Take the perspective of key stakeholders and lay out your organization's complete IT spend footprint in terms they understand to enable meaningful conversations and start evolving your IT financial management capability.

Phase 1 insight
Your IT spend transparency efforts are only useful if you actually do something with the outcomes of those efforts. Be clear about where you want your IT transparency journey to take you.

Phase 2 insight
Your IT spend transparency efforts are only as good as the quality of your inputs. Take the time to properly source, clean, and organize your data.

Phase 3 insight
Map your IT staff spend data first. It involves work but is relatively straightforward. Practice your mapping approach here and carry forward your lessons learned.

Phase 4 insight
The importance of good, usable data will become apparent when mapping your IT vendor spend. Apply consistent and meaningful vendor labels to enable true aggregation and insight.

Phase 5 insight
Communicating your final IT spend transparency mapping with executive stakeholders is your opportunity to debut IT financial management as not just an IT issue but an organization-wide concern.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

Use this tool in Phases 1-4

IT Spend & Staffing Transparency Workbook

Input your IT staff and vendor spend data to generate visual outputs for analysis and presentation in your communications.

Key deliverable:

IT Spend & Staffing Transparency Executive Presentation

Create a showcase for your newly-transparent IT staff and vendor spend data and present it to key business stakeholders.

Use this tool in Phase 5

IT and business blueprint benefits

IT Benefits Business Benefits
  • Gain insight into exactly where you're spending IT funds on hardware, software, service providers, and the workforce.
  • Understand how much it's costing IT to deliver specific IT services.
  • Illustrate differences in business consumption of IT spend.
  • Learn the ratio of spend allocated to innovation vs. growth vs. keeping the lights on (KTLO).
  • Develop a series of core IT spend metrics including IT spend as a percent of revenue, IT spend per organization employee, and IT spend per IT staff member.
  • Create a complete IT spend baseline to serve as a foundation for future benchmarking, cost optimization, and other forms of IT financial analysis.
  • Understand the relative allocation of IT spend across capital vs. operational expenditure.
  • See the degree to which IT differentially supports and enables organizational goals, strategies, and functions.
  • Have better data for informing the organization's IT spend allocation and prioritization decisions.
  • Gain better visibility into real-life IT spending behaviors, cadences, and patterns.
  • Identify potential areas of spend waste as well as underinvestment.
  • Understand the true value that IT brings to the business.

Measure the value of this blueprint

You will know that your IT spend and staffing transparency effort is succeeding when:

  • Your understanding of where technology funds are really being allocated is comprehensive.
  • You're having active and meaningful dialogue with key stakeholders about IT spend issues.
  • IT spend transparency is a permanent part of your IT financial management toolkit.

In phase 1 of this blueprint, we will help you identify initiatives where you can leverage the outcomes of your IT spend and staffing transparency effort.

In phases 2, 3, and 4, we will guide you through the process of mapping your IT staff and vendor spend data so you can generate your own IT spend metrics based on reliable sources and verifiable facts.

Win #1: Knowing how to reliably source the financial data you need to make decisions.

Win #2: Getting your IT spend data in an organized format that you can actually analyze.

Win #3: Having a framework that puts IT spend in a language stakeholders understand.

Win #4: Gaining a practical starting point to mature ITFM practices like cost optimization.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit Guided Implementation Workshop Consulting
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

Info-Tech recommends the following calls in your Guided Implementation.

Phase 1: Know your objectives Phase 2: Gather required data Phase 3: Map your IT staff spend Phase 4: Map your IT vendor spend Phase 5: Identify implications for IT
Call #1: Discuss your IT spend and staffing transparency objectives and readiness. Call #2: Review spend and staffing data sources and identify data organization and cleanup needs. Call #3: Review your mapped IT staff spend and resolve lingering challenges. Call #4: Review your mapped IT vendor spend and resolve lingering challenges. Call #5: Analyze your mapping outputs for opportunities and devise next steps.

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between four to six calls over the course of two to three months.

Want even more help with your IT spend transparency effort?

Let us fast-track your IT spend journey.

The path to IT financial management maturity starts with knowing exactly where your money is going. To streamline this effort, Info-Tech offers an IT Spend & Staffing Benchmarking service that provides full transparency into where your money is going without any heavy lifting on your part.

This unique service features:

  • A client-proven approach to meet your IT spend transparency goals.
  • Vendor and staff spend mapping that reveals business consumption of IT.
  • Industry benchmarking to compare your spending and staffing to that of your peers.
  • Results in a fraction of the time with much less effort than going it alone.
  • Expert review of results and ongoing discussions with Info-Tech analysts.

If you'd like Info-Tech to pave the way to IT spend transparency, contact your account manager for more information - we're happy to talk anytime.

Phase 1

Know Your Objectives

This phase will walk you through the following activities:

  • Establish IT spend and staffing transparency uses and objectives
  • Assess your readiness to tackle IT spend and staffing transparency

This phase involves the following participants:

  • Head of IT
  • IT financial lead
  • Other members of IT management

Phase 1: Know your objectives

Envision what transparency can do.

You're at the very beginning of your IT spend transparency journey. In this phase you will:

  • Set your objectives for making your IT spend and staffing transparent.
  • Assess your readiness to tackle the exercise and gauge how much work you'll need to do in order to do it well.

"I've heard this a lot lately from clients: 'I've got my hands on this data, but it's not structured in a way that will allow me to make any decisions about it. I have these journal entries and they have some accounting codes, GL descriptors, cost objects, and some vendors, but it's not enough detail to make any decisions about my services, my applications, my asset spend.'"
- Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group

Transparency positively enables both business outcomes and the practice of business ethics

However, transparency's real superpower is in how it provides fact-based context.

  • More accurate and relevant data for decision-making.
  • Better managed and more impactful financial outcomes.
  • Increased inclusion of people in the decisions that affect them.
  • Clearer accountabilities for organizational efficiency and effectiveness goals.
  • Concrete proof that business priorities and decisions are being acted on and implemented.
  • Greater trust and respect between IT and the business.
  • Demonstration of integrity in how funds are being used.

IT spend transparency efforts are only useful if you actually do something with the outputs

Identify in advance how you plan to leverage IT spend transparency outcomes.

CFO expense view

  • Demonstrate actual IT costs at the right level of granularity.
  • Update/change the categories finance uses to track IT spend.
  • Adjust the expected CapEx/OpEx ratio.

CXO business view

  • Calculate consumption of IT resources by department.
  • Implement a showback/chargeback mechanism.
  • Change the funding conversation about proposed IT projects.

CIO service view

  • Calculate the total cost to deliver a specific IT service.
  • Adjust the IT service spend-to-value ratio as per business priorities.
  • Rightsize IT service levels to reflect true value to the business.

CEO innovation view

  • Formalize the organization's position on use of cloud/outsourcing.
  • Reduce the portion of spend dedicated to "keeping the lights on."
  • Develop a plan for boosting commitment to innovation investment.

When determining your end objectives, think about the real questions IT is being asked by the business and how IT spend transparency will help you answer them.

CFO: Financial accounting perspective

IT spend used to be looked at from a strictly financial accounting perspective - this is the view of the CFO and the finance department. Their question, "exactly how is IT spending all that money we give them," is really about how money is distributed across different asset classes. This question breaks down into other questions that IT leaders needs to ask themselves in order to provide answers:

  • How should I classify my IT costs? What are the standard categories you need to have that are meaningful to folks crunching the corporate numbers? If you're too detailed, it won't make sense to them. If you pick outmoded categories, you'll have to adjust in the future as IT evolves, which makes tracking year-over-year spend patterns harder.
  • What information should I include in my plans and reports? This is about two things. One is about communicating with the finance department in language that reduces back-and-forth and eliminates misinterpretation. The other is about aligning with the categories the finance department uses to track financial data in the general ledger.
  • How do I justify current spend? This is about clarity and transparency. Specifically itemizing spend into categories that are meaningful for your audience does a lot of justification work for you since you don't have to re-explain what everything means.
  • How do I justify a budget increase? In a declining economy, this question may not be appropriate. However, establishing a baseline puts you in a better position to discuss spend requirements based on past performance and to focus the conversation.

Exactly how is IT spending all that money we give them?

Example
Asset Class % IT Spend
Workforce 42.72%
Software - Cloud 9.26%
Software - On Prem 13.61%
Hardware - Cloud 0.59%
Hardware - On Prem 15.68%
Contract Services 18.14%
Info-Tech IT Spend & Staffing Studies, 2022.

CIO: IT operations management perspective

As the CIO role was adopted, IT spend was viewed from the IT operations management perspective. Optimizing the IT delivery model is a critical step to reducing time to provision services. For the IT leader, the questions they need to ask themselves are:

  • What's the impact of cloud adoption on speed of delivery? Leveraging a SaaS solution can reduce time to deployment as well as increase your ability to scale; however, integration with other functionality will still be a challenge that will incur costs.
  • Where can I improve spend efficiency? This is about optimizing spend in your IT delivery model. What service levels does the business require and what's the most cost-effective way to meet those levels without incurring significant technical debt?
  • Is my support model optimized? By reviewing where support staff are focused and which services are using most of your resources, you can investigate underlying drivers of your staffing requirements. If staff costs in support of a business function are high, perhaps the portfolio of applications needs to be reviewed.
  • How does our spend compare to others? Benchmarking against peers is a useful input, but reflects common practice, not best practice. For example, if you need to invest in IT security, your entire industry is lagging on this front, and you happen to be doing slightly better than most, then bringing forth this benchmark won't help you make the case. Starting with year-over-year internal benchmarking is essential - establish your categories, establish your baseline, and track it consistently.

Does the amount we spend on each IT service make sense?

Example
Service Area % IT Spend
App Development 9.06%
App Maintenance 30.36%
Hosting/Network 25.39%
End User 18.59%
Data & BI 3.58%
Security & Risk 5.21%
IT Management 7.82%
Info-Tech IT Spend & Staffing Studies, 2022.

CXO: Business unit perspective

As business requests have increased, so too has the importance of the business unit perspective. Each business function has a unique mandate to fulfill in the organization and also competes with other business functions for IT resources. By understanding business consumption of IT, organizations can bring transparency and drive a different dialog with their business partners. Every IT leader should find out the answers to these questions:

  • Which business units consume the most IT resources? By understanding consumption of IT by business function, IT organizations can clearly articulate which business units are getting the highest share of IT resources. This will bring much needed clarity when it comes to IT spend prioritization and investment.
  • Which business units are underserved by IT? By providing full transparency into where all IT spend is consumed, organizations can determine if certain business functions may need increased attention in an upcoming budget cycle. Knowing which levers to pull is critical in aligning IT activities with delivering business value.
  • How do I best communicate spend data internally? Different audiences need information presented to them differently. This is not just about the language - it's also about the frequency, format, and channel you use. Ask your audiences directly what methods of communication stand the best chance of you being seen and heard.
  • Where do I need better business sponsorship for IT projects? If a lot of IT spend is going toward one or two business units, the leaders of those units need to be active sponsors of IT projects and associated spend that will benefit all users.

Why doesn't my business unit get more support from IT?

Example
Business Function % IT Spend
HR Department 6.16%
Finance Department 15.15%
IT Department 10.69%
Business Function 1 23.80%
Business Function 2 10.20%
Business Function 3 6.80%
Business Function 4 27.20%
Source: Info-Tech IT Spend & Staffing Studies, 2022.

CEO: Strategic vs. operations perspective

With a business view now available, evaluating IT spend from a strategic standpoint is critical. Simply put, how much is being spent keeping the lights on (KTLO) in the organization versus supporting business or organizational growth versus net-new business innovations? This view is not about what IT costs but rather how it is being prioritized to drive revenue, operating margin, or market share. Here are the questions IT leaders should be asking themselves along with the organization's executive leadership and the CEO:

  • Why is KTLO spend so high? This question is a good gauge of where the line is drawn between operations and strategy. Many IT departments want to reduce time spent on maintenance and redeploy resource investment toward strategic projects. This reallocation must include retiring or eliminating technologies to free up funds.
  • What should our operational spend priorities be? Maintenance and basic operations aren't going anywhere. The issue is what is necessary and what could be done more wisely. Are you throwing good money after bad on a high-maintenance legacy system?
  • Which projects and investments should we prioritize? The answer to this question should tightly align with business strategic goals and account for the lion's share of growth and innovation spend.
  • Are we spending enough on innovative initiatives? This is the ultimate dialogue between business partners, the CEO, and IT that needs to take place, yet often doesn't.

I know what IT costs us, but what is it really worth?

Example
Focus Area % IT Spend
KTLO 89.16%
Grow 7.18%
Innovate 3.66%
Info-Tech IT Spend Studies, 2022.

Be clear about where you want your IT spend transparency journey to take you in real life

Transparent IT spend data will allow you to have conversations you couldn't have before. Consider this example of how telling an IT spend story could evolve.

I want to ...
Analyze the impact of the cloud on IT operating expenditure to update finance's expectations of a realistic IT CapEx/OpEx ratio now and into the future.

To address the problem of ...

  • Many of our key software vendors have eliminated on-premises products and only offer software as an OpEx service.
  • Assumptions that modern IT solutions are largely on-premises and can be treated as capitalizable assets are out-of-date and don't reflect IT financial realities.

And will use transparency to ...

  • Provide the CFO with specific, accurate, and annotated OpEx by product/service and vendor for all cloud-based and on-premises solutions.
  • Facilitate a realistic calculation of CapEx/OpEx distribution based on actuals, as well as let us develop defendable projections of OpEx into the future based on typical annual service fee increases and anticipated growth in the number of users/licenses.

1.1 Establish ITFM objectives that leverage IT spend transparency

Duration: One hour

  1. Consider the problems or issues commonly voiced by the business about IT, as well as your own ongoing challenges in communicating with stakeholders. Document these problems/issues as questions or statements as spoken by a person. To help structure your brainstorming, consider these general process domains and examples:
    1. Spend tracking and reporting. E.g. Why is IT's OpEx so high? We need you to increase IT's percentage of CapEx.
    2. Service levels and business continuity. E.g. Why do we need to hire more service desk staff? There are more of them in IT than any other role.
    3. Project and operations resourcing. E.g. Why can't IT just buy this new app we want? It's not very expensive.
    4. Strategy and innovation. E.g. Did output increase or decrease last quarter per input unit? IT should be able to run those reports for us.
  2. For each problem/issue noted, identify:
    1. The source(s) of the question/concern (e.g. CEO, CFO, CXO, CIO).
    2. The financial process involved (e.g. accurate costing, verification of costs, building a business case to invest).
  3. For each problem/issue, identify a broader project-style initiative where having transparent IT spend data is a valuable input. One initiative may apply to multiple problems/issues. For each initiative:
    1. Give it a working title.
    2. State the goal for the initiative with reference to ITFM aspirations.
    3. Identify key stakeholders (these will likely overlap with the problem/issue source).
    4. Set general time frames for resolution.

Document your outputs on the slide immediately following the instruction slides for this exercise. Examples are included.

1.1 Establish ITFM objectives that leverage IT spend transparency

Input Output
  • Organizational knowledge
  • List of the potential uses and objectives of transparent IT spend and staffing data
Materials Participants
  • Whiteboard/flip charts
  • Head of IT
  • IT financial lead

ITFM initiatives that leverage transparency

Problem/Issue Statement Source/ Stakeholder Associated ITFM Process Potential Initiative Initiative Goal Time Frame
"Why is IT's OpEx so high? We need you to increase IT's percentage of CapEx." CFO IT spend categorization and reporting. Analyze the impact of the cloud on IT operating expenditure. To update finance's expectations of a realistic IT CapEx/OpEx ratio. <12 months
"Why do we need to hire more service desk staff? There are more of them in IT than any other role." CFO, VP of HR Business case for hiring IT staff. Document ongoing IT support requirements for proposed ERP platform migration project. To ensure sufficient resources for an anticipated increase in service desk tickets due to implementation of a new ERP system. 1-3 months
"Why can't IT just buy this new app we want? It's not very expensive." CEO, all CXOs/VPs Total cost of technology ownership. Develop a mechanism to review the lifecycle impact on IT of proposed technology purchases. To determine if functionality of new tool already exists in the org. and the total cost of ownership of a new app. <6 months
"Did output increase or decrease last quarter per input unit? IT should be able to run those reports for us." CEO, CFO, VP of Production IT service costing. Develop an organizational business intelligence strategy. To create a comprehensive plan for evolving BI capability in the organization and transferring report development to users. Select a department for pilot. <12 months

Your organization's governance culture will affect how you approach transparency

Know your governance culture Lower Governance
  • Few regulations.
  • Financial reporting is largely internal.
  • Change is frequent and rapid.
  • Informal or nonexistent mechanisms and structures.
  • Data sharing behavior driven by competitive concerns.
Higher Governance
  • Many regulations.
  • Stringent and regular external reporting requirements.
  • Change is limited and/or slow.
  • Defined and established mechanisms and structures.
  • Data sharing behavior driven by regulatory concerns.
Determine impact on opportunities How does your governance culture impact IT spend transparency opportunities?
Resistance to formality and bureaucracy Resistance to change and uncertainty
Set expectations and approach You have plenty of room to implement transparency rigor within the confines of IT, but getting others to give you the time and attention you want will be a challenge. One-on-one, informal relationship building to create goodwill and dialogue is needed before putting forth recommendations or numbers. Many existing procedures must be accommodated and respected. While you can benefit by working with preexisting mechanisms and touchpoints, expect any changes you want to make to things like IT cost categories or CapEx/OpEx ratios to require a lot of time, meetings, and case-making.

IT's current maturity around ITFM practice will also affect your approach to transparency

Know your ITFM maturity level Lower ITFM Maturity
  • No/few formal policies, standards, or procedures exist.
  • There is little/no formal education or experience within IT around budget, costing, charging, or accounting practices.
  • Financial reporting is sporadic and inconsistent in its contents.
  • Business cases are rarely used in decision-making.
  • Financial data is neither reliable nor readily available.
Higher ITFM Maturity
  • Formal policies, standards, and procedures are enforced organization-wide for all financial management activities.
  • Formally-trained accountants are embedded within IT.
  • Financial reporting is regular, scheduled, and defined.
  • Business cases are leveraged in most decision-making activities.
  • Financial data is governed, centralized, and current.
Determine stakeholders' financial literacy How does your degree of ITFM maturity impact IT spend transparency opportunities?
Improve your own financial literacy first Determine stakeholders' financial literacy
Set expectations and approach Brush up on core financial management and accounting concepts before taking the discussion beyond IT's walls. Do start mapping your costs, but just know how to communicate what the data is saying before sharing it. Not everyone will be at your level, familiar with ITFM language and concepts, or focused on the same things you are. Gauge where your audience is at so you can prepare for meaningful dialogue.

1.2 Assess your readiness to tackle IT spend transparency

Duration: One hour

Note: This assessment is general in nature. It's intended to help you identify and prepare for potential challenges in your IT spend and staffing transparency effort.

  1. Rate your agreement with the "Data & Information" and "Experience, Expertise, & Support" statements listed on the slide immediately following the two instruction slides for this exercise. For each statement, indicate the extent to which you agree or disagree, where:
    1. 1 = Strongly disagree
    2. 2 = Disagree
    3. 3 = Neither agree nor disagree
    4. 4 = Agree
    5. 5 = Strongly agree
  2. Add up your numerical scores for all statements, where the highest possible score is 65.
  3. Assess your general readiness against the following guidelines:
    1. 50-65: Ready. The transparency exercise will involve work, but should be straightforward since you have the data, skills, tools, processes, and support to do it.
    2. 40-49: Ready, with caveats. The transparency exercise is doable but will require some preparatory legwork and investigation on your part around data sourcing, organization, and interpretation.
    3. 30-39: Challenged. The transparency exercise will present some obstacles. Expect to encounter data gaps, inconsistencies, errors, roadblocks, and frustrations that will need to be resolved.
    4. Less than 30: Not ready. You don't have the data, skills, tools, processes, and/or support to do the data transparency exercise. Take time to develop a stronger foundation of financial literacy and governance before tackling it.

Document your outputs on the slide immediately following the two instruction slides for this exercise.

1.2 Assess your readiness to tackle IT spend transparency

InputOutput
  • Organizational knowledge
  • Estimation of IT spend and staffing transparency effort
MaterialsParticipants
  • Whiteboard/flip charts
  • Head of IT
  • IT financial lead

IT spend transparency readiness assessment

Data & Information
Statement Rating
We know how to access all IT department spend records.
We know how to access all non-IT-department technology spend records.
We know how to access all IT vendor/contractor agreements.
We know how to access data about our IT staff costs and allocation, such as organizational charts and salaries/benefits.
Our financial and staffing data is up-to-date.
Our financial and staffing data are labeled, described, and organized so that we know what they're referring to.
Our financial and staffing data are in a format that we can easily manipulate (e.g. export, copy and paste, perform calculations).
Experience, Expertise, & Support
Statement Rating
We have sufficient expertise within the IT department to navigate and accurately interpret financial records.
We have reasonable access to expertise/resources in our finance department to support us in an IT spend transparency exercise.
We can allocate sufficient time (about 40 hours) and resources in the near term to do an IT spend transparency exercise.
We have current accountabilities to track and internally report financial information to others on at least a monthly basis.
There are existing financial policies, procedures, and standards in the organization with which we must closely adhere and comply.
We have had the experience of participating in, or responding to the results of, an internal or external audit.

Rating scale:
1 = Strongly Disagree; 2 = Disagree; 3 = Neither agree nor disagree; 4 = Agree; 5 = Strongly agree
Assessment scale:
Less than 30 = Not ready; 30-39 = Challenged; 40-49 = Ready with caveats; 50-65 = Ready

Take a closer look at the statements you rated 1, 2, or 3. These will be areas of challenge no matter what your total score on the assessment scale.

Phase 1: Know your objectives

Achievement summary

You've now completed the first two steps on your IT spend transparency journey. You have:

  • Set your objectives for making your IT spend and staffing transparent.
  • Assessed your readiness to tackle the exercise and know how much work you'll need to do in order to do it well.

"Mapping to a transparency model is labor intensive. You can do it once and never revisit it again, but we would never advise that. What it does is play well into an IT financial management maturity roadmap."
- Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

Phase 2

Gather Required Data

This phase will walk you through the following activities:

  • Gather, clean, and organize your data
  • Build your industry-specific business views

This phase involves the following participants:

  • Head of IT
  • IT financial lead
  • Other members of IT management

Phase 2: Gather required data

Finish your preparation.

You're now ready to do the final preparation for your IT spend and staffing transparency journey. In this phase you will:

  • Gather your IT spend and staffing data and information.
  • Clean and organize your data to streamline mapping.
  • Identify your baseline data points.

"Some feel like they don't have all the data, so they give up. Don't. Every data point counts."
- Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

Your IT spend transparency efforts are only as good as the quality of your inputs

Aim for a comprehensive, complete, and accurate set of data and information.

Diagram of comprehensive, complete, and accurate set of data and information

Start by understanding what's included in technology spend

Info-Tech's ITFM Technology Inventory

In scope:

  • All network, telecom, and data center equipment.
  • All end-user productivity software and devices (e.g. laptops, peripheral devices, cell phones).
  • Information security.
  • All acquisition, development, maintenance, and management of business and operations software.
  • All systems used for the storage and management of business assets, data, records, and information.
  • All managed IT services.
  • Third-party consulting services.
  • All identifiable spend from the business for the above.

Expand your thinking: Total tech spend goes beyond what's under IT's operational umbrella

"Technology" means all technology in the organization regardless of where it lives, who bought it, who owns it, who runs it, or who uses it.

IT may have low or no visibility into technologies that exist in the broader business environment beyond IT. Accept that you won't gain 100% visibility right now. However, do get started and be persistent.

Where to look for non-IT technology ...

  • Highly specialized business functions - niche tools that are probably used by only a few people.
  • Power users and the "underserved" - cloud-based workflow, communication, and productivity tools they got on their own.
  • Operational technology - network-connected industrial, building, or physical security sensors and control systems.
  • Recently acquired/merged entities - inherited software.

Who might get you what you need ...

  • Business unit and team leaders - identification of what they use and copies of their spend records and/or contracts.
  • Finance - a report of the "software" expenditure category to spot unrecognized technologies and their owners.
  • Vendors - copies of contracts if not forthcoming internally.
  • Your service desk - informal knowledge gained about unknown technologies at play in the course of doing their job.

The IT spend and staffing transparency exercise is an opportunity to kick-start a technology discovery process that will give you and the business a true picture of your technology profile, use, and spend.

Seek out data at the right level of granularity with the right supporting information

Key data and information to seek out:

  • Credits applied to appropriate debits that show net expense, or detailed descriptions of credits with no matching debit.
  • Cash-based accounting (not accrual accounting). If accrual, will need to determine how to simplify the data for your uses.
  • Vendor names, asset classes, descriptors, and departments.
  • A total spend amount (CapEx + OpEx) that:
    • Aligns with the spend period.
    • Passes your gut check for total IT spend.
    • Includes annual amounts for multi-year contracts (e.g. one year of a three-year Microsoft enterprise agreement).
    • Includes technology spend from the business (e.g. OT that IT supports).
  • Insights on large projects.
  • Consolidated recurring payments, salaries and benefits, and other small expenses.

Look for these data descriptors in your files:

  • Cost center/accounting unit
  • Cost center/department description
  • GL ACCT
  • CL account description
  • Activity description
  • Status
  • Program/business function/project description
  • Accounting period
  • Transaction amount
  • Vendor/vendor name
  • Product/product name

Avoid data that's hard to use or problematic as it will slow you down and bring limited benefits

Spend data that's out of scope:

  • Depreciation/amortization.
  • Gain or loss of asset write-off.
  • Physical security (e.g. key cards, cameras, motion sensors, floodlights).
  • Printer consumables costs.
  • Heating and cooling costs (for data centers).

Challenging data formats:

  • Large raw data files with limited or no descriptors.
  • Major accounts (hardware and software) combined in the same line item.
  • Line items (especially software) with no vendor reference information.
  • PDF files or screenshots that you can't extract data from readily. Use Excel or CSV files whenever possible.

Getting at the data you need can be easy or hard – it all depends

This is where your governance culture and ITFM maturity start to come into play.

Data source Potential data and information What to expect
IT Current/past budget, vendor agreements, IT project records, discretionary spend, number of IT employees. The rigor of your ITFM practice and centralization of data and documents will affect how straightforward this is.
Finance General ledger, cash and income statements, contractor payments and other accounts payable, general revenue. Secure their expertise early. Let them know what you're trying to do and what you need. They may be willing to prepare data for you in the format you need and help you decipher records.
Purchasing List of vendors/suppliers, vendor agreements, purchase invoices. Purchasing often has more descriptive information about vendors than finance. They can also point you to tech spend in other departments that you didn't know about.
Human Resources Organizational chart, staff salaries and benefits, number of employees overall and by department. Data about benefits costs is something you're not likely to have, and there's only one place you can reliably get it.
Other Business Units Non-IT technology spend vendor agreements and purchase invoices, number of department employees. Other departments may be tracking spend in an entirely different way than you. Be prepared to dig and reconcile.

There may be some data or information you can't get without a Herculean effort. Don't worry about it too much - these items are usually relatively minor and won't significantly affect the overall picture.

Commit to finding out what you don't know

Many IT leaders don't have visibility into other departments' technology spend. In some cases, the fact that spend is even happening may be a complete surprise.

Near-term visibility fix ...

  • Ask your finance department for a report on all technology-related spend categories. "Software" is a broad category that finance departments tend to track. Scan the report for items that don't look familiar and confirm the originating department or approver.
  • Check in with the procurement office. See what technology-related contracts they have on record and which departments "own" them. Get copies of those contracts if possible.
  • Contact individual department heads or technology spend approvers. Devise your contact shortlist based on what you already know or learned from finance and procurement. Position your outreach as a discovery process that supports your transparency effort. Avoid coming across as though you're judging their spend or planning to take over their technologies.

Long-term visibility fix ...

  • Develop your relationships with other business unit leaders. This will help open the lines of communication permanently.
  • Establish a cross-functional central technology office or group. The main task of this unit is to set and manage technology standards organization-wide, including standards for tracking and documenting technology costs and asset lifecycle factors.
  • Ensure IT is formally involved in all technology spend proposals and plans. This gives IT the opportunity to assess them for security compliance, IT network/system interoperability, manageability, and IT support requirements prior to purchase.
  • Ensure IT is notified of all technology financial transactions. This includes contracts, invoices, and payments for all one-time purchases, subscription fees, and maintenance costs.

Finally, note any potential anomalies in the IT spend period you're looking at

No two years have the exact same spend patterns. One-time spend for a big capital project, for example, can dramatically alter your overall spend landscape.

Look for the following anomalies:

  • New or ongoing capital implementations or projects that span more than one fiscal year.
  • Completed projects that have recently transitioned, or are transitioning, from CapEx (decreasing) to OpEx (increasing).
  • A major internal reorganization or merger, acquisition, or divestiture event.
  • Crises, disasters, or other rare emergencies.
  • Changes in IT funding sources (e.g. new or expiring grants).

These anomalies often explain why IT spend is unusually high in certain areas. There's often a good business reason.

In many cases, doing a separate spend transparency exercise for these anomalous projects or events can isolate their costs from other spend so their true nature and impact can be better understood.

2.1 Gather your input data and information

Duration: Variable

  1. Develop a complete list of the spending and staffing data and information you need to complete the transparency mapping exercise. For each required item, note the following:
    1. Description of data needed (i.e. type, timeframe, and format).
    2. Ideal timeframe or deadline for receipt.
    3. Probable source(s) and contact(s).
    4. Additional facilitation/support required.
    5. Person on your transparency team responsible for obtaining it.
  2. Set up a data and information repository to store all files as soon as they're received. Ideally, you'll want all data/information files to be in an electronic format so that everything can be stored in one place. Avoid paper documents if possible.
  3. Conduct your outreach to obtain the input data and information on your list. This could include delegating it to a subordinate, sending emails, making phone calls, booking meetings, and so on.
  4. Review the data and information received to confirm that it's the right type of data, at the correct level of granularity, for the right timeframe, in a usable format, and is generally accurate.
  5. Enter documentation about your data and information sources in tab "1. Data & Information Sources" in the IT Spend & Staffing Transparency Workbook to reflect what you needed and where you got it in order to make the discovery process easier in the future.
  6. In the same tab in the IT Spend & Staffing Transparency Workbook, document any significant events that occurred that directly or indirectly impacted the selected year's spend values. These could include mergers/acquisitions/divestitures, major reorganizations or changes in leadership, significant shifts in product offerings or strategic direction, large capital projects, legal/regulatory changes, natural disasters, or changes in the economy.

Download the IT Spend & Staffing Transparency Workbook

2.1 Gather your input data and information

InputOutput
  • Knowledge of potential data and information sources
  • List of data and information required to complete the IT spend and staffing transparency exercise
MaterialsParticipants
  • Whiteboard/flip charts
  • Head of IT
  • IT financial lead

Tidy up your data before beginning any spend mapping

Most organizations aren't immaculate in their tech spend documentation and tracking practices. This creates data rife with gaps that lives in hard-to-use formats.

The more preparation you do to approach the "good data" intersection point in the diagram below, the easier your mapping effort will be and the more useful and insightful your final findings.

Venn diagram of good data

Make your data "un-unique" to reduce the number of line items and make it manageable

There's a good chance that the IT spend data you've received is in the form of tens of thousands of unique line items. Use the checklist below to help you roll it up.

Warning: Never overwrite your original data. Insert new columns/rows and put your alternate information in these instead.

Step 1: Standardize vendor names

  • Start with known large vendors.
  • Select a standard name for the vendor.
  • Brainstorm possible variations on the vendor name, including abbreviations and shortforms.
  • Search for the vendor in your data and document the new standardized vendor name in the appropriate row.
  • Repeat the above for all vendors.
  • Sort the new vendor name column from A-Z. Look for instances where names remain unique or are missing entirely. Reconcile if needed and fill in missing data.

Step 2: Consolidate vendor spend

  • Sort the new vendor name column from A-Z. Start with vendors that have the most line items.
  • Add together related spend items from a given vendor. Create a new row for the consolidated spend item and flag it as consolidated. Keep the following item types in separate rows:
    • Hardware vs. software spend for the same vendor.
    • Cloud vs. on-premises spend for the same vendor.
  • Repeat the above for all vendors.
  • Consider breaking out separate rows for overly consolidated line items that contain too many different types of IT spend.

2.2 Clean and organize your data

Duration: Variable

  1. Check to ensure that you have all data and information required to conduct the IT spend transparency exercise.
  2. Conduct an initial scan to assess the data's current state of hygiene and overall usability. Flag anything of concern and follow up with the data/information provider to fix or reconcile any issues.
  3. Normalize your data to make it easier to work with. This includes selecting data format standards and changing anything that doesn't conform to those standards. This includes items such as date conventions, currencies, and so on.
  4. Standardize product and vendor naming/references throughout to enable searching, sorting, and grouping. For example, Microsoft Office may be variably referred to as "Microsoft", "Office", "Office 365", and "Office365" throughout your data. Pick one descriptor for the product/vendor and replace all related references with that descriptor.
  5. Consolidate and aggregate your data. Ideally, the data you received from your sources has already been simplified; however, you may need to further organize it to reduce the number of individual line items to a more manageable number. The transparency exercise uses relatively high-level categories, so combine data sets and aggregate where feasible without losing appropriate granularity.
  6. Archive any original copies of files that have been modified or replaced with consolidated/aggregated versions for future reference if needed.

2.2 Clean and organize your data

InputOutput
  • Data and information files
  • A normalized set of data and information for completing the IT spend and staffing transparency exercise
MaterialsParticipants
  • Whiteboard/flip charts
  • Head of IT
  • IT financial lead

Select IT spend "buckets" for the CXO Business View as your final preparatory step

Every organization has both industry-agnostic and industry-specific lines of business that are the direct beneficiaries of IT spend.

Common shared business functions:

  • Human resources.
  • Finance and accounting.
  • Sales/customer service.
  • Marketing and advertising.
  • Legal services and regulatory compliance.
  • Information technology.

It may seem odd to see IT on the business functions list since the purpose of this exercise is to map IT spend. For business view purposes, IT spend refers to what IT spends on itself to support its own internal operations.

Examples of industry-specific functions:

  • Manufacturing: Product research and development; production operations; supply chain management.
  • Retail banking: Core banking services; loan, mortgage and credit services; investment and wealth management services.
  • Hospitals: Patient intake and admissions; patient diagnosis; patient treatment; patient recovery and ongoing care.
  • Insurance: Actuarial analysis; policy creation; underwriting; claims processing.

See the Appendix of this blueprint for definitions of shared business functions plus sample industry-specific business view categories.

Define your CXO Business View categories to set yourself up well for future ITFM analyses

The CXO Business View buckets you set up today are tools you can and should reuse in your overall approach to ITFM governance. Spend some time to get them right.

Stay high-level

Getting too granular invites administrative headaches and overhead. Keep things high-level and general:

  • Limit the number of direct stakeholders represented: This will reduce communication overhead and ensure you're dealing only with people who have real decision-making authority.
  • Look to your org. chart: Note the departments or business units listed across the top of the chart that have one executive or top-ranking senior manager accountable for them. These business units often translate as-is into a tidy CXO Business View category.

Limit your number of buckets

Tracking IT spend across more than 8-10 shared and industry-specific business categories is impractical.

  • Simplify your options: Too many buckets gets confusing and invites time-wasting doubt.
  • Reduce future rework: Business structures will change, which means recategorizing spend data. Using a forklift is a lot easier than using tweezers.
  • Stick to major business units: Create separate "Business Other" and "Industry Other" catch-all categories to track IT spend for smaller functions that fall outside of major business unit structures.

Stay high-level with the CXO Business View

Be clear on what's in and what's out of your categories to keep everyone on the same page

Clear lines of demarcation between CXO Business View categories reduce confusion, doubt, and wheel-reinvention when deciding where to allocate IT spend.

Ensure clear boundaries

Mutual exclusivity is key when defining categories in any taxonomical structure.

  • Avoid overlaps: Each high-level business function category should have few or no core function or process overlaps with another business function category. Aim for clear vertical separation.
  • Be encompassing: When defining a category, list all the business capabilities and sub-functions included in that category. For example, if defining the finance and accounting function, remember to specify its less obvious accountabilities, like enterprise asset management if appropriate.

Identify exclusions

Listing what's out can be just as informative and clarifying as listing what's in.

  • Beware odd bedfellows: Minor business groups are often tucked under a bigger organizational entity even though the two use different processes and technologies. Separate them if appropriate and state this exclusion in the bigger entity's definition.
  • Draw a line: If a process crosses business function categories, state which sub-steps are out of scope.
  • Document your decisions: This helps ensure you allocate IT spend the same way every time.

Clear lines of demarcation between CXO Business View categories

2.3 Build your industry-specific business views

Duration: Two hours

  1. Confirm your list of high-level shared business services (human resources, finance and accounting, etc.) as provided in Info-Tech's IT Spend & Staffing Transparency Workbook. Rename them if needed to match the nomenclature used in your organization.
  2. Set and define your additional list of high-level, industry-specific business categories that are unique to or define your industry. See the slides immediately following this exercise for tips on developing these categories, as well as the appendix of this blueprint for some examples of industry-specific categories and definitions.
  3. Create "Business Other" and "Industry Other" categories to capture minor groups and activities supported by IT that fall beyond the major shared and industry-specific business functions you've shortlisted. Briefly note the business groups/activities that fall under these categories.
  4. Edit/enter your shared and industry-specific business function categories and their definitions on tab "2. Business View Definitions" in the IT Spend & Staffing Transparency Workbook.

Download the IT Spend & Staffing Transparency Workbook

2.3 Build your industry-specific business views

InputOutput
  • Knowledge about your organization's structure and business functions/units
  • A list of major shared business functions and industry-specific business functions/capabilities that are defining of your industry
MaterialsParticipants
  • Whiteboard/flip charts
  • Head of IT
  • IT financial lead

Lock in key pieces of baseline data

Calculating core IT spend metrics relies on a few key numbers. Settle these first based on known data before diving into detailed mapping.

These baseline data will allow you to calculate high-level metrics like IT spend as a percent of revenue and year-over-year percent change in IT spend, as well as more granular metrics like IT staff spend per employee for a specific IT service.

Baseline data checklist

  • IT spend analysis period (date range).
  • Currency used.
  • Organizational revenue.
  • Organizational OpEx.
  • Total current year IT spend.
  • Total current year IT CapEx and IT OpEx.
  • Total previous-year IT spend.
  • Total projected next-year IT spend.
  • Number of organizational employees.
  • Number of IT employees.

You may have discovered some things you didn't know about during the mapping process. Revisit your baseline data when your mapping is complete and make adjustments where needed.

2.4 Enter your baseline data

Duration: One hour

  1. Navigate to tab "3. Baseline Data" in the IT Spend & Staffing Transparency Workbook. Using the data you've gathered, enter the following information to set your baseline data for future calculations:
    1. Your IT spend analysis date range. This can be concrete dates, a fiscal year abbreviation, etc.
    2. The currency you will be using throughout the workbook. It's important that all monetary values entered are in the same currency.
    3. Your organization's total revenue and total operating expenditure (OpEx) for the spend analysis data range you've specified. Revenue includes all sources of funding/income.
    4. Your total IT OpEx and total IT capital expenditure (CapEx). The workbook will add your OpEx and CapEx values for you to arrive at a total IT spend value.
    5. Total IT spend for the year prior to the current IT spend analysis date range, as well as anticipated total IT spend for the year following.
    6. Total IT staff spend (salaries, benefits, training, travel, and fees for employees and contractors in a staff augmentation role) for the spend analysis date range.
    7. The total number of organizational employees and total number of IT employees. These are typically full-time equivalent (FTE) values and include contractors in a staff augmentation role.
  2. Make note of any issues that have influenced the values you entered.

Download the IT Spend & Staffing Transparency Workbook

2.4 Enter your baseline data

InputOutput
  • Cleaned and organized spend and staffing data and information
  • Finalized baseline data for deriving spend metrics
MaterialsParticipants
  • IT Spend & Staffing Transparency Workbook
  • Head of IT
  • IT financial lead

Phase 2: Gather required data

Achievement summary

You've now completed all preparation steps for your IT spend transparency journey. You have:

  • Gathered your IT spend and staffing data and information.
  • Cleaned and organized your data to streamline mapping.
  • Identified your baseline data points.

"As an IT person, you're not speaking the same language at all as the accounting department. There's almost always a session of education that's required first."
- Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group

Phase 3

Map Your IT Staff Spend

This phase will walk you through the following activities:

  • Mapping your IT staff spend across the four views of the ITFM Cost Model
  • Validating your mapping

This phase involves the following participants:

  • Head of IT
  • IT financial lead
  • Other members of IT management

Phase 3: Map your IT staff spend

Allocate your workforce costs across the four views.

Now it's time to tackle the first part of your hands-on spend mapping effort, namely IT staff spend. In this phase you will:

  • Allocate your IT staff spend across the four views of the ITFM Cost Model.
  • Validate your mapping to ensure that it's accurate and complete.

"We're working towards the truth. We know the answer, but it's how to get it. Take Data & BI. For some organizations, four FTEs is too many. Are these people really doing Data & BI? Look at the big picture and see if something's missing."
- Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

Staffing costs comprise a significant percent of OpEx

Staffing is the first thing that comes to mind when it comes to spend. Intentionally bring it out of the shadows to promote constructive conversations.

  • Total staffing costs stand out from other IT spend line items. This is because they're comparatively large, often comprising 30-50% of total IT costs.
  • Standing out comes at a price. Staff costs are where business leadership looks first if they want cuts. If IT leadership doesn't bring forward ways to cut staffing costs as part of a broader cost-cutting mandate, it will be seen as ignorant of business priorities at best and outright insubordinate at worst.
  • Staffing costs as a percentage of total costs vary between IT functions. On the business side, there's a lack of understanding about what functions IT staff serve and support and the real-world costs of obtaining (and keeping) needed IT skills. For example, IT security staffing costs as a percentage of that service's total OpEx will likely be higher than service desk staff given the scarcity and higher market value of the former. Trimming 20% of IT staffing costs from the IT security function has much different implications than cutting 20% of service desk staffing costs.

Staffing spend transparency can do a lot to change the conversation from one where the business thinks that IT management is just being self-protecting to one where they know that IT management is actually protecting the business.

Demonstrating the legitimate reasons behind IT staff spend is critical in both rationalizing past and current spend decisions as well as informing future decisions.

Info-Tech recommends that you map your IT staffing costs before all other IT costs

Mapping your IT staffing spend first is a good idea because:

  • Staffing costs are usually documented more clearly, simply, and accurately than other IT costs.
  • Gathering all your IT staffing data is usually a one-stop shop (i.e. the HR department).
  • The comparative straightforwardness of mapping staff costs compared to other IT costs gives you the opportunity to:
    • Get familiar with the ITFM Cost Model views and categories.
    • Get the hang of the hands-on mapping process.
    • Determine the kinds of speed bumps and questions you'll encounter down the road when you tackle the more complicated mappings.

"Some companies will say software developer. Others say application development specialist or engineer. What are these things? You have to have conversations ..."
- Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

Understand the CFO Expense View: "Workforce" categories defined

For the staffing spend mapping exercise, we're defining the Workforce category here and will offer Vendor category definitions in the vendor spend mapping exercise later.

Workforce: The total costs of employing labor in the IT organization. This includes all salary/wages, benefits, travel/training, dues and memberships, and contractor pay. Managed services expenses associated with an external service provider should be excluded from Workforce and included in Contract Services.

Employee: A person employed by the IT organization on a permanent full-time or part-time basis. Costs include salary, benefits, training, travel and expenses, and professional dues and memberships. These relationships are managed under human resources and the bulk of spend transactions via payroll processes.

Contractor: A person serving in a non-permanent staff augmentation role. These relationships are typically managed under procurement or finance and spend transactions handled via invoicing and accounts payable processes. Labor costs associated with an external service provider are excluded.

CFO Expense View

Mapping your IT staff across the CFO Expense View is relatively cut-and-dried

The CFO Expense View is the most straightforward in terms of mapping IT staffing costs as it's made up of only two main categories: Workforce and Vendor.

In the CFO Expense View, all IT spend on staffing is allocated to the Workforce bucket under either Employee or Contractor.

What constitutes a Contractor can be confusing given increased use of long-term labor augmentation strategies, so being absolutely clear about this is imperative. For spend mapping purposes:

  • Any staff members under independent contract where individuals are paid directly by your organization as opposed to indirectly via a service provider (e.g. staffing firm) are considered Workforce > Contractor.
  • Any circumstances where you pay a third-party organization for labor is slotted under Vendor > Contract Services.

CFO Expense View

Understand the CIO Service View: Categories defined

We've provided definitions for the major categories that require clarification.

Applications Development: Purchase/development, testing, and deployment of application projects. Includes internally developed or packaged solutions.

Applications Maintenance: Software maintenance fees or maintaining current application functionality along with minor enhancements.

Hosting & Networks: Compute, storage, and network functionality for running/hosting applications and providing communications/connectivity for the organization.

End User: Procurement, provision, management, and maintenance (break/fix) of end-user devices (desktop, laptops, tablets, peripherals, and phones) as well as purchase/support and use of productivity software on these devices. The IT service desk is included here as well.

PPM & Projects: People, processes, and technologies dedicated to the management of IT projects and the IT project portfolio as a whole.

Data & BI: Strategy and oversight of the technology used to support data warehousing, business intelligence, and analytics.

IT Management: Senior IT leadership, IT finance, IT strategy and governance, enterprise architecture, process management, vendor management, talent management, and program and portfolio management oversight.

Security: Information security strategy and oversight, practices, procedures, compliance, and risk mitigation to protect and prevent unauthorized access to organizational data and technology assets.

CIO Service View

Mapping your IT staff across the CIO Service View is a slightly harder exercise

The complexity of mapping staff across this view depends on how your IT department is organized and the degree of role specialization vs. generalization.

The CIO Service View mirrors how many IT departments are organized into teams or work groups. However, some partial percentage-based allocations are probably required, especially for smaller IT units with more generalized, cross-functional roles. For example:

  • A systems administrator's costs may need to be allocated 80% to Hosting & Networks and 20% to Security.
  • An app development team lead may spend about 40% of their time doing hands-on Development work and the other 60% on project management (i.e. PPM & Projects).

Info-Tech has found that allocating staffing costs for Data & BI raises the most doubts as it can be very entangled with Applications and other spend. Do the best you can.

Understand the CXO Expense View: Categories defined

Expand shared services and industry function categories as suits your organization.

Industry Functions: As listed and defined by you for your specific industry.

Human Resources: IT staff and specific application functionality in support of organizational human resource management.

Finance & Accounting: IT staff and specific application functionality in support of corporate finance and accounting.

Shared Services Other: IT staff and specific application functionality in support of all other shared enterprise functions.

Information Technology: IT staff and specific application functionality in support of IT performing its own internal IT operations functions.

Industry Other: IT staff and specific application functionality in support of all other industry-specific functions.

CXO Expense View

Mapping your IT staff across the CXO Business View warrants the most time

This view is probably the most difficult as many IT department roles are set up according to lines of IT service, not lines of business. Prepare to do a little math.

The CXO Expense View also requires percentage-based splitting of role spend, but to a greater extent.

  • Start by mapping staff cost allocations for those roles that are at, or close to, 100% dedicated to a specific business function (if any).
  • For IT roles that support organization-wide or multi-department functions, knowing the percent of employees that work in each relevant business unit and parceling IT staff spend by those same percentages may be easiest. For example, a general systems administrator's costs could be allocated as 4% to HR, 2% to finance, 25% to sales, 20% to production operations, and so on based on the percentage of employees in each of the supported business units.

Take a minute to figure out how you plan to map IT's indirect CXO Business View costs

Direct IT costs are those that are dedicated to a specific business unit or user group, such a marketing campaign management app, specialized devices used by a specific subset of workers in the field, or a business analyst embedded full-time in a sales organization.

VS

Indirect IT costs are pretty much everything else that's shared broadly across the organization and can't be tied to just one stakeholder or user group, such as network infrastructure, the service desk, and office productivity apps. These costs must be fairly and evenly distributed.

No indirect mapping method is perfect, but here's a suggestion:

  • Take the respective headcount of all business functions sharing the IT resource/service in question.
  • Calculate each business function's staff as a percentage of all organizational staff.
  • Use this same percent of staff to calculate and allocate a business function's indirect staff and indirect vendor costs.

"There is always a conversation about indirect allocations. There's never been an organization I've heard of or worked for which has been able to allocate every technology cost directly to a business consumption or business unit."
Monica Braun, ITFM Research Director, Info-Tech Research Group

Example:

  • A company of 560 employees has six HR staff (about 1.1% of total staff).
  • Network admin staffing costs $143,000, so $1,573 (1.1%) would be allocated to HR.
  • Internet services cost $40,000, so $440 (1.1%) would be allocated to HR.

Some indirect costs are shared by multiple business functions, but not all. In these cases, exclude non-participating business functions from the total number of organizational employees and re-calculate a new percent of staff for each participating business function.

Know where you're most likely to encounter direct vs. indirect IT staffing costs

Info-Tech has found that direct vs. indirect staffing spend is more commonly found in some areas than others. Use this insight to focus your work.

Direct IT staffing spend

Definition: Individuals or teams whose total time is formally dedicated to the support of one business unit/function.

  • Data & BI (direct to one non-IT unit)
  • IT Management (direct to IT)
    • Service planning & Architecture
    • Strategy & Governance
    • Financial Management
    • People & Resources

Hybrid IT staffing spend

Definition: Teams with a percent of time or entire FTEs formally dedicated to one business unit/function while the remainder of the time or team is generalized.

  • Applications
    • Applications Development
    • Applications Maintenance
  • IT Management
    • PPM & Projects

Indirect IT staffing spend

Definition: Individuals or teams whose total time is generalized to the support of multiple or all business units or functions.

  • Infrastructure
    • Hosting & Networks
    • End Users
  • Security

Indirect staff spend only comes into play in the CXO Business View. Thoroughly map the CIO Service View first and leverage its outcomes to inform your allocations to individual business and industry functions.

Understand the CEO Innovation View: Categories defined

Be particularly clear on your understanding of the difference between business growth and business innovation.

Business Innovation: IT spend/ activities focused on the development of new business capability, new products and services, and/or introduction of existing products/ services into new markets. It does not include expansion or update of existing capabilities.

Business Growth: IT spend/activities focused on the expansion, scaling, or modernization of an existing business capability, product/service, or market. This is specifically related to growth within a current market.

Keep the Lights On: IT spend/activities focused on keeping the organization running on a day-to-day basis. This includes all activities used to ensure the smooth operation of business functions and overall business continuity.

CEO Innovation View

Important Note

Info-Tech analysts often skip mapping staff for the CEO Innovation View when delivering the IT Spend & Staffing Benchmarking Service.

This is because, for many organizations, either most IT staff spend is allocated to Keep the Lights On or any IT staff allocation to Business Growth and Business Innovation activities is untracked, undocumented, and difficult to parse out.

Mapping your IT staff across the CEO Innovation View is largely straightforward

Clear divisions between CapEx and OpEx can be your friend when it comes to mapping this view. Focus your efforts on parsing growth vs. innovation.

  • The majority of IT staff costs are OpEx: And the majority of OpEx will land in the Keep the Lights On category. This is a comparatively simple mapping exercise. Know in advance that this will be the largest of the three buckets in the CEO Innovation View by a very wide margin, so don't be surprised if over 90% of IT staffing costs end up here.
  • Most of the remaining IT staff costs will be tied to capital projects and investments: This means that they will land in either Business Growth or Business Innovation, with the majority typically sitting under Business Growth. Again, don't be surprised if the Business Innovation category holds less than 3% of total IT staffing spend.

Take your IT staff spend mapping to the next level with detailed time and headcount data

Overlay a broader assessment of your IT staff

Info-Tech's IT Staffing Assessment diagnostic can expand your view of what's really happening on the staffing front.

  • Learn your true distribution of IT staff across the same IT services listed in the ITFM Cost Model's CIO Service View.
  • Get other metrics such as degrees of seniority, manager span of control, and IT staff perception of their effectiveness.

Take action

  1. Set it up: Contact your Info-Tech Account Manager and sign your team up to take the diagnostic.
  2. Assess the findings: Review the output report, specifically how your staff says they spend their time versus what your organization chart's been telling you.
  3. Apply the percentages: Use the FTE allocation percentages in the output report to guide how you distribute your staff spend across the CIO Service View.
  4. Expand your analysis: Use your staff's feedback around perceived aids and obstacles to effectiveness in order to inform and defend your recommendations and decisions on how IT funds should be spent.

Consider these final tips for mapping your IT staffing costs before diving in

Mapping your IT staffing costs definitely requires some work. However, knowing the common stumbling blocks and being systematic will yield the best results.

Approach: Be efficient to be effective

Start with what you know best: Map the CFO Expense View first to plug in information you already have. Next, map the CIO Service View since it's most aligned to your organization chart.

Keep a list of questions: You'll need to seek clarifications. Note your questions, but don't reach out until you've done a first pass at the mapping - don't annoy people with a barrage of questions.

Delegate: Your managers and leads have a more accurate view of exactly what their staff do. Consider delegating the CIO Service View and CXO Business View to them or turn the mapping exercise into a series of collaborative leadership team activities.

Biggest challenge: Role/title ambiguity

  • The Business Analyst role is often vague. These staffers are often jacks-of-all-trades in IT. You probably can't rely on a generic job description to figure out exactly which services and business functions BAs are spending their time on. Plan to ask a lot of questions.
  • Other role titles may be completely inaccurate. Is the word "system" referring to apps, infrastructure, or both? Is the user experience specialist actually a programmer? Is a manager really managing anything? Know your organization's tendencies around meaningful job titling and set your workload expectations accordingly.

Key step - validate! If you see services or functions with low or no allocation, or something just doesn't look right, investigate. Someone's doing that work - take the time to figure out who.

3.1 Map your IT staffing costs

Duration: Variable

  1. Navigate to tab "4. Staff Spend Mapping" in the IT Spend & Staffing Transparency Workbook. On one row, enter the name of an individual or group to be mapped, their role/title (if an individual), and their total known cost as per your collected data.
  2. Under the CFO Expense View (columns F-G), enter the number of FTEs represented by the individual or group named and their status (i.e. Employee or Contractor).
  3. Under the CIO Service View (columns L-AF), allocate the individual or group's spend as a percentage across all service categories. If the allocation for a service is 0%, leave the cell blank.
  4. Under the CXO Business View (columns AI-BA), allocate the individual or group's spend as a percentage across all business function and industry-specific function categories. If the allocation for a function is 0%, leave the cell blank.
  5. Under the CEO Innovation View (columns BD-BH), allocate the individual or group's spend as a percentage across Business Innovation, Business Growth, and Keep the Lights On. If the allocation for an investment type is 0%, leave the cell blank.
  6. Repeat steps 2 to 5 for all other IT staff (as individuals or groups).
  7. Follow up on and resolve any additional inquiries you need to make based on questions that arose during the mapping process.
  8. Validate your mapping by:
    1. Identifying spend categories that have zero staff spend allocation. Additional percentage allocation splits for certain roles are probably required.
    2. Investigating spend categories that seem to have very high or very low spend allocations based on a gut check. Again, double-check your percentage allocation splits.
    3. Ensuring your amounts add up to your previously calculated total IT staff spend. A balance tracker is provided on tab "6. Tracker & General Outputs" of the IT Spend & Staffing Transparency Workbook.

Download the IT Spend & Staffing Transparency Workbook

3.1 Map your staffing costs

Input Output
  • Cleaned and organized IT staffing data and information
  • Finalized mapping of IT staff spend across the four views of the ITFM Cost Model
Materials Participants
  • IT Spend & Staffing Transparency Workbook
  • Head of IT
  • IT financial lead
  • Other IT management as required

Phase 3: Map your IT staff spend

Achievement summary

You've now completed your IT staff spend mapping. You have:

  • Allocated your IT staff spend across the four views of the ITFM Cost Model.
  • Validated your mapping to ensure it's accurate and complete.

"Some want to allocate everybody to IT, but that's not how we do it. [In one CXO Business View mapping], a client allocated all their sand network people to the IT department. At the end of the process, the IT department itself accounted for 20% of total IT spend. We went back and reallocated those indirect staff costs across the business."
- Kennedy Confurius, Research Analyst, ITFM Practice, Info-Tech Research Group

Phase 4

Map Your IT Vendor Spend

This phase will walk you through the following activities:

  • Mapping your IT vendor spend across the four views of the ITFM Cost Model
  • Validating your mapping

This phase involves the following participants:

  • Head of IT
  • IT financial lead
  • Other members of IT management

Phase 4: Map your IT vendor spend

Allocate your vendor costs across the four views.

Now you're ready to take on the second part of your spend mapping, namely IT vendor spend. In this phase you will:

  • Allocate your IT vendor spend across the four views of the ITFM Cost Model.
  • Validate your mapping to ensure it's accurate and complete.

"[One CIO] said that all technology spend runs through their IT group. But they didn't have hardware in their financial data file - no cellphones or laptops, no network or server expenses. They thought they had everything, but they didn't know what they didn't have. Assume it's out there somewhere."
- Kennedy Confurius, Research Analyst, ITFM Practice, Info-Tech Research Group

Tackle the non-staff side of IT spend

Info-Tech analysts find that mapping the IT vendor spend data is harder because the source data is often scattered and not meaningfully labeled.

  • Be patient and systematic. As with mapping your IT staff spend data, the more organized you are from the outset and the more thoroughly you've prepared your data, the more straightforward the exercise will be.
    • Did you "un-unique" your data? If not, do that now before attempting mapping.
  • Get comfortable with making some assumptions. You need to get through the exercise, so sometimes making a best guess and entering a value is better than diving down a rabbit hole. Your gut is probably right anyway. But only make assumptions around smaller line items that don't have a massive impact on your final numbers. Never assume anything when it comes to big-ticket items.
  • Curb your urge to fix. Some of your buckets will start to get big, while others will barely budge. This is normal ... and interesting! Resist the urge to "balance" staffing spend in a bucket by loading it with apps and hardware for fear that the staffing spend looks too high and will be questioned. This exercise is about how things are, not how they look.

"A common financial data problem is no vendor names. I've noticed that, even if the vendor name is there, there are no descriptors. You cannot actually tell what type of service it is. Data security? Infrastructure? Networking? Ask yourself 'What did we purchase and what does it do?'"
- Aman Kumari, Research Specialist, ITFM Practice, Info-Tech Research Group

Understand the CFO Expense View: Vendor categories defined

These are the final definitions for this view. See the previous section for CFO Expense View > Workforce definitions used in the IT staffing cost mapping exercise.

Vendor: Provider of a good or service in exchange for payment.

Hardware: Costs of procuring, maintaining, and managing all IT hardware, including end-user devices, data center and networking equipment, cabling, and hybrid appliances for both on-premises and cloud-based providers.

Software: Costs for all software (applications, database, middleware, utilities, tools) used across the organization. This includes purchase, maintenance, and licensing costs.

Contract Services: Costs for all third-party services including managed service providers, consultants, and advisory services.

Cloud: Offsite hosting and delivery of an on-demand software or hardware computing function by a third-party provider, often on a subscription-type basis.

On-Prem: On-site hosting and delivery of a software or hardware computing function, often requiring upfront purchase cost and subsequent maintenance costs.

Managed Services: Costs for outsourcing the provision and maintenance of a technical process or function.

Consulting & Advisory: Costs for the third-party provision of professional or technical advice and expertise.

CFO Expense View

Know if a technology is cloud-based or on-premises before mapping

A technology may be one, the other, or both if multiple versions are in play. Financial records rarely indicate which, but on-premises vs. cloud matters in your planning.

On-Premises

  • Check your CapEx. Any net-new purchases of software or hardware for the IT spend analysis year in question should appear on the CapEx side of the equation. After the first year of implementation/rollout, all ongoing maintenance and management costs should be found under OpEx.
  • Focus on real in-year costs.
    • Don't try to map depreciation or amortization associated with CapEX. Instead, map any upfront purchase costs that occurred in the relevant IT spend analysis year.
    • Map any OpEX costs incurred from maintenance and management. For multi-year maintenance contracts, apply the percentage of fees paid for the relevant year.

Cloud

  • Check your OpEx. Cloud services are typically fee-based, which means the costs often come in the form of regularly timed bills akin to a subscription.
  • Differentiate new services from older ones. If the cloud service was initiated during the IT spend analysis year in question, there may be some one-time service setup and initiation fees that were legitimately slotted under CapEx. If the cloud service isn't new, then all costs should be OpEx.

Vendors are increasingly "retiring" on-premises software products. This means an older version may be on-prem, a newer one cloud, and you may have both in play.

Mapping built-in data, analytics, and security functions can raise doubts

With so many apps focused on capturing, manipulating, and protecting data, built-in analytics, reporting, and security functions blur CIO Service View bucket boundaries.

Applications vs. Data & BI

  • In recent years, much more powerful analysis and report-generation features have been added to core enterprise applications. If analytics and reporting functionality is an extended feature of a database-driven application, such as ERP or CRM, then map it to one of the Applications buckets.
  • If the sole purpose of the application is to store, manipulate, query, analyze, and/or visualize data, then log its costs under Data & BI. These would include technologies such as data warehouses, marts, cubes, and lakes; desktop data visualization tools; enterprise business intelligence platforms; and specialized reporting tools.

Applications vs. Security

  • A similar conundrum exists for Security. So many tools today have built-in security functionality that cannot be unintegrated from the app they support. Don't even try to isolate native security functionality for spend mapping purposes - map it to Applications.
  • If the tool is a special-purpose, standalone security tool or security platform, then map it to Security. These tools usually sit within, and are used/managed by, IT. They include firewalls; antivirus/anti-malware; intrusion prevention, detection and response; access control and authentication; encryption; and penetration testing and vulnerability assessment.

Putting spend in the right bucket does matter. However, if uncertainty persists, err on the side of consistency. For most organizations Applications Maintenance does end up being the biggest bucket.

When mapping the CXO Business View, do the biggest vendors first

Below is a suggested order of operations to clear through the majority of vendor spend as early as possible in the process.

1 Sort high to low Sort your list of vendor spend from highest to lowest. Your top 20 vendors should constitute most of the spend.
2 Map multi-department enterprise apps Flag your top apps vendors that have presence in most or all of your business units. Map these first. These tend to be enterprise-level business apps "owned" by core business functions but used broadly across the organization such as enterprise resource planning (ERP), customer relationship management (CRM), and people management systems.
3 Map end-user spend Identify top vendors of general end-user technologies like office productivity apps, desktop hardware, and IT service desk tools. Allocate percentages according to your selected indirect spend mapping method.
4 Map core infrastructure spend Map the behind-the-scenes network, telecom, and data center technologies that underpin IT, plus any infrastructure managed services. Again, apply your selected indirect spend mapping method.
5 Map business-unit specific technologies This is the spend that's often incurred by just one department. This may also be technology spend that's out in the business, not in IT proper. Map it to the right business function or put it in Business Other or Industry Other if the business function doesn't have its own bucket.
6 Map the miscellaneous Only smaller spend items likely remain at this point. When in doubt, map them to either Business Other or Industry Other.

After mapping the CXO Business View, your Other buckets might be getting a bit big

It's common for the Business Other and Industry Other categories to be quite large, and even the largest. This is okay, but plan to dig deeper and understand why.

Remember "when in doubt, map to either the Business Other or Industry Other category"? Know what large Other buckets might really be telling you. After your first pass at mapping the CXO Business View, review Business Other and Industry Other if either is more than about 10% of your total spend.
Diversification: Your organization has a wide array of business functions and/or associated staff that exist outside the core business and industry-specific categories selected. Are there minor business functions that can reasonably be included with the core categories identified? If not, don't force it. Better to keep your core buckets clean and uncomplicated.
Non-core monolith: There's a significant technology installation outside the core that's associated with a comparatively minor business function. Is there a business function incurring substantial technology spend that should probably be broken out on its own and added to the core? If so, do it. Spend is unlikely to get smaller as the organization grows, so best to shine a light on it now.
Shadow IT: There's significant technology spend in several areas of the organization that is unowned, unmanaged, or serving an unknown purpose as far as IT is concerned. Is a lot of the spend non-IT technology in the business? If yes, flag it and plan to learn more. It's likely that technologies living elsewhere in the organization will become IT concerns eventually. Better to be ready than to be surprised.

As with staffing, CapEx vs. OpEx helps map the CEO Innovation View

Mapping to this view was optional for IT staffing. For hard technology vendor spend, mapping this view is key. Use the guidance below to determine what goes where.

Keep the Lights On
Spend usually triggered by a service deck ticket or work order, not a formal project. Includes:

  • Daily maintenance and management.
  • Repair or upgrade of existing technology to preserve business function/continuity.
  • Purchase of "commodity" technology, such as standard-issue laptops and licenses for office productivity software.

Business Growth
Spend usually in the context of a formal project under a CapEx umbrella. Includes:

  • Technology spend that directly supports business expansion of an existing product or service and/or market.
  • Modernizing existing technology.
  • Extension of, or investment in, existing infrastructure to ensure reliability and availability in response to growth-driven scaling of headcount and utilization.

Business Innovation
Spend is always in the context of a formal project and should be 100% CapEx in the first year after purchase. Includes:

  • Technology spend that directly supports development and rollout of new products or service and/or entry into new markets.
  • Use of existing technology or investment in net-new technology in direct support of a new business initiative, direction, or requirement.

In many organizations, most technology spend will be allocated to Keep the Lights On. This is normal but should generate conversations with the business about redirecting funds to growth and innovation.

Remember these top tips when mapping your technology vendor spend

The benefits of having tidy and organized data can't be overstated, as your source data will be in a more varied state for this phase of the mapping than with IT staffing data.

Approach: Move from macro to micro

  • Start with the big enterprise apps: These will probably be in the top five of your vendor spend list and will likely have good info about how and by whom they're used. Get them out of the way.
  • Clear out shared technologies. This will feature infrastructure and operations plus office productivity and communications spend. Portioning spend by department headcount for the CXO Business View is the hardest part. Get this forklift task out of the way too.
  • Don't sweat the small stuff. Wasting hours chasing the details of a $500 line item isn't worth it when you have five-, six-, or even seven-figure line items to map.

Biggest challenge: Poor vendor labeling

  • Vendor labels are often an inconsistent mess or missing entirely. Standardize and apply consistent vendor labels throughout your data so that you can aggregate your data into a workable form.
  • Spend transactions with the same vendor can be scattered all over the place in your general ledger. Take the time to "un-unique" your data to save yourself tremendous grief later on.
  • Start new go-forward labeling habits. Talk to finance about your new list of vendor naming standards and tagging spend as on-prem or cloud. Getting their cooperation with these are major wins.

Key step - validate! If you see services or functions with low or no allocation, or something just doesn't look right, investigate. There's probably a technology out there in the business doing that work.

4.1 Map your IT vendor spend

Duration: Variable

  1. Navigate to tab "5. Vendor Spend Mapping" in the IT Spend & Staffing Transparency Workbook. On one row, enter a spend line item (vendor, product, etc.), a brief description, and the known amount of spend.
  2. Under the CFO Expense View (columns F-P), allocate the line item's spend as a percentage across all asset-class categories. If the allocation for a line item is 0%, leave the cell blank.
  3. Under the CIO Service View (columns S-AM), allocate the line item's spend as a percentage across all service categories. If the allocation for a service is 0%, leave the cell blank.
  4. Under the CXO Business View (columns AP-BH), allocate the line item's spend as a percentage across all business function and industry-specific function categories. If the allocation for a function is 0%, leave the cell blank.
  5. Under the CEO Innovation View (columns BK-BO), allocate the line item's spend as a percentage across Business Innovation, Business Growth, and Keep the Lights On. If the allocation for an investment type is 0%, leave the cell blank.
  6. Repeat steps 2-5 for all spend line items.
  7. Follow up on and resolve any additional inquiries you need to make based on questions that arose during the mapping process.
  8. Validate your mapping by:
    1. Ensuring your amounts add up to your previously calculated total IT vendor spend. A balance tracker is provided on tab "6. Tracker & General Outputs" of the IT Spend & Staffing Transparency Workbook.
    2. Identifying spend categories that have zero spend allocation. Additional percentage allocation splits for certain line items are probably required.
    3. Investigating spend categories that seem to have very high or very low spend allocations based on a gut check. Again, double-check your percentage allocation splits.

Download the IT Spend & Staffing Transparency Workbook

4.1 Map your IT vendor spend

InputOutput
  • Cleaned and organized IT vendor spend data and information
  • Finalized mapping of IT vendor spend across the four views of the IT Cost Model
MaterialsParticipants
  • IT Spend & Staffing Transparency Workbook
  • Head of IT
  • IT financial lead
  • Other IT management as required

Phase 4: Map your IT vendor spend

Achievement summary

You've now completed your IT vendor spend mapping. You have:

  • Allocated your IT vendor spend across the four views of the ITFM Cost Model.
  • Validated your mapping to ensure it's accurate and complete.

"A lot of organizations log their spending by vendor name with no description of the goods or services they actually purchased from the vendor. It could be hardware, software, consulting services ... anything. Having a clear understanding of what's really in there is an essential aspect of the spend conversation."
- Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

Phase 5

Identify Implications for IT

This phase will walk you through the following activities:

  • Analyzing the results of your IT staff and vendor spend mapping across the four views of the ITFM Cost Model
  • Preparing an executive presentation of your transparent IT spend

This phase involves the following participants:

  • Head of IT
  • IT financial lead
  • Other members of IT management

Phase 5: Identify implications for IT

Analyze and communicate.

You're now nearing the end of the first leg in your IT spend transparency journey. In this phase you will:

  • Analyze the results of your IT spend mapping process.
  • Revisit your transparency objectives.
  • Prepare an executive presentation so you can share findings with other leaders in your organization.

"Don't plug in numbers just to make yourself look good or please someone else. The only way to improve is to look at real life."
- Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

You've mapped your IT spend data. Now what?

With mapped data in hand, now you can start to tell IT's spend story with stakeholders in the business.

Mapping your IT spend is a lot of work, but what you've achieved is impressive (applause!) as well as essential for growing your ITFM maturity. Now put your hard work to work.

  • Consider benchmarking. While not covered in-depth here, benchmarking against yourself in a year-over-year approach as well as against external industry peers are very useful exercises in your technology spend analysis.
  • Review your numbers and graphs. Your IT Spend & Staffing Transparency Workbook contains a series of data visualizations that will help you see the big picture as well as relationships between spend categories.
  • Note the very big numbers, the very small numbers, and the things that just look odd. You'll want to investigate and understand these further.
  • Prepare to communicate. Facilitating conversations with stakeholders in the business is the immediate objective of the IT spend and staffing transparency exercise. Decide where and with whom you want to start dialogue.

The slides that follow show sample data summaries and visualizations generated in the IT Spend & Staffing Transparency Workbook. We'll take a look at the metrics, tables, and graphs you now have available to you post-mapping and how you can potentially use them in conversations with different IT stakeholders.

Evaluate how you might use benchmarks before diving into your analysis

Benchmarking can be a useful input for contextualizing and interpreting your IT spend data. It's not essential at this point but should be part of your ITFM toolkit.

There are two basic types of benchmarking ...

Internal: Capturing a current-state set of data about an in-house operation to serve as a baseline. Over time, snapshots of the same data are taken and compared to the baseline to track and assess changes. Common uses for internal benchmarking include:

  • Assessing the impact of a project or initiative.
  • Measuring year-over-year performance.

External: Seeking out aggregated, current-state data about a peer-group operation to assess your own relative status or performance on the same operation. Common uses for external benchmarking include:

  • Understanding common practices in the industry.
  • Strategic and operational visioning, planning, and goal-setting.
  • Putting together a business case for change or investment.

Both types of benchmarking benefit from some formality and rigor. Info-Tech can help you stand up an ITFM benchmarking approach as well as connect you with actual IT spend peer benchmarks via our IT Spend & Staffing Benchmarking service.

5.1 Analyze the results of your IT spend mapping

Duration: Variable

  1. Review the guidance slides that follow the two instruction slides for this exercise to provide yourself with a grounding on how to interpret and analyze your mapped IT staff and vendor spend data.
  2. Systematically review the data tables and graphs on the "Outputs" tabs 6 through 10 in the IT Spend & Staffing Transparency Workbook. There are several approaches you can take - use the one that works best for you. For example:
    1. Review each view in its entirety, one at a time.
    2. Review all workforce spend collectively across all four views, followed by all vendor spend across all four views (or vice versa).
  3. Make note of any spend values that are comparatively high or low or strike you as odd or worth further investigation.
  4. Craft a series of spend-related questions you want to answer for yourself and your stakeholders using the data.
    1. For example, you need to cut costs and apps maintenance is high. Your question could be, "Can we cut costs on applications maintenance staffing?"
    2. Alternatively, you can develop a series of statements (research hypotheses) that you seek to prove true or false with the data. This approach is useful for testing assumptions you've been making. For example, "We can cut spending on applications maintenance staff. True or false?"
  5. Use the template provided on tab "11. Data Analysis" in the IT Spend & Staffing Transparency Workbook to document your findings and conclusions, along with the data that supports them.

Download the IT Spend & Staffing Transparency Workbook

5.1 Analyze the results of your IT spend mapping

InputOutput
  • Tabular and graphical data outputs
  • Conclusions and potential actions about IT staff and vendor spend
MaterialsParticipants
  • IT Spend & Staffing Transparency Workbook
  • Head of IT
  • IT financial lead
  • Other IT management as required

High-level findings: Use these IT spend metrics to review and set big picture goals

Think of these metrics as key anchors in your long-term strategic planning efforts.

Use IT spend metrics to review and set big goals

It's common for the business to want a sacrifice in IT OpEx in favor of CapEx

CapEx and OpEx approval mechanisms are often entirely separate. Different tax treatment for CapEx means that it's usually preferred by the business over OpEx.

OpEx is often seen as a sunk cost (i.e. an IT problem).

  • Barring a major decision or event, OpEx on an individual item will generally trend upward over time, often by a few percent every year, in lockstep with inflation and growth in organizational headcount.
  • A good portion of OpEx, however, is necessary for basic business continuity.

CapEx is usually seen as investment (i.e. a business growth opportunity).

  • CapEx behaves quite differently than OpEx. On-the-books capitalized spend on an individual asset tends to trend downward over time due to depreciation or amortization.
  • CapEx only tends to go up when a net-new capital project is initiated, and organizations often have more control over if, when, and how this spend happens.

Break down the OpEx/CapEx wall. Reference OpEx whenever you talk about CapEx. The best way to do this is via Total Cost of Ownership (TCO).

  • Present data on long-term OpEx projections whenever a new capital project is proposed and ensure ongoing maintenance funds are secured.
  • Educate your CFO about the impact of the cloud on OpEx. See if internal OpEx/CapEx ratio expectations can be adjusted to reflect this reality.

Spend by asset class offers the CFO a visual illustration of where the money's really gone

The major spend categories should look very familiar to your CFO. It's the minor sub-categories that sit underneath where you ultimately want to drive the conversation.

Traditional categories don't reflect IT reality anymore.

  • Most finance departments have "software" accounts that contain apples and oranges, plus other dissimilar fruit.
  • Software isn't just software anymore. Now it's on-premises (CapEx) or cloud (OpEx). The same distinction applies to traditional hardware due to the advent of managed services.
  • The basic categories traditionally used to tag IT spend are out of date. This makes it hard for IT to have meaningful conversations with the CFO since they're not working from the same glossary.

"Software (on-premises)" and "hardware (cloud)" are more meaningful descriptors than "software" and "hardware." Shift the dialogue.

Start the migration from major categories to minor categories.

  • Still give the CFO the traditional major categories they're looking for but start including minor category breakdowns into your communications. Most importantly, have a meeting to explain what these minor categories are and why they're important to managing IT effectively.
  • Next, see if the CFO can formally split on-premises vs. cloud software on the books as a first step in making IT spend tracking more meaningful.

Employees vs. contractors warrants a specific conversation, plus a change in mindset

IT leaders often find it easier to get approval for contracted labor than to hire a permanent employee. However, the true value proposition for contractors does vary.

The decision to go with permanent employees or contractors depends on your ultimate goals.

  • Contractors tend to be less expensive and provide more flexibility when adjusting to changing business needs. However, contractors may be less dedicated and take their skills and knowledge with them when they leave.
  • Permanent employees bring additional costs like benefits and training. Plus, letting them go is a lot more complicated. However, they can also bring real value in a way a contractor can't when it comes to sustaining long-term strategic growth. They're assets in themselves.

Far too often, labor-sourcing decisions are driven by controlling near-term costs instead of generating and sustaining long-term value.

Introduce the cost-to-value ratio to your workforce spend conversations.

  • Your mapped data will allow you to talk about comparative headcount and spend. This is a financial conversation devoid of context.
  • Go beyond. Show how workforce spend has allowed stated goals to be achieved while controlling for costs. This is the true definition of value.

CFO Expense View: Shift the ITFM conversation

Now that you've mapped your IT spend data to the CFO Expense View, there are some questions you're better equipped to answer, namely:

  • How should I classify my IT costs?
  • What information should I include in my plans and reports?
  • How do I justify current spend?
  • How do I justify a budget increase?

You now have:

  • A starting point for educating the CFO about IT spend realities.
  • A foundation for creating a shared glossary of terms that works for both IT and the finance department and facilitates more meaningful conversations.
  • Proof that there are major areas of IT spend, such as cloud software, that are distinctive and probably warrant their own financial category in the general ledger.
  • A transparent record of IT spend that shows that you understand and care about financial issues, fostering the goodwill and trust that facilitates investment in IT.
  • A starting point to change the ITFM conversation with the CFO from one focused on cost to one focused on value.

Exactly how is IT spending all that money we give them?

Exactly like this ...

Chart of the CFO Expense View

The CIO Service View aligns with how IT organizes and manages itself – this is your view

The data mapped here is a critical input for IT's service planning and management program and should be integrated into your IT performance measurement activities.

Major service categories: These values give a high-level snapshot of your general IT service spend priorities. In most organizations, Applications dominates, making it a focus for cost optimization.

Minor service categories: The level of granularity for these values prove more practical when measuring performance and making service management decisions - not too big, not too small. While not reflected in this example, application maintenance is usually the largest relative consumer of IT spend in most organizations.

Data & BI and security: Isolating the exact spend for these services is challenging given that they're often entangled in applications and infrastructure spend respectively, and separate spend tracking for both is a comparatively recent practice.

Table of CIO Service View

Check the alignment of individual service spend against known business objectives

Some IT services are taken for granted by the business, while others are virtually invisible. This lack of visibility often translates into funding misalignments.

Is the amount of spend on a given service in parallel with the service's overall importance?

  • Though often unstated, ensuring continuity of basic business operations is always the top priority. This means business apps, core infrastructure, end users, and security need to be appropriately funded - these should collectively comprise the majority of IT service spend.
  • Strategy-supporting IT services, like data & BI, see high investment variability between organizations. If its strategic role/importance doesn't align with spend, flag it as an issue you'll need to reconcile with the business by increasing funding (important) or reducing service levels (unimportant).
  • The strategic importance of IT as a whole is often reflected in the spend on IT management services. If spend is low, IT's probably seen as a support function, not a strategic one.

Identify the hot spots and pick your battles.

  • Spend levels are just approximate gauges of where and how the business is willing to spend its money. Start with this simple gut check.
  • Noting the areas of importance vs. spend misalignment will help you identify where negotiations with the business should probably happen.

A mature IT cost optimization practice is often approached from the service perspective

When optimizing IT costs, you have two OpEx levers to pull - vendor spend and staff spend. Isolating these two sources of IT service spend will help shortlist your options.

It's all about how much room you have to move.

  • Any decision made about how a service is provisioned will push vendor and staff spend in clear, predictable, and often opposite directions (e.g. in-house and people-intensive services tend to see higher staff spend, while outsourced and tech-intensive services higher vendor spend).
  • Service levels required by the business should be the driving factor behind service design and spend decisions. High service spend may reflect priority but may also indicate it's over-built and is ripe for a cost-optimization treatment.
  • Service spend is a useful barometer for tracking the financial impact of any changes made to IT. Add simple unit-cost metrics like "service spend per organizational employee" and "service spend per FTE assigned to the service" to see if and how the dial has moved over time.

Grow your IT service management practice.

  • The real power of the CIO Service View is laying the groundwork for next-level IT service management initiatives like developing a service catalog, negotiating service-level agreements, rolling out chargeback and showback mechanisms, and calculating IT's value to the business.
  • Use service spend as a common denominator for both your IT service management and IT performance management programs. Better yet, integrate the two programs to ensure a single version of the truth.

CIO Service View: Optimize your cost-to-value ratio

Now that you've mapped your IT spend data to the CIO Service View, there are some questions you're better equipped to answer, namely:

  • What's the impact of cloud adoption on speed of delivery?
  • Where can I improve spend efficiency?
  • Is my support model optimized?
  • How does our spend compare to others?

You now have:

  • Data that shows the financial impact of change decisions on service costs.
  • Insight into the relationship between vendor spend and staff spend within a given IT service.
  • The information you need to start developing service unit costing mechanisms.
  • A tool for setting and right-sizing service-level agreements with the business.
  • A more focused starting point for investigating IT cost-optimization opportunities.
  • A baseline for benchmarking common IT services against your peers.

Does the amount we spend on each IT service make sense?

We have some good opportunities for optimization ...

Chart of CIO Service View

The CXO Business View will spur conversations that may have never happened before

This view is a potential game changer as previously unknown technology spend is often revealed, triggering change in IT's relationship with business unit leaders.

Table of CXO Business View

The big beneficiaries of IT spend will leap out

The CXO Business View mapping does have a "shock and awe" quality to it given large spend disparities. They may be totally legitimate, but they're still eye-catching.

Share information, don't push recommendations.

  • Have a series of one-on-one meetings with business unit leaders to present these numbers.
    • Approach initial meetings as information-sharing sessions only. The data is probably new to them, and they'll need time to reflect and ask questions.
    • Bring a list of the big-ticket spend items for that business unit to focus the conversation.
  • Present these numbers at a broader leadership meeting.
    • It's critical for everyone to hear the same truth and learn about each other's technology needs and uses.
    • This is where recommendations for better aligning IT spend with business goals and cost-optimization strategies should surface. A group approach will bring technology haves and have-nots into the open, as well as provide a forum for collaborative solutioning.

If possible, slice the numbers by business unit headcount.

  • IT spend per business unit employee is an attention-getting metric that can help gain entry to important conversations.
  • Comparing per-employee spend across different business functions is not necessarily an apples-to-apples comparison, as units like HR may have few employees but serve the entire organization. Bring up these kinds of differences to provide context and avoid misinterpretations.

Questions will arise in how you calculated and allocated indirect IT spend

IT spend for things like core infrastructure and end-user services must be distributed fairly across multiple or all business units. Be prepared to explain your methods.

Be transparent in your transparency.

  • Distributing indirect spend is imprecise by nature. You can't account for every unique circumstance. However, you can devise a logic-driven, general approach that's defensible, fair, and works for most people most of the time.
  • Lay out your assumptions from the start. This is an important part of communicating transparently and can prevent unwanted descent into weedy rabbit holes.
    • List what you classified as indirect spend. Use the CFO Expense View and/or CIO Service View categories to aid your presentation of this information.
    • Point out known circumstances that didn't fit your general allocation method and how you handled them. Opting to ignore minor anomalies is reasonable but be sure to tell business unit leaders you did this and why.

Use questions about indirect IT staff spend distribution to engage stakeholders.

  • As a percentage, the indirect IT staff spend allocation to a specific business unit may be higher than that for IT vendor spend since IT staff tend to operate more generally than the technologies they support.
  • Leverage any pushback about indirect spend as an opportunity to engage the broader business leadership group. Let them arrive at a consensus of how they want it done and confirm buy-in.

CXO Business View: Bring the truth to light

Now that you've mapped your IT spend data to the CXO Business View, there are some questions you're better equipped to answer, namely:

  • Which business units consume the most IT resources?
  • Which business units are underserved by IT?
  • How do I best communicate spend data internally?
  • Where do I need better business sponsorship for IT projects?

You now have:

  • A reason-based accounting of direct and indirect amounts spent on IT vendors and staff in support of each major business unit.
  • Insight into the technology haves and have-nots in your organization and where opportunities to optimize costs may exist.
  • Attention-getting numbers that will help you engage business-unit leaders in meaningful conversations about their use of IT resources and the value they receive.
  • A mechanism to assess if a business unit's consumption of IT is appropriate and aligned with its purpose and mandate in the organization.
  • A list of previously unknown business-side technologies that IT will investigate further.

Why doesn't my business unit get more support from IT?

Let's look at how you compare to the other departments ...

Chart of the CXO Business View

From the CEO's high-level perspective, IT spend is a collection of distinct financial islands

From IT's perspective, these islands are intimately connected, with events on one affecting what happens (or doesn't) on another. Focus on the bridges.

Table of CEO High-level Perspective

Focus more on unifying the view of technology spend than on the numbers

When talking to the CEO, seek to build mutual understanding and encourage a holistic approach to the organization's technology spend.

Use the numbers to get to the real issues.

  • Clarify with the CEO what business innovation, business growth, and KTLO means to them and the role each plays in the organization's strategic and operational plans.
  • Find out the role they think IT, and technology as a whole, has in realizing business plans. Only then can you look at the relative allocation of IT spend with them to see if the aspiration aligns with reality.
  • Eventually, you'll need to discuss expectations around who pays the bills for operationally supporting capital technology investments over the long-term (i.e. IT or the business units that actually want and use it). You'll have concrete examples of business projects that consumed IT operations resources without a corresponding increase in IT's OpEx budget.

Focus your KTLO spend conversation on risk and trade-off.

  • Every strategic conversation needs to look at the impact on ongoing operations. Every discussion about CapEx needs to investigate the long-term repercussions for OpEx. Look at the whole tech spend picture.
  • Use risk to get KTLO/OpEx into the conversation. Be straightforward (i.e. "If we do/don't do this, then we can/can't do that"). Simply put, mitigating the risks that get in the way of having it all usually requires spending.

CEO Innovation View: Learn what's really expected of IT

Now that you've mapped your IT spend data to the CEO Innovation View, there are some questions you're better equipped to answer, namely:

  • Why is KTLO spend so high?
  • What should our operational spend priorities be?
  • Which projects and investments should we prioritize?
  • Are we spending enough on innovative initiatives?

You now have:

  • A holistic, organization-wide view of total technology spend in support of different investment types, namely business innovation, business growth, and keeping things up and running.
  • Data-driven examples that prove the impact of near-term capital spend on long-term operational expenses and the intimate relationship between the two types of spend.
  • A way to measure the degree of alignment between the innovation and growth goals the organization has and how money is actually being spent to realize those goals.
  • A platform to discuss how technology investment decision-making and governance can work better to realize organizational mandates and goals.

I know what IT costs us, but what is it really worth?

Here's how tech spend directly supports business objectives ...

Chart of CEO Innovation View

Revisit your IT spend transparency objectives before crafting your executive presentation

Go back to exercise 1.1 to remind yourself why you undertook this effort in the first place, clear your head of all that data, and refocus on the big picture.

Review the real problems and issues you need to address and the key stakeholders.
This will guide what data you focus on or showcase with other business leaders. For example, if IT OpEx is perceived as high, be prepared to examine the CapEx/OpEx ratio as well as cloud-related spend's impact on OpEx.

Flag ITFM processes you'll develop as part of your ITFM maturity improvement plan.
You won't become a TCO math expert overnight, but being able to communicate your awareness of and commitment to developing and applying ITFM capabilities helps build confidence in you and the information you're presenting.

Use your first big presentation to debut ITFM.
ITFM as a formal practice and the changes you hope to make may be a novel concept for your business peers. Use your newfound IT spend and staffing transparency to gently wade into the topic instead of going for the deep dive.

Now it's time to present your transparent IT spend and staffing data to your executive

Pull out of analysis mode. You're starting to tell the IT spend story, and this is just the first chapter. Introduce your cast of characters and pique your audience's interest.

The goal of this first presentation is to showcase IT spend in general and make sure that everyone's getting the same information as everyone else.

Go broad, not deep
Defer any in-depth examinations until after you're sure you have everyone's attention. Only dive deep when you're ready to talk about specific plans via follow-up sessions.

Focus on the CXO
Given your audience, the CXO Business View may be the most interesting for them and will trigger the most questions and discussion. Plan to spend the largest chunk of your time here.

Avoid judgment
Let the numbers speak for themselves. Do point out what's high and what's low, but don't offer your opinion about whether it's good or bad. Let your audience draw their own conclusions.

Ask for impressions
Education and awareness are primary objectives. What comes up will give a good indication of what's known, what's news, who's interested, and where there's work to do.

Pick a starting point
Ask what they see as high-priority areas for both optimizing IT costs as well as improving the organization's approach to making IT spend decisions in general.

What to include in your presentation ...

  • Purpose: Why you did the IT spend and staffing transparency exercise.
  • Method: The models and processes you used to map the data.
  • Data: Charts from the IT Spend & Staffing Transparency Workbook.
  • Feedback: Space for your audience to voice their thoughts.
  • Next steps: Discussion and summary of actions to come.

5.2 Develop an executive presentation

Duration: Two hours

  1. Download the IT Staff & Spend Executive Presentation Template.
  2. Copy and paste the IT spend output tables and graphs into the template. (Note: Pasting as an image will preserve formatting.)
  3. Incorporate observations and insights about your analysis of your IT spend metrics.
  4. Conduct an internal review of the final presentation to ensure it includes all the elements you need and is error free.
  5. Book time to make your presentation to the executive team. Plan time after the presentation to field questions, engage in follow-up information sessions, and act on feedback.

Note: Refer to your organization's standards and norms for executive-level presentations and either adapt the Info-Tech template accordingly or use your own.

Input Output
  • Tabular and graphical data outputs in the IT Spend & Staffing Transparency Workbook
  • Executive presentation summarizing your organization's actual IT spend
Materials Participants
  • IT Spend & Staffing Transparency Workbook
  • IT Staff & Spend Executive Presentation Template
  • CIO/IT directors
  • IT financial lead
  • Other IT management

Download the IT Spend & Staffing Transparency Executive Presentation TemplateTemplate

Phase 5: Identify implications for IT

Achievement summary

You've done the hard part in starting your IT spend transparency journey. You have:

  • Analyzed the results of your IT spend mapping process.
  • Revisited your transparency objectives.
  • Prepared an executive presentation so you can share findings with other leaders in your organization.

"Having internal conversations, especially if there is doubt, allows for accuracy and confidence in your model. I was showing someone the cost of a service he managed. He didn't believe the service was so expensive. We went through it: here are the people we allocated, the assets we allocated, and the software we allocated. It was right - that was the total cost. He was like, 'No way. Wow.' The costs were high, and the transparency is what allowed for a conversation on cost optimization."
- Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

Next Steps

Achieve IT Spend & Staffing Transparency

This final section will provide you with:

  • An overall summary of accomplishment
  • Recommended next steps
  • A list of contributors to this research
  • Some related Info-Tech resources to help you grow your ITFM practice

Summary of Accomplishment

Congratulations! You now have a fully transparent view of your IT spend.

You've now mapped the entirety of technology spend in your organization. You've:

  1. Learned the key sources of spend data and information in your organization.
  2. Set some standards for data organization and labeling.
  3. Have a methodology for continuing to track and document spend in a transparent way.
  4. Crafted an executive presentation that's a first step in having more meaningful and constructive conversations about IT spend with your key stakeholders.

What's next?

With a reliable baseline, you can look forward to more informed and defensible IT budgeting and cost optimization. Use your newly-transparent IT spend as a foundation for improving your financial data hygiene in the near term and evolving your overall ITFM governance maturity in the long-term.

If you would like additional support, have our analysts guide you through an Info-Tech full-service engagement or Guided Implementation.

Contact your account representative for more information.

1-888-670-8889

Research Contributors and Experts

Monica Braun, Research Director, ITFM Practice

Monica Braun
Research Director, ITFM Practice
Info-Tech Research Group

Dave Kish, Practice Lead, ITFM Practice

Dave Kish
Practice Lead, ITFM Practice
Info-Tech Research Group

Kennedy Confurius, Research Analyst, ITFM Practice

Kennedy Confurius
Research Analyst, ITFM Practice
Info-Tech Research Group

Aman Kumari, Research Specialist, ITFM Practice

Aman Kumari
Research Specialist, ITFM Practice
Info-Tech Research Group

Rex Ding, Research Specialist, ITFM Practice

Rex Ding
Research Specialist, ITFM Practice
Info-Tech Research Group

Angie Reynolds, Principal Research Director, ITFM Practice

Angie Reynolds
Principal Research Director, ITFM Practice
Info-Tech Research Group

Related Info-Tech Research

Build Your IT Cost Optimization Roadmap

  • Cost optimization often doesn't go beyond the cutting part, but cutting costs isn't strategic - it's reactive and can easily result in mistakes.
  • True cost optimization is much more than this. Re-focus your efforts on optimizing your cost-to-value ratio and implementing a sustainable cost-optimization practice.

Build an IT Budget

  • Budgetary approval is difficult because finance executives have a limited understanding of IT and use a different vocabulary.
  • Detailed budgets must be constructed in a way that is transparent but at a level of appropriate detail in order to limit complexity and confusion.

Manage an IT Budget

  • No one likes to be over budget, but being under budget isn't necessarily good either.
  • Implement a budget management process that documents your planned budget and actual expenditures, tracks variances, and responds to those variances to stay on track.
  • Control for under- or overspending using Info Tech's budget management tool and tactics.

APPENDIX

Sample shared business services

Sample industry-specific business services

Sample shared business functions

Business function Definition
Human Resources The management of the recruitment, training, development, appraisal, compensation/reward, retention, and departure of employees in an organization. Does not include management of subcontractor or outsourced relationships.
Finance and Accounting The management and analysis of an organization's revenue, funds, spend, investments, financial transactions, accounts, and financial statements. Often includes enterprise asset management.
Procurement and Supplier Management Acquiring materials, goods, and services from an external party, including identifying potential suppliers/providers, managing tendering or bidding processes, negotiating terms and agreements, and managing the relationship with the vendor/provider.
Information Technology The development, management, and optimization of information technology resources and systems over their lifecycle in support of an organization's work priorities and goals. Includes computer-based information and communication systems, but typically excludes industrial operational technologies.
Legal Expertise in interpretation, implication, and application of legislation and regulation that affects the enterprise, including guidance and support in the areas of risk, contracting, compliance, ownership, and litigation.
Regulatory Affairs and Compliance Management Identification, operationalization, monitoring, reporting, and enforcement of the standards, rules, codes, and laws that apply to an organization's operating environment and the products and services it offers.
Sales Transactional provision of a product or service to a buyer at an agreed-upon price. Includes identifying and developing prospective buyers, presenting and explaining the product/service, overcoming prospect objections and concerns to purchase, negotiating terms, developing contracts, and billing or invoicing.
Customer Service and Support A range of activities designed to optimize the customer experience with an organization and its products and services throughout the customer lifecycle with the goals of retaining the customer; encouraging additional spend or consumption; the customer positively influencing other potential customers; and minimizing financial and reputational business risks.
Marketing and Advertising Understanding customer/prospect needs, developing strategies to meet those needs, and promotion of the organization's products/services to a target market via a range of channels to maximize revenue, membership, donations, and/or develop the organization's brand or reputation. Includes market research and analysis and promotion, campaign, and brand management.

Sample industry-specific functions

Supply chain and capital-intensive industries.

Industry function Definition
Product Innovation Research, design, development, and launch of new products, including the engineering of their underlying production processes.
Product and Service Portfolio Management The management of an organization's collection of products and services, including management of the product/service roadmap; product/service portfolio and catalog; product/service quality and performance; and product/service pricing, bundling and markdown.
Logistics and Supply Chain Management Sourcing raw materials or component parts needed and shipping of a finished product. Includes demand planning; procurement/supplier management; inventory management; yard management; allocation management; fulfillment and replenishment; and product distribution and delivery.
Production Operations Manufacture, storage, and tracking of a product and ensuring product and production process quality. Includes operations management, materials management, quality/safety control, packaging management, and management of the tools, equipment, and technologies that support it.
Architecture & Engineering The design and planning of structures or critical infrastructure systems according to scientific, functional, and aesthetic principles.
Construction New construction, assembly, or alteration of buildings and critical infrastructure (e.g. transportation systems; telecommunications systems; utilities generation/transmission/distribution facilities and systems). Includes management of all construction project plans and the people, materials, and equipment required to execute.
Real Estate Management Management of any residential, commercial, or industrial real estate holdings (land and buildings), including any financial dealings such as its purchase, sale, transfer, and rental as well as ongoing maintenance and repair of associated infrastructure and capital assets.

Sample industry-specific functions

Financial services and insurance industries.

Industry function Definition
Core Banking Services Includes ATM management; account management (opening, deposit/withdrawal, interest calculation, overdraft management, closing); payments processing; funds transfers; foreign currency exchange; cash management.
Loan, Mortgage, and Credit Services Includes application, adjudication, and approval; facility; disbursement/card issuance; authorization management; merchant services; interest calculation; billing/payment; debt/collections management.
Investment and Wealth Management Processes for the investment of premiums/monies received from policy holders/customers to generate wealth. Often two-pronged: internal investment to fund claim payout in the case of insurance, and customer-facing investment as a financial service (e.g. retirement planning/annuities). Includes product development and management, investment management, safety deposit box services, trust management services.
Actuarial Analysis & Policy Creation Development of new policy products based on analysis of past losses and patterns, forecasts of financial risks, and assessment of potential profitability (i.e. actuarial science). These processes also include development of rate schedules (pricing) and the reserves that the insurer needs to have available for potential claim payouts.
Underwriting & Policy Administration Processes for assessing risk of a potential policy holder; determining whether to insure them or not; setting the premiums the policy holder must pay; and administering the policy over the course of its lifecycle (including updates and billing).
Claims Processing & Claims Management Processes for receiving, investigating, evaluating, approving/denying, and disbursing a claim payout. This process is unique to the insurance industry. In health insurance, ongoing case management processes need to be considered here whereby the insurer monitors and approves patient treatments over a long-term basis to ensure that the treatments are both necessary and beneficial.

Sample industry-specific functions

Healthcare industry

Industry function Definition
Patient Intake & Admissions Processes whereby key pieces of information about a patient are registered, updated, or confirmed with the healthcare provider in order to access healthcare services. Includes patient triage, intake management, and admissions management. These processes are generally administrative in nature.
Patient Diagnosis A range of methods for determining the medical condition a patient has in order to provide appropriate care or treatment. Includes examination, consultation, testing, and diagnostic imaging.
Patient Treatment The range of medical procedures, methods, and interventions to mitigate, relieve, or cure a patient's symptom, injury, disease, or other medical condition. Includes consultation and referral; treatment and care planning; medical procedure management; nursing and personal support; medicine management; trauma management; diet and nutrition management; and patient transportation.
Patient Recovery & Ongoing Care Processes and methods for tracking the progress of a patient post-treatment; improving their health outcomes; restoring, maintaining, or improving their quality of life; and discharging or transferring them to other providers. Includes remote monitoring of vital parameters, physical therapy, post-trauma care, and a range of restorative and lifestyle modification programs.

Sample industry-specific functions

Gaming and hospitality industries

Industry function Definition
Accommodation Short-term lodging in hotel facilities. Includes management and maintenance of guest rooms and common spaces, amenities (e.g. swimming pool), and other related services (e.g. valet parking).
Gaming Includes table wagering games and gambling activities such as slot machines or any other activity that includes on premises mobile casino gaming.
Food & Beverage Services Food and beverages prepared, served, or available for sale by the hotel on the hotel premises via restaurants and bars and room service. Excludes catering (see Events Management) and management or operation of independent leased food and beverage establishments located on the hotel premises.
Entertainment & Events Planning, coordination, and on-premises hosting of events including conferences, conventions, trade shows, parties, ceremonies and live entertainment, and other forms of recreation on the hotel premises. Includes all aspects of entertainment operations, facility management and catering for the event.

Customer Service Management Software Selection Guide

  • Buy Link or Shortcode: {j2store}530|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Customer Relationship Management
  • Parent Category Link: /customer-relationship-management
  • The business is unaware of cross-selling opportunities across multiple product lines.
  • Customer service staff attrition rates continue to be high, creating longer response delays for voice channels.
  • Customer service responses are reactive in nature, reinforcing a poor culture for customer experience.

Our Advice

Critical Insight

  • After-sales customer service is critical for creating, maintaining, and growing customer relationships. Organizations that fail to provide adequate service will be ill positioned for future customer service and sales efforts.
  • Shift left toward delivering predictive service instead of reactive service to enhance customer experiences.
  • Ensure your key performance indicators accurately reflect the incentives you want to give your customer support staff for delivering appropriate customer service.

Impact and Result

  • Determine your organization’s customer service maturity (and thus if a standalone CSM tool is relevant).
  • Understand key trends and differentiating features in the CSM marketspace.
  • Evaluate major vendors in the CSM marketspace to discover the best-fitting provider.

Customer Service Management Software Selection Guide Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Customer Service Management Software Selection Guide – A guide to walk you through the process of selecting CSM software.

This trends and buyer’s guide will help you:

  • Customer Service Management Software Selection Guide Storyboard

2. CSM Platform RFP Template – A template to provide vendors with a detailed account of the requirements and the expected capabilities of the desired suite.

Create your own request for proposal (RFP) for your customer service management suite procurement process by customizing Info-Tech's RFP template.

  • CSM Platform RFP Template

3. CSM Platform Opportunity Assessment Tool – A tool to assess whether a CSM solution is right for your organization.

Use this tool to assess your maturity and fit for a CSM solution. It will help identify your current CSM state and assist with the decision to move forward with a new solution or augment certain features.

  • CSM Platform Opportunity Assessment Tool

4. Software Selection Workbook – A workbook to document your progress as your select software.

Keep stakeholders engaged with simple and friction-free templates to document your progress for Rapid Application Selection.

  • The Software Selection Workbook

5. Vendor Evaluation Workbook – A workbook to assess vendor capabilities and compare vendors.

Leverage a traceable and straightforward Vendor Evaluation Workbook to narrow the field of potential vendors and accelerate the application selection process.

  • The Vendor Evaluation Workbook

6. CSM Platform RFP Scoring Tool – A tool to support your business in objectively evaluating the CSM vendors being considered for procurement.

Create an objective and fair scoring process to evaluate the RFPs and demonstrations provided by shortlisted vendors. Within this framework, provide a multidimensional evaluation that analyzes the solution's functional capabilities, architecture, costs, service support, and overall suitability in comparison to the organization's expressed requirements.

  • CSM Platform RFP Scoring Tool

7. CSM Platform Vendor Demo Script Template – A template to support your business’ evaluation of vendors and their solutions with an effective demonstration.

Create an organized and streamlined vendor demonstration process by clearly outlining your expectations for the demo. Use the demo as an opportunity to ensure that capabilities expressed by vendors are actually present within the considered solution.

  • CSM Platform Vendor Demo Script Template
[infographic]

Further reading

Customer Service Management Software Selection

Market trends and buyer’s guide

Analyst Perspective

The pandemic and growing younger demographic have shifted the terrain of customer service delivery. Customer service management (CSM) tools ensure organizations enhance customer acquisition, customer retention, and overall revenues into the future.

It is one thing to research customer service best practices; it is another to experience such service. Whether being put on hold for an hour with a telecommunications company, encountering voice biometric security with a bank, or receiving automated FAQs from a chatbot, we all perform our own primary research in customer service by going about our daily lives. Yet while the pandemic required a shift to this multichannel and digital assistant environment (to account for ongoing agent attrition), this trend was actually just accelerated. A growing younger demographic now prefers online communication channels to voice. Social media (whichever the platform) is a fundamental part of this demographic’s online presence and has instigated the need for customer service delivery to meet customers where they are – for both damage control and enhancing customer relationships.

Organizations delivering customer service across multiple product lines need to examine what delivery channels they need to satisfy customers, alongside assessing how customer loyalty and cross-selling can increase revenues and company reputation. Customer service management tools can assist and enable the future state.

Thomas Randall, Ph.D., Research Director

Thomas Randall, Ph.D.
Research Director, Info-Tech Research Group

Executive Summary

Your Challenge Common Obstacles Info-Tech’s Solution
  • The business is unaware of cross-selling opportunities across multiple product lines.
  • Customer service staff attrition rates continue to be high, creating longer response delays for voice channels.
  • Customer service responses are reactive in nature, reinforcing a poor culture for customer experience.
  • It is not clear if a CSM tool would resolve the business’ challenges or if a better-fitting technology solution is preferable (such as a customer relationship management add-on).
  • The business does not know its customer service maturity well enough to assess the feasibility of adopting a CSM tool.
This trends and buyer’s guide will help you:
  1. Determine your organization’s customer service maturity (and thus if a standalone CSM tool is relevant).
  2. Understand key trends and differentiating features in the CSM marketspace.
  3. Evaluate major vendors in the CSM marketspace to discover the best-fitting provider.

The objective at the end of the day is to have a single interface that the front-line staff interacts with. I think that is the holy grail when we look at CSM technology. The objective that everyone has in mind is we'd all like to get to one screen and one window. Ultimately, the end game really hasn't changed: How can we make it easy for the agents and how can we minimize their errors? How can we streamline the process so they can work?
Colin Taylor, CEO, The Taylor Reach Group

Customer service management tools form an integral part of your CXM technology portfolio

Customer service management tools are an integral part of CXM

Info-Tech’s methodology for selecting the right CSM platform

1. Contextualize the CSM Landscape 2. Select the Right CSM Vendor
Phase Steps
  1. Define CSM tools.
  2. Explore CSM trends.
  3. Understand if CSM tools are a good fit for your organization.
  1. Build the business case.
  2. Streamline requirements elicitation for CSM.
  3. Construct the request for proposal (RFP)/vendor evaluation workbook.
Phase Outcomes
  1. Consensus on scope of CSM and key CSM capabilities
  2. Identify your customer service maturity and use for CSM tools
  1. CSM business case
  2. High-value use cases and requirements
  3. CSM RFP/vendor evaluation workbook

Info-Tech Insight
Need help constructing your RFP? Use Info-Tech’s CSM Platform RFP Template!

Guided Implementation

What does a typical GI on this topic look like?

Phase 1 Phase 2

Call #1: Discover if CSM tools are right for your organization. Understand what a CSM platform is and discover the “art of the possible.”

Call #2: Identify right-sized vendors and build the business case to select a CSM platform.

Call #3: Define your key CSM requirements.

Call #4: Build procurement items, such as an RFP and demo script.

Call #5: Evaluate vendors and perform final due diligence.

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

The CSM selection process should be broken into segments:

  1. CSM vendor shortlisting with this buyer’s guide
  2. Structured approach to selection
  3. Contract review

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit Guided Implementation Workshop Consulting
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to his the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options

Software Selection Engagement

Five Advisory Calls Over a Five-Week Period to Accelerate Your Selection Process

Expert analyst guidance over five weeks on average to select and negotiate software

Save money, align stakeholders, speed up the process, and make better decisions

Use a repeatable, formal methodology to improve your application selection process

Better, faster results, guaranteed, included in membership

Five advisory calls over a five week period to accelerate your selection process

Book Your Selection Engagement

Software Selection Workshops

40 Hours of Advisory Assistance Delivered Online

Select Better Software, Faster

40 hours of expert analyst guidance

Project & stakeholder management assistance

Save money, align stakeholders, speed up the process, and make better decisions

Better, faster results, guaranteed, $25,000 standard engagement fee

Software selection workshops

Book Your Workshop Engagement

Customer Service Management (CSM) Software

Phase 1: Contextualize the CSM Landscape

Receive and resolve after-sales requests within a unified CSM platform

MULTIPLE CHANNELS
Customers may resolve their issues via a variety of channels, including voice, SMS, email, social media, and live webchat.
KNOWLEDGE BASE
Provide a knowledge base for FAQs that is both customer facing (via customer portal) and agent facing (for live resolutions).
ANALYTICS
Track customer satisfaction, agent performances, ticket resolutions, backlogs, traffic analysis, and other key performance indicators (KPIs).
COLLABORATION
Enable agents to escalate and collaborate within a unified platform (e.g. tagging colleagues to flag a relevant customer query).

Info-Tech Insight
After-sales customer service is critical for creating, maintaining, and growing customer relationships. Organizations that fail to provide adequate service will be poorly positioned for future customer service and sales efforts.

Identify your differentiating CSM requirements that align to your use cases

INTEGRATIONS
Note what integrations are available for your contact center, CRM, or industry-specific solutions (e.g. inventory management) to get the most out of CSM.

SENTIMENT ANALYSIS
Reads, contextualizes, and categorizes tickets by sentiment (e.g. “positive”) before escalating to an appropriate agent.

AUTO-RESPONSE EDITOR
Built-in AI provides prewritten responses or auto-pulls the relevant knowledge article, assisting agents with speed to resolution.

ATTRIBUTES-BASED ROUTING
Learns over time how best to route tickets to appropriate agents based on skills, availability, or proximity of an agent (e.g. multilingual, local, or specialist agents).

AUTOMATED WORKFLOWS
CSM tool providers have varying usability for workflow building and enablement. Ensure your use cases align.

TICKET PRIORITIZATION
Adapts and prioritizes customer issues by service-level agreement (SLA), priority, and severity according to inputted KPIs.

Good technology will not fix a bad process. I don't care how good the technology is. If the use case is wrong and the process is wrong, it's not going to work.
Colin Taylor, CEO
The Taylor Reach Group

Leverage CSM tools to shift left toward predictive customer service

Real-time Pre-event Post-event
Channel example: Notifications via SMS or social media. Channel example: Notifications via SMS or social media. Channel example: Working with an agent or live chatbot. Channel example: Working with an agent or live chatbot.
“Your car may need a check-up for faulty parts.” “Here is a local garage to fix your tire pressure.” “I see you have poor tire pressure. Here is a local garage.” “Thank you for your patience, how can we help?”
Predictive Service
The CSM recommends mitigation options to the customer before the issue occurs and before the customer knows they need it.
Proactive Service
The issue occurs but the CSM recommends mitigation options to the customer before the customer contacts the organization.
Real-Time Service
The organization offers real-time mitigation options while working with the customer to resolve the issue.
Reactive Service
The customer approaches the organization after the issue occurs, but the organization has no insight into the event.

Selecting a CSM tool should form part of your broader CXM strategy

Organizations should ask whether they need a standalone CSM solution or a CSM as part of a broader suite of CXM tools. The latter is especially relevant if your organization already invests in a CXM platform.

Matrix of CMS tools as part of CXM strategy

CSM tools are best-suited for organizations with high product and service complexity

Customer Service Complexity

Low complexity refers to primarily transactional inquiries. High complexity refers to service workflows for symptom analysis, problem identification, and solution delivery.

Product Complexity

High complexity refers to having a large number of brands and individual SKUs, technologically complex products, and products with many add-ons.

A matrix showing that a standalone CSM tool is best where customer service complexity and product complexity are both high.

Info-Tech Insight
Use Info-Tech’s CSM Platform Opportunity Assessment Tool to discover your organization’s customer service maturity.

Activity: Discover your customer service maturity

30 minutes

  1. Complete the CSM Platform Opportunity Assessment Tool.
  2. Evaluate your result and document whether a CSM business case is warranted (or if a separate technology selection process is needed).
Input Output
  • Understanding of the current state and how complex the organization’s product line and help desk support are
  • Ranking of the importance of each decision point
  • Assessment results that provide a high-level view of whether your organization’s product and customer service complexity warrant a standalone CSM tool
Materials Participants
  • CSM Platform Opportunity Assessment Tool
  • Shared screen or projection
  • Customer support analyst(s)
  • Infrastructure and Operations lead(s)
  • Representative customer support staff
  • Product management analyst(s)

Download the CSM Platform Opportunity Assessment Tool

Finalize whether your organization is well positioned to leverage CSM tools

Bypass Adopt
Monochannel approach
You do not participate in multichannel campaigns or your customer personas are typically limited to one or two channels (e.g. voice or SMS).
Multichannel approach
You are pursuing multifaceted, customer-specific campaigns across a multitude of channels.
Small to mid-sized business with small CX team
Do not buy what you do not need. Focus on the foundations of customer experience (CX) first before extending into a full-fledged CSM tool.
Maturing CX department
Customer service needs are extending into managing budgets, generating and segmenting leads, and measuring channel effectiveness.
Limited product range
CSM tools typically gain return on investment (ROI) if the organization has a complex product range and is looking to increase cross-sell opportunities across different customer personas.
Multiple product lines
Customer base and product lines are large enough to engage in opportunities for cross- and up-selling.

Case Study

AkzoNobel

INDUSTRY
Retail

SOURCE
Sprinklr (2021)

Use CSM tools to unify the multichannel experience and reduce response time.

Challenge Solution Results
AzkoNobel is a leading global paints and coatings company. AzkoNobel had 60+ fragmented customer service accounts on social media for multiple brands. There was little consistency in customer experience and agent responses. Moreover, the customer journey was not being tracked, resulting in lost opportunities for cross-selling across brands. The result: slow response times (up to one week) and unsatisfied customers, leaving the AzkoNobel brand in a vulnerable state.

AkzoNobel leveraged Sprinklr, a customer experience software provider, to unify six social channels, 19 accounts, and six brands. Sprinklr aligned governance across social media channels with AzkoNobel’s strategic business goals, emphasizing the need for process, increasing revenue, and streamlining customer service.

AzkoNobel was able to use keywords from customers’ inbound messaging to put an escalation process in place.

Since bringing on Sprinklr in 2015-2016, unifying customer service channels under one multichannel platform resulted in:

  • 172% increase in customer engagement.
  • 133% increase in post comments.
  • 80% reduced response times.
  • 47% of inquiries answered within five minutes.
  • $18,500 added revenues via social media responses.

How it got here: The birth of CSM tools

CSM developed alongside the telephone and call center, rather than customer relationship management platforms.

1920s 1950s 1967-1973 1980-1990s 2000-2010s
The introduction of lines of credit and growth of household appliance innovations meant households were buying products at an unprecedented rate. Department stores would set up customer service sections to assist with live fixes or returns. Following the Great Depression and World War II, process, efficiency, and computational technology became defining features of customer service. These features were played out in call centers as automatic call distribution (ACD) technology began to scale. With the development of private automatic branch exchange (PABX), AT&T introduced the toll-free telephone number. Companies began training staff and departments for customer service and building loyalty. With the development of interactive voice response (IVR) in 1973, call centers became increasingly more efficient at routing. Analog technology shifted to digital and the term “contact center” was coined. These centers began being outsourced internationally. With the advent of the internet, CSM technology (in the early guise of a “help desk”) became equipped with computer telephony integration (CTI). Software as a service (SaaS) and CRM maturation strengthened the retention and organization of customer data. Social media also enhanced consumer power as companies rushed to prevent online embarrassment. This prompted investment in multichannel customer service.

Where it’s going: The future of CSM tools lies in predictive analytics

The capabilities below are available today but will mature over the next few years. Use the roadmap as a guide for your year of implementation.

2023
Go mobile first
85% of customers believe a company’s mobile website should be just as good as its desktop website. Enabling user-friendly mobile websites provides an effective channel to keep inbound calls down.

2024
Shift from multichannel to omnichannel
Integrating CSM tools with your broader CXM suite enables customer data to seamlessly travel between channels for an omnichannel experience.

2025
Enable predictive service
CSM tools integrate with Internet of Things (IoT) systems to provide automated notifications that alert staff of issues and mitigate issues with customers before the issue even occurs.

2026
Leverage predictive analytics for ML use cases
Use customers’ historic data and preferences to perform better automated customer service over time (e.g. providing personalized resolutions based on previous customer engagements).

Context and scenario play a huge role in measuring good customer service. Ensure your KPIs accurately reflect the incentives you want to give your customer support staff for delivering appropriate customer service.
David Thomas, Customer Service Specialist
Freedom Mobile
(Reve Chat, 2022)

Key trends in CSM technology

As predictive analytics matures, organizations are making use of CSM tools’ ability to enhance personalization, improve their social media response times, and enable self-service.

BIOMETRICS
65% of customers say they would accept voice recognition to authorize their identity when calling a customer support line (GetApp, 2021).

PERSONALIZATION
51% of marketers, advocating for personalization across multiple touchpoints saw 300% ROI (KoMarketing, 2020).

SOCIAL MEDIA
29% of customers aged 18 to 39 prefer online chat communication before and after purchase (RingCentral, 2020).

SELF-SERVICE
92% of customers say they would use a knowledge base for self-service support if it was available (Vanilla, 2020).

Customer Service Management (CSM) Software

Phase 2: Select the Right CSM Vendor

Conduct a business impact assessment to document the case for CSM tool selection

Business Opportunity
Determine high-level understanding of the need that must be addressed, along with the project goals and affiliated key metrics. Establish KPIs to measure project success.

System Diagram
Determine the impact on the application portfolio and where integration is necessary.

Risks
Identify potential blockers and risk factors that will impede selection.

High-Level Requirements
Consider the business functions and processes affected.

People Impact
Confirm who will be affected by the output of the technology selection.

Overall Business Case
Calculate the ROI and the financial implications of the application selection. Highlight the overarching value.

Activity: Build the business case

2 hours

  1. Access the Business Impact Assessment within the Software Selection Workbook (linked below). Store the assessment in a shared folder (such as in SharePoint, OneDrive, or Google Drive).
  2. Set aside two hours (does not need to be all at once) to ensure the selection team aligns with the unifying rationale for selection.
  3. Complete the six steps to arrive at a high-level business case. This case can then be shared and communicated with interested parties (e.g. impacted stakeholders).
InputOutput
  • Drivers for the business opportunity to adopt CSM tools
  • Understanding of key stakeholders
  • Overview of application portfolio
  • Budgetary information
  • Business Impact Assessment, which captures your high-level business case
MaterialsParticipants
  • Software Selection Workbook
  • Screen sharing or projector
  • Whiteboard and drawing materials
  • Customer support analyst(s)
  • Infrastructure and Operations lead(s)
  • Representative customer support staff
  • Product management analyst(s)

Download the Software Selection Workbook

Elicit and prioritize granular requirements for your CSM platform

Understanding business needs through requirements gathering is key to defining everything about what is being purchased, yet it is an area where people often make critical mistakes.

Signs of poorly scoped requirements Best practices
  • Requirements focus on how the solution should work instead of what it must accomplish.
  • Multiple levels of detail exist within the requirements, which are inconsistent and confusing.
  • Requirements drill all the way down into system-level detail.
  • Language is technical and dense, leaving some stakeholder groups confused on what they are actually looking for in a solution.
  • Requirements are copied from a market analysis of the art of the possible, abstract from organization’s own customer persona analysis.
  • Get a clear understanding of what the system needs to do and what it is expected to produce. Build customer personas to assist with identifying high-value use cases.
  • Test against the principle of MECE – requirements should be “mutually exclusive and collectively exhaustive.”
  • Use language that is consistent with that of the market and focus on key differentiators – not table stakes.
  • Include the appropriate level of detail, which should be suitable for procurement and sufficient for differentiating vendors.

Info-Tech Insight
Review Info-Tech’s requirements gathering methodology to improve your requirements gathering process.

Choose your route: RFP or otherwise?

As you gather requirements, decide which procurement route best suits your context.

RFI (Request for Information) RFQ (Request for Quotation) RFP (Request for Proposal)
Purpose and Usage

Gather information about products/services when you know little about what’s available.

Often followed by an RFP.

Solicit pricing and delivery information for products/services with clearly defined requirements.

Best for standard or commodity products/services.

Solicit formal proposals from vendors to conduct an evaluation and selection process.

Formal and fair process; identical for each participating vendor.

Level of Intent

Fact-finding there is no commitment to engage the vendor.

Vendors are often reluctant to provide quotes.

Committed to procure a specific product/service at the lowest price.

Intent to buy the products/services in the RFP.

Business case/approval to spend is already obtained.

Level of Detail High-level requirements and business goals.

Detailed specifications of what products/services are needed.

Detailed contract and delivery terms.

Detailed business requirements and objectives.

Standard questions and contract term requests for all vendors.

Response

Generalized response with high-level product/services.

Sometimes standard pricing quote.

Price quote and confirmation of ability to fulfill desired terms.

Detailed solution description, delivery approach, customized price quote, and additional requested information.

Product demo and/or hands-on trial.

Info-Tech Insight
If you are in a hurry, consider instead issuing Info-Tech’s Vendor Evaluation Workbook. This workbook speeds up the typical procurement process by adding RFP-like requirements (such as operational and technical requirements) while driving the procurement process via emphasis on high-value use cases.

Download the Vendor Evaluation Workbook

Activity: Document requirements

2 hours

  1. Review each tab of Info-Tech’s CSM Platform RFP Scoring Tool to generate use cases and ideas for your requirements building.
  2. Modify and include additional features you may need, using Info-Tech’s CSM Platform RFP Template to assist with structure (if pursuing an RFP process) or Vendor Evaluation Workbook (if an RFP process is not needed). Pay attention to any nonfunctional requirements (such as security or integrations), alongside future trends of CSM. Vendors must be able to scale with your organization’s growth.
  3. You can use the CSM Platform RFP Scoring Tool again when assessing vendor responses.
Input Output
  • Key use cases that capture your most important customer service support processes
  • Discussion of CSM future trends and differentiating features
  • Confirmation on organization’s significant nonfunctional requirements (e.g. security or integrations)
  • Either a Requirements Workbook to go straight to shortlisted vendor(s) or an RFP document to solicit a broader market response
Materials Participants
  • CSM Platform RFP Scoring Tool
  • CSM Platform RFP Template
  • Vendor Evaluation Workbook
  • Customer support analyst(s)
  • Infrastructure and Operations lead(s)
  • Other major stakeholders (for requirements elicitation)

Download the CSM Platform RFP Scoring Tool

Download the CSM Platform RFP Template

Once vendor responses are in, turn product demos into investigative interviews

Avoid vendor glitz and glamour shows by ensuring vendors are concretely applying their solution to your high-value use cases.

1 Minimize the number of vendors to four to keep up the pace of the selection process.
2 Provide a demo script that captures your high-value use cases and differentiating requirements.
3 Ensure demos are booked close together and the selection committee attends all demos.

Conduct a day of rapid-fire vendor demos

Zoom in on high-value use cases and answers to targeted questions

Rapid-fire vendor investigative interview

Invite vendors to come onsite (or join you via videoconference) to demonstrate the product and answer questions. Use a highly targeted demo script to help identify how a vendor’s solution will fit your organization’s particular business capability needs.

Give each vendor 90 to 120 minutes to give a rapid-fire presentation. We suggest the following structure:

  • 30 minutes: Company introduction and vision
  • 60 minutes: Walkthrough of two or three high-value demo scenarios
  • 30 minutes: Targeted Q&A from the business stakeholders and procurement team

To ensure a consistent evaluation, vendors should be asked analogous questions and answers should be tabulated.

How to challenge the vendors in the investigative interview

  • Change the visualization/presentation.
  • Change the underlying data.
  • Add additional data sets to the artifacts.
  • Test voice quality (if the vendor offers a native telephony channel).
  • Test collaboration capabilities.

To kick-start scripting your demo scenarios, leverage our CSM Platform Vendor Demo Script Template.

A vendor scoring model provides a clear anchor point for your evaluation of CRM vendors based on a variety of inputs

A vendor scoring model is a systematic method for effectively assessing competing vendors. A weighted-average scoring model is an approach that strikes a strong balance between rigor and evaluation speed.

How do I build a scoring model? What are some of the best practices?
  • Start by shortlisting the key criteria you will use to evaluate your vendors. Functional capabilities should always be a critical category, but you’ll also want to look at criteria such as affordability, architectural fit, and vendor viability.
  • Depending on the complexity of the project, you may break down some criteria into subcategories to assist with evaluation (for example, breaking down functional capabilities into constituent use cases so you can score each one).
  • Once you’ve developed the key criteria for your project, the next step is weighting each criterion. Your weightings should reflect the priorities for the project at hand. For example, some projects may put more emphasis on affordability, others on vendor partnership.
  • Using the information collected in the subsequent phases of this blueprint, score each criterion from 1 to 100, then multiply by the weighting factor. Add up the weighted scores to arrive at the aggregate evaluation score for each vendor on your shortlist.
  • While the criteria for each project may vary, it’s helpful to have an inventory of repeatable criteria that can be used across application selection projects. The next slide contains an example that you can add to or subtract from.
  • Don’t go overboard on the number of criteria: five to ten weighted criteria should be the norm for most projects. The more criteria (and subcriteria) you must score against, the longer it will take to conduct your evaluation. Always remember, link the level of rigor to the size and complexity of your project! It’s possible to create a convoluted scoring model that takes significant time to fill out but yields little additional value.
  • Creation of the scoring model should be a consensus-driven activity among IT, procurement, and the key business stakeholders – it should not be built in isolation. Everyone should agree on the fundamental criteria and weights that are employed.
  • Consider using not just the outputs of investigative interviews and RFP responses to score vendors, but also third-party review services like SoftwareReviews.

Info-Tech Insight
Even the best scoring model will still involve some “art” rather than science. Scoring categories such as vendor viability always entail a degree of subjective interpretation.

Define how you will score vendor responses and demos

Your key CSM criteria should be informed by the following goals, use cases, and requirements.

Criteria Description
Functional Capabilities How well does the vendor align with the top-priority functional requirements identified in your accelerated needs assessment? What is the vendor’s functional breadth and depth?
Affordability How affordable is this vendor? Consider a three-to-five-year total cost of ownership (TCO) that encompasses not just licensing costs but also implementation, integration, training, and ongoing support costs.
Architectural Fit How well does this vendor align with your direction from an enterprise architecture perspective? How interoperable is the solution with existing applications in your technology stack? Does the solution meet your deployment model preferences?
Extensibility How easy is it to augment the base solution with native or third-party add-ons as your business needs may evolve?
Scalability How easy is it to expand the solution to support increased user, data, and/or customer volumes? Does the solution have any capacity constraints?
Vendor Viability How viable is this vendor? Are they an established player with a proven track record or a new and untested entrant to the market? What is the financial health of the vendor? How committed are they to the particular solution category?
Vendor Vision Does the vendor have a cogent and realistic product roadmap? Are they making sensible investments that align with your organization’s internal direction?
Emotional Footprint How well does the vendor’s organizational culture and team dynamics align to yours?
Third-Party Assessments and/or References How well-received is the vendor by unbiased third-party sources like SoftwareReviews? For larger projects, how well does the vendor perform in reference checks (and how closely do those references mirror your own situation)?

Leverage Info-Tech’s Contract Review Services to level the playing field with shortlisted vendors

You may be faced with multiple products, services, master service agreements, licensing models, service agreements, and more.

Use Info-Tech’s Contract Review Services to gain insights on your agreements.

Consider the aspects of a contract review:

  1. Are all key terms included?
  2. Are they applicable to your business?
  3. Can you trust that results will be delivered?
  4. What questions should you be asking from an IT perspective?

Validate that a contract meets IT’s and the business’ needs by looking beyond the legal terminology. Use a practical set of questions, rules, and guidance to improve your value for dollar spent.

Book Contract Review Service

Download Master Contract Review and Negotiation for Software Agreements

Customer Service Management (CSM) Software

Vendor Analysis

Evaluate software category leaders through vendor rankings and awards

SoftwareReviews

The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

Speak with category experts to dive deeper into the vendor landscape

SoftwareReviews

Fact-based reviews of business software from IT professionals.

Product and category reports with state-of-the-art data visualization.

Top-tier data quality backed by a rigorous quality assurance process.

User-experience insight that reveals the intangibles of working with a vendor.

SoftwareReviews is powered by Info-Tech

Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive, unbiased data on today’s technology. Combined with the insight of our expert analysts, our members receive unparalleled support in their buying journey.

Click here to access SoftwareReviews

Comprehensive software reviews to make better IT decisions

We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

Microsoft Dynamics 365

Est. 2003 | WA, USA | MSFT:NASDAQ

Bio

To accelerate your digital transformation, you need a new type of business application. One that breaks down the silos between CRM and ERP, that’s powered by data and intelligence, and helps capture new business opportunities. That’s Microsoft Dynamics 365.

Offices

Microsoft is located all over the world. For a full list, see Microsoft Worldwide Sites.

representative Customers

Stated Industry Specializations

  • Covers an extremely wide range of industries, such as finance, education, government, healthcare, manufacturing, and retail.

Software review for Microsoft

SoftwareReviews’ CSM Enterprise Vendor Ranking
(out of 7)

Likeliness to Recommend

  • 7th (81%)

Plan to Renew

  • 6th (93%)

Satisfaction That Cost Is Fair Relative to Value

  • 2nd (81%)

Strengths

  • Product Strategy and Rate of Improvement (1st)
  • Ease of Customization (1st)
  • Breadth of Features (2nd)

Areas to Improve

  • Availability and Quality of Training (5th)
  • Ease of Implementation (7th)
  • Usability and Intuitiveness (7th

Microsoft Dynamics 365

History

Founded 2003 (as Microsoft Dynamics CRM)
2005 Second version branded Dynamics 3.0.
2009 Dynamics CRM 4.0 (Titan) passes 1 million user mark.
2015 Announces availability of CRM Cloud design for FedRAMP compliance.
2016 Dynamics 365 released as successor to Dynamics CRM.
2016 Microsoft’s acquisition of LinkedIn provides line of data to 500 million users.
2021 First-party voice channel added to Dynamics 365.
2022 Announces Digital Contact Center Platform powered with Nuance AI, MS Teams, and Dynamics 365.

Microsoft is rapidly innovating in the customer experience technology marketspace. Alongside Dynamics 365’s omnichannel offering, Microsoft is building out its own native contact center platform. This will provide new opportunities for centralization without multivendor management between Dynamics 365, Microsoft Teams, and an additional third-party telephony or contact-center-as-a-service (CCaaS) vendor. SoftwareReviews reports suggest that Microsoft is a market leader in the area of product innovation for CSM, and this area of voice channel capability is where I see most industry interest.

Of course, Dynamics 365 is not a platform to get only for CSM functionality. Users will typically be a strong Microsoft shop already (using Dynamics 365 for customer relationship management) and are looking for native CSM features to enhance customer service workflow management and self-service.
Thomas Randall
Research Director, Info-Tech Research Group

Info-Tech Insight
Pricing for Microsoft Dynamics 365 is often contextualized to an organization’s needs. However, this can create complicated licensing structures. Two Info-Tech resources to assist are:

*This service may be used for other enterprise CSM providers too, including Salesforce, ServiceNow, SAP, and Oracle.
Contact your account manager to review your access to this service.

Freshworks

Est. 2010 | CA, USA | FRSH:NASDAQ

Bio

Freshworks' cloud-based customer support software, Freshdesk, makes customer happiness refreshingly easy. With powerful features, an easy-to-use interface, and a freemium pricing model, Freshdesk enables companies of all sizes to provide a seamless multichannel support experience across email, phone, web, chat, forums, social media, and mobile apps. Freshdesk’s capabilities include robust ticketing, SLA management, smart automations, intelligent reporting, and game mechanics to motivate agents.

Offices

  • Americas: US
  • Asia-Pacific (APAC): Australia, India, Singapore
  • Europe, Middle East, and Africa (EMEA): France, Germany, Netherlands, UK

Freshworks Representative Customers

Stated Industry Specializations

  • Automotive
  • Education
  • Energy
  • Finance
  • Healthcare
  • Nonprofit
  • Professional Services
  • Publishing
  • Real Estate
  • Retail
  • Travel

Software Review of Freshworks

SoftwareReviews’ CSM Enterprise Vendor Ranking
(out of 7)

Likeliness to Recommend

  • 3rd (83%)

Plan to Renew

  • 4th (94%)

Satisfaction That Cost Is Fair Relative to Value

  • 3rd (80%)

Strengths

  • Breadth of Features (1st)
  • Usability and Intuitiveness (1st)
  • Ease of Implementation (2nd)

Areas to Improve

  • Ease of IT Administration (3rd)
  • Vendor Support (4th)
  • Product Strategy and Rate of Improvement (4th)

Freshworks

History

Founded 2010
2011 Freshdesk forms a core component of product line.
2014 Raises significant capital in Series D round: $31M.
2016 Acquires Airwoot, enabling real-time customer support on social media.
2019 Raises $150M in Series H funding round.
2019 Acquires Natero, which predicts, analyzes, and drives customer behavior.
2021 Surpasses $300M in annual recurring revenues.
2021 Freshworks posts its IPO listing.

Freshworks stepped into the SaaS customer support marketspace in 2010 to attract dissatisfied Zendesk eSupport customers, following Zendesk’s large price increases that year (of 300%). After performing well during the pandemic, Freshworks has reinforced its global positioning in the CSM tool marketspace; SoftwareReviews data suggests Freshworks performs very well against its competitors for breadth and intuitiveness of its features.

Freshworks receives strong recommendations from Info-Tech’s members, boasting a broad product selection that enables opportunities for scaling and receiving a high rate of value return. Of note are Freshworks’ internal customer management solution and its native contact center offering, limiting multivendor management typically required for integrating separate IT service management (ITSM) and CCaaS solutions.
Thomas Randall
Research Director, Info-Tech Research Group

Free Growth Pro Enterprise
  • $0 up to 10 agents
  • Knowledge base
  • Ticket routing
  • Out-of-box analytics
  • $15 agent/month
  • Collision detection
  • Integrations
  • Automated follow-ups
  • $49 agent/month
  • Multiple product lines
  • Personalization
  • CSAT surveys
  • Customer journey
  • $79 agent/month
  • Assist bot and email bot
  • Skill-based routing

*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.

Help Scout

Est. 2006 | MA, USA | HUBS:NYSE

Bio
Help Scout is designed with your customers in mind. Provide email and live chat with a personal touch and deliver help content right where your customers need it, all in one place, all for one low price. The customer experience is simple and training staff is painless, but Help Scout still has all the powerful features you need to provide great support at scale. With best-in-class reporting, an integrated knowledge base, 50+ integrations, and a robust API, Help Scout lets your team focus on what really matters: your customers.

Offices

  • Americas: Canada, Colombia, US
  • APAC: Australia, Japan, Singapore
  • EMEA: Belgium, France, Ireland, Germany, UK

Questions for support transition

Stated Industry Specializations

  • eCommerce
  • Education
  • Finance
  • Healthcare
  • Logistics
  • Manufacturing
  • Media
  • Professional Services
  • Property Management
  • Software

Software Review of Help Scout

SoftwareReviews’ CSM Enterprise Vendor Ranking
(out of 7)

Likeliness to Recommend

  • 4th (82%)

Plan to Renew

  • 7th (87%)

Satisfaction That Cost Is Fair Relative to Value

  • 7th (71%)

Strengths

  • Business Value Created (1st)
  • Ease of Data Integration (1st)
  • Breadth of Features (3rd)

Areas to Improve

  • Ease of IT Administration (5th)
  • Product Strategy and Rate of Improvement (5th)
  • Quality of Features (6th)

Help Scout

History

Founded 2011
2015 Raised $6M in Series A funding.
2015 Rebrands from Brightwurks to Help Scout.
2015 Named by Appstorm as one of six CSM tools to delight Mac users.
2016 iOS app released.
2017 Android app released.
2020 All employees instructed to work remotely.
2021 Raises $15M in Series B funding.

Help Scout provides a simplified, standalone CSM tool that operates like a shared email inbox. Best suited for mid-sized organizations, customers can expect live chat, in-app messaging, and knowledge-base functionality. A particular strength is Help Scout’s integration capabilities, with a wide range of CRM, eCommerce, marketing, and communication APIs available. This strength is also reflected in the data: SoftwareReviews lists Help Scout as first in its CSM category for ease of data integrations.

Customers who are expecting a broader range of channels (including voice, video cobrowsing, and so on) will not find good return on investment with Help Scout. However, for mid-sized organizations looking to begin maturing their customer service management, Help Scout provides a strong foundation – especially for enhancing in-house collaboration between support staff.
Thomas Randall
Research Director, Info-Tech Research Group

Standard Plus Pro
  • $20 user/month
  • Live chat
  • Up to 25 users
  • 50+ integrations
  • 2 mailboxes
  • $40 user/month
  • Advanced permissions
  • Group users
  • 5 mailboxes
  • $65 user/month
  • HIPAA compliance
  • Onboarding service
  • Dedicated account manager

*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.

HubSpot

Est. 2006 | MA, USA | HUBS:NYSE

Bio
HubSpot’s Service Hub brings all your customer service data and channels together in one place and helps scale your support through automation and self-service. The result? More time for proactive service that delights, retains, and grows your customer base. HubSpot provides software and support to help businesses grow better. The overall platform includes marketing, sales, service, and website management products that start free and scale to meet our customers’ needs at any stage of growth.

Offices

  • Americas: Canada, Colombia, US
  • APAC: Australia, Japan, Singapore
  • EMEA: Belgium, France, Ireland, Germany, UK

HubSpot Representative Customers

Stated Industry Specializations

  • Covers an extremely wide range of industries, such as finance, education, healthcare, manufacturing, and retail.

Software Review for HubSpot

SoftwareReviews’ CSM Enterprise Vendor Ranking
(out of 7)

Likeliness to Recommend

  • 1st (88%)

Plan to Renew

  • 1st (98%)

Satisfaction That Cost Is Fair Relative to Value

  • 5th (78%)

Strengths:

  • Vendor Support (1st)
  • Availability and Quality of Training (1st)
  • Ease of IT Administration (1st)

Areas to Improve:

  • Ease of Data Integration (5th)
  • Ease of Customization (5th)
  • Breadth of Features (7th)

HubSpot

History

Founded 2006
2013 Opens first international office in Ireland.
2014 First IPO listing on NYSE, raising $140M.
2015 Milestone for acquiring 15,000 customers
2017 Acquires Kemvi for AI and ML support for sales teams.
2019 Acquires PieSync for customer data synchronization.
2021 Yamini Rangan is announced as new CEO.
2021 Records $1B in revenues.

HubSpot is a competitive player in the enterprise sales and marketing technology market. Offering an all-in-one platform, HubSpot allows users to leverage its CRM, marketing solutions, content management tool, and CSM tool. Across knowledge management, contact center integration, and customer self-service, SoftwareReviews data pits HubSpot as performing better than its enterprise competitors.

While customers can leverage HubSpot’s CSM tool independently, watch out for scope creep. HubSpot’s other offerings are tightly integrated and module extensions could quickly add up in price. HubSpot may not be affordable for most regional, mid-sized organizations, and a poor ROI may be expected. For instance, the Pro plan is required to get a knowledge base, which is typically a standard CSM feature – yet the same plan also comes with multicurrency support, which could remain unleveraged.
Thomas Randall
Research Director, Info-Tech Research Group

Free Starter Pro Enterprise
  • $0 month
  • Ticketing
  • Live chat
  • 200 notifications per month
  • $45 month
  • 5,000 email templates
  • White label
  • 500 calling minutes
  • $450 month
  • 30 currencies
  • Knowledge base
  • Up to 300 workflows
  • $1,200 month
  • Conversation intelligence
  • SSO

*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.

Salesforce

Est. 1999 | CA, USA | CRM:NYSE

Bio

Service Cloud customer service software gives you faster, smarter customer support. Salesforce provides customer relationship management software and applications focused on sales, customer service, marketing automation, analytics, and application development.

Offices

  • Americas: US
  • APAC: Australia, India, Singapore
  • EMEA: France, Germany, Netherlands, UK

Salesforce Representative Customers

Stated Industry Specializations

  • Covers an extremely wide range of industries, such as finance, education, government, healthcare, manufacturing, and retail.

Software Review for Salesforce

SoftwareReviews’ CSM Enterprise Vendor Ranking
(out of 7)

Likeliness to Recommend

  • 6th (81%)

Plan to Renew

  • 2nd (96%)

Satisfaction That Cost Is Fair Relative to Value

  • 4th (79%)

Strengths:

  • Usability and Intuitiveness (5th)
  • Breadth of Features (5th)
  • Ease of Implementation (6th)

Areas to Improve:

  • Ease of IT Administration (7th)
  • Availability and Quality of Training (7th)
  • Ease of Customization (7th)

Salesforce

History

Founded 1999
2000 Salesforce launches its cloud-based products.
2003 The first Dreamforce (a leading CX conference) happens.
2005 Salesforce unveils AppExchange.
2013 Salesforce acquires ExactTarget and expands Marketing Cloud offering.
2016 Salesforce acquires Demandware, launches Commerce Cloud.
2019 Salesforce acquires Tableau to expand business intelligence capabilities.
2021 Salesforce buys major collaboration vendor Slack.

Salesforce was an early disruptor in CRM marketspace, placing a strong emphasis on a SaaS delivery model and end-user experience. This allowed Salesforce to rapidly gain market share at the expense of complacent enterprise application vendors. A series of savvy acquisitions over the years has allowed Salesforce to augment its core Sales and Service Clouds with a wide variety of other solutions, from ecommerce to marketing automation – and recently Slack for internal collaboration.

Salesforce Service Cloud Voice is now available to take advantage of integrating telephony and voice channels into your CRM. This service is still maturing, though, with Salesforce selecting Amazon Connect as its preferred integrator. However, Connect is not necessarily plug-and-play – it is a communications platform as a service, requiring you to build your own contact center solution. This is either a fantastic opportunity for creativity or a time suck of already tied-up resources.
Thomas Randall
Research Director, Info-Tech Research Group

Service Cloud Essentials Service Cloud Professional Service Cloud Enterprise Service Cloud Unlimited
  • $25 user/month
  • Small businesses after basic functionality
  • $75 user/month
  • Mid-market target
  • $150 user/month
  • Enterprise target
  • Web Services API
  • $300 user/month
  • Strong upmarket feature additions

*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.

Zendesk

Est. 2007 | CA, USA | ZEN:NYSE

Bio

Zendesk streamlines your support with time-saving tools like ticket views, triggers, and automations. This helps you get straight to what matters most – better customer service and more meaningful conversations. Today, Zendesk is the champion of great service everywhere for everyone and powers billions of conversations, connecting more than 100,000 brands with hundreds of millions of customers over telephony, chat, email, messaging, social channels, communities, review sites, and help centers.

Offices

  • Americas: Brazil, Canada, US
  • APAC: Australia, China, India, Indonesia, Japan, Korea, Malaysia, Philippines, Singapore, Thailand, Vietnam
  • EMEA: Denmark, France, Germany, Ireland, Italy, Netherlands, Poland, Spain, Sweden, UK

Zendesk Representative Customers

Stated Industry Specializations

  • Education
  • Finance
  • Government
  • Healthcare
  • Manufacturing
  • Media
  • Retail
  • Software
  • Telecommunications

Software Review for Zendesk

SoftwareReviews’ CSM Enterprise Vendor Ranking
(out of 7)

Likeliness to Recommend

  • 5th (81%)

Plan to Renew

  • 5th (94%)

Satisfaction That Cost Is Fair Relative to Value

  • 6th (77%)

Strengths

  • Ease of IT Administration (2nd)
  • Ease of Implementation (5th)
  • Quality of Features (5th)

Areas to Improve

  • Business Value Created (7th)
  • Vendor Support (7th)
  • Product Strategy and Rate of Improvement (7th)

Zendesk

History

Founded 2007
2008 Initial seed funding of $500,000.
2009 Receives $6M through Series B Funding.
2009 Relocates from Copenhagen to San Francisco.
2014 Acquires Zopin Technologies.
2014 Listed on NYSE.
2015 Acquires We Are Cloud SAS.
2018 Launches Zendesk Sell.

Zendesk is a global player in the CSM tool marketspace and works with enterprises across a wide variety of industries. Unlike some other CSM players, Zendesk provides more service channels at its lowest licensing offer, affording organizations a quicker expansion in customer service delivery without making enterprise-grade investments. However, the price of the lowest licensing offer starts much higher than Zendesk’s competitors; organizations will need to consider if the cost to try Zendesk over an annual contract is within budget.

Unfortunately, SoftwareReviews data suggests that Zendesk may not always provide that immediate value, especially to mid-sized organizations. Zendesk is rated lower for vendor support and business value created. However, Zendesk provides strong functionality that competes with other enterprise players, and mid-sized organizations are continually impressed with Zendesk’s automation workflows.
Thomas Randall
Research Director, Info-Tech Research Group

*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.

Team Growth Pro
  • $49 user/month
  • Ticketing
  • Email, voice, SMS, and live chat channels
  • $79 user/month
  • AI-powered knowledge management
  • Self-service portal
  • $99 user/month
  • HIPAA compliance
  • Customizable dashboards

LiveChat

Est. 2002 | Poland | WSE:LVC

Bio

Manage all emails from customers in one app and save time on customer support. LiveChat is a real-time live-chat software tool for ecommerce sales and support that is helping ecommerce companies create a new sales channel. It serves more than 30,000 businesses in over 150 countries, including large brands like Adobe, Asus, LG, Acer, Better Business Bureau, and Air Asia and startups like SproutSocial, Animoto, and HasOffers.

Offices

  • Americas: US
  • EMEA: Poland

LiveChat Representative Customers

Stated Industry Specializations

  • eCommerce
  • Education
  • Finance
  • Software and IT

Software Review for LiveChat

SoftwareReviews’ CSM Midmarket Vendor Ranking
(out of 8)

Likeliness to Recommend

  • 1st (93%)

Plan to Renew

  • 4th (92%)

Satisfaction That Cost Is Fair Relative to Value

  • 5th (83%)

Strengths

  • Product Strategy and Rate of Improvement (1st)
  • Usability and Intuitiveness (1st)
  • Breadth of Features (1st)

Areas to Improve

  • Ease of Implementation (5th)
  • Ease of IT Administration (5th)
  • Ease of Customization (7th)

LiveChat

History

Founded 2002
2006 50% of company stock bought by Capital Partners.
2008 Capital Partners sells entire stake to Naspers.
2011 LiveChat buys back majority of stakeholder shares.
2013 Listed by Red Herring in group of most innovative companies across Europe.
2014 Listed on Warsaw Stock Exchange.
2019 HelpDesk is launched.
2020 Offered services for free to organizations helping mitigate the pandemic.

LiveChat’s HelpDesk solution for CSM is a relatively recent solution (2019) that is proving very popular for small to mid-sized businesses (SMBs) – especially across Western Europe. SoftwareReviews’ data shows that HelpDesk is well-rated for breadth of features, usability and intuitiveness, and rate of improvement. Indeed, LiveChat has won and been shortlisted for several awards over the past decade for customer feedback, innovation, and fast growth to IPO.

When shortlisting LiveChat’s HelpDesk, SMBs should be careful of scope creep. LiveChat offers a range of other solutions that are intended to work together. The LiveChat self-titled product is designed to integrate with HelpDesk to provide ticketing, email management, and chat management. Moreover, LiveChat’s AI-based ChatBot (for automated webchat) comes with additional cost (starting at $52 team/month).
Thomas Randall
Research Director, Info-Tech Research Group

Team Plan Enterprise
  • $29 user/month.
  • Customized canned responses
  • Real-time reporting
  • Request quote
  • White labelling
  • Product training
  • Account manager

*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.

ManageEngine

Est. 1996 | India | Privately Owned

Bio

SupportCenter Plus is a web-based customer support software that lets organizations effectively manage customer tickets, their account and contact information, and their service contracts, and in the process provide a superior customer experience. ManageEngine is a division of Zoho.

Offices

  • Americas: Brazil, Colombia, Mexico, US
  • APAC: Australia, China, India, Japan, Singapore
  • EMEA: Netherlands, Saudi Arabia, South Africa, UAE, UK

ManageEngine Representative Customers

Stated Industry Specializations

  • None stated but representative customers cover manufacturing, R&D, real estate, and transportation.

Software Review for ManageEngine

SoftwareReviews’ CSM Midmarket Vendor Ranking
(out of 8)

Likeliness to Recommend

  • 6th (85%)

Plan to Renew

  • 5th (91%)

Satisfaction That Cost Is Fair Relative to Value

  • 6th (83%)

Strengths

  • Ease of Customization (1st)
  • Ease of Implementation (2nd)
  • Ease of IT Administration (2nd)

Areas to Improve

  • Quality of Features (4th)
  • Usability and Intuitiveness (6th)
  • Availability and Quality of Training (8th)

ManageEngine

History

Founded 1996
2002 Branches from Zoho to become division focused on IT management.
2004 Becomes an authorized MySQL Partner.
2009 Begins shift of offerings into the cloud.
2010 Tops 35,000 customers.
2011 Integration with Zoho Assist.
2015 Integration with Zoho Reports.

ManageEngine, as a division of Zoho, has its strengths in IT operations management (ITOM). SupportCenter thus scores well in our SoftwareReviews data for ease of customization, implementation, and administration. As ManageEngine is a frequently discussed low-cost vendor in the ITOM market, customers often get good scalability across IT, sales, and marketing teams. Although SupportCenter is aimed at the midmarket and is low cost, organizations have the benefit of ManageEngine’s global presence and backing by Zoho for viability.

However, because ManageEngine’s focus is ITOM, the breadth and quality of features for SupportCenter are not rated as well compared to its competitors. These features may be “good enough,” but usability and intuitiveness is not scored high. Organizations thinking about SupportCenter are recommended to identify their high-value use cases and perform user acceptance testing before adopting.
Thomas Randall
Research Director, Info-Tech Research Group

Standard* Pro* Enterprise*
  • Account and contact management
  • Knowledge base
  • SLA management
  • Customer portal
  • Active Directory integration
  • Reporting and dashboards
  • Billing contracts
  • Live chat
  • APIs
  • Automation tools

*Pricing unavailable. Request quote.
See pricing on vendor’s website for latest information.

Zoho Desk

Est. 1996 | India | Privately Owned

Bio

Use the power of customer context to improve agent productivity, promote self-service, manage cross-functional service processes, and increase customer happiness. Zoho offers beautifully smart software to help you grow your business. With over 80 million users worldwide, Zoho's 55+ products (including Zoho Desk) aid your sales and marketing, support and collaboration, finance, and recruitment needs – letting you focus only on your business.

Offices

  • Americas: Brazil, Colombia, Mexico, US
  • APAC: Australia, China, India, Japan, Singapore
  • EMEA: Netherlands, Saudi Arabia, South Africa, UAE, UK

Zoho Desk Representative Customers

Stated Industry Specializations

  • Covers an extremely wide range of industries, such as finance, education, government, healthcare, manufacturing, and retail.

Software Review for Zoho Desk

SoftwareReviews’ CSM Midmarket Vendor Ranking
(out of 8)

Likeliness to Recommend

  • 2nd (90%)

Plan to Renew

  • 2nd (98%)

Satisfaction That Cost Is Fair Relative to Value

  • 3rd (83%)

Strengths

  • Breadth of Features (2nd)
  • Quality of Features (3rd)
  • Ease of Implementation (3rd)

Areas to Improve

  • Business Value Created (5th)
  • Ease of Data Integration (5th)
  • Product Strategy and Rate of Improvements (5th)

Zoho Desk

History

Founded 1996
2001 Expands into Japan and shifts focus to SMBs.
2006 Zoho CRM is launched, alongside first Office suite.
2008 Reaches 1M users.
2009 Rebrands from AdventNet to Zoho Corp.
2011 Zoho Desk is built and launched.
2017 Zoho One, a suite of applications, is launched.
2020 Reaches 50M users.

Zoho Desk is one of the highest scoring CSM tool providers for likelihood to renew and recommend (98% and 90%, respectively). A major reason is that users receive a broad range of functionality for a lower-cost price model. There is also the capacity to scale with Zoho Desk as midmarket customers expand; companies can grow with Zoho and can receive high return on investment in the process.

However, while Zoho Desk can be used as a standalone CSM tool, there is danger of scope creep with other Zoho products. Zoho now has 50+ applications, all tied into one another. For Zoho Desk, customers may also lean into Zoho Assist (for troubleshooting customer problems via remote access) and Zoho Lens (for reality-based remote assistance, typically for plant machinery or servers). Consequently, customers should keep an eye on business value created if the scope of CSM grows wider.
Thomas Randall
Research Director, Info-Tech Research Group

Standard Pro Enterprise
  • $14 user/month
  • 1 social media channel
  • 5 workflow rules
  • $23 user/month
  • Telephony channel
  • Round-robin ticket assignment
  • Ticket sharing
  • $40 user/month
  • Live chat
  • Contract management SLAs

*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.

Summary of AccomplishmentSuccessful selection of a CSM tool

In this trends and buyer’s guide for CSM tool selection, we engaged in several activities to:

  1. Contextualize the CSM technology marketspace.
  2. Engage in a selection process for CSM tools.

The result:

  • Understanding of key trends and differentiating features in the CSM marketspace.
  • Determination of your organization’s customer service maturity (and thus if a standalone CSM tool is relevant).
  • Identification of high-value use cases that CSM tools should successfully enable.
  • Evaluation of major vendors in the CSM marketspace to discover the best-fitting provider.
  • Procurement items to finalize selection process.

If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation

Contact your account representative for more information.
workshops@infotech.com
1-888-670-8889

Related Info-Tech Research

Governance and Management of Enterprise Software Implementation

  • Being Agile will increase the likelihood of success.

The Rapid Application Selection Framework

  • Application selection is a critical activity for IT departments. Implement a repeatable, data-driven approach that accelerates application selection efforts.

Build a Strong Technology Foundation for Customer Experience Management

  • Design an end-to-end technology strategy to drive sales revenue, enhance marketing effectiveness, and create compelling experiences for your customers.

Bibliography

Capers, Zach. “How the Pandemic Changed Customer Attitudes Toward Biometric Technology.” GetApp, 21 Feb. 2022. Accessed Nov. 2022.

Gomez, Jenny. “The Good, the Bad, and the Ugly: A History of Customer Service.” Lucidworks, 15 Jul. 2021. Accessed Nov. 2022.

Hoory. “History of Customer Service: How Did It All Begin?” Hoory, 24 Mar. 2022. Accessed Nov. 2022.

Patel, Snigdha. “Top 10 Customer Service Technology Trends to Follow in 2022.” Reve Chat, 21 Feb. 2021. Accessed Nov. 2022.

RingCentral. “The 2020 Customer Communications Review: A Survey of How Consumers Prefer to Communicate with Businesses.” RingCentral, 2020. Accessed Nov. 2022.

Robinson-Yu, Sarah. “What is a Knowledgebase? How Can It Help my Business?” Vanilla, 25 Feb. 2022. Accessed Nov. 2022.

Salesforce. “The Complete History of CRM.” Salesforce, n.d. Accessed Nov. 2022.

Salesforce. “State of the Connected Customer.” 5th ed. Salesforce, 2022. Accessed Nov. 2022.

Sprinklr. “How AzkoNobel UK Reduced Response Times and Increased Engagement.” Sprinklr, 2021. Accessed Nov. 2022.

Vermes, Krystle. “Study: 70% of Marketers Using Advanced Personalization Seeing 200% ROI.” KoMarketing, 2 Jun. 2020. Accessed Nov. 2022.

Research Contributors and Experts

Colin Taylor, CEO, The Taylor Research Group

Colin Taylor
CEO
The Taylor Reach Group

Recognized as one of the leading contact/call center pioneers and experts, Colin has received 30 awards on two continents for excellence in contact center management and has been acknowledged as a leader and influencer on the topics of call/contact centers, customer service, and customer experience, in published rankings on Huffington Post, Call Center Helper, and MindShift. Colin was recognized as number 6 in the global 100 for customer service.

The Taylor Reach Group is a contact center, call center and customer experience (CX) consultancy specializing in CX consulting and call and contact center consulting, management, performance, technologies, site selection, tools, training development and center leadership training, center audits, benchmarking, and assessments.

David Thomas, Customer Service Specialist, Freedom Mobile

David Thomas
Customer Service Specialist
Freedom Mobile

David Thomas has both managerial and hands-on experience with delivering quality service to Freedom Mobile customers. With several years being involved in training customer support and being at the forefront of retail during the pandemic, David has witnessed first-hand how to incentivize staff with the right metrics that create positive experiences for both staff and customers.

Freedom Mobile Inc. is a Canadian wireless telecommunications provider owned by Shaw Communications. It has 6% market share of Canada, mostly in urban areas of Ontario, British Columbia, and Alberta. Freedom Mobile is the fourth-largest wireless carrier in Canada.

A special thanks to three other anonymous contributors, all based in customer support and contact center roles for Canada’s National Park Booking Systems’ software provider.

Develop Meaningful Service Metrics

  • Buy Link or Shortcode: {j2store}399|cart{/j2store}
  • member rating overall impact: 9.5/10 Overall Impact
  • member rating average dollars saved: $20,308 Average $ Saved
  • member rating average days saved: 30 Average Days Saved
  • Parent Category Name: Service Management
  • Parent Category Link: /service-management
  • IT organizations measure services from a technology perspective but rarely from a business goal or outcome perspective.
  • Most organizations do a poor job of identifying and measuring service outcomes over the duration of a service’s lifecycle – never ensuring the services remain valuable and meet expected long-term ROI.

Our Advice

Critical Insight

  • Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.
  • Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.
  • Poorly designed metrics drive unintended and unproductive behaviors that have negative impacts on IT and produce negative service outcomes.

Impact and Result

Effective service metrics will provide the following service gains:

  • Confirm service performance and identify gaps.
  • Drive service improvement to maximize service value.
  • Validate performance improvements while quantifying and demonstrating business value.
  • Ensure service reporting aligns with end-user experience.
  • Achieve and confirm process and regulatory compliance.

Which will translate into the following relationship gains:

  • Embed IT into business value achievement.
  • Improve the relationship between the business and IT.
  • Achieve higher customer satisfaction (happier end users receiving expected service, the business is able to identify how things are really performing).
  • Reinforce desirable actions and behaviors from both IT and the business.

Develop Meaningful Service Metrics Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop meaningful service metrics, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

  • Develop Meaningful Service Metrics – Executive Brief
  • Develop Meaningful Service Metrics – Phases 1-3

1. Design the metrics

Identify the appropriate service metrics based on stakeholder needs.

  • Develop Meaningful Service Metrics to Ensure Business and User Satisfaction – Phase 1: Design the Metrics
  • Metrics Development Workbook

2. Design reports and dashboards

Present the right metrics in the most interesting and stakeholder-centric way possible.

  • Develop Meaningful Service Metrics to Ensure Business and User Satisfaction – Phase 2: Design Reports and Dashboards
  • Metrics Presentation Format Selection Guide

3. Implement, track, and maintain

Run a pilot with a smaller sample of defined service metrics, then continuously validate your approach and make refinements to the processes.

  • Develop Meaningful Service Metrics to Ensure Business and User Satisfaction – Phase 3: Implement, Track, and Maintain
  • Metrics Tracking Tool
[infographic]

Workshop: Develop Meaningful Service Metrics

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Design the Metrics

The Purpose

Define stakeholder needs for IT based on their success criteria and identify IT services that are tied to the delivery of business outcomes.

Derive meaningful service metrics based on identified IT services and validate that metrics can be collected and measured.

Key Benefits Achieved

Design meaningful service metrics from stakeholder needs.

Validate that metrics can be collected and measured.

Activities

1.1 Determine stakeholder needs, goals, and pain points.

1.2 Determine the success criteria and related IT services.

1.3 Derive the service metrics.

1.4 Validate the data collection process.

1.5 Validate metrics with stakeholders.

Outputs

Understand stakeholder priorities

Adopt a business-centric perspective to align IT and business views

Derive meaningful business metrics that are relevant to the stakeholders

Determine if and how the identified metrics can be collected and measured

Establish a feedback mechanism to have business stakeholders validate the meaningfulness of the metrics

2 Design Reports and Dashboards

The Purpose

Determine the most appropriate presentation format based on stakeholder needs.

Key Benefits Achieved

Ensure the metrics are presented in the most interesting and stakeholder-centric way possible to guarantee that they are read and used.

Activities

2.1 Understand the different presentation options.

2.2 Assess stakeholder needs for information.

2.3 Select and design the metric report.

Outputs

Learn about infographic, scorecard, formal report, and dashboard presentation options

Determine how stakeholders would like to view information and how the metrics can be presented to aid decision making

Select the most appropriate presentation format and create a rough draft of how the report should look

3 Implement, Track, and Maintain Your Metrics

The Purpose

Run a pilot with a smaller sample of defined service metrics to validate your approach.

Make refinements to the implementation and maintenance processes prior to activating all service metrics.

Key Benefits Achieved

High user acceptance and usability of the metrics.

Processes of identifying and presenting metrics are continuously validated and improved.

Activities

3.1 Select the pilot metrics.

3.2 Gather data and set initial targets.

3.3 Generate the reports and validate with stakeholders.

3.4 Implement the service metrics program.

3.5 Track and maintain the metrics program.

Outputs

Select the metrics that should be first implemented based on urgency and impact

Complete the service intake form for a specific initiative

Create a process to gather data, measure baselines, and set initial targets

Establish a process to receive feedback from the business stakeholders once the report is generated

Identify the approach to implement the metrics program across the organization

Set up mechanism to ensure the success of the metrics program by assessing process adherence and process validity

Further reading

Develop Meaningful Service Metrics

Select IT service metrics that drive business value.

ANALYST PERSPECTIVE

Are you measuring and reporting what the business needs to know?

“Service metrics are one of the key tools at IT’s disposal in articulating and ensuring its value to the business, yet metrics are rarely designed and used for that purpose.

Creating IT service metrics directly from business and stakeholder outcomes and goals, written from the business perspective and using business language, is critical to ensuring that the services that IT provides are meeting business needs.

The ability to measure, manage, and improve IT service performance in relation to critical business success factors, with properly designed metrics, embeds IT in the value chain of the business and ensures IT’s focus on where and how it enables business outcomes.”

Valence Howden,
Senior Manager, CIO Advisory
Info-Tech Research Group

Our understanding of the problem

This Research Is Designed For:
  • CIO
  • IT VPs
This Research Will Help You:
  • Align business/IT objectives (design top-down or outside-in)
  • Significantly improve the relationship between the business and IT aspects of the organization
  • Reinforce desirable actions and behaviors
This Research Will Also Assist:
  • Service Level Managers
  • Service Owners
  • Program Owners
This Research Will Help Them
  • Identify unusual deviations from the normal operating state
  • Drive service improvement to maximize service value
  • Validate the value of performance improvements while quantifying and demonstrating benefits realization

Executive summary

Situation

  • IT organizations measure services from a technology perspective yet rarely measure services from a business goal/outcome perspective.
  • Most organizations do a poor job of identifying and measuring service outcomes over the duration of a service’s lifecycle – never ensuring the services remain valuable and meet expected long-term ROI.

Complication

  • IT organizations have difficulty identifying the right metrics to demonstrate the value of IT services to the business in tangible terms.
  • IT metrics, as currently designed, reinforce division between the IT and business perspectives of service performance. They drive siloed thinking and finger-pointing within the IT structure, and prevent IT resources from understanding how their work impacts business value.

Resolution

  • Our program enables IT to develop the right service metrics to tie IT service performance to business value and user experience.
  • Ensure the metrics you implement have immediate stakeholder value, reinforcing alignment between IT and the business while influencing behavior in the desired direction.
  • Make sure that your metrics are defined in relation to the business goals and drivers, ensuring they will provide actionable outcomes.

Info-Tech Insight

  1. Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.
  2. Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.
  3. Poorly designed metrics drive unintended and unproductive behaviors, which have negative impacts on IT and produce negative service outcomes.

Service metrics 101

What are service metrics?

Service metrics measure IT services in a way that relates to a business outcome. IT needs to measure performance from the business perspective using business language.

Why do we need service metrics?

To ensure the business cares about the metrics that IT produces, start with business needs to make sure you’re measuring the right things. This will give IT the opportunity talk to the right stakeholders and develop metrics that will meet their business needs.

Service metrics are designed with the business perspective in mind, so they are fully aligned with business objectives.

Perspectives Matter

Different stakeholders will require different types of metrics. A CEO may require metrics that provide a snapshot of the critical success of the company while a business manager is more concerned about the performance metrics of their department.

What are the benefits of implementing service metrics?

Service metrics help IT communicate with the business in business terms and enables IT to articulate how and where they provide business value. Business stakeholders can also easily understand how IT services contribute to their success.

The majority of CIOs feel metrics relating to business value and stakeholder satisfaction require significant improvement

A significantly higher proportion of CIOs than CEOs feel that there is significant improvement necessary for business value metrics and stakeholder satisfaction reporting. Stacked horizontal bar chart presenting survey results from CIOs and CXOs of 'Business Value Metrics'. Answer options are 'Effective', 'Some Improvement Necessary', 'Significant Improvement Necessary', and 'Not Required'.N=364

Stacked horizontal bar chart presenting survey results from CIOs and CXOs of 'Stakeholder Satisfaction Reporting'. Answer options are 'Effective', 'Some Improvement Necessary', 'Significant Improvement Necessary', and 'Not Required'.N=364

(Source: Info-Tech CIO-CXO Alignment Diagnostic Survey)

Meaningless metrics are a headache for the business

A major pitfall of many IT organizations is that they often provide pages of technical metrics that are meaningless to their business stakeholders.

  1. Too Many MetricsToo many metrics are provided and business leaders don’t know what to do with these metrics.
  2. Metrics Are Too TechnicalIT provides technical metrics that are hard to relate to business needs, and methods of calculating metrics are not clearly understood, articulated, and agreed on.
  3. Metrics Have No Business ValueService metrics are not mapped to business goals/objectives and they drive incorrect actions or spend.
When considering only CEOs who said that stakeholder satisfaction reporting needed significant improvement, the average satisfaction score goes down to 61.6%, which is a drop in satisfaction of 12%.

A bar that says 73% dropping to a bar that says 61%. Description above.

(Source: Info-Tech Research Group CIO-CXO Alignment Diagnostic Survey)

Poorly designed metrics hurt IT’s image within the organization

By providing metrics that do not articulate the value of IT services, IT reinforces its role as a utility provider and an outsider to strategic decisions.

When the CIOs believe business value metrics weren’t required, 50% of their CEOs said that significant improvements were necessary.

Pie Chart presenting the survey results from CEOs regarding 'Business Value Metrics'. Description above.

(Source: Info-Tech Research Group CIO-CXO Alignment Diagnostic Survey)
  1. Reinforce the wrong behaviorThe wrong metrics drive us-against-them, siloed thinking within IT, and meeting metric targets is prioritized over providing meaningful outcomes.
  2. Do not reflect user experienceMetrics don’t align with actual business/user experience, reinforcing a poor view of IT services.
  3. Effort ≠ ValueInvesting dedicated resources and effort to the achievement of the wrong metrics will only leave IT more constrained for other important initiatives.

Articulate meaningful service performance that supports the achievement of business outcomes

Service metrics measure the performance of IT services and how they enable or drive the activity outcomes.

A business process consists of multiple business activities. In many cases, these business activities require one or more supporting IT services.

A 'Business Process' broken down to its parts, multiple 'Business Activities' and their 'IT Services'. For each business process, business stakeholders and their goals and objectives should be identified.

For each business activity that supports the completion of a business process, define the success criteria that must be met in order to produce the desirable outcome.

Identify the IT services that are used by business stakeholders for each business activity. Measure the performance of these services from a business perspective to arrive at the appropriate service metrics.

Differentiate between different types of metrics

Stakeholders have different goals and objectives; therefore, it is critical to identify what type of metrics should be presented to each stakeholder.

Business Metrics

Determine Business Success

Business metrics are derived from a pure business perspective. These are the metrics that the business stakeholders will measure themselves on, and business success is determined using these metrics.

Arrow pointing right.

Service Metrics

Manage Service Value to the Business

Service metrics are used to measure IT service performance against business outcomes. These metrics, while relating to IT services, are presented in business terms and are tied to business goals.

Arrow pointing right.

IT Metrics

Enable Operational Excellence

IT metrics are internal to the IT organization and used to manage IT service delivery. These metrics are technical, IT-specific, and drive action for IT. They are not presented to the business, and are not written in business language.

Implementing service metrics is a key step in becoming a service provider and business partner

As a prerequisite, IT organizations must have already established a solid relationship with the business and have a clear understanding of its critical business-facing services.

At the very least, IT needs to have a service-oriented view and understand the specific needs and objectives associated with each stakeholder.

Visualization of 'Business Relationship Management' with an early point on the line representing 'Service Provider: Establish service-oriented culture and business-centric service delivery', and the end of the line being 'Strategic Partner'.

Once IT can present service metrics that the business cares about, it can continue on the service provider journey by managing the performance of services based on business needs, determine and influence service demand, and assess service value to maximize benefits to the business.

Which processes drive service metrics?

Both business relationship management (BRM) and service level management (SLM) provide inputs into and receive outputs from service metrics.

Venn Diagram of 'Business Relationship Management', 'Service Metrics', and 'Service Level Management'.

Business Relationship Management

BRM works to understand the goals and objectives of the business and inputs them into the design of the service metrics.

Service Metrics

BRM leverages service metrics to help IT organizations manage the relationship with the business.

BRM articulates and manages expectations and ensures IT services are meeting business requirements.

Which processes drive service metrics?

Both BRM and SLM provide inputs into and receive outputs from service metrics.

Venn Diagram of 'Business Relationship Management', 'Service Metrics', and 'Service Level Management'.

Service Level Management

SLM works with the business to understand service requirements, which are key inputs in designing the service metrics.

Service Metrics

SLM leverages service metrics in overseeing the day-to-day delivery of IT services. It ensures they are provided to meet expected service level targets and objectives.

Effective service metrics will deliver both service gains and relationship gains

Effective service metrics will provide the following service gains:

  • Confirm service performance and identify gaps
  • Drive service improvement to maximize service value
  • Validate performance improvements while quantifying and demonstrating business value
  • Ensure service reporting aligns with end-user experience
  • Achieve and confirm process and regulatory compliance
      Which will translate into the following relationship gains:
      • Embed IT into business value achievement
      • Improve relationship between the business and IT
      • Achieve higher customer satisfaction (happier end users receiving expected service, the business is able to identify how things are really performing)
      • Reinforce desirable actions and behaviors from both IT and the business

Don’t let conventional wisdom become your roadblock

Conventional Wisdom

Info-Tech Perspective

Metrics are measured from an application or technology perspective Metrics need to be derived from a service and business outcome perspective.
The business doesn’t care about metrics Metrics are not usually designed to speak in business terms about business outcomes. Linking metrics to business objectives creates metrics that the business cares about.
It is difficult to have a metrics discussion with the business It is not a metrics/number discussion, it is a discussion on goals and outcomes.
Metrics are only presented for the implementation of the service, not the ongoing outcome of the service IT needs to focus on service outcome and not project outcome.
Quality can’t be measured Quality must be measured in order to properly manage services.

Our three-phase approach to service metrics development

Let Info-Tech guide you through your service metrics journey

1

2

3

Design Your Metrics Develop and Validate Reporting Implement, Track, and Maintain
Sample of Phase 1 of Info-Tech's service metric development package, 'Design Your Metrics'. Sample of Phase 2 of Info-Tech's service metric development package, 'Develop and Validate Reporting'. Sample of Phase 3 of Info-Tech's service metric development package, 'Implement, Track, and Maintain'.
Start the development and creation of your service metrics by keeping business perspectives in mind, so they are fully aligned with business objectives. Identify the most appropriate presentation format based on stakeholder preference and need for metrics. Track goals and success metrics for your service metrics programs. It allows you to set long-term goals and track your results over time.

CIOs must actively lead the design of the service metrics program

The CIO must actively demonstrate support for the service metrics program and lead the initial discussions to determine what matters to business leaders.

  1. Lead the initiative by defining the need
    Show visible support and demonstrate importance
  2. Articulate the value to both IT and the business
    Establish the urgency and benefits
  3. Select and assemble an implementation group
    Find the best people to get the job done
  4. Drive initial metrics discussions: goals, objectives, actions
    Lead brainstorming with senior business leaders
  5. Work with the team to determine presentation formats and communication methods
    Identify the best presentation approach for senior stakeholders
  6. Establish a feedback loop for senior management
    Solicit feedback on improvements
  7. Validate the success of the metrics
    Confirm service metrics support business outcomes

Measure the success of your service metrics

It is critical to determine if the designed service metrics are fulfilling their intended purpose. The process of maintaining the service metrics program and the outcomes of implementing service metrics need to be monitored and tracked.

Validating Service Metrics Design

Target Outcome

Related Metrics

The business is enabled to identify and improve service performance to their end customer # of improvement initiatives created based on service metrics
$ cost savings/revenue generated due to actions derived from service metrics

Procedure to validate the usefulness of IT metrics

# / % of service metrics added/removed per year

Alignment between IT and business objectives and processes Business’ satisfaction with IT

Measure the success of your service metrics

It is critical to determine if the designed service metrics are fulfilling their intended purpose. The process of maintaining the service metrics program and the outcomes of implementing service metrics need to be monitored and tracked.

Validating Service Metrics Process

Target Outcome

Related Metrics

Properly defined service metrics aligned with business goals/outcomes
Easy understood measurement methodologies
% of services with (or without) defined service metrics

% of service metrics tied to business goals

Consistent approach to review and adjust metrics# of service metrics adjusted based on service reviews

% of service metrics reviewed on schedule

Demonstrate monetary value and impact through the service metrics program

In a study done by the Aberdeen Group, organizations engaged in the use of metrics benchmarking and measurement have:
  • 88% customer satisfaction rate
  • 60% service profitability
  • 15% increase in workforce productivity over the last 12 months

Stock image of a silhouette of three people's head and shoulders.
(Source: Aberdeen Group. “Service Benchmarking and Measurement.”)

A service metric is defined for: “Response time for Business Application A

The expected response time has not been achieved and this is visible in the service metrics. The reduced performance has been identified as having an impact of $250,000 per month in lost revenue potential.

The service metric drove an action to perform a root-cause analysis, which identified a network switch issue and drove a resolution action to fix the technology and architect redundancy to ensure continuity.

The fix eliminated the performance impact, allowing for recovery of the $250K per month in revenue, improved end-user confidence in the organization, and increased use of the application, creating additional revenue.

Implementing and measuring a video conferencing service

CASE STUDY
Industry: Manufacturing | Source: CIO interview and case material
Situation

The manufacturing business operates within numerous countries and requires a lot of coordination of functions and governance oversight. The company has monthly meetings, both regional and national, and key management and executives travel to attend and participate in the meetings.

Complication

While the meetings provide a lot of organizational value, the business has grown significantly and the cost of business travel has started to become prohibitive.

Action

It was decided that only a few core meetings would require onsite face-to-face meetings, and for all other meetings, the company would look at alternative means. The face-to-face aspect of the meetings was still considered critical so they focused on options to retain that aspect.

The IT organization identified that they could provide a video conferencing service to meet the business need. The initiative was approved and rolled out in the organization.

Result:

IT service metrics needed to be designed to confirm that the expected value outcome of the implementation of video conferencing was achieved.

Under the direction of the CIO, the business goals and needs driving use of the service (i.e. reduction in travel costs, efficiency, no loss of positive outcome) were used to identify success criteria and key questions to confirm success.

With this information, the service manager was able to implement relevant service metrics in business language and confirmed an 80% adoption rate and a 95% success rate in term meetings running as expected and achieving core outcomes.

Use these icons to help direct you as you navigate this research

Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

A small monochrome icon of a wrench and screwdriver creating an X.

This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

A small monochrome icon depicting a person in front of a blank slide.

This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Develop meaningful service metrics to ensure business and user satisfaction

1. Design the Metrics 2. Design Reports and Dashboards 3. Implement, Track, and Maintain
Supporting Tool icon

Best-Practice Toolkit

  1. Defining stakeholder needs for IT based on their success criteria
  2. Derive meaningful service metrics based on identified IT services and validate with business stakeholders
  3. Validate metrics can be collected and measured
  4. Determine calculation methodology
  1. Presentation format selected based on stakeholder needs and preference for information
  2. Presentation format validated with stakeholders
  1. Identify metrics that will be presented first to the stakeholders based on urgency or impact of the IT service
  2. Determine the process to collect data, select initial targets, and integrate with SLM and BRM functions
  3. Roll out the metrics implementation for a broader audience
  4. Establish roles and timelines for metrics maintenance

Guided Implementations

  • Design metrics based on business needs
  • Validate the metrics
  • Select presentation format
  • Review metrics presentation design
  • Select and implement pilot metrics
  • Determine rollout process and establish maintenance/tracking mechanism
Associated Activity icon

Onsite Workshop

Module 1:
Derive Service Metrics From Business Goals
Module 2:
Select and Design Reports and Dashboards
Module 3:
Implement, Track, and Maintain Your Metrics to Ensure Success
Phase 1 Outcome:
  • Meaningful service metrics designed from stakeholder needs
Phase 2 Outcome:
  • Appropriate presentation format selected for each stakeholder
Phase 3 Outcome:
  • Metrics implemented and process established to maintain and track program success

Workshop overview

Contact your account representative or email Workshops@InfoTech.com for more information.
Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
Design the Metrics
Determine Presentation Format and Implement Metrics
Gather Service Level Requirements
Monitor and Improve Service Levels

Activities

  • 1.1 Determine stakeholder needs
  • 1.2 Determine success criteria and key performance indicators
  • 1.3 Derive metrics
  • 1.4 Validate the metric collection
  • 2.1 Discuss stakeholder needs/preference for data and select presentation format
  • 2.2 Select and design the metric report
  • Requirements
  • 3.1 Determine the business requirements
  • 3.2 Negotiate service levels
  • 3.3 Align operational level agreements (OLAs) and supplier contracts
  • 4.1 Conduct service report and perform service review
  • 4.2 Communicate service review
  • 4.3 Remediate issues using action plan
  • 4.4 Proactive prevention

Deliverables

  1. Metrics Development Workbook
  1. Metrics Presentation Format Selection Guide
  2. Metrics Tracking Tool
  1. Service Level Management SOP
  2. Service Level Agreement
  1. Service Level Report
  2. Service Level Review
  3. Business Satisfaction Report

Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

PHASE 1

Design the Metrics

Step (1): Design the Metrics

PHASE 1 PHASE 2 PHASE 3

1.1

Derive the Service Metrics

1.2

Validate the Metrics

2.1

Determine Reporting Format

3.1

Select Pilot Metrics

3.2

Activate and Maintain Metrics

This step involves the following participants:

  • CIO
  • Business Relationship Manager (BRM)
  • Service Level Manager (SLM)

Outcomes of this step

  • Defined stakeholder needs for IT based on their success criteria
  • Identified IT services that are tied to the delivery of business outcomes
  • Derived meaningful service metrics based on identified IT services and validated with business stakeholders
  • Validated that metrics can be collected and measured
  • Determined calculation methodology

Phase 1 outline

Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 1: Design the Metrics

Proposed Time to Completion (in weeks): 4 weeks
Step 1.1: Design Metrics Step 1.2: Validate the Metrics
Start with an analyst kick-off call:
  • Determine the stakeholder and their needs
  • Identify IT services that are tied to the delivery of business outcomes
  • Derive the service metrics
Review findings with analyst:
  • For the selected metrics, identify the data source for collection
  • Validate whether or not the data can be created
  • Create a calculation method for the metrics
Then complete these activities…
  • Using the methodology provided, identify additional stakeholders and map out their success criteria, including KPIs to determine the appropriate service metrics
Then complete these activities…
  • Determine whether the designed metrics are measurable, and if so, how
With these tools & templates:
  • Metrics Development Workbook
With these tools & templates:
  • Metrics Development Workbook

Design your service metrics – overview

Figure representing 'CIO'. Step 1
Derive your service metrics

Metrics Worksheet

Figure representing 'SLM' and/or 'BRM'. Step 2
Validate your metrics

Metrics Worksheet

Figures representing 'CIO', 'SLM', and/or 'BRM'. Step 3
Confirm with stakeholders

Metrics Tracking Sheet

A star.

Defined IT Service Metrics

Deriving the right metrics is critical to ensuring that you will generate valuable and actionable service metrics.

Derive your service metrics from business objectives and needs

Service metrics must be designed with the business perspective in mind so they are fully aligned with business objectives.

Thus, IT must start by identifying specific stakeholder needs. The more IT understands about the business, the more relevant the metrics will be to the business stakeholders.

  1. Who are your stakeholders?
  2. What are their goals and pain points?
  3. What do the stakeholders need to know?
  4. What do I need to measure?
  5. Derive your service metrics

Derive your service metrics

Supporting Tool icon 1.1 Metrics Development Workbook

This workbook guides the development and creation of service metrics that are directly tied to stakeholder needs.

This process will ensure that your service metrics are designed with the business perspective in mind so they are fully aligned with business objectives.

  1. Who are the relevant stakeholders?
  2. What are the goals and pain points of your stakeholders?
  3. What do the stakeholders need to know?
  4. What does IT need to measure?
  5. What are the appropriate IT metrics?

Download the Metrics Development Workbook.

Sample of Info-Tech's Metrics Development Workbook.

Determine your stakeholders

Supporting Tool icon 1.1 0.5 Hour

Who are your stakeholders?

  1. Identify the primary stakeholders of your service metrics. Stakeholders are the people who have a very specific need to know about how IT services affect their business outcomes. Different stakeholders can have different perspective on the same IT service metric.Most often, the primary target of service metrics are the business stakeholders, e.g. VP of a business unit.
  2. Identify any additional stakeholders. The CIO is also a stakeholder since they are effectively the business relationship manager for the senior leaders.

Video Conferencing Case Study
Manufacturing company

For this phase, we will demonstrate how to derive the service metrics by going through the steps in the methodology.

At a manufacturing company, the CIO’s main stakeholder is the CEO, whose chief concern is to improve the financial position of the company.

Identify goals and pain points of your stakeholders

Supporting Tool icon 1.2 0.5 Hour

What are their goals and pain points?

  1. Clearly identify each stakeholder’s business goals and outcomes. These would be particular business goals related to a specific business unit.
  2. Identify particular pain points for each business unit to understand what is preventing them from achieving the desirable business outcome.

VC Case Study

One of the top initiatives identified by the company to improve financial performance was to reduce expense.

Because the company has several key locations in different states, company executives used to travel extensively to carry out meetings at each location.

Therefore, travel expenses represent a significant proportion of operational expenses and reducing travel costs is a key goal for the company’s executives.

What do the stakeholders need to know?

Supporting Tool icon 1.3 0.5 Hour

What do the stakeholders need to know?

  1. Identify the key things that the stakeholders would need to know based on the goals and pain points derived from the previous step.These are your success criteria and must be met to successfully achieve the desired goals.

VC Case Study

The CEO needs to have assurance that without executives traveling to each location, remote meetings can be as effective as in-person meetings.

These meetings must provide the same outcome and allow executives to collaborate and make similar strategic decisions without the onsite, physical presence.

Therefore, the success criteria are:

  • Reduced travel costs
  • Effective collaboration
  • High-quality meetings

What do I need to measure?

Supporting Tool icon 1.4 1 Hour

What does IT need to measure?

  1. Identify the IT services that are leveraged to achieve the business goals and success criteria.
  2. Identify the users of those services and determine the nature of usage for each group of users.
  3. Identify the key indicators that must be measured for those services from an IT perspective.

VC Case Study

The IT department decides to implement the video conferencing service to reduce the number of onsite meetings. This technology would allow executives to meet remotely with both audio and video and is the best option to replicate a physical meeting.

The service is initially available to senior executives and will be rolled out to all internal users once the initial implementation is deemed successful.

To determine the success of the service, the following needs to be measured:

  1. Outcomes of VC meetings
  2. Quality of the VC meetings
  3. Reduction in travel expenses

Derive service metrics

Supporting Tool icon 1.5 0.5 Hour

Derive your service metrics

  1. Derive the service metrics that are meaningful to business stakeholders based on the IT services and the key indicators identified in the previous steps.
  2. Distinguish between service metrics and business metrics. You may identify some business metrics in addition to the IT metrics, and although these are important, IT doesn’t own the process of tracking and reporting business metrics.

VC Case Study

In the previous step, IT identified that it must measure the outcomes of VC meetings, quality of the VC meetings, and the reduction in travel expenses. From these, the appropriate service metrics can be derived to answer the needs of the CEO.

IT needs to measure:

  1. Percent of VC meetings successfully delivered
  2. Growth of number of executive meetings conducted via VC
Outcomes

IT also identified the following business metrics:

  1. Reduction in percent of travel expense/spend
  2. Reduction in lost time due to travel

Validate your metrics

Once appropriate service metrics are derived from business objectives, the next step is to determine whether or not it is viable to actually measure the metrics.

Can you measure it? The first question IT must answer is whether the metric is measurable. IT must identify the data source, validate its ability to collect the data, and specify the data requirement. Not all metrics can be measured!
How will you measure it? If the metric is measurable, the next step is to create a way to measure the actual data. In most cases, simple formulas that can be easily understood are the best approach.
Define your actions Metrics must be used to drive or reinforce desirable outcomes and behaviors. Thus, IT must predetermine the necessary actions associated with the different metric levels, thresholds, or trends.

Determine if you can measure the identified metric

Supporting Tool icon 1.6 0.5 Hour

INSTRUCTIONS

  1. Determine what data sources are available. Make sure that you know where the information you need is captured, or will need to be captured. This would include:
    • A ticket/request system
    • An auto discovery tool
    • A configuration management database ( CMDB)
  2. Confirm that IT has the ability to collect the information.
    • If the necessary data is already contained in an identified data source, then you can proceed.
    • If not, consider whether it’s possible to gather the information using current sources and systems.
    • Understand the constraints and cost/ROI to implement new technology or revise processes and data gathering to produce the data.

VC Case Study

Using the metric derived from the video conferencing service example, IT wants to measure the % of VC meetings successfully delivered.

What are the data sources?

  • Number of VC meetings that took place
  • Number of service incidents
  • User survey

Determine if you can measure the identified metric

Supporting Tool icon 1.6 0.5 Hour

INSTRUCTIONS

  1. Understand your data requirements
    • To produce relevant metrics from your data, you need to ensure the level of quality and currency that provides you with useful information. You need to define:
      • The level of detail that has to be captured to make the data useful.
      • The consistency of the data, and how it needs to be entered or gathered.
      • The accuracy of the data. This includes how current the data needs to be, how quickly changes have to be made, and how data quality will be verified.

VC Case Study

Data requirement for percent of successful VC meetings:

  • Level of detail – user category, location, date/time,
  • Consistency – how efficiently are VC-related incidents opened and closed? Is the data collected and stored consistently?
  • Accuracy – is the information entered accurately?

Create the calculation to measure it

Supporting Tool icon 1.7 0.5 Hour

Determine how to calculate the metrics.

INSTRUCTIONS
  1. Develop the calculations that will be used for each accepted metric. The measurement needs to be clear and straightforward.
  2. Define the scope and assumptions for each calculation, including:
    • The defined measurement period (e.g. monthly, weekly)
    • Exclusions (e.g. nonbusiness hours, during maintenance windows)

VC Case Study

Metric: Percent of VC meetings delivered successfully

IT is able to determine the total number of VC meetings that took place and the number of VC service requests to the help desk.

That makes it possible to use the following formula to determine the success percentage of the VC service:

((total # VC) – (# of VC with identified incidents)) / (total # VC) * 100

Define the actions to be taken for each metric

Supporting Tool icon 1.7 1.5 Hour

INSTRUCTIONS

Centered on the defined metrics and their calculations, IT can decide on the actions that should be driven out of each metric based on one of the following scenarios:
  • Scenario 1: Ad hoc remedial action and root-cause investigation. If the reason for the result is unknown, determining root cause or identifying trends is required to determine required actions.
  • Scenario 2: Predefined remedial action. A set of predetermined actions associated with different results. This is useful when the meaning of the results is clear and points to specific issues within the environment.
  • Scenario 3: Nonremedial action. The metrics may produce a result that reinforces or supports company direction and strategy, or identifies an opportunity that may drive a new initiative or idea.

VC Case Study

If the success rate of the VC meetings is below 90%, IT needs to focus on determining if there is a common cause and identify if this is a consistent downward trend.

A root-cause analysis is performed that identifies that network issues are causing difficulties, impacting the connection quality and usability of the VC service.

Validate the confirmed metrics with the business

Supporting Tool icon 1.8 1 Hour

INPUT: Selected service metrics, Discussion with the business

OUTPUT: Validated metrics with the business

Materials: Metrics with calculation methodology

Participants: IT and business stakeholders, Service owners

INSTRUCTIONS

  1. Once you have derived the appropriate metrics and established that the metrics are measurable, you must go back to the targeted stakeholders and validate that the selected metrics will provide the right information to meet their identified goals and success criteria.
  2. Add confirmed metrics to the Metrics Tracking Tool, in the Metrics Tracking Plan tab.
Service Metric Corresponding
Business Goal
Measurement
Method
Defined Actions

Example: Measuring the online banking service at a financial institution

Who are IT’s stakeholders? The financial institution provides various banking solutions to its customers. Retail banking is a core service offered by the bank and the VP of retail banking is a major stakeholder of IT.
What are their goals and pain points? The VP of retail banking’s highest priorities are to increase revenue, increase market share, and maintain the bank’s brand and reputation amongst its customers.
What do they need to know? In order to measure success, the VP of retail banking needs to determine performance in attracting new clients, retaining clients, expanding into new territory, and whether they have increased the number of services provided to existing clients.
What does IT need to measure? The recent implementation of an online banking service is a key initiative that will keep the bank competitive and help retail banking meet its goals. The key indicators of this service are: the total number of clients, the number of products per client, percent of clients using online banking, number of clients by segment, service, territory.
Derive the service metrics Based on the key indicators, IT can derive the following service metrics:
1. Number of product applications originated from online banking
2. Customer satisfaction/complaints
As part of the process, IT also identified some business metrics, such as the number of online banking users per month or the number of times a client accesses online banking per month.

Design service metrics to track service performance and value

CASE STUDY
Industry: Manufacturing | Source: CIO
Challenge Solution Results
The IT organization needed to generate metrics to show the business whether the video conferencing service was being adopted and if it was providing the expected outcome and value.

Standard IT metrics were technical and did not provide a business context that allowed for easy understanding of performance and decision making.

The IT organization, working through the CIO and service managers, sat down with the key business stakeholders of the video conferencing service.

They discussed the goals for the meeting and defined the success criteria for those goals in the context of video conference meeting outcomes.

The success criteria that were discussed were then translated into a set of questions (key performance indicators) that if answered, would show that the success criteria were achieved.

The service manager identified what could be measured to answer the defined questions and eliminated any metrics that were either business metrics or non-IT related.

The remaining metrics were identified as the possible service metrics, and the ability to gather the information and produce the metric was confirmed.

Service metrics were defined for:

  1. Percent of video conference meetings delivered successfully
  2. Growth in the number of executive meetings conducted via video conference

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

Book a workshop with our Info-Tech analysts:

Photo of Valence Howden, Senior Manager, CIO Advisory, Info-Tech Research Group.
  • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
  • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
  • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

1.1

Sample of activity 1.1 'Determine your stakeholders'. Determine stakeholder needs, goals, and pain points

The onsite analyst will help you select key stakeholders and analyze their business objectives and current pain points.

1.2

Sample of activity 1.2 'Identify goals and pain points of your stakeholders'. Determine the success criteria and related IT services

The analyst will facilitate a discussion to uncover the information that these stakeholders care about. The group will also identify the IT services that are supporting these objectives.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

Book a workshop with our Info-Tech analysts:

1.5

Sample of activity 1.5 'Derive service metrics'. Derive the service metrics

Based on the key performance indicators obtained in the previous page, derive meaningful business metrics that are relevant to the stakeholders.

1.6

Sample of activity 1.6 'Determine if you can measure the identified metric'. Validate the data collection process

The analyst will help the workshop group determine whether the identified metrics can be collected and measured. If so, a calculation methodology is created.

1.7

Sample of activity 1.7 'Create the caluclation to measure it'. Validate metrics with stakeholders

Establish a feedback mechanism to have business stakeholders validate the meaningfulness of the metrics.

Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

PHASE 2

Design Reports and Dashboards

Step (2): Design Reports and Dashboards

PHASE 1PHASE 2PHASE 3

1.1

Derive the Service Metrics

1.2

Validate the Metrics

2.1

Determine Reporting Format

3.1

Select Pilot Metrics

3.2

Activate and Maintain Metrics

This step involves the following participants:

  • Business Relationship Manager
  • Service Level Manager
  • Business Stakeholders

Outcomes of this step

  • Presentation format selected based on stakeholder needs and preference for information
  • Presentation format validated with stakeholders

Phase 2 outline

Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 2: Design Reports and Dashboards

Proposed Time to Completion (in weeks): 3 weeks
Step 2.1: Select Presentation Format Step 2.2: Review Design
Start with an analyst kick-off call:
  • Review the different format of metrics presentation and discuss the pros/cons of each format
  • Discuss stakeholder needs/preference for data
  • Select the presentation format
Review findings with analyst:
  • Discuss stakeholder feedback based on selected presentation format
  • Modify and adjust the presentation format as needed
Then complete these activities…
  • Design the metrics using the selected format
Then complete these activities…
  • Finalize the design for metrics presentation
With these tools & templates:
  • Metrics Presentation Format Selection Guide
With these tools & templates:
  • Metrics Presentation Format Selection Guide

Design the reports – overview

Figure representing 'SLM' and/or 'BRM'. Step 1
Understand the pros and cons of different reporting styles
Figure representing 'SLM' and/or 'BRM'. Step 2
Determine your reporting and presentation style

Presentation Format Selection

Figure representing 'SLM' and/or 'BRM'. Step 3
Design your metrics reports
A star.

Validated Service Reports

The design of service metrics reporting is critically important. The reporting style must present the right information in the most interesting and stakeholder-centric way possible to ensure that it is read and used.

The reports must also display information in a way that generates actions. If your stakeholders cannot make decisions, kick off activities, or ask questions based on your reports, then they have no value.

Determine the right presentation format for your metrics

Most often, metrics are presented in the following ways:

Dashboard
(PwC. “Mega-Trends and Implications.”)
Sample of the 'Dashboard' metric presentation format.
Infographic
(PwC. “Healthcare’s new entrants.”)
Sample of the 'Infographic' metric presentation format.
Report
(PwC Blogs. “Northern Lights.”)
Sample of the 'Report' metric presentation format.
Scorecard
(PwC. “Annual Report 2015.”)
Sample of the 'Scorecard' metric presentation format.

Understand the advantages and disadvantages of each reporting style – Dashboard

A dashboard is a reporting method that provides a dynamic at-a-glance view of key metrics from the perspective of key stakeholders. It provides a quick graphical way to process important performance information in real time.

Features

Typically web-based

Dynamic data that is updated in real time

Advantage

Aggregates a lot of information into a single view

Presents metrics in a simplistic style that is well understood

Provides a quick point-in-time view of performance

Easy to consume visual presentation style

Disadvantage

Complicated to set up well.
Requires additional technology support: programming, API, etc.

Promotes a short-term outlook – focus on now, no historical performance and no future trends. Doesn’t provide the whole picture and story.

Existing dashboard tools are often not customized enough to provide real value to each stakeholder.

Dashboards present real-time metrics that can be accessed and viewed at any time

Sample of the 'Dashboard' metric presentation format.
(Source: PwC. “Mega-Trends and Implications.”)
Metrics presented through online dashboards are calculated in real time, which allows for a dynamic, current view into the performance of IT services at any time.

Understand the advantages and disadvantages of each reporting style – Infographic

An infographic is a graphical representation of metrics or data, which is used to show information quickly and clearly. It’s based on the understanding that people retain and process visual information more readily than written details.

Features

Turns dry into attractive –transforms data into eye-catching visual memory that is easier to retain

Can be used as the intro to a formal report

There are endless types of infographics

Advantage

Easily consumable

Easy to retain

Eye catching

Easily shared

Spurs conversation

Customizable

Disadvantage

Require design expertise and resources

Can be time consuming to generate

Could be easily misinterpreted

Message can be lost with poor design

Infographics allow for completely unique designs

Sample of the 'Infographic' metric presentation format.
(Source: PwC. “Healthcare’s new entrants…”)
There is no limit when it comes to designing an infographic. The image used here visually articulates the effects of new entrants pulling away the market.

Understand the advantages and disadvantages of each reporting style – Formal Report

A formal report is a more structured and official reporting style that contains detailed research, data, and information required to enable specific business decisions, and to help evaluate performance over a defined period of time.

Definition

Metrics can be presented as a component of a periodic, formal report

A physical document that presents detailed information to a particular audience

Advantage

More detailed, more structured and broader reporting period

Formal, shows IT has put in the effort

Effectively presents a broader and more complete story

Targets different stakeholders at the same time

Disadvantage

Requires significant effort and resources

Higher risk if the report does not meet the expectation of the business stakeholder

Done at a specific time and only valuable for that specific time period

Harder to change format

Formal reports provide a detailed view and analysis of performance

Sample of the 'Formal Report' metric presentation format.
(Source: PwC Blogs. “Northern Lights: Where are we now?”)
An effective report incorporates visuals to demonstrate key improvements.

Formal reports can still contain visuals, but they are accompanied with detailed explanations.

Understand the advantages and disadvantages of each reporting style – Scorecard

A scorecard is a graphic view of the progress and performance over time of key performance metrics. These are in relation to specified goals based on identified critical stakeholder objectives.

Features

Incorporates multiple metrics effectively.

Scores services against the most important organizational goals and objectives. Scorecards may tie back into strategy and different perspectives of success.

Advantage

Quick view of performance against objectives

Measure against a set of consistent objectives

Easily consumable

Easy to retain

Disadvantage

Requires a lot of forethought

Scorecards provide a time-bound summary of performance against defined goals

Sample of the 'Scorecard' metric presentation format.
(PwC. “Annual Report 2015.”)
Scorecards provide a summary of performance that is directly linked to the organizational KPIs.

Determine your report style

Supporting Tool icon 2.1 Metrics Presentation Format Selection Guide

In this section, you will determine the optimal reporting style for the service metrics.

This guide contains four questions, which will help IT organizations identify the most appropriate presentation format based on stakeholder preference and needs for metrics.

  1. Who is the relevant stakeholder?
  2. What are the defined actions for the metric?
  3. How frequently does the stakeholder need to see the metric?
  4. How does the stakeholder like to receive information?
Sample of Info-Tech's Metrics Presentation Format Selection Guide.
Download the Metrics Presentation Format Selection Guide.

Determine your best presentation option

Supporting Tool icon 2.1 2 Hours

INPUT: Identified stakeholder and his/her role

OUTPUT: Proper presentation format based on need for information

Materials: Metrics Presentation Format Selection Guide

Participants: BRM, SLM, Program Manager

After deciding on the report type to be used to present the metric, the organization needs to consider how stakeholders will consume the metric.

There are three options based on stakeholder needs and available presentation options within IT.

  1. Paper-based presentation is the most traditional form of reporting and works well with stakeholders who prefer physical copies. The report is produced at a specific time and requires no additional IT capability.
  2. Online documents stored on webpages, SharePoint, or another knowledge management system could be used to present the metrics. This allows the report to be linked to other information and easily shared.
  3. Online dashboards and graphics can be used to have dynamic, real-time reporting and anytime access. These webpages can be incorporated into an intranet and allow the user to view the metrics at any time. This will require IT to continuously update the data in order to maintain the accuracy of the metrics.

Design your metric reports with these guidelines in mind

Supporting Tool icon 2.2 30 Minutes
  1. Stakeholder-specificThe report must be driven by the identified stakeholder needs and preferences and articulate the metrics that are important to them.
  2. ClarityTo enable decision making and drive desired actions, the metrics must be clear and straightforward. They must be presented in a way that clearly links the performance measurement to the defined outcome without leading to different interpretations of the results.
  3. SimplicityThe report must be simple to read, understand, and analyze. The language of the report must be business-centric and remove as much complexity as possible in wording, imaging, and context.

Be sure to consider access rights for more senior reports. Site and user access permissions may need to be defined based on the level of reporting.

Metrics reporting on the video conferencing service

CASE STUDY
Industry: Manufacturing | Source: CIO Interview
The Situation

The business had a clear need to understand if the implementation of video conferencing would allow previously onsite meetings to achieve the same level of effectiveness.

Reporting Context

Provided reports had always been generated from an IT perspective and the business rarely used the information to make decisions.

The metrics needed to help the business understand if the meetings were remaining effective and be tied into the financial reporting against travel expenses, but there would be limited visibility during the executive meetings.

Approach

The service manager reviewed the information that he had gathered to confirm how often they needed information related to the service. He also met with the CIO to get some insight into the reports that were already being provided to the business, including the ones that were most effective.

Considerations

The conversations identified that there was no need for a dynamic real-time view of the performance of the service, since tracking of cost savings and utility would be viewed monthly and quarterly. They also identified that the item would be discussed within a very small window of time during the management meetings.

The Solution

It was determined that the best style of reporting for the metric was an existing scorecard that was produced monthly, using some infographics to ensure that the information is clear at a glance to enable quick decision making.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

Book a workshop with our Info-Tech analysts:

Photo of Valence Howden, Senior Manager, CIO Advisory, Info-Tech Research Group.
  • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
  • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
  • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

2.1

Sample of presentation format option slide 'Determine the right presentation format for your metrics'. Understand the different presentation options

The onsite analyst will introduce the group to the communication vehicles of infographic, scorecard, formal report, and dashboard.

2.1

Sample of activity 2.1 'Determine your best presentation option'. Assess stakeholder needs for information

For selected stakeholders, the analyst will facilitate a discussion on how stakeholders would like to view information and how the metrics can be presented to aid decision making.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

Book a workshop with our Info-Tech analysts:

2.2

Sample of activity 2.2 'Design your metric reports with these guidelines in mind'. Select and design the metric report

Based on the discussion, the working group will select the most appropriate presentation format and create a rough draft of how the report should look.

Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

PHASE 3

Implement, Track, and Maintain Your Metrics

Step (3): Implement, Track, and Maintain Your Metrics

PHASE 1PHASE 2PHASE 3

1.1

Derive the Service Metrics

1.2

Validate the Metrics

2.1

Determine Reporting Format

3.1

Select Pilot Metrics

3.2

Activate and Maintain Metrics

This step involves the following participants:

  • Service Level Manager
  • Business Relationship Manager
  • Service Metrics Program Manager

Activities in this step

  • Determine the first batch of metrics to be implemented as part of the pilot program
  • Create a process to collect and validate data, determine initial targets, and integrate with SLM and BRM functions
  • Present the metric reports to the relevant stakeholders and incorporate the feedback into the metric design
  • Establish a standard process and roll out the implementation of metrics in batches
  • Establish a process to monitor and track the effectiveness of the service metrics program and make adjustments when necessary

Phase 3 outline

Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 3: Implement, Track, and Maintain Your Metrics

Proposed Time to Completion (in weeks): 4 weeks
Step 3.1: Select and Launch Pilot Metrics Step 3.2: Track and Maintain the Metrics
Start with an analyst kick-off call:
  • Identify metrics that will be presented first to the stakeholders based on urgency or impact of the IT service
  • Determine the process to collect data, select initial targets, and integrate with SLM and BRM functions
Review findings with analyst:
  • Review the success of metrics and discuss feedback from stakeholders
  • Roll out the metrics implementation to a broader audience
  • Establish roles and timelines for metrics maintenance
Then complete these activities…
  • Document the first batch of metrics
  • Document the baseline, initial targets
  • Create a plan to integrate with SLM and BRM functions
Then complete these activities…
  • Create a document that defines how the organization will track and maintain the success of the metrics program
  • Review the metrics program periodically
With these tools & templates:
  • Metrics Tracking Tool
With these tools & templates:
  • Metrics Tracking Tool

Implement, Track, and Maintain the Metrics

Figure representing 'SLM' and/or 'BRM'. Step 1
Run your pilot

Metrics Tracking Tool

Figure representing 'SLM' and/or 'BRM'. Step 2
Validate success

Metrics Tracking Tool

Figure representing 'SLM' and/or 'BRM'. Step 3
Implement your metrics program in batches

Metrics Tracking Tool

A star.

Active Service Metrics Program

Once you have defined the way that you will present the metrics, you are ready to run a pilot with a smaller sample of defined service metrics.

This allows you to validate your approach and make refinements to the implementation and maintenance processes where necessary, prior to activating all service metrics.

Track the performance of your service metrics

Supporting Tool icon 3.1

The Metrics Tracking Tool will enable you to track goals and success metrics for your service metrics programs. It allows you to set long-term goals and track your results over time.

There are three sections in this tool:
  1. Metrics Tracking Plan. Identify the metrics to be tracked and their purpose.
  2. Metrics Tracking Actuals. Monitor and track the actual performance of the metrics.
  3. Remediation Tracking. Determine and document the steps that need to be taken to correct a sub-performing metric.
Sample of Info-Tech's Metrics Tracking Tool.

Select pilot metrics

Supporting Tool icon 3.1 30 Minutes

INPUT: Identified services, Business feedback

OUTPUT: Services with most urgent need or impact

Materials: Service catalog or list of identified services

Participants: BRM, SLM, Business representatives

To start the implementation of your service metrics program and drive wider adoption, you need to run a pilot using a smaller subset of metrics.

INSTRUCTIONS

To determine the sample for the pilot, consider metrics that:

  • Are related to critical business services and functions
  • or
  • Address known/visible pain points for the business
  • or
  • Were designed for supportive or influential stakeholders

Metrics that meet two or more criteria are ideal for the pilot

Collect and validate data

Supporting Tool icon 3.2 1 Hour

INPUT: Identified metrics

OUTPUT: A data collection mythology, Metrics tracking

Materials: Metrics

Participants: SLM, BRM, Service owner

You will need to start collection and validation of your identified data in order to calculate the results for your pilot metrics.

INSTRUCTIONS

  1. Initiate data collection
    • Use the data sources identified during the design phase and initiate the data collection process.
  2. Determine start date
    • If historical data can be retrieved and gathered, determine how far back you want your measurements to start.
  3. Compile data and validate
    • Ensure that the information is accurate and up to date. This will require some level of data validation and audit.
  4. Run the metric
    • Use the defined calculation and source data to generate the metrics result.
  5. Record metrics results
    • Use the metrics tracking sheet to track the actual results.

Determine initial targets

Supporting Tool icon 3.3 1 Hour

INPUT: Historical data/baseline data

OUTPUT: Realistic initial target for improvement

Materials: Metrics Tracking Tool

Participants: BRM, SLM, Service owner

INSTRUCTIONS

Identify an initial service objective based on one or more of the following options:

  1. Establish an initial target using historical data and trends of performance.
  2. Establish an initial target based on stakeholder-identified requirements and expectations.
  3. Run the metrics report over a defined period of time and use the baseline level of achievement to establish an initial target.

The target may not always be a number - it could be a trend. The initial target will be changed after review with stakeholders

Integrate with SLM and BRM processes

Supporting Tool icon 3.4 1 Hour

INPUT: SLM and BRM SOPs or responsibility documentations

OUTPUT: Integrate service metrics into the SLM/BRM role

Materials: SLM / BRM reports

Participants: SLM, BRM, CIO, Program manager, Service manager

The service metrics program is usually initiated, used, and maintained by the SLM and BRM functions.

INSTRUCTIONS

Ensure that the metrics pilot is integrated with those functions by:

  1. Engaging with SLM and BRM functions/resources
    • Identify SLM and BRM resources associated with or working on the services where the metrics are being piloted
    • Obtain their feedback on the metrics/reporting
  2. Integrating with the existing reporting and meeting cycles
    • Ensure the metrics will be calculated and available for discussion at standing meetings and with existing reports
  3. Establishing the metrics review and validation cycle for these metrics
    • Confirm the review and validation period for the metrics in order to ensure they remain valuable and actionable

Generate reports and present to stakeholders

Supporting Tool icon 3.5 1 Hour

INPUT: Identified metrics, Selected presentation format

OUTPUT: Metrics reports that are ready for distribution

Materials: Metrics Presentation Format Selection Guide

Participants: BRM, SLM, CIO, Business representatives

INSTRUCTIONS

Once you have completed the calculation for the pilot metrics:

  1. Confirm the report style for the selected metrics (as defined in Phase 2)
  2. Generate the reporting for the pilot metrics
  3. Present the pilot metric reports to the identified BRM and SLM resources who will present the reporting to the stakeholders
  4. Gather feedback from Stakeholders on metrics - results and process
  5. Create and execute remediation plans for any actions identified from the metrics
  6. Initiate the review cycle for metrics (to ensure they retain value)

Plan the rollout and implementation of the metrics reporting program

Supporting Tool icon 3.6 1 Hour

INPUT: Feedback from pilot, Services in batch

OUTPUT: Systematic implementation of metrics

Materials: Metrics Tracking Tool

Participants: BRM, SLM, Program manager

Upon completion of the pilot, move to start the broader implementation of metrics across the organization:

INSTRUCTIONS

  1. Identify the service metrics that you will implement. They can be selected based on multiple criteria, including:
    • Organizational area/business unit
    • Service criticality
    • Pain points
    • Stakeholder engagement (detractors, supporters)
  2. Create a rollout plan for implementation in batches, identifying expected launch timelines, owners, targeted stakeholders, and communications plans
  3. Use the implementation plan from the pilot to roll out each batch of service metrics:
    • Collect and validate data
    • Determine target(s)
    • Integrate with BRM and SLM
    • Generate and communicate reports to stakeholders

Maintain the service metrics

Supporting Tool icon 3.7 1.5 Hour

INPUT: Feedback from business stakeholders

OUTPUT: Modification to individual metrics or to the process

Materials: Metrics Tracking Tool, Metrics Development Workbook

Participants: CIO, BRM, SLM, Program manager, Service owner

Once service metrics and reporting become active, it is necessary to determine the review time frame for your metrics to ensure they remain useful.

INSTRUCTIONS

  1. Confirm and establish a review time frame with stakeholders (e.g. annually, bi-annually, after organizational or strategic changes).
  2. Meet with stakeholders by the review date to discuss the value of existing metrics and validate:
    • Whether the goals associated with the metrics are still valid
    • If the metric is still necessary
    • If there is a more effective way to present the metrics
  3. Track actions based on review outcomes and update the remediation tracking sheet.
  4. Update tracking sheet with last complete review date.

Maintain the metrics

Supporting Tool icon 3.7

Based on the outcome of the review meeting, decide what needs to be done for each metric, using the following options:

Add

A new metric is required or an existing metric needs large-scale changes (example: calculation method or scope).
Triggers metrics design as shown in phases 1 and 2.

Change

A minor change is required to the presentation format or data. Note: a major change in a metric would be performed through the Add option.

Remove

The metric is no longer required, and it needs to be removed from reporting and data gathering. A final report date for that metric should be determined.

Maintain

The metric is still useful and no changes are required to the metric, its measurement, or how it’s reported.

Ensuring metrics remain valuable

VC CASE STUDY
Industry: Manufacturing | Source: CIO Interview

Reviewing the value of active metrics

When the video conferencing service was initially implemented, it was performed as a pilot with a group of executives, and then expanded for use throughout the company. It was understood that prior to seeing the full benefit in cost reduction and increased efficiency and effectiveness, the rate of use and adoption had to be understood.

The primary service metrics created for the service were based on tracking the number of requests for video conference meetings that were received by the IT organization. This identified the growth in use and could be used in conjunction with financial metrics related to travel to help identify the impact of the service through its growth phase.

Once the service was adopted, this metric continued to be tracked but no longer showed growth or expanded adoption.

The service manager was no longer sure this needed to be tracked.

Key Activity

The metrics around requests for video conference meetings were reviewed at the annual metrics review meeting with the business. The service manager asked if the need for the metric, the goal of tracking adoption, was still important for the business.

The discussion identified that the adoption rate was over 80%, higher than anticipated, and that there was no value in continuing to track this metric.

Based on the discussion, the adoption metrics were discontinued and removed from data gathering and reporting, while a success rate metric was added (how many meetings ran successfully and without issue) to ensure the ongoing value of the video conferencing service.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

Book a workshop with our Info-Tech analysts:

Photo of Valence Howden, Senior Manager, CIO Advisory, Info-Tech Research Group.
  • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
  • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
  • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

3.1

Sample of activity 3.1 'Select pilot metrics'. Select the pilot metrics

The onsite analyst will help the workshop group select the metrics that should be first implemented based on the urgency and impact of these metrics.

3.2

Sample of activity 3.2 'Collect and validate data'. Gather data and set initial targets

The analyst will help the group create a process to gather data, measure baselines, and set initial targets.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

Book a workshop with our Info-Tech analysts:

3.5

Sample of activity 3.5 'Generate reports and present to stakeholders'. Generate the reports and validate with stakeholders

The Info-Tech analyst will help the group establish a process to receive feedback from the business stakeholders once the report is generated.

3.6

Sample of activity 3.6 'Plan the rollout and implementation of the metrics reporting program'. Implement the service metrics program

The analyst will facilitate a discussion on how to implement the metrics program across the organization.

3.7

Sample of activity 3.7 'Maintain the service metrics'. Track and maintain the metrics program

Set up a mechanism to ensure the success of the metrics program by assessing process adherence and process validity.

Insight breakdown

Insight 1

Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.

Insight 2

Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.

Insight 3

Poorly designed metrics drive unintended and unproductive behaviors that have negative impacts on IT and produce negative service outcomes.

Summary of accomplishment

Knowledge Gained

  • Follow a methodology to identify metrics that are derived from business objectives.
  • Understand the proper presentation format based on stakeholder needs for information.
  • Establish a process to ensure the metrics provided will continue to provide value and aid decision making.

Processes Optimized

  • Metrics presentation to business stakeholders
  • Metrics maintenance and tracking

Deliverables Completed

  • Metrics Development Workbook
  • Metrics Presentation Format Selection Guide
  • Metrics Tracking Tool

Research contributors and experts

Name Organization
Joe Evers Joe Evers Consulting
Glen Notman Associate Partner, Citihub
David Parker Client Program Manager, eHealth Ontario
Marianne Doran Collins CIO, The CIO-Suite, LLC
Chris Kalbfleisch Manager, Service Management, eHealth Ontario
Joshua Klingenberg BHP Billiton Canada Inc.

Related Info-Tech research

Stock image of a menu. Design & Build a User-Facing Service Catalog
The user-facing service catalog is the go-to place for IT service-related information.
Stock image of a laptop keyboard. Unleash the True Value of IT by Transforming Into a Service Provider
Earn your seat at the table and influence business strategy by becoming an IT service provider.

Bibliography

Pollock, Bill. “Service Benchmarking and Measurement: Using Metrics to Drive Customer Satisfaction and Profits.” Aberdeen Group. June 2009. http://722consulting.com/ServiceBenchmarkingandMeasurement.pdf

PwC. “Mega-Trends and Implications.” RMI Discussion. LinkedIn SlideShare. September 2015. http://www.slideshare.net/AnandRaoPwC/mega-trends-and-implications-to-retirement

PwC. “Healthcare’s new entrants: Who will be the industry’s Amazon.com?” Health Research Institute. April 2014. https://www.pwc.com/us/en/health-industries/healthcare-new-entrants/assets/pwc-hri-new-entrant-chart-pack-v3.pdf

PwC. “Northern Lights: Where are we now?” PwC Blogs. 2012. http://pwc.blogs.com/files/12.09.06---northern-lights-2--summary.pdf

PwC. “PwC’s key performance indicators

Business Value

  • Buy Link or Shortcode: {j2store}7|cart{/j2store}
  • Related Products: {j2store}7|crosssells{/j2store}
  • Up-Sell: {j2store}7|upsells{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Financial Management
  • Parent Category Link: /financial-management
Maximize your ROI on IT through benefits realization

Contact Tymans Group

We're here to get your IT Operations performant and resilient

We have the highest respect for your person. We contact you only with responses to your questions. Our company ethics insist on transparency and honesty.

Continue reading

Effectively Acquire Infrastructure Services

  • Buy Link or Shortcode: {j2store}467|cart{/j2store}
  • member rating overall impact: 9.6/10 Overall Impact
  • member rating average dollars saved: $26,627 Average $ Saved
  • member rating average days saved: 12 Average Days Saved
  • Parent Category Name: Data Center & Facilities Optimization
  • Parent Category Link: /data-center-and-facilities-optimization
  • Most organizations are good at procuring IT products, but few are truly good at acquiring infrastructure services.
  • The lack of expertise in acquiring services is problematic – not only is the acquisition process for services more complex, but it also often has high stakes with large deal sizes, long-term contracts, and high switching costs.

Our Advice

Critical Insight

  • Don’t treat infrastructure service acquisitions lightly. Not only are failure rates high, but the stakes are high as well.
  • Make sure your RFP strategy aligns with your deal value. Large deals, characterized by high monthly spend, high criticality to the organization, and high switching costs, warrant a more thorough and lengthy planning period and RFP process.
  • Word your RFP carefully and do your due diligence when reviewing SLAs. Make sure your RFP will help you understand what the vendor’s standard offerings are and don’t treat your service level agreements like an open negotiation. The vendor’s standard offerings will be your most reliable options.

Impact and Result

  • Follow this blueprint to avoid common pitfalls and navigate the tricky business of acquiring infrastructure services.
  • This blueprint will provide step-by-step guidance from assessing your acquisition goals to transitioning your service. Make sure you do the due diligence required to acquire the best service for your needs.

Effectively Acquire Infrastructure Services Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should follow the blueprint to effectively acquire infrastructure services, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Develop the procurement strategy and process

Kick off an acquisition by establishing acquisition goals, validating the decision to acquire a service, and structuring an acquisition approach. There are several RFP approaches and strategies – evaluate the options and develop one that aligns with the nature of the acquisition.

  • Effectively Acquire Infrastructure Services – Phase 1: Develop the Procurement Strategy and Process

2. Assess requirements and build the RFP

A solid RFP is critical to the success of this project. Assess the current and future requirements, examine the characteristics of an effective RFP, and develop an RFP.

  • Effectively Acquire Infrastructure Services – Phase 2: Assess Requirements and Build the RFP
  • Infrastructure Service RFP Template

3. Manage vendor questions and select the vendor

Manage the activities surrounding vendor questions and score the RFP responses to select the best-fit solution.

  • Effectively Acquire Infrastructure Services – Phase 3: Manage Vendor Questions and Select the Vendor
  • Vendor Question Organizer Template
  • Infrastructure Outsourcing RFP Scoring Tool

4. Manage the contract, transition, and vendor

Perform due diligence in reviewing the SLAs and contract before signing. Plan to transition the service into the environment and manage the vendor on an ongoing basis for a successful partnership.

  • Effectively Acquire Infrastructure Services – Phase 4: Manage the Contract, Transition, and Vendor
  • Service Acquisition Planning and Tracking Tool
  • Vendor Management Template
[infographic]

Workshop: Effectively Acquire Infrastructure Services

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Develop the Procurement Strategy and Process

The Purpose

Establish procurement goals and success metrics.

Develop a projected acquisition timeline.

Establish the RFP approach and strategy.

Key Benefits Achieved

Defined acquisition approach and timeline.

Activities

1.1 Establish your acquisition goals.

1.2 Establish your success metrics.

1.3 Develop a projected acquisition timeline.

1.4 Establish your RFP process and refine your RFP timeline.

Outputs

Acquisition goals

Success metrics

Acquisition timeline

RFP strategy and approach

2 Gather Service Requirements

The Purpose

Gather requirements for services to build into the RFP.

Key Benefits Achieved

Gathered requirements.

Activities

2.1 Assess the current state.

2.2 Evaluate service requirements and targets.

2.3 Assess the gap and validate the service acquisition.

2.4 Define requirements to input into the RFP.

Outputs

Current State Assessment

Service requirements

Validation of services being acquired and key processes that may need to change

Requirements to input into the RFP

3 Develop the RFP

The Purpose

Build the RFP.

Key Benefits Achieved

RFP development.

Activities

3.1 Build the RFP requirement section.

3.2 Develop the rest of the RFP.

Outputs

Service requirements input into the RFP

Completed RFP

4 Review RFP Responses and Select a Vendor (Off-Site)

The Purpose

Review RFP responses to select the best solution for the acquisition.

Key Benefits Achieved

Vendor selected.

Activities

4.1 Manage vendor questions regarding the RFP.

4.2 Review RFP responses and shortlist the vendors.

4.3 Conduct additional due diligence on the vendors.

4.4 Select a vendor.

Outputs

Managed RFP activities

Imperceptive scoring of RFP responses and ranking of vendors

Additional due diligence and further questions for the vendor

Selected vendor

Create a Right-Sized Disaster Recovery Plan

  • Buy Link or Shortcode: {j2store}410|cart{/j2store}
  • member rating overall impact: 9.6/10 Overall Impact
  • member rating average dollars saved: $83,037 Average $ Saved
  • member rating average days saved: 32 Average Days Saved
  • Parent Category Name: DR and Business Continuity
  • Parent Category Link: /business-continuity
  • Any time a natural disaster or major IT outage occurs, it increases executive awareness and internal pressure to create a disaster recovery plan (DRP).
  • Traditional DRP templates are onerous and result in a lengthy, dense plan that might satisfy auditors but will not be effective in a crisis.
  • The myth that a DRP is only for major disasters leaves organizations vulnerable to more common incidents.
  • The growing use of outsourced infrastructure services has increased reliance on vendors to meet recovery timeline objectives.

Our Advice

Critical Insight

  • At its core, disaster recovery (DR) is about ensuring service continuity. Create a plan that can be leveraged for both isolated and catastrophic events.
  • Remember Murphy’s Law. Failure happens. Focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
  • Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all services require fast failover.

Impact and Result

  • Define appropriate objectives for service downtime and data loss based on business impact.
  • Document an incident response plan that captures all of the steps from event detection to data center recovery.
  • Create a DR roadmap to close gaps between current DR capabilities and recovery objectives.

Create a Right-Sized Disaster Recovery Plan Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Disaster Recovery Plan (DRP) Research – A step-by-step document that helps streamline your DR planning process and build a plan that's concise, usable, and maintainable.

Any time a major IT outage occurs, it increases executive awareness and internal pressure to create an IT DRP. This blueprint will help you develop an actionable DRP by following our four-phase methodology to define scope, current status, and dependencies; conduct a business impact analysis; identify and address gaps in the recovery workflow; and complete, extend, and maintain your DRP.

  • Create a Right-Sized Disaster Recovery Plan – Phases 1-4

2. DRP Case Studies – Examples to help you understand the governance and incident response components of a DRP and to show that your DRP project does not need to be as onerous as imagined.

These examples include a client who leveraged the DRP blueprint to create practical, concise, and easy-to-maintain DRP governance and incident response plans and a case study based on a hospital providing a wide range of healthcare services.

  • Case Study: Practical, Right-Sized DRP
  • Case Study: Practical, Right-Sized DRP – Healthcare Example

3. DRP Maturity Scorecard – An assessment tool to evaluate the current state of your DRP.

Use this tool to measure your current DRP maturity and identify gaps to address. It includes a comprehensive list of requirements for your DRP program, including core and industry requirements.

  • DRP Maturity Scorecard

4. DRP Project Charter Template – A template to communicate important details on the project purpose, scope, and parameters.

The project charter template includes details on the project overview (description, background, drivers, and objectives); governance and management (project stakeholders/roles, budget, and dependencies); and risks, assumptions, and constraints (known and potential risks and mitigation strategy).

  • DRP Project Charter Template

5. DRP Business Impact Analysis Tool – An evaluation tool to estimate the impact of downtime to determine appropriate, acceptable recovery time objectives (RTOs) and recovery point objectives (RPOs) and to review gaps between objectives and actuals.

This tool enables you to identify critical applications/systems; identify dependencies; define objective scoring criteria to evaluate the impact of application/system downtime; determine the impact of downtime and establish criticality tiers; set recovery objectives (RTO/RPO) based on the impact of downtime; record recovery actuals (RTA/RPA) and identify any gaps between objectives and actuals; and identify dependencies that regularly fail (and have a significant impact when they fail) to prioritize efforts to improve resiliency.

  • DRP Business Impact Analysis Tool
  • Legacy DRP Business Impact Analysis Tool

6. DRP BIA Scoring Context Example – A tool to record assumptions you made in the DRP Business Impact Analysis Tool to explain the results and drive business engagement and feedback.

Use this tool to specifically record assumptions made about who and what are impacted by system downtime and record assumptions made about impact severity.

  • DRP BIA Scoring Context Example

7. DRP Recovery Workflow Template – A flowchart template to provide an at-a-glance view of the recovery workflow.

This simple format is ideal during crisis situations, easier to maintain, and often quicker to create. Use this template to document the Notify - Assess - Declare disaster workflow, document current and planned future state recovery workflows, including gaps and risks, and review an example recovery workflow.

  • DRP Recovery Workflow Template (PDF)
  • DRP Recovery Workflow Template (Visio)

8. DRP Roadmap Tool – A visual roadmapping tool that will help you plan, communicate, and track progress for your DRP initiatives.

Improving DR capabilities is a marathon, not a sprint. You likely can't fund and resource all the measures for risk mitigation at once. Instead, use this tool to create a roadmap for actions, tasks, projects, and initiatives to complete in the short, medium, and long term. Prioritize high-benefit, low-cost mitigations.

  • DRP Roadmap Tool

9. DRP Recap and Results Template – A template to summarize and present key findings from your DR planning exercises and documents.

Use this template to present your results from the DRP Maturity Scorecard, BCP-DRP Fitness Assessment, DRP Business Impact Analysis Tool, tabletop planning exercises, DRP Recovery Workflow Template, and DRP Roadmap Tool.

  • DRP Recap and Results Template

10. DRP Workbook – A comprehensive tool that enables you to organize information to support DR planning.

Leverage this tool to document information regarding DRP resources (list the documents/information sources that support DR planning and where they are located) and DR teams and contacts (list the DR teams, SMEs critical to DR, and key contacts, including business continuity management team leads that would be involved in declaring a disaster and coordinating response at an organizational level).

  • DRP Workbook

11. Appendix

The following tools and templates are also included as part of this blueprint to use as needed to supplement the core steps above:

  • DRP Incident Response Management Tool
  • DRP Vendor Evaluation Questionnaire
  • DRP Vendor Evaluation Tool
  • Severity Definitions and Escalation Rules Template
  • BCP-DRP Fitness Assessment
[infographic]

Workshop: Create a Right-Sized Disaster Recovery Plan

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Define Parameters for Your DRP

The Purpose

Identify key applications and dependencies based on business needs.

Key Benefits Achieved

Understand the entire IT “footprint” that needs to be recovered for key applications. 

Activities

1.1 Assess current DR maturity.

1.2 Determine critical business operations.

1.3 Identify key applications and dependencies.

Outputs

Current challenges identified through a DRP Maturity Scorecard.

Key applications and dependencies documented in the Business Impact Analysis (BIA) Tool.

2 Determine the Desired Recovery Timeline

The Purpose

Quantify application criticality based on business impact.

Key Benefits Achieved

Appropriate recovery time and recovery point objectives defined (RTOs/RPOs).

Activities

2.1 Define an objective scoring scale to indicate different levels of impact.

2.2 Estimate the impact of downtime.

2.3 Determine desired RTO/RPO targets for applications based on business impact.

Outputs

Business impact analysis scoring criteria defined.

Application criticality validated.

RTOs/RPOs defined for applications and dependencies.

3 Determine the Current Recovery Timeline and DR Gaps

The Purpose

Determine your baseline DR capabilities (your current state).

Key Benefits Achieved

Gaps between current and desired DR capability are quantified.

Activities

3.1 Conduct a tabletop exercise to determine current recovery procedures.

3.2 Identify gaps between current and desired capabilities.

3.3 Estimate likelihood and impact of failure of individual dependencies.

Outputs

Current achievable recovery timeline defined (i.e. the current state).

RTO/RPO gaps identified.

Critical single points of failure identified.

4 Create a Project Roadmap to Close DR Gaps

The Purpose

Identify and prioritize projects to close DR gaps.

Key Benefits Achieved

DRP project roadmap defined that will reduce downtime and data loss to acceptable levels.

Activities

4.1 Determine what projects are required to close the gap between current and desired DR capability.

4.2 Prioritize projects based on cost, effort, and impact on RTO/RPO reduction.

4.3 Validate that the suggested projects will achieve the desired DR capability.

Outputs

Potential DR projects identified.

DRP project roadmap defined.

Desired-state incident response plan defined, and project roadmap validated.

5 Establish a Framework for Documenting Your DRP, and Summarize Next Steps

The Purpose

Outline how to create concise, usable DRP documentation.

Summarize workshop results. 

Key Benefits Achieved

A realistic and practical approach to documenting your DRP.

Next steps documented. 

Activities

5.1 Outline a strategy for using flowcharts and checklists to create concise, usable documentation.

5.2 Review Info-Tech’s DRP templates for creating system recovery procedures and a DRP summary document.

5.3 Summarize the workshop results, including current potential downtime and action items to close gaps.

Outputs

Current-state and desired-state incident response plan flowcharts.

Templates to create more detailed documentation where necessary.

Executive communication deck that outlines current DR gaps, how to close those gaps, and recommended next steps.

Further reading

Create a Right-Sized Disaster Recovery Plan

Close the gap between your DR capabilities and service continuity requirements.

ANALYST PERSPECTIVE

An effective disaster recovery plan (DRP) is not just an insurance policy.

"An effective DRP addresses common outages such as hardware and software failures, as well as regional events, to provide day-to-day service continuity. It’s not just insurance you might never cash in. Customers are also demanding evidence of an effective DRP, so organizations without a DRP risk business impact not only from extended outages but also from lost sales. If you are fortunate enough to have executive buy-in, whether it’s due to customer pressure or concern over potential downtime, you still have the challenge of limited time to dedicate to disaster recovery (DR) planning. Organizations need a practical but structured approach that enables IT leaders to create a DRP without it becoming their full-time job."

Frank Trovato,

Research Director, Infrastructure

Info-Tech Research Group

Is this research for you?

This Research Is Designed For:

  • Senior IT management responsible for executing DR.
  • Organizations seeking to formalize, optimize, or validate an existing DRP.
  • Business continuity management (BCM) professionals leading DRP development.

This Research Will Help You:

  • Create a DRP that is aligned with business requirements.
  • Prioritize technology enhancements based on DR requirements and risk-impact analysis.
  • Identify and address process and technology gaps that impact DR capabilities and day-to-day service continuity.

This Research Will Also Assist:

  • Executives who want to understand the time and resource commitment required for DRP.
  • Members of BCM and crisis management teams who need to understand the key elements of an IT DRP.

This Research Will Help Them:

  • Scope the time and effort required to develop a DRP.
  • Align business continuity, DR, and crisis management plans.

Executive summary

Situation

  • Any time a natural disaster or major IT outage occurs, it increases executive awareness and internal pressure to create a DRP.
  • Industry standards and government regulations are driving external pressure to develop business continuity and IT DR plans.
  • Customers are asking suppliers and partners to provide evidence that they have a workable DRP before agreeing to do business.

Complication

  • Traditional DRP templates are onerous and result in a lengthy, dense plan that might satisfy auditors, but will not be effective in a crisis.
  • The myth that a DRP is only for major disasters leaves organizations vulnerable to more common incidents.
  • The growing use of outsourced infrastructure services has increased reliance on vendors to meet recovery timeline objectives.

Resolution

  • Create an effective DRP by following a structured process to discover current capabilities and define business requirements for continuity:
    • Define appropriate objectives for service downtime and data loss based on business impact.
    • Document an incident response plan that captures all of the steps from event detection to data center recovery.
    • Create a DR roadmap to close gaps between current DR capabilities and recovery objectives.

Info-Tech Insight

  1. At its core, DR is about ensuring service continuity. Create a plan that can be leveraged for both isolated and catastrophic events.
  2. Remember Murphy’s Law. Failure happens. Focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
  3. Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all services require fast failover.

An effective DRP is critical to reducing the cost of downtime

If you don’t have an effective DRP when failure occurs, expect to face extended downtime and exponentially rising costs due to confusion and lack of documented processes.

Image displayed is a graph that shows that delay in recovery causes exponential revenue loss.

Potential Lost Revenue

The impact of downtime tends to increase exponentially as systems remain unavailable (graph at left). A current, tested DRP will significantly improve your ability to execute systems recovery, minimizing downtime and business impact. Without a DRP, IT is gambling on its ability to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks or months – and substantial business impact.

Adapted from: Philip Jan Rothstein, 2007

Cost of Downtime for the Fortune 1000

Cost of unplanned apps downtime per year: $1.25B to $2.5B.

Cost of critical apps failure per hour: $500,000 to $1M.

Cost of infrastructure failure per hour: $100,000.

35% reported to have recovered within 12 hours.

17% of infrastructure failures took more than 24 hours to recover.

13% of application failures took more than 24 hours to recover.

Source: Stephen Elliot, 2015

Info-Tech Insight

The cost of downtime is rising across the board, and not just for organizations that traditionally depend on IT (e.g. e-commerce). Downtime cost increase since 2010:

Hospitality: 129% increase

Transportation: 108% increase

Media organizations: 104% increase

An effective DRP also sets clear recovery objectives that align with system criticality to optimize spend

The image displays a disaster recovery plan example, where different tiers are in place to support recovery in relation to time.

Take a practical approach that creates a more concise and actionable DRP

DR planning is not your full-time job, so it can’t be a resource- and time-intensive process.

The Traditional Approach Info-Tech’s Approach

Start with extensive risk and probability analysis.

Challenge: You can’t predict every event that can occur, and this delays work on your actual recovery procedures.

Focus on how to recover regardless of the incident.

We know failure will happen. Focus on improving your ability to failover to a DR environment so you are protected regardless of what causes primary site failure.

Build a plan for major events such as natural disasters.

Challenge: Major destructive events only account for 12% of incidents while software/hardware issues account for 45%. The vast majority of incidents are isolated local events.

An effective DRP improves day-to-day service continuity, and is not just for major events.

Leverage DR planning to address both common (e.g. power/network outage or hardware failure) as well as major events. It must be documentation you can use, not shelfware.

Create a DRP manual that provides step-by-step instructions that anyone could follow.

Challenge: The result is lengthy, dense manuals that are difficult to maintain and hard to use in a crisis. The usability of DR documents has a direct impact on DR success.

Create concise documentation written for technical experts.

Use flowcharts, checklists, and diagrams. They are more usable in a crisis and easier to maintain. You aren’t going to ask a business user to recover your SQL Server databases, so you can afford to be concise.

DR must be integrated with day-to-day incident management to ensure service continuity

When a tornado takes out your data center, it’s an obvious DR scenario and the escalation towards declaring a disaster is straightforward.

The challenge is to be just as decisive in less-obvious (and more common) DR scenarios such as a critical system hardware/software failure, and knowing when to move from incident management to DR. Don’t get stuck troubleshooting for days when you could have failed over in hours.

Bridge the gap with clearly-defined escalation rules and criteria for when to treat an incident as a disaster.

Image displays two graphs. The graph on the left measures the extent that service management processes account for disasters by the success meeting RTO and RPO. The graph on the right is a double bar graph that shows DRP being integrated and not integrated in the following categories: Incident Classifications, Severity Definitions, Incident Models, Escalation Procedures. These are measured based on the success meeting RTO and RPO.

Source: Info-Tech Research Group; N=92

Myth busted: The DRP is separate from day-to-day ops and incident management.

The most common threats to service continuity are hardware and software failures, network outages, and power outages

The image displayed is a bar graph that shows the common threats to service continuity. There are two areas of interest that have labels. The first is: 45% of service interruptions that went beyond maximum downtime guidelines set by the business were caused by software and hardware issues. The second label is: Only 12% of incidents were caused by major destructive events.

Source: Info-Tech Research Group; N=87

Info-Tech Insight

Does this mean I don’t need to worry about natural disasters? No. It means DR planning needs to focus on overall service continuity, not just major disasters. If you ignore the more common but less dramatic causes of service interruptions, you are diminishing the business value of a DRP.

Myth busted: DRPs are just for destructive events – fires, floods, and natural disasters.

DR isn’t about identifying risks; it’s about ensuring service continuity

The traditional approach to DR starts with an in-depth exercise to identify risks to IT service continuity and the probability that those risks will occur.

Here’s why starting with a risk register is ineffective:

  • Odds are, you won’t think of every incident that might occur. If you think of twenty risks, it’ll be the twenty-first that gets you. If you try to guard against that twenty-first risk, you can quickly get into cartoonish scenarios and much more costly solutions.
  • The ability to failover to another site mitigates the risk of most (if not all) incidents (fire, flood, hardware failure, tornado, etc.). A risk and probability analysis doesn’t change the need for a plan that includes a failover procedure.

Where risk is incorporated in this methodology:

  • Use known risks to further refine your strategy (e.g. if you are prone to hurricanes, plan for greater geographic separation between sites; ensure you have backups, in addition to replication, to mitigate the risk of ransomware).
  • Identify risks to your ability to execute DR (e.g. lack of cross-training, backups that are not tested) and take steps to mitigate those risks.

Myth busted: A risk register is the critical first step to creating an effective DR plan.

You can’t outsource accountability and you can’t assume your vendor’s DR capabilities meet your needs

Outsourcing infrastructure services – to a cloud provider, co-location provider, or managed service provider (MSP) – can improve your DR and service continuity capabilities. For example, a large public cloud provider will generally have:

  • Redundant telecoms service providers, network infrastructure, power feeds, and standby power.
  • Round-the-clock infrastructure and security monitoring.
  • Multiple data centers in a given region, and options to replicate data and services across regions.

Still, failure is inevitable – it’s been demonstrated multiple times1 through high-profile outages. When you surrender direct control of the systems themselves, it’s your responsibility to ensure the vendor can meet your DR requirements, including:

  • A DR site and acceptable recovery times for systems at that site.
  • An acceptable replication/backup schedule.

Sources: Kyle York, 2016; Shaun Nichols, 2017; Stephen Burke, 2017

Myth busted: I outsource infrastructure services so I don’t have to worry about DR. That’s my vendor’s responsibility.

Choose flowcharts over process guides, checklists over procedures, and diagrams over descriptions

IT DR is not an airplane disaster movie. You aren’t going to ask a business user to execute a system recovery, just like you wouldn’t really want a passenger with no flying experience to land a plane.

In reality, you write a DR plan for knowledgeable technical staff, which allows you to summarize key details your staff already know. Concise, visual documentation is:

  • Quicker to create.
  • Easier to use.
  • Simpler to maintain.

"Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow."

– Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management

A graph is displayed. It shows a line graph where the DR success is higher by using flowcharts, checklists, and diagrams.

Source: Info-Tech Research Group; N=95

*DR Success is based on stated ability to meet recovery time objectives (RTOs) and recovery point objectives (RPOs), and reported confidence in ability to consistently meet targets.

Myth busted: A DRP must include every detail so anyone can execute recovery.

A DRP is part of an overall business continuity plan

A DRP is the set of procedures and supporting documentation that enables an organization to restore its core IT services (i.e. applications and infrastructure) as part of an overall business continuity plan (BCP), as described below. Use the templates, tools, and activities in this blueprint to create your DRP.

Overall BCP
IT DRP BCP for Each Business Unit Crisis Management Plan
A plan to restore IT services (e.g. applications and infrastructure) following a disruption. This includes:
  • Identifying critical applications and dependencies.
  • Defining an appropriate (desired) recovery timeline based on a business impact analysis (BIA).
  • Creating a step-by-step incident response plan.
A set of plans to resume business processes for each business unit. Info-Tech’s Develop a Business Continuity Plan blueprint provides a methodology for creating business unit BCPs as part of an overall BCP for the organization. A set of processes to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage. This includes emergency response plans, crisis communication plans, and the steps to invoke BC/DR plans when applicable. Info-Tech’s Implement Crisis Management Best Practices blueprint provides a structured approach to develop a crisis management process.

Note: For DRP, we focus on business-facing IT services (as opposed to the underlying infrastructure), and then identify required infrastructure as dependencies (e.g. servers, databases, network).

Take a practical but structured approach to creating a concise and effective DRP

Image displayed shows the structure of this blueprint. It shows the structure of phases 1-4 and the related tools and templates for each phase.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Info-Tech advisory services deliver measurable value

Info-Tech members save an average of $22,983 and 22 days by working with an Info-Tech analyst on DRP (based on client response data from Info-Tech Research Group’s Measured Value Survey, following analyst advisory on this blueprint).

Why do members report value from analyst engagement?

  1. Expert advice on your specific situation to overcome obstacles and speed bumps.
  2. Structured project and guidance to stay on track.
  3. Project deliverables review to ensure the process is applied properly.

Guided implementation overview

Your trusted advisor is just a call away.

Define DRP scope (Call 1)

Scope requirements, objectives, and your specific challenges. Identify applications/ systems to focus on first.

Define current status and system dependencies (Calls 2-3)

Assess current DRP maturity. Identify system dependencies.

Conduct a BIA (Calls 4-6)

Create an impact scoring scale and conduct a BIA. Identify RTO and RPO for each system.

Recovery workflow (Calls 7-8)

Create a recovery workflow based on tabletop planning. Identify gaps in recovery capabilities.

Projects and action items (Calls 9-10)

Identify and prioritize improvements. Summarize results and plan next steps.

Your guided implementations will pair you with an advisor from our analyst team for the duration of your DRP project.

Workshop overview

Contact your account representative or email Workshops@InfoTech.com for more information.

Image displays the workshop overview for this blueprint. It is a workshop that runs for 4 days and covers various activities and produces many deliverables.

End-user complaints distract from serious IT-based risks to business continuity

Case Study

Industry: Manufacturing
Source: Info-Tech Research Group Client Engagement

A global manufacturer with annual sales over $1B worked with Info-Tech to improve DR capabilities.

DRP BIA

Conversations with the IT team and business units identified the following impact of downtime over 24 hours:

  • Email: Direct Cost: $100k; Goodwill Impact Score: 8.5/16
  • ERP: Direct Cost: $1.35mm; Goodwill Impact Score: 12.5/16

Tabletop Testing and Recovery Capabilities

Reviewing the organization’s current systems recovery workflow identified the following capabilities:

  • Email: RTO: minutes, RPO: minutes
  • ERP: RTO: 14 hours, RPO: 24 hours

Findings

Because of end-user complaints, IT had invested heavily in email resiliency though email downtime had a relatively minimal impact on the business. After working through the methodology, it was clear that the business needed to provide additional support for critical systems.

Insights at each step:

Identify DR Maturity and System Dependencies

Conduct a BIA

Outline Incident Response and Recovery Workflow With Tabletop Exercises

Mitigate Gaps and Risks

Create a Right-Sized Disaster Recovery Plan

Phase 1

Define DRP Scope, Current Status, and Dependencies

Step 1.1: Set Scope, Kick-Off the DRP Project, and Create a Charter

This step will walk you through the following activities:

  • Establish a team for DR planning.
  • Retrieve and review existing, relevant documentation.
  • Create a project charter.

This step involves the following participants:

  • DRP Coordinator
  • DRP Team (Key IT SMEs)
  • IT Managers

Results and Insights

  • Set scope for the first iteration of the DRP methodology.
  • Don’t try to complete your DR and BCPs all at once.
  • Don’t bite off too much at once.

Kick-off your DRP project

You’re ready to start your DR project.

This could be an annual review – but more likely, this is the first time you’ve reviewed the DR plan in years.* Maybe a failed audit might have provided a mandate for DR planning, or a real disaster might have highlighted gaps in DR capabilities. First, set appropriate expectations for what the project is and isn’t, in terms of scope, outputs, and resource commitments. Very few organizations can afford to hire a full-time DR planner, so it’s likely this won’t be your full-time job. Set objectives and timelines accordingly.

Gather a team

  • Often, DR efforts are led by the infrastructure and operations leader. This person can act as the DRP coordinator or may delegate this role.
  • Key infrastructure subject-matter experts (SMEs) are usually part of the team and involved through the project.

Find and review existing documentation

  • An existing DRP may have information you can re-purpose rather than re-create.
  • High-level architecture diagrams and network diagrams can help set scope (and will become part of your DR kit).
  • Current business-centric continuity of operations plans (COOPs) or BCPs are important to understand.

Set specific, realistic objectives

  • Create a project charter (see next slide) to record objectives, timelines, and assumptions.
*Only 20% of respondents to an Info-Tech Research Group survey (N=165) had a complete DRP; only 38% of respondents with a complete or mostly complete DRP felt it would be effective in a crisis.

List DRP drivers and challenges

1(a) Drivers and roadblocks

Estimated Time: 30 minutes

Identify the drivers and challenges to completing a functional DRP plan with the core DR team.

DRP Drivers

  • Past outages (be specific):
    • Hardware and software failures
    • External network and power outages
    • Building damage
    • Natural disaster(s)
  • Audit findings
  • Events in the news
  • Other?

DRP Challenges

  • Lack of time
  • Insufficient DR budget
  • Lack of executive support
  • No internal DRP expertise
  • Challenges making the case for DRP
  • Other?

Write down insights from the meeting on flip-chart paper or a whiteboard and use the findings to inform your DRP project (e.g. challenges to address).

Clarify expectations with a project charter

1(b) DRP Project Charter Template

DRP Project Charter Template components:

Define project parameters, roles, and objectives, and clarify expectations with the executive team. Specific subsections are listed below and described in more detail in the remainder of this phase.

  • Project Overview: Includes objectives, deliverables, and scope. Leverage relevant notes from the “Project Drivers” brainstorming exercise (e.g. past outages and near misses which help make the case).
  • Governance and Management: Includes roles, responsibilities, and resource requirements.
  • Project Risks, Assumptions, and Constraints: Includes risks and mitigation strategies, as well as any assumptions and constraints.
  • Project Sign-Off: Includes IT and executive sign-off (if required).

Note: Identify the initial team roles and responsibilities first so they can assist in defining the project charter.

The image is a screenshot of the first page of the DRP Project Charter Template.

Step 1.2: Assess Current State DRP Maturity

This step will walk you through the following activities:

  • Complete Info-Tech’s DRP Maturity Scorecard.

This step involves the following participants:

  • DRP Coordinator
  • IT SMEs

Results and Insights

  • Identify the current state of the organization’s DRP and continuity management. Set a baseline for improvement.
  • Discover where improvement is most needed to create an effective plan.

Only 38% of IT departments believe their DRPs would be effective in a real crisis

Even organizations with documented DRPs struggle to make them actionable.

  • Even when a DRP does become a priority (e.g. due to regulatory or customer drivers), the challenge is knowing where to start and having a methodical step-by-step process for doing the work. With no guide to plan and resource the project, it becomes work that you complete piecemeal when you aren’t working on other projects, or at night after the kids go to bed.
  • Far too many organizations create a document to satisfy auditors rather than creating a usable plan. People in this group often just want a fill-in-the-blanks template. What they will typically find is a template for the traditional 300-page manual that goes in a binder that sits on a shelf, is difficult to maintain, and is not effective in a crisis.
Two bar graphs are displayed. The graph on the left shows that only 20% of survey respondents indicate they have a complete DRP. The graph on the right shows that 38% of those who have a mostly completed or full DRP actually feel it would be effective in a crisis.

Use the DRP Maturity Scorecard to assess the current state of your DRP and identify areas to improve

1(c) DRP Maturity Scorecard

Info-Tech’s DRP Maturity Scorecard evaluates completion status and process maturity for a comprehensive yet practical assessment across three aspects of an effective DRP program – Defining Requirements, Implementation, and Maintenance.

Image has three boxes. One is labelled Completion status, another below it is labelled Process Maturity. There is an addition sign in between them. With an arrow leading from both boxes is another box that is labelled DRP Maturity Assessment

Completion Status: Reflects the progress made with each component of your DRP Program.

Process Maturity: Reflects the consistency and quality of the steps executed to achieve your completion status.

DRP Maturity Assessment: Each component (e.g. BIA) of your DRP Program is evaluated based on completion status and process maturity to provide an accurate holistic assessment. For example, if your BIA completion status is 4 out of 5, but process maturity is a 2, then requirements were not derived from a consistent defined process. The risk is inconsistent application prioritization and misalignment with actual business requirements.

Step 1.3: Identify Applications, Systems, and Dependencies

This step will walk you through the following activities:

  • Identify systems, applications, and services, and the business units that use them.
  • Document applications, systems, and their dependencies in the DRP Business Impact Analysis Tool.

This step involves the following participants:

  • DRP Coordinator
  • DRP Team

Results and Insights

  • Identify core services and the applications that depend on them.
  • Add applications and dependencies to the DRP Business Impact Analysis Tool.

Select 5-10 services to get started on the DRP methodology

1(d) High-level prioritization

Estimated Time: 30 minutes

Working through the planning process the first time can be challenging. If losing momentum is a concern, limit the BIA to a few critical systems to start.

Run this exercise if you need a structured exercise to decide where to focus first and identify the business users you should ask for input on the impact of system downtime.

  1. On a whiteboard or flip-chart paper, list business units in a column on the left. List key applications/systems in a row at the top. Draw a grid.
  2. At a high level, review how applications are used by each unit. Take notes to keep track of any assumptions you make.
    • Add a ✓ if members of the unit use the application or system.
    • Add an ✱ if members of the unit are heavy users of the application or system and/or use it for time sensitive tasks.
    • Leave the box blank if the app isn’t used by this unit.
  3. Use the chart to prioritize systems to include in the BIA (e.g. systems marked with an *) but also include a few less-critical systems to illustrate DRP requirements for a range of systems.

Image is an example of what one could complete from step 1(d). There is a table shown. In the column on the left lists sales, marketing, R&D, and Finance. In the top row, there is listed: dialer, ERP. CRM, Internet, analytics, intranet

Application Notes
CRM
  • Supports time-critical sales and billing processes.
Dialer
  • Used for driving the sales-call queue, integration with CRM.

Draw a high-level sketch of your environment

1(e) Sketch your environment

Estimated Time: 1-2 hours

A high-level topology or architectural diagram is an effective way to identify dependencies, application ownership, outsourced services, hardware redundancies, and more.

Note:

  • Network diagrams or high-level architecture diagrams help to identify dependencies and redundancies. Even a rough sketch is a useful reference tool for participants, and will be valuable documentation in the final DR plan.
  • Keep the drawings tidy. Visualize the final diagram before you start to draw on the whiteboard to help with spacing and placement.
  • Collaborate with relevant SMEs to identify dependencies. Keep the drawing high-level.
  • Illustrate connections between applications or components with lines. Use color coding to illustrate where applications are hosted (e.g. in-house, at a co-lo, in a cloud or MSP environment).
Example of a high-level topology or architectural diagram

Document systems and dependencies

Collaborate with system SMEs to identify dependencies for each application or system. Document the dependencies in the DRP Business Impact Analysis Tool (see image below)

  • When listing applications, focus on business-facing systems or services that business users will recognize and use terminology they’ll understand.
  • Group infrastructure components that support all other services as a single core infrastructure service to simplify dependency mapping (e.g. core router, virtual hosts, ID management, and DNS).
  • In general, each data center will have its own core infrastructure components. List each data center separately – especially if different services are hosted at each data center.
  • Be specific when documenting dependencies. Use existing asset tracking tables, discovery tools, asset management records, or configuration management tools to identify specific server names.
  • Core infrastructure dependencies, such as the network infrastructure, power supply, and centralized storage, will be a common set of dependencies for most applications, so group these into a separate category called “Core Infrastructure” to minimize repetition in your DR planning.
  • Document production components in the BIA tool. Capture in-production, redundant components performing the same work on a single dependency line. List standby systems in the notes.

Info-Tech Best Practice

In general, visual documentation is easier to use in a crisis and easier to maintain over time. Use Info-Tech’s research to help build your own visual SOPs.

Document systems and dependencies

1(f) DRP Business Impact Analysis Tool – Record systems and dependencies

A screenshot of Info-Tech's DRP Business Impact Analysis Tool.

Stories from the field: Info-Tech clients find value in Phase 1 in the following ways

An organization uncovers a key dependency that needed to be treated as a Tier 1 system

Reviewing the entire ecosystem for applications identified key dependencies that were previously considered non-critical. For example, a system used to facilitate secure data transfers was identified as a key dependency for payroll and other critical business processes, and elevated to Tier 1.

A picture’s worth a thousand words (and 1600 servers)

Drawing a simple architectural diagram was an invaluable tool to identify key dependencies and critical systems, and to understand how systems and dependencies were interconnected. The drawing was an aha moment for IT and business stakeholders trying to make sense of their 1600-server environment.

Make the case for DRP

A member of the S&P 500 used Info-Tech’s DRP Maturity Scorecard to provide a reliable objective assessment and make the case for improvements to the board of directors.

State government agency initiates a DRP project to complement an existing COOP

Info-Tech's DRP Project Charter enabled the CIO to clarify their DRP project scope and where it fit into their overall COOP. The project charter example provided much of the standard copy – objectives, scope, project roles, methodology, etc. – required to outline the project.

Phase 1: Insights and accomplishments

Image has two screenshots from Info-Tech's Phase 1 tools and templates.

Created a charter and identified current maturity

Image has two screenshots. One is from Info-Tech's DRP Business Impact Analysis Tool and the other is from the example in step 1(d).

Identified systems and dependencies for the BIA

Summary of Accomplishments:

  • Created a DRP project charter.
  • Completed the DRP Maturity Scorecard and identified current DRP maturity.
  • Prioritized applications/systems for a first pass through DR planning.
  • Identified dependencies for each application and system.

Up Next: Conduct a BIA to establish recovery requirements

Create a Right-Sized Disaster Recovery Plan

Phase 2

Conduct a BIA to Determine Acceptable RTOs and RPOs

Step 2.1: Define an Objective Impact Scoring Scale

This step will walk you through the following activities:

  • Create a scoring scale to measure the business impact of application and system downtime.

This step involves the following participants:

  • DRP Coordinator
  • DRP Team

Results and Insights

  • Use a scoring scale tied to multiple categories of real business impact to develop a more objective assessment of application and system criticality.

Align capabilities to appropriate and acceptable RTOs and RPOs with a BIA

Too many organizations avoid a BIA because they perceive it as onerous or unneeded. A well-managed BIA is straightforward and the benefits are tangible.

A BIA enables you to identify appropriate spend levels, maintain executive support, and prioritize DR planning for a more successful outcome. Info-Tech has found that a BIA has a measurable impact on the organization’s ability to set appropriate objectives and investment goals.

Two bar graphs are depicted. The one on the left shows 93% BIA impact on appropriate RTOs. The graph on the right shows that with BIA, there is 86% on BIA impact on appropriate spending.

Info-Tech Insight

Business input is important, but don’t let a lack of it delay a draft BIA. Complete a draft based on your knowledge of the business. Create a draft within IT, and use it to get input from business leaders. It’s easier to edit estimates than to start from scratch; even weak estimates are far better than a blank sheet.

Pick impact categories that are relevant to your business to develop a holistic view of business impact

Direct Cost Impact Categories

  • Revenue: permanently lost revenue.
    • Example: one third of daily sales are lost due to a website failure.
  • Productivity: lost productivity.
    • Example: finance staff can’t work without the accounting system.
  • Operating costs: additional operating costs.
    • Example: temporary staff are needed to re-key data.
  • Financial penalties: fines/penalties that could be incurred due to downtime.
    • Example: failure to meet contractual service-level agreements (SLAs) for uptime results in financial penalties.

Goodwill, Compliance, and Health and Safety Categories

  • Stakeholder goodwill: lost customer, staff, or business partner goodwill due to harm, frustration, etc.
    • Example: customers can’t access needed services because the website is down.
    • Example: a payroll system outage delays paychecks for all staff.
    • Example: suppliers are paid late because the purchasing system is down.
  • Compliance, health, and safety:
    • Example: financial system downtime results in a missed tax filing.
    • Example: network downtime disconnects security cameras.

Info-Tech Insight

You don’t have to include every impact category in your BIA. Include categories that could affect your business. Defer or exclude other categories. For example, the bulk of revenue for governmental organizations comes from taxes, which won’t be permanently lost if IT systems fail.

Modify scoring criteria to help you measure the impact of downtime

The scoring scales define different types of business impact (e.g. costs, lost goodwill) using a common four-point scale and 24-hour timeframe to simplify BIA exercises and documentation.

Use the suggestions below as a guide as you modify scoring criteria in the DRP Business Impact Analysis Tool:

  • All the direct cost categories (revenue, productivity, operating costs, financial penalties) require the user to define only a maximum value; the tool will populate the rest of the criteria for that category. Use the suggestions below to find the maximum scores for each of the direct cost categories:
    • Revenue: Divide total revenue for the previous year by 365 to estimate daily revenue. Assume this is the most revenue you could lose in a day, and use this number as the top score.
    • Loss of Productivity: Divide fully-loaded labor costs for the organization by 365 to estimate daily productivity costs. Use this as a proxy measure for the work lost if all business stopped for one day.
    • Increased Operating Costs: Isolate this to known additional costs that result from a disruption (e.g. costs for overtime or temporary staff). Estimate the maximum cost for the organization.
    • Financial Penalties: Isolate this to known financial penalties (e.g. due to failure to meet SLAs or compliance requirements). Use the estimated maximum penalty as the highest value on the scale.
  • Impact on Goodwill: Use an estimate of the percentage of all stakeholders impacted to assess goodwill impact.
  • Impact on Compliance; Impact on Health and Safety: The BIA tool contains default scoring criteria that account for the severity of the impact, the likelihood of occurrence, and in the case of compliance, whether a grace period is available. Use this scale as-is, or adapt this scale to suit your needs.

Modify the default scoring scale in the DRP Business Impact Analysis Tool to reflect your organization

2(a) DRP Business Impact Analysis Tool – Scoring criteria


A screenshot of Info-Tech's DRP Business Impact Analysis Tool's scoring criteria

Step 2.2: Estimate the Impact of Downtime

This step will walk you through the following activities:

  • Identify the business impact of service/system/application downtime.

This step involves the following participants:

  • DRP Coordinator
  • DRP Team
  • IT Service SMEs
  • Business-Side Technology Owners (optional)

Results and Insights

  • Apply the scoring scale to develop a more objective assessment of the business impact of downtime.
  • Create criticality tiers based on the business impact of downtime.

Estimate the impact of downtime for each system and application

2(b) Estimate the impact of systems downtime

Estimated Time: 3 hours

On tab 3 of the DRP Business Impact Analysis Tool indicate the costs of downtime, as described below:

  1. Have a copy of the “Scoring Criteria” tab available to use as a reference (e.g. printed or on a second display). In tab 3 use the drop-down menu to assign a score of 0 to 4 based on levels of impact defined in the “Scoring Criteria” tab.
  2. Work horizontally across all categories for a single system or application. This will familiarize you with your scoring scales for all impact categories, and allow you to modify the scoring scales if needed before you proceed much further.
  3. For example, if a core call center phone system was down:

  • Loss of Revenue would be the portion of sales revenue generated through the call center. This might score a 1 or 2 depending on the percent of sales that are processed by the call center.
  • The Impact on Customers might be a 2 or 3 depending on the extent that some customers might be using the call center to receive support or purchase new products or services.
  • The Legal/Regulatory Compliance and Health or Safety Risk might be a 0, as the call center has no impact in either area.
  • Next, work vertically across all applications or systems within a single impact category. This will allow you to compare scores within the category as you create them to ensure internal consistency.
  • Add impact scores to the DRP Business Impact Analysis Tool

    2(c) DRP Business Impact Analysis Tool

    Screenshot of Info-Tech's DRP Business Impact Analysis Tool

    Record business reasons and assumptions that drive BIA scores

    2(d) DRP BIA Scoring Context Example

    Info-Tech suggests that IT leadership and staff identify the impact of downtime first to create a version that you can then validate with relevant business owners. As you work through the BIA as a team, have a notetaker record assumptions you make to help you explain the results and drive business engagement and feedback.

    Some common assumptions:

    • You can’t schedule a disaster, so Info-Tech suggests you assume the worst possible timing for downtime. Base the impact of downtime on the worst day for a disaster (e.g. year-end close, payroll run).
    • Record assumptions made about who and what are impacted by system downtime.
    • Record assumptions made about impact severity.
    • If you deviate from the scoring scale, or if a particular impact doesn’t fit well into the defined scoring scale, document the exception.

    Screenshot of Info-Tech's DRP BIA Scoring Context Example

    Use Info-Tech’s DRP BIA Scoring Context Example as a note-taking template.

    Info-Tech Insight

    You can’t build a perfect scoring scale. It’s fine to make reasonable assumptions based on your judgment and knowledge of the business. Just write down your assumptions. If you don’t write them down, you’ll forget how you arrived at that conclusion.

    Assign a criticality rating based on total direct and indirect costs of downtime

    2(e) DRP Business Impact Analysis Tool – Assign criticality tiers

    Once you’ve finished estimating the impact of downtime, use the following rough guideline to create an initial sort of applications into Tiers 1, 2, and 3.

    1. In general, sort applications based on the Total Impact on Goodwill, Compliance, and Safety first.
      • An effective tactic for a quick sort: assign a Tier 1 rating where scores are 50% or more of the highest total score, Tier 2 where scores are between 25% and 50%, and Tier 3 where scores are below 25%. Some organizations will also include a Tier 0 for the highest-scoring systems.
      • Then review and validate these scores and assignments.
    2. Next, consider the Total Cost of Downtime.
      • The Total Cost is calculated by the tool based on the Scoring Criteria in tab 2 and the impact scores on tab 3.
      • Decide if the total cost impact justifies increasing the criticality rating (e.g. from Tier 2 to Tier 1 due to high cost impact).
    3. Review the assigned impact scores and tiers to check that they’re in alignment. If you need to make an exception, document why. Keep exceptions to a minimum.

    Example: Highest total score is 12

    Screenshot of Info-Tech's DRP Business Impact Analysis Tool

    Step 2.3: Determine Acceptable RTO/RPO Targets

    This step will walk you through the following activities:

    • Review the “Debate Space” approach to setting RTO and RPO (recovery targets).
    • Set preliminary RTOs and RPOs by criticality tier.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team

    Results and Insights

    • Align recovery targets with the business impact of downtime and data loss.

    Use the “Debate Space” approach to align RTOs and RPOs with the impact of downtime

    The business must validate acceptable and appropriate RTOs and RPOs, but IT can use the guidelines below to set an initial estimate.

    Right-size recovery.

    A shorter RTO typically requires higher investment. If a short period of downtime has minimal impact, setting a low RTO may not be justifiable. As downtime continues, impact begins to increase exponentially to a point where downtime is intolerable – an acceptable RTO must be shorter than this. Apply the same thinking to RPOs – how much data loss is unnoticeable? How much is intolerable?

    A diagram to show the debate space in relation to RTOs and RPOs

    The “Debate Space” is between minimal impact and maximum tolerance for downtime.

    Estimate appropriate, acceptable RTOs and RPOs for each tier

    2(f) Set recovery targets

    Estimated Time: 30 minutes

    RTO and RPO tiers simplify management by setting similar recovery goals for systems and applications with similar criticality.

    Use the “Debate Space” approach to set appropriate and acceptable targets.

    1. For RTO, establish a recovery time range that is appropriate based on impact.
      • Overall, the RTO tiers might be 0-4 hours for gold, 4-24 hours for silver, and 24-48 hours for bronze.
    2. RPOs reflect target data protection measures.
      • Identify the lowest RPO within a tier and make that the standard.
      • For example, RPO for gold data might be five minutes, silver might be four hours, and bronze might be one day.
      • Use this as a guideline. RPO doesn’t always align perfectly with RTO tiers.
    3. Review RTOs and RPOs and make sure they accurately reflect criticality.

    Info-Tech Insight

    In general, the more critical the system, the shorter the RPO. But that’s not always the case. For example, a service bus might be Tier 1, but if it doesn’t store any data, RPO might be longer than other Tier 1 systems. Some systems may have a different RPO than most other systems in that tier. As long as the targets are acceptable to the business and appropriate given the impact, that’s okay.

    Add recovery targets to the DRP Business Impact Analysis Tool

    2(g) DRP Business Impact Analysis Tool – Document recovery objectives

    A screenshot of Info-Tech's DRP Business Impact Analysis Tool – Document recovery objectives

    Stories from the field: Info-Tech clients find value in Phase 2 in the following ways

    Most organizations discover something new about key applications, or the way stakeholders use them, when they work through the BIA and review the results with stakeholders. For example:

    Why complete a BIA? There could be a million reasons

    • A global manufacturer completed the DRP BIA exercise. When email went down, Service Desk phones lit up until it was resolved. That grief led to a high availability implementation for email. However, the BIA illustrated that ERP downtime was far more impactful.
    • ERP downtime would stop production lines, delay customer orders, and ultimately cost the business a million dollars a day.
    • The BIA results clearly showed that the ERP needed to be prioritized higher, and required business support for investment.

    Move from airing grievances to making informed decisions

    The DRP Business Impact Analysis Tool helped structure stakeholder consultations on DR requirements for a large university IT department. Past consultations had become an airing of grievances. Using objective impact scores helped stakeholders stay focused and make informed decisions around appropriate RTOs and RPOs.

    Phase 2: Insights and accomplishments

    Screenshots of the tools and templates from this phase.

    Estimated the business impact of downtime

    Screenshot of a tools from this phase

    Set recovery targets

    Summary of Accomplishments

    • Created a scoring scale tied to different categories of business impact.
    • Applied the scoring scale to estimate the business impact of system downtime.
    • Identified appropriate, acceptable RTOs and RPOs.

    Up Next:Conduct a tabletop planning exercise to establish current recovery capabilities

    Create a Right-Sized Disaster Recovery Plan

    Phase 3

    Identify and Address Gaps in the Recovery Workflow

    Step 3.1: Determine Current Recovery Workflow

    This step will walk you through the following activities:

    • Run a tabletop exercise.
    • Outline the steps for the initial response (notification, assessment, disaster declaration) and systems recovery (i.e. document your recovery workflow).
    • Identify any gaps and risks in your initial response and systems recovery.

    This step involves the following participants:

    • DRP Coordinator
    • IT Infrastructure SMEs (for systems in scope)
    • Application SMEs (for systems in scope)

    Results and Insights

    • Use a repeatable practical exercise to outline and document the steps you would use to recover systems in the event of a disaster, as well as identify gaps and risks to address.
    • This is also a knowledge-sharing opportunity for your team, and a practical means to get their insights, suggestions, and recovery knowledge down on paper.

    Tabletop planning: an effective way to test and document your recovery workflow

    In a tabletop planning exercise, the DRP team walks through a disaster scenario to map out what should happen at each stage, and effectively defines a high-level incident response plan (i.e. recovery workflow).

    Tabletop planning had the greatest impact on meeting recovery objectives (RTOs/RPOs) among survey respondents.

    A bar graph is displayed that shows that tabletop planning has the greatest impact on meeting recovery objectives (RTOs/RPOs) among survey respondents.

    *Note: Relative importance indicates the contribution an individual testing methodology, conducted at least annually, had on predicting success meeting recovery objectives, when controlling for all other types of tests in a regression model. The relative-importance values have been standardized to sum to 100%.

    Success was based on the following items:

    • RTOs are consistently met.
    • IT has confidence in the ongoing ability to meet RTOs.
    • RPOs are consistently met.
    • IT has confidence in the ongoing ability to meet RPOs.

    Why is tabletop planning so effective?

    • It enables you to play out a wider range of scenarios than technology-based testing (e.g. full-scale, parallel) due to cost and complexity factors.
    • It is non-intrusive, so it can be executed more frequently than other testing methodologies.
    • It easily translates into the backbone of your recovery documentation, as it allows you to review all aspects of your recovery plan.

    Focus first on IT DR

    Your DRP is IT contingency planning. It is not crisis management or BCP.

    The goal is to define a plan to restore applications and systems following a disruption. For your first tabletop exercise, Info-Tech recommends you use a non-life-threatening scenario that requires at least a temporary relocation of your data center (i.e. failing over to a DR site/environment). Assume a gas leak or burst water pipe renders the data center inaccessible. Power is shut off and IT must failover systems to another location. Once you create the master procedure, review the plan to ensure it addresses other scenarios.

    Info-Tech Insight

    When systems fail, you are faced with two high-level options: failover or recover in place. If you document the plan to failover systems to another location, you’ll have documented the core of your DR procedures. This differs from traditional scenario planning where you define separate plans for different what-if scenarios. The goal is one plan that can be adapted to different scenarios, which reduces the effort to build and maintain your DRP.

    Conduct a tabletop planning exercise to outline DR procedures in your current environment

    3(a) Tabletop planning

    Estimated Time: 2-3 hours

    For each high-level recovery step, do the following:

    1. On white cue cards:
      • Record the step.
      • Indicate the task owner (if required for clarity).
      • Note time required to complete the step. After the exercise, use this to build a running recovery time where 00:00 is when the incident occurred.
    2. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
    3. On red cue cards, indicate risks (e.g. no backup person for a key staff member).
    An example is shown on what can be done during step 3(a). Three cue cards are showing in white, yellow, and red.

    Do:

    • Review the complete workflow from notification all the way to user acceptance testing.
    • Keep focused; stay on task and on time.
    • Revisit each step and record gaps and risks (and known solutions, but don’t dwell on this).
    • Revise and improve the plan with task owners.

    Don't:

    • Get weighed down by tools.
    • Document the details right away – stick to the high-level plan for the first exercise.
    • Try to find solutions to every gap/risk as you go. Save in-depth research/discussion for later.

    Flowchart the current-state incident response plan (i.e. document the recovery workflow)

    3(b) DRP Recovery Workflow Template and Case Study: Practical, Right-Sized DRP

    Why use flowcharts?

    • Flowcharts provide an at-a-glance view, ideal for disaster scenarios where pressure is high and quick upward communication is necessary.
    • For experienced staff, a high-level reminder of key steps is sufficient.

    Use the completed tabletop planning exercise results to build this workflow.

    "We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management." – Assistant Director, IT Operations, Healthcare Industry

    Source: Info-Tech Research Group Interview

    Screenshot of Info-Tech's DRP Recovery Workflow Template

    For a formatted template you can use to capture your plan, see Info-Tech’s DRP Recovery Workflow Template.

    For a completed example of tabletop planning results, review Info-Tech’s Case Study: Practical, Right-Sized DRP.

    Identify RPA

    What’s my RPA? Consider the following case:

    • Once a week, a full backup is taken of the complete ERP system and is transferred over the WAN to a secondary site 250 miles away, where it is stored on disk.
    • Overnight, an incremental backup is taken of the day’s changes, and is transferred to the same secondary site, and also stored on disk.
    • During office hours, the SAN takes a snapshot of changes which are kept on local storage (information on the accounting system usually only changes during office hours).
    • So what’s the RPA? One hour (snapshots), one day (incrementals), or one week (full backups)?

    When identifying RPA, remember the following:

    You are planning for a disaster scenario, where on-site systems may be inaccessible and any copies of data taken during the disaster may fail, be corrupt, or never make it out of the data center (e.g. if the network fails before the backup file ships). In the scenario above, it seems likely that off-site incremental backups could be restored, leading to a 24-hour RPA. However, if there were serious concerns about the reliability of the daily incrementals, the RPA could arguably be based on the weekly full backups.

    Info-Tech Best Practice

    The RPA is a commitment to the maximum data you would lose in a DR scenario with current capabilities (people, process, and technology). Pick a number you can likely achieve. List any situations where you couldn’t meet this RPA, and identify those for a risk tolerance discussion. In the example above, complete loss of the primary SAN would also mean losing the snapshots, so the last good copy of the data could be up to 24-hours old.

    Add recovery actuals (RTA/RPA) to your copy of the BIA

    3(c) DRP Business Impact Analysis Tool– Recovery actuals

    On the “Impact Analysis” tab in the DRP Business Impact Analysis Tool, enter the estimated maximum downtime and data loss in the RTA and RPA columns.

    1. Estimate the RTA based on the required time for complete recovery. Review your recovery workflow to identify this timeline. For example, if the notification, assessment, and declaration process takes two hours, and systems recovery requires most of a day, the estimated RTA could be 24 hours.
    2. Estimate the RPA based on the longest interval between copies of the data being shipped offsite. For example, if data on a particular system is backed up offsite once per day, and the onsite system was destroyed just before that backup began, the entire day’s data could be lost and estimated RPA could be 24 hours. Note: Enter 9999 to indicate that data is unrecoverable.

    A screenshot of Info-Tech's DRP Business Impact Analysis Tool – Recovery actuals

    Info-Tech Best Practice

    It’s okay to round numbers to the nearest shift, day, or week for simplicity (e.g. 24 hours rather than 22.5 hours, or 8 hours rather than 7.25 hours).

    Test the recovery workflow against additional scenarios

    3(d) Workflow review

    Estimated Time: 1 hour

    Review your recovery workflow with a different scenario in mind.

    • Work from and update the soft copy of your recovery workflow.
    • Would any steps be different if the scenario changes? If yes, capture the different flow with a decision diamond. Identify any new gaps or risks you encounter with red and yellow cards. Use as few decision diamonds as possible.

    Screenshot of testing the workflow against the additional scenarios

    Info-Tech Best Practice

    As you start to consider scenarios where injuries or loss of life are a possibility, remember that health and safety risks are the top priority in a crisis. If there’s a fire in the data center, evacuating the building is the first priority, even if that means foregoing a graceful shut down. For more details on emergency response and crisis management, see Implement Crisis Management Best Practices.

    Consider additional IT disaster scenarios

    3(e) Thought experiment – Review additional scenarios

    Walk through your recovery workflow in the context of additional, different scenarios to ensure there are no gaps. Collaborate with your DR team to identify changes that might be required, and incorporate these changes in the plan.

    Scenario Type Considerations
    Isolated hardware/software failure
    • Failover to the DR site may not be necessary (or only for affected systems).
    Power outage or network outage
    • Do you have standby power? Do you have network redundancy?
    Local hazard (e.g. chemical leak, police incident)
    • Systems might be accessible remotely, but hands-on maintenance will be required eventually.
    • An alternate site is required for service continuity.
    Equipment/building damage (e.g. fire, roof collapse)
    • Staff injuries or loss of life are a possibility.
    • Equipment may need repair or replacement (vendor involvement).
    • An alternate site is required for service continuity.
    Regional natural disasters
    • Staff injuries or loss of life are a possibility.
    • Utilities may be affected (power, running water, etc.).
    • Expect staff to take care of their families first before work.
    • A geographically distant alternate site may be required for service continuity.

    Step 3.2: Identify and Prioritize Projects to Close Gaps

    This step will walk you through the following activities:

    • Analyze the gaps that were identified from the maturity scorecard, tabletop planning exercise, and the RTO/RPO gaps analysis.
    • Brainstorm solutions to close gaps and mitigate risks.
    • Determine a course of action to close these gaps. Prioritize each project. Create a project implementation timeline.

    This step involves the following participants:

    • DRP Coordinator
    • IT Infrastructure SMEs

    Results and Insights

    • Prioritized list of projects and action items that can improve DR capabilities.
    • Often low-cost, low-effort quick wins are identified to mitigate at least some gaps/risks. Higher-cost, higher-effort projects can be part of a longer-term IT strategy. Improving service continuity is an ongoing commitment.

    Brainstorm solutions to address gaps and risk

    3(f) Solutioning

    Estimated Time: 1.5 hours

    1. Review each of the risk and gap cards from the tabletop exercise.
    2. As a group, brainstorm ideas to address gaps, mitigate risks, and improve resiliency. Write the list of ideas on a whiteboard or flip-chart paper. The solutions can range from quick-wins and action items to major capital investments.
    3. Try to avoid debates about feasibility at this point – that should happen later. The goal is to get all ideas on the board.

    An example of how to complete Activity 3(f). Three cue cards showing various steps are attached by arrows to steps on a whiteboard.

    Info-Tech Best Practice

    It’s about finding ways to solve the problem, not about solving the problem. When you’re brainstorming solutions to problems, don’t stop with the first idea, even if the solution seems obvious. The first idea isn’t always the best or only solution; other ideas can expand on and improve that first idea.

    Select an optimal DR deployment model from a world of choice

    There are many options for a DR deployment. What makes sense for you?

    • Sifting through the options for a DR site can be overwhelming. Simplify by eliminating deployment models that aren’t a good fit for your requirements or organization using Info-Tech’s research.
    • Someone will ask you about DR in the cloud. Cut to the chase and evaluate cloud for fit with your organization’s current capabilities and requirements. Read about the 10 Secrets for Successful DR in the Cloud.
    • Selecting and deploying a DR site is an exercise in risk mitigation. IT’s role is to advise the business on options to address the risk of not having a DR site, including cost and effort estimates. The business must then decide how to manage risk. Build total cost of ownership (TCO) estimates and evaluate possible challenges and risks for each option.

    Is it practical to invest in greater geo-redundancy that meets RTOs and RPOs during a widespread event?

    Info-Tech suggests you consider events that impact both sites, and your risk tolerance for that impact. Outline the impact of downtime at a high level if both the primary and secondary site were affected. Research how often events severe enough to have impacted both your primary and secondary sites have occurred in the past. What’s the business tolerance for this type of event?

    A common strategy: have a primary and DR site that are close enough to support low RPO/RTO, but far enough away to mitigate the impact of known regional events. Back up data to a remote third location as protection against a catastrophic event.

    Info-Tech Insight

    Approach site selection as a project. Leverage Select an Optimal Disaster Recovery Deployment Model to structure your own site-selection project.

    Set up the DRP Roadmap Tool

    3(g) DRP Roadmap Tool – Set up tool

    Use the DRP Roadmap Tool to create a high-level roadmap to plan and communicate DR action items and initiatives. Determine the data you’ll use to define roadmap items.

    Screenshot of Info-Tech's DRP Roadmap Tool

    Plan next steps by estimating timeline, effort, priority, and more

    3(h) DRP Roadmap Tool – Describe roadmap items

    A screenshot of Info-Tech's DRP Roadmap Tool to show how to describe roadmap items

    Review and communicate the DRP Roadmap Tool

    3(i) DRP Roadmap Tool – View roadmap chart

    A screenshot of Info-Tech's DRP Roadmap Tool's Roadmap tab

    Step 3.3: Review the Future State Recovery Process

    This step will walk you through the following activities:

    • Update the recovery workflow to outline your future recovery procedure.
    • Summarize findings from DR exercises and present the results to the project sponsor and other interested executives.

    This step involves the following participants:

    • DRP Coordinator
    • IT SMEs (Future State Recovery Flow)
    • DR Project Sponsor

    Results and Insights

    • Summarize results from DR planning exercises to make the case for needed DR investment.

    Outline your future state recovery flow

    3(j) Update the recovery workflow to outline response and recovery in the future

    Estimated Time: 30 minutes

    Outline your expected future state recovery flow to demonstrate improvements once projects and action items have been completed.

    1. Create a copy of your DRP recovery workflow in a new tab in Visio.
    2. Delete gap and risk cards that are addressed by proposed projects. Consolidate or eliminate steps that would be simplified or streamlined in the future if projects are implemented.
    3. Create a short-, medium-, and long-term review of changes to illustrate improvements over time to the project roadmap.
    4. Update this workflow as you implement and improve DR capabilities.

    Screenshot of the recovery workflow

    Validate recovery targets and communicate actual recovery capabilities

    3(k) Validate findings, present recommendations, secure budget

    Estimated Time: time required will vary

    1. Interview managers or process owners to validate RTO, RPO, and business impact scores.Use your assessment of “heavy users” of particular applications (picture at right) to remind you which business users you should include in the interview process.
    2. Present an overview of your findings to the management team.Use Info-Tech’s DRP Recap and Results Template to summarize your findings.
    3. Take projects into the budget process.With the management team aware of the rationale for investment in DRP, build the business case and secure budget where needed.

    Present DRP findings and make the case for needed investment

    3(I) DRP Recap and Results Template

    Create a communication deck to recap key findings for stakeholders.

    • Write a clear problem statement. Identify why you did this project (what problem you’re solving).
    • Clearly state key findings, insights, and recommendations.
    • Leverage the completed tools and templates to populate the deck. Callouts throughout the template presentation will direct you to take and populate screenshots throughout the document.
    • Use the presentation to communicate key findings to, and gather feedback from, business unit managers, executives, and IT staff.
    Screenshots of Info-Tech's DRP Recap and Results Template

    Stories from the field: Info-Tech clients find value in Phase 3 in the following ways

    Tabletop planning is an effective way to discover gaps in recovery capabilities. Identify issues in the tabletop exercise so you can manage them before disaster strikes. For example:

    Back up a second…

    A client started to back up application data offsite. To minimize data transfer and storage costs, the systems themselves weren’t backed up. Working through the restore process at the DR site, the DBA realized 30 years of COBOL and SQR code – critical business functionality – wasn’t backed up offsite.

    Net… work?

    A 500-employee professional services firm realized its internet connection could be a significant roadblock to recovery. Without internet, no one at head office could access critical cloud systems. The tabletop exercise identified this recovery bottleneck and helped prioritize the fix on the roadmap.

    Someone call a doctor!

    Hospitals rely on their phone systems for system downtime procedures. A tabletop exercise with a hospital client highlighted that if the data center were damaged, the phone system would likely be damaged as well. Identifying this provided more urgency to the ongoing VOIP migration.

    The test of time

    A small municipality relied on a local MSP to perform systems restore, but realized it had never tested the restore procedure to identify RTA. Contacting the MSP to review capabilities became a roadmap item to address this risk.

    Phase 3: Insights and accomplishments

    Screenshot of Info-Tech's DRP recovery workflow template

    Outlined the DRP response and risks to recovery

    Screenshots of activities completed related to brainstorming risk mitigation measures.

    Brainstormed risk mitigation measures

    Summary of Accomplishments

    • Planned and documented your DR incident response and systems recovery workflow.
    • Identified gaps and risks to recovery and incident management.
    • Brainstormed and identified projects and action items to mitigate risks and close gaps.

    Up Next: Leverage the core deliverables to complete, extend, and maintain your DRP

    Create a Right-Sized Disaster Recovery Plan

    Phase 4

    Complete, Extend, and Maintain Your DRP

    Phase 4: Complete, Extend, and Maintain Your DRP

    This phase will walk you through the following activities:

    • Identify progress made on your DRP by reassessing your DRP maturity.
    • Prioritize the highest value major initiatives to complete, extend, and maintain your DRP.

    This phase involves the following participants:

    • DRP Coordinator
    • Executive Sponsor

    Results and Insights

    • Communicate the value of your DRP by demonstrating progress against items in the DRP Maturity Scorecard.
    • Identify and prioritize future major initiatives to support the DRP, and the larger BCP.

    Celebrate accomplishments, plan for the future

    Congratulations! You’ve completed the core DRP deliverables and made the case for investment in DR capabilities. Take a moment to celebrate your accomplishments.

    This milestone is an opportunity to look back and look forward.

    • Look back: measure your progress since you started to build your DRP. Revisit the assessments completed in phase 1, and assess the change in your overall DRP maturity.
    • Look forward: prioritize future initiatives to complete, extend, and maintain your DRP. Prioritize initiatives that are the highest impact for the least requirement of effort and resources.

    We have completed the core DRP methodology for key systems:

    • BIA, recovery objectives, high-level recovery workflow, and recovery actuals.
    • Identify key tasks to meet recovery objectives.

    What could we do next?

    • Repeat the core methodology for additional systems.
    • Identify a DR site to meet recovery requirements, and review vendor DR capabilities.
    • Create a summary DRP document including requirements, capabilities, and change procedures.
    • Create a test plan and detailed recovery documentation.
    • Coordinate the creation of BCPs.
    • Integrate DR in other key operational processes.

    Revisit the DRP Maturity Scorecard to measure progress and identify remaining areas to improve

    4(a) DRP Maturity Scorecard – Reassess your DRP program maturity

    1. Find the copy of the DRP Maturity Scorecard you completed previously. Save a second copy of the completed scorecard in the same folder.
    2. Update scoring where you have improved your DRP documentation or capabilities.
    3. Review the new scores on tab 3. Compare the new scores to the original scores.

    Screenshot of DRP Maturity Assessment Results

    Info-Tech Best Practice

    Use the completed, updated DRP Maturity Scorecard to demonstrate the value of your continuity program, and to help you decide where to focus next.

    Prioritize major initiatives to complete, extend, and maintain the DRP

    4(b) Prioritize major initiatives

    Estimated Time: 2 hours

    Prioritize major initiatives that mitigate significant risk with the least cost and effort.

    1. Use the scoring criteria below to evaluate risk, effort, and cost for potential initiatives. Modify the criteria if required for your organization. Write this out on a whiteboard or flip-chart paper.
    2. Assign a score from 1 to 3. Multiply the scores for each initiative together for an aggregate score. In general, prioritize initiatives with higher scores.
    Score A: How significant are the risks this initiative will mitigate? B: How easily can we complete this initiative? C: How cost-effective is this initiative?
    3: High Critical impact on +50% of stakeholders, or major impact to compliance posture, or significant health/safety risk. One sprint, can be completed by a few individuals with minor supervision. Within the IT discretionary budget.
    2: Medium Impacts <50% of stakeholders, or minor impact on compliance, or degradation to health or safety controls. One quarter, and/or some increased effort required, some risk to completion. Requires budget approval from finance.
    1: Low Impacts limited to <25% of stakeholders, no impact on compliance posture or health/safety. One year, and/or major vendor or organizational challenges. Requires budget approval from the board of directors.

    Info-Tech Best Practice

    You can use a similar scoring exercise to prioritize and schedule high-benefit, low-effort, low-cost items identified in the roadmap in phase 3.

    Example: Prioritize major initiatives

    4(b) Prioritize major initiatives continued

    Write out the table on a whiteboard (record the results in a spreadsheet for reference). In the case below, IT might decide to work on repeating the core methodology first as they create the active testing plans, and tackle process changes later.

    Initiative A: How significant are the risks this initiative will mitigate? B: How easily can we complete this initiative? C: How cost-effective is this initiative? Aggregate score (A x B x C)
    Repeat the core methodology for all systems 2 – will impact some stakeholders, no compliance or safety impact. 2 – will require about 3 months, no significant complications. 3 – No cost. 12
    Add DR to project mgmt. and change mgmt. 1 – Mitigates some recovery risks over the long term. 1 – Requires extensive consultation and process review. 3 – No cost. 3
    Active failover testing on plan 2 – Mitigates some risks; documentation and cross training is already in place. 2 – Requires 3-4 months of occasional effort to prepare for test. 2 – May need to purchase some equipment before testing. 8

    Info-Tech Best Practice

    Find a pace that allows you to keep momentum going, but also leaves enough time to act on the initial findings, projects, and action items identified in the DRP Roadmap Tool. Include these initiatives in the Roadmap tool to visualize how identified initiatives fit with other tasks identified to improve your recovery capabilities.

    Repeat the core DR methodology for additional systems and applications


    You have created a DR plan for your most critical systems. Now, add the rest:

    • Build on the work you’ve already done. Re-use the BIA scoring scale. Update your existing recovery workflows, rather than creating and formatting an entirely new document. A number of steps in the recovery will be shared with, or similar to, the recovery procedures for your Tier 1 systems.

    Risks and Challenges Mitigated

    • DR requirements and capabilities for less-critical systems have not been evaluated.
    • Gaps in the recovery process for less critical systems have not been evaluated or addressed.
    • DR capabilities for less critical systems may not meet business requirements.
    Sample Outputs
    Add Tier 2 & 3 systems to the BIA.
    Complete another tabletop exercise for Tier 2 & 3 systems recovery, and add the results to the recovery workflow.
    Identify projects to close additional gaps in the recovery process. Add projects to the project roadmap.

    Info-Tech Best Practice

    Use this example of a complete, practical, right-size DR plan to drive and guide your efforts.

    Extend your core DRP deliverables

    You’ve completed the core DRP deliverables. Continue to create DRP documentation to support recovery procedures and governance processes:

    • DR documentation efforts fail when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s long, hard to maintain, and ends up as shelfware.
    • Create documentation in layers to keep it manageable. Build supporting documentation over time to support your high-level recovery workflow.

    Risks and Challenges Mitigated

    • Key contact information, escalation, and disaster declaration responsibilities are not identified or formalized.
    • DRP requirements and capabilities aren’t centralized. Key DRP findings are in multiple documents, complicating governance and oversight by auditors, executives, and board members.
    • Detailed recovery procedures and peripheral information (e.g. network diagrams) are not documented.
    Sample Outputs
    Three to five detailed systems recovery flowcharts/checklists.
    Documented team roles, succession plans, and contact information.
    Notification, assessment, and disaster declaration plan.
    DRP summary.
    Layer 1, 2 & 3 network diagrams.

    Info-Tech Best Practice

    Use this example of a complete, practical, right-size DR plan to drive and guide your efforts.

    Select an optimal DR deployment model and deployment site

    Your DR site has been identified as inadequate:

    • Begin with the end in mind. Commit to mastering the selected model and leverage your vendor relationship for effective DR.
    • Cut to the chase and evaluate the feasibility of cloud first. Gauge your organization’s current capabilities for DR in the cloud before becoming infatuated with the idea.
    • A mixed model gives you the best of both worlds. Diversify your strategy by identifying fit for purpose and balancing the work required to maintain various models.

    Risks and Challenges Mitigated

    • Without an identified DR site, you’ll be scrambling when a disaster hits to find and contract for a location to restore IT services.
    • Without systems and application data backed up offsite, you stand to lose critical business data and logic if all copies of the data at your primary site were lost.
    Sample Outputs
    Application assessment for cloud DR.
    TCO tool for different environments.
    Solution decision and executive presentation.

    Info-Tech Best Practice

    Use Info-Tech’s blueprint, Select the Optimal Disaster Recovery Deployment Model, to help you make sense of a world of choice for your DR site.

    Extend DRP findings to business process resiliency with a BCP pilot

    Integrate your findings from DRP into the overall BCP:

    • As an IT leader you have the skillset and organizational knowledge to lead a BCP project, but ultimately business leaders need to own the BCP – they know their processes and requirements to resume business operations better than anyone else.
    • The traditional approach to BCP is a massive project that most organizations can’t execute without hiring a consultant. To execute BCP in-house, carve up the task into manageable pieces.

    Risks and Challenges Mitigated

    • No formal plan exists to recover from a disruption to critical business processes.
    • Business requirements for IT systems recovery may change following a comprehensive review of business continuity requirements.
    • Outside of core systems recovery, IT could be involved in relocating staff, imaging and issuing new end-user equipment, etc. Identifying these requirements is part of BCP.
    Sample Outputs
    Business process-focused BIA for one business unit.
    Recovery workflows for one business unit.
    Provisioning list for one business unit.
    BCP project roadmap.

    Info-Tech Best Practice

    Use Info-Tech’s blueprint, Develop a Business Continuity Plan, to develop and deploy a repeatable BCP methodology.

    Test the plan to validate capabilities and cross-train staff on recovery procedures

    You don’t have a program to regularly test the DR plan:

    • Most DR tests are focused solely on the technology and not the DR management process – which is where most plans fail.
    • Be proactive – establish an annual test cycle and identify and coordinate resources well in advance.
    • Update DRP documentation with findings from the plan, and track the changes you make over time.

    Risks and Challenges Mitigated

    • Gaps likely still exist in the plan that are hard to find without some form of testing.
    • Customers and auditors may ask for some form of DR testing.
    • Staff may not be familiar with DR documentation or how they can use it.
    • No formal cycle to validate and update the DRP.
    Sample Outputs
    DR testing readiness assessment.
    Testing handbooks.
    Test plan summary template.
    DR test issue log and analysis tool.

    Info-Tech Best Practice

    Uncover deficiencies in your recovery procedures by using Info-Tech’s blueprint Reduce Costly Downtime Through DR Testing.

    “Operationalize” DRP management

    Inject DR planning in key operational processes to support plan maintenance:

    • Major changes, or multiple routine changes, can materially alter DR capabilities and requirements. It’s not feasible to update the DR plan after every routine change, so leverage criticality tiers in the BIA to focus your change management efforts. Critical systems require more rigorous change procedures.
    • Likewise, you can build criticality tiers into more focused project management and performance measurement processes.
    • Schedule regular tasks in your ticketing system to verify capabilities and cross-train staff on key recovery procedures (e.g. backup and restore).

    Risks and Challenges Mitigated

    • DRP is not updated “as needed” – as requirements and capabilities change due to business and technology changes.
    • The DRP is disconnected from day-to-day operations.
    Sample Outputs
    Reviewed and updated change, project, and performance management processes.
    Reviewed and updated internal SLAs.
    Reviewed and updated data protection and backup procedures.

    Review infrastructure service provider DR capabilities

    Insert DR planning in key operational processes to support plan maintenance:

    • Reviewing vendor DR capabilities is a core IT vendor management competency.
    • As your DR requirements change year-to-year, ensure your vendors’ service commitments still meet your DR requirements.
    • Identify changes in the vendor’s service offerings and DR capabilities, e.g. higher costs for additional DR support, new offerings to reduce potential downtime, or conversely, a degradation in DR capabilities.

    Risks and Challenges Mitigated

    • Vendor capabilities haven’t been measured against business requirements.
    • No internal capability exists currently to assess vendor ability to meet promised SLAs.
    • No internal capability exists to track vendor performance on recoverability.
    Sample Outputs
    A customized vendor DRP questionnaire.
    Reviewed vendor SLAs.
    Choose to keep or change service levels or vendor offerings based on findings.

    Phase 4: Insights and accomplishments

    Screenshot of DRP Maturity Assessment Results

    Identified progress against targets

    Screenshot of prioritized further initiatives.

    Prioritized further initiatives

    Screenshot of DRP Planning Roadmap

    Added initiatives to the roadmap

    Summary of Accomplishments

    • Developed a list of high-priority initiatives that can support the extension and maintenance of the DR plan over the long term.
    • Reviewed and update maturity assessments to establish progress and communicate the value of the DR program.

    Summary of accomplishment

    Knowledge Gained

    • Conduct a BIA to determine appropriate targets for RTOs and RPOs.
    • Identify DR projects required to close RTO/RPO gaps and mitigate risks.
    • Use tabletop planning to create and validate an incident response plan.

    Processes Optimized

    • Your DRP process was optimized, from BIA to documenting an incident response plan.
    • Your vendor evaluation process was optimized to identify and assess a vendor’s ability to meet your DR requirements, and to repeat this evaluation on an annual basis.

    Deliverables Completed

    • DRP Maturity Scorecard
    • DRP Business Impact Analysis Tool
    • DRP Roadmap Tool
    • Incident response plan and systems recovery workflow
    • Executive presentation

    Info-Tech’s insights bust the most obstinate myths of DRP

    Myth #1: DRPs need to focus on major events such as natural disasters and other highly destructive incidents such as fire and flood.

    Reality: The most common threats to service continuity are hardware and software failures, network outages, and power outages.

    Myth #2: Effective DRPs start with identifying and evaluating potential risks.

    Reality: DR isn’t about identifying risks; it’s about ensuring service continuity.

    Myth #3: DRPs are separate from day-to-day operations and incident management.

    Reality: DR must be integrated with service management to ensure service continuity.

    Myth #4: I use a co-lo or cloud services so I don’t have to worry about DR. That’s my vendor’s responsibility.

    Reality: You can’t outsource accountability. You can’t just assume your vendor’s DR capabilities will meet your needs.

    Myth #5: A DRP must include every detail so anyone can execute the recovery.

    Reality: IT DR is not an airplane disaster movie. You aren’t going to ask a business user to execute a system recovery, just like you wouldn’t really want a passenger with no flying experience to land a plane.

    Supplement the core documentation with these tools and templates

    • An Excel workbook workbook to track key roles on DR, business continuity, and emergency response teams. Can also track DR documentation location and any hardware purchases required for DR.
    • A questionnaire template and a response tracking tool to structure your investigation of vendor DR capabilities.
    • Integrate escalation with your DR plan by defining incident severity and escalation rules . Use this example as a template or integrate ideas into your own severity definitions and escalation rules in your incident management procedures.
    • A minute-by-minute time-tracking tool to capture progress in a DR or testing scenario. Monitor progress against objectives in real time as recovery tasks are started and completed.

    Next steps: Related Info-Tech research

    Select the Optimal Disaster Recovery Deployment Model Evaluate cloud, co-lo, and on-premises disaster recovery deployment models.

    Develop a Business Continuity Plan Streamline the traditional approach to make BCP development manageable and repeatable.

    Prepare for a DRP Audit Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.

    Document and Maintain Your Disaster Recovery Plan Put your DRP on a diet: keep it fit, trim, and ready for action.

    Reduce Costly Downtime Through DR Testing Improve your DR plan and your team’s ability to execute on it.

    Implement Crisis Management Best Practices An effective crisis response minimizes the impact of a crisis on reputation, profitability, and continuity.

    Research contributors and experts

    • Alan Byrum, Director of Business Continuity, Intellitech
    • Bernard Jones (MBCI, CBCP, CORP, ITILv3), Owner/Principal, B Jones BCP Consulting, LLC
    • Paul Beaudry, Assistant Vice-President, Technical Services, MIS, Richardson International Limited
    • Yogi Schulz, President, Corvelle Consulting

    Glossary

    • Business Continuity Management (BCM) Program: Ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management. (Source: ISO 22301:2012)
    • Business Continuity Plan (BCP): Documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption. The BCP is not necessarily one document, but a collection of procedures and information.
    • Crisis: A situation with a high level of uncertainty that disrupts the core activities and/or credibility of an organization and requires urgent action. (Source: ISO 22300)
    • Crisis Management Team (CMT): A group of individuals responsible for developing and implementing a comprehensive plan for responding to a disruptive incident. The team consists of a core group of decision makers trained in incident management and prepared to respond to any situation.
    • Disaster Recovery Planning (DRP): The activities associated with the continuing availability and restoration of the IT infrastructure.
    • Incident: An event that has the capacity to lead to loss of, or a disruption to, an organization’s operations, services, or functions – which, if not managed, can escalate into an emergency, crisis, or disaster.
    • BCI Editor’s Note: In most countries “incident” and “crisis” are used interchangeably, but in the UK the term “crisis” has been generally reserved for dealing with wide-area incidents involving Emergency Services. The BCI prefers the use of “incident” for normal BCM purposes. (Source: The Business Continuity Institute)

    • Incident Management Plan: A clearly defined and documented plan of action for use at the time of an incident, typically covering the key personnel, resources, services, and actions needed to implement the incident management process.
    • IT Disaster: A service interruption requiring IT to rebuild a service, restore from backups, or activate redundancy at the backup site.
    • Recovery Point: Time elapsed between the last good copy of the data being taken and failure/corruption on the production environment; think of this as data loss.
    • Recovery Point Actual (RPA): The currently achievable recovery point after a disaster event, given existing people, processes, and technology. This reflects expected maximum data loss that could actually occur in a disaster scenario.
    • Recovery Point Objective (RPO): The target recovery point after a disaster event, usually calculated in hours, on a given system, application, or service. Think of this as acceptable and appropriate data loss. RPO should be based on a business impact analysis (BIA) to identify an acceptable and appropriate recovery target.
    • Recovery Time: Time required to restore a system, application, or service to a functional state; think of this as downtime.
    • Recovery Time Actual (RTA): The currently achievable recovery time after a disaster event, given existing people, processes, and technology. This reflects expected maximum downtime that could actually occur in a disaster scenario.
    • Recovery Time Objective (RTO): The target recovery time after a disaster event for a given system, application, or service. RTO should be based on a business impact analysis (BIA) to identify acceptable and appropriate downtime.

    Bibliography

    BCMpedia. “Recovery Objectives: RTO, RPO, and MTPD.” BCMpedia, n.d. Web.

    Burke, Stephen. “Public Cloud Pitfalls: Microsoft Azure Storage Cluster Loses Power, Puts Spotlight On Private, Hybrid Cloud Advantages.” CRN, 16 Mar. 2017. Web.

    Elliot, Stephen. “DevOps and the Cost of Downtime: Fortune 1000 Best Practice Metrics Quantified.” IDC, 2015. Web.

    FEMA. Planning & Templates. FEMA, 2015. Web.

    FINRA. “Business Continuity Plans and Emergency Contact Information.” FINRA, 2015. Web.

    FINRA. “FINRA, the SEC and CFTC Issue Joint Advisory on Business Continuity Planning.” FINRA, 2013. Web.

    Gosling, Mel, and Andrew Hiles. “Business Continuity Statistics: Where Myth Meets Fact.” Continuity Central, 2009. Web.

    Hanwacker, Linda. “COOP Templates for Success Workbook.” The LSH Group, n.d. Web.

    Homeland Security. Federal Information Security Management Act (FISMA). Homeland Security, 2015. Web.

    Nichols, Shaun. “AWS's S3 Outage Was So Bad Amazon Couldn't Get Into Its Own Dashboard to Warn the World.” The Register, 1 Mar. 2017. Web.

    Potter, Patrick. “BCM Regulatory Alphabet Soup.” RSA Archer Organization, 2012. Web.

    Rothstein, Philip Jan. “Disaster Recovery Testing: Exercising Your Contingency Plan.” Rothstein Associates Inc., 2007. Web.

    The Business Continuity Institute. “The Good Practice Guidelines.” The Business Continuity Institute, 2013. Web.

    The Disaster Recovery Journal. “Disaster Resource Guide.” The Disaster Recovery Journal, 2015. Web.

    The Disaster Recovery Journal. “DR Rules & Regulations.” The Disaster Recovery Journal, 2015. Web.

    The Federal Financial Institution Examination Council (FFIEC). Business Continuity Planning. IT Examination Handbook InfoBase, 2015. Web.

    York, Kyle. “Read Dyn’s Statement on the 10/21/2016 DNS DDoS Attack.” Oracle, 22 Oct. 2016. Web.

    2024 Tech Trends

    • Buy Link or Shortcode: {j2store}289|cart{/j2store}
    • member rating overall impact: 10
    • Parent Category Name: Innovation
    • Parent Category Link: /improve-your-core-processes/strategy-and-governance/innovation

    AI has revolutionized the landscape, placing the spotlight firmly on the generative enterprise.

    The far-reaching impact of generative AI across various sectors presents fresh prospects for organizations to capitalize on and novel challenges to address as they chart their path for the future. AI is more than just a fancy auto-complete. At this point it may look like that, but do not underestimate the evolutive power.

    In this year's Tech Trends report, we explore three key developments to capitalize on these opportunities and three strategies to minimize potential risks.

    Generative AI will take the lead.

    As AI transforms industries and business processes, IT and business leaders must adopt a deliberate and strategic approach across six key domains to ensure their success.

    Seize Opportunities:

    • Business models driven by AI
    • Automation of back-office functions
    • Advancements in spatial computing

    Mitigate Risks:

    • Ethical and responsible AI practices
    • Incorporating security from the outset
    • Ensuring digital sovereignty

    Evaluate and Learn From Your Negotiation Sessions More Effectively

    • Buy Link or Shortcode: {j2store}226|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Forty-eight percent of CIOs believe their budgets are inadequate.
    • CIOs and IT departments are getting more involved with negotiations to reduce costs and risk.
    • Confident negotiators tend to be more successful, but even confident negotiators have room to improve.
    • Skilled negotiators are in short supply.

    Our Advice

    Critical Insight

    • Improving your negotiation skills requires more than practice or experience (i.e. repeatedly negotiating).
    • Creating and updating a negotiations lessons-learned library helps negotiators improve and provides a substantial return for the organization.
    • Failure is a great teacher; so is success … but you have to pay attention to indicators, not just results.

    Impact and Result

    Addressing and managing the negotiation debriefing process will help you:

    • Improve negotiation skills.
    • Implement your negotiation strategy more effectively.
    • Improve negotiation results.

    Evaluate and Learn From Your Negotiation Sessions More Effectively Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create and follow a scalable process for preparing to negotiate with vendors, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Negotiations continuing

    This phase will help you debrief after each negotiation session and identify the parts of your strategy that must be modified before your next negotiation session.

    • Evaluate and Learn From Your Negotiation Sessions More Effectively – Phase 1: Negotiations Continuing

    2. Negotiations completed

    This phase will help you conduct evaluations at three critical points after the negotiations have concluded.

    • Evaluate and Learn From Your Negotiation Sessions More Effectively – Phase 2: Negotiations Completed
    [infographic]

    Workshop: Evaluate and Learn From Your Negotiation Sessions More Effectively

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 12 Steps to Better Negotiation Preparation

    The Purpose

    Improve negotiation skills and outcomes; share lessons learned.

    Understand the value of debriefing sessions during the negotiation process.

    Understand how to use the Info-Tech After Negotiations Tool.

    Key Benefits Achieved

    A better understanding of how and when to debrief during the negotiation process to leverage key insights.

    The After Negotiations Tool will be reviewed and configured for the customer’s environment (as applicable).

    Activities

    1.1 Debrief after each negotiation session

    1.2 Determine next steps

    1.3 Return to preparation phase

    1.4 Conduct Post Mortem #1

    1.5 Conduct Implementation Assessment

    1.6 Conduct Post Mortem #2

    Outputs

    Negotiation Session Debrief Checklist and Questionnaire

    Next Steps Checklist

    Discussion

    Post Mortem #1 Checklist & Dashboard

    Implementation Assessment Checklist and Questionnaire

    Post Mortem #2 Checklist & Dashboard

    Demystify Oracle Licensing and Optimize Spend

    • Buy Link or Shortcode: {j2store}136|cart{/j2store}
    • member rating overall impact: 9.9/10 Overall Impact
    • member rating average dollars saved: $85,754 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • License keys are not needed with optional features accessible upon install. Conducting quarterly checks of the Oracle environment is critical because if products or features are installed, even if they are not actively in use, it constitutes use by Oracle and requires a license.
    • Ambiguous license models and definitions abound: terminology and licensing rules can be vague, making it difficult to purchase licensing even with the best of intentions to keep compliant.
    • Oracle has aggressively started to force new Oracle License and Service Agreements (OLSA) on customers that slightly modify language and remove pre-existing allowances to tilt the contract terms in Oracle's favor.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough requirements assessment and document the results. Well-documented license needs will be your core asset in navigating Oracle licensing and negotiating your agreement.
    • Communicate effectively. Be aware that Oracle will reach out to employees at your organization at various levels. Having your executives on the same page will help send a strong message.
    • Manage the relationship. If Oracle is managing you, there is a high probability you are over paying or providing information that may result in an audit.

    Impact and Result

    • Conducting business with Oracle is not typical compared to other vendors. To emerge successfully from a commercial transaction with Oracle, customers must learn the "Oracle way" of conducting business, which includes a best-in-class sales structure, highly unique contracts and license use policies, and a hyper-aggressive compliance function.
    • Map out the process of how to negotiate from a position of strength, examining terms and conditions, discount percentages, and agreement pitfalls.
    • Develop a strategy that leverages and utilizes an experienced Oracle DBA to gather accurate information, and then optimizes it to mitigate and meet the top challenges.

    Demystify Oracle Licensing and Optimize Spend Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your Oracle licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish licensing requirements

    Begin your proactive Oracle licensing journey by understanding which information to gather and assessing the current state and gaps.

    • Demystify Oracle Licensing and Optimize Spend – Phase 1: Establish Licensing Requirements
    • Oracle Licensing Purchase Reference Guide
    • Oracle Database Inventory Tool
    • Effective Licensing Position Tool
    • RASCI Chart

    2. Evaluate licensing options

    Review current licensing models and determine which licensing models will most appropriately fit your environment.

    • Demystify Oracle Licensing and Optimize Spend – Phase 2: Evaluate Licensing Options

    3. Evaluate agreement options

    Review Oracle’s contract types and assess which best fit the organization’s licensing needs.

    • Demystify Oracle Licensing and Optimize Spend – Phase 3: Evaluate Agreement Options
    • Oracle TCO Calculator

    4. Purchase and manage licenses

    Conduct negotiations, purchase licensing, and finalize a licensing management strategy.

    • Demystify Oracle Licensing and Optimize Spend – Phase 4: Purchase and Manage Licenses
    • Oracle Terms & Conditions Evaluation Tool
    • Controlled Vendor Communications Letter
    • Vendor Communication Management Plan
    [infographic]

    Workshop: Demystify Oracle Licensing and Optimize Spend

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Licensing Requirements

    The Purpose

    Assess current state and align goals; review business feedback

    Interview key stakeholders to define business objectives and drivers

    Key Benefits Achieved

    Have a baseline for requirements

    Assess the current state

    Determine licensing position

    Examine cloud options

    Activities

    1.1 Gather software licensing data

    1.2 Conduct a software inventory

    1.3 Perform manual checks

    1.4 Reconcile licenses

    1.5 Create your Oracle licensing team

    1.6 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Copy of your Oracle License Statement

    Software inventory report from software asset management (SAM) tool

    Oracle Database Inventory Tool

    RASCI Chart

    Oracle Licensing Effective License Position (ELP) Template

    Oracle Licensing Purchase Reference Guide

    2 Evaluate Licensing Options

    The Purpose

    Review licensing options

    Review licensing rules

    Key Benefits Achieved

    Understand how licensing works

    Determine if you need software assurance

    Discuss licensing rules, application to current environment.

    Examine cloud licensing

    Understand the importance of documenting changes

    Meet with desktop product owners to determine product strategies

    Activities

    2.1 Review full, limited, restricted, and AST use licenses

    2.2 Calculate license costs

    2.3 Determine which database platform to use

    2.4 Evaluate moving to the cloud

    2.5 Examine disaster recovery strategies

    2.6 Understand purchasing support

    2.7 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    3 Evaluate Agreement Options

    The Purpose

    Review contract option types

    Review vendors

    Key Benefits Achieved

    Understand why a type of contract is best for you

    Determine if ULA or term agreement is best

    The benefits of other types and when you should change

    Activities

    3.1 Prepare to sign or renew your ULA

    3.2 Decide on an agreement type that nets the maximum benefit

    Outputs

    Type of contract to be used

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    4 Purchase and Manage Licenses

    The Purpose

    Finalize the contract

    Prepare negotiation points

    Discuss license management

    Evaluate and develop a roadmap for future licensing

    Key Benefits Achieved

    Negotiation strategies

    Licensing management

    Introduction of SAM

    Leverage the work done on Oracle licensing to get started on SAM

    Activities

    4.1 Control the flow of communication terms and conditions

    4.2 Use Info-Tech’s readiness assessment in preparation for the audit

    4.3 Assign the right people to manage the environment

    4.4 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Controlled Vendor Communications Letter

    Vendor Communication Management Plan

    Oracle Terms & Conditions Evaluation Tool

    RASCI Chart

    Oracle Licensing Purchase Reference Guide

    Embed Security Into the DevOps Pipeline

    • Buy Link or Shortcode: {j2store}265|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $31,515 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Secure Cloud & Network Architecture
    • Parent Category Link: /secure-cloud-network-architecture
    • Your organization is starting its DevOps journey and is looking to you for guidance on how to ensure that the outcomes are secure.
    • Or, your organization may have already embraced DevOps but left the security team behind. Now you need to play catch-up.

    Our Advice

    Critical Insight

    • Shift security left. Identify opportunities to embed security earlier in the development pipeline.
    • Start with minimum viable security. Use agile methodologies to further your goals of secure DevOps.
    • Treat “No” as a finite resource. The role of security must transition from that of naysayer to a partner in finding the way to “Yes.”

    Impact and Result

    • Leverage the CLAIM (Culture, Learning, Automation, Integration, Measurement) Framework to identify opportunities to close the gaps.
    • Collaborate to find new ways to shift security left so that it becomes part of development rather than an afterthought.
    • Start with creating minimum viable security by developing a DevSecOps implementation strategy that focuses initially on quick wins.

    Embed Security Into the DevOps Pipeline Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should secure the DevOps pipeline, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify opportunities

    Brainstorm opportunities to secure the DevOps pipeline using the CLAIM Framework.

    • Embed Security Into the DevOps Pipeline – Phase 1: Identify Opportunities

    2. Develop strategy

    Assess opportunities and formulate a strategy based on a cost/benefit analysis.

    • Embed Security Into the DevOps Pipeline – Phase 2: Develop Strategy
    • DevSecOps Implementation Strategy Template
    [infographic]

    2021 CIO Priorities Report

    • Buy Link or Shortcode: {j2store}83|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • It is a new year, but the challenges of 2020 remain: COVID-19 infection rates continue to climb, governments continue to enforce lockdown measures, we continue to find ourselves in the worst economic crisis since the Great Depression, and civil unrest grows in many democratic societies.
    • At the start of 2020, no business leader predicted the disruption that was to come. This left IT in a reactive but critical role as the health crisis hit. It was core to delivering the organization’s products and services, as it drove the radical shift to work-from-home.
    • For the year ahead, IT will continue to serve a critical function in uncertain times. However, unlike last year, CIOs can better prepare for 2021. That said, in the face of the uncertainty and volatility of the year ahead, what they need to prepare for is still largely undefined.
    • But despite the lack of confidence on knowing specifically what is to come, most business leaders will admit they need to get ready for it. This year’s priority report will help.

    Our Advice

    Critical Insight

    • “Resilience” is the theme for this year’s CIO Priorities Report. In this context, resilience is about building up the capacity and the capabilities to effectively respond to emergent and unforeseen needs.
    • Early in 2021 is a good time to develop resilience in several different areas. As we explore in this year’s Report, CIOs can best facilitate enterprise resilience through strategic financial planning, proactive risk management, effective organizational change management and capacity planning, as well as through remaining tuned into emergent technologies to capitalize on innovations to help weather the uncertainty of the year ahead.

    Impact and Result

    • Use Info-Tech’s 2021 CIO Priorities Report to prepare for the uncertainty of the year ahead. Across our five priorities we provide five avenues through which CIOs can demonstrate resilient planning, enabling the organization as a whole to better confront what’s coming in 2021.
    • Each of our priorities is backed up by a “call to action” that will help CIOs start to immediately implement the right drivers of resilience for their organization.
    • By building up resilience across our five key areas, CIOs will not only be able to better prepare for the year to come, but also strengthen business relations and staff morale in difficult times.

    2021 CIO Priorities Report Research & Tools

    Read the 2021 CIO Priorities Report

    Use Info-Tech’s 2021 CIO Priorities Report to prepare for the uncertainty of the year ahead. Across our five priorities we provide five avenues through which CIOs can demonstrate resilient planning, enabling the organization as a whole to better confront what’s coming in 2021.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an appropriate budget reserve

    Identifying and planning sources of financial contingency will help ensure CIOs can meet unforeseen and emergent operational and business needs throughout the year.

    • 2021 CIO Priorities Report: Priority 1 – Create an Appropriate Budget Reserve

    2. Refocus IT risk planning

    The start of 2021 is a time to refocus and redouble IT risk management and business continuity planning to bring it up to the standards of our “new normal.” Indeed, if last year taught us anything, it’s that no “black swan” should be off the table in terms of scenarios or possibilities for business disruption.

    • 2021 CIO Priorities Report: Priority 2 – Refocus IT Risk Planning

    3. Strengthen organizational change management capabilities

    At its heart, resilience is having the capacity to deal with unexpected change. Organizational change management can help build up this capacity, providing the ability to strategically plot known changes while leaving some capacity to absorb the unknowns as they present themselves.

    • 2021 CIO Priorities Report: Priority 3 – Strengthen Organizational Change Management Capabilities

    4. Establish capacity awareness

    Capacity awareness facilitates resilience by providing capital in the form of resource data. With this data, CIOs can make better decisions on what can be approved and when it can be scheduled for.

    • 2021 CIO Priorities Report: Priority 4 – Establish Capacity Awareness

    5. Keep emerging technologies in view

    Having an up-to-date view of emerging technologies will enable the resilient CIO to capitalize on and deploy leading-edge innovations as the business requires.

    • 2021 CIO Priorities Report: Priority 5 – Keep Emerging Technologies in View
    [infographic]

    Improve Service Desk Ticket Queue Management

    • Buy Link or Shortcode: {j2store}492|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Service desk tickets pile up in the queue, get lost or buried, jump between queues without progress, leading to slow response and resolution times, a seemingly insurmountable backlog and breached SLAs.
    • There are no defined rules or processes for how tickets should be assigned and routed and technicians don’t know how to prioritize their assigned work, meaning tickets take too long to get to the right place and aren’t always resolved in the correct or most efficient order.
    • Nobody has authority or accountability for queue management, meaning everyone has eyes only on their own tickets while others fall through the cracks.

    Our Advice

    Critical Insight

    If everybody is managing the queue, then nobody is. Without clear ownership and accountability over each and every queue, then it becomes too easy for everyone to assume someone else is handling or monitoring a ticket when in fact nobody is. Assign a Queue Manager to each queue and ensure someone is responsible for monitoring ticket movement across all the queues.

    Impact and Result

    • Clearly define your queue structure, organize the queues by content, then assign resources to relevant queues depending on their role and expertise.
    • Define and document queue management processes, from initial triage to how to prioritize work on assigned tickets. Once processes have been defined, identify opportunities to build in automation to improve efficiency.
    • Ensure everyone who handles tickets is clear on their responsibilities and establish clear ownership and accountability for queue management.

    Improve Service Desk Ticket Queue Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Ticket Queue Management Deck – A guide to service desk ticket queue management best practices and advice

    This storyboard reviews the top ten pieces of advice for improving ticket queue management at the service desk.

    • Improve Service Desk Ticket Queue Management Storyboard

    2. Service Desk Queue Structure Template – A template to help you map out and optimize your service desk ticket queues

    This template includes several examples of service desk queue structures, followed by space to build your own model of your optimal service desk queue structure and document who is assigned to each queue and responsible for managing each queue.

    • Service Desk Queue Structure Template
    [infographic]

    Further reading

    Improve Service Desk Ticket Queue Management

    Strong queue management is the foundation to good customer service

    Analyst Perspective

    Secure your foundation before you start renovating.

    Service Desk and IT leaders who are struggling with low efficiency, high backlogs, missed SLAs, and poor service desk metrics often think they need to hire more resources or get a new ITSM tool with better automation and AI capabilities. However, more often than not, the root cause of their challenges goes back to the fundamentals.

    Strong ticket queue management processes are critical to the success of all other service desk processes. You can’t resolve incidents and fulfill service requests in time to meet SLAs without first getting the ticket to the right place efficiently and then managing all tickets in the queue effectively. It sounds simple, but we see a lot of struggles around queue management, from new tickets sitting too long before being assigned, to in-progress tickets getting buried in favor of easier or higher-priority tickets, to tickets jumping from queue to queue without progress, to a seemingly insurmountable backlog.

    Once you have taken the time to clearly structure your queues, assign resources, and define your processes for routing tickets to and from queues and resolving tickets in the queue, you will start to see response and resolution time decrease along with the ticket backlog. However, accountability for queue management is often overlooked and is really key to success.
    This is an image of Dr. Natalie Sansone, Senior Research Analyst at Info-Tech Research Group

    Natalie Sansone, PhD
    Senior Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Tickets come into the service desk via multiple channels (email, phone, chat, portal) and aren’t consolidated into a single queue, making it difficult to know what to prioritize.
    • New tickets sit in the queue for too long before being assigned while assigned tickets sit for too long without progress or in the wrong queue, leading to slow response and resolution times.
    • Tickets quickly pile up in the queues, get lost or buried, or jump between queues without finding the right home, leading to a seemingly insurmountable backlog and breached SLAs.

    Common Obstacles

    • All tickets pile into the same queue, making it difficult to view, manage, or know who’s working on what.
    • There are no defined rules or processes for how tickets should be assigned and routed, meaning they often take too long to get to the right place.
    • Technicians have no guidelines as to how to prioritize their work, and no easy way to organize their tickets or queue to know what to work on next.
    • Nobody has authority or accountability for queue management, meaning everyone has eyes only on their own tickets while others fall through the cracks.

    Info-Tech’s Approach

    • Clearly define your queue structure, organize the queues by content, then assign resources to relevant queues depending on their role and expertise.
    • Define and document queue management processes, from initial triage to how to prioritize work on assigned tickets. Ensure everyone who handles tickets is clear on their responsibilities.
    • Establish clear ownership and accountability for queue management.
    • Once processes have been defined, identify opportunities to build in automation to improve efficiency.

    Info-Tech Insight

    If everybody is managing the queue, then nobody is. Without clear ownership and accountability over each and every queue it becomes too easy for everyone to assume someone else is handling or monitoring a ticket when in fact nobody is. Assign a Queue Manager to each queue and ensure someone is responsible for monitoring ticket movement across all the queues.

    Timeliness is essential to customer satisfaction

    And timeliness can’t be achieved without good queue management practices.

    As soon as that ticket comes in, the clock starts ticking…

    A host of different factors influence service desk response time and resolution time, including process optimization and documentation, workflow automation, clearly defined prioritization and escalation rules, and a comprehensive and easily accessible knowledgebase.

    However, the root cause of poor response and resolution time often comes down to the basics like ticket queue management. Without clearly defined processes and ownership for assigning and actioning tickets from the queue in the most effective order and manner, customer satisfaction will suffer.

    For every 12-hour delay in response time*, CSAT drops by 9.6%.

    *to email and web support tickets
    Source: Freshdesk, 2021

    A Freshworks analysis of 107 million service desk interactions found the relationship between CSAT and response time is stronger than resolution time - when customers receive prompt responses and regular updates, they place less value on actual resolution time.

    A queue is simply a line of people (or tickets) waiting to be helped

    When customers reach out to the service desk for help, their messages are converted into tickets that are stored in a queue, waiting to be actioned appropriately.

    Ticket Queue

    Email/web
    Ideally, the majority of tickets come into the ticket queue through email or a self-service portal, allowing for appropriate categorization, prioritization, and assignment.

    Phone
    For IT teams with a high volume of support requests coming in through the phone, reducing wait time in queue may be a priority.

    Chat
    Live chat is growing in popularity as an intake method and may require routing and distribution rules to prevent long or multiple queues.

    Queue Management

    Queue management is a set of processes and tools to direct and monitor tickets or manage ticket flow. It involves the following activities:

    • Review incoming tickets
    • Categorize and prioritize tickets
    • Route or assign appropriately
    • View or update ticket status
    • Monitor resource workload
    • Ensure tickets are being actioned in time
    • Proactively identify SLA breaches

    Ineffective queue management can bury you in backlog

    Ticket backlog with poor queue management

    Without a clear and efficient process or accountability for moving incoming tickets to the right place, tickets will be worked on randomly, older tickets will get buried, the backlog will grow, and SLAs will be missed.

    Ticket backlog with good queue management

    With effective queue management and ownership, tickets are quickly assigned to the right resource, worked on within the appropriate SLO/SLA, and actively monitored, leading to a more manageable backlog and good response and resolution times.

    A growing backlog will quickly lead to dissatisfied end users and staff

    Failing to efficiently move tickets from the queue or monitor tickets in the queue can quickly lead to tickets being buried and support staff feeling buried in tickets.

    Common challenges with queue management include:

    • Tickets come in through multiple channels and aren’t consolidated into a single queue
    • New tickets sit unassigned for too long, resulting in long response times
    • Tickets move around between multiple queues with no clear ownership
    • Assigned tickets sit too long in a queue without progress and breach SLA
    • No accountability for queue ownership and monitoring
    • Technicians cherry pick the easiest tickets from the queue
    • Technicians have no easy way to organize their queue to know what to work on next

    This leads to:

    • Long response times
    • Long resolution times
    • Poor workload distribution and efficiency
    • High backlog
    • Disengaged, frustrated staff
    • Dissatisfied end users

    Info-Tech Insight

    A growing backlog will quickly lead to frustrated and dissatisfied customers, causing them to avoid the service desk and seek alternate methods to get what they need, whether going directly to their favorite technician or their peers (otherwise known as shadow IT).

    Dig yourself out with strong queue management

    Strong queue management is the foundation to good customer service.

    Build a mature ticket queue management process that allows your team to properly prioritize, assign, and work on tickets to maximize response and resolution times.

    A mature queue management process will:

    • Reduce response time to address tickets.
    • Effectively prioritize tickets and ensure everyone knows what to work on next.
    • Ensure tickets get assigned and routed to the right queue and/or resource efficiently.
    • Reduce overall resolution time to resolve tickets.
    • Enable greater accountability for queue management and monitoring of tickets.
    • Improve customer and employee satisfaction.

    As queue management maturity increases:
    Response time decreases
    Resolution time decreases
    Backlog decreases
    End-user satisfaction increases

    Ten Tips to Effectively Manage Your Queue

    The remaining slides in this deck will review these ten pieces of advice for designing and managing your ticket queues effectively and efficiently.

    1. Define your optimal queue structure
    2. Design and assign resources to relevant queues
    3. Define and document queue management processes
    4. Clearly define queue management responsibilities for every team member
    5. Establish clear ownership & accountability over all queues
    6. Always keep ticket status and documentation up to date
    7. Shift left to reduce queue volume
    8. Build-in automation to improve efficiency
    9. Configure your ITSM tool to support and optimize queue management processes
    10. Don’t lose visibility of the backlog

    #1: Define your optimal queue structure

    There is no one right way to do queue management; choose the approach that will result in the highest value for your customers and IT staff.

    Sample queue structures

    This is an image of a sample Queue structure, where Incoming Tickets from all channels pass through auto or manual Queue assignment, to a numbered queue position.

    *Queues may be defined by skillset, role, ticket category, priority, or a hybrid.

    Triage and Assign

    • All incoming tickets are assigned to an appropriate queue based on predefined criteria.
    • Queue assignment may be done through automated workflows based on specific fields within the ticket, or manually by a
    • Queue Manager, dedicated coordinator, or Tier 1 staff.
    • Queues may be defined based on:
      • Skillset/team (e.g. Infrastructure, Security, Apps, etc.)
      • Ticket category (e.g. Network, Office365, Hardware, etc.)
      • Priority (e.g. P1, P2, P3, P4, P5)
    • Resources may be assigned to multiple queues.

    Define your optimal queue structure (cont.)

    Tiered generalist model

    • All incidents and service requests are routed to Tier 1 first, who prioritize and, if appropriate, conduct initial triage, troubleshooting, and resolution on a wide range of issues.
    • More complex or high-priority tickets are escalated to resources at Tier 2 and/or Tier 3, who are specialists working on projects in addition to support tickets.
    This is an image of the Tiered Generalist Model

    Unassigned queue

    • Very small teams may work from an unassigned queue if there are processes in place to monitor tickets and workload balance.
    • Typically, these teams work by resolving the oldest tickets first regardless of complexity (also known as First In, First Out or FIFO). However, this doesn’t allow for much flexibility in terms of priority of the request or customer.
    This is an image of an unassigned queue model

    #2: Design and assign resources to relevant queues

    Once you’ve defined your overall structure, define the content of each queue.

    This image depicts a sample queue organization structure. The bin titles are: Workgroup; Customer Group; Problem Type; and Hybrid

    Info-Tech Insight

    Start small; don’t create a queue for every possible ticket type. Remember that someone needs to be accountable for each of these queues, so only build what you can monitor.

    #3 Define and document queue management processes

    A clear, comprehensive, easily digestible SOP or workflow outlining the steps for handling new tickets and working tickets from the queue will help agents deliver a consistent experience.

    PROCESS INCLUDES:

    DEFINE THE FOLLOWING:

    TRIAGING INCOMING TICKETS

    • Ensure a ticket is created for every issue coming from every channel (e.g. phone, email, chat, walk-in, portal).
    • Assign a priority to each ticket.
    • Categorize ticket and add any necessary documentation
    • Update ticket status.
    • Delete spam, merge duplicate tickets, clean up inbox.
    • Assign tickets to appropriate queue or resource, escalate when necessary.
    • How should tickets be prioritized?
    • How should tickets from each channel be prioritized and routed? (e.g. are phone calls resolved right away? Are chats responded to immediately?)
    • Criteria that determine where a ticket should be sent or assigned (i.e. ticket category, priority, customer type).
    • How should VIP tickets be handled?
    • When should tickets be automatically escalated?
    • Which tickets require hierarchical escalation (i.e. to management)?

    WORKING ON ASSIGNED TICKETS

    • Continually update ticket status and documentation.
    • Assess which tickets should be worked on or completed ahead of others.
    • Troubleshoot, resolve, or escalate tickets.
    • In what order should tickets be worked on (e.g. by priority, by age, by effort, by time to breach)?
    • How long should a ticket be worked on without progress before it should be escalated to a different tier or queue?
    • Exceptions to the rule (e.g. in which circumstances should a lower priority ticket be worked on over a higher priority ticket).

    Process recommendations

    As you define queue management processes, keep the following advice in mind:

    Rotate triage role

    The triage role is critical but difficult. Consider rotating your Tier 1 resources through this role, or your service desk team if you’re a very small group.

    Limit and prioritize channels

    You decide which channels to enable and prioritize, not your users. Phone and chat are very interrupt-driven and should be reserved for high-priority issues if used. Your users may not understand that but can learn over time with training and reinforcement.

    Prioritize first

    Priority matrixes are necessary for consistency but there are always circumstances that require judgment calls. Think about risk and expected outcome rather than simply type of issue alone. And if the impact is bigger than the initial classification, change it.

    Define VIP treatment

    In some organizations, the same issue can be more critical if it happens to a certain user role (e.g. client facing, c-suite). Identify and flag VIP users and clearly define how their tickets should be prioritized.

    Consider time zone

    If users are in different time zones, take their current business hours into account when choosing which ticket to work on.

    Info-Tech Insight

    Think of your service desk as an emergency room. Patients come in with different symptoms, and the triage nurse must quickly assess these symptoms to decide who the patient should see and how soon. Some urgent cases will need to see the doctor immediately, while others can wait in another queue (the waiting room) for a while before being dealt with. Some cases who come in through a priority channel (e.g. ambulance) may jump the queue. Checklists and criteria can help with this decision making, but some degree of judgement is also required and that comes with experience. The triage role is sometimes seen as a junior-level role, but it actually requires expertise to be done well.

    For more detailed process guidance, see Standardize the Service Desk

    Info-Tech’s blueprint Standardize the Service Desk will help you standardize and document core service desk processes and functions, including:

    • Service desk structure, roles, and responsibilities
    • Metrics and reporting
    • Ticket handling and ticket quality
    • Incident and critical incident management
    • Ticket categorization
    • Prioritization and escalation
    • Service request fulfillment
    • Self-service considerations
    • Building a knowledgebase
    this image contains three screenshots from Info-Tech's Standardize the Service Desk Blueprint

    #4 Clearly define queue management responsibilities for every team member

    This may be one of the most critical yet overlooked keys to queue management success. Define the following:

    Who will have overall accountability?

    Someone must be responsible for monitoring all incoming and open tickets as well as assigned tickets in every queue to ensure they are routed and fulfilled appropriately. This person must have authority to view and coordinate all queues and Queue Managers.

    Who will manage each queue?

    Someone must be responsible for managing each queue, including assigning resources, balancing workload, and ensuring SLOs are met for the tickets within their queue. For example, the Apps Manager may be the Queue Manager for all tickets assigned to the Apps team queue.

    Who is responsible for assigning tickets?

    Will you have a triage team who monitors and assigns all incoming tickets? What are their specific responsibilities (e.g. prioritize, categorize, attempt troubleshooting, assign or escalate)? If not, who is responsible for assigning new tickets and how is this done? Will the triage role be a rotating role, and if so, what will the schedule be?

    What are everyone’s responsibilities?

    Everyone who is assigned tickets should understand the ticket handling process and their specific responsibilities when it comes to queue management.

    #5 Establish clear ownership & accountability over all queues

    If everyone is accountable, then no one is accountable. Ownership for each queue and all queues must be clearly designated.

    You may have multiple queue manager roles: one for each queue, and one who has visibility over all the queues. Typically, these roles make up only part of an individual’s job. Clearly define the responsibilities of the Queue Manager role; sample responsibilities are on the right.

    Info-Tech Insight

    Lack of authority over queues – especially those outside Tier 1 of the service desk – is one of the biggest pitfalls we see causing aging tickets and missed SLAs. Every queue needs clear ownership and accountability with everyone committed to meeting the same SLOs.

    The Queue Manager or Coordinator is accountable for ensuring tickets are routed to the correct resources service level objectives or agreements are met.

    Specific responsibilities may include:

    • Monitors queues daily
    • Ensures new tickets are assigned to appropriate resources for resolution
    • Verifies tickets have been routed and assigned correctly and reroutes if necessary
    • Reallocates tickets if assigned resource is suddenly unavailable or away
    • Ensures ticket handling process is met, ticket status is up to date and correct, and ticket documentation is complete
    • Escalates tickets that are aging or about to breach
    • Ensures service level objectives or agreements are met
    • Facilitates resource allocation based on workload
    • Coordinates tickets that require collaboration across workgroups to ensure resolution is achieved within SLA
    • Associates child and parent tickets
    • Prepares reports on ticket status and volume by queues
    • Regularly reviews reports to identify and act on issues and make improvements or changes where needed
    • Identifies opportunities for improvement

    #6 Always keep ticket status and documentation up to date

    Anyone should be able to quickly understand the status and progress on a ticket without needing to ask the technician working on it. This means both the ticket status and documentation must be continually and accurately updated.

    Ticket Documentation
    Ticket descriptions and documentation must be kept accurate and up to date. This ensures that if the ticket is escalated or assigned to a new person, or the Queue Manager or Service Desk Manager needs to know what progress has been made on a ticket, that person doesn’t need to waste time with back-and-forth communication with the technician or end user.

    Ticket Status
    The ticket status field should change as the ticket moves toward resolution, and must be updated every time the status changes. This ensures that anyone looking at the ticket queue can quickly learn and communicate the status of a ticket, tickets don’t get lost or neglected, metrics are accurate (such as time to resolve), and SLAs are not impacted if a ticket is on hold.

    Common ticket statuses include:

    • New/open
    • Assigned
    • In progress
    • Declined
    • Canceled
    • Pending/on hold
    • Resolved
    • Closed
    • Reopened

    For more guidance on ticket handling and documentation, download Info-Tech’s blueprint: Standardize the Service Desk.

    • For ticket handling and documentation, see Step 1.4
    • For ticket status fields, see Step 2.2.

    #7 Shift left to reduce queue volume

    Enable processes such as knowledge management, self-service, and problem management to prevent tickets from even coming into the queue.

    Shift left means enabling fulfilment of repeatable tasks and requests via faster, lower-cost delivery channels, self-help tools, and automation.

    This image contains a graph, where the Y axis is labeled Cost, and the X axis is labeled Time to Resolve.  On the graph are depicted service desk levels 0, 1, 2, and 3.

    Shift to Level 1

    • Identify tickets that are often escalated beyond Tier 1 but could be resolved by Level 1 if they were given the tools, training, resources, or access they need to do so.
    • Provide tools to succeed at resolving those defined tasks (e.g. knowledge article, documentation, remote tools).
    • Embed knowledge management in resolution workflows.

    Shift to End User

    • Build a centralized, easily accessible self-service portal where users can search for solutions to resolve their issues without having to submit a ticket.
    • Communicate and train users on how to use the portal regularly update and improve it.

    Automate & Eliminate

    • Identify processes or tasks that could be automated to eliminate work.
    • Invest in problem management and event management to fix the root problem of recurring issues and prevent a problem from occurring in the first place, thereby preventing future tickets.

    #8 Build in automation to improve efficiency

    Manually routing every ticket can be time-consuming and prone to errors. Once you’ve established the process, automate wherever possible.

    Automation rules can be used to ensure tickets are assigned to the right person or queue, to alert necessary parties when a ticket is about to breach or has breached SLA, or to remind technicians when a ticket has sat in a queue or at a particular status for too long.

    This can improve efficiency, reduce error, and bring greater visibility to both high-priority tickets and aging tickets in the backlog.

    However, your processes, queues, and responsibilities must be clearly defined before you can build in automation.

    For more guidance on implementing automation and AI within your service desk, see these blueprints:

    https://tymansgrpup.com/research/ss/accelerate-your-automation-processes https://tymansgrpup.com/research/ss/improve-it-operations-with-ai-and-ml

    For examples of rules, triggers, and fields you can automate to improve the efficiency of your queue management processes, see the next slide.

    Sample automation rules

    Criteria or triggers you can automate actions based on:

    • Ticket type
    • Specific field in a ticket web form
    • Ticket form that was used (e.g. specific service request form from the portal)
    • Ticket category
    • Ticket priority
    • Keyword in an email subject line
    • Keywords or string in a chat
    • Requester name or email
    • Requester location
    • Requester/ticket language
    • Requester VIP status
    • Channel ticket was received through
    • SLAs or time-based automations
    • Agent skill
    • Agent status or capacity

    Fields or actions those triggers can automate

    • Priority
    • Category
    • Ticket routing
    • Assigned agent
    • Assigned queue
    • SLA/due date
    • Notifications/communication

    Sample Automation Rules

    • When ticket is about to breach, send alert to Queue Manager and Service Desk Manager.
    • When ticket comes from VIP user, set urgency to high.
    • When ticket status has been set to “open” for ten hours, send an alert to Queue Manager.
    • When ticket status has been set to “on hold” for five days, send a reminder to assignee.
    • When ticket is categorized as “Software-ERP,” send to ERP queue.
    • When ticket is prioritized as P1/critical, send alert to emergency response team.
    • When ticket is prioritized as P1 and hasn’t been updated for one hour, send an alert to Incident Manager.
    • When an in-progress ticket is reassigned to a new queue, alert Queue Manager.
    • When ticket has not been resolved within seven days, flag as aging ticket.

    #9 Configure your ITSM tool to support and optimize queue management processes

    Configure your tool to support your needs; don’t adjust your processes to match the tool.

    • Most ITSM tools have default queues out of the box and the option to create as many custom queues, filters, and views as you need. Custom queues should allow you to name the queue, decide which tickets will be sent to the queue, and what columns or information are displayed in the queue.
    • Before you configure your queues and dashboards, sit down with your team to decide what you need and what will best enable each agent to manage their workload.
    • Decide which queues each role should have access to – most should only need to see their own queue and their team’s queue.
    • Configure which queues or views new tickets will be sent to.
    • Configure automation rules defined earlier (e.g. automate sending certain tickets to specific queues or sending notifications to specific parties when certain conditions are met).
    • Configure dashboards and reports on queue volume and ticket status data relevant to each team to help them manage their workload, increase visibility, and identify issues or actions.

    Info-Tech Insight

    It can be overwhelming to support agents when their view is a long and never-ending queue. Set the default dashboard view to show only those tickets assigned to the viewer to make it appear more manageable and easier to organize.

    Configure queues to maximize productivity

    Info-Tech Insight

    The queue should quickly give your team all the information they need to prioritize their work, including ticket status, priority, category, due date, and updated timestamps. Configuration is important - if it’s confusing, clunky, or difficult to filter or sort, it will impact response and resolution times and can lead to missed tickets. Give your team input into configuration and use visuals such as color coding to help agents prioritize their work – for example, VIP tickets may be clearly flagged, critical or high priority tickets may be highlighted, tickets about to breach may be red.

    this image contains a sample queue organization which demonstrates how to maximize productivity

    #10 Don’t lose visibility of the backlog

    Be careful not to focus so much on assigning new tickets that you forget to update aging tickets, leading to an overwhelming backlog and dissatisfied users.

    Track metrics that give visibility into how quickly tickets are being resolved and how many aging tickets you have. Metrics may include:

    • Ticket resolution time by priority, by workgroup
    • Ticket volume by status (i.e. open, in progress, on hold, resolved)
    • Ticket volume by age
    • Ticket volume by queue and assignee

    Regularly review reports on these metrics with the team.

    Make it an agenda item to review aging tickets, on hold tickets, and tickets about to breach or past breach with the team.

    Take action on aging tickets to ensure progress is being made.

    Set rules to close tickets after a certain number of attempts to reach unresponsive users (and change ticket status appropriately).

    Schedule times for your team to tackle aged tickets or tickets in the backlog.

    Info-Tech Insight

    It can be easy for high priority work to constantly push down low priority work, leaving the lower priority tickets to constantly be ignored and users to be frustrated. If you’re struggling with aging tickets, backlog, and tickets breaching SLA, experiment with your team and queue structure to figure out the best resource distribution to handle your workload. This could mean rotating people through the triage role to allow them time to work through the backlog, reducing the number of people doing triage during slower volume periods, or giving technicians dedicated time to work through tickets. For help with forecasting demand and optimizing resources, see Staff the Service Desk to Meet Demand.

    Activity 1.1: Define ticket queues

    1 hour

    Map out your optimal ticket queue structure using the Service Desk Queue Structure Template. Follow the instructions in the template to complete it as a team.

    The template includes several examples of service desk queue structures followed by space to build your own model of an optimal service desk queue structure and to document who is assigned to each queue and responsible for managing each queue.

    Note:

    The template is not meant to map out your entire service desk structure (e.g. tiers, escalation paths) or ticket resolution process, but simply the ticket queues and how a ticket moves between queues. For help documenting more detailed process workflows or service desk structure, see the blueprint Standardize the Service Desk.

    this image contains screenshot from Info-Tech's blueprint: Service Desk Queue structure Template

    Input

    • Current queue structure and roles

    Output

    • Defined service desk ticket queues and assigned responsibilities

    Materials

    • Org chart
    • ITSM tool for reference, if needed

    Participants

    • Service Desk Manager
    • IT Director
    • Queue Managers

    Document in the Service Desk Queue Structure Template.

    Related Info-Tech Research

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes including incident management, request fulfillment, and knowledge management to create a sustainable service desk.

    Optimize the Service Desk With a Shift-Left Strategy

    This project will help you build a strategy to shift service support left to optimize your service desk operations and increase end-user satisfaction.

    Improve Service Desk Ticket Intake

    This project will help you streamline your ticket intake process and identify improvements to your intake channels.

    Staff the Service Desk to Meet Demand

    This project will help you determine your optimal service desk structure and staffing levels based on your unique environment, workload, and trends.

    Works Cited

    “What your Customers Really Want.” Freshdesk, 31 May 2021. Accessed May 2022.

    Leading Through Uncertainty Workshop Overview

    • Buy Link or Shortcode: {j2store}474|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $123,999 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Leadership Development Programs
    • Parent Category Link: /leadership-development-programs

    As the world around us changes there is a higher risk that IT productivity and planned priorities will be derailed.

    Our Advice

    Critical Insight

    To meet the challenges of uncertainty head on IT leaders must adapt so their employees are supported and IT departments continue to operate successfully.

    Impact and Result

    • Clearly define and articulate the current and future priorities to provide direction and cultivate hope for the future.
    • Recognize and manage your own reactions to be conscious of how you are showing up and the perceptions others may have.
    • Incorporate the 4Cs of Leading Through Uncertainty into your leadership practice to make sense of the situation and lead others through it.
    • Build tactics to connect with your employees that will ensure employee engagement and productivity.

    Leading Through Uncertainty Workshop Overview Research & Tools

    Start here – read the Workshop Overview

    Read our concise Workshop Overview to find out how this program can support IT leaders when managing teams through uncertain times.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Leading Through Uncertainty (LTU) Workshop Overview
    [infographic]

    Switching Software Vendors Overwhelmingly Drives Increased Satisfaction

    • Buy Link or Shortcode: {j2store}612|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation

    Organizations risk being locked in a circular trap of inertia from auto-renewing their software. With inertia comes complacency, leading to a decrease in overall satisfaction. Indeed, organizations are uniformly choosing to renew their software – even if they don’t like the vendor!

    Our Advice

    Critical Insight

    Renewal is an opportunity cost. Switching poorly performing software substantially drives increased satisfaction, and it potentially lowers vendor costs in the process. To realize maximum gains, it’s essential to have a repeatable process in place.

    Impact and Result

    Realize the benefits of switching by using Info-Tech’s five action steps to optimize your vendor switching processes:

    1. Identify switch opportunities.
    2. Evaluate your software.
    3. Build the business case.
    4. Optimize selection method.
    5. Plan implementation.

    Switching Software Vendors Overwhelmingly Drives Increased Satisfaction Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Why you should consider switching software vendors

    Use this outline of key statistics to help make the business case for switching poorly performing software.

    • Switching Existing Software Vendors Overwhelmingly Drives Increased Satisfaction Storyboard

    2. How to optimize your software vendor switching process

    Optimize your software vendor switching processes with five action steps.

    [infographic]

    Review Your Application Strategy

    • Buy Link or Shortcode: {j2store}82|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Over 80% of CXOs experience frustration with IT’s failure to deliver business value.
    • Sixty percent of CEOs believe that improvement is required around IT’s understanding of business goals.
    • Sixty percent of IT professionals know there is an opportunity to run applications more efficiently, eliminating wasteful or low-value activities.

    Our Advice

    Critical Insight

    • Organizations need to better align their application strategy with their business strategy as they proceed through tactical initiatives.
    • Application strategies provide guidance on how they will help the organization survive and thrive.

    Impact and Result

    Aligning your business with applications through your strategy will not only increase business satisfaction but also help to ensure you’re delivering applications that enable the organization’s goals.

    Review Your Application Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should have an application strategy and why you should use Info-Tech’s approach to review it. Learn how we can support you in completing this strategy and review.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review your strategy

    This review guide provides organizations with a detailed assessment of their application strategy, ensuring that the applications enable the business strategy so that the organization can be more effective.The assessment provides criteria and exercises to provide actionable outcomes.

    • Application Strategy Assessment Tool
    • Application Strategy Action Plan Report Template
    • Application Strategy Sample Action Plan Report
    [infographic]

    Evaluate Your Vendor Account Team to Optimize Vendor Relations

    • Buy Link or Shortcode: {j2store}222|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Understand how important your account is to the vendor and how it is classified.
    • Understand how informed the account team is about your company and your industry.
    • Understand how long the team has been with the vendor. Have they been around long enough to have developed a “brand” or trust within their organization?
    • Understand and manage the relationships and influence the account team has within your organization to maintain control of the relationship.

    Our Advice

    Critical Insight

    Conducting the appropriate due diligence on your vendor’s account team is as important as the due diligence you put into the vendor. Ongoing management of the account team should follow the lifecycle of the vendor relationship.

    Impact and Result

    Understanding your vendor team’s background, experience, and strategic approach to your account is key to the management of the relationship, the success of the vendor agreement, and, depending on the vendor, the success of your business.

    Evaluate Your Vendor Account Team to Optimize Vendor Relations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate Your Vendor Account Team to Optimize Vendor Relations Deck – Understand the value of knowing your account team’s influence in their organization, and yours, to drive results.

    Learn how to best qualify that you have the right team for your business needs, using the accompanying tools to measure and monitor success throughout the relationship.

    • Evaluate Your Vendor Account Team to Optimize Vendor Relations Storyboard

    2. Vendor Rules of Engagement Template – Use this template to create a vendor rules of engagement document for inclusion in your company website, RFPs, and contracts.

    The Vendor Rules of Engagement template will help you develop your written expectations for the vendor for how they will interact with your business and stakeholders.

    • Vendor Rules of Engagement

    3. Evalu-Rate Your Account Team – Use this tool to develop criteria to evaluate your account team and gain feedback from your stakeholders.

    Evaluate your vendor account teams using this template to gather stakeholder feedback on vendor performance.

    • Evalu-Rate Your Account Team
    [infographic]

    Further reading

    Evaluate Your Vendor Account Team to Optimize Vendor Relations

    Understand the value of knowing your account team’s influence in their organization, and yours, to drive results.

    Analyst Perspective

    Having the wrong account team has consequences for your business.

    IT professionals interact with vendor account teams on a regular basis. You may not give it much thought, but do you have a good understanding of your rep’s ability to support/service your account, in the manner you expect, for the best possible outcome? The consequences to your business of an inappropriately assigned and poorly trained account team can have a disastrous impact on your relationship with the vendor, your business, and your budget. Doing the appropriate due diligence with your account team is as important as the due diligence you should put into the vendor. And, of course, ongoing management of the account team relationship is vital. Here we will share how best to qualify that you have the right team for your business needs as well as how to measure and monitor success throughout the relationship.

    Photo of Donna Glidden, Research Director, Vendor Management, Info-Tech Research Group.

    Donna Glidden
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Understand how important your account is to the vendor and how it is classified.
    • Understand how informed the account team is about your company and your industry.
    • Understand how long the team has been with the vendor. Have they been around long enough to have developed a “brand” or trust within their organization?
    • Understand and manage the relationships and influence the account team has within your organization to maintain control of the relationship.
    Common Obstacles
    • The vendor account team “came with the deal.”
    • The vendor account team has limited training and experience.
    • The vendor account team has close relationships within your organization outside of Procurement.
    • Managing your organization’s vendors is ad hoc and there is no formalized process for vendors to follow.
    • Your market position with the vendor is not optimal.
    Info-Tech’s Approach
    • Establish a repeatable, consistent vendor management process that focuses on the account team to maintain control of the relationship and drive the results you need.
    • Create a questionnaire for gaining stakeholder feedback to evaluate the account team on a regular basis.
    • Consider adding a vendor rules of engagement exhibit to your contracts and RFXs.

    Info-Tech Insight

    Understanding your vendor team’s background, their experience, and their strategic approach to your account is key to the management of the relationship, the success of the vendor agreement, and, depending on the vendor, the success of your business.

    Blueprint benefits

    IT Benefits

    • Clear lines of communication
    • Correct focus on the specific needs of IT
    • More accurate project scoping
    • Less time wasted

    Mutual IT and
    Business Benefits

    • Reduced time to implement
    • Improved alignment between IT & business
    • Improved vendor performance
    • Improved vendor relations

    Business Benefits

    • Clear relationship guidelines based on mutual understanding
    • Improved communications between the parties
    • Mutual understanding of roles/goals
    • Measurable relationship criteria

    Insight Summary

    Overarching insight

    Conducting the appropriate due diligence on your vendor’s account team is as important as the due diligence you put into the vendor. Ongoing management of the account team should follow the lifecycle of the vendor relationship.

    Introductory/RFP phase
    • Track vendor contacts with your organization.
    • Qualify the account team as you would the vendor:
      • Background
      • Client experience
    • Consider including vendor rules of engagement as part of your RFP process.
    • How does the vendor team classify your potential account?
    Contract phase
    • Set expectations with the account team for the ongoing relationship.
    • Include a vendor rules of engagement exhibit in the contract.
    • Depending on your classification of the vendor, establish appropriate account team deliverables, meetings, etc.
    Vendor management phase
    • “Evalu-rate” your account team by using a stakeholder questionnaire to gain measurable feedback.
    • Identify the desired improvements in communications and service delivery.
    • Use positive reinforcements that result in positive behavior.
    Tactical insight

    Don’t forget to look at your organization’s role in how well the account team is able to perform to your expectations.

    Tactical insight

    Measure to manage – what are the predetermined criteria that you will measure the account team’s success against?

    Lack of adequate sales training and experience can have a negative impact on the reps’ ability to support your needs adequately

    • According to Forbes (2012), 55% of salespeople lack basic sales skills.
    • 58% of buyers report that sales reps are unable to answer their questions effectively.
    • According to a recent survey, 84% of all sales training is lost after 90 days. This is due to the lack of information retention among sales personnel.
    • 82% of B2B decision-makers think sales reps are unprepared.
    • At least 50% of prospects are not a good fit for the product or service that vendors are selling (Sales Insights Lab).
    • It takes ten months or more for a new sales rep to be fully productive.

    (Source: Spotio)

    Info-Tech Insight

    Remember to examine the inadequacies of vendor training as part of the root cause of why the account team may lack substance.

    Why it matters

    1.8 years

    is the average tenure for top ten tech companies

    2.6 years is the average experience required to hire.

    2.4 years is the average account executive tenure.

    44% of reps plan to leave their job within two years.

    The higher the average contract value, the longer the tenure.

    More-experienced account reps tend to stay longer.

    (Source: Xactly, 2021)
    Image of two lightbulbs labeled 'skill training' with multiple other buzzwords on the glass.

    Info-Tech Insight

    You are always going to be engaged in training your rep, so be prepared.

    Before you get started…

    • Take an inward look at how your company engages with vendors overall:
      • Do you have a standard protocol for how initial vendor inquiries are handled (emails, phone calls, meeting invitations)?
      • Do you have a standard protocol for introductory vendor meetings?
      • Are vendors provided the appropriate level of access to stakeholders/management?
      • Are you prompt in your communications with vendors?
      • What is the quality of the data provided to vendors? Do they need to reach out repeatedly for more/better data?
      • How well are you able to forecast your needs?
      • Is your Accounts Payable team responsive to vendor inquiries?
      • Are Procurement and stakeholders on the same page regarding the handling of vendors?
    • While you may not have a formal vendor management initiative in place, try to understand how important each of your vendors are to your organization, especially before you issue an RFP, so you can set the right expectations with potential vendor teams.
    • Classify vendors as strategic, operational, tactical, or commodity.
      • This will help you focus your time appropriately and establish the right meeting cadence according to the vendor’s place in your business.
      • See Info-Tech’s research on vendor classification.
    When you formalize your expectations regarding vendor contact with your organization and create structure around it, vendors will take notice.

    Consider a standard intake process for fielding vendor inquiries and responding to requests for meetings to save yourself the headaches that come with trying to keep up with them.

    Stakeholder teams, IT, and Procurement need to be on the same page in this regard to avoid missteps in the important introductory phase of dealing with vendors and the resulting confusion on the part of vendor account teams when they get mixed messages and feel “passed around.”

    1. Introductory Phase

    If vendors know you have no process to track their activities, they’ll call who they want when they want, and the likelihood of them having more information about your business than you about theirs is significant.

    Vendor contacts are made in several ways:

    • Cold calls
    • Emails
    • Website
    • Conferences
    • Social introductions

    Things to consider:

    • Consider having a link on your company website to your Sourcing & Procurement team, including:
      • An email address for vendor inquiries.
      • Instructions to vendors on how to engage with you and what information they should provide.
      • A link to your Vendor Rules of Engagement.
    • Track vendor inquiries so you have a list of potential respondents to future RFPs.
    • Work with stakeholders and gain their buy-in on how vendor inquiries are to be routed and handled internally.
    Not every vendor contact will result in an “engagement” such as invitation to an RFP or a contract for business. As such, we recommend that you set up an intake process to track/manage supplier inquiries so that when you are ready to engage, the vendor teams will be set up to work according to your expectations.

    2. RFP/Contract Phase

    What are your ongoing expectations for the account team?
    • Understand how your business will be qualified by the vendor. Where you fit in the market space regarding spend, industry, size of your business, etc., determines what account team(s) you will have access to.
    • Add account team–specific questions to your RFP(s) to gain an understanding of their capabilities and experience up front.
    • How have you classified the vendor/solution? Strategic, tactical, operational, or commodity?
      • Depending on the classification/criticality (See Info-Tech’s Vendor Classification Tool) of the vendor, set the appropriate expectation for vendor review meetings, e.g. weekly, monthly, quarterly, annually.
      • Set the expectation that their support of your account will be regularly measured/monitored by your organization.
      • Consider including a set of vendor rules of engagement in your RFPs and contracts so vendors will know up front what your expectations are for how to engage with Procurement and stakeholders.
    Stock image of smiling coworkers.

    3. Ongoing Vendor Management

    Even if you don’t have a vendor management initiative in place, consider these steps to manage both new and legacy vendor relationships:
    • Don’t wait until there is an issue to engage the account team. Develop an open, honest relationship with vendors and get to know their key players.
    • Seek regular feedback from stakeholders on both parties’ performance against the agreement, based on agreed-upon criteria.
    • Measure vendor performance using the Evalu-Rate Your Account Team tool included with this research.
    • Based on vendor criticality, set a regular cadence of vendor meetings to discuss stakeholder feedback, both positive feedback as well as areas needing improvement and next steps, if applicable.
    Stock image of smiling coworkers.

    Info-Tech Insight

    What your account team doesn’t say is equally important as what they do say. For example, an account rep with high influence says, “I can get that for you” vs. “I'll get back to you.” Pay attention to the level of detail in their responses to you – it references how well they are networked within their own organization.

    How effective is your rep?

    The Poser
    • Talks so much they forget to listen
    • Needs to rely on the “experts”
    • Considers everyone a prospect
    Icons relating to the surrounding rep categories. Ideal Team Player
    • Practices active listening
    • Understands the product they are selling
    • Asks great questions
    • Is truthful
    • Approaches sales as a service to others
    The Bulldozer
    • Unable to ask the right questions
    • If push comes to shove, they keep pushing until you push back
    • Has a sense of entitlement
    • Lacks genuine social empathy
    Skillful Politician
    • Focuses on the product instead of people
    • Goes by gut feel
    • Fears rejection and can’t roll with the punches

    Characteristics of account reps

    Effective
    • Is truthful
    • Asks great questions
    • Practices active listening
    • Is likeable and trustworthy
    • Exhibits emotional intelligence
    • Is relatable and knowledgeable
    • Has excellent interpersonal skills
    • Has a commitment to personal growth
    • Approaches sales as a service to others
    • Understands the product they are selling
    • Builds authentic connections with clients
    • Is optimistic and has energy, drive, and confidence
    • Makes an emotional connection to whatever they are selling
    • Has the ability to put themselves in the position of the client
    • Builds trust by asking the right questions; listens and provides appropriate solutions without overpromising and underdelivering
    Ineffective
    • Goes by gut feel
    • Has a sense of entitlement
    • Lacks genuine social empathy.
    • Considers everyone a prospect
    • Is unable to ask the right questions.
    • Is not really into sales – it’s “just a job”
    • Focuses on the product instead of people
    • Loves to talk so much they forget to listen
    • Fears rejection and can’t roll with the punches
    • If push comes to shove, they keep pushing until you push back
    • Is clueless about their product and needs to rely on the “experts”

    How to support an effective rep

    • Consider being a reference account.
    • Say thank you as a simple way to boost morale and encourage continued positive behavior.
    • If you can, provide opportunities to increase business with the vendor – that is the ultimate thanks.
    • Continue to support open, honest communication between the vendor and your team.
    • Letters or emails of recognition to the vendor team’s management have the potential to boost the rep’s image within their own organization and shine a spotlight on your organization as a good customer.
    • Supplier awards for exemplary service and support may be awarded as part of a more formal vendor management initiative.
    • Refer to the characteristics of an effective rep – which ones best represent your account team?
    A little recognition goes a long way in reinforcing a positive vendor relationship.

    Info-Tech Insight

    Don’t forget to put the relationship in vendor relationship management – give a simple “Thank you for your support” to the account team from executive management.

    How to support an ineffective rep

    An ineffective rep can take your time and attention away from more important activities.
    • Understand what role, if any, you and/or your stakeholders may play in the rep’s lack of performance by determining the root cause:
      • Unrealistic expectations
      • Unclear and incomplete instructions
      • Lack of follow through by your stakeholders to provide necessary information
      • Disconnects between Sourcing/Procurement/IT that lead to poor communication with the vendor team (lack of vendor management)
    • Schedule more frequent meetings with the team to address the issues and measure progress.
    • Be open to listening to your rep(s) and ask them what they need from you in order to be effective in supporting your account.
    • Be sure to document in writing each instance where the rep has underperformed and include the vendor team’s leadership on all communications and meetings.
    • Refer to the characteristics of an ineffective rep – which ones best describe your ineffective vendor rep?
    “Addressing poor performance is an important aspect of supplier management, but prevention is even more so.” (Logistics Bureau)

    Introductory questions to ask vendor reps

    • What is the vendor team’s background, particularly in the industry they are representing? How did they get to where they are?
      • Have they been around long enough to have developed credibility throughout their organization?
      • Do they have client references they are willing to share?
    • How long have they been in this position with the vendor?
      • Remember, the average rep has less than 24 months of experience.
      • If they lack depth of experience, are they trainable?
    • How long have they been in the industry?
      • Longevity and experience matters.
    • What is their best customer experience?
      • What are they most proud of from an account rep perspective?
    • What is their most challenging customer experience?
      • What is their biggest weakness?
    • How are their relationships with their delivery and support teams?
      • Can they get the job done for you by effectively working their internal relationships?
    • What are their goals with this account?
      • Besides selling a lot.
    • What relationships do they have within your organization?
      • Are they better situated within your organization than you are?
    Qualify the account team as you would the vendor – get to know their background and history.

    Vendor rules of engagement

    Articulate your vendor expectations in writing

    Clearly document your expectations via formal rules of engagement for vendor teams in order to outline how they are expected to interact with your business and stakeholders. This can have a positive impact on your vendor and stakeholder relationships and enable you to gain control of:

    • Onsite visits and meetings.
    • Submission of proposals, quotes, contracts.
    • Communication between vendors, stakeholders and Procurement.
    • Expectations for ongoing relationship management.

    Include the rules in your RFXs and contracts to formalize your expectations.

    See the Vendor Rules of Engagement template included with this research.

    Download the Vendor Rules of Engagement template

    Sample of the Vendor Rules of Engagement template.

    Evalu-rate your vendor account team

    Measure stakeholder feedback to ensure your account team is on target to meet your needs. Sample of the Evalu-Rate Your Account Team tool.

    Download the Evalu-Rate Your Account Team tool

    • Use a measurable, repeatable process for evaluations.
    • Include feedback from key stakeholders engaged in the relationship.
    • Keep the feedback fact based and have backup.

    Final thoughts: Do’s and don’ts

    DO

    • Be friendly, approachable.
    • Manage the process by which vendors contact your organization – take control!
    • Understand your market position when sourcing goods/services to establish how much leverage you have with vendors.
    • Set vendor meetings according to their criticality to your business.
    • Evaluate your account teams to understand their strengths/weaknesses.
    • Gain stakeholder buy-in to your vendor processes.

    DON'T

    • Don’t be “friends.”
    • Don’t criticize in public.
    • Don’t needlessly escalate.
    • Don’t let the process of vendors communicating with your stakeholders “just happen.”
    • Don’t accept poor performance or attitude.

    Summary of Accomplishment

    Problem Solved

    Upon completion of this blueprint, Guided Implementation, or workshop, your team should have a comprehensive, well-defined, end-to-end approach to evaluating and managing your account team. Leveraging Info-Tech’s industry-proven tools and templates provides your organization with an effective approach to establishing, maintaining, and evaluating your vendor account team; improving your vendor and stakeholder communications; and maintaining control of the client/vendor relationship.

    Additionally, your team will have a foundation to execute your vendor management principles. These principles will assist your organization in ensuring you receive the perceived value from the vendor as a result of your vendor account team evaluation process.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Bibliography

    “14 Essential Qualities of a Good Salesperson.” Forbes, 5 Oct. 2021. Accessed 11 March 2022.

    “149 Eye-Opening Sales Stats to Consider.” Spotio, 30 Oct. 2018. Accessed 11 March 2022.

    “35 Sales Representative Interview Questions and Answers.” Indeed, 29 Oct. 2021. Accessed 8 March 2022.

    “8 Intelligent Questions for Evaluating Your Sales Reps Performance” Inc., 16 Aug. 2016. Accessed 9 March 2022.

    Altschuler, Max. “Reality Check: You’re Probably A Bad Salesperson If You Possess Any Of These 11 Qualities.” Sales Hacker, 9 Jan. 2018. Accessed 4 May 2022.

    Bertuzzi, Matt. “Account Executive Data Points in the SaaS Marketplace.” Treeline, April 12, 2017. Accessed 9 March 2022. “Appreciation Letter to Vendor – Example, Sample & Writing Tips.” Letters.org, 10 Jan. 2020. Web.

    D’Entremont, Lauren. “Are Your Sales Reps Sabotaging Your Customer Success Without Realizing It?” Proposify, 4 Dec. 2018. Accessed 7 March 2022.

    Freedman, Max. “14 Important Traits of Successful Salespeople.” Business News Daily, 14 April 2022. Accessed 10 April 2022.

    Hansen, Drew. “6 Tips For Hiring Your Next Sales All-Star.” Forbes, 16 Oct. 2012. Web.

    Hulland, Ryan. “Getting Along with Your Vendors.” MonMan, 12 March 2014. Accessed 9 March 2022.

    Lawrence, Jess. “Talking to Vendors: 10 quick tips for getting it right.” Turbine, 30 Oct. 2018. Accessed 11 March 2022.

    Lucero, Karrie. “Sales Turnover Statistics You Need To Know.” Xactly, 24 Aug. 2021. Accessed 9 March 2022.

    Noyes, Jesse. “4 Qualities to Look For in Your Supplier Sales Representative.” QSR, Nov. 2017. Accessed 9 March 2022.

    O’Byrne, Rob. “How To Address Chronic Poor Supplier Performance.” Logistics Bureau, 26 July 2016. Accessed 4 May 2022.

    O'Brien, Jonathan. Supplier Relationship Management: Unlocking the Hidden Value in Your Supply Base. Kogan Page, 2014.

    Short, Alex. “Three Things You Should Consider to Become A Customer of Choice.” Vizibl, 29 Oct. 2021. Web.

    Wayshak, Marc. “18 New Sales Statistics for 2022 from Our Groundbreaking Study!” Sales Insights Lab, 28 March 2022. Web.

    “What Does a Good Customer Experience Look Like In Technology?” Virtual Systems, 23 June 2021. Accessed 10 March 2022.

    Take Control of Infrastructure and Operations Metrics

    • Buy Link or Shortcode: {j2store}460|cart{/j2store}
    • member rating overall impact: 8.5/10 Overall Impact
    • member rating average dollars saved: $7,199 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Measuring the business value provided by IT is very challenging.
    • You have a number of metrics, but they may not be truly meaningful, contextual, or actionable.
    • You know you need more than a single metric to tell the whole story. You also suspect that metrics from different systems combined will tell an even fuller story.
    • You are being asked to provide information from different levels of management, for different audiences, conveying different information.

    Our Advice

    Critical Insight

    • Many organizations collect metrics to validate they are keeping the lights on. But the Infrastructure and Operations managers who are benefitting the most are taking steps to ensure they are getting the right metrics to help them make decisions, manage costs, and plan for change.
    • Complaints about metrics are often rooted in managers wading through too many individual metrics, wrong metrics, or data that they simply can’t trust.
    • Info-Tech surveyed and interviewed a number of Infrastructure managers, CIOs, and IT leaders to understand how they are leveraging metrics. Successful organizations are using metrics for everything from capacity planning to solving customer service issues to troubleshooting system failures.

    Impact and Result

    • Manage metrics so they don’t become time wasters and instead provide real value.
    • Identify the types of metrics you need to focus on.
    • Build a metrics process to ensure you are collecting the right metrics and getting data you can use to save time and make better decisions.

    Take Control of Infrastructure and Operations Metrics Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement a metrics program in your Infrastructure and Operations practice, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gap analysis

    This phase will help you identify challenges that you want to avoid by implementing a metrics program, discover the main IT goals, and determine your core metrics.

    • Take Control of Infrastructure and Operations Metrics – Phase 1: Gap Analysis
    • Infra & Ops Metrics Executive Presentation

    2. Build strategy

    This phase will help you make an actionable plan to implement your metrics program, define roles and responsibilities, and communicate your metrics project across your organization and with the business division.

    • Take Control of Infrastructure and Operations Metrics – Phase 2: Build Strategy
    • Infra & Ops Metrics Definition Template
    • Infra & Ops Metrics Tracking and Reporting Tool
    • Infra & Ops Metrics Program Roles & Responsibilities Guide
    • Weekly Metrics Review With Your Staff
    • Quarterly Metrics Review With the CIO
    [infographic]

    Manage Your Chromebooks and MacBooks

    • Buy Link or Shortcode: {j2store}167|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Devices
    • Parent Category Link: /end-user-computing-devices

    Windows is no longer the only option. MacBooks and Chromebooks are justified, but now you have to manage them.

    • If you have modernized your end-user computing strategy, you may have Windows 10 devices as well as MacBooks.
    • Virtual desktop infrastructure (VDI) and desktop as a service (DaaS) are becoming popular. Chromebooks may be ideal as a low-cost interface into DaaS for your employees.
    • Managing Chromebooks can be particularly challenging as they grow in popularity in the education sector.

    Our Advice

    Critical Insight

    Managing end-user devices may be accomplished with a variety of solutions, but many of those solutions advocate integration with a Microsoft-friendly solution to take advantage of features such as conditional access, security functionality, and data governance.

    Impact and Result

    • Many solutions are available to manage end-user devices, and they come with a long list of options and features. Clarify your needs and define your requirements before you purchase another endpoint management tool. Don’t purchase capabilities that you may never use.
    • Use the associated Endpoint Management Selection Tool spreadsheet to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.

    Manage Your Chromebooks and MacBooks Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage Your Chromebooks and MacBooks deck – MacBooks and Chromebooks are growing in popularity in enterprise and education environments, and now you have to manage them.

    Explore options, guidance and some best practices related to the management of Chromebooks and MacBooks in the enterprise environment and educational institutions. Our guidance will help you understand features and options available in a variety of solutions. We also provide guidance on selecting the best endpoint management solution for your own environment.

    • Manage Your Chromebooks and MacBooks Storyboard

    2. Endpoint Management Selection Tool – Select the best endpoint management tool for your environment. Build a table to compare endpoint management offerings in relation to the features and options desired by your organization.

    This tool will help you determine the features and options you want or need in an endpoint management solution.

    • Endpoint Management Selection Tool
    [infographic]

    Further reading

    Manage Your Chromebooks and MacBooks

    Financial constraints, strategy, and your user base dictate the need for Chromebooks and MacBooks – now you have to manage them in your environment.

    Analyst Perspective

    Managing MacBooks and Chromebooks is similar to managing Windows devices in many ways and different in others. The tools have many common features, yet they struggle to achieve the same goals.

    Until recently, Windows devices dominated the workplace globally. Computing devices were also rare in many industries such as education. Administrators and administrative staff may have used Windows-based devices, but Chromebooks were not yet in use. Most universities and colleges were Windows-based in offices with some flavor of Unix in other areas, and Apple devices were gaining some popularity in certain circles.

    That is a stark contrast compared to today, where Chromebooks dominate the classrooms and MacBooks and Chromebooks are making significant inroads into the enterprise environment. MacBooks are also a common sight on many university campuses. There is no doubt that while Windows may still be the dominant player, it is far from the only one in town.

    Now that Chromebooks and MacBooks are a notable, if not significant, part of the education and enterprise environments, they must be afforded the same considerations as Windows devices in those environments when it comes to management. The good news is that there is no lack of available solutions for managing these devices, and the endpoint management landscape is continually evolving and improving.

    This is a picture of P.J. Ryan, Research Director, Infrastructure & Operations, Info-Tech Research Group

    P.J. Ryan
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • You modernized your end-user computing strategy and now have Windows 10 devices as well as MacBooks.
    • Virtual desktop infrastructure (VDI) and desktop as a service (DaaS) are becoming popular. Chromebooks would be ideal as a low-cost interface into DaaS for your employees.
    • You are responsible for the management of all the new Chromebooks in your educational district.
    • Windows is no longer the only option. MacBooks and Chromebooks are justified, but now you have to manage them.

    Common Obstacles

    • Endpoint management solutions typically do a great job at managing one category of devices, like Windows or MacBooks, but they struggle to fully manage alternative endpoints.
    • Multiple solutions to manage multiple devices will result in multiple dashboards. A single view would be better.
    • One solution may not fit all, but multiple solutions is not desirable either, especially if you have Windows devices, MacBooks, and Chromebooks.

    Info-Tech's Approach

    • Use the tools at your disposal first – don't needlessly spend money if you don't have to. Many solutions can already manage other types of devices to some degree.
    • Use the integration capabilities of endpoint management tools. Many of them can integrate with each other to give you a single interface to manage multiple types of devices while taking advantage of additional functionality.
    • Don't purchase capabilities you will never use. Using 80% of a less expensive tool is economically smarter than using 10% of a more expensive tool.

    Info-Tech Insight

    Managing end-user devices may be accomplished with a variety of solutions, but many of those solutions advocate integration with a Microsoft-friendly solution to take advantage of features such as conditional access, security functionality, and data governance.

    Insight Summary

    Insight 1

    Google Admin Console is necessary to manage Chromebooks, but it can be paired with other tools. Implementation partnerships provide solutions to track the device lifecycle, track the repair lifecycle, sync with Google Admin Console as well as PowerSchool to provide a more complete picture of the user and device, and facilitate reminders to return the device, pay fees if necessary, pick up a device when a repair is complete, and more.

    Insight 2

    The Google Admin Console allows admins to follow an organizational unit (OU) structure very similar to what they may have used in Microsoft's Active Directory environment. This familiarity makes the task of administering Chromebooks easier for admins.

    Insight 3

    Chromebook management goes beyond securing and manipulating the device. Controls to protect the students while online, such as Safe Search and Safe Browsing, should also be implemented.

    Insight 4

    Most companies choose to use a dedicated MacBook management tool. Many unified endpoint management (UEM) tools can manage MacBooks to some extent, but admins tend to agree that a MacBook-focused endpoint management tool is best for MacBooks while a Windows-based endpoint management tool is best for Windows devices.

    Insight 5

    Some MacBook management solutions advocate integration with Windows UEM solutions to take advantage of Microsoft features such as conditional access, security functionality, and data governance. This approach can also be applied to Chromebooks.

    Chromebooks

    Chromebooks had a respectable share of the education market before 2020, but the COVID-19 pandemic turbocharged the penetration of Chromebooks in the education industry.

    Chromebooks are also catching the attention of some decision makers in the enterprise environment.

    "In 2018, Chromebooks represented an incredible 60 percent of all laptop or tablet devices in K-12 -- up from zero percent when the first Chromebook launched during the summer break in 2011."
    – "Will Chromebooks Rule the Enterprise?" Computerworld

    "Chromebooks were the best performing PC products in Q3 2020, with shipment volume increasing to a record-high 9.4 million units, up a whopping 122% year-on-year."
    – Android Police

    "Until the pandemic, Chrome OS' success was largely limited to U.S. schools. Demand in 2020 appears to have expanded beyond that small but critical part of the U.S. PC market."
    – Geekwire

    "In addition to running a huge number of Chrome Extensions and Apps at once, Chromebooks also run Android, Linux and Windows apps."
    – "Will Chromebooks Rule the Enterprise?" Computerworld

    Managing Chromebooks

    Start with the Google Admin Console (GAC)

    GAC is necessary to initially manage Chrome OS devices.

    GAC gives you a centralized console that will allow you to:

    • Create organizational units
    • Add your Chromebook devices
    • Add users
    • Assign users to devices
    • Create groups
    • Create and assign policies
    • Plus more

    GAC can facilitate device management with features such as:

    • Control admin permissions
    • Encryption and update settings
    • App deployment, screen timeout settings
    • Perform a device wipe if required
    • Audit user activity on a device
    • Plus more

    Device and user addition, group and organizational unit creation and administration, applying policies to devices and users – does all this remind you of your Active Directory environment?

    GAC lets you administer users and devices with a similar approach.

    Managing Chromebooks

    Use Active Directory to manage Chromebooks.

    • Enable Active Directory (AD) management from within GAC and you will be able to integrate your Chromebook devices with your AD environment.
    • Devices will be visible in both the GAC and AD environment.
    • Use Windows Group Policy to manage devices and to push policies to users and devices.
    • Users can use their AD username and password to sign into Chromebook devices.
    • GAC can still be used for devices that are not synced with AD.

    Chromebooks can also be managed through these approved partners:

    • Cisco Meraki
    • Citrix XenMobile
    • IBM MaaS360
    • ManageEngine Mobile Device Manager Plus
    • VMware Workspace ONE

    Source: Google

    You must be running the Chrome Enterprise Upgrade and have any licenses required by the approved partner to take advantage of this management option. The partner admin policies supersede GAC.

    If you stop using the approved partner admin console to manage your devices, the polices and settings in GAC will immediately take over the devices.

    Microsoft still has the market share when it comes to device sales, and many administrators are already familiar with Microsoft's Active Directory. Google took advantage of that familiarity when it designed the Google Admin Console structure for users, groups, and organizational units.

    Chromebook Deployment

    Chromebook deployment becomes a challenge when device quantities grow. The enrollment process can be time consuming, and every device must be enrolled before it can be used by an employee or a student. Many admins enlist their full IT teams to assist in the short term. Some vendor partners may assist with distribution options if staffing levels permit. Recent developments from Google have opened additional options for device enrollment beyond the manual enrollment approach.

    Enrolling Chromebooks comes down to one of two approaches:

    1. Manually enrolling one device at a time
      • Users can assist by entering some identifying details during the enrollment if permitted.
      • Some third-party solutions exist, such as USB drives to reduce repetitive keystrokes or hubs to facilitate manually enrolling multiple Chromebooks simultaneously.
    2. Google's Chrome Enterprise Upgrade or the Chrome Education Upgrade
      • This allows you to let your users enroll devices after they accept the end-user license agreement.
      • You can take advantage of Google's vendor partner program and use a zero-touch deployment method where the Chromebook devices automatically receive the assigned policies, apps, and settings as soon as the device is powered on and an authorized user signs in.
      • The Enterprise Upgrade and the Education Upgrade do come with an annual cost per device, which is currently less than US$50.
      • The Enterprise and Education Upgrades come with other features as well, such as enhanced security.

    Chromebooks are automatically assigned to the top-level organizational unit (OU) when enrolled. Devices can be manually moved to another OU, but admins can also create enrollment policies to place newly enrolled devices in a specific OU or have the device locate itself in the same OU as the user.

    Chromebooks in Education

    GAC is also used with Education-licensed devices

    Most of the settings and features previously mentioned are also available for Education-licensed devices and users. Enterprise-specific features will not be available to Education licenses. (Active Directory integration with Education licenses, for example, is accomplished using a different approach)

    • Groups, policies, administrative controls, app deployment and management, adding devices and users, creating organizational units, and more features are all available to Education Admins to use.

    Education device policies and settings tend to focus more on protecting the students with controls such as:

    • Disable incognito mode
    • Disable location tracking
    • Disable external storage devices
    • Browser based protections such as Safe Search or Safe Browsing
    • URL blocking
    • Video input disable for websites
    • App installation prevention, auto re-install, and app blocking
    • Forced re-enrollment to your domain after a device is wiped
    • Disable Guest Mode
    • Restrict who can sign in
    • Audit user activity on a device

    When a student takes home a Chromebook assigned to them, that Chromebook may be the only computer in the household. Administrative polices and settings must take into account the fact that the device may have multiple users accessing many different sites and applications when the device is outside of the school environment.

    Chromebook Management Extended

    An online search for Chromebook management solutions will reveal several software solutions that augment the capabilities of the Google Admin Console. Many of these solutions are focused on the education sector and classroom and student options, although the features would be beneficial to enterprises and educational organizations alike.

    These solutions assist or augment Chromebook management with features such as:

    • Ability to sync with Google Admin Console
    • Ability to sync with student information systems, such as PowerSchool
    • Financial management, purchase details, and chargeback
    • Asset lifecycle management
    • 1:1 Chromebook distribution management
    • Repair programs and repair process management
    • Check-out/loan program management
    • Device distribution/allocation management, including barcode reader integration
    • Simple learning material distribution to the classroom for teachers
    • Facilitate GAC bulk operations
    • Manage inventory of non-IT assets such as projectors, TVs, and other educational assets
    • Plus more

    "There are many components to managing Chromebooks. Schools need to know which student has which device, which school has which device, and costs relating to repairs. Chromebook Management Software … facilitates these processes."
    – VIZOR

    MacBooks

    • MacBooks are gaining popularity in the Enterprise world.
    • Some admins claim MacBooks are less expensive in the long run over Windows-based PCs.
    • Users claim less issues when using a MacBook, and overall, companies report increased retention rates when users are using MacBooks.

    "Macs now make up 23% of endpoints in enterprises."
    – ComputerWeekly.com

    "When given the choice, no less than 72% of employees choose Macs over PCs."
    – "5 Reasons Mac is a must," Jamf

    "IBM says it is 3X more expensive to manage PCs than Macs."
    – Computerworld

    "74% of those who previously used a PC for work experienced fewer issues now that they use a Mac"
    – "Global Survey: Mac in the Enterprise," Jamf

    "When enterprise moves to Mac, staff retention rates improve by 20%. That's quite a boost! "
    – "5 Reasons Mac is a must," Jamf

    Managing MacBooks

    Can your existing UEM keep up?

    Many Windows unified endpoint management (UEM) tools can manage MacBooks, but most companies choose to use a dedicated MacBook management tool.

    • UEM tools that are primarily Windows focused do not typically go deep enough into the management capabilities of non-Windows devices.
    • Admins have noted limitations when it comes to using Windows UEM tools, and reasons they prefer a dedicated MacBook management solution include:
      • Easier to use
      • Faster response times when deploying settings and policies
      • Better control over notification settings and lock screen settings.
      • Easier Apple Business Manager (ABM) integration and provisioning.
    • Note that not every UEM will have the same limitations or advantages. Functionality is different between vendor products.

    Info-Tech Insight

    Most Windows UEM tools are constantly improving, and it is only a matter of time before they rival many of the dedicated MacBook management tools out there.

    Admins tend to agree that a Windows UEM is best for Windows while an Apple-based UEM is best for Apple devices.

    Managing MacBooks

    The market for "MacBook-first" management solutions includes a variety of players of varying ages such as:

    • Jamf
    • Kandji
    • Mosyle
    • SimpleMDM
    • Others

    MacBook-focused management tools can provide features such as:

    • Encryption and update settings
    • App deployment and lifecycle management
    • Remote device wipe, scan, shutdown, restart, and lock
    • Zero touch deployment and support
    • Location tracking
    • Browser content filtering
    • Enable, hide/block, or disable built-in features
    • Configure Wi-Fi, VPN, and certificate-based settings
    • Centralized dashboard with device and app listings as well as individual details
    • Data restrictions
    • Plus more

    Unified endpoint management (UEM) solutions that can provide MacBook management to some degree include (but are not limited to):

    • Intune
    • Ivanti
    • Endpoint Central
    • WorkspaceOne

    Dedicated solutions advocate integration with UEM solutions to take advantage of conditional access, security functionality, and data governance features.

    Jamf and Microsoft entered into a collaboration several years ago with the intention of making the MacBook management process easier and more secure.

    Microsoft Intune and Jamf Pro: Better together to manage and secure Macs
    Microsoft Conditional Access with Jamf Pro ensures that company data is only accessed by trusted users, on trusted devices, using trusted apps. Jamf extends this Enterprise Mobile + Security (EMS) functionality to Mac, iPhone and iPad.
    – "Microsoft Intune and Jamf Pro," Jamf

    Endpoint Management Selection Tool
    Activity

    There are many solutions available to manage end-user devices, and they come with a long list of options and features. Clarify your needs and define your requirements before you purchase another endpoint management tool. Don't purchase capabilities that you may never use.

    Use the Endpoint Management Selection Tool to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.

    1. List out the desired features you want in an endpoint solution for your devices and record those features in the first column. Use the features provided, or add your own and edit or delete the existing ones if necessary.
    2. List your selected endpoint management solution vendors in each of the columns in place of "Vendor 1," "Vendor 2," etc.
    3. Fill out the spreadsheet by changing the corresponding desired feature cell under each vendor to a "yes" or "no" based on your findings while investigating each vendor solution.
    4. When you have finished your investigation, review your spreadsheet to compare the various offerings and pros and cons of each vendor.
    5. Select your endpoint management solution.

    Endpoint Management Selection Tool

    In the first column, list out the desired features you want in an endpoint solution for your devices. Use the features provided if desired, or add your own and edit or delete the existing ones if necessary. As you look into various endpoint management solution vendors, list them in the columns in place of "Vendor 1," "Vendor 2," etc. Use the "Desired Feature" list as a checklist and change the values to "yes" or "no" in the corresponding box under the vendors' names. When complete, you will be able to look at all the features and compare vendors in a single table.

    Desired Feature Vendor 1 Vendor 2 Vendor 3
    Organizational unit creation Yes No Yes
    Group creation Yes Yes Yes
    Ability to assign users to devices No Yes Yes
    Control of administrative permissions Yes Yes Yes
    Conditional access No Yes Yes
    Security policies enforced Yes No Yes
    Asset management No Yes No
    Single sign-on Yes Yes Yes
    Auto-deployment No Yes No
    Repair lifecycle tracking No Yes No
    Application deployment Yes Yes No
    Device tracking Yes Yes Yes
    Ability to enable encryption Yes No Yes
    Device wipe Yes No Yes
    Ability to enable/disable device tracking No No Yes
    User activity audit No No No

    Related Info-Tech Research

    this is a screenshot from Info-Tech's Modernize and Transform Your End-User Computing Strategy.

    Modernize and Transform Your End-User Computing Strategy
    This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?

    Best Unified Endpoint Management (UEM) Software 2022 | SoftwareReviews
    Compare and evaluate unified endpoint management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best unified endpoint management software for your organization.

    Best Enterprise Mobile Management (EMM) Software 2022 | (softwarereviews.com)
    Compare and evaluate enterprise mobile management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best enterprise mobile management software for your organization.

    Bibliography

    Bridge, Tom. "Macs in the enterprise – what you need to know". Computerweekly.com, TechTarget. 27 May 2022. Accessed 12 Aug. 2022.
    Copley-Woods, Haddayr. "5 reasons Mac is a must in the enterprise". Jamf.com, Jamf. 28 June 2022. Accessed 16 Aug. 2022.
    Duke, Kent. "Chromebook sales skyrocketed in Q3 2020 with online education fueling demand." androidpolice.com, Android Police. 16 Nov 2020. Accessed 10 Aug. 2022.
    Elgin, Mike. "Will Chromebooks Rule the Enterprise? (5 Reasons They May)". Computerworld.com, Computerworld. 30 Aug 2019. Accessed 10 Aug. 2022.
    Evans, Jonny. "IBM says it is 3X more expensive to manage PCs than Macs". Computerworld.com, Computerworld. 19 Oct 2016. Accessed 23 Aug. 2022.
    "Global Survey: Mac in the Enterprise". Jamf.com, Jamf. Accessed 16 Aug. 2022.
    "How to Manage Chromebooks Like a Pro." Vizor.cloud, VIZOR. Accessed 10 Aug. 2022.
    "Manage Chrome OS Devices with EMM Console". support.google.com, Google. Accessed 16 Aug. 2022.
    Protalinski, Emil. "Chromebooks outsold Macs worldwide in 2020, cutting into Windows market share". Geekwire.com, Geekwire. 16 Feb 2021. Accessed 22 Aug. 2022.
    Smith, Sean. "Microsoft Intune and Jamf Pro: Better together to manage and secure Macs". Jamf.com, Jamf. 20 April 2022. Accessed 16 Aug. 2022.

    Optimize Applications Release Management

    • Buy Link or Shortcode: {j2store}406|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $44,874 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: Testing, Deployment & QA
    • Parent Category Link: /testing-deployment-and-qa
    • The business demands high service and IT needs to respond. Rapid customer response through efficient release and deployment is critical to maintain high business satisfaction.
    • The lack of process ownership leads to chaotic and uncoordinated releases, resulting in costly rework and poor hand-offs.
    • IT emphasizes tools but release tools and technologies alone will not fix the problem. Tools are integrated into the processes they support – if the process challenges aren’t addressed first, then the tool won’t help.
    • Releases are traditionally executed in silos with limited communication across the entire release pipeline. Culturally, there is little motivation for cross-functional collaboration and holistic process optimization.

    Our Advice

    Critical Insight

    • Release management is not solely driven by tools. It is about delivering high quality releases on time through accountability and governance aided by the support of tools.
    • Release management is independent of your software development lifecycle (SDLC). Release management practices sit as an agnostic umbrella over your chosen development methodology.
    • Ownership of the entire process is vital. Release managers ensure standards are upheld and the pipeline operates efficiently.

    Impact and Result

    • Acquire release management ownership. Ensure there is appropriate accountability for speed and quality of the releases passing through the entire pipeline. A release manager has oversight over the entire release process and facilitates the necessary communication between business stakeholders and various IT roles.
    • Instill holistic thinking. Release management includes all steps required to push release and change requests to production along with the hand-off to Operations and Support. Increase the transparency and visibility of the entire pipeline to ensure local optimizations do not generate bottlenecks in other areas.
    • Standardize and lay a strong release management foundation. Optimize the key areas where you are experiencing the most pain and continually improve.

    Optimize Applications Release Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize release management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review your release management objectives

    Assess the current state and define the drivers behind your release management optimizations.

    • Optimize Applications Release Management – Phase 1: Review Your Release Management Objectives
    • Release Management Process Standard Template
    • Release Management Maturity Assessment

    2. Standardize release management

    Design your release processes, program framework, and release change management standards, and define your release management team.

    • Optimize Applications Release Management – Phase 2: Standardize Release Management
    • Release Manager

    3. Roll out release management enhancements

    Create an optimization roadmap that fits your context.

    • Optimize Applications Release Management – Phase 3: Roll Out Release Management Enhancements
    [infographic]

    Workshop: Optimize Applications Release Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review Your Release Management Objectives

    The Purpose

    Reveal the motivators behind the optimization of release management.

    Identify the root causes of current release issues and challenges.

    Key Benefits Achieved

    Ensure business alignment of optimization efforts.

    Firm grasp of why teams are facing release issues and the impacts they have on the organization.

    Activities

    1.1 Identify the objectives for application release.

    1.2 Conduct a current state assessment of release practices.

    Outputs

    Release management business objectives and technical drivers

    Current state assessment of release processes, communication flows, and tools and technologies

    2 Standardize Release Management

    The Purpose

    Alleviate current release issues and challenges with best practices.

    Standardize a core set of processes, tools, and roles & responsibilities to achieve consistency, cadence, and transparency.

    Key Benefits Achieved

    Repeatable execution of the same set of processes to increase the predictability of release delivery.

    Defined ownership of release management.

    Adaptable and flexible release management practices to changing business and technical environments.

    Activities

    2.1 Strengthen your release process.

    2.2 Coordinate releases with a program framework.

    2.3 Manage release issues with change management practices.

    2.4 Define your release management team.

    Outputs

    Processes accommodating each release type and approach the team is required to complete

    Release calendars and program framework

    Release change management process

    Defined responsibilities and accountabilities of release manager and release management team

    3 Roll Out Release Management Enhancements

    The Purpose

    Define metrics to validate release management improvements.

    Identify the degree of oversight and involvement of the release management team.

    Prioritize optimization roadmap against business needs and effort.

    Key Benefits Achieved

    Easy-to-gather metrics to measure success that can be communicated to stakeholders.

    Understanding of how involved release management teams are in enforcing release management standards.

    Practical and achievable optimization roadmap.

    Activities

    3.1 Define your release management metrics.

    3.2 Ensure adherence to standards.

    3.3 Create your optimization roadmap.

    Outputs

    List of metrics to gauge success

    Oversight and reporting structure of release management team

    Release management optimization roadmap

    Drive Innovation With an Exponential IT Mindset

    • Buy Link or Shortcode: {j2store}107|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    To drive a rapid shift towards the adoption of emerging technology, CIOs need:

    • Highly specialized knowledge of emerging technology and trends
    • The ability to engage the business in co-creating value via emerging technology
    • The skills to manage complex enterprise risk
    • Strong governance processes which support enterprise change management

    Our Advice

    Critical Insight

    IT must lead the innovation capabilities that will drive the adoption of emerging technology across the enterprise. In an exponential world, IT needs to adopt business value targets and become a value creator rather limit itself to IT service targets and remain a cost center in the organization.

    Impact and Result

    Assess your innovation capability in five key areas supporting Exponential IT:

    • Organizational Excellence
    • Insights & Intelligence
    • Agile Ideation
    • Team Capabilities
    • Innovation Operations

    Drive Innovation With an Exponential IT Mindset Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive Innovation With an Exponential IT Mindset – Learn about the new era of exponential innovation and the capabilities needed to succeed.

    This research walks you through how to assess your capabilities to lead enterprise innovation and drive Exponential IT.

    • Drive Innovation With an Exponential IT Mindset Storyboard

    2. Innovation Readiness Assessment – Assess your readiness to drive innovation and the adoption of emerging technology.

    This tool will facilitate your readiness assessment.

    • Innovation Readiness Assessment
    [infographic]

    Further reading

    Drive Innovation With an Exponential IT Mindset

    Are you ready to drive the adoption of autonomous business capabilities?

    A diagram that shows exponential IT

    Analyst Perspective

    IT must develop new capabilities to drive emerging tech adoption

    Traditionally, CIOs have struggled to gain the trust of the executive leadership team and be recognized as business leaders rather than just technical leaders. In fact, based on a 2023 study by Info-Tech Research Group, only 36% of CIOs report directly to the CEO with most of the remainder reporting through either the CFO or COO.

    Exponential IT requires that CIOs gain a seat at the table and build the capabilities necessary to not only lead the transformation of their business but also drive the innovation that will lead to enterprise adoption of emerging technologies. CIOs will be required to gain a detailed understanding of their business and in-depth knowledge of emerging technologies so that they can match business opportunities with technology capabilities, while managing risk and change.

    This research will help CIOs identify the capabilities they need to transform the business, and better understand where they must mature their capabilities to drive Exponential IT.

    Photo of Kim Osborne Rodriguez
    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    To drive a rapid shift toward adopting emerging technology, CIOs need:

    • Highly specialized knowledge of emerging technology and trends
    • The ability to engage the business in co-creating value via emerging technology
    • The skills to manage complex enterprise risk
    • Strong governance processes which support enterprise change management

    Common Obstacles

    Exponential IT is dramatically shifting how IT engages the business. Many CIOs are unprepared.

    • Innovation is increasingly important for competitive advantage and business growth, narrowing the gap between large and small players.
    • Over 80% of CXOs believe their CIOs are currently unable to drive change within the business.[1]
    • 40% of CXOs anticipate that IT must be able to transform the business to maintain relevance.[1]

    Info-Tech's Approach

    Is your IT team ready to drive the adoption of emerging technology? Assess your innovation capability in five key areas supporting Exponential IT:

    • Organizational Excellence
    • Insights & Intelligence
    • Agile Ideation
    • Team Capabilities
    • Innovation Operations

    [1] Info-Tech CXO-CIO diagnostic benchmark data, 2022, n=76

    Info-Tech Insight

    IT must lead the innovation capabilities that will drive the adoption of emerging technology across the enterprise. In an exponential world, IT needs to adopt business value targets and become a value creator rather than limit itself to IT service targets and remain a cost center in the organization.

    Drive innovation with an Exponential IT mindset

    Your ability to capture enterprise value from autonomization relies on your innovation capabilities and potential. Is your IT team ready to drive the adoption of AI-driven business processes? Assess your innovation readiness in five key areas supporting Exponential IT.

    A diagram that shows 5 key areas of exponential IT

    IT must rapidly mature

    If IT leaders cannot lead the transformation, then the business will move forward without them.

    Only 3% of CXOs report that their IT department can transform the business. Most IT organizations (81%) still struggle to adequately support the business.

    A diagram that shows IT maturity and exponential IT

    A diagram that shows IT capabilities Based on a Survey of CXOs (n=76)

    Common obstacles

    Leverage Exponential IT to drive value from the adoption of emerging tech

    The most common obstacles to innovation are cultural, including politics, lack of alignment on goals, misaligned culture, and an inability to act on indicators of change.[1]

    CIOs struggle to get a seat at the table and influence change. Info-Tech research shows that only 36% of CIOs report directly to the CEO, with over a third reporting to another C-suite leader such as a COO or CFO.[2]

    [1] Harvard Business Review, 2018
    [2] Info-Tech Research Group CIO Time Study, 2023

    Info-Tech Insight

    To drive change, CIOs need to gain the trust of their senior leadership team. Getting a seat at the table should be the first step for any CIO looking to transform their business.

    Many CIOs struggle to be seen as business leaders

    36%

    Only 36% of CIOs report directly to the CEO.

    Source: Info-Tech Research Group, 2023.

    48%

    48% of Boards report that they lack frequent or direct lines of communication with their CIOs.

    Source: CIO Dive, 2022

    Executive Brief: Case Study

    Logo of RBC Royal Bank

    • INDUSTRY: Financial Services
    • SOURCE: Borealis AI

    Borealis AI drives AI-powered transformation at Royal Bank of Canada

    Borealis AI is a research center backed by RBC Royal Bank, tasked with researching, designing, and building AI products and tools which transform the financial services industry. It gathers researchers with backgrounds in artificial intelligence (AI), computer vision, natural language processing (NLP), computer science, computational finance, mathematics, and machine learning (ML) to create solutions in areas including asynchronous temporal models, non-cooperative learning in competing markets, and causal machine learning from observational data.

    Results

    Borealis AI has created many innovative products for RBC, including:

    • NOMI Forecast: an award-winning personal financial management tool
    • Turing by Borealis AI: a text-to-SQL database interface using NLP
    • Aiden: an AI-powered electronic trading tool using reinforcement learning

    In 2023, Borealis AI won the Best Use of AI for Customer Experience award from The Digital Banker, for the NOMI Forecast app, which has been downloaded by nearly a million RBC clients since launching in 2021.


    "NOMI Forecast is a cutting-edge AI solution that uses deep learning to offer timely and accurate predictions of our clients' cashflow. Powered by our unique datasets, these AI models have been trained to deliver personalized experiences for RBC clients,"
    — Foteini Agrafioti, Chief Science Officer at RBC and Head of Borealis AI

    IT needs to connect emerging technology with business opportunities

    A diagram that shows exponential innovation, emerging technology, business opportunities.

    Emerging tech is driving business change

    A diagram that shows exponential innovation and its 5 elements.

    Innovation is critical for business success, but succeeding is more difficult than ever

    Emerging tech brings new challenges for organizations looking to create a competitive advantage. Access to sophisticated tools with minimal upfront costs have lowered the barriers to entry and democratized innovation, particularly among smaller players. The explosion of data processing & collaboration tools has allowed more focused and data-driven innovation efforts through analysis and insights, increasing the competitive advantage for those who get it right.

    This has led to an accelerated pace of change as autonomous business processes start driving their own market shifts. The rise of autonomous business processes creates exponential reward, but also exponential risk for early adopters.

    Innovation is increasingly critical for competitive growth

    IT innovation leadership explains 75% of the variation in satisfaction with IT (Source: Info-Tech Research Group survey, n=305) and is the fourth-highest priority for IT end users.

    A 7-year review by McKinsey (2020) showed that the most innovative companies[1] outperformed the market by upwards of 30%.

    A 25-year study by Business Development Canada & Statistics Canada showed that innovation was more important to business success than management, human resources, marketing, or finance.

    [1]Top innovators are defined as companies which were listed on Fast Company World's 50 Most Innovative Companies for 2+ years.

    Adapt your approach to innovation

    Both traditional and exponential (AI-driven) innovation is important for business success

    IT as a fast execution engine

    Ideal for developing new methods, products, or services which provide value to the organization

    Can be led by IT or the business, depending on the scope of innovation (IT generally leads IT/internal innovation while the business leads customer-focused innovation)

    Often follows the pace of the business

    IT is a fast executor on requests generated by the business

    Leverages Agile to develop new ideas and products, and uses DevOps to put into production


    Use Info-Tech's research to Build your Enterprise Innovation Program

    IT as an exponential innovation leader

    Ideal for driving the enterprise adoption of emerging tech and autonomous business capabilities

    Led by IT, which brings the understanding of emerging technology and can link opportunities to business problems

    Driven by a faster pace of change, which requires more frequent assessment of emerging technology

    IT is a fast executor on ideas and uses partnerships to drive execution

    Leverages Agile, machine learning operations (MLOps), DataOps and product design to test and implement ideas

    Use this research to successfully drive innovation with an Exponential IT mindset

    Measure the value of this blueprint

    Transformation efforts fail over 75% of the time[1] resulting in millions of dollars of lost revenue[2]

    Our research indicates that most organizations would take months to prepare this type of assessment without our resources. That's nearly 70 work hours spent researching and gathering data to support due diligence, for a total cost of thousands of dollars. Improve your success rate by understanding what's needed to successfully drive innovation.

    [1] Lombard, 2022
    [2] FutureCIO, 2022

    A photo of Establish a baseline

    A diagram that shows Estimated time commitment without Info-Tech's research (person-hours)

    Establish a baseline

    Gauge the effectiveness of this research by completing the following table before and after using this blueprint:

    A diagram that shows Establish a baseline

    How to use this research

    Five tips to get the most out of your readiness assessment

    1. Each category consists of five competencies, with a maximum of five points each. The maximum score on this assessment is 100 points.
    2. Effectiveness levels range from basic (Level 1) to advanced (Level 5). Level 1 is generally considered the baseline for most effectively operating organizations. If your organization is struggling with Level 1 competencies, focus on those before pursuing higher maturity areas.
    3. This assessment is qualitative. Complete the assessment to the best of your ability, based on the scoring rubric provided. If you fall between levels, use the lower one in your assessment.
    4. The scoring rubric may not perfectly fit the processes and practices within every organization. Consider the spirit of the description and score accordingly.
    5. Other industry- and region-specific competencies may be required to succeed at exponential innovation. The competencies in this assessment are a starting point, and internal validation and assessments should be conducted to uncover additional competencies and skills.

    Assess your innovation readiness:

    1. Organizational Excellence

    • Innovation mandate
    • Transformational leadership
    • Culture of innovation
    • Vision & strategy

    Organizational excellence sets the stage for innovation.

    "Innovation distinguishes between a leader and a follower." – Steve Jobs, Apple Founder

    Without strong leadership, innovation efforts are almost certain to fail. Innovation requires buy-in and support, a leader who walks the talk, culture which supports risk taking and allows failure, and a clear and compelling vision. Without these elements in place, transformation efforts are a fifteen times more likely to fail [1] – and waste time and money along the way.

    [1] Lombard, 2022.

    Focus on innovation to deliver business value

    Satisfaction drives IT value, and innovation leadership drives satisfaction with IT

    Strong leadership is critical to the success of innovation. A global survey of 600 business leaders pointed to leadership as the best predictor of innovation success[1] and showed a strong correlation between leadership ability and innovation capabilities.

    Innovation leadership starts with a mandate from the senior leadership team and requires a clearly articulated vision and strategy to deliver the intended benefits to the organization. A survey of 270 business leaders showed that over a third of them struggled with articulating the right strategy or vision, hindering their efforts to innovate.[2]

    45% of business leaders report that cultural issues stifle their innovation efforts, and 55% report unhealthy politics which cause infighting that negatively affects their organization.[2]

    [1] McKinsey, 2008
    [2] Harvard Business Review, 2018

    The importance of leadership

    75% of high IT satisfaction scores are associated with a strong ability to lead innovation.
    Source: Info-Tech Research Group survey, n=305

    Struggling to get a seat at the table?

    It can be challenging to drive innovation efforts without trust and buy-in from senior leadership. Start with small initiatives and build your reputation by consistently delivering on your commitments.

    Leadership starts with a mandate

    Build your innovation leadership with the following capabilities:

    Innovation mandate: There is strong support and trust from the senior leadership team, which gives IT leaders the opportunity to lead innovation despite any temporary failure. IT leaders are well-informed about and have input into business decisions.

    Transformational leadership: IT leaders are influential change agents, not only within their organization but across their industry or community. They inspire others and actively collaborate with external partners, driving change beyond their organization.

    Culture of innovation: Innovative cultures generally demonstrate ten behaviors that are most closely correlated with innovation success: growth mindset, learning-focused, psychological safety, curiosity, trust, willingness to fail, collaboration, diverse perspectives, autonomy, and appropriate risk-taking. These behaviors are embedded in the organization and strongly demonstrated in daily work.

    Vision & strategy: The innovation vision and strategy are continuously refined and adapted to changing market and emerging technology trends. Emerging technology innovation is second nature in the organization, and it becomes a leader in driving change across the industry.

    Additional resources for Organizational Excellence

    Photo of Build your Enterprise Innovation Program

    Build your Enterprise Innovation Program

    Define your innovation mandate
    Articulate your vision and guiding principles
    Build a culture of innovation

    Photo of Manage Your CXO Relations

    Manage Your CXO Relations

    Successfully manage CXO relationships to get a seat at the table and build your mandate to drive innovation

    Photo of CIO

    Become a Transformational CIO

    Build the capabilities to drive transformation as an IT leader in your organization

    Assess your innovation readiness:

    2. Insights & Intelligence

    • Business context
    • Strategic foresight
    • Emerging tech expertise
    • Strategic alignment

    The foundation of innovation is data.

    "Without data you're just another person with an opinion." – Edwards Deming, Statistician

    Having comprehensive and accurate data about the problems you hope to solve is critical to realizing the benefits of innovation. Build your understanding of the business and ability to predict how trends will impact your industry, then stay on top of emerging tech and align solutions with strategic business capabilities.

    Act on strategic indicators

    Build the ability to go from data to intelligence to insights

    Info-Tech data shows that businesses are 93% more likely to be satisfied with IT when their IT teams have a better understanding of the business. Teams need to understand who your organization serves, how it delivers value, and what its goals are.

    When seeking to capitalize on emerging technology opportunities, businesses face an execution challenge. 82% of business leaders report being able to identify leading indicators of change, but less than two thirds of them are confident in their ability to act on those indicators.[1]

    A report by Leadership IQ noted that only 29% of the 21,008 employees surveyed considered their leader's vision consistently well aligned with the organizational vision.[2] Strategic alignment is not just important from a results perspective. It impacts employee motivation: employees with strong leadership alignment are 24% more likely to give their best at work.[2]

    [1] Harvard Business Review, 2018
    [2] Leadership IQ, 2020

    Strategic Foresight Challenges

    82% of business leaders say they can correctly identify leading indicators of change…

    …however, only 58% feel confident in their abilities to act on these indicators.

    Source: Harvard Business Review, 2018

    You must understand the business

    Develop key insights and intelligence with the following capabilities:

    Business context: IT actively participates in the business as a value creator and innovator, proactively disrupting the business and driving the adoption of emerging tech that drives exponential value.

    Strategic foresight: IT not only embraces emerging technologies, but actively drives innovation and disruption through their adoption. IT is adept at using trends to drive exploration and can quickly execute on initiatives.

    Emerging tech expertise: There is an expert-level understanding of emerging technologies including their capabilities, limitations, risks, trends, and potential use cases. IT proactively drives the adoption of emerging technology.

    Strategic alignment: IT proactively uses the business strategy to drive adoption of emerging technology and identify new opportunities. Each initiative has clear metrics and targets which directly impact business targets.

    Additional resources for Intelligence & Insights

    Photo of Tech Trends 2023

    Tech Trends 2023

    Like a chess grandmaster, CIOs must play both sides of the board. Emerging technologies present opportunities to attack, but it's necessary to protect from a volatile board.

    Photo of innovation

    Establish a Foresight Capability

    To be recognized and validated as a forward-thinking CIO, you must establish a structured approach to innovation that considers external trends alongside internal processes.

    Photo of Build a Business-Aligned IT Strategy

    Build a Business-Aligned IT Strategy

    Elicit the business context and identify strategic initiatives that are most important to the organization while building a plan to execute on it.

    Assess your innovation readiness:

    3. Agile Ideation

    • Data-driven decision making
    • Ability to identify opportunities
    • Business engagement
    • Risk management

    IT must use data to drive the ideation process, engaging the business to identify opportunities – all while managing risk.

    "Innovation is key. Only those who have the agility to change with the market and innovate quickly will survive."- Robert Kiyosaki, Entrepreneur & Author

    Many Agile concepts are used in the process of innovation, regardless of whether the formal Agile methodology is used. Fast iterations ("fail fast"), lessons learned, and risk management are equally important for ideation as they are for execution. This category evaluates IT's ability to drive the ideation process at the enterprise level.

    Use data to drive agility

    Effectively using data has a threefold impact in the quality of decisions

    A diagram that shows data-driven journey

    Agility is critical for innovation, particularly when adopting emerging technology. AI and other emerging technologies are accelerating the pace of change and driving a necessary increase in how quickly organizations must adapt.

    Data is also critical when building a case for change. A survey of over 1,000 senior business leaders showed that organizations that effectively use data to drive decision making are three times more likely to report significant improvements in the quality of their decisions.[1]

    [1] Harvard Business School Online, 2019

    Start with the business

    The business must be involved in ideation. Develop the skills needed to engage the business and identify challenges and opportunities.

    Engage the business to deliver value

    Build your proficiency in the following ideation capabilities:

    Data-driven decision making: Data is proactively collected from multiple internal and external sources to inform innovation strategies. Continuous monitoring of innovation provides a strong rationale for outcomes and benefits. Data governance, quality, and privacy measures are in place to ensure data quality.

    Ability to identify opportunities: IT actively shapes the future of the organization and the industry by proactively identifying business opportunities for emerging technology and leading the way in their adoption. Experiments and pilots are often industry firsts.

    Business engagement: IT enables the business by engaging at all levels to identify and refine emerging technology opportunities. They effectively communicate benefits and risks in business terms, while understanding business needs and challenges. IT collaborates with the business to establish innovation centers or communities of practice.

    Risk management: There is a proactive and holistic approach to risk management, considering both opportunities and threats associated with emerging technology adoption. IT and the business continually anticipate and monitor emerging risks, evaluate the effectiveness of risk management practices, and adapt them to evolving technology landscapes.

    Additional resources for Agile Ideation

    Photo of Develop Your Agile Approach for a Successful Transformation

    Develop Your Agile Approach for a Successful Transformation

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Photo of Build an IT Risk Management Program

    Build an IT Risk Management Program

    Risk is inevitable. Without a formal management program, you may be unaware of your greatest IT risks.

    Reacting to risks after they occur can be costly and devastating, yet this is one of the most common tactics used by IT departments.

    Photo of business innovation

    Kick-Start IT-Led Business Innovation

    Business demand for new technology is intensifying pressure to innovate and executive stakeholders expect more from IT. If IT is not considered a source of innovation, its perceived value decreases, and the threat of shadow IT grows. Don't wait to start finding and capitalizing on opportunities for IT-led innovation.

    Assess your innovation readiness:

    4. Team Capabilities

    • Resourcing & investment
    • Talent & skills
    • Change management
    • Partnerships & ecosystem

    Ensure you have the right resources and skills needed to drive innovation.

    "The best way to predict the future is to invent it." – Alan Kay, Computer Scientist

    Resourcing and skills are critical building blocks for driving innovation, and without a strong understanding of emerging technology and the processes needed to adopt it, organizations will falter at driving change.

    Develop the right resourcing, skills, change management, and partnerships to drive Exponential IT.

    Develop key skills

    Scaled Agile (SAFe): Scaled Agile is a framework for implementing Agile and lean methodologies at the enterprise level or outside of a single team.

    Development operations (DevOps): A methodology for software development which includes practices and tools that support the development lifecycle.

    Data operations (DataOps): A set of tools and processes that support data management within an organization. Typically used when training AI on a specialized data set.

    Analytics: The systematic analysis of information used to discover, interpret, and communicate insights gleaned from patterns in data. Analytics typically generate insights that support data-driven decision making.

    Machine learning operations (MLOps): Tools and processes that support the development of machine learning (ML) models, including AI and large language models (LLM). Can include expertise in computer science, natural language processing (NLP), computer vision, computational algorithms, mathematics, and ML expertise.

    Artificial intelligence operations (AIOps): Leveraging AI to develop autonomous business processes at the enterprise level.

    Mature your emerging technology capabilities

    Agile: Build the methodologies to drive execution
    DevOps: Drive the software development lifecycle
    DataOps: Effectively manage data
    Analytics: Develop insights from data
    MLOps: Develop machine learning tools
    AIOps: Build autonomous business processes

    Manage the building blocks of innovation

    Resourcing & investment: IT manages a well-defined and substantial budget dedicated to innovation, which is integrated into the overall strategic planning and decision-making processes. Investments are made in a holistic and forward-looking manner, considering the long-term implications and potential disruption caused by emerging technologies.

    Talent & skills: Teams exhibit thought leadership and innovate within emerging technologies, including advanced machine learning engineering, MLOps, DataOps, and analytics. Employees actively contribute to the advancement of these technologies, engage in research and development, and explore new applications and use cases.

    Change management: This is a core competency led by change champions and change management professionals. There is a strategic approach to driving and sustaining change, focusing on long-term adoption and continuous improvement. Change management is embedded in the organizational culture, and there is a proactive effort to foster change agility and build change capability at all levels.

    Partnerships & ecosystems: IT builds an orchestrated innovation ecosystem for the adoption of emerging technology. They take a proactive role in orchestrating collaboration among ecosystem partners. The organization acts as a catalyst for innovation, bringing together diverse partners to address complex challenges and drive transformative solutions.

    Additional resources for Team Capabilities

    Photo of Drive Technology Adoption

    Drive Technology Adoption

    The project isn't over if the new product or system isn't being used. How do you ensure that what you've put in place will not be ignored or only partially adopted? People are more complicated than any new system and managing them through change requires careful planning.

    Photo of team discussion

    Extend Agile Practices Beyond IT

    Further the benefits of Agile by extending a scaled Agile framework to the business.

    Not all lessons from scaling Agile to IT are transferable. IT Agile scaling processes are tailored to IT's scope, team, and tools, which may not account for diverse attributes within your organization.

    Photo of Managing Exponential Value Relationships

    Managing Exponential Value Relationships

    Successfully managing outcome-based relationships requires a higher degree of trust than traditional vendor relationships. Building trust comes from sharing risks and rewards between organizations and vendors.

    Assess your innovation readiness:

    5. Innovation Execution

    • Governance
    • Embedded security
    • Infrastructure
    • Ability to execute

    Can you deliver results? Develop the capability to execute on innovative ideas.

    "What good is an idea if it remains an idea? Try. Experiment. Fail. Try again. Change the world." – Simon Sinek, Author, Motivational Speaker

    The foundational elements of innovation significantly overlap with the activities you must do to excel at core IT operations. Build your ability to execute quickly on innovative ideas and build the trust of the enterprise.

    Rapidly execute on innovative ideas

    IT must be able to successfully manage the foundational capabilities of innovation

    The foundational capabilities of innovation are central to many core IT processes: governance, security, supporting infrastructure, and the ability to execute on ideas are all critical to running an effective IT shop.

    IT governance is a critical and embedded practice ensuring information and technology investments, risks, and resources are aligned in the organization's best interests while producing business value. Effective governance ensures that the right technology investments are made at the right time to support and enable your organization's mission, vision, and goals.

    A diagram that shows Info-Tech's IT Governance Framework and Security Framework

    Build foundational capabilities

    The ability to rapidly execute on ideas is fundamental not only to innovation but also running an effective IT organization.

    Develop foundational IT capabilities

    The ability to execute is based on key foundational capabilities, including:

    Governance: Adaptable and automated governance guides effective innovation and supports the adoption of emerging technology. Decision making is flexible and can move quickly to enable the implementation of new technologies. Responsibility and authority are aligned across all levels of the organization.

    Embedded security: Security and privacy controls are embedded in the applications and technologies deployed across the enterprise. Security is built into the organizational culture, with a strong focus on promoting security awareness and fostering a security-first mindset.

    Infrastructure: IT infrastructure is modern, adaptive, and future-proof. Infrastructure should support a range of emerging technology applications, including the flexibility to adapt to future use cases. There is a focus on agility, scalability, flexibility, and interoperability.

    Ability to execute: The IT team drives rapid innovation across the organization and can reliably execute and collaborate with internal and external partners. They are pivotal in driving innovation initiatives that align with the organization's strategic objectives. Agile methodologies and practices are embedded in the culture of the team.

    Additional resources for Innovation Execution

    Photo of Make Your IT Governance Adaptable

    Make Your IT Governance Adaptable

    Produce more value from IT by developing a governance framework optimized for your current needs and context, with the ability to adapt as your needs shift.

    Create the foundation and ability to delegate and empower governance to enable agile delivery.

    Photo of Build an Information Security Strategy

    Build an Information Security Strategy

    Many security leaders struggle to decide how best to prioritize their scarce information security resources.

    The need to move from a reactive security approach toward a strategic planning approach is clear. The path to getting there is less so.

    Photo of Exploit Disruptive Infrastructure Technology

    Exploit Disruptive Infrastructure Technology

    Accurate predicting isn't easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, it's difficult to predict which specific technologies will become disruptive.

    Activity 1: Assess your readiness for exponential innovation

    Input: Core competencies; Knowledge of internal processes and capabilities
    Output: Readiness assessment
    Materials: Exponential Innovation Assessment Tool; Whiteboard/Flip charts
    Participants: Executive leadership team, including CIO; Other internal stakeholders of vendor partnerships

    1-3 hours

    1. Gather key stakeholders from across your organization to participate in the readiness assessment exercise.
    2. As a group, review the core competencies from the following five sections and determine where your organization's effectiveness lies for each competency. Record your responses in the Exponential Innovation Assessment Tool.

    Download the Exponential Innovation Assessment Tool

    Interpret your results

    Understand your readiness and determine the next steps to operationalize exponential innovation.

    Once you have completed the readiness assessment, use Info-Tech's maturity ladder to identify next steps and recommendations.

    It is usually very challenging to lead innovation with a total score less than 50. Lower maturity organizations should focus on maturing the foundational aspects of innovation, such as those in the Innovation Execution and Team Capabilities categories, and core IT processes.

    For higher maturity organizations (those with total scores 50 or higher), first focus on getting all capabilities to a minimum of Level 3, then work on progressing maturity starting with foundational categories and working upwards:

    A diagram that shows innovation readiness

    Determine your readiness

    A diagram that shows Innovation Maturity ladder

    Activity 2: Create an action plan

    Input: Readiness assessment
    Output: Action plan to improve maturity of capabilities
    Materials: Exponential Innovation Assessment Tool; Whiteboard/Flip charts
    Participants: Executive leadership team, including CIO; Other internal stakeholders of vendor partnerships

    1 hour

    1. Gather the stakeholders who participated in the readiness assessment exercise.
    2. As a group, review the results of the readiness assessment. Were there any surprises? Do the results reflect your understanding of the organization's maturity?
    3. Determine which areas are likely to limit the organization's innovation capability, based on lowest scoring areas and relative importance to the organization.
    4. Break out into groups and have each group identify three actions the organization could take to mature the lowest scoring areas.
    5. Bring the group back together and prioritize the actions. Note who will be accountable for each next step.
    6. Identify additional Info-Tech research that can assist with improving your maturity (see additional resources in this blueprint).

    Author

    Photo of Kim Osborne Rodriguez
    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Kim is a professional engineer and Registered Communications Distribution Designer (RCDD) with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach, with a track record of supporting successful projects.

    Kim holds a Bachelor's degree in Honours Mechatronics Engineering and an option in Management Sciences from University of Waterloo.

    Research Contributors and Experts

    Photo of Jack Hakimian
    Jack Hakimian
    Senior Vice President
    Info-Tech Research Group

    Jack has more than 25 years of Technology and Management Consulting experience. He has served multi-billion-dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served many large public sector institutions.

    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master's degree in Computer Engineering and an MBA from the ESCP-EAP European School of Management.


    Photo of Mark Tauschek
    Mark Tauschek
    Vice President, Infrastructure & Operations Research
    Info-Tech Research Group

    Mark has hands-on network design and deployment experience across verticals including healthcare, education, manufacturing, retail, and entertainment. He has extensive knowledge in the areas of technology research, process development, vendor selection, and project management. He holds specific expertise in wireless networking and mobile technologies.

    Mark holds an MBA from the Richard Ivey School of Business at the University of Western Ontario and many professional wireless technology certifications.


    Photo of Michael Tweedie
    Michael Tweedie
    Practice Lead, CIO Strategy
    Info-Tech Research Group

    Mike Tweedie brings over 25 years as a technology executive. He's led several large transformation projects across core infrastructure, application and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.

    Mike holds a Bachelor's degree in Architecture from Ryerson University.


    Photo of Donna Bales
    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Donna Bales is a Principal Research Director in the CIO Practice at Info-Tech Research Group specializing in research and advisory services in IT risk, governance, and compliance. She brings over 25 years of experience in strategic consulting and product development and has a history of success in leading complex, multi-stakeholder industry initiatives.

    Donna has a Bachelor's degree in Economics from the University of Western Ontario.


    Photo of Isabelle Hertanto
    Isabelle Hertanto
    Principal Research Director, Security & Privacy
    Info-Tech Research Group

    Isabelle Hertanto has over 15 years of experience delivering specialized IT services to the security and intelligence community. As a former federal officer for Public Safety Canada, Isabelle trained and led teams on data exploitation and digital surveillance operations in support of Canadian national security investigations. Since transitioning into the private sector, Isabelle has held senior management and consulting roles across a variety of industry sectors, including retail, construction, energy, healthcare, and the broader Canadian public sector.


    Photo of Aaron Shum
    Aaron Shum
    Vice President, Security, Privacy, Risk & Compliance
    Info-Tech Research Group

    Aaron Shum is a Vice President in the Security & Privacy Research and Advisory Practice at Info-Tech Research Group. With 25+ years of experience across IT, InfoSec, and Data Privacy, he currently specializes in helping organizations implement comprehensive information security and cybersecurity programs and comply with data privacy regulations such as the European Union's General Data Protection Regulation and the California Privacy Rights Act.


    Photo of Reiaz Somji
    Reiaz Somji
    Managing Director, Consulting
    Info-Tech Research Group

    As a client-focused strategist with strong organizational acumen, Reiaz leverages his 20+ years of management consulting experience to help C-suite executives and managers navigate the integration of changing technology with business goals. He is currently a managing director in Info-Tech's consulting division and leads its Infrastructure practice.


    Photo of Hans Eckman
    Hans Eckman
    Principal Research Director, Applications
    Info-Tech Research Group

    Hans Eckman is a business transformation leader helping organizations connect business strategy and innovation to operational excellence. He supports Info-Tech members in SDLC optimization, Agile and DevOps implementation, CoE/CoP creation, innovation program development, application delivery, and leadership development. Hans is based out of Atlanta, Georgia.


    Photo of Irina Sedenko
    Irina Sedenko
    Research Director, Data & Analytics
    Info-Tech Research Group

    Irina brings more than 20 years of information management experience and demonstrated expertise in big data, advanced analytics, machine learning, and AI. Her experience includes designing and implementing enterprise content management systems, defining data and analytics strategy to support business goals and objectives, creating data governance to enable data initiatives, and providing guidance to the client teams. She led teams through data lake implementation to enable advanced analytics capabilities and has hands-on data science and machine learning experience.

    Research Contributors

    Photo of Bill Macgowan
    Bill Macgowan
    Director, Smart Building Digitization
    Cisco


    Photo of Barry Wiech
    Barry Wiech
    Chief Digital and Information Officer
    Sime Darby Industrial


    Photo of Tim Dunn
    Tim Dunn
    Chief Information Officer
    Department of Energy & Public Works (Queensland)


    Photo of Sudip Ghosh
    Sudip Ghosh
    Group Manager, Office of the CIO
    Star Entertainment Group



    Samantha Rose
    Contract Manager
    Department of Energy & Public Works (Queensland)

    Bibliography

    Altringer, Beth. "A New Model for Innovation in Big Companies." Harvard Business Review. 19 Nov. 2013. Accessed 15 June 2023. https://hbr.org/2013/11/a-new-model-for-innovation-in-big-companies

    Bar Am, Jordan et al. "Innovation in a Crisis: Why it is More Critical Than Ever." McKinsey & Company, 17 June 2020. Accessed 15 June 2023. https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/innovation-in-a-crisis-why-it-is-more-critical-than-ever

    Barsh, Joanna et al. "Leadership and Innovation." McKinsey Quarterly, 1 Jan 2008. Accessed 7 July 2023. https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/leadership-and-innovation

    Borealis AI. "RBC Wins Best Use of AI for Customer Experience for NOMI Forecast." Borealis AI Blog, 28 Apr 2023. Accessed 13 June 2023. https://www.borealisai.com/news/rbc-wins-best-use-of-ai-for-customer-experience-for-nomi-forecast/

    Boston Consulting Group, "Most Innovative Companies 2022." BGC, 15 Sept. 2022. Accessed 15 June 2023. https://www.bcg.com/en-ca/publications/2022/innovation-in-climate-and-sustainability-will-lead-to-green-growth

    BrainyQuote. "Innovation Quotes." Accessed 19 June 2023. https://www.brainyquote.com/topics/innovation-quotes

    Christensen, Clayton M. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business Review Press, 2016.

    Cleroux, Pierre. The "I" Word. BDC. Accessed 1 Aug 2023. https://www.bdc.ca/en/articles-tools/blog/innovation-no-1-factor-business-success

    FutureCIO Editors. "Failed transformation can result in US$6 million in lost revenue." FutureCIO, 29 Apr 2022. Accessed 10 Jul 2023. https://futurecio.tech/failed-transformation-can-result-in-us6-million-in-lost-revenue/

    Goodreads. "W. Edwards Deming Quotes." Accessed 19 June 2023. https://www.goodreads.com/quotes/7327935-without-data-you-re-just-another-person-with-an-opinion

    Haefner, Naomi et al. "Artificial intelligence and innovation management: A review, framework, and research agenda." Technological Forecasting and Social Change, Volume 162, 2021. Accessed 15 June 2023. https://www.sciencedirect.com/science/article/pii/S004016252031218X

    IBM. "The new AI innovation equation." IBM Website. 13 Oct 2016. Accessed 15 June 2023. https://www.ibm.com/watson/advantage-reports/future-of-artificial-intelligence/ai-innovation-equation.html

    Isomaki, Atte. "60+ Innovation Quotes and What They Can Teach You." Viima, 19 Mar 2019. Accessed 6 July 2023. https://www.viima.com/blog/innovation-quotes

    Kay, Alan. "The best way to predict the future is to invent it." Quote Park, 3 June 2021. Accessed 15 June 2023. https://quotepark.com/quotes/1893243-alan-kay-the-best-way-to-predict-the-future-is-to-invent-it/

    Kirsner, Scott. "The Biggest Obstacles to Innovation in Large Companies." Harvard Business Review, 30 July 2018. Accessed 15 June 2023. https://hbr.org/2018/07/the-biggest-obstacles-to-innovation-in-large-companies

    Kiyosaki, Robert. "Innovation is key. Only those who have the agility to change with the market and innovate quickly will survive." AZ Quotes, 11 Dec. 2013. Accessed 15 June 2023.

    Leadership IQ. "The State Of Leadership Development." Leadership IQ, 2020. Accessed 6 July 2023. https://www.leadershipiq.com/blogs/leadershipiq/leadership-development-state

    Lombard, Charl. "Defining Digital: A New Approach to Digital Transformation." Info-Tech LIVE Conference, 2022. https://tymansgrpup.com/videos/defining-digital-a-new-approach-to-digital-transformation

    Murphy, Mark. "A Shocking Number Of Leaders Are Not Aligned With Their Companies' Visions." Forbes, 28 Aug 2020. Accessed 6 Jul 2023. https://www.forbes.com/sites/markmurphy/2020/08/28/a-shocking-number-of-leaders-are-not-aligned-with-their-companies-visions

    Seymour, Harriet et al. "How to unlock a scientific approach to change management with powerful data insights." IBM, 11 Jan 2023. Accessed 6 July 2023. https://www.ibm.com/blog/how-to-unlock-a-scientific-approach-to-change-management-with-powerful-data-insights/

    Sinek, Simon. "What good is an idea if it remains an idea? Try. Experiment. Fail. Try again. Change the world." Praxie, n.d. https://praxie.com/top-innovation-quotes/

    Stobierski, Tim. "The Advantages of Data-Driven Decision-Making." Harvard Business School Online, 26 Aug 2019. Accessed 6 July 2023. https://online.hbs.edu/blog/post/data-driven-decision-making

    Torres, Roberto. "How tech leaders can earn C-suite trust." CIO Dive, 1 Jul 2022. Accessed 7 Jul 2023. https://www.ciodive.com/news/C-suite-trust-CIO-executives/626476/

    Tushman, Michael et al. "Change Management Is Becoming Increasingly Data-Driven. Companies Aren't Ready." Harvard Business Review, 23 Oct 2017. Accessed 6 Jul 2023. https://hbr.org/2017/10/change-management-is-becoming-increasingly-data-driven-companies-arent-ready

    Weick, Karl and Kathleen Sutcliffe. Managing the Unexpected: Sustained Performance in a Complex World, Third Edition. John Wiley & Sons, 2015.

    Develop a Business Continuity Plan

    • Buy Link or Shortcode: {j2store}411|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $37,093 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Recent crises have increased executive awareness and internal pressure to create a business continuity plan (BCP).
    • Industry and government-driven regulations require evidence of sound business continuity practices.
    • Customers demand their vendors provide evidence of a workable BCP prior to signing a contract.
    • IT leaders, because of their cross-functional view and experience with incident management and DR, are often asked to lead BCP efforts.

    Our Advice

    Critical Insight

    • BCP requires input from multiple departments with different and sometimes conflicting objectives. There are typically few, if any, dedicated resources for BCP, so it can't be a full-time, resource-intensive project.
    • As an IT leader you have the skill set and organizational knowledge to lead a BCP project, but ultimately business leaders need to own the BCP – they know their processes, and therefore, their requirements to resume business operations better than anyone else.
    • The traditional approach to BCP is a massive project that most organizations can’t execute without hiring a consultant. To execute BCP in-house, carve up the task into manageable pieces as outlined in this blueprint.

    Impact and Result

    • Implement a structured and repeatable process that you apply to one business unit at a time to keep BCP planning efforts manageable.
    • Use the results of the pilot to identify gaps in your recovery plans and reduce overall continuity risk while continuing to assess specific risks as you repeat the process with additional business units.
    • Enable business leaders to own the BCP going forward. Develop a template that the rest of the organization can use.
    • Leverage BCP outcomes to refine IT DRP recovery objectives and achieve DRP-BCP alignment.

    Develop a Business Continuity Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a business continuity plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify BCP maturity and document process dependencies

    Assess current maturity, establish a team, and choose a pilot business unit. Identify business processes, dependencies, and alternatives.

    • BCP Maturity Scorecard
    • BCP Pilot Project Charter Template
    • BCP Business Process Workflows Example (Visio)
    • BCP Business Process Workflows Example (PDF)

    2. Conduct a BIA to determine acceptable RTOs and RPOs

    Define an objective impact scoring scale, estimate the impact of downtime, and set recovery targets.

    • BCP Business Impact Analysis Tool

    3. Document the recovery workflow and projects to close gaps

    Build a workflow of the current steps for business recovery. Identify gaps and risks to recovery. Brainstorm and prioritize solutions to address gaps and mitigate risks.

    • BCP Tabletop Planning Template (Visio)
    • BCP Tabletop Planning Template (PDF)
    • BCP Project Roadmap Tool
    • BCP Relocation Checklists

    4. Extend the results of the pilot BCP and implement governance

    Present pilot project results and next steps. Create BCMS teams. Update and maintain BCMS documentation.

    • BCP Pilot Results Presentation
    • BCP Summary
    • Business Continuity Teams and Roles Tool

    5. Appendix: Additional BCP tools and templates

    Use these tools and templates to assist in the creation of your BCP.

    • BCP Recovery Workflow Example (Visio)
    • BCP Recovery Workflow Example (PDF)
    • BCP Notification, Assessment, and Disaster Declaration Plan
    • BCP Business Process Workarounds and Recovery Checklists
    • Business Continuity Management Policy
    • Business Unit BCP Prioritization Tool
    • Industry-Specific BIA Guidelines
    • BCP-DRP Maintenance Checklist
    • Develop a COVID-19 Pandemic Response Plan Storyboard
    [infographic]

    Workshop: Develop a Business Continuity Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define BCP Scope, Objectives, and Stakeholders

    The Purpose

    Define BCP scope, objectives, and stakeholders.

    Key Benefits Achieved

    Prioritize BCP efforts and level-set scope with key stakeholders.

    Activities

    1.1 Assess current BCP maturity.

    1.2 Identify key business processes to include in scope.

    1.3 Flowchart key business processes to identify business processes, dependencies, and alternatives.

    Outputs

    BCP Maturity Scorecard: measure progress and identify gaps.

    Business process flowcharts: review, optimize, and allow for knowledge transfer of processes.

    Identify workarounds for common disruptions to day-to-day continuity.

    2 Define RTOs and RPOs Based on Your BIA

    The Purpose

    Define RTOs and RPOs based on your BIA.

    Key Benefits Achieved

    Set recovery targets based business impact, and illustrate the importance of BCP efforts via the impact of downtime.

    Activities

    2.1 Define an objective scoring scale to indicate different levels of impact.

    2.2 Estimate the impact of downtime.

    2.3 Determine acceptable RTO/RPO targets for business processes based on business impact.

    Outputs

    BCP Business Impact Analysis: objective scoring scale to assess cost, goodwill, compliance, and safety impacts.

    Apply the scoring scale to estimate the impact of downtime on business processes.

    Acceptable RTOs/RPOs to dictate recovery strategy.

    3 Create a Recovery Workflow

    The Purpose

    Create a recovery workflow.

    Key Benefits Achieved

    Build an actionable, high-level, recovery workflow that can be adapted to a variety of different scenarios.

    Activities

    3.1 Conduct a tabletop exercise to determine current recovery procedures.

    3.2 Identify and prioritize projects to close gaps and mitigate recovery risks.

    3.3 Evaluate options for command centers and alternate business locations (i.e. BC site).

    Outputs

    Recovery flow diagram – current and future state

    Identify gaps and recovery risks.

    Create a project roadmap to close gaps.

    Evaluate requirements for alternate business sites.

    4 Extend the Results of the Pilot BCP and Implement Governance

    The Purpose

    Extend the results of the pilot BCP and implement governance.

    Key Benefits Achieved

    Outline the actions required for the rest of your BCMS, and the required effort to complete those actions, based on the results of the pilot.

    Activities

    4.1 Summarize the accomplishments and required next steps to create an overall BCP.

    4.2 Identify required BCM roles.

    4.3 Create a plan to update and maintain your overall BCP.

    Outputs

    Pilot BCP Executive Presentation

    Business Continuity Team Roles & Responsibilities

    3. Maintenance plan and BCP templates to complete the relevant documentation (BC Policy, BCP Action Items, Recovery Workflow, etc.)

    Further reading

    Develop a Business Continuity Plan

    Streamline the traditional approach to make BCP development manageable and repeatable.

    Analyst Perspective

    A BCP touches every aspect of your organization, making it potentially the most complex project you’ll take on. Streamline this effort or you won’t get far.

    None of us needs to look very far to find a reason to have an effective business continuity plan.

    From pandemics to natural disasters to supply chain disruptions to IT outages, there’s no shortage of events that can disrupt your complex and interconnected business processes. How in the world can anyone build a plan to address all these threats?

    Don’t try to boil the ocean. Use these tactics to streamline your BCP project and stay on track:

    • Focus on one business unit at a time. Keep the effort manageable, establish a repeatable process, and produce deliverables that provide a starting point for the rest of the organization.
    • Don’t start with an extensive risk analysis. It takes too long and at the end you’ll still need a plan to resume business operations following a disruption. Rather than trying to predict what could cause a disruption, focus on how to recover.
    • Keep your BCP documentation concise. Use flowcharts, checklists, and diagrams instead of traditional manuals.

    No one can predict every possible disruption, but by following the guidance in this blueprint, you can build a flexible continuity plan that allows you to withstand the threats your organization may face.

    Frank Trovato

    Research Director,
    IT Infrastructure & Operations Practice
    Info-Tech Research Group

    Andrew Sharp

    Senior Research Analyst,
    IT Infrastructure & Operations Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Recent crises have increased executive awareness and internal pressure to create a BCP.
    • Industry- and government-driven regulations require evidence of sound business continuity practices.
    • Customers demand their vendors provide evidence of a workable BCP prior to signing a contract.

    IT leaders, because of their cross-functional view and experience with incident management and DR, are often asked to lead BCP efforts.

    Common Obstacles

    • IT managers asked to lead BCP efforts are dealing with processes and requirements beyond IT and outside of their control.
    • BCP requires input from multiple departments with different and sometimes conflicting objectives.
    • Typically there are few, if any, dedicated resources for BCP, so it can't be a full-time, resource-intensive project.

    Info-Tech’s Approach

    • Focus on implementing a structured and repeatable process that can be applied to one business unit at a time to avoid BCP from becoming an overwhelming project.
    • Enable business leaders to own the BCP going forward by establishing a template that the rest of the organization can follow.
    • Leverage BCP outcomes to refine IT DRP recovery objectives and achieve DRP-BCP alignment.

    Info-Tech Insight

    As an IT leader you have the skill set and organizational knowledge to lead a BCP project, but you must enable business leaders to own their department’s BCP practices and outputs. They know their processes and, therefore, their requirements to resume business operations better than anyone else.

    Use this research to create business unit BCPs and structure your overall BCP

    A business continuity plan (BCP) consists of separate but related sub-plans, as illustrated below. This blueprint enables you to:

    • Develop a BCP for a selected business unit (as a pilot project), and thereby establish a methodology that can be repeated for remaining business units.
    • Through the BCP process, clarify requirements for an IT disaster recovery plan (DRP). Refer to Info-Tech’s Disaster Recovery Planning workshop for instructions on how to create an IT DRP.
    • Implement ongoing business continuity management to govern BCP, DRP, and crisis management.

    Overall Business Continuity Plan

    IT Disaster Recovery Plan

    A plan to restore IT application and infrastructure services following a disruption.

    Info-Tech’s disaster recovery planning blueprint provides a methodology for creating the IT DRP. Leverage this blueprint to validate and provide inputs for your IT DRP.

    BCP for Each Business Unit

    A set of plans to resume business processes for each business unit. This includes:

    • Identifying business processes and dependencies.
    • Defining an acceptable recovery timeline based on a business impact analysis.
    • Creating a step-by-step recovery workflow.

    Crisis Management Plan

    A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage.

    Info-Tech’s Implement Crisis Management Best Practices blueprint provides a framework for planning a response to any crisis, from health and safety incidents to reputational damage.

    IT leaders asked to develop a BCP should start with an IT Disaster Recovery Plan

    It’s a business continuity plan. Why should you start continuity planning with IT?

    1. IT services are a critical dependency for most business processes. Creating an IT DRP helps you mitigate a key risk to continuity quicker than it takes to complete your overall BCP, and you can then focus on other dependencies such as people, facilities, and suppliers.
    2. A BCP requires workarounds for IT failures. But it’s difficult to plan workarounds without a clear understanding of the potential IT downtime and data loss. Your DRP will answer those questions, and without a DRP, BCP discussions can get bogged down in IT discussions. Think of payroll as an example: if downtime might be 24 hours, the business might simply wait for recovery; if downtime might be a week, waiting it out is not an option.
    3. As an IT manager, you can develop an IT DRP primarily with resources within your control. That makes it an easier starting point and puts IT in a better position to shift responsibility for BCP to business leaders (where it should reside) since essentially the IT portion is done.

    Create a Right-Sized Disaster Recovery Plan today.

    Modernize the BCP

    If your BCP relies heavily on paper-based processes as workarounds, it’s time to update your plan.

    Back when transactions were recorded on paper and then keyed into the mainframe system later, it was easier to revert to deskside processes. There is very little in the way of paper-based processes anymore, and as a result, it is increasingly difficult to resume business processes without IT.

    Think about your own organization. What IT system(s) are absolutely critical to business operations? While you might be able to continue doing business without IT, this requires regular preparation and training. It’s likely a completely offline process and won’t be a viable workaround for long even if staff know how to do the work. If your data center and core systems are down, technology-enabled workarounds (such as collaboration via mobile technologies or cloud-based solutions) could help you weather the outage, and may be more flexible and adaptable for day-to-day work.

    The bottom line:

    Technology is a critical dependency for business processes. Consider the role IT systems play as process dependencies and as workarounds as part of continuity planning.

    Info-Tech’s approach

    The traditional approach to BCP takes too long and produces a plan that is difficult to use and maintain.

    The Problem: You need to create a BCP, but don’t know where to start.

    • BCP is being demanded more and more to comply with regulations, mitigate business risk, meet customer demands, and obtain insurance.
    • IT leaders are often asked to lead BCP.

    The Complication: A traditional BCP process takes longer to show value.

    • Traditional consultants don’t usually have an incentive to accelerate the process.
    • At the same time, self-directed projects with no defined process go months without producing useful deliverables.
    • The result is a dense manual that checks boxes but isn’t maintainable or usable in a crisis.

    A pie chart is separated into three segments, Internal Mandates 43%, Customer Demands 23%, and Regulatory Requirements 34%. The bottom of the image reads Source: Info-Tech Research Group.

    The Info-Tech difference:

    Use Info-Tech’s methodology to right-size and streamline the process.

    • Reduce required effort. Keep the work manageable and maintain momentum by focusing on one business unit at a time; allow that unit to own their BCP.
    • Prioritize your effort. Evaluate the current state of your BCP to identify the steps that are most in need of attention.
    • Get valuable results faster. Functional deliverables and insights from the first business unit’s BCP can be leveraged by the entire organization (e.g. communication, assessment, and BC site strategies).

    Expedite BCP development

    Info-Tech’s Approach to BCP:

    • Start with one critical business unit to manage scope, establish a repeatable process, and generate deliverables that become a template for remaining business units.
    • Resolve critical gaps as you identify them, generating early value and risk mitigation.
    • Create concise, practical documentation to support recovery.

    Embed training and awareness throughout the planning process.

    BCP for Business Unit A:

    Scope → Pilot BIA → Response Plan → Gap Analysis

    → Lessons Learned:

    • Leverage early results to establish a BCM framework.
    • Take action to resolve critical gaps as they are identified.
    • BCP for Business Units B through N.
    • Scope→BIA→Response Plan→Gap Analysis

    = Ongoing governance, testing, maintenance, improvement, awareness, and training.

    By comparison, a traditional BCP approach takes much longer to mitigate risk:

    • An extensive, upfront commitment of time and resources before defining incident response plans and mitigating risk.
    • A “big bang” approach that makes it difficult to predict the required resourcing and timelines for the project.

    Organizational Risk Assessment and Business Impact Analysis → Solution Design to Achieve Recovery Objectives → Create and Validate Response Plans

    Case Study

    Continuity Planning Supports COVID-19 Response

    Industry: Non-Profit
    Source: Info-Tech Advisory Services

    A charitable foundation for a major state university engaged Info-Tech to support the creation of their business continuity plan.

    With support from Info-Tech analysts and the tools in this blueprint, they worked with their business unit stakeholders to identify recovery objectives, confirm recovery capabilities and business process workarounds, and address gaps in their continuity plans.

    Results

    The outcome wasn’t a pandemic plan – it was a continuity plan that was applicable to pandemics. And it worked. Business processes were prioritized, gaps in work-from-home and business process workarounds had been identified and addressed, business leaders owned their plan and understood their role in it, and IT had clear requirements that they were able and ready to support.

    “The work you did here with us was beyond valuable! I wish I could actually explain how ready we really were for this…while not necessarily for a pandemic, we were ready to spring into action, set things up, the priorities were established, and most importantly some of the changes we’ve made over the past few years helped beyond words! The fact that the groups had talked about this previously almost made what we had to do easy.“ -- VP IT Infrastructure

    Download the BCP Case Study

    Project Overview: BCP

    Phases Phase 1: Identify BCP Maturity and Document Process Dependencies Phase 2: Conduct a BIA to Determine Acceptable RTOs and RPOs Phase 3: Document the Recovery Workflow and Projects to Close Gaps Phase 4: Extend the Results of the Pilot BCP and Implement Governance
    Steps 1.1 Assess current BCP maturity 2.1 Define an objective impact scoring scale 3.1 Determine current recovery procedures 4.1 Consolidate BCP pilot insights to support an overall BCP project plan
    1.2 Establish the pilot BCP team 2.2 Estimate the impact of downtime 3.2 Identify and prioritize projects to close gaps 4.2 Outline a business continuity management (BCM) program
    1.3 Identify business processes, dependencies, and alternatives 2.3 Determine acceptable RTO/RPO targets 3.3 Evaluate BC site and command center options 4.3 Test and maintain your BCP
    Tools and Templates

    BCP Business Impact Analysis Tool

    Results Presentation

    BCP Maturity Scorecard

    Tabletop Planning Template

    BCP Summary

    Pilot Project Charter

    Recovery Workflow Examples

    Business Continuity Teams and Roles

    Business Process Workflows Examples

    BCP Project Roadmap

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    BCP Business Impact Analysis Tool: Conduct and document a business impact analysis using this document.

    BCP Recovery Workflows Example: Model your own recovery workflows on this example.

    BCP Project Roadmap: Use this tool to prioritize projects that can improve BCP capabilities and mitigate gaps and risks.

    BCP Relocation Checklists: Plan for and manage a site relocation – whether to an alternate site or work from home.

    Key deliverable:

    BCP Summary Document

    Summarize your organization's continuity capabilities and objectives in a 15-page, easy-to-consume template.

    This document consolidates data from the supporting documentation and tools to the right.

    Download Info-Tech’s BCP Summary Document

    Insight summary

    Focus less on risk, and more on recovery

    Avoid focusing on risk and probability analysis to drive your continuity strategy. You never know what might disrupt your business, so develop a flexible plan to enable business resumption regardless of the event.

    Small teams = good pilots

    Choose a small team for your BCP pilot. Small teams are better at trialing new techniques and finding new ways to think about problems.

    Calculate downtime impact

    Develop and apply a scoring scale to develop a more-objective assessment of downtime impact for the organization. This will help you prioritize recovery.

    It’s not no, but rather not now…

    You can’t address all the organization’s continuity challenges at once. Prioritize high value, low effort initiatives and create a long-term roadmap for the rest.

    Show Value Now

    Get to value quickly. Start with one business unit with continuity challenges, and a small, focused project team who can rapidly learn the methodology, identify continuity gaps, and define solutions that can also be leveraged by other departments right away.

    Lightweight Testing Exercises

    Outline recovery capabilities using lightweight, low risk tabletop planning exercises. Our research shows tabletop exercises increase confidence in recovery capabilities almost as much as live exercises, which carry much higher costs and risks.

    Blueprint benefits

    Demonstrate compliance with demands from regulators and customers

    • Develop a plan that satisfies auditors, customers, and insurance providers who demand proof of a continuity plan.
    • Demonstrate commitment to resilience by identifying gaps in current capabilities and projects to overcome those gaps.
    • Empower business users to develop their plans and perform regular maintenance to ensure plans don’t go stale.
    • Establish a culture of business readiness and resilience.

    Leverage your BCP to drive value (Business Benefits)

    • Enable flexible, mobile, and adaptable business operations that can overcome disruptions large and small. This includes making it easier to work remotely in response to pandemics or facility disruptions.
    • Clarify the risk of the status quo to business leaders so they can make informed decisions on where to invest in business continuity.
    • Demonstrate to customers your ability to overcome disruptions and continue to deliver your services.

    Info-Tech Advisory Services lead to Measurable Value

    Info-Tech members told us they save an average of $44,522 and 23 days by working with an Info-Tech analyst on BCP (source: client response data from Info-Tech's Measured Value Survey).

    Why do members report value from analyst engagement?

    1. Expert advice on your specific situation to overcome obstacles and speed bumps.
    2. Structure the project and stay on track.
    3. Review project deliverables and ensure the process is applied properly.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostic and consistent frameworks are used throughout all four options.

    Guided Implementation

    Your Trusted Advisor is a call away.

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between eight to twelve calls over the course of four to six months.

    Scoping

    Call 1: Scope requirements, objectives, and stakeholders. Identify a pilot BCP project.

    Business Processes and Dependencies

    Calls 2 - 4: Assess current BCP maturity. Create business process workflows, dependencies, alternates, and workarounds.

    Conduct a BIA

    Calls 5 – 7: Create an impact scoring scale and conduct a BIA. Identify acceptable RTO and RPO.

    Recovery Workflow

    Calls 8 – 9: Create a recovery workflow based on tabletop planning.

    Documentation & BCP Framework

    Call 10: Summarize the pilot results and plan next steps. Define roles and responsibilities. Make the case for a wider BCP program.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com | 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Identify BCP Maturity, Key Processes, and Dependencies Conduct a BIA to Determine Acceptable RTOs and RPOs Document the Current Recovery Workflow and Projects to Close Gaps Identify Remaining BCP Documentation and Next Steps Next Steps and Wrap-Up (offsite)
    Activities

    1.1 Assess current BCP maturity.

    1.2 Identify key business processes to include in scope.

    1.3 Create a flowchart for key business processes to identify business processes, dependencies, and alternatives.

    2.1 Define an objective scoring scale to indicate different levels of impact.

    2.2 Estimate the impact of a business disruption on cost, goodwill, compliance, and health & safety.

    2.3 Determine acceptable RTOs/RPOs for selected business processes based on business impact.

    3.1 Review tabletop planning – what is it, how is it done?

    3.2 Walk through a business disruption scenario to determine your current recovery timeline, RTO/RPO gaps, and risks to your ability to resume business operations.

    3.3 Identify and prioritize projects to close RTO/RPO gaps and mitigate recovery risks.

    4.1 Assign business continuity management (BCM) roles to govern BCP development and maintenance, as well as roles required to execute recovery.

    4.2 Identify remaining documentation required for the pilot business unit and how to leverage the results to repeat the methodology for remaining business units.

    4.3 Workshop review and wrap-up.

    5.1 Finalize deliverables for the workshop.

    5.2 Set up review time for workshop outputs and to discuss next steps.

    Deliverables
    1. Baseline BCP maturity status
    2. Business process flowcharts
    3. Business process dependencies and alternatives recorded in the BIA tool
    1. Potential impact of a business disruption quantified for selected business processes.
    2. Business processes criticality and recovery priority defined
    3. Acceptable RTOs/RPOs defined based on business impact
    1. Current-state recovery workflow and timeline.
    2. RTO/RPO gaps identified.
    3. BCP project roadmap to close gaps
    1. BCM roles and responsibilities defined
    2. Workshop results deck; use this to communicate pilot results and next steps
    1. Finalized deliverables

    Phase 1

    Identify BCP Maturity and Document Process Dependencies

    Phase 1

    1.1 Assess Current BCP Maturity

    1.2 Establish the pilot BCP team

    1.3 Identify business processes, dependencies, and alternatives

    Insights & Outcomes

    Define the scope for the BCP project: assess the current state of the plan, create a pilot project team and pilot project charter, and map the business processes that will be the focus of the pilot.

    Participants

    • BCP Coordinator
    • BCP Executive Sponsor
    • Pilot Business Unit Manager & Process SMEs

    Step 1.1

    Assess current BCP Maturity

    This step will walk you through the following activities:

    • Complete Info-Tech’s BCP Maturity Scorecard

    This step involves the following participants:

    • Executive Sponsor
    • BCP Coordinator

    You'll use the following tools & templates:

    Outcomes & Insights

    Establish current BCP maturity using Info-Tech’s ISO 22301-aligned BCP Maturity Scorecard.

    Evaluate the current state of your continuity plan

    Use Info-Tech’s Maturity Scorecard to structure and accelerate a BCP maturity assessment.

    Conduct a maturity assessment to:

    • Create a baseline metric so you can measure progress over time. This metric can also drive buy-in from senior management to invest time and effort into your BCP.
    • Understand the scope of work to create a complete business continuity plan.
    • Measure your progress and remaining gaps by updating your assessment once you’ve completed the activities in this blueprint.

    This blueprint primarily addresses the first four sections in the scorecard, which align with the creation of the core components of your business continuity plan.

    Info-Tech’s BCP Maturity Scorecard

    Info-Tech’s maturity scorecard is aligned with ISO 22301, the international standard that describes the key elements of a functioning business continuity management system or program – the overarching set of documents, practices, and controls that support the ongoing creation and maintenance of your BCP. A fully functional BCMS goes beyond business continuity planning to include crisis management, BCP testing, and documentation management.

    Audit tools tend to treat every bullet point in ISO 22301 as a separate requirement – which means there’s almost 400 lines to assess. Info-Tech’s BCP Maturity Scorecard has synthesized key requirements, minimizing repetition to create a high-level self-assessment aligned with the standard.

    A high score is a good indicator of likely success with an audit.

    Download Info-Tech's BCP Maturity Scorecard

    Tool: BCP Maturity Scorecard

    Assess your organization’s BCP capabilities.

    Use Info-Tech’s BCP Maturity Scorecard to:

    • Assess the overall completeness of your existing BCP.
    • Track and demonstrate progress towards completion as you work through successive planning iterations with additional business units.
    1. Download a copy of the BCP Maturity Scorecard. On tab 1, indicate the percent completeness for each item using a 0-10 scale (0 = 0% complete, 10 = 100% complete).
    2. If you anticipate improvements in a certain area, make note of it in the “Comments” column.
    3. Review a visual representation of your overall scores on tab 2.

    Download Info-Tech's BCP Maturity Scorecard

    "The fact that this aligns with ISO is huge." - Dr. Bernard Jones MBCI, CBCP

    Step 1.2

    Establish the pilot BCP team

    This step will walk you through the following activities:

    • Assign accountability, responsibility, and roles.
    • Develop a project charter.
    • Identify dependencies and alternates for those dependencies.

    This step involves the following participants:

    • Executive Sponsor
    • BCP Coordinator

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Assign roles and responsibilities for the BCP pilot project. Set milestones and timelines for the pilot.

    Take a pilot approach for BCP

    Limit the scope of an initial BCP project to get to value faster.

    Pilot Project Goals

    • Establish a repeatable methodology that fits your organization and will accelerate BCP development, with tangible deliverables that provide a template for the rest of the business.
    • Identify high-priority business continuity gaps for the pilot business unit, many of which will also apply to the overall organization.
    • Identify initiatives to start addressing gaps now.
    • Enable business users to learn the BCP methodology and toolset so they can own and maintain their business unit BCPs.

    Accomplishments expected:

    • Define key business processes and process dependencies, and alternatives if dependencies are not available.
    • Classify key business processes by criticality for one business unit, using an objective impact scoring scale.
    • Set recovery objectives for these key processes.
    • Document workarounds and recovery plans.
    • Identify gaps in recovery plans and list action items to mitigate risks.
    • Develop a project plan to structure a larger continuity project.

    What not to expect from a pilot project:

    • A complete organizational BCP (the pilot is a strong starting point).
    • Implemented solutions to all BCP gaps (proposed solutions will need to be evaluated first).

    Structure IT’s role in continuity planning

    Clearly define IT’s role in the pilot BCP project to deliver a successful result that enables business units to own BCP in the future.

    Though IT is a critical dependency for most processes, IT shouldn’t own the business continuity plan. IT should be an internal BCP process consultant, and each business unit must own their plan.

    IT should be an internal BCP consultant.

    • IT departments interact with all business units, which gives IT leaders at least a high-level understanding of business operations across the organization.
    • IT leaders typically also have at least some knowledge of disaster recovery, which provides a foundation for tackling BCP.
    • By contrast, business leaders often have little or no experience with disaster recovery, and don’t have the same level of experience as IT when it comes to working with other business units.

    Why shouldn’t IT own the plan?

    • Business unit managers have the authority to direct resources in their department to participate in the BCP process.
    • Business users are the experts in their processes, and are in the best position to identify dependencies, downtime impacts, recovery objectives, and viable solutions (e.g., acceptable alternate sites or process workarounds).
    • Ultimately, business unit managers and executives must decide whether to mitigate, accept, or transfer risks.

    Info-Tech Insight

    A goal of the pilot is to seed success for further planning exercises. This is as much about demonstrating the value of continuity planning to the business unit, and enabling them to own it, as it is about implementing the methodology successfully.

    Create a RACI matrix for the pilot

    Assemble a small, focused team for the pilot project empowered to discover, report, and present possible solutions to continuity planning challenges in your organization.

    Outline roles and responsibilities on the pilot team using a “RACI” exercise. Remember, only one party can be ultimately accountable for the work being completed.

    Example Pilot BCP Project RACI

    Board Executive Team BCP Executive Sponsor BCP Team Leader BCP Coordinator Pilot Bus. Unit Manager Expert Bus. Unit Staff IT Manager
    Communicate BCP project status I I I A R C C I
    Assign resources to pilot BCP project A R C R C R
    Conduct continuity planning activities I A/R R R R R
    Create pilot BCP deliverables I A R R C C C
    Manage BCP documentation I A C R I C C
    Integrate results into BCMS I I A R R I C C
    Create overall BCP project plan I I A R C C

    R: Responsible for doing the work.

    A: Accountable to ensure the activity/work happens.

    C: Consulted prior to decision or action.

    I: Informed of the decision/action once it’s made.

    "Large teams excel at solving problems, but it is small teams that are more likely to come up with new problems for their more sizable counterparts to solve." – Wang & Evans, 2019

    Info-Tech Insight

    Small teams tend to be better at trialing new techniques and finding new ways to think about problems, both of which are needed for a BCP pilot project.

    Choose one business unit for the pilot

    Many organizations begin their BCP project with a target business unit in mind. It’s still worth establishing whether this business unit meets the criteria below.

    Good candidates for a pilot project:

    • Business processes are standardized and documented.
    • Management and staff are motivated to improve business continuity.
    • The business unit is sufficiently well resourced to spare time (e.g. a few hours a week) to dedicate to the BCP process.
    • If the business unit doesn’t meet these criteria, consider addressing shortfalls before the pilot (e.g. via stakeholder management or business process analysis) or selecting another unit.
    • Many of the decisions will ultimately require input and support from the business unit’s manager(s). It is critical that they are bought into and engaged with the project.
    • The leader of the first business unit will be a champion for BCP within the executive team.
    • Sometimes, there’s no clear place to start. If this is the case for you, consider using Info-Tech’s Business Unit BCP Prioritization Tool to determine the order in which business units should undergo BCP development.

    Create role descriptions for the pilot project

    Use these role descriptions and your RACI chart to define roles for the pilot.

    These short descriptions establish the functions, expectations, and responsibilities of each role at a more granular level.

    The Board and executives have an outsized influence on the speed at which the project can be completed. Ensure that communication with these stakeholders is clear and concise. Avoid involving them directly in activities and deliverable creation, unless it’s required by their role (e.g. as a business unit manager).

    Project Role Description
    Board & Executive Team
    • Will receive project status updates but are not directly involved in deliverable creation.
    Executive Sponsor
    • Liaison with the executive team.
    • Accountable to ensure the pilot BCP is completed.
    • Set project goals and approve resource allocation and funding.
    Pilot Business Unit Manager
    • Drive the project and assign required resources.
    • Delegate day-to-day project management tasks to the BCP Coordinator.
    BCP Coordinator
    • Function as the project manager. This includes scheduling activities, coordinating resources, reporting progress, and managing deliverables.
    • Learn and apply the BCP methodology to achieve project goals.
    Expert Business Unit Staff
    • Pilot business unit process experts to assist with BCP development for that business unit.
    IT Manager
    • Provide guidance on IT capabilities and recovery options.
    Other Business Unit Managers
    • Consulted to validate or provide input to the business impact analysis and RTOs/RPOs.

    Identify a suitable BCP Coordinator

    A skilled and committed coordinator is critical to building an effective and durable BCP.

    • Coordinating the BC planning effort requires a perspective that’s informed by IT, but goes beyond IT.
    • For example, many IT professionals only see business processes where they intersect with IT. The BCP Coordinator needs to be able to ask the right questions to help the business units think through dependencies for critical processes.
    • Business analysts can thrive in this role, which requires someone effective at dissecting business processes, working with business users, identifying requirements, and managing large projects.

    Structure the role of the BCP Coordinator

    The BCP Coordinator works with the pilot business unit as well as remaining business units to provide continuity and resolve discrepancies as they come up between business units.

    Specifically, this role includes:

    • Project management tasks (e.g. scheduling, assigning tasks, coordinating resources, and reporting progress).
    • Learning the BCP methodology (through the pilot) so that this person can lead remaining business units through their BCP process. This enables the IT leader who had been assigned to guide BCP development to step back into a more appropriate consulting role.
    • Managing the BCP workflow.

    "We found it necessary to have the same person work with each business unit to pass along lessons learned and resolve contingency planning conflicts for common dependencies." – Michelle Swessel, PM and IT Bus. Analyst, Wisconsin Compensation Rating Bureau (WCRB)

    Template: Pilot Project Charter

    Formalize participants, roles, milestones, risks for the pilot project.

    Your charter should:

    1. Define project parameters, including drivers, objectives, deliverables, and scope.
    2. Identify the pilot business unit.
    3. Assign a BCP pilot team, including a BCP Coordinator, to execute the methodology.
    4. Define before-and-after metrics to enable the team to measure pilot success.
    5. Set achievable, realistic target dates for specific project milestones.
    6. Document risks, assumptions, and constraints.

    Download Info-Tech’s BCP Pilot Project Charter Template

    Step 1.3

    Identify business processes, dependencies, and alternatives

    This step will walk you through the following activities:

    • Identify key business processes.
    • Document the process workflow.
    • Identify dependencies and alternates for those dependencies.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    You'll use the following tools & templates:

    Outcomes & Insights

    Documented workflows, process dependencies, and workarounds when dependencies are unavailable.

    Flowchart business processes

    Workflows help you visually identify process dependencies and optimization opportunities.

    • Business continuity planning is business process focused. You need to document business processes, dependencies, and downtime workarounds.
    • Process documentation is a basic BCP audit requirement, but it will also:
      • Keep discussions about business processes well-scoped and focused – by documenting the process, you also clarify for everyone what you’re actually talking about.
      • Remind participants of process dependencies and workarounds.
      • Make it easier to spot possible process breakdowns or improvements.
      • Capture your work, which can be used to create or update SOP documentation.
    • Use flowcharts to capture process workflows. Flowcharts are often quicker to create, take less time to update, and are ultimately more usable than a dense manual.

    Info-Tech Insight

    Process review often results in discovering informal processes, previously unknown workarounds or breakdowns, shadow IT, or process improvement opportunities.

    1.3.1 Prioritize pilot business unit processes

    Input

    • List of key business unit processes.

    Output

    • List of key business unit processes, now prioritized (at a high-level)

    Materials

    • Whiteboard/flip charts
    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (leads the discussion)
    • Pilot Business Unit Manager

    30 minutes

    1. Create a list of all formal and informal business processes executed by the pilot business unit.
    2. Discuss the impact of process downtime, and do a quick assessment whether impact of downtime for each process would be high, medium, or low across each of these criteria:
      • Revenue or costs (e.g. supports sales, billing, or productivity)
      • Goodwill (e.g. affects internal or external reputation)
      • Compliance (e.g. affects legal or industry requirements)
      • Health or safety (e.g. affects employee/public health & safety)

    Note: A more in-depth analysis will be conducted later to refine priorities. The goal here is a high-level order of priority for the next steps in the planning methodology (identify business processes and dependencies).

    1. In the BCP Business Impact Analysis Tool, Processes and Dependencies tab, record the following:
      • The business processes in rough order of criticality.
      • For each process, provide a brief description that focuses on purpose and impact.
      • For each process, name a process owner (i.e. accountable for process completion – could be a manager or senior staff, not necessarily those executing the process).

    1.3.2 Review process flows & identify dependencies

    Input

    • List of key business unit processes (prioritized at a high level in Activity 1.3.1).
    • Business process flowcharts.

    Output

    • Business process flowcharts

    Materials

    • Whiteboard/flip charts
    • Microsoft Visio, or other flowcharting software
    • BCP Business Impact Analysis Tool

    Download Info-Tech’s Business Process Workflows Example

    1.5 hours

    1. Use a whiteboard to flowchart process steps. Collaborate to clarify process steps and dependencies. If processes are not documented, use this as an opportunity to create standard operating procedures (SOPs) to drive consistency and process optimization, as described in the Info-Tech blueprint, Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind.
    2. Record the dependencies in tab 1 of the BCP Business Impact Analysis Tool in the appropriate columns:
      • People – Anyone involved in the process, from providing guidance to executing the steps.
      • IT Applications – Core IT services (e.g. ERP, CRM) required for this process.
      • End-user devices & equipment – End-user devices, locally-installed apps, IoT, etc.
      • Facility – Any special requirements beyond general office space.
      • Suppliers & Service Providers – Third-parties who support this process.

    Info-Tech Insight

    Policies and procedures manuals, if they exist, are often out of date or incomplete. Use these as a starting point, but don’t stop there. Identify the go-to staff members who are well versed in how a process works.

    1.3.3 Document workarounds

    Input

    • Business process flowcharts.
    • List of process dependencies.

    Output

    • Workarounds and alternatives in the event dependencies aren’t available.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the activity)
    • Pilot Business Unit Manager
    • Business Process Subject Matter Experts (SMEs)

    1.5 hours

    Identify alternatives to critical dependencies to help you create contingency plans.

    1. For each business process, identify known alternatives for each primary dependency. Ignore for the moment how long the workaround or alternate would be feasible.
    2. Record alternatives in the Business Continuity Business Impact Analysis Tool, Processes and Dependencies tab, Alternatives columns (a separate column for each category of dependency):
      • People – Can other staff execute the process steps? (Example: managers can step in if needed.)
      • IT Applications – Is there a manual workaround or other alternative while enterprise technology services are unavailable? (Example: database is down, but data is stored on physical forms.)
      • End-User Devices and Equipment – What alternatives exist to the usual end-user technologies, such as workstations and desk phones? (Example: some staff have cell phones.)
      • Facility Location and Requirements – Is there an alternate location where this work can be conducted? (Example: work from home, or from another building on the campus.)
      • Suppliers and External Services – Is there an alternative source for key suppliers or other external inputs? (Example: find alternate suppliers for key inputs.)
      • Additional Inputs or Requirements – What workarounds exist for additional artifacts that enable process steps (e.g. physical inventory records, control lists)? (Example: if hourly pay information is missing, run the same payroll as the previous run and reconcile once that information is available.)

    Phase 2

    Conduct a BIA to Determine Acceptable RTOs and RPOs

    Phase 2

    2.1 Define an objective impact scoring scale

    2.2 Estimate the impact of downtime

    2.3 Determine acceptable RTO/RPO targets

    Insights & Outcomes

    Assess the impact of business process downtime using objective, customized impact scoring scales. Sort business processes by criticality and by assigning criticality tiers, recovery time, and recovery point objectives.

    Participants

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Business Process SMEs

    Step 2.1

    Define an objective scoring scale

    This step will walk you through the following activities:

    • Identify impact criteria that are relevant to your business.
    • Create a scale that defines a range of impact for relevant criteria.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Define an impact scoring scale relevant to your business, which allows you to more-objectively assess the impact of business process downtime.

    Set appropriate recovery objectives

    Recovery time and recovery point objectives should align with business impact.

    The activities in Phase 2 will help you set appropriate, acceptable recovery objectives based on the business impact of process downtime.

    • The recovery time objective (RTO) and recovery point objective (RPO) are the recovery goals set for individual processes and dependencies to ensure your business unit meets its overall acceptable recovery timeline.

    For example:

    • An RTO of four hours means staff and other required resources must be available to support the business processes within four hours of an incident (e.g. relocate to an alternate worksite if necessary, access needed equipment, log-in to needed systems, get support for completing the process from alternate staff, etc.)
    • An RPO of four hours for a customer database means the most recent secondary copy of the data must never be more than four hours old – e.g. running a backup every four hours or less.

    Conduct a Business Impact Analysis (BIA)

    Create Impact Scoring Scales→Assess the impact of process downtime→Review overall impact of process downtime→Set Criticality Tiers→Set Recovery Time and Recovery Point Objectives

    Create financial impact scales

    Identify maximum cost and revenue impacts to build financial impact scales to measure the financial impact of process downtime.

    Work with the Business Unit Manager and Executive Sponsor to identify the maximum impact in each category to the entire business. Use a worst-case scenario to estimate the maximum for each scale. In the future, you can use this scoring scale to estimate the impact of downtime for other business units.

    • Loss of Revenue: Estimate the upper bound for this figure from the previous year, and divide that by the number of business days in the year. Note: Some organizations may choose to exclude revenue as a category where it won’t be lost (e.g. public-sector organizations).
    • Loss of Productivity: Proxy for lost workforce productivity using payroll numbers. Use the fully loaded payroll for the company, divided by the number of working days in the year as the maximum.
    • Increased Operating Costs: Isolate this to known additional costs resulting from a disruption. Does the interruption itself increase operating costs (e.g. if using timesheets for hourly/contract employees and that information is lost or unavailable, do you assume a full work week)?
    • Financial Penalties: If there are known financial penalties (e.g. due to failure to meet SLAs or other contractual obligations), include those values in your cost estimates.

    Info-Tech Insight

    Cost estimates are like hand grenades and horseshoes: you don’t need to be exact. It’s much easier to get input and validation from other stakeholders when you have estimates. Even weak estimates are far better than a blank sheet.

    Create goodwill, compliance, and safety impact scales

    Create a quantitative, more-objective scoring scale for goodwill, compliance and safety by following the guidance below.

    • Impact on Customers: By default, the customer impact scale is based on the percent of your total customer base impacted. You can also modify this scale to include severity of impact or alter it to identify the maximum number of customers that would be impacted.
    • Impact on Staff: Consider staff that are directly employed by the organization or its subsidiaries.
    • Impact on Business Partners: Which business partners would be affected by a business disruption?
    • Impact on Health & Safety: Consider the extent to which process downtime could increase the risk of the health & safety of staff, customers, and the general public. In addition, degradation of health & safety services should be noted.
    • Impact on Compliance: Set up the scale so that you can capture the impact of any critical regulatory requirements that might not be met if a particular process was down for 24 hours. Consider whether you expect to receive leeway or a grace period from the governance body that requires evidence of compliance.

    Info-Tech Best Practice

    Use just the impact scales that are relevant to your organization.

    Tool: Impact Scoring Scales

    • Define 4-point scoring scales in the BCP business impact analysis tool for a more objective assessment than gut-feel rankings.
    • You don’t need to include every category, if they aren’t relevant to your organization.
    • Refine the scoring scale as needed through the pilot project.
    • Use the same scoring scale for impact analyses with additional business units in the future.

    An image depicting the Business Impact Analysis Tool. A note pointing to the Level of Impact and Direct Cost Impact Scales columns states: Add the maximum cost impacts across each of the four impact scales to the tool. The rest of the scale will auto-populate based on the criteria outlined in the “Level of Impact” column. A note pointing to the column headers states: Change the names of the column headers in this tab. The changes to column headers will populate across the rest of the tool. Indicate exclusions from the scale here. A note pointing to the Goodwill Impact Scales columns reads: Update the Goodwill impact scales. For example, perhaps a critical impact on customers could be defined as “a significant impact on all customers using the organization’s services in a 24-hour period.” A note pointing to the Compliance, Heath and Safety Impact Scales columns reads: Review the compliance and safety impact scales, and update as required.

    Step 2.2

    Estimate the impact of downtime

    This step will walk you through the following activities:

    • Apply the scoring scale developed in step 2.1 to assess the impact of downtime for specific business processes.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Develop an objective view of the impact of downtime for key business processes.

    2.2.1 Estimate the impact of downtime

    1.5 hours

    Input

    • List of business processes, dependencies, and workarounds, all documented in the BIA tool.

    Output

    • Impact of downtime scores for key business unit processes.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the discussion)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. Print a copy of the Scoring Criteria tab to use as a reference, or have it open on another screen. In tab 3 of the BCP Business Impact Analysis Tool use the drop-down menu to assign a score of 0 to 4 based on levels of impact defined in the Scoring Criteria tab.
    2. Work horizontally across all categories for a single process. This will set a benchmark, familiarize you with the scoring system, and allow you to modify any scoring scales if needed. In general, begin with the process that you know to be most critical.
      • For example, if call center sales operations are down:
        • Loss of Revenue would be the portion of sales revenue generated through the call center. This might score a 2 or 3 depending on the proportion of sales generated through the call center.
        • The Impact on Customers might be a 1 or 2 depending on the extent that existing customers might be using the call center to purchase new products or services.
        • The Legal/Regulatory Compliance and Health or Safety Risk might be a 0.
    3. Next, work vertically across all processes within a single category. This will allow you to compare scores within the category as you create them.

    Tool: Impact Analysis

    • The goal of the exercise is to arrive at a defensible ranking of process criticality, based on the impact of downtime.
    • Make sure participants can see the scores you’re assigning during the exercise (e.g. by writing out the scores on a whiteboard, or displaying the tool on a projector or screen) and can reference the scoring scales tab to understand what the scores mean.
    • Take notes to record the rationale behind the impact scores. Consider assigning note-taking duties to one of the participants.

    An image of the Impact Analysis Tool. A note pointing to the column headings states: Any customized column headings from tab 2, Scoring Criteria are automatically ported to this tab. A note pointing to the Impact on Goodwill columns reads: Score each application across each scoring scale from 0 to 4. Be sure to refer back to the scoring scale defined in tab 2. Have the scoring scale printed out, written on a whiteboard, or displayed on a separate screen. A note pointing to the tool's dropdown boxes states: Score categories using the drop-down boxes. A note pointing to the centre columns reads: Ignore scoring for categories you choose to exclude. You can hide these columns to clean up the tool if needed.

    2.2.2 Sort processes into Criticality Tiers

    30 minutes

    Input

    • Processes, with assigned impact scores (financial impact, goodwill impact, compliance and safety impact).

    Output

    • Business processes sorted into criticality tiers, based on the impact of downtime.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the discussion)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. In general, consider the Total Impact on Goodwill, Compliance, and Safety first.
      • An effective tactic to start the process is to assign a tier 1 rating to all processes with a Goodwill, Compliance, and Safety score that’s 50% or more of the highest total score, tier 2 where scores are between 25% and 50%, and tier 3 where scores are below 25% (see table below for an example).
      • In step 2.3, you’ll align recovery time objectives with the criticality tiers. So, Tier 1 processes will target recovery before Tier 2 processes, and Tier 2 processes will target recovery before Tier 3 processes.
    2. Next, consider the Total Cost of Downtime.
    • The Total Cost is calculated by the tool based on the Scoring Criteria in tab 2 and the estimates in the BIA.
    • Consider whether the total cost impact justifies changing the criticality rating. “Smoke test” categorization with participants. Are there any surprises (processes more or less critical than expected)?
  • If the categorization doesn’t seem right, check that the scoring scale was applied consistently.
  • Example: Highest total Goodwill, Compliance, and Safety impact score is 18.

    Tier Score Range % of high score
    Tier 1 - Gold 9-18 50-100%
    Tier 2 - Silver 5 to 9 25-50%
    Tier 3 - Bronze 0 to 5 0-25%

    Step 2.3

    Determine acceptable RTO and RPO targets

    This step will walk you through the following activities:

    • Identify acceptable Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for business processes.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes and Insights

    Right-size recovery objectives based on business impact.

    Right-size recovery objectives

    Acceptable RTOs and RPOs must be right-sized to the impact of downtime.

    Rapid recovery typically requires more investment.

    The impact of downtime for most business processes tends to look something like the increasing impact curve in the image to the right.

    In the moments after a disruption, impact tends to be minimal. Imagine, for example, that your organization was suddenly unable to pay its suppliers (don’t worry about the reason for the disruption, for the moment). Chances are, this disruption wouldn’t affect many payees if it lasted just a few minutes, or even a few hours. But if the disruption were to continue for days, or weeks, the impact of downtime would start to spiral out of control.

    In general, we want to target recovery somewhere between the point where impact begins, and the point where impact is intolerable. We want to balance the impact of downtime with the investment required to make processes more resilient.

    Info-Tech Insight

    Account for hard copy files as well as electronic data. If that information is lost, is there a backup? BCP can be the driver to remove the last resistance to paperless processes, allowing IT to apply appropriate data protection.

    Set recovery time objectives and recovery point objectives in the “Debate Space”

    A graph with the X axis labelled as: Increasing downtime/data loss and the Y-axis labelled Increasing Impact. The graph shows a line rising as impact and downtime/data loss increase, with the lowest end of the line (on the left) labelled as minimal impact, and the highest point of the line (on the right) labelled maximum tolerance. The middle section of the line is labelled as the Debate Space, and a note reads: Acceptable RTO/RPO must be between Low Impact and Maximum Tolerance

    2.3.1 Define process-level recovery objectives

    1 hour

    Input

    • Processes, ranked by criticality.

    Output

    • Initial business-defined recovery objectives for each process.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the discussion)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. Review the “Debate Space” diagram (shown in previous section) with all participants.
    2. Ask business participants for each process: how much downtime is tolerable, acceptable, or appropriate? How much data loss is tolerable?
      • If participants aren’t yet comfortable setting recovery objectives, identify the point at which downtime and data loss first becomes noticeable and the point at which downtime and data loss becomes intolerable.
      • Choose an RTO and RPO for each process that falls within the range set by these two extremes.

    RTOs and RPOs are business-defined, impact-aligned objectives that you may not be able to achieve today. It may require significant investments of time and capital to enable the organization to meet RTO and RPO.

    2.3.2 Align RTOs within and across criticality tiers

    1 hour

    Input

    • Results from pilot BCP impact analysis.

    Output

    • Initial business-defined recovery objectives for each process.

    Materials

    • BCP Business Impact Analysis Tool
    • Whiteboard/ flipchart

    Participants

    • BCP Coordinator
    • BCP Project Sponsor
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager (optional)

    Set a range for RTO for each Tier.

    1. Start with your least critical/Tier 3 processes. Use the filter in the “Criticality Rating” column in the Impact Analysis tab of the BIA tool to show only Tier 3 processes.
      • What range of RTOs did the group assign for processes in this Tier? Does the group agree that these targets are appropriate for these processes?
      • Record the range of RTOs on the whiteboard or flipchart.
    2. Next, look at Tier 2 processes. Use the same filter to show just Tier 2 processes.
      • Record the range of RTOs, confirm the range with the group, and ensure there’s no overlap with the Tier 3 range.
      • If the RTOs in one Tier overlap with RTOs in another, you’ll need to adjust RTOs or move processes between Tiers (if the impact analysis justifies it).
    Tier RTO
    Tier 1 4 hrs- 24 hrs
    Tier 2 24 hrs - 72 hrs
    Tier 3 72 hrs - 120 hrs

    Phase 3

    Document the Recovery Workflow and Projects to Close Gaps

    3.1 Determine current recovery procedures

    3.2 Identify and prioritize projects to close gaps

    3.3 Evaluate business continuity site and command center options

    Insights & Outcomes

    Outline business recovery processes. Highlight gaps and risks that could hinder business recovery. Brainstorm ideas to address gaps and risks. Review alternate site and business relocation options.

    Participants

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Business Process SMEs

    Step 3.1

    Determine current recovery procedures

    This step will walk you through the following activities:

    • Create a step-by-step, high-level recovery workflow.
    • Highlight gaps and risks in the recovery workflow.
    • Test the workflow against multiple scenarios.

    This step involves the following participants:

    • BCP Coordinator
    • Crisis Management Team
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Establish steps required for business recovery and current recovery timelines.

    Identify risks & gaps that could delay or obstruct an effective recovery.

    Conduct a tabletop planning exercise to draft business recovery plans

    Tabletop exercises are the most effective way to test and increase business confidence in business recovery capabilities.

    Why is tabletop planning so effective?

    • It enables you play out a wider range of scenarios than technology-based testing (e.g. full-scale, parallel) due to cost and complexity factors.
    • It is non-intrusive, so it can be executed more frequently than other testing methodologies.
    • It provides a thorough test of your recovery workflow since the exercise is, essentially, paper-based.
    • After you have a BCP in place, this exercise can continue to be a valuable testing exercise for BCP to capture changes in your recovery process.

    A graph titled: Tabletop planning had the greatest impact on respondent confidence in meeting recovery objectives. The graph shows that the relative importance of Tabletop Planning is 57%, compared to 33% for Unit Testing, 3% for Simulation Testing, 6% for Parallel Testing, and 2% for Full-Scale Testing. The source for the graph is Info-Tech Research Group.

    Step 2 - 2 hours
    Establish command center.

    Step 2: Risks

    • Command center is just 15 miles away from primary site.

    Step 2: Gaps

    • Confirm what’s required to set up the command center.
    • Who has access to the EOC?
    • Does the center have sufficient bandwidth, workstations, phones, telephone lines?

    3.1.1 Choose a scenario for your first tabletop exercise

    30 minutes

    Input

    • List of past incidents.
    • Risks to business continuity that are of high concern.

    Output

    • Scenario for the tabletop exercise.

    Materials

    • N/A

    Participant

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot business unit manager

    At the business unit level, the goal is to define a plan to resume business processes after an incident.

    A good scenario is one that helps the group focus on the goal of tabletop planning – to discuss and document the steps required to recover business processes. We suggest choosing a scenario for your first exercise that:

    • Disrupts many process dependencies (i.e. facilities, staff, IT services, suppliers).
    • Does not result in major property damage, harm, or loss of life. Business resumption is the focus of this exercise, not emergency response.
    • Has happened in the past, or is of concern to the business.

    An example: a gas leak at company HQ that requires the area to be cordoned off and power to be shut down. The business must resume processes from another location without access to materials, equipment, or IT services at the primary location.

    A plan that satisfies the gas leak scenario should meet the needs of other scenarios that affect your normal workspace. Then use BCP testing to validate that the plan meets a wider range of incidents.

    3.1.2 Define the BCP activation process

    1 hour

    Input

    • Any existing crisis management, incident response or emergency response plans.
    • BC Scenario.

    Output

    • High level incident notification, assessment, and declaration workflow.

    Materials

    • Cue cards, sticky notes, whiteboard and markers, or Visio template.

    Participants

    • BCP Coordinator
    • Crisis Management Team (if one exists)
    • Business Process SMEs
    • Pilot Business Unit Manager

    Answer the questions below to structure your notification, assessment, and BCP activation procedures.

    Notification

    How will you be notified of a disaster event? How will this be escalated to leadership? How will the team responsible for making decisions coordinate (if they can’t meet on-site)? What emergency response plans are in place to protect health and safety? What additional steps are involved if there’s a risk to health and safety?

    Assessment

    Who’s in charge of the initial assessment? Who may need to be involved in the assessment? Who will coordinate if multiple teams are required to investigate and assess the situation? Who needs to review the results of the assessment, and how will the results of the assessment be communicated (e.g. phone bridge, written memo)? What happens if your primary mode of communication is unavailable (e.g. phone service is down)?

    Declaration

    Who is responsible today for declaring a disaster and activating business continuity plans? What are the organization’s criteria for activating continuity plans, and how will BCP activation be communicated? Establish a crisis management team to guide the organization through a wide range of crises by Implementing Crisis Management Best Practices.

    3.1.3 Document the business recovery workflow

    1 hour

    Input

    • Pilot BIA.
    • Any existing crisis management, incident response, or emergency response plans.
    • BC Scenario

    Output

    • Outline of your BCP declaration and business recovery plan.

    Materials

    • Cue cards, sticky notes, whiteboard and markers, or Visio template.

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager

    Do the following:

    1. Create separate flows for facility, IT, and staff disruptions. Include additional workflows as needed.
      • We suggest you outline the recovery process at least to the point where business processes are restored to a minimum viable functional level.
    2. On white cue cards:
      1. Record the step.
      2. Indicate the task owner.
      3. Estimate how long the step will take.
    3. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
    4. On red cue cards, indicate risks (e.g. no backup person for a key staff member).

    Info-Tech Best Practice

    Tabletop planning is most effective when you keep it simple.

    • Be focused; stay on task and on time.
    • Revisit each step and record risks and mitigation strategies.
    • Discuss each step from start to finish.
    • Revise the plan with key task owners.
    • Don’t get weighed down by tools.
    • Simple tools, like cue cards or whiteboards, can be very effective.

    Tool: BCP Recovery Workflow

    Document the steps you identified in the tabletop to create your draft recovery workflow.

    Why use a flowchart?

    • Flowcharts provide an at-a-glance view, are ideal for crisis scenarios where pressure is high and effective, and where timely communication is necessary.
    • For experienced managers and staff, a high-level reminder of process flows or key steps is sufficient.
    • Where more detail is required, include links to supporting documentation (which could include checklists, vendor documentation/contracts, other flowcharts, etc.)

    Create one recovery workflow for all scenarios.

    Traditional planning calls for separate plans for different “what-if” scenarios. This is challenging not just because it’s a lot more documentation – and maintenance – but because it’s impossible to predict every possible incident. Use the template, aligned to recovery of process dependencies, to create one recovery workflow for each business unit that can be used in and tested against different scenarios.

    Download Info-Tech’s BCP Recovery Workflow Example

    "We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management." – Assistant Director-IT Operations, Healthcare Industry

    "Very few business interruptions are actually major disasters. It’s usually a power outage or hardware failure, so I ensure my plans address ‘minor’ incidents as well as major disasters."- BCP Consultant

    3.1.4 Document achievable recovery metrics (RTA/RPA)

    30 minutes

    Input

    • Pilot BCP BIA.
    • Draft recovery workflow.

    Output

    • RTA and RPA for each business process.

    Materials

    • Pilot BCP BIA.

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager

    Add the following data to your copy of the BCP Business Impact Analysis Tool.

    1. Estimate the recovery time achievable (RTA) for each process based on the required time for the process to be restored to a minimum acceptable functional level. Review your recovery workflow to identify this timeline. For example, if the full process from notification, assessment, and declaration to recovery and relocation would take a full day, set the RTA to 24 hours.
    2. Estimate the recovery point achievable (RPA) for each process based on the maximum amount of data that could be lost. For example, if data on a particular system is backed up offsite once per day, and the onsite system was destroyed just before that backup began, the entire day’s data could be lost and the achievable RPO is 24 hours. Note: Enter a value of 9999 to indicate that data is unrecoverable.

    Info-Tech Insight

    Operating at a minimum acceptable functional level may not be feasible for more than a few days or weeks. Develop plans for immediate continuity first, then develop further plans for long-term continuity processes as required. Recognize that for longer term outages, you will evolve your plans in the crisis to meet the needs of the situation.

    3.1.5 Test the workflow of other scenarios

    1 hour

    Input

    • Draft recovery workflow.

    Output

    • Updated draft recovery workflow.

    Materials

    • Draft recovery workflow.
    • Projector or screen.

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager

    Work from and update the soft copy of your recovery workflow.

    1. Would any steps change if the scenario changes? If yes, capture the different flow with a decision diamond. See the example Recovery Workflow for a workflow that uses decision diamonds. Identify any new gaps or risks you encounter with red and yellow cards.
    2. Make sure the decision diamonds are as generalized as possible. For example, instead of creating a separate response plan for each scenario that would require you to relocate from your existing building, create one response plan for relocation and one response plan for remaining in place.
    3. See the next section for some examples of different types of scenarios that you may include in your recovery workflow.

    Info-Tech Insight

    Remember that health and safety risks must be dealt with first in a crisis. The business unit recovery workflow will focus on restoring business operations after employees are no longer at risk (e.g. the risk has been resolved or employees have been safely relocated). See Implement Crisis Management Best Practices for ideas on how to respond to and assess a wide range of crises.

    Not all scenarios will have full continuity plans

    Risk management is a business decision. Business continuity planning can help decision makers understand and decide on whether to accept or mitigate high impact, low probability risks.

    For some organizations, it’s not practical or possible to invest in the redundancy that would be necessary to recover in a timely manner from certain major events.

    Leverage existing risk management practices to identify key high impact events that could present major business continuity challenges that could cause catastrophic disruptions to facility, IT, staffing, suppliers, or equipment. If you don’t have a risk register, review the scenarios on the next slide and brainstorm risks with the working group.

    Work through tabletop planning to identify how you might work through an event like this, at a high level. In step 3.2, you can estimate the effort, cost, and benefit for different ideas that can help mitigate the damage to the business to help decision makers choose between investment in mitigation or accepting the risk.

    Document any scenarios that you identify as outside the scope of your continuity plans in the “Scope” section of your BCP Summary document.

    For example:

    A single location manufacturing company is creating a BCP.

    The factory is large and contains expensive equipment; it’s not possible to build a second factory for redundancy. If the factory is destroyed, operations can’t be resumed until the factory is rebuilt. In this case, the BCP outlines how to conduct an orderly business shutdown while the factory is rebuilt.

    Contingency planning to resume factory operations after less destructive events, as well as a BCP for corporate services, is still practical and necessary.

    Considerations for other BCP scenarios

    Scenario Type Considerations
    Local hazard (gas leak, chemical leak, criminal incident, etc.)
    • Systems might be accessible remotely, but hands-on maintenance will be required eventually. “Work from home” won’t be a long-term solution.
    • An alternate site is required for service continuity. Can be within normal commuting distance.
    Equipment/building damage (fire, roof collapse, etc.)
    • Equipment will need repair or replacement (vendor involvement).
    • An alternate site is required for service continuity. Can be nearby.
    Regional natural disasters
    • Utilities may be affected (power, running water, etc.).
    • Expect staff to take care of their families first before work.
    • A geographically distant alternate site is required for service continuity.
    Supplier failure (IT provider outage, disaster at supplier, etc.)
    • Service-level agreements are important to establish recovery timelines. Review contracts and master services agreements.
    Staff (lottery win, work stoppage, pandemic/quarantine)
    • Staff are suddenly unavailable. Expect that no warm handoff to alternates is possible and that time to ramp up on the process is accounted for.
    • In a pandemic scenario, work from home, remote toolsets, and digital/contactless workflows become critical.

    Step 3.2

    Identify and prioritize projects to close gaps

    This step will walk you through the following activities:

    • Brainstorm solutions to identified gaps and risks.
    • Prioritize projects and action items to close gaps and risks.
    • Assess the impact of proposed projects on the recovery workflow.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Identify and prioritize projects and action items that can improve business continuity capabilities.

    3.2.1 Brainstorm solutions to address risks and gaps

    1 hour

    Input

    • Draft recovery workflow.
    • Known continuity risks and gaps.

    Output

    • Ideas for action items and projects to improve business continuity.

    Materials

    • Flipchart

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. Review each of the risk and gap cards from the tabletop exercise.
    2. As a group, brainstorm ideas to address gaps, mitigate risks, and improve resiliency. Write the list of ideas on a whiteboard or flip chart paper. The solutions can range from quick-wins and action items to major capital investments. The following slides can help you seed ideas to support brainstorming and idea generation.

    Info-Tech Best Practice

    Try to avoid debates about feasibility at this point. The goal is to get ideas on the board.

    When you’re brainstorming solutions to problems, don’t stop with the first idea, even if the solution seems obvious. The first idea isn’t always the best or only solution – other ideas can expand on it and improve it.

    Step 4: No formal process to declare a disaster and invoke business continuity.

    Step 7: Alternate site could be affected by the same regional event as the main office.

    Step 12: Need to confirm supplier service-level agreements (SLAs).

    1. Continue to create BCP documentation.
    2. Identify a third location for regional disasters.
    3. Contact suppliers to confirm SLAs and validate alignment with RTOs/RPOs.
    4. Add BCP requirements collection to service procurement process?

    Discuss your remote work capabilities

    With COVID-19, most organizations have experience with mass work-from-home.

    Review the following case studies. Do they reflect your experience during the COVID-19 pandemic?

    Unacceptable risk

    • A small insurance company provided laptops to staff so they could work remotely.
    • Complication: Cheque and print stock is a dependency and no plan was made to store check stock offsite in a secure fashion.

    Key dependencies missing

    • A local government provided laptops to key staff so they could work remotely.
    • Complication: The organization didn’t currently own enough Citrix licenses for every user to be online concurrently.

    Unable to serve customers

    • The attestation and land services department of a local government agency provided staff with remote access to key apps.
    • Complication: Their most critical business processes were designed to be in-person – they had no plan to execute these processes from home.

    Consider where your own work-from-home plans fell short.

    • Were your collaboration and communication solutions too difficult for users to use effectively?
    • Did legacy infrastructure affect performance or limit capabilities? Were security concerns appropriately addressed?
    • What challenges did IT face supporting business users on break-fix and new requests?
    • Were there logistical needs (shipping/receiving, etc.) that weren’t met?
    • Develop an updated plan to support work-from-home using Info-Tech’s BCP Relocation Checklists and Home Office Survey template, and integrate these into your overall BCP documentation. Stakeholders can easily appreciate the value of this plan since it’s relevant to recent experience.

    Identify opportunities to improve continuity plans

    What gaps in your continuity response could be addressed with better planning?

    People

    • Alternates are not identified
    • Roles in a disaster are not formalized
    • No internal/external crisis comm. strategy

    Site & Facilities

    • No alternate place of business or command center identified
    • No formal planning or exercises to test alternate site viability

    • Identify a viable secondary site and/or work-from-home plan, and develop a schedule for testing activities. Review in Step 3.3 of the Develop a Business Continuity Plan blueprint.

    External Services & Suppliers

    • Contingency plans for a disruption not planned or formalized
    • No formal review of service-level agreements (SLAs)

    • Contact key suppliers and vendors to establish SLAs, and ensure they meet requirements.
    • Review supplier continuity plans.

    Technology & Physical Assets

    • No secondary site or redundancy for critical IT systems
    • No documented end-to-end IT DR plan

    Tool: BCP Project Roadmap

    Prioritize and visualize BCP projects to present options to decision makers.

    Not all BCP projects can be tackled at once. Enable decision makers to defer, rather than outright reject, projects that aren’t feasible at this time.

    1. Configure the tool in Tab 1. Setup. Adjust criteria and definitions for criteria. Note that shaded columns are required for reporting purposes and can’t be modified.
    2. Add projects and action items in Tab 2. Data Entry. Fields highlighted in red are all required for the dashboard to populate. All other fields are optional but will provide opportunities to track more detailed data on project ideas.
    3. To generate the dashboard in Tab 3. Roadmap, open the Data ribbon and under Queries and Connections click Refresh All. You can now use the slicers on the right of the sheet.

    Download Info-Tech’s BCP Project Roadmap Tool

    Demonstrate BCP project impacts

    Illustrate the benefits of proposed projects.

    1. Review your recovery workflow.
    2. Make updates to a second copy of the high-level outline to illustrate how the business response to a disaster scenario will change once proposed projects are complete.
    • Remove steps that have been made unnecessary.
    • Remove any risks or gaps that have been mitigated or addressed.
    • Verify that proposed projects close gaps between acceptable and achievable recovery capabilities in the BIA tool.
  • The visual impact of a shorter, less-risky recovery workflow can help communicate the benefits of proposed projects to decision makers.
  • Step 3.3

    Evaluate business continuity site and command center options

    This step will walk you through the following activities:

    • Take a deep dive on the requirements for working from an alternate location.
    • Assess different options for an alternate location.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Identify requirements for an alternate business site.

    Tool: Relocation Checklists

    An alternate site could be another company building, a dedicated emergency operations center, or work-from-home. Use this tool to guide and prepare for any relocation exercise.

    • Coordinate your response with the pre-populated checklists in Tabs 1 & 2, identify who’s responsible for items on the checklists, and update your recovery workflows to reflect new steps. When reviewing the checklist, consider what can be done to prepare ahead of a crisis.
      • For example, you may wish to create crisis communication templates to streamline crisis communications during a disaster.
    • Calculate the effort required to provision equipment for relocated users in Tabs 3 & 4.
    • Evaluate your options for alternate sites with the requirements matrix in Tab 5. Use your evaluation to identify how the organization could address shortcomings of viable options either ahead of time or at the time of an incident.

    Download Info-Tech’s BCP Relocation Checklists

    Create a checklist of requirements for an alternate site

    Leverage the roll-up view, in tab 3, of dependencies required to create a list of requirements for an alternate site in tab 4.

    1. The table on Tab 5 of the relocation checklists is pre-populated with some common requirements. Modify or replace requirements to suit your needs for an alternate business/office site. Be sure to consider distance, transportation, needed services, accessibility, IT infrastructure, security, and seating capacity at a minimum.
    2. Don’t assume. Verify. Confirm anything that requires permissions from the site owner. What network providers have a presence in the building? Can you access the site 24/7 and conduct training exercises? What facilities and services are available? Are you guaranteed the space if needed?

    "There are horror stories about organizations that assumed things about their alternate site that they later found out they weren’t true in practice." – Dr. Bernard Jones, MBCI CBCP

    Info-Tech Insight

    If you choose a shared location as a BCP site, a regional disaster may put you in competition with other tenants for space.

    Identify a command center

    For command center and alternate worksite selection, remember that most incidents are local and short term. Identify an onsite and an offsite command center.

    1. For events where the building is not compromised, identify an onsite location, ideally with remote conferencing capabilities and planning and collaboration tools (projectors, whiteboards, flipcharts). The onsite location can also be used for BCM and crisis management meetings. Remember, most business continuity events are not regional or massively destructive.
    2. For the offsite command center, select a location that is sufficiently far away from your normal business location to maintain separation from local incidents while minimizing commute time. However, consider a geographically distant option (e.g. more than 50 miles away) identified for those scenarios where it is a regional disaster, or plan to leverage online tools to create a virtual command center (see the Insight box below).
    3. The first members of the Emergency Response Team to be notified of the incident will determine which location to use or whether a third alternative is required.

    Info-Tech Insight

    For many organizations, a dedicated command center (TVs on the wall, maps and charts in filing cabinets) isn’t necessary. A conference bridge and collaboration tools allowing everyone to work remotely can be an acceptable offsite command center as long as digital options can meet your command center requirements.

    Create a plan for a return to normal

    Operating in continuity mode for an extended period of time tends to result in higher costs and reduced business capabilities. It’s important to restore normal operations as soon as possible.

    Advance planning can minimize risks and delays in returning to normal operations.

    Leverage the methodology and tools in this blueprint to define your return to normal (repatriation) procedures:

    1. Repeat the tabletop planning exercise to determine the repatriation steps and potential gaps. How will you return to the primary site from your alternate site? Does data need to be re-entered into core systems if IT services are down? Do you need to transfer job duties back to primary staff?
    2. What needs to be done to address the gaps in the return to normal workflow? Are there projects or action items that could make return to normal easier?

    For more on supporting a business move back to the office from the IT perspective, see Responsibly Resume IT Operations in the Office

    Potential business impacts of ongoing operations at a failover site

    • The cost of leasing alternate business worksites.
    • Inability to deliver on strategic initiatives while in emergency/interim operations mode, resulting in lost business opportunities.
    • A growing backlog of work that falls outside of emergency operations mode.
    • Travel and accommodation costs if the alternate site is geographically remote.
    • Additional vendor licensing and contract costs.

    Phase 4

    Extend the Results of the Pilot BCP and Implement Governance

    Phase 4

    4.1 Consolidate BCP pilot insights to support an overall BCP project plan

    4.2 Outline a business continuity management (BCM) program

    4.3 Test and maintain your BCP

    Insights & Outcomes

    Summarize and consolidate your initial insights and documentation. Create a project plan for overall BCP. Identify teams, responsibilities, and accountabilities, and assign documentation ownership. Integrate BCP findings in DR and crisis management practices. Set guidelines for testing, plan maintenance, training, and awareness.

    Participants

    • BCP Coordinator
    • Pilot Business Unit Manager
    • BCP Executive Sponsor

    Step 4.1

    Consolidate BCP pilot insights to support an overall BCP project plan

    This step will walk you through the following activities:

    • Summarize and consolidate outputs and key insights from the BCP pilot.
    • Identify outputs from the pilot that can be re-used for the overall BCP.
    • Create a project charter for an overall BCP.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • BCP Executive Sponsor

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Present results from the pilot BCP, and outline how you’ll use the pilot process with other business units to create an overall continuity program.

    Structure the overall BCP program.

    Template: BCP Pilot Results Presentation

    Highlight key findings from the BCP pilot to make the case for next steps.

    • Highlight critical gaps or risks identified, any potential process improvements, and progress made toward improving overall BCP maturity through the pilot project. Summarize the benefits of the pilot project for an executive audience.
    • Review process recovery objectives (RTO/RPO). Provide an overview of recovery capabilities (RTA/RPA). Highlight any significant gaps between objectives and capabilities.
    • Propose next steps, including an overall BCP project and program, and projects and action items to remediate gaps and risks.
    • Develop a project plan to estimate resource requirements for an overall BCP project prior to delivering this presentation. Quantifying required time and resources is a key outcome as it enables the remaining business units to properly scope and resource their BCP development activities and can help managers overcome the fear of the unknown.

    Download Info-Tech’s BCP Pilot Results Presentation

    Tool: BCP Summary

    Sum up information from completed BCP documents to create a high-level BCP overview for auditors and executives.

    The BCP Summary document is the capstone to business unit continuity planning exercises. It consolidates your findings in a short overview of your business continuity requirements, capabilities, and maintenance procedures.

    Info-Tech recommends embedding hyperlinks within the Summary to the rest of your BCP documentation to allow the reader to drill down further as needed. Leverage the following documents:

    • Business Impact Analysis
    • BCP Recovery Workflows
    • Business Process Workflows
    • BCP Project Roadmap
    • BCP Relocation Checklists
    • Business Continuity Policy

    Download Info-Tech’s BCP Summary Document

    Reuse templates for additional exercises

    The same methodology described in this blueprint can be repeated for each business unit. Also, many of the artifacts from the BCP pilot can be reused or built upon to give the remaining business units a head start. For example:

    • BCP Pilot Project Charter Template. Make a copy to use as a base for the next business unit’s BCP project charter, and update the stakeholders/roles and milestone dates. The rest of the content can remain the same in most cases.
    • BCP Reference Workbook. This tool contains information common to all business units and can be updated as needed.
    • BCP Business Impact Analysis Tool. You may need to start a separate copy for each business unit to allow enough space to capture all business processes. However, use the same scoring scale to drive consistent assessments. In addition, the scoring completed by the pilot business unit provides an example and benchmark for assessing other business processes.
    • BCP Recovery Workflow. The notification, assessment, and declaration steps can be standardized so remaining business units can focus primarily on recovery after a disaster is declared. Similarly, many of the steps related to alternate sites and IT workarounds will also apply to other business units.
    • BCP Project Roadmap Tool. Many of the projects identified by the pilot business unit will also apply to other business units – update the list as needed.
    • The Business Unit BCP Prioritization Tool, BCP Executive Presentation, and Business Continuity Policy Template do not need to be updated for each business unit.

    Info-Tech Best Practice

    You may need to create some artifacts that are site specific. For example, relocation plans or emergency plans may not be reusable from one site to another. Use your judgement to reuse as much of the templates as you can – similar templates simplify audit, oversight, and plan management.

    Create an Overall BCP Project Charter

    Modify the pilot project charter to encompass the larger BCP project.

    Adjust the pilot charter to answer the following questions:

    • How much time and effort should the rest of the project take, based on findings from the pilot? When do you expect to meet certain milestones? What outputs and outcomes are expected?
    • In what order should additional business units complete their BCP? Who needs to be involved?
    • What projects to address continuity gaps were identified during the pilot? What investments will likely be required?
    • What additional documentation is required? This section and the appendix include templates to document your BCM Policy, Teams & Contacts, your notification procedures, and more.
    • How does this integrate with the other areas of business resilience and continuity (IT disaster recovery planning and crisis management planning)?
    • What additional activities, such as testing, are required?

    Prioritize business units for further BCP activities.

    As with the pilot, choose a business unit, or business units, where BCP will have the greatest impact and where further BCP activities will have the greatest likelihood of success. Prioritize business units that are critical to many areas of the business to get key results sooner.

    Work with one business unit at a time if:

    • Required resources from the business unit are available to focus on BCP full-time over a short period (one to two weeks).
    • More hands-on guidance (less delegation) is needed.
    • The business unit is large or has complex processes.

    Work with several business units at the same time if:

    • Required resources are only available sporadically over a longer period of time.
    • Less guidance (more delegation) is possible.
    • All business units are small and have well-documented processes.

    Download Info-Tech’s Business Unit BCP Prioritization Tool

    Step 4.2

    Outline a Business Continuity Management (BCM) Program

    This step will walk you through the following activities:

    • Identify teams and roles for BCP and business continuity management.
    • Identify individuals to fill key roles.

    This step involves the following participants:

    • BCP Coordinator
    • Executive Sponsor

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Document BCP teams, roles, and responsibilities.

    Document contact information, alternates, and succession rules.

    Outline a Business Continuity Management Program

    A BCM program, also known as a BCM system, helps structure business continuity activities and practices to deliver long-term benefits to your business.

    A BCM program should:

    • Establish who is responsible and accountable for BCP practices, activities, and documentation, and set documentation management practices.
    • Define a process to improve plans. Review and update continuity requirements, suggest enhancements to recovery capabilities, and measure progress and improvements to the plan over time.
    • Coordinate disaster recovery, business continuity, and crisis management planning outputs and practices.
    • Communicate the value of the continuity program to the organization.

    Develop a Business Continuity Management Program

    Phase 4 of this blueprint will focus on the following elements of a business continuity management program:

    • BCM Roles, Responsibilities, and Accountabilities
    • BCM Document Management Practices
    • Integrate BC, IT DR, Crisis Management, and Emergency Management
    • Business Continuity Plan maintenance and testing
    • Training and awareness

    Schedule a call with an Info-Tech Analyst for help building out these core elements, and for advice on developing the rest of your BCM program.

    Create BCM teams

    Include a mix of strong leaders and strong planners on your BC management teams.

    BC management teams (including the secondary teams such as the emergency response team) have two primary roles:

    1. Preparation, Planning, and Governance: Conduct and consolidate business impact analyses. Review, and support the development of recovery workflows, including emergency response plans and business unit recovery workflows. Organize testing and training. Report on the state of the continuity plan.
    2. Leadership During a Crisis: Coordinate and support the execution of business recovery processes. To meet these goals, each team needs a mix of skill sets.

    Crisis leaders require strong crisis management skills:

    • Ability to make quick decisions under pressure with incomplete information.
    • Excellent verbal communication skills.
    • Strong leadership skills. Calm in stressful situations.
    • Team leaders are ideally, but not necessarily, those with the most senior title on each team. It’s more important that the team leader has the appropriate skill set.

    Collectively, the team must include a broad range of expertise as well as strong planning skills:

    • Diverse expertise to be able to plan for and respond to a wide range of potential incidents, from health and safety to reputational damage.
    • Excellent organizational skills and attention to detail.
    • Excellent written communication skills.

    Note: For specific BC team roles and responsibilities, including key resources such as Legal, HR, and IT SMEs required to prepare for and execute crisis management plans, see Implement Crisis Management Best Practices.

    Structure the BCM Team

    Create a hierarchy of teams to govern and coordinate business continuity planning and crisis management.

    BCM Team: Govern business continuity, DR, and crisis management planning. Support the organization’s response to a crisis, including the decision to declare a disaster or emergency.

    Emergency Response Teams: Assist staff and BC teams during a crisis, with a focus first on health and safety. There’s usually one team per location. Develop and maintain emergency response plans.

    Emergency Response Teams: Assist staff and BC teams during a crisis, with a focus first on health and safety. There’s usually one team per location. Develop and maintain emergency response plans.

    IT Disaster Recovery Team: Manage the recovery of IT services and data following an incident. Develop and maintain the IT DRP.

    Business Unit BCP Teams: Coordinate business process recovery at the business unit level. Develop and maintain business unit BCPs.

    “Planning Mode”

    Executive Team → BC Management Team ↓

    • Emergency Response Teams (ERT)
    • Crisis Management Team
    • IT DR Management Team
    • Business Unit BCP Teams

    “Crisis Mode”

    Executive Team ↔Crisis Management Team↓ ↔ Emergency Response Teams (ERT)

    • BC Management Team
    • IT DR Management Team
    • Business Unit BCP Teams

    For more details on specific roles to include on these teams, as well as more information on crisis management, review Info-Tech’s blueprint, Implement Crisis Management Best Practices.

    Tool: BCM Teams, Roles, Contacts, and Vendors

    Track teams, roles, and contacts in this template. It is pre-populated with roles and responsibilities for business continuity, crisis management, IT disaster recovery, emergency response, and vendors and suppliers critical to business operations.

    • Expect overlap across teams. For example, the BC Management Team will include representation from each secondary team to ensure plans are in sync. Similarly, both the Crisis Communication Team and BC Management Team should include a representative from your legal team to ensure legal issues are considered in communications as well as overall crisis management.
    • Clarify spending and decision authority for key members of each team during a crisis.

    Track contact information in this template only if you don’t have a more streamlined way of tracking it elsewhere.

    Download Info-Tech’s Business Continuity Teams and Roles Tool

    Manage key vendors

    Review supplier capabilities and contracts to ensure they meet your requirements.

    Suppliers and vendors might include:

    • Material shipments
    • IT/telecoms service providers
    • Integrators and business process outsourcing providers
    • Independent contractors
    • Utilities (power, water, etc.)

    Supplier RTOs and RPOs should align with the acceptable RTOs and RPOs defined in the BIA. Where they do not, explore options for improvement.

    Confirm the following:

    1. The supplier’s own BC/DR capabilities – how they would recover their own operations in a disaster scenario.
    2. Any continuity services the supplier provides – how they can help you recover your operations in a disaster scenario.
    3. Their existing contractual obligations for service availability (e.g. SLAs).

    Download Info-Tech’s BCP Supplier Evaluation Questionnaire

    Organize your BCMS documentation

    Your BCP isn’t any one document. It’s multiple documents that work together.

    Continue to work through any additional required documentation. Build a repository where master copies of each document will reside and can be updated as required. Assign ownership of document management to someone with an understanding of the process (e.g. the BCP Coordinator).

    Governance Recovery
    BCMS Policy BCP Summary Core BCP Recovery Workflows
    Business Process Workflows Action Items & Project Roadmap BCP Recovery Checklists
    BIA Teams, Roles, Contact Information BCP Business Process Workarounds and Recovery Checklists
    BCP Maturity Scorecard BCP Project Charter Additional Recovery Workflows
    Business Unit Prioritization Tool BCP Presentation

    Info-Tech Best Practice

    Recovery documentation has a different audience, purpose, and lifecycle than governance documentation, and keeping the documents separate can help with content management. Disciplined document management keeps the plan current and accessible.

    Align your IT DRP with your BCP

    Use the following BCP outputs to inform your DRP:

    • Business process technology dependencies. This includes technology not controlled by IT (e.g. cloud-based services).
    • RTOs and RPOs for business processes.
    • Technology projects identified by the business to improve resilience (e.g. improved mobility support).
    PCP Outputs DRP Activities
    Business processes defined Identify critical applications

    Dependencies identified:

    • People
    • Enterprise tech
    • Personal devices
    • Workspace and facilities
    • Services and other inputs

    Identify IT dependencies:

    • Infrastructure
    • Secondary applications

    Recovery objectives defined:

    • BIA and RTOs/RPOs
    • Recovery workflows

    Identify recovery objectives:

    • BIA and RTOs/RPOs
    • IT Recovery workflows

    Projects identified to close gaps:

    • Resourcing changes (e.g. training secondary staff)
    • Process changes (e.g. optimize processes and define interim processes)
    • Technology changes (e.g. improving mobility)

    Identify projects to close gaps:

    • Projects to improve DR capability (e.g. data replication, standby systems).
    • Projects to improve resiliency (e.g. redundant components)

    Info-Tech Insight

    Don’t think of inconsistencies between your DRP and BCP as a problem. Discrepancies between the plans are part of the discovery process, and they’re an opportunity to have a conversation that can improve alignment between IT service capabilities and business needs. You should expect that there will be discrepancies – managing discrepancies is part of the ongoing process to refine and improve both plans.

    Schedule activities to keep BC and DR in sync

    BC/DR Planning Workflow

    1. Collect BCP outputs that impact IT DRP (e.g. technology RTOs/RPOs).

    2. As BCPs are done, BCP Coordinator reviews outputs with IT DRP Management Team.

    3. Use the RTOs/RPOs from the BCPs as a starting point to determine IT recovery plans.

    4. Identify investments required to meet business-defined RTOs/RPOs, and validate with the business.

    5. Create a DR technology roadmap to meet validated RTOs/RPOs.

    6. Review and update business unit BCPs to reflect updated RTOs/RPOs.

    Find and address shadow IT

    Reviewing business processes and dependencies can identify workarounds or shadow IT solutions that weren’t visible to IT and haven’t been included in IT’s DR plan.

    • If you identify technology process dependencies that IT didn’t know about, it can be an opportunity to start a conversation about service support. This can be a “teachable moment” to highlight the risks of adopting and implementing technology solutions without consulting IT.
    • Highlight the possible impact of using technology services that aren’t supported by IT. For example:
      • RTOs and RPOs may not be in line with business requirements.
      • Costs could be higher than supported solutions.
      • Security controls may not be in line with compliance requirements.
      • IT may not be able to offer support when the service breaks or build new features or functionality that might be required in the future.
    • Make sure that if IT is expected to support shadow IT solutions, these systems are included in the IT DRP and that the risks and costs of supporting the non-core solution are clear to all parties and are compared to an alternative, IT-recommended solutions.

    Shadow IT can be a symptom of larger service support issues. There should be a process for requesting and tracking non-standard services from IT with appropriate technical, security, and management oversight.

    Review and reprioritize BC projects to create an overall BC project roadmap

    Assign the BCP Coordinator the task of creating a master list of BC projects, and then work with the BC management team to review and reprioritize this list, as described below:

    1. Build a list of BC projects as you work with each business unit.
      1. Add proposed projects to a master copy of the BCP Project Roadmap Tool
      2. For each subsequent business unit, copy project names, scoring, and timelines into the master roadmap tool.
    2. Work with the Executive Sponsor, the IT BCM representative, and the BCM team to review and reprioritize projects.
      1. In the master BCP Project Roadmap Tool, review and update project scoring, taking into account the relative importance of each project within the overall list. Rationalize the list (e.g. eliminate duplicate projects).
    3. The project roadmap is a suggested list of projects at this stage. Assign a project sponsor and project manager (from the BC management team or appropriate delegates) to each project to take it through your organization’s normal project scoping and approval process.

    Improving business continuity capabilities is a marathon, not a sprint. Change for the better is still change and introduces risk – massive changes introduce massive risk. Incremental changes help minimize disruption. Use Info-Tech research to deliver organizational change.

    "Developing a BCP can be like solving a Rubik’s Cube. It’s a complex, interdepartmental concern with multiple and sometimes conflicting objectives. When you have one side in place, another gets pushed out of alignment." – Ray Mach, BCP Expert

    Step 4.3

    Test and maintain your BCP

    This step will walk you through the following activities:

    • Create additional documentation to support your business continuity plan.
    • Create a repository for documentation, and assign ownership for BCP documentation.

    This step involves the following participants:

    • BCP Coordinator

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Create a plan to maintain the BCP.

    Iterate on your plan

    Tend your garden, and pull the weeds.

    Mastery comes through practice and iteration. Iterating on and testing your plan will help you keep up to date with business changes, identify plan improvements, and help your organization’s employees develop a mindset of continuity readiness. Maintenance drives continued success; don’t let your plan become stagnant, messy, and unusable.

    Your BCM program should structure BCP reviews and updates by answering the following:

    1. When do we review the plan?
    2. What are the goals of a review?
    3. Who must lead reviews and update BCP documents?
    4. How do we track reviews, tests, and updates?

    Structure plan reviews

    There are more opportunities for improvements than just planned reviews.

    At a minimum, review goals should include:

    1. Identify and document changes to BCP requirements.
    2. Identify and document changes to BCP capabilities.
    3. Identify gaps and risks and ways to remediate risks and close gaps.

    Who leads reviews and updates documents?

    The BCP Coordinator is likely heavily involved in facilitating reviews and updating documentation, at least at first. Look for opportunities to hand off document ownership to the business units over time.

    How do we track reviews, tests, and updates?

    Keep track of your good work by keeping a log of document changes. If you don’t have one, you can use the last tab on the BCP-DRP Maintenance Checklist.

    When do we review the plan?

    1. Scheduled reviews: At a minimum, plan reviews once a year. Plan owners should review the documents, identify needed updates, and notify the coordinator of any changes to their plan.
    2. As-needed reviews: Project launches, major IT upgrades, office openings or moves, organizational restructuring – all of these should trigger a BCP review.
    3. Testing exercises: Schedule controlled exercises to test and improve different aspects of your continuity plan, and ensure that lessons learned become part of plan documentation.
    4. Retrospectives: Take the opportunity to learn from actual continuity events and crises by conducting retrospectives to evaluate your response and brainstorm improvements.

    Conduct a retrospective after major incidents

    Use a retrospective on your COVID-19 response as a starting point. Build on the questions below to guide the conversation.

    • If needed, how did we set up remote work for our users? What worked, and what didn’t?
    • Did we discover any long-term opportunities to improve business processes?
    • Did we use any continuity plans we have documented?
    • Did we effectively prioritize business processes for recovery?
    • Were expectations from our business users in line with our plans?
    • What parts of our plan worked, and where can we improve the plan?
    1. Gather stakeholders and team members
    2. Ask:
      1. What happened?
      2. What did we learn?
      3. What did we do well?
      4. What should we have done differently?
      5. What gaps should we take action to address?
    3. Prepare a plan to take action

    Outcomes and benefits

    • Confirm business priorities.
    • Validate that business recovery solutions and procedures are effective in meeting business requirements (i.e. RTOs and RPOs).
    • Identify gaps in continuity resources, procedures, or documentation, and options to close gaps.
    • Build confidence in the response team and recovery capabilities.

    Tool: Testing and Maintenance Schedule

    Build a light-weight maintenance schedule for your BCP and DRP plans.

    This tool helps you set a schedule for plan update activities, identify document and exercise owners, and log updates for audit and governance purposes.

    • Add the names of your documents and brainstorm update activities.
    • Activities (document updates, testing, etc.) might be scheduled regularly, as-needed, or both. If they happen “as needed,” identify the trigger for the activity.
    • Start tracking past activities and resulting changes in Tab 3. You can also track crises that tested your continuity capabilities on this tab.

    Info-Tech Insight

    Everyone gets busy. If there’s a meeting you can schedule months in advance, schedule it months in advance! Then send reminders closer to the date. As soon as you’re done the pilot BCP, set aside time in everyone’s calendar for your first review session, whether that’s three months, six months, or a year from now.

    Appendix

    Additional BCP Tools and Templates

    Template Library: Business Continuity Policy

    Create a high-level policy to govern BCP and clarify BCP requirements.

    Use this template to:

    • Outline the organizational commitment to BCM.
    • Clarify the mandate to prepare, validate, and maintain continuity plans that align with business requirements.
    • Define specific policy statements that signatories to the policy are expected to uphold.
    • Require key stakeholders to review and sign off on the template.

    Download Info-Tech’s Business Continuity Policy template

    Template Library: Workarounds & Recovery Checklists

    Capture the step-by-step details to execute workarounds and steps in the business recovery process.

    If you require more detail to support your recovery procedures, you can use this template to:

    • Record specific steps or checklists to support specific workarounds or recovery procedures.
    • Identify prerequisites for workarounds or recovery procedures.

    Download Info-Tech’s BCP Process Workarounds & Recovery Checklists Template

    Template Library: Notification, Assessment, Declaration

    Create a procedure that outlines the conditions for assessing a disaster situation and invoking the business continuity plan.

    Use this template to:

    • Guide the process whereby the business is notified of an incident, assesses the situation, and declares a disaster.
    • Set criteria for activating business continuity plans.
    • Review examples of possible events, and suggest options on how the business might proceed or react.

    Download Info-Tech’s BCP Notification, Assessment, and Disaster Declaration Plan template

    Template Library: BCP Recovery Workflow Example

    Review an example of BCP recovery workflows.

    Use this template to:

    • Generate ideas for your own recovery processes.
    • See real examples of recovery processes for warehousing, supply, and distribution operations.
    • Review an example of working BCP documentation.

    Download Info-Tech’s BCP Recovery Workflows Example

    Create a Pandemic Response Plan

    If you’ve been asked to build a pandemic-specific response plan, use your core BCP findings to complete these pandemic planning documents.

    • At the onset of the COVID-19 crisis, IT departments were asked to rapidly ramp up work-from-home capabilities and support other process workarounds.
    • IT managers already knew that obstacles to working from home would go beyond internet speed and needing a laptop. Business input is critical to uncover unexpected obstacles.
    • IT needed to address a range of issues from security risk to increased service desk demand from users who don’t normally work from home.
    • Workarounds to speed the process up had to be balanced with good IT practices and governance (Asset Management, Security, etc.)
    • If you’ve been asked to update your Pandemic Response Plan, use this template and your core BCP deliverables to deliver a set of streamlined documentation that draws on lessons learned from the COVID-19 pandemic.

    Structure HR’s role in the pandemic plan

    Leverage the following materials from Info-Tech’s HR-focused sister company, McLean & Company.

    These HR research resources live on the website of Info-Tech’s sister company, McLean & Company. Contact your Account Manager to gain access to these resources.

    Summary of Accomplishment

    Knowledge Gained

    This blueprint outlined:

    • The streamlined approach to BCP development.
    • A BIA process to identify acceptable, appropriate recovery objectives.
    • Tabletop planning exercises to document and validate business recovery procedures.

    Processes Optimized

    • Business continuity development processes were optimized, from business impact analysis to incident response planning.
    • In addition, pilot business unit processes were identified and clarified to support BCP development, which also provided the opportunity to review and optimize those processes.

    Key Deliverables Completed

    • Core BCP deliverables for the pilot business unit, including a business impact analysis, recovery workflows, and a project roadmap.
    • BCP Executive Presentation to communicate pilot results as well as a summary of the methodology to the executive team.
    • BCP Summary to provide a high-level view of BCP scope, objectives, capabilities, and requirements.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Research Contributors and Experts

    Dr. Bernard A. Jones, MBCI, CBCP

    Professor and Continuity Consultant Berkeley College

    Dr. Jones is a professor at Berkeley College within the School of Professional Studies teaching courses in Homeland Security and Emergency Management. He is a member of the National Board of Directors for the Association of Continuity Professionals (ACP) as well as the Information & Publications Committee Chair for the Garden State Chapter of the ACP. Dr. Jones earned a doctorate degree in Civil Security Leadership, Management & Policy from New Jersey City University where his research focus was on organizational resilience.

    Kris L. Roberson

    Disaster Recovery Analyst Veterans United Home Loans

    Kris Roberson is the Disaster Recovery Analyst for Veterans United Home Loans, the #1 VA mortgage lender in the US. Kris oversees the development and maintenance of the Veterans United Home Loans DR program and leads the business continuity program. She is responsible for determining the broader strategies for DR testing and continuity planning, as well as the implementation of disaster recovery and business continuity technologies, vendors, and services. Kris holds a Masters of Strategic Leadership with a focus on organizational change management and a Bachelors in Music. She is a member of Infragard, the National Association of Professional Women, and Sigma Alpha Iota, and holds a Project+ certification.

    Trevor Butler

    General Manager of Information Technology City of Lethbridge

    As the General Manager of Information Technology with the City of Lethbridge, Trevor is accountable for providing strategic management and advancement of the city’s information technology and communications systems consistent with the goals and priorities of the corporation while ensuring that corporate risks are appropriately managed. He has 15+ years of progressive IT leadership experience, including 10+ years with public sector organizations. He holds a B.Mgt. and PMP certification along with masters certificates in both Project Management and Business Analysis.

    Robert Miller

    Information Services Director Witt/Kieffer

    Bob Miller is the Information Services Director at Witt/Kieffer. His department provides end-user support for all company-owned devices and software for Oak Brook, the regional offices, home offices, and traveling employees. The department purchases, implements, manages, and monitors the infrastructure, which includes web hosting, networks, wireless solutions, cell phones, servers, and file storage. Bob is also responsible for the firm’s security planning, capacity planning, and business continuity and disaster preparedness planning to ensure that the firm has functional technology to conduct business and continue business growth.

    Related Info-Tech Research

    Create a Right-Sized Disaster Recovery Plan

    Close the gap between your DR capabilities and service continuity requirements.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Go beyond satisfying auditors to drive process improvement, consistent IT operations, and effective knowledge transfer.

    Select the Optimal Disaster Recovery Deployment Model

    Determine which deployment models, including hybrid solutions, best meet your DR requirements.

    Bibliography

    “Business Continuity Planning.” IT Examination HandBook. The Federal Financial Institution Examination Council (FFIEC), February 2015. Web.

    “Business Continuity Plans and Emergency Contact Information.” FINRA, 12 February 2015. Web.

    “COBIT 5: A Business Framework for the Governance and Management of Enterprise IT.” ISACA, n.d. Web.

    Disaster Resource GUIDE. Emergency Lifeline Corporation, n.d. Web.

    “DR Rules & Regulations.” Disaster Recovery Journal, March 2017. Web.

    “Federal Information Security Management Act (FISMA).” Homeland Security, 2014. Web.

    FEMA. “Planning & Templates.” FEMA, n.d. Web.

    “FINRA-SEC-CFTC Joint Advisory (Regulatory Notice 13-25).” FINRA, August 2013. Web.

    Gosling, Mel and Andrew Hiles. “Business Continuity Statistics: Where Myth Meets Fact.” Continuity Central, 24 April 2009. Web.

    Hanwacker, Linda. “COOP Templates for Success Workbook.” The LSH Group, 2016. Web.

    Potter, Patrick. “BCM Regulatory Alphabet Soup – Part Two.” RSA Link, 28 August 2012. Web.

    The Good Practice Guidelines. Business Continuity Institute, 2013. Web.

    Wang, Dashun and James A. Evans. “When Small Teams are Better than Big Ones.” Harvard Business Review, 21 February 2019. Web.

    Build a Reporting and Analytics Strategy

    • Buy Link or Shortcode: {j2store}128|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $49,748 Average $ Saved
    • member rating average days saved: 28 Average Days Saved
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • In respect to business intelligence (BI) matureness, you can’t expect the whole organization to be at the same place at the same time. Your BI strategy needs to recognize this and should strive to align rather than dictate.
    • Technology is just one aspect of your BI and analytics strategy and is not a quick solution or a guarantee for long-term success.

    Our Advice

    Critical Insight

    • The BI strategy drives data warehouse and integration strategies and the data needed to support business decisions.
    • The solution to better BI often lies in improving the BI practice, not acquiring the latest and greatest tool.

    Impact and Result

    • Align BI with corporate vision, mission, goals, and strategic direction.
    • Understand the needs of business partners.
    • BI & analytics informs data warehouse and integration layers for required content, latency, and quality.

    Build a Reporting and Analytics Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create or refresh the BI Strategy and review Info-Tech’s approach to developing a BI strategy that meets business needs.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the business context and BI landscape

    Lay the foundation for the BI strategy by detailing key business information and analyzing current BI usage.

    • Build a Reporting and Analytics Strategy – Phase 1: Understand the Business Context and BI Landscape
    • BI Strategy and Roadmap Template
    • BI End-User Satisfaction Survey Framework

    2. Evaluate the current BI practice

    Assess the maturity level of the current BI practice and envision a future state.

    • Build a Reporting and Analytics Strategy – Phase 2: Evaluate the Current BI Practice
    • BI Practice Assessment Tool

    3. Create a BI roadmap for continuous improvement

    Create BI-focused initiatives to build an improvement roadmap.

    • Build a Reporting and Analytics Strategy – Phase 3: Create a BI Roadmap for Continuous Improvement
    • BI Initiatives and Roadmap Tool
    • BI Strategy and Roadmap Executive Presentation Template
    [infographic]

    Workshop: Build a Reporting and Analytics Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Vision and Understand the Current BI Landscape

    The Purpose

    Document overall business vision, mission, and key objectives; assemble project team.

    Collect in-depth information around current BI usage and BI user perception.

    Create requirements gathering principles and gather requirements for a BI platform.

    Key Benefits Achieved

    Increased IT–business alignment by using the business context as the project starting point

    Identified project sponsor and project team

    Detailed understanding of trends in BI usage and BI perception of consumers

    Refreshed requirements for a BI solution

    Activities

    1.1 Gather key business information (overall mission, goals, objectives, drivers).

    1.2 Establish a high-level ROI.

    1.3 Identify ideal candidates for carrying out a BI project.

    1.4 Undertake BI usage analyses, BI user perception survey, and a BI artifact inventory.

    1.5 Develop requirements gathering principles and approaches.

    1.6 Gather and organize BI requirements

    Outputs

    Articulated business context that will guide BI strategy development

    ROI for refreshing the BI strategy

    BI project team

    Comprehensive summary of current BI usage that has quantitative and qualitative perspectives

    BI requirements are confirmed

    2 Evaluate Current BI Maturity and Identify the BI Patterns for the Future State

    The Purpose

    Define current maturity level of BI practice.

    Envision the future state of your BI practice and identify desired BI patterns.

    Key Benefits Achieved

    Know the correct migration method for Exchange Online.

    Prepare user profiles for the rest of the Office 365 implementation.

    Activities

    2.1 Perform BI SWOT analyses.

    2.2 Assess current state of the BI practice and review results.

    2.3 Create guiding principles for the future BI practice.

    2.4 Identify desired BI patterns and the associated BI functionalities/requirements.

    2.5 Define the future state of the BI practice.

    2.6 Establish the critical success factors for the future BI, identify potential risks, and create a mitigation plan.

    Outputs

    Exchange migration strategy

    Current state of BI practice is documented from multiple perspectives

    Guiding principles for future BI practice are established, along with the desired BI patterns linked to functional requirements

    Future BI practice is defined

    Critical success factors, potential risks, and a risk mitigation plan are defined

    3 Build Improvement Initiatives and Create a BI Development Roadmap

    The Purpose

    Build overall BI improvement initiatives and create a BI improvement roadmap.

    Identify supplementary initiatives for enhancing your BI program.

    Key Benefits Achieved

    Defined roadmap composed of robust improvement initiatives

    Activities

    3.1 Create BI improvement initiatives based on outputs from phase 1 and 2 activities. Build an improvement roadmap.

    3.2 Build an improvement roadmap.

    3.3 Create an Excel governance policy.

    3.4 Create a plan for a BI ambassador network.

    Outputs

    Comprehensive BI initiatives placed on an improvement roadmap

    Excel governance policy is created

    Internal BI ambassadors are identified

    Further reading

    Build a Reporting and Analytics Strategy

    Deliver actionable business insights by creating a business-aligned reporting and analytics strategy.

    Terminology

    As the reporting and analytics space matured over the last decade, software suppliers used different terminology to differentiate their products from others’. This caused a great deal of confusion within the business communities.

    Following are two definitions of the term Business Intelligence:

    Business intelligence (BI) leverages software and services to transform data into actionable insights that inform an organization’s strategic and tactical business decisions. BI tools access and analyze data sets and present analytical findings in reports, summaries, dashboards, graphs, charts, and maps to provide users with detailed intelligence about the state of the business.

    The term business intelligence often also refers to a range of tools that provide quick, easy-to-digest access to insights about an organization's current state, based on available data.

    CIO Magazine

    Business intelligence (BI) comprises the strategies and technologies used by enterprises for the data analysis of business information. BI technologies provide historical, current, and predictive views of business operations.

    Common functions of business intelligence technologies include reporting, online analytical processing, analytics, data mining, process mining, complex event processing, business performance management, benchmarking, text mining, predictive analytics, and prescriptive analytics.

    Wikipedia

    This blueprint will use the terms “BI,” “BI and Analytics,” and “Reporting and Analytics” interchangeably in different contexts, but always in compliance to the above definitions.

    ANALYST PERSPECTIVE

    A fresh analytics & reporting strategy enables new BI opportunities.

    We need data to inform the business of past and current performance and to support strategic decisions. But we can also drown in a flood of data. Without a clear strategy for business intelligence, a promising new solution will produce only noise.

    BI and Analytics teams must provide the right quantitative and qualitative insights for the business to base their decisions on.

    Your Business Intelligence and Analytics strategy must support the organization’s strategy. Your strategy for BI & Analytics provides direction and requirements for data warehousing and data integration, and further paves the way for predictive analytics, big data analytics, market/industry intelligence, and social network analytics.

    Dirk Coetsee,

    Director, Data and Analytics Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • A CIO or Business Unit (BU) Leader looking to improve reporting and analytics, reduce time to information, and embrace fact-based decision making with analytics, reporting, and business intelligence (BI).
    • Application Directors experiencing poor results from an initial BI tool deployment who are looking to improve the outcome.

    This Research Will Also Assist:

    • Project Managers and Business Analysts assigned to a BI project team to collect and analyze requirements.
    • Business units that have their own BI platforms and would like to partner with IT to take their BI to an enterprise level.

    This Research Will Help You:

    • Align your reporting and analytics strategy with the business’ strategic objectives before you rebuild or buy your Business Intelligence platform.
    • Identify reporting and analytics objectives to inform the data warehouse and integration requirements gathering process.
    • Avoid common pitfalls that derail BI and analytic deployments and lower their adoption.
    • Identify Business Intelligence gaps prior to deployment and incorporate remedies within your plans.

    This Research Will Help Them:

    • Recruit the right resources for the program.
    • Align BI with corporate vision, mission, goals, and strategic direction.
    • Understand the needs of business partners.
    • Assess BI maturity and plan for target state.
    • Develop a BI strategy and roadmap.
    • Track the success of the BI initiative.

    Executive summary

    Situation:

    BI drives a new reality. Uber is the world’s largest taxi company and they own no vehicles; Alibaba is the world’s most valuable retailer and they have no inventory; Airbnb is the world’s largest accommodation provider and they own no real estate. How did they disrupt their markets and get past business entry barriers? A deep understanding of their market through impeccable business intelligence!

    Complication:

    • In respect to BI matureness, you can’t expect the whole organization to be at the same place at the same time. Your BI strategy needs to recognize this and should strive to align rather than dictate.
    • Technology is just one aspect of your BI and Analytics strategy and is not a quick solution or a guarantee for long term success.

    Resolution:

    • Drive strategy development by establishing the business context upfront in order to align business intelligence providers with the most important needs of their BI consumers and the strategic priorities of the organization.
    • Revamp or create a BI strategy to update your BI program to make it fit for purpose.
    • Understand your existing BI baggage – e.g. your existing BI program, the artifacts generated from the program, and the users it supports. Those will inform the creation of the strategy and roadmap.
    • Assess current BI maturity and determine your future state BI maturity.
    • BI needs governance to ensure consistent planning, communication, and execution of the BI strategy.
    • Create a network of BI ambassadors across the organization to promote BI.
    • Plan for the future to ensure that required data will be available when the organization needs it.

    Info-Tech Insight

    1. Put the “B” back in BI. Don’t have IT doing BI for IT’s sake; ensure the voice and needs of the business are the primary drivers of your strategy.
    2. The BI strategy drives data warehouse and integration strategies and the data needs to support business decisions.
    3. Go beyond the platform. The solution to better BI often lies in improving the BI practice, not acquiring the latest and greatest tool.

    Metrics to track BI & Analytical program progress

    Goals for BI:

    • Understand business context and needs. Identify business processes that can leverage BI.
    • Define the Reporting & Analytics Roadmap. Develop data initiatives, and create a strategy and roadmap for Business Intelligence.
    • Continuous improvements. Your BI program is evolving and improving over time. The program should allow you to have faster, better, and more comprehensive information.

    Info-Tech’s Suggested Metrics for Tracking the BI Program

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    Program Level Metrics Efficiency
    • Time to information
    • Self-service penetration
    • Derive from the ticket management system
    • Derive from the BI platform
    • 10% reduction in time to information
    • Achieve 10-15% self-service penetration
    • Effectiveness
    • BI Usage
    • Data quality
    • Derive from the BI platform
    • Data quality perception
    • Majority of the users use BI on a daily basis
    • 15% increase in data quality perception
    Comprehensiveness
    • # of integrated datasets
    • # of strategic decisions made
    • Derive from the data integration platform
    • Decision-making perception
    • Onboard 2-3 new data domains per year
    • 20% increase in decision-making perception

    Intangible Metrics:

    Tap into the results of Info-Tech’s CIO Business Vision diagnostic to monitor the changes in business-user satisfaction as you implement the initiatives in your BI improvement roadmap.

    Your Enterprise BI and Analytics Strategy is driven by your organization’s Vision and Corporate Strategy

    Formulating an Enterprise Reporting and Analytics Strategy requires the business vision and strategies to first be substantiated. Any optimization to the Data Warehouse, Integration and Source layer is in turn driven by the Enterprise Reporting and Analytics Strategy

    Flow chart showing 'Business Vision Strategies'

    The current state of your Integration and Warehouse platforms determine what data can be utilized for BI and Analytics

    Where we are, and how we got here

    How we got here

    • In the beginning was BI 1.0. Business intelligence began as an IT-driven centralized solution that was highly governed. Business users were typically the consumers of reports and dashboards created by IT, an analytics-trained minority, upon request.
    • In the last five to ten years, we have seen a fundamental shift in the business intelligence and analytics market, moving away from such large-scale, centralized IT-driven solutions focused on basic reporting and administration, towards more advanced user-friendly data discovery and visualization platforms. This has come to be known as BI 2.0.
    • Many incumbent market leaders were disrupted by the demand for more user-friendly business intelligence solutions, allowing “pure-play” BI software vendors to carve out a niche and rapidly expand into more enterprise environments.
    • BI-on-the-cloud has established itself as a solid alternative to in-house implementation and operation.

    Where we are now

    • BI 3.0 has arrived. This involves the democratization of data and analytics and a predominantly app-centric approach to BI, identifiable by an anywhere, anytime, and device-or-platform-independent collaborative methodology. Social workgroups and self-guided content creation, delivery, analysis, and management is prominent.
    • Where the need for reporting and dashboards remains, we’re seeing data discovery platforms fulfilling the needs of non-technical business users by providing easy-to-use interactive solutions to increase adoption across enterprises.
    • With more end users demanding access to data and the tools to extract business insights, IT is looking to meet these needs while continuing to maintain governance and administration over a much larger base of users. The race for governed data discovery is heated and will be a market differentiator.
    • The next kid on the block is Artificial Intelligence that put further demands on data quality and availability.

    RICOH Canada used this methodology to develop their BI strategy in consultation with their business stakeholders

    CASE STUDY

    Industry: Manufacturing and Retail

    Source: RICOH

    Ricoh Canada transforms the way people work with breakthrough technologies that help businesses innovate and grow. Its focus has always been to envision what the future will look like so that it can help its customers prepare for success. Ricoh empowers digital workplaces with a broad portfolio of services, solutions, and technologies – helping customers remove obstacles to sustained growth by optimizing the flow of information and automating antiquated processes to increase workplace productivity. In their commitment towards a customer-centric approach, Ricoh Canada recognized that BI and analytics can be used to inform business leaders in making strategic decisions.

    Enterprise BI and analytics Initiative

    Ricoh Canada enrolled in the ITRG Reporting & Analytics strategy workshop with the aim to create a BI strategy that will allow the business to harvest it strengths and build for the future. The workshop acted as a forum for the different business units to communicate, share ideas, and hear from each other what their pains are and what should be done to provide a full customer 360 view.

    Results

    “This workshop allowed us to collectively identify the various stakeholders and their unique requirements. This is a key factor in the development of an effective BI Analytics tool.” David Farrar

    The Customer 360 Initiative included the following components

    The Customer 360 Initiative includes the components shown in the image

    Improve BI Adoption Rates

    Graph showing Product Adoption Rates

    Sisense

    Reasons for low BI adoption

    • Employees that never used BI tools are slow to adopt new technology.
    • Lack of trust in data leads to lack of trust in the insights.
    • Complex data structures deter usage due to long learning curves and contained nuances.
    • Difficult to translate business requirements into tool linguistics due to lack of training or technical ineptness.
    • Business has not taken ownership of data, which affects access to data.

    How to foster BI adoption

    • Senior management proclaim data as a strategic asset and involved in the promotion of BI
    • Role Requirement that any business decision should be backed up by analytics
    • Communication of internal BI use case studies and successes
    • Exceptional data lineage to act as proof for the numbers
    • A Business Data glossary with clearly defined business terms. Use the Business Data Glossary in conjunction with data lineage and semantic layers to ensure that businesses are clearly defined and traced to sources.
    • Training in business to take ownership of data from inception to analytics.

    Why bother with analytics?

    In today’s ever-changing and global environment, organizations of every size need to effectively leverage their data assets to facilitate three key business drivers: customer intimacy, product/service innovation, and operational excellence. Plus, they need to manage their operational risk efficiently.

    Investing in a comprehensive business intelligence strategy allows for a multidimensional view of your organization’s data assets that can be operationalized to create a competitive edge:

    Historical Data

    Without a BI strategy, creating meaningful reports for business users that highlight trends in past performance and draw relationships between different data sources becomes a more complex task. Also, the ever growing need to identify and assess risks in new ways is driving many companies to BI.

    Data Democracy

    The core purpose of BI is to provide the right data, to the right users, at the right time, and in a format that is easily consumable and actionable. In developing a BI strategy, remember the driver for managed cross-functional access to data assets and features such as interactive dashboards, mobile BI, and self-service BI.

    Predictive and Big Data Analytics

    As the volume, variety, and velocity of data increases rapidly, businesses will need a strategy to outline how they plan to consume the new data in a manner that does not overwhelm their current capabilities and aligns with their desired future state. This same strategy further provides a foundation upon which organizations can transition from ad hoc reporting to using data assets in a codified BI platform for decision support.

    Business intelligence serves as the layer that translates data, information, and organizational knowledge into insights

    As executive decision making shifts to more fact-based, data-driven thinking, there is an urgent need for data assets to be organized and presented in a manner that enables immediate action.

    Typically, business decisions are based on a mix of intuition, opinion, emotion, organizational culture, and data. Though business users may be aware of its potential value in driving operational change, data is often viewed as inaccessible.

    Business intelligence bridges the gap between an organization’s data assets and consumable information that facilitates insight generation and informed decision making.

    Most organizations realize that they need a BI strategy; it’s no longer a nice-to-have, it’s a must-have.

    – Albert Hui, Principal, Data Economist

    A triangle grapg depicting the layers of business itelligence

    Business intelligence and business analytics: what is the difference and should you care

    Ask 100 people and you will get 100 answers. We like the prevailing view that BI looks at today and backward for improving who we are, while BA is forward-looking to support change decisions.

    The image depicts a chart flowing from Time Past to Future. Business Intelligence joins with Business Analytics over the Present
    • Business intelligence is concerned with looking at present and historical data.
    • Use this data to create reports/dashboards to inform a wide variety of information consumers of the past and current state of affairs.
    • Almost all organizations, regardless of size and maturity, use some level of BI even if it’s just very basic reporting.
    • Business analytics, on the other hand, is a forward-facing use of data, concerned with the present to the future.
    • Analytics uses data to both describe the present, and more importantly, predict the future, enabling strategic business decisions.
    • Although adoption is rapidly increasing, many organizations still do not utilize any advanced analytics in their environment.

    However, establishing a strong business intelligence program is a necessary precursor to an organization’s development of its business analytics capabilities.

    Organizations that successfully grow their BI capabilities are reaping the rewards

    Evidence is piling up: if planned well, BI contributes to the organization’s bottom line.

    It’s expected that there will be nearly 45 billion connected devices and a 42% increase in data volume each year posing a high business opportunity for the BI market (BERoE, 2020).

    The global business intelligence market size to grow from US$23.1 billion in 2020 to US$33.3 billion by 2025, at a compound annual growth rate (CAGR) of 7.6% (Global News Wire, 2020)

    In the coming years, 69% of companies plan on increasing their cloud business intelligence usage (BARC Research and Eckerson Group Study, 2017).

    Call to Action

    Small organizations of up to 100 employees had the highest rate of business intelligence penetration last year (Forbes, 2018).

    Graph depicting business value from 0 months to more than 24 months

    Source: IBM Business Value, 2015

    For the New England Patriots, establishing a greater level of customer intimacy was driven by a tactical analytics initiative

    CASE STUDY

    Industry: Professional Sports

    Source Target Marketing

    Problem

    Despite continued success as a franchise with a loyal fan base, the New England Patriots experienced one of their lowest season ticket renewal rates in over a decade for the 2009 season. Given the numerous email addresses that potential and current season-ticket holders used to engage with the organization, it was difficult for Kraft Sports Group to define how to effectively reach customers.

    Turning to a Tactical Analytics Approach

    Kraft Sports Group turned to the customer data that it had been collecting since 2007 and chose to leverage analytics in order to glean insight into season ticket holder behavior. By monitoring and reporting on customer activity online and in attendance at games, Kraft Sports Group was able to establish that customer engagement improved when communication from the organization was specifically tailored to customer preferences and historical behavior.

    Results

    By operationalizing their data assets with the help of analytics, the Patriots were able to achieve a record 97% renewal rate for the 2010 season. KSG was able to take their customer engagement to the next level and proactively look for signs of attrition in season-ticket renewals.

    We're very analytically focused and I consider us to be the voice of the customer within the organization… Ultimately, we should know when renewal might not happen and be able to market and communicate to change that behavior.

    – Jessica Gelman,

    VP Customer Marketing and Strategy, Kraft Sports Group

    A large percentage of all BI projects fail to meet the organization’s needs; avoid falling victim to common pitfalls

    Tool Usage Pitfalls

    • Business units are overwhelmed with the amount and type of data presented.
    • Poor data quality erodes trust, resulting in a decline in usage.
    • Analysis performed for the sake of analysis and doesn’t focus on obtaining relevant business-driven insights.

    Selection Pitfalls

    • Inadequate requirements gathering.
    • No business involvement in the selection process.
    • User experience is not considered.
    • Focus is on license fees and not total cost.

    Implementation Pitfalls

    • Absence of upfront planning
    • Lack of change management to facilitate adoption of the new platform
    • No quick wins that establish the value of the project early on
    • Inadequate initial or ongoing training

    Strategic Pitfalls

    • Poor alignment of BI goals with organization goals
    • Absence of CSFs/KPIs that can measure the qualitative and quantitative success of the project
    • No executive support during or after the project

    BI pitfalls are lurking around every corner, but a comprehensive strategy drafted upfront can help your organization overcome these obstacles. Info-Tech’s approach to BI has involvement from the business units built right into the process from the start and it equips IT to interact with key stakeholders early and often.

    Only 62% of Big Data and AI projects in 2019 provided measurable results.

    Source: NewVantage Partners LLC

    Business and IT have different priorities for a BI tool

    Business executives look for:

    • Ease of use
    • Speed and agility
    • Clear and concise information
    • Sustainability

    IT professionals are concerned about:

    • Solid security
    • Access controls on data
    • Compliance with regulations
    • Ease of integration

    Info-Tech Insight

    Combining these priorities will lead to better tool selection and more synergy.

    Elizabeth Mazenko

    The top-down BI Opportunity Analysis is a tool for senior executives to discover where Business Intelligence can provide value

    The image is of a top-down BI Opportunity Analysis.

    Example: Uncover BI opportunities with an opportunity analysis

    Industry Drivers Private label Rising input prices Retail consolidation
    Company strategies Win at supply chain execution Win at customer service Expand gross margins
    Value disciplines Strategic cost management Operational excellence Customer service
    Core processes Purchasing Inbound logistics Sales, service & distribution
    Enterprise management: Planning, budgeting, control, process improvement, HR
    BI Opportunities Customer service analysis Cost and financial analysis Demand management

    Williams (2016)

    Bridge the gap between business drivers and business intelligence features with a three-tiered framework

    Info-Tech’s approach to formulating a fit-for-purpose BI strategy is focused on making the link between factors that are the most important to the business users and the ways that BI providers can enable those consumers.

    Drivers to Establish Competitive Advantage

    • Operational Excellence
    • Client Intimacy
    • Innovation

    BI and Analytics Spectrum

    • Strategic Analytics
    • Tactical Analytics
    • Operational Analytics

    Info-Tech’s BI Patterns

    • Delivery
    • User Experience
    • Deep Analytics
    • Supporting

    This is the content for Layout H3 Tag

    Though business intelligence is primarily thought of as enabling executives, a comprehensive BI strategy involves a spectrum of analytics that can provide data-driven insight to all levels of an organization.

    Recommended

    Strategic Analytics

    • Typically focused on predictive modeling
    • Leverages data integrated from multiple sources (structured through unstructured)
    • Assists in identifying trends that may shift organizational focus and direction
    • Sample objectives:
      • Drive market share growth
      • Identify new markets, products, services, locations, and acquisitions
      • Build wider and deeper customer relationships earning more wallet share and keeping more customers

    Tactical Analytics

    • Often considered Response Analytics and used to react to situations that arise, or opportunities at a department level.
    • Sample objectives:
      • Staff productivity or cost analysis
      • Heuristics/algorithms for better risk management
      • Product bundling and packaging
      • Customer satisfaction response techniques

    Operational Analytics

    • Analytics that drive business process improvement whether internal, with external partners, or customers.
    • Sample objectives:
      • Process step elimination
      • Best opportunities for automation

    Business Intelligence Terminology

    Styles of BI New age BI New age data Functional Analytics Tools
    Reporting Agile BI Social Media data Performance management analytics Scorecarding dashboarding
    Ad hoc query SaaS BI Unstructured data Financial analytics Query & reporting
    Parameterized queries Pervasive BI Mobile data Supply chain analytics Statistics & data mining
    OLAP Cognitive Business Big data Customer analytics OLAP cubes
    Advanced analytics Self service analytics Sensor data Operations analytics ETL
    Cognitive business techniques Real-time Analytics Machine data HR Analytics Master data management
    Scorecards & dashboards Mobile Reporting & Analytics “fill in the blanks” analytics Data Governance

    Williams (2016)

    "BI can be confusing and overwhelming…"

    – Dirk Coetsee,

    Research Director,

    Info-Tech Research Group

    Business intelligence lies in the Information Dimensions layer of Info-Tech’s Data Management Framework

    The interactions between the information dimensions and overlying data management enablers such as data governance, data architecture, and data quality underscore the importance of building a robust process surrounding the other data practices in order to fully leverage your BI platform.

    Within this framework BI and analytics are grouped as one lens through which data assets at the business information level can be viewed.

    The image is the Information Dimensions layer of Info-Tech’s Data Management Framework

    Use Info-Tech’s three-phase approach to a Reporting & Analytics strategy and roadmap development

    Project Insight

    A BI program is not a static project that is created once and remains unchanged. Your strategy must be treated as a living platform to be revisited and revitalized in order to effectively enable business decision making. Develop a reporting and analytics strategy that propels your organization by building it on business goals and objectives, as well as comprehensive assessments that quantitatively and qualitatively evaluate your current reporting and analytical capabilities.

    Phase 1: Understand the Business Context and BI Landscape Phase 2: Evaluate Your Current BI Practice Phase 3: Create a BI Roadmap for Continuous Improvement
    1.1 Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    2.1 Assess Your Current BI Maturity
    • BI Practice Assessment
    • Summary of Current State
    3.1 Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • RACI
    • BI Strategy and Roadmap
    1.2 Assess Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    2.2 Envision BI Future State
    • BI Style Requirements
    • BI Practice Assessment
    3.2 Plan for Continuous Improvement
    • Excel/Access Governance Policy
    • BI Ambassador Network Draft
    1.3 Develop BI Solution Requirements
    • Requirements Gathering Principles
    • Overall BI Requirements

    Stand on the shoulders of Information Management giants

    As part of our research process, we leveraged the frameworks of COBIT5, Mike 2.0, and DAMA DMBOK2. Contextualizing business intelligence within these frameworks clarifies its importance and role and ensures that our assessment tool is focused on key priority areas.

    The DMBOK2 Data Management framework by the Data Asset Management Association (DAMA) provided a starting point for our classification of the components in our IM framework.

    Mike 2.0 is a data management framework that helped guide the development of our framework through its core solutions and composite solutions.

    The Cobit 5 framework and its business enablers were used as a starting point for assessing the performance capabilities of the different components of information management, including business intelligence.

    Info-Tech has a series of deliverables to facilitate the evolution of your BI strategy

    BI Strategy Roadmap Template

    BI Practice Assessment Tool

    BI Initiatives and Roadmap Tool

    BI Strategy and Roadmap Executive Presentation Template

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Reporting and Analytics Strategy – Project Overview

    1. Understand the Business Context and BI Landscape 2. Evaluate the Current BI Practice 3. Create a BI Roadmap for Continuous Improvement
    Best-Practice Toolkit

    1.1 Document overall business vision, mission, industry drivers, and key objectives; assemble a project team

    1.2 Collect in-depth information around current BI usage and BI user perception

    1.3 Create requirements gathering principles and gather requirements for a BI platform

    2.1 Define current maturity level of BI practice

    2.2 Envision the future state of your BI practice and identify desired BI patterns

    3.1 Build overall BI improvement initiatives and create a BI improvement roadmap

    3.2 Identify supplementary initiatives for enhancing your BI program

    Guided Implementations
    • Discuss Info-Tech’s approach for using business information to drive BI strategy formation
    • Review business context and discuss approaches for conducting BI usage and user analyses
    • Discuss strategies for BI requirements gathering
    • Discuss BI maturity model
    • Review practice capability gaps and discuss potential BI patterns for future state
    • Discuss initiative building
    • Review completed roadmap and next steps
    Onsite Workshop Module 1:

    Establish Business Vision and Understand the Current BI Landscape

    Module 2:

    Evaluate Current BI Maturity Identify the BI Patterns for the Future State

    Module 3:

    Build Improvement Initiatives and Create a BI Development Roadmap

    Phase 1 Outcome:
    • Business context
    • Project team
    • BI usage information, user perception, and new BI requirements
    Phase 2 Outcome:
    • Current and future state assessment
    • Identified BI patterns
    Phase 3 Outcome:
    • BI improvement strategy and initiative roadmap

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Understand Business Context and Structure the Project

    1.1 Make the case for a BI strategy refresh.

    1.2 Understand business context.

    1.3 Determine high-level ROI.

    1.4 Structure the BI strategy refresh project.

    Understand Existing BI and Revisit Requirements

    2.1 Understand the usage of your existing BI.

    2.2 Gather perception of the current BI users.

    2.3 Document existing information artifacts.

    2.4 Develop a requirements gathering framework.

    2.5 Gather requirements.

    Revisit Requirements and Current Practice Assessment

    3.1 Gather requirements.

    3.2 Determine BI Maturity Level.

    3.3 Perform a SWOT for your existing BI program.

    3.4 Develop a current state summary.

    Roadmap Develop and Plan for Continuous Improvements

    5.1 Develop BI strategy.

    5.2 Develop a roadmap for the strategy.

    5.3 Plan for continuous improvement opportunities.

    5.4 Develop a re-strategy plan.

    Deliverables
    1. Business and BI Vision, Goals, Key Drivers
    2. Business Case Presentation
    3. High-Level ROI
    4. Project RACI
    1. BI Perception Survey
    2. BI Requirements Gathering Framework
    3. BI User Stories and Requirements
    1. BI User Stories and Requirements
    2. BI SWOT for your Current BI Program
    3. BI Maturity Level
    4. Current State Summary
    1. BI Strategy
    2. Roadmap accompanying the strategy with timeline
    3. A plan for improving BI
    4. Strategy plan

    Phase 2

    Understand the Business Context and BI Landscape

    Build a Reporting and Analytics Strategy

    Phase 1 overview

    Detailed Overview

    Step 1: Establish the business context in terms of business vision, mission, objectives, industry drivers, and business processes that can leverage Business Intelligence

    Step 2: Understand your BI Landscape

    Step 3: Understand business needs

    Outcomes

    • Clearly articulated high-level mission, vision, and key drivers from the business, as well as objectives related to business intelligence.
    • In-depth documentation regarding your organization’s BI usage, user perception, and outputs.
    • Consolidated list of requirements, existing and desired, that will direct the deployment of your BI solution.

    Benefits

    • Align business context and drivers with IT plans for BI and Analytics improvement.
    • Understand your current BI ecosystem’s performance.

    Understand your business context and BI landscape

    Phase 1 Overarching Insight

    The closer you align your new BI platform to real business interests, the stronger the buy-in, realized value, and groundswell of enthusiastic adoption will be. Get this phase right to realize a high ROI on your investment in the people, processes, and technology that will be your next generation BI platform.

    Understand the Business Context to Rationalize Your BI Landscape Evaluate Your Current BI Practice Create a BI Roadmap for Continuous Improvement
    Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    Assess Your Current BI Maturity
    • SWOT Analysis
    • BI Practice Assessment
    • Summary of Current State
    Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • BI Strategy and Roadmap
    Access Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    Envision BI Future State
    • BI Patterns
    • BI Practice Assessment
    • List of Functions
    Plan for Continuous Improvement
    • Excel Governance Policy
    • BI Ambassador Network Draft
    Undergo Requirements Gathering
    • Requirements Gathering Principles
    • Overall BI Requirements

    Track these metrics to measure your progress through Phase 1

    Goals for Phase 1:

    • Understand the business context. Determine if BI can be used to improve business outcomes by identifying benefits, costs, opportunities, and gaps.
    • Understand your existing BI. Plan your next generation BI based on a solid understanding of your existing BI.
    • Identify business needs. Determine the business processes that can leverage BI and Analytics.

    Info-Tech’s Suggested Metrics for Tracking Phase 1 Goals

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    Monetary ROI
    • Quality of the ROI
    • # of user cases, benefits, and costs quantified
    Derive the number of the use cases, benefits, and costs in the scoping. Ask business SMEs to verify the quality. High-quality ROI studies are created for at least three use cases
    Response Rate of the BI Perception Survey Sourced from your survey delivery system Aim for 40% response rate
    # of BI Reworks Sourced from your project management system Reduction of 10% in BI reworks

    Intangible Metrics:

    1. Executives’ understanding of the BI program and what BI can do for the organization.
    2. Improved trust between IT and the business by re-opening the dialogue.
    3. Closer alignment with the organization strategy and business plan leading to higher value delivered.
    4. Increased business engagement and input into the Analytics strategy.

    Use advisory support to accelerate your completion of Phase 1 activities

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Understand the Business Context and BI Landscape

    Proposed Time to Completion: 2-4 weeks

    Step 1.0: Assemble Your Project Team

    Start with an analyst kick-off call:

    • Discuss Info-Tech’s viewpoint and definitions of business intelligence.
    • Discuss the project sponsorship, ideal team members and compositions.

    Then complete these activities…

    • Identify a project sponsor and the project team members.

    Step 1.1: Understand Your Business Context

    Start with an analyst kick-off call:

    • Discuss Info-Tech’s approach to BI strategy development around using business information as the key driver.

    Then complete these activities…

    • Detail the business context (vision, mission, goals, objectives, etc.).
    • Establish business–IT alignment for your BI strategy by detailing the business context.

    Step 1.2: Establish the Current BI Landscape

    Review findings with analyst:

    • Review the business context outputs from Step 1.1 activities.
    • Review Info-Tech’s approach for documenting your current BI landscape.
    • Review the findings of your BI landscape.

    Then complete these activities…

    • Gather information on current BI usage and perform a BI artifact inventory.
    • Construct and conduct a user perception survey.

    With these tools & templates:

    BI Strategy and Roadmap Template

    Step 1.0

    Assemble the Project Team

    Select a BI project sponsor

    Info-Tech recommends you select a senior executive with close ties to BI be the sponsor for this project (e.g. CDO, CFO or CMO). To maximize the chance of success, Info-Tech recommends you start with the CDO, CMO, CFO, or a business unit (BU) leader who represents strategic enterprise portfolios.

    Initial Sponsor

    CFO or Chief Risk Officer (CRO)

    • The CFO is responsible for key business metrics and cost control. BI is on the CFO’s radar as it can be used for both cost optimization and elimination of low-value activity costs.
    • The CRO is tasked with the need to identify, address, and when possible, exploit risk for business security and benefit.
    • Both of these roles are good initial sponsors but aren’t ideal for the long term.

    CDO or a Business Unit (BU) Leader

    • The CDO (Chief Data Officer) is responsible for enterprise-wide governance and utilization of information as an asset via data processing, analysis, data mining, information trading, and other means, and is the ideal sponsor.
    • BU leaders who represent a growth engine for a company look for ways to mine BI to help set direction.

    Ultimate Sponsor

    CEO

    • As a the primary driver of enterprise-wide strategy, the CEO is the ideal evangelist and project sponsor for your BI strategy.
    • Establishing a CEO–CIO partnership helps elevate IT to the level of a strategic partner, as opposed to the traditional view that IT’s only job is to “keep the lights on.”
    • An endorsement from the CEO may make other C-level executives more inclined to work with IT and have their business unit be the starting point for growing a BI program organically.

    "In the energy sector, achieving production KPIs are the key to financial success. The CFO is motivated to work with IT to create BI applications that drive higher revenue, identify operational bottlenecks, and maintain gross margin."

    – Yogi Schulz, Partner, Corvelle Consulting

    Select a BI project team

    Create a project team with the right skills, experience, and perspectives to develop a comprehensive strategy aligned to business needs.

    You may need to involve external experts as well as individuals within the organization who have the needed skills.

    A detailed understanding of what to look for in potential candidates is essential before moving forward with your BI project.

    Leverage several of Info-Tech’s Job Description Templates to aid in the process of selecting the right people to involve in constructing your BI strategy.

    Roles to Consider

    Business Stakeholders

    Business Intelligence Specialist

    Business Analyst

    Data Mining Specialist

    Data Warehouse Architect

    Enterprise Data Architect

    Data Steward

    "In developing the ideal BI team, your key person to have is a strong data architect, but you also need buy-in from the highest levels of the organization. Buy-in from different levels of the organization are indicators of success more than anything else."

    – Rob Anderson, Database Administrator and BI Manager, IT Research and Advisory Firm

    Create a RACI matrix to clearly define the roles and responsibilities for the parties involved

    A common project management pitfall for any endeavour is unclear definition of responsibilities amongst the individuals involved.

    As a business intelligence project requires a significant amount of back and forth between business and IT – bridged by the BI Steering Committee – clear guidelines at the project outset with a RACI chart provide a basic framework for assigning tasks and lines of communication for the later stages.

    Responsible Accountable Consulted Informed

    Obtaining Buy-in Project Charter Requirements Design Development Program Creation
    BI Steering Committee A C I I I C
    Project Sponsor - C I I I C
    Project Manager - R A I I C
    VP of BI R I I I I A
    CIO A I I I I R
    Business Analyst I I R C C C
    Solution Architect - - C A C C
    Data Architect - - C A C C
    BI Developer - - C C R C
    Data Steward - - C R C C
    Business SME C C C C C C

    Note: This RACI is an example of how role expectations would be broken down across the different steps of the project. Develop your own RACI based on project scope and participants.

    STEP 1.1

    Understand Your Business Context and Structure the Project

    Establish business–IT alignment for your BI strategy by detailing the business context

    Step Objectives

    • Engage the business units to find out where users need BI enablement.
    • Ideate preliminary points for improvement that will further business goals and calculate their value.

    Step Activities

    1.1.1 Craft the vision and mission statements for the Analytics program using the vision, mission, and strategies of your organization as basis.

    1.1.2 Articulate program goals and objectives

    1.1.3 Determine business differentiators and key drivers

    1.1.4 Brainstorm BI-specific constraints and improvement objectives

    Outcomes

    • Clearly articulated business context that will provide a starting point for formulating a BI strategy
    • High-level improvement objectives and ROI for the overall project
    • Vision, mission, and objectives of the analytics program

    Research Support

    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    • Project Manager
    • Project Team
    • Relevant Business Stakeholders and Subject Matter Experts

    Transform the way the business makes decisions

    Your BI strategy should enable the business to make fast, effective, and comprehensive decisions.

    Fast Effective Comprehensive
    Reduce time spent on decision-making by designing a BI strategy around information needs of key decision makers. Make the right data available to key decision makers. Make strategic high-value, impactful decisions as well as operational decisions.

    "We can improve BI environments in several ways. First, we can improve the speed with which we create BI objects by insisting that the environments are designed with flexibility and adaptability in mind. Second, we can produce higher quality deliverables by ensuring that IT collaborate with the business on every deliverable. Finally, we can reduce the costs of BI by giving access to the environment to knowledgeable business users and encouraging a self-service function."

    – Claudia Imhoff, Founder, Boulder BI Brain Trust, Intelligent Solutions Inc.

    Assess needs of various stakeholders using personas

    User groups/user personas

    Different users have different consumption and usage patterns. Categorize users into user groups and visualize the usage patterns. The user groups are the connection between the BI capabilities and the users.

    User groups Mindset Usage Pattern Requirements
    Front-line workers Get my job done; perform my job quickly. Reports (standard reports, prompted reports, etc.) Examples:
    • Report bursting
    • Prompted reports
    Analysts I have some ideas; I need data to validate and support my ideas. Dashboards, self-service BI, forecasting/budgeting, collaboration Examples:
    • Self-service datasets
    • Data mashup capability
    Management I need a big-picture view and yet I need to play around with the data to find trends to drive my business. Dashboards, scorecards, mobile BI, forecasting/budgeting Examples:
    • Multi-tab dashboards
    • Scorecard capability
    Data scientists I need to combine existing data, as well as external or new, unexplored data sources and types to find nuggets in the data. Data mashup, connections to data sources Examples:
    • Connectivity to big data
    • Social media analyses

    The pains of inadequate BI are felt across the entire organization – and land squarely on the shoulders of the CIO

    Organization:

    • Insufficient information to make decisions.
    • Unable to measure internal performance.
    • Losses incurred from bad decisions or delayed decisions.
    • Canned reports fail to uncover key insights.
    • Multiple versions of information exist in silos.

    IT Department

    • End users are completely dependent on IT for reports.
    • Ad hoc BI requests take time away from core duties.
    • Spreadsheet-driven BI is overly manual.
    • Business losing trust in IT.

    CIO

    • Under great pressure and has a strong desire to improve BI.
    • Ad hoc BI requests are consuming IT resources and funds.
    • My organization finds value in using data and having decision support to make informed decisions.

    The overarching question that needs to be continually asked to create an effective BI strategy is:

    How do I create an environment that makes information accessible and consumable to users, and facilitates a collaborative dialogue between the business and IT?

    Pre-requisites for success

    Prerequisite #1: Secure Executive Sponsorship

    Sponsorship of BI that is outside of IT and at the highest levels of the organization is essential to the success of your BI strategy. Without it, there is a high chance that your BI program will fail. Note that it may not be an epic fail, but it is a subtle drying out in many cases.

    Prerequisite #2: Understand Business Context

    Providing the right tools for business decision making doesn’t need to be a guessing game if the business context is laid as the project foundation and the most pressing decisions serve as starting points. And business is engaged in formulating and executing the strategy.

    Prerequisite #3: Deliver insights that lead to action

    Start with understanding the business processes and where analytics can improve outcomes. “Think business backwards, not data forward.” (McKinsey)

    11 reasons BI projects fail

    Lack of Executive support

    Old Technology

    Lack of business support

    Too many KPIs

    No methodology for gathering requirements

    Overly long project timeframes

    Bad user experience

    Lack of user adoption

    Bad data

    Lack of proper human resources

    No upfront definition of true ROI

    Mico Yuk, 2019

    Make it clear to the business that IT is committed to building and supporting a BI platform that is intimately tied to enabling changing business objectives.

    Leverage Info-Tech’s BI Strategy and Roadmap Template to accelerate BI planning

    How to accelerate BI planning using the template

    1. Prepopulated text that you can use for your strategy formulation:
    2. Prepopulated text that can be used for your strategy formulation
    3. Sample bullet points that you can pick and choose from:
    4. Sample bullet points to pick and choose from

    Document the BI program planning in Info-Tech’s

    BI Strategy and Roadmap Template.

    Activity: Describe your organization’s vision and mission

    1.1.1

    30-40 minutes

    Compelling vision and mission statements will help guide your internal members toward your company’s target state. These will drive your business intelligence strategy.

    1. Your vision clearly represents where your organization aspires to be in the future and aligns the entire organization. Write down a future-looking, inspirational, and realizable vision in one concise statement. Consider:
    • “Five years from now, our business will be _______.”
    • What do we want to do tomorrow? For whom? What is the benefit?
  • Your mission tells why your organization currently exists and clearly expresses how it will achieve your vision for the future. Write down a mission statement in one clear and concise paragraph consisting of, at most, five sentences. Consider:
    • Why does the business exist? What problems does it solve? Who are its customers?
    • How does the business accomplish strategic tasks or reach its target?
  • Reconvene stakeholders to share ideas and develop one concise vision statement and mission statement. Focus on clarity and message over wording.
  • Input

    • Business vision and mission statements

    Output

    • Alignment and understanding on business vision

    Materials

    Participants

    • BI project lead
    • Executive business stakeholders

    Info-Tech Insight

    Adjust your statements until you feel that you can elicit a firm understanding of both your vision and mission in three minutes or less.

    Formulating an Enterprise BI and Analytics Strategy: Top-down BI Opportunity analysis

    Top-down BI Opportunity analysis

    Example of deriving BI opportunities using BI Opportunity Analysis

    Industry Drivers Private label Rising input prices Retail consolidation
    Company strategies Win at supply chain execution Win at customer service Expand gross margins
    Value disciplines Strategic cost management Operational excellence Customer service
    Core processes Purchasing Inbound logistics Sales, service & distribution
    Enterprise management: Planning, budgeting, control, process improvement, HR
    BI Opportunities Customer service analysis Cost and financial analysis Demand management

    Williams 2016

    Get your organization buzzing about BI – leverage Info-Tech’s Executive Brief as an internal marketing tool

    Two key tasks of a project sponsor are to:

    1. Evangelize the realizable benefits of investing in a business intelligence strategy.
    2. Help to shift the corporate culture to one that places emphasis on data-driven insight.

    Arm your project sponsor with our Executive Brief for this blueprint as a quick way to convey the value of this project to potential stakeholders.

    Bolster this presentation by adding use cases and metrics that are most relevant to your organization.

    Develop a business framework

    Identifying organizational goals and how data can support those goals is key to creating a successful BI & Analytical strategy. Rounding out the business model with technology drivers, environmental factors (as described in previous steps), and internal barriers and enablers creates a holistic view of Business Intelligence within the context of the organization as a whole.

    Through business engagement and contribution, the following holistic model can be created to understand the needs of the business.

    business framework holistic model

    Activity: Describe the Industry Drivers and Organization strategy to mitigate the risk

    1.1.2

    30-45 minutes

    Industry drivers are external influencers that has an effect on a business such as economic conditions, competitor actions, trade relations, climate etc. These drivers can differ significantly by industry and even organizations within the same industry.

    1. List the industry drivers that influences your organization:
    • Public sentiment in regards to energy source
    • Rising cost of raw materials due to increase demand
  • List the company strategies, goals, objectives to counteract the external influencers:
    • Change production process to become more energy efficient
    • Win at customer service
  • Identify the value disciplines :
    • Strategic cost management
    • Operational Excellence
  • List the core process that implements the value disciplines :
    • Purchasing
    • Sales
  • Identify the BI Opportunities:
    • Cost and financial analysis
    • Customer service analysis

    Input

    • Industry drivers

    Output

    • BI Opportunities that business can leverage

    Materials

    • Industry driver section in the BI Strategy and Roadmap Template

    Participants

    • BI project lead
    • Executive business stakeholders

    Understand BI and analytics drivers and organizational objectives

    Environmental Factors Organizational Goals Business Needs Technology Drivers
    Definition External considerations are factors taking place outside the organization that are impacting the way business is conducted inside the organization. These are often outside the control of the business. Organizational drivers can be thought of as business-level metrics. These are tangible benefits the business can measure, such as customer retention, operation excellence, and/or financial performance. A requirement that specifies the behavior and the functions of a system. Technology drivers are technological changes that have created the need for a new BI solution. Many organizations turn to technology systems to help them obtain a competitive edge.
    Examples
    • Economy and politics
    • Laws and regulations
    • Competitive influencers
    • Time to market
    • Quality
    • Delivery reliability
    • Audit tracking
    • Authorization levels
    • Business rules
    • Deployment in the cloud
    • Integration
    • Reporting capabilities

    Activity: Discuss BI/Analytics drivers and organizational objectives

    1.1.3

    30-45 minutes

    1. Use the industry drivers and business goals identified in activity 1.1.2 as a starting point.
    2. Understand how the company runs today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard and markers to capture key findings.
    3. Take into account External Considerations, Organizational Drivers, Technology Drivers, and Key Functional Requirements.
    External Considerations Organizational Drivers Technology Considerations Functional Requirements
    • Funding Constraints
    • Regulations
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Information Availability
    • Integration Between Systems
    • Secure Data

    Identify challenges and barriers to the BI project

    There are several factors that may stifle the success of a BI implementation. Scan the current environment to identify internal barriers and challenges to identify potential challenges so you can meet them head-on.

    Common Internal Barriers

    Management Support
    Organizational Culture
    Organizational Structure
    IT Readiness
    Definition The degree of management understanding and acceptance towards BI solutions. The collective shared values and beliefs. The functional relationships between people and departments in an organization. The degree to which the organization’s people and processes are prepared for a new BI solution.
    Questions
    • Is a BI project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    Impact
    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Poor implementation
    • Reliance on consultants

    Activity: Discuss BI/Analytics challenges and pain points

    1.1.4

    30-45 minutes

    1. Identify challenges with the process identified in step 1.1.2.
    2. Brainstorm potential barriers to successful BI implementation and adoption. Use a whiteboard and marker to capture key findings.
    3. Consider Functional Gaps, Technical Gaps, Process Gaps, and Barriers to BI Success.
    Functional Gaps Technical Gaps Process Gaps Barriers to Success
    • No online purchase order requisition
    • Inconsistent reporting – data quality concerns
    • Duplication of data
    • Lack of system integration
    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    Activity: Discuss opportunities and benefits

    1.1.5

    30-45 minutes

    1. Identify opportunities and benefits from an integrated system.
    2. Brainstorm potential enablers for successful BI implementation and adoption. Use a whiteboard and markers to capture key findings.
    3. Consider Business Benefits, IT Benefits, Organizational Benefits, and Enablers of BI success.
    Business Benefits IT Benefits Organizational Benefits Enablers of Success
    • Business-IT alignment
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Change management
    • Training
    • Alignment to strategic objectives

    Your organization’s framework for Business Intelligence Strategy

    Blank organization framework for Business Intelligence Strategy

    Example: Business Framework for Data & Analytics Strategy

    The following diagram represents [Client]’s business model for BI and data. This holistic view of [Client]’s current environment serves as the basis for the generation of the business-aligned Data & Analytics Strategy.

    The image is an example of Business Framework for Data & Analytics Strategy.

    Info-Tech recommends balancing a top-down approach with bottom up for building your BI strateg

    Taking a top-down approach will ensure senior management’s involvement and support throughout the project. This ensures that the most critical decisions are supported by the right data/information, aligning the entire organization with the BI strategy. Furthermore, the gains from BI will be much more significant and visible to the rest of the organization.

    Two charts showing the top-down and bottom-up approach.

    Far too often, organizations taking a bottom-up approach to BI will fail to generate sufficient buy-in and awareness from senior management. Not only does a lack of senior involvement result in lower adoption from the tactical and operational levels, but more importantly, it also means that the strategic decision makers aren’t taking advantage of BI.

    Estimate the ROI of your BI and analytics strategy to secure executive support

    The value of creating a new strategy – or revamping an existing one – needs to be conveyed effectively to a high-level stakeholder, ideally a C-level executive. That executive buy-in is more likely to be acquired when effort has been made to determine the return on investment for the overall initiative.

    1. Business Impacts
      New revenue
      Cost savings
      Time to market
      Internal Benefits
      Productivity gain
      Process optimization
      Investment
      People – employees’ time, external resources
      Data – cost for new datasets
      Technology – cost for new technologies
    2. QuantifyCan you put a number or a percentage to the impacts and benefits? QuantifyCan you estimate the investments you need to put in?
    3. TranslateTranslate the quantities into dollar value
    4. The image depicts an equation for ROI estimate

    Example

    One percent increase in revenue; three more employees $225,000/yr, $150,000/yr 50%

    Activity: Establish a high-level ROI as part of an overall use case for developing a fit-for-purpose BI strategy

    1.1.6

    1.5 hours

    Communicating an ROI that is impactful and reasonable is essential for locking in executive-level support for any initiative. Use this activity as an initial touchpoint to bring business and IT perspectives as part of building a robust business case for developing your BI strategy.

    1. Revisit the business context detailed in the previous sections of this phase. Use priority objectives to identify use case(s), ideally where there are easily defined revenue generators/cost reductions (e.g. streamlining the process of mailing physical marketing materials to customers).
    2. Assign research tasks around establishing concrete numbers and dollar values.
    • Have a subject matter expert weigh in to validate your figures.
    • When calculating ROI, consider how you might leverage BI to create opportunities for upsell, cross-sell, or increased customer retention.
  • Reconvene the stakeholder group and discuss your findings.
    • This is the point where expectation management is important. Separate the need-to-haves from the nice-to-haves.

    Emphasize that ROI is not fully realized after the first implementation, but comes as the platform is built upon iteratively and in an integrated fashion to mature capabilities over time.

    Input

    • Vision statement
    • Mission statement

    Output

    • Business differentiators and key drivers

    Materials

    • Benefit Cost Analysis section of the BI Strategy and Roadmap Template

    Participants

    • BI project lead
    • Executive IT & business stakeholders

    An effective BI strategy positions business intelligence in the larger data lifecycle

    In an effort to keep users satisfied, many organizations rush into implementing a BI platform and generating reports for their business users. BI is, first and foremost, a presentation layer; there are several stages in the data lifecycle where the data that BI visualizes can be compromised.

    Without paying the appropriate amount of attention to the underlying data architecture and application integration, even the most sophisticated BI platforms will fall short of providing business users with a holistic view of company information.

    Example

    In moving away from single application-level reporting, a strategy around data integration practices and technology is necessary before the resultant data can be passed to the BI platform for additional analyses and visualization.

    BI doesn’t exist in a vacuum – develop an awareness of other key data management practices

    As business intelligence is primarily a presentation layer that allows business users to visualize data and turn information into actionable decisions, there are a number of data management practices that precede BI in the flow of data.

    Data Warehousing

    The data warehouse structures source data in a manner that is more operationally focused. The Reporting & Analytics Strategy must inform the warehouse strategy on data needs and building a data warehouse to meet those needs.

    Data Integration, MDM & RDM

    The data warehouse is built from different sources that must be integrated and normalized to enable Business Intelligence. The Info-Tech integration and MDM blueprints will guide with their implementation.

    Data Quality

    A major roadblock to building an effective BI solution is a lack of accurate, timely, consistent, and relevant data. Use Info-Tech’s blueprint to refine your approach to data quality management.

    Data quality, poor integration/P2P integration, poor data architecture are the primary barriers to truly leveraging BI, and a lot of companies haven’t gotten better in these areas.

    – Shari Lava, Associate Vice-President, IT Research and Advisory Firm

    Building consensus around data definitions across business units is a critical step in carrying out a BI strategy

    Business intelligence is heavily reliant on the ability of an organization to mesh data from different sources together and create a holistic and accurate source of truth for users.

    Useful analytics cannot be conducted if your business units define key business terms differently.

    Example

    Finance may label customers as those who have transactional records with the organization, but Marketing includes leads who have not yet had any transactions as customers. Neglecting to note these seemingly small discrepancies in data definition will undermine efforts to combine data assets from traditionally siloed functional units.

    In the stages prior to implementing any kind of BI platform, a top priority should be establishing common definitions for key business terms (customers, products, accounts, prospects, contacts, product groups, etc.).

    As a preliminary step, document different definitions for the same business terms so that business users are aware of these differences before attempting to combine data to create custom reports.

    Self-Assessment

    Do you have common definitions of business terms?

    • If not, identify common business terms.
    • At the very least, document different definitions of the same business terms so the corporate can compare and contrast them.

    STEP 1.2

    Assess the Current BI Landscape

    Establish an in-depth understanding of your current BI landscape

    Step Objectives

    • Inventory and assess the state of your current BI landscape
    • Document the artifacts of your BI environment

    Step Activities

    1.2.1 Analyze the usage levels of your current BI programs/platform

    1.2.2 Perform a survey to gather user perception of your current BI environment

    1.2.3 Take an inventory of your current BI artifacts

    Outcomes

    • Summarize the qualitative and quantitative performance of your existing BI environment
    • Understand the outputs coming from your BI sources

    Research Support

    • Info-Tech’s BI Strategy and Roadmap Template

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Understand your current BI landscape before you rationalize

    Relying too heavily on technology as the sole way to solve BI problems results in a more complex environment that will ultimately frustrate business users. Take the time to thoroughly assess the current state of your business intelligence landscape using a qualitative (user perception) and quantitative (usage statistics) approach. The insights and gaps identified in this step will serve as building blocks for strategy and roadmap development in later phases.

    Phase 1

    Current State Summary of BI Landscape

    1.2.1 1.2.2 1.2.3 1.2.4
    Usage Insights Perception Insights BI Inventory Insights Requirements Insights

    PHASE 2

    Strategy and Roadmap Formulation

    Gather usage insights to pinpoint the hot spots for BI usage amongst your users

    Usage data reflects the consumption patterns of end users. By reviewing usage data, you can identify aspects of your BI program that are popular and those that are underutilized. It may present some opportunities for trimming some of the underutilized content.

    Benefits of analyzing usage data:

    • Usage is a proxy for popularity and usability of the BI artifacts. The popular content should be kept and improved in your next generation BI.
    • Usage information provides insight on what, when, where, and how much users are consuming BI artifacts.
    • Unlike methods such as user interviews and focus groups, usage information is fact based and is not subject to peer pressure or “toning down.”

    Sample Sources of Usage Data:

    1. Usage reports from your BI platform Many BI platforms have out-of-the-box usage reports that log and summarize usage data. This is your ideal source for usage data.
    2. Administrator console in your BI platformBI platforms usually have an administrator console that allows BI administrators to configure settings and to monitor activities that include usage. You may obtain some usage data in the console. Note that the usage data is usually real-time in nature, and you may not have access to a historical view of the BI usage.

    Info-Tech Insight

    Don’t forget some of the power users. They may perform analytics by accessing datasets directly or with the help of a query tool (even straight SQL statements). Their usage information is important. The next generation BI should provide consumption options for them.

    Accelerate the process of gathering user feedback with Info-Tech’s Application Portfolio Assessment (APA)

    In an environment where multiple BI tools are being used, discovering what works for users and what doesn’t is an important first step to rationalizing the BI landscape.

    Info-Tech’s Application Portfolio Assessment allows you to create a custom survey based on your current applications, generate a custom report that will help you visualize user satisfaction levels, and pinpoint areas for improvement.

    Activity: Review and analyze usage data

    1.2.1

    2 hours

    This activity helps you to locate usage data in your existing environment. It also helps you to review and analyze usage data to come up with a few findings.

    1. Get to the usage source. You may obtain usage data from one of the below options. Usage reports are your ideal choice, followed by some alternative options:
    2. a. Administrator console – limited to real-time or daily usage data. You may need to track usage data over for several days to identify patterns.

      b. Info-Tech’s Application Portfolio Assessment (APA).

      c. Other – be creative. Some may use an IT usage monitoring system or web analytics to track time users spent on the BI portal.

    3. Develop categories for classifying the different sources of usage data in your current BI environment. Use the following table as starting point for creating these groups:

    This is the content for Layout H4 Tag

    By Frequency Real Time Daily Weekly Yearly
    By Presentation Format Report Dashboard Alert Scorecard
    By Delivery Web portal Excel PDF Mobile application

    INPUT

    • Usage reports
    • Usage statistics

    OUTPUT

    • Insights pertaining to usage patterns

    Materials

    • Usage Insights of the BI Strategy and Roadmap Template

    Participants

    • BA
    • BI Administrator
    • PM

    Activity: Review and analyze usage (cont.)

    1.2.1

    2 hours

    3. Sort your collection of BI artifacts by usage. Discuss some of the reasons why some content is popular whereas some has no usage at all.

    Popular BI Artifacts – Discuss improvements, opportunities and new artifacts

    Unpopular BI Artifacts – Discuss retirement, improvements, and realigning information needs

    4. Summarize your findings in the Usage Insights section of the BI Strategy and Roadmap Template.

    INPUT

    • Usage reports
    • Usage statistics

    OUTPUT

    • Insights pertaining to usage patterns

    Materials

    • Usage Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • BI Administrator
    • PM

    Gather perception to understand the existing BI users

    In 1.2.1, we gathered the statistics for BI usage; it’s the hard data telling who uses what. However, it does not tell you the rationale, or the why, behind the usage. Gathering user perception and having conversations with your BI consumers is the key to bridging the gap.

    User Perception Survey

    Helps you to:

    1. Get general insights on user perception
    2. Narrow down to selected areas

    User Interviews

    Perception can be gathered by user interviews and surveys. Conducting user interviews takes time so it is a good practice to get some primary insights via survey before doing in-depth interviews in selected areas.

    – Shari Lava, Associate Vice-President, IT Research and Advisory Firm

    Define problem statements to create proof-of-concept initiatives

    Info-Tech’s Four Column Model of Data Flow

    Find a data-related problem or opportunity

    Ask open-ended discovery questions about stakeholder fears, hopes, and frustrations to identify a data-related problem that is clear, contained, and fixable. This is then to be written as a problem/opportunity statement.

    1. Fear: What is the number one risk you need to alleviate?
    2. Hope: What is the number one opportunity you wish to realize?
    3. Frustration: What is the number one annoying pet peeve you wish to scratch?
    4. Next, gather information to support a problem/opportunity statement:

    5. What are your challenges in performing the activity or process today?
    6. What does amazing look like if we solve this perfectly?
    7. What other business activities/processes will be impacted/improved if we solve this?
    8. What compliance/regulatory/policy concerns do we need to consider in any solution?
    9. What measures of success/change should we use to prove value of the effort (KPIs/ROI)?
    10. What are the steps in the process/activity?
    11. What are the applications/systems used at each step and from step to step?
    12. What data elements are created, used, and/or transformed at each step?

    Leverage Info-Tech’s BI survey framework to initiate a 360° perception survey

    Info-Tech has developed a BI survey framework to help existing BI practices gather user perception via survey. The framework is built upon best practices developed by McLean & Company.

    1. Communicate the survey
    2. Create a survey
    3. Conduct the survey
    4. Collect and clean survey data
    5. Analyze survey data
    6. Conduct follow-up interviews
    7. Identify and prioritize improvement initiatives

    The survey takes a comprehensive approach by examining your existing BI practices through the following lenses:

    360° Perception

    Demographics Who are the users? From which department?
    Usage How is the current BI being used?
    People Web portal
    Process How good is your BI team from a user perspective?
    Data How good is the BI data in terms of quality and usability?
    Technology How good are your existing BI/reporting tools?
    Textual Feedback The sky’s the limit. Tell us your comments and ideas via open-ended questions.

    Use Info-Tech’s BI End-User Satisfaction Survey Framework to develop a comprehensive BI survey tailored to your organization.

    Activity: Develop a plan to gather user perception of your current BI program

    1.2.2

    2 hours

    This activity helps you to plan for a BI perception survey and subsequent interviews.

    1. Proper communication while conducting surveys helps to boost response rate. The project team should have a meeting with business executives to decide:
    • The survey goals
    • Which areas to cover
    • Which trends and hypotheses you want to confirm
    • Which pre-, during, and post-survey communications should be sent out
  • Have the project team create the first draft of the survey for subsequent review by select business stakeholders. Several iterations may be needed before finalizing.
  • In planning for the conclusion of the survey, the project team should engage a data analyst to:
    1. Organize the data in a useful format
    2. Clean up the survey data when there are gaps
    3. Summarize the data into a presentable/distributable format

    Collectively, the project team and the BI consuming departments should review the presentation and discuss these items:

    Misalignment

    Opportunities

    Inefficiencies

    Trends

    Need detailed interviews?

    INPUT

    • Usage information and analyses

    OUTPUT

    • User-perception survey

    Materials

    • Perception Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • BI Administrator
    • PM
    • Business SMEs

    Create a comprehensive inventory of your BI artifacts

    Taking an inventory of your BI artifacts allows you to understand what deliverables have been developed over the years. Inventory taking should go beyond the BI content. You may want to include additional information products such as Excel spreadsheets, reports that are coming out of an Access database, and reports that are generated from front-end applications (e.g. Salesforce).

    1. Existing Reports from BI platform

    2. If you are currently using a BI platform, you have some BI artifacts (reports, scorecards, dashboards) that are developed within the platform itself.

    • BI Usage Reports (refer to step 2.1) – if you are getting a comprehensive BI usage reports for all your BI artifacts, there is your inventory report too.
    • BI Inventory Reports – Your BI platform may provide out-of-the-box inventory reports. You can use them as your inventory.
    • If the above options are not feasible, you may need to manually create the BI inventory. You may build that from some of your existing BI documentations to save time.
  • Excel and Access

    • Work with the business units to identify if Excel and Access are used to generate reports.
  • Application Reports

    • Data applications such as Salesforce, CRM, and ERP often provide reports as an out-of-the-box feature.
    • Those reports only include data within their respective applications. However, this may present opportunities for integrating application data with additional data sources.

    Activity: Inventory your BI artifacts

    1.2.3

    2+ hours

    This activity helps you to inventory your BI information artifacts and other related information artifacts.

    1. Define the scope of your inventory. Work with the project sponsor and CIO to define which sources should be captured in the inventory process. Consider: BI inventory, Excel spreadsheets, Access reports, and application reporting.
    2. Define the depth of your inventory. Work with the project sponsor and CIO to define the level of granularity. In some settings, the artifact name and a short description may be sufficient. In other cases, you may need to document users and business logic of the artifacts.
    3. Review the inventory results. Discuss findings and opportunities around the following areas:

    Interpret your Inventory

    Duplicated reports/ dashboards Similar reports/ dashboards that may be able to merge Excel and Access reports that are using undocumented, unconventional business logics Application reports that need to be enhanced by additional data Classify artifacts by BI Type

    INPUT

    • Current BI artifacts and documents
    • BI Type classification

    OUTPUT

    • Summary of BI artifacts

    Materials

    • BI Inventory Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • Data analyst
    • PM
    • Project sponsor

    Project sponsor

    1.2.4

    2+ hours

    This activity helps you to inventory your BI by report type.

    1. Classify BI artifacts by type. Use the BI Type tool to classify Work with the project sponsor and CIO to define which sources should be captured in the inventory process. Consider: BI inventory, Excel spreadsheets, Access reports, and application reporting.
    2. Define the depth of your inventory. Work with the project sponsor and CIO to define the level of granularity. In some settings, the artifact name and a short description may be sufficient. In other cases, you may need to document users and business logic of the artifacts.
    3. Review the inventory results. Discuss findings and opportunities around the following areas:

    Interpretation of your Inventory

    Duplicated reports/dashboards Similar reports/dashboards that may be able to merge Excel and Access reports that are using undocumented, unconventional business logics Application reports that need to be enhanced by additional data

    INPUT

    • The BI Type as used by different business units
    • Business BI requirements

    OUTPUT

    • Summary of BI type usage across the organization

    Materials

    • BI Inventory Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • Data analyst
    • PM
    • Project sponsor

    STEP 1.3

    Undergo BI Requirements Gathering

    Perform requirements gathering for revamping your BI environment

    Step Objectives

    • Create principles that will direct effective requirements gathering
    • Create a list of existing and desired BI requirements

    Step Activities

    1.3.1 Create requirements gathering principles

    1.3.2 Gather appropriate requirements

    1.3.3 Organize and consolidate the outputs of requirements gathering activities

    Outcomes

    • Requirements gathering principles that are flexible and repeatable
    • List of BI requirements

    Research Support

    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Business Users

    Don’t let your new BI platform become a victim of poor requirements gathering

    The challenges in requirements management often have underlying causes; find and eliminate the root causes rather than focusing on the symptoms.

    Root Causes of Poor Requirements Gathering:

    • Requirements gathering procedures exist but aren’t followed.
    • There isn't enough time allocated to the requirements gathering phase.
    • There isn't enough involvement or investment secured from business partners.
    • There is no senior leadership involvement or mandate to fix requirements gathering.
    • There are inadequate efforts put towards obtaining and enforcing sign off.

    Outcomes of Poor Requirements Gathering:

    • Rework due to poor requirements leads to costly overruns.
    • Final deliverables are of poor quality and are implemented late.
    • Predicted gains from deployed applications are not realized.
    • There are low feature utilization rates by end users.
    • Teams are frustrated within IT and the business.

    Info-Tech Insight

    Requirements gathering is the number one failure point for most development or procurement projects that don’t deliver value. This has been, and continues to be, the case as most organizations still don't get requirements gathering right. Overcoming organizational cynicism can be a major obstacle to clear when it is time to optimize the requirements gathering process.

    Define the attributes of a good requirement to help shape your requirements gathering principles

    A good requirement has the following attributes:

    Verifiable It is stated in a way that can be tested.
    Unambiguous It is free of subjective terms and can only be interpreted in one way.
    Complete It contains all relevant information.
    Consistent It does not conflict with other requirements.
    Achievable It is possible to accomplish given the budgetary and technological constraints.
    Traceable It can be tracked from inception to testing.
    Unitary It addresses only one thing and cannot be deconstructed into multiple requirements.
    Accurate It is based on proven facts and correct information.

    Other Considerations

    Organizations can also track a requirement owner, rationale, priority level (must have vs. nice to have), and current status (approved, tested, etc.).

    Info-Tech Insight

    Requirements must be solution agnostic – they should focus on the underlying need rather than the technology required to satisfy the need.

    Activity: Define requirements gathering principles

    1.3.1

    1 hour

    1. Invite representatives from the project management office, project management team, and BA team, as well as some key business stakeholders.
    2. Use the sample categories and principles in the table below as starting points for creating your own requirements gathering principles.
    3. Document the requirements gathering principles in the BI Strategy and Roadmap Template.
    4. Communicate the requirements gathering principles to the affected BI stakeholders.

    Sample Principles to Start With

    Effectiveness Face-to-face interviews are preferred over phone interviews.
    Alignment Clarify any misalignments, even the tiniest ones.
    Validation Rephrase requirements at the end to validate requirements.
    Ideation Use drawings and charts to explain ideas.
    Demonstration Make use of Joint Application Development (JAD) sessions.

    INPUT

    • Existing requirement principles (if any)

    OUTPUT

    • Requirements gathering principles that can be revisited and reused

    Materials

    • Requirements Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA Team
    • PM
    • Business stakeholders
    • PMO

    Info-Tech Insight

    Turn requirements gathering principles into house rules. The house rules should be available in every single requirements gathering session and the participants should revisit them when there are disagreements, confusion, or silence.

    Right-size your approach to BI requirements management

    Info-Tech suggests four requirements management approaches based on project complexity and business significance. BI projects usually require the Strategic Approach in requirements management.

    Requirements Management Process Explanations

    Approach Definition Recommended Strategy
    Strategic Approach High business significance and high project complexity merits a significant investment of time and resources in requirements gathering. Treat the requirements gathering phase as a project within a project. A large amount of time should be dedicated to elicitation, business process mapping, and solution design.
    Fundamental Approach High business significance and low project complexity merits a heavy emphasis on the elicitation phase to ensure that the project bases are covered and business value is realized. Look to achieve quick wins and try to survey a broad cross-section of stakeholders during elicitation and validation. The elicitation phase should be highly iterative. Do not over-complicate the analysis and validation of a straightforward project.
    Calculated Approach Low business significance and high project complexity merits a heavy emphasis on the analysis and validation phases to ensure that the solution meets the needs of users. Allocate a significant amount of time to business process modeling, requirements categorization, prioritization, and solution modeling.
    Elementary Approach Low business significance and low project complexity does not merit a high amount of rigor for requirements gathering. Do not rush or skip steps, but aim to be efficient. Focus on basic elicitation techniques (e.g. unstructured interviews, open-ended surveys) and consider capturing requirements as user stories. Focus on efficiency to prevent project delays and avoid squandering resources.

    Vary the modes used in eliciting requirements from your user base

    Requirements Gathering Modes

    Info-Tech has identified four effective requirements gathering modes. During the requirements gathering process, you may need to switch between the four gathering modes to establish a thorough understanding of the information needs.

    Dream Mode

    • Mentality: Let users’ imaginations go wild. The sky’s the limit.
    • How it works: Ask users to dream up the ideal future state and ask how analytics can support those dreams.
    • Limitations: Not all dreams can be fulfilled. A variety of constraints (budget, personnel, technical skills) may prevent the dreams from becoming reality.

    Pain Mode

    • Mentality: Users are currently experiencing pains related to information needs.
    • How it works: Vent the pains. Allow end users to share their information pains, ask them how their pains can be relieved, then convert those pains to requirements.
    • Limitations: Users are limited by the current situation and aren’t looking to innovate.

    Decode Mode

    • Mentality: Read the hidden messages from users. Speculate as to what the users really want.
    • How it works: Decode the underlying messages. Be innovative to develop hypotheses and then validate with the users.
    • Limitations: Speculations and hypothesis could be invalid. They may direct the users into some pre-determined directions.

    Profile Mode

    • Mentality: “I think you may want XYZ because you fall into that profile.”
    • How it works: The information user may fall into some existing user group profile or their information needs may be similar to some existing users.
    • Limitations: This mode doesn’t address very specific needs.

    Supplement BI requirements with user stories and prototyping to ensure BI is fit for purpose

    BI is a continually evolving program. BI artifacts that were developed in the past may not be relevant to the business anymore due to changes in the business and information usage. Revamping your BI program entails revisiting some of the BI requirements and/or gathering new BI requirements.

    Three-Step Process for Gathering Requirements

    Requirements User Stories Rapid Prototyping
    Gather requirements. Most importantly, understand the business needs and wants. Leverage user stories to organize and make sense of the requirements. Use a prototype to confirm requirements and show the initial draft to end users.

    Pain Mode: “I can’t access and manipulate data on my own...”

    Decode Mode: Dig deeper: could this hint at a self-service use case?

    Dream Mode: E.g. a sandbox area where I can play around with clean, integrated, well-represented data.

    Profile Mode: E.g. another marketing analyst is currently using something similar.

    ExampleMary has a spreadmart that keeps track of all campaigns. Maintaining and executing that spreadmart is time consuming.

    Mary is asking for a mash-up data set that she can pivot on her own…

    Upon reviewing the data and the prototype, Mary decided to use a heat map and included two more data points – tenure and lifetime value.

    Identify which BI styles best meet user requirements

    A spectrum of Business Intelligence solutions styles are available. Use Info-Tech’s BI Styles Tool to assess which business stakeholder will be best served by which style.

    Style Description Strategic Importance (1-5) Popularity (1-5) Effort (1-5)
    Standards Preformatted reports Standard, preformatted information for backward-looking analysis. 5 5 1
    User-defined analyses Pre-staged information where “pick lists” enable business users to filter (select) the information they wish to analyze, such as sales for a selected region during a selected previous timeframe. 5 4 2
    Ad-hoc analyses Power users write their own queries to extract self-selected pre-staged information and then use the information to perform a user-created analysis. 5 4 3
    Scorecards and dashboards Predefined business performance metrics about performance variables that are important to the organization, presented in a tabular or graphical format that enables business users to see at a glance how the organization is performing. 4 4 3
    Multidimensional analysis (OLAP) Multidimensional analysis (also known as on-line analytical processing): Flexible tool-based, user-defined analysis of business performance and the underlying drivers or root causes of that performance. 4 3 3
    Alerts Predefined analyses of key business performance variables, comparison to a performance standard or range, and communication to designated businesspeople when performance is outside the predefined performance standard or range. 4 3 3
    Advanced Analytics Application of long-established statistical and/or operations research methods to historical business information to look backward and characterize a relevant aspect of business performance, typically by using descriptive statistics. 5 3 4
    Predictive Analytics Application of long-established statistical and/or operations research methods and historical business information to predict, model, or simulate future business and/or economic performance and potentially prescribe a favored course of action for the future. 5 3 5

    Activity: Gather BI requirements

    1.3.2

    2-6 hours

    Using the approaches discussed on previous slides, start a dialogue with business users to confirm existing requirements and develop new ones.

    1. Invite business stakeholders to a requirements gathering session.
    2. For existing BI artifacts – Invite existing users of those artifacts.

      For new BI development – Invite stakeholders at the executive level to understand the business operation and their needs and wants. This is especially important if their department is new to BI.

    3. Discuss the business requirements. Systematically switch between the four requirements gathering modes to get a holistic view of the requirements.
    4. Once requirements are gathered, organize them to tell a story. A story usually has these components:
    The Setting The Characters The Venues The Activities The Future
    Example Customers are asking for a bundle discount. CMO and the marketing analysts want to… …the information should be available in the portal, mobile, and Excel. …information is then used in the bi-weekly pricing meeting to discuss… …bundle information should contain historical data in a graphical format to help executives.

    INPUT

    • Existing documentations on BI artifacts

    OUTPUT

    • Preliminary, uncategorized list of BI requirements

    Materials

    • Requirements Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA team
    • Business stakeholders
    • Business SMEs
    • BI developers

    Clarify consumer needs by categorizing BI requirements

    Requirements are too broad in some situations and too detailed in others. In the previous step we developed user stories to provide context. Now you need to define requirement categories and gather detailed requirements.

    Considerations for Requirement Categories

    Category Subcategory Sample Requirements
    Data Granularity Individual transaction
    Transformation Transform activation date to YYYY-MM format
    Selection Criteria Client type: consumer. Exclude SMB and business clients. US only. Recent three years
    Fields Required Consumer band, Region, Submarket…
    Functionality Filters Filters required on the dashboard: date range filter, region filter…
    Drill Down Path Drill down from a summary report to individual transactions
    Analysis Required Cross-tab, time series, pie chart
    Visual Requirements Mock-up See attached drawing
    Section The dashboard will be presented using three sections
    Conditional Formatting Below-average numbers are highlighted
    Security Mobile The dashboard needs to be accessed from mobile devices
    Role Regional managers will get a subset of the dashboard according to the region
    Users John, Mary, Tom, Bob, and Dave
    Export Dashboard data cannot be exported into PDF, text, or Excel formats
    Performance Speed A BI artifact must be loaded in three seconds
    Latency Two seconds response time when a filter is changed
    Capacity Be able to serve 50 concurrent users with the performance expected
    Control Governance Govern by the corporate BI standards
    Regulations Meet HIPPA requirements
    Compliance Meet ISO requirements

    Prioritize requirements to assist with solution modeling

    Prioritization ensures that the development team focuses on the right requirements.

    The MoSCoW Model of Prioritization

    Must Have Requirements that mustbe implemented for the solution to be considered successful.
    Should Have Requirements that are high priority and should be included in the solution if possible.
    Could Have Requirements that are desirable but not necessary and could be included if resources are available.
    Won't Have Requirements that won’t be in the next release but will be considered for the future releases.

    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994.

    Prioritization is the process of ranking each requirement based on its importance to project success. Hold a separate meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure that efforts are targeted towards the proper requirements and the plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.

    Activity: Finalize the list of BI requirements

    1.3.3

    1-4 hours

    Requirement Category Framework

    Category Subcategory
    Data Granularity
    Transformation
    Selection Criteria
    Fields Required
    Functionality Filters
    Drill Down Path
    Analysis Required
    Visual Requirements Mock-up
    Section
    Conditional Formatting
    Security Mobile
    Role
    Users
    Export
    Performance Speed
    Latency
    Capacity
    Control Governance
    Regulations
    Compliance

    Create requirement buckets and classify requirements.

    1. Define requirement categories according to the framework.
    2. Review the user story and requirements you collected in Step 1.3.2. Classify the requirements within requirement categories.
    3. Review the preliminary list of categorized requirements and look for gaps in this detailed view. You may need to gather additional requirements to fill the gaps.
    4. Prioritize the requirements according to the MoSCoW framework.
    5. Document your final list of requirements in the BI Strategy and Roadmap Template.

    INPUT

    • Existing requirements and new requirements from step 1.3.2

    OUTPUT

    • Prioritized and categorized requirements

    Materials

    • Requirements Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • Business stakeholders
    • PMO

    Translate your findings and ideas into actions that will be integrated into the BI Strategy and Roadmap Template

    As you progress through each phase, document findings and ideas as they arise. At phase end, hold a brainstorming session with the project team focused on documenting findings and ideas and substantiating them into improvement actions.

    Translating findings and ideas into actions that will be integrated into the BI Strategy and Roadmap Template

    Ask yourself how BI or analytics can be used to address the gaps and explore opportunities uncovered in each phase. For example, in Phase 1, how do current BI capabilities impede the realization of the business vision?

    Document and prioritize Phase 1 findings, ideas, and action items

    1.3.4

    1-2 hours

    1. Reconvene as a group to review findings, ideas, and actions harvested in Phase 1. Write the findings, ideas, and actions on sticky notes.
    2. Prioritize the sticky notes to yield those with high business value and low implementation effort. View some sample findings below:
    3. High Business Value, Low Effort High Business Value, High Effort
      Low Business Value, High Effort Low Business Value, High Effort

      Phase 1

      Sample Phase 1 Findings Found two business objectives that are not supported by BI/analytics
      Some executives still think BI is reporting
      Some confusion around operational reporting and BI
      Data quality plays a big role in BI
      Many executives are not sure about the BI ROI or asking for one
    4. Select the top findings and document them in the “Other Phase 1 Findings” section of the BI Strategy and Roadmap Template. The findings will be used again in Phase 3.

    INPUT

    • Phase 1 activities
    • Business context (vision, mission, goals, etc.

    OUTPUT

    • Other Phase 1 Findings section of the BI Strategy and Roadmap Template

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Project manger
    • Project team
    • Business stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1-1.1.5

    Establish the business context

    To begin the workshop, your project team will be taken through a series of activities to establish the overall business vision, mission, objectives, goals, and key drivers. This information will serve as the foundation for discerning how the revamped BI strategy needs to enable business users.

    1.2.1- 1.2.3

    Create a comprehensive documentation of your current BI environment

    Our analysts will take your project team through a series of activities that will facilitate an assessment of current BI usage and artifacts, and help you design an end-user interview survey to elicit context around BI usage patterns.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-tech analysts

    1.3.1-1.3.3

    Establish new BI requirements

    Our analysts will guide your project team through frameworks for eliciting and organizing requirements from business users, and then use those frameworks in exercises to gather some actual requirements from business stakeholders.

    Phase 2

    Evaluate Your Current BI Practice

    Build a Reporting and Analytics Strategy

    Revisit project metrics to track phase progress

    Goals for Phase 2:

    • Assess your current BI practice. Determine the maturity of your current BI practice from different viewpoints.
    • Develop your BI target state. Plan your next generation BI with Info-Tech’s BI patterns and best practices.
    • Safeguard your target state. Avoid BI pitfalls by proactively monitoring BI risks.

    Info-Tech’s Suggested Metrics for Tracking Phase 2 Goals

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    # of groups participated in the current state assessment The number of groups joined the current assessment using Info-Tech’s BI Practice Assessment Tool Varies; the tool can accommodate up to five groups
    # of risks mitigated Derive from your risk register At least two to five risks will be identified and mitigated

    Intangible Metrics:

    • Prototyping approach allows the BI group to understand more about business requirements, and in the meantime, allows the business to understand how to partner with the BI group.
    • The BI group and the business have more confidence in the BI program as risks are monitored and mitigated on an ad hoc basis.

    Evaluate your current BI practice

    Phase 2 Overarching Insight

    BI success is not based solely on the technology it runs on; technology cannot mask gaps in capabilities. You must be capable in your environment, and data management, data quality, and related data practices must be strong. Otherwise, the usefulness of the intelligence suffers. The best BI solution does not only provide a technology platform, but also addresses the elements that surround the platform. Look beyond tools and holistically assess the maturity of your BI practice with input from both the BI consumer and provider perspectives.

    Understand the Business Context to Rationalize Your BI Landscape Evaluate Your Current BI Practice Create a BI Roadmap for Continuous Improvement
    Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    Assess Your Current BI Maturity
    • SWOT Analysis
    • BI Practice Assessment
    • Summary of Current State
    Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • BI Strategy and Roadmap
    Access Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    Envision BI Future State
    • BI Patterns
    • BI Practice Assessment
    • List of Functions
    Plan for Continuous Improvement
    • Excel Governance Policy
    • BI Ambassador Network Draft
    Undergo Requirements Gathering
    • Requirements Gathering Principles
    • Overall BI Requirements

    Phase 2 overview

    Detailed Overview

    Step 1: Assess Your Current BI Practice

    Step 2: Envision a Future State for Your BI Practice

    Outcomes

    • A comprehensive assessment of current BI practice maturity and capabilities.
    • Articulation of your future BI practice.
    • Improvement objectives and activities for developing your current BI program.

    Benefits

    • Identification of clear gaps in BI practice maturity.
    • A current state assessment that includes the perspectives of both BI providers and consumers to highlight alignment and/or discrepancies.
    • A future state is defined to provide a benchmark for your BI program.
    • Gaps between the future and current states are identified; recommendations for the gaps are defined.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Evaluate Your Current BI Practice

    Proposed Time to Completion: 1-2 weeks

    Step 2.1: Assess Your Current BI Practice

    Start with an analyst kick-off call:

    • Detail the benefits of conducting multidimensional assessments that involve BI providers as well as consumers.
    • Review Info-Tech’s BI Maturity Model.

    Then complete these activities…

    • SWOT analyses
    • Identification of BI maturity level through a current state assessment

    With these tools & templates:

    BI Practice Assessment Tool

    BI Strategy and Roadmap Template

    Step 2.2: Envision a Future State for Your BI Practice

    Review findings with an analyst:

    • Discuss overall maturity gaps and patterns in BI perception amongst different units of your organization.
    • Discuss how to translate activity findings into robust initiatives, defining critical success factors for BI development and risk mitigation.

    Then complete these activities…

    • Identify your desired BI patterns and functionalities.
    • Complete a target state assessment for your BI practice.
    • Review capability practice gaps and phase-level metrics.

    With these tools & templates:

    BI Practice Assessment Tool

    BI Strategy and Roadmap Template

    Phase 2 Results & Insights:

    • A comprehensive assessment of the organization’s current BI practice capabilities and gaps
    • Visualization of BI perception from a variety of business users as well as IT
    • A list of tasks and initiatives for constructing a strategic BI improvement roadmap

    STEP 2.1

    Assess the Current State of Your BI Practice

    Assess your organization’s current BI capabilities

    Step Objectives

    • Understand the definitions and roles of each component of BI.
    • Contextualize BI components to your organization’s environment and current practices.

    Step Activities

    2.1.1 Perform multidimensional SWOT analyses

    2.1.2 Assess current BI and analytical capabilities, Document challenges, constraints, opportunities

    2.1.3 Review the results of your current state assessment

    Outcomes

    • Holistic perspective of current BI strengths and weaknesses according to BI users and providers
    • Current maturity in BI and related data management practices

    Research Support

    • Info-Tech’s Data Management Framework
    • Info-Tech’s BI Practice Assessment Tool
    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Gather multiple BI perspectives with comprehensive SWOT analyses

    SWOT analysis is an effective tool that helps establish a high-level context for where your practice stands, where it can improve, and the factors that will influence development.

    Strengths

    Best practices, what is working well

    Weaknesses

    Inefficiencies, errors, gaps, shortcomings

    Opportunities

    Review internal and external drivers

    Threats

    Market trends, disruptive forces

    While SWOT is not a new concept, you can add value to SWOT by:

    • Conducting a multi-dimensional SWOT to diversify perspectives – involve the existing BI team, BI management, business executives and other business users.
    • SWOT analyses traditionally provide a retrospective view of your environment. Add a future-looking element by creating improvement tasks/activities at the same time as you detail historical and current performance.

    Info-Tech Insight

    Consider a SWOT with two formats: a private SWOT worksheet and a public SWOT session. Participants will be providing suggestions anonymously while solicited suggestions will be discussed in the public SWOT session to further the discussion.

    Activity: Perform a SWOT analysis in groups to get a holistic view

    2.1.1

    1-2 hours

    This activity will take your project team through a holistic SWOT analysis to gather a variety of stakeholder perception of the current BI practice.

    1. Identify individuals to involve in the SWOT activity. Aim for a diverse pool of participants that are part of the BI practice in different capacities and roles. Solution architects, application managers, business analysts, and business functional unit leaders are a good starting point.
    2. Review the findings summary from Phase 1. You may opt to facilitate this activity with insights from the business context. Each group will be performing the SWOT individually.
    3. The group results will be collected and consolidated to pinpoint common ideas and opinions. Individual group results should be represented by a different color. The core program team will be reviewing the consolidated result as a group.
    4. Document the results of these SWOT activities in the appropriate section of the BI Strategy and Roadmap Template.

    SWOT

    Group 1 Provider Group E.g. The BI Team

    Group 2 Consumer Group E.g. Business End Users

    INPUT

    • IT and business stakeholder perception

    OUTPUT

    • Multi-faceted SWOT analyses
    • Potential BI improvement activities/objectives

    Materials

    • SWOT Analysis section of the BI Strategy and Roadmap Template

    Participants

    • Selected individuals in the enterprise (variable)

    Your organization’s BI maturity is determined by several factors and the degree of immersion into your enterprise

    BI Maturity Level

    A way to categorize your analytics maturity to understand where you are currently and what next steps would be best to increase your BI maturity.

    There are several factors used to determine BI maturity:

    Buy-in and Data Culture

    Determines if there is enterprise-wide buy-in for developing business intelligence and if a data-driven culture exists.

    Business–IT Alignment

    Examines if current BI and analytics operations are appropriately enabling the business objectives.

    Governance Structure

    Focuses on whether or not there is adequate governance in place to provide guidance and structure for BI activities.

    Organization Structure and Talent

    Pertains to how BI operations are distributed across the overall organizational structure and the capabilities of the individuals involved.

    Process

    Reviews analytics-related processes and policies and how they are created and enforced throughout the organization.

    Data

    Deals with analytical data in terms of the level of integration, data quality, and usability.

    Technology

    Explores the opportunities in building a fit-for-purpose analytics platform and consolidation opportunities.

    Evaluate Your Current BI Practice with the CMMI model

    To assess BI, Info-Tech uses the CMMI model for rating capabilities in each of the function areas on a scale of 1-5. (“0” and “0.5” values are used for non-existent or emerging capabilities.)

    The image shows an example of a CMMI model

    Use Info-Tech’s BI Maturity Model as a guide for identifying your current analytics competence

    Leverage a BI strategy to revamp your BI program to strive for a high analytics maturity level. In the future you should be doing more than just traditional BI. You will perform self-service BI, predictive analytics, and data science.

    Ad Hoc Developing Defined Managed Trend Setting
    Questions What’s wrong? What happened? What is happening? What happened, is happening, and will happen? What if? So what?
    Scope One business problem at a time One particular functional area Multiple functional areas Multiple functional areas in an integrated fashion Internal plus internet scale data
    Toolset Excel, Access, primitive query tools Reporting tools or BI BI BI, business analytics tools Plus predictive platforms, data science tools
    Delivery Model IT delivers ad hoc reports IT delivers BI reports IT delivers BI reports and some self-service BI Self-service BI and report creation at the business units Plus predictive models and data science projects
    Mindset Firefighting using data Manage using data Analyze using data; shared tooling Data is an asset, shared data Data driven
    BI Org. Structure Data analysts in IT BI BI program BI CoE Data Innovation CoE

    Leverage Info-Tech’s BI Practice Assessment Tool to define your BI current state

    BI Practice Assessment Tool

    1. Assess Current State
    • Eight BI practice areas to assess maturity.
    • Based on CMMI maturity scale.
  • Visualize Current State Results
    • Determine your BI maturity level.
    • Identify areas with outstanding maturity.
    • Uncover areas with low maturity.
    • Visualize the presence of misalignments.
  • Target State
    • Tackle target state from two views: business and IT.
    • Calculate gaps between target and current state.
  • Visualize Target State and Gaps
    • A heat map diagram to compare the target state and the current state.
    • Show both current and target maturity levels.
    • Detailed charts to show results for each area.
    • Detailed list of recommendations.

    Purposes:

    • Assess your BI maturity.
    • Visualize maturity assessment to quickly spot misalignments, gaps, and opportunities.
    • Provide right-sized recommendations.

    Info-Tech Insight

    Assessing current and target states is only the beginning. The real value comes from the interpretation and analysis of the results. Use visualizations of multiple viewpoints and discuss the results in groups to come up with the most effective ideas for your strategy and roadmap.

    Activity: Conduct a current state assessment of your BI practice maturity

    2.1.2

    2-3 hours

    Use the BI Practice Assessment Tool to establish a baseline for your current BI capabilities and maturity.

    1. Navigate to Tab 2. Current State Assessment in the BI Practice Assessment Tool and complete the current state assessment together or in small groups. If running a series of assessments, do not star or scratch every time. Use the previous group’s results to start the conversation with the users.
    2. Info-Tech suggests the following groups participate in the completion of the assessment to holistically assess BI and to uncover misalignment:

      Providers Consumers
      CIO & BI Management BI Work Groups (developers, analysts, modelers) Business Unit #1 Business Unit #2 Business Unit #3
    3. For each assessment question, answer the current level of maturity in terms of:
      1. Initial/Ad hoc – the starting point for use of a new or undocumented repeat process
      2. Developing – the process is documented such that it is repeatable
      3. Defined – the process is defined/confirmed as a standard business process
      4. Managed and Measurable – the process is quantitatively managed in accordance with agreed-upon metrics.
      5. Optimized – the process includes process optimization/improvement.

    INPUT

    • Observations of current maturity

    OUTPUT

    • Comprehensive current state assessment

    Materials

    • BI Practice Assessment Tool
    • Current State Assessment section of the BI Strategy and Roadmap Template

    Participants

    • Selected individuals as suggested by the assessment tool

    Info-Tech Insight

    Discuss the rationale for your answers as a group. Document the comments and observations as they may be helpful in formulating the final strategy and roadmap.

    Activity: Review and analyze the results of the current state assessment

    2.1.3

    2-3 hours

    1. Navigate to Tab 3. Current State Results in the BI Practice Assessment Tool and review the findings:

    The tool provides a brief synopsis of your current BI state. Review the details of your maturity level and see where this description fits your organization and where there may be some discrepancies. Add additional comments to your current state summary in the BI Strategy and Roadmap Document.

    In addition to reviewing the attributes of your maturity level, consider the following:

    1. What are the knowns – The knowns confirm your understanding on the current landscape.
  • What are the unknowns – The unknowns show you the blind spots. They are very important to give you an alternative view of the your current state. The group should discuss those blind spots and determine what to do with them.
  • Activity: Review and analyze the results of the current state assessment (cont.)

    2.1.3

    2-3 hours

    2. Tab 3 will also visualize a breakdown of your maturity by BI practice dimension. Use this graphic as a preliminary method to identify where your organization is excelling and where it may need improvement.

    Better Practices

    Consider: What have you done in the areas where you perform well?

    Candidates for Improvement

    Consider: What can you do to improve these areas? What are potential barriers to improvement?

    STEP 2.2

    Envision a Future State for Your Organization’s BI Practice

    Detail the capabilities of your next generation BI practice

    Step Objectives

    • Create guiding principles that will shape your organization’s ideal BI program.
    • Pinpoint where your organization needs to improve across several BI practice dimensions.
    • Develop approaches to remedy current impediments to BI evolution.
    • Step Activities

      2.2.1 Define guiding principles for the future state

      2.2.2 Define the target state of your BI practice

      2.2.3 Confirm requirements for BI Styles by management group

      2.2.4 Analyze gaps in your BI practice and generate improvement activities and objectives

      2.2.5 Define the critical success factors for future BI

      2.2.6 Identify potential risks for your future state and create a mitigation plan

    Outcomes

    • Defined landscape for future BI capabilities, including desired BI functionalities.
    • Identification of crucial gaps and improvement points to include in a BI roadmap.
    • Updated BI Styles Usage sheet.

    Research Support

    • Info-Tech’s Data Management Framework
    • Info-Tech’s BI Practice Assessment Tool
    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Define guiding principles to drive your future state envisioning

    Envisioning a BI future state is essentially architecting the future for your BI program. It is very similar to enterprise architecture (EA). Guiding principles are widely used in enterprise architecture. This best practice should also be used in BI envisioning.

    Benefits of Guiding Principles in a BI Context

    • BI planning involves a number of business units. Defining high-level future state principles helps to establish a common ground for those different business units.
    • Ensure the next generation BI aligns with the corporate enterprise architecture and data architecture principles.
    • Provide high-level guidance without depicting detailed solutioning by leaving room for innovation.

    Sample Principles for BI Future State

    1. BI should be fit for purpose. BI is a business technology that helps business users.
    2. Business–IT collaboration should be encouraged to ensure deliverables are relevant to the business.
    3. Focus on continuous improvement on data quality.
    4. Explore opportunities to onboard and integrate new datasets to create a holistic view of your data.
    5. Organize and present data in an easy-to-consume, easy-to-digest fashion.
    6. BI should be accessible to everything, as soon as they have a business case.
    7. Do not train just on using the platform. Train on the underlying data and business model as well.
    8. Develop a training platform where trainees can play around with the data without worrying about messing it up.

    Activity: Define future state guiding principles for your BI practice

    2.2.1

    1-2 hours

    Guiding principles are broad statements that are fundamental to how your organization will go about its activities. Use this as an opportunity to gather relevant stakeholders and solidify how your BI practice should perform moving forward.

    1. To ensure holistic and comprehensive future state principles, invite participants from the business, the data management team, and the enterprise architecture team. If you do not have an enterprise architecture practice, invite people that are involved in building the enterprise architecture. Five to ten people is ideal.
    2. BI Future State

      Awareness Buy-in Business-IT Alignment Governance Org. Structure; People Process; Policies; Standards Data Technology
    3. Once the group has some high-level ideas on what the future state looks like, brainstorm guiding principles that will facilitate the achievement of the future state (see above).
    4. Document the future state principles in the Future State Principles for BI section of the BI Strategy and Roadmap Template

    INPUT

    • Existing enterprise architecture guiding principles
    • High-level concept of future state BI

    OUTPUT

    • Guiding principles for prospective BI practice

    Materials

    • Future State Principles section of the BI Strategy and Roadmap Template

    Participants

    • Business representatives
    • IT representatives
    • The EA group

    Leverage prototypes to facilitate a continuous dialogue with end users en route to creating the final deliverable

    At the end of the day, BI makes data and information available to the business communities. It has to be fit for purpose and relevant to the business. Prototypes are an effective way to ensure relevant deliverables are provided to the necessary users. Prototyping makes your future state a lot closer and a lot more business friendly.

    Simple Prototypes

    • Simple paper-based, whiteboard-based prototypes with same notes.
    • The most basic communication tool that facilitates the exchange of ideas.
    • Often used in Joint Application Development (JAD) sessions.
    • Improve business and IT collaboration.
    • Can be used to amend requirements documents.

    Discussion Possibilities

    • Initial ideation at the beginning
    • Align everyone on the same page
    • Explain complex ideas/layouts
    • Improve collaboration

    Elaborated Prototypes

    • Demonstrates the possibilities of BI in a risk-free environment.
    • Creates initial business value with your new BI platform.
    • Validates the benefits of BI to the organization.
    • Generates interest and support for BI from senior management.
    • Prepares BI team for the eventual enterprise-wide deployment.

    Discussion Possibilities

    • Validate and refine requirements
    • Fail fast, succeed fast
    • Acts as checkpoints
    • Proxy for the final working deliverable

    Leverage Info-Tech’s BI Practice Assessment Tool to define your BI target state and visualize capability gaps

    BI Practice Assessment Tool

    1. Assess Current State
    • Eight BI practice areas to assess maturity.
    • Based on CMMI maturity scale.
  • Visualize Current State Results
    • Determine your BI maturity level.
    • Identify areas with outstanding maturity.
    • Uncover areas with low maturity.
    • Visualize the presence of misalignments.
  • Target State
    • Tackle target state from two views: business and IT.
    • Calculate gaps between target and current state.
  • Visualize Target State and Gaps
    • A heat map diagram to compare the target state and the current state.
    • Show both current and target maturity levels.
    • Detailed charts to show results for each area.
    • Detailed list of recommendations.

    Purposes:

    • Assess your BI maturity.
    • Visualize maturity assessment to quickly spot misalignments, gaps, and opportunities.
    • Provide right-sized recommendations.

    Document essential findings in Info-Tech’s BI Strategy and Roadmap Template.

    Info-Tech Insight

    Assessing current and target states is only the beginning. The real value comes from the interpretation and analyses of the results. Use visualizations of multiple viewpoints and discuss the results in groups to come up with the most effective ideas for your strategy and roadmap.

    Activity: Define the target state for your BI practice

    2.2.2

    2 hours

    This exercise takes your team through establishing the future maturity of your BI practice across several dimensions.

    1. Envisioning of the future state will involve input from the business side as well as the IT department.
    2. The business and IT groups should get together separately and determine the target state maturity of each of the BI practice components:

    The image is a screenshot of Tab 4: Target State Evaluation of the BI Practice Assessment Tool

    INPUT

    • Desired future practice capabilities

    OUTPUT

    • Target state assessment

    Materials

    • Tab 4 of the BI Practice Assessment Tool

    Participants

    • Business representatives
    • IT representatives

    Activity: Define the target state for your BI practice (cont.)

    2.2.2

    2 hours

    2. The target state levels from the two groups will be averaged in the column “Target State Level.” The assessment tool will automatically calculate the gaps between future state value and the current state maturity determined in Step 2.1. Significant gaps in practice maturity will be highlighted in red; smaller or non-existent gaps will appear green.

    The image is a screenshot of Tab 4: Target State Evaluation of the BI Practice Assessment Tool with Gap highlighted.

    INPUT

    • Desired future practice capabilities

    OUTPUT

    • Target state assessment

    Materials

    • Tab 4 of the BI Practice Assessment Tool

    Participants

    • Business representatives
    • IT representatives

    Activity: Revisit the BI Style Analysis sheet to define new report and analytical requirements by C-Level

    2.2.3

    1-2 hours

    The information needs for each executive is unique to their requirements and management style. During this exercise you will determine the reporting and analytical needs for an executive in regards to content, presentation and cadence and then select the BI style that suite them best.

    1. To ensure a holistic and comprehensive need assessment, invite participants from the business and BI team. Discuss what data the executive currently use to base decisions on and explore how the different BI styles may assist. Sample reports or mock-ups can be used for this purpose.
    2. Document the type of report and required content using the BI Style Tool.
    3. The BI Style Tool will then guide the BI team in the type of reporting to develop and the level of Self-Service BI that is required. The tool can also be used for product selection.

    INPUT

    • Information requirements for C-Level Executives

    OUTPUT

    • BI style(s) that are appropriate for an executive’s needs

    Materials

    • BI Style Usage sheet from BI Strategy and Roadmap Template
    • Sample Reports

    Participants

    • Business representatives
    • BI representatives

    Visualization tools facilitate a more comprehensive understanding of gaps in your existing BI practice

    Having completed both current and target state assessments, the BI Practice Assessment Tool allows you to compare the results from multiple angles.

    At a higher level, you can look at your maturity level:

    At a detailed level, you can drill down to the dimensional level and item level.

    The image is a screenshots from Tab 4: Target State Evaluation of the BI Practice Assessment Tool

    At a detailed level, you can drill down to the dimensional level and item level.

    Activity: Analyze gaps in BI practice capabilities and generate improvement objectives/activities

    2.2.4

    2 hours

    This interpretation exercise helps you to make sense of the BI practice assessment results to provide valuable inputs for subsequent strategy and roadmap formulation.

    1. IT management and the BI team should be involved in this exercise. Business SMEs should be consulted frequently to obtain clarifications on what their ideal future state entails.
    2. Begin this exercise by reviewing the heat map and identifying:

    • Areas with very large gaps
    • Areas with small gaps

    Areas with large gaps

    Consider: Is the target state feasible and achievable? What are ways we can improve incrementally in this area? What is the priority for addressing this gap?

    Areas with small/no gaps

    Consider: Can we learn from those areas? Are we setting the bar too low for our capabilities?

    INPUT

    • Current and target state visualizations

    OUTPUT

    • Gap analysis (Tab 5)

    Materials

    • Tab 5 of the BI Practice Assessment Tool
    • Future State Assessment Results section of the BI Strategy and Roadmap Template

    Participants

    • Business representatives
    • IT representatives

    Activity: Analyze gaps in BI practice capabilities and generate improvement objectives/activities (cont.)

    2.2.4

    2 hours

    2. Discuss the differences in the current and target state maturity level descriptions. Questions to ask include:

    • What are the prerequisites before we can begin to build the future state?
    • Is the organization ready for that future state? If not, how do we set expectations and vision for the future state?
    • Do we have the necessary competencies, time, and support to achieve our BI vision?

    INPUT

    • Current and target state visualizations

    OUTPUT

    • Gap analysis (Tab 5)

    Materials

    • Tab 5 of the BI Practice Assessment Tool
    • Future State Assessment Results section of the BI Strategy and Roadmap Template

    Participants

    • Business representatives
    • IT representatives

    Activity: Analyze gaps in BI practice capabilities and generate improvement objectives/activities (cont.)

    2.2.4

    2 hours

    3. Have the same group members reconvene and discuss the recommendations at the BI practice dimension level on Tab 5. of the BI Practice Assessment Tool. These recommendations can be used as improvement actions or translated into objectives for building your BI capabilities.

    Example

    The heat map displayed the largest gap between target state and current state in the technology dimension. The detailed drill-down chart will further illustrate which aspect(s) of the technology dimension is/are showing the most room for improvement in order to better direct your objective and initiative creation.

    The image is of an example and recommendations.

    Considerations:

    • What dimension parameters have the largest gaps? And why?
    • Is there a different set of expectations for the future state?

    Define critical success factors to direct your future state

    Critical success factors (CSFs) are the essential factors or elements required for ensuring the success of your BI program. They are used to inform organizations with things they should focus on to be successful.

    Common Provider (IT Department) CSFs

    • BI governance structure and organization is created.
    • Training is provided for the BI users and the BI team.
    • BI standards are in place.
    • BI artifacts rely on quality data.
    • Data is organized and presented in a usable fashion.
    • A hybrid BI delivery model is established.
    • BI on BI; a measuring plan has to be in place.

    Common Consumer (Business) CSFs

    • Measurable business results have been improved.
    • Business targets met/exceeded.
    • Growth plans accelerated.
    • World-class training to empower BI users.
    • Continuous promotion of a data-driven culture.
    • IT–business partnership is established.
    • Collaborative requirements gathering processes.
    • Different BI use cases are supported.

    …a data culture is essential to the success of analytics. Being involved in a lot of Bay Area start-ups has shown me that those entrepreneurs that are born with the data DNA, adopt the data culture and BI naturally. Other companies should learn from these start-ups and grow the data culture to ensure BI adoption.

    – Cameran Hetrick, Senior Director of Data Science & Analytics, thredUP

    Activity: Define provider and consumer critical success factors for your future BI capabilities

    2.2.5

    2 hours

    Create critical success factors that are important to both BI providers and BI consumers.

    1. Divide relevant stakeholders into two groups:
    2. BI Provider (aka IT) BI Consumer (aka Business)
    3. Write two headings on the board: Objective and Critical Success Factors. Write down each of the objectives created in Phase 1.
    4. Divide the group into small teams and assign each team an objective. For each objective, ask the following question:
    5. What needs to be put in place to ensure that this objective is achieved?

      The answer to the question is your candidate CSF. Write CSFs on sticky notes and stick them by the relevant objective.

    6. Rationalize and consolidate CSFs. Evaluate the list of candidate CSFs to find the essential elements for achieving success.
    7. For each CSF, identify at least one key performance indicator that will serve as an appropriate metric for tracking achievement.

    As you evaluate candidate CSFs, you may uncover new objectives for achieving your future state BI.

    INPUT

    • Business objectives

    OUTPUT

    • A list of critical success factors mapped to business objectives

    Materials

    • Whiteboard and colored sticky notes
    • CSFs for the Future State section of the BI Strategy and Roadmap Template

    Participants

    • Business and IT representatives
    • CIO
    • Head of BI

    Round out your strategy for BI growth by evaluating risks and developing mitigation plans

    A risk matrix is a useful tool that allows you to track risks on two dimensions: probability and impact. Use this matrix to help organize and prioritize risk, as well as develop mitigation strategies and contingency plans appropriately.

    Example of a risk matrix using colour coding

    Info-Tech Insight

    Tackling risk mitigation is essentially purchasing insurance. You cannot insure everything – focus your investments on mitigating risks with a reasonably high impact and high probability.

    Be aware of some common barriers that arise in the process of implementing a BI strategy

    These are some of the most common BI risks based on Info-Tech’s research:

    Low Impact Medium Impact High Impact
    High Probability
    • Users revert back to Microsoft Excel to analyze data.
    • BI solution does not satisfy the business need.
    • BI tools become out of sync with new strategic direction.
    • Poor documentation creates confusion and reduces user adoption.
    • Fail to address data issues: quality, integration, definition.
    • Inadequate communication with stakeholders throughout the project.
    • Users find the BI tool interface too confusing.
    Medium Probability
    • Fail to define and monitor KPIs.
    • Poor training results in low user adoption.
    • Organization culture is resistant to the change.
    • Lack of support from the sponsors.
    • No governance over BI.
    • Poor training results in misinformed users.
    Low Probability
    • Business units independently invest in BI as silos.

    Activity: Identify potential risks for your future state and create a mitigation plan

    2.2.6

    1 hour

    As part of developing your improvement actions, use this activity to brainstorm some high-level plans for mitigating risks associated with those actions.

    Example:

    Users find the BI tool interface too confusing.

    1. Use the probability-impact matrix to identify risks systematically. Collectively vote on the probability and impact for each risk.
    2. Risk mitigation. Risk can be mitigated by three approaches:
    3. A. Reducing its probability

      B. Reducing its impact

      C. Reducing both

      Option A: Brainstorm ways to reduce risk probability

      E.g. The probability of the above risk may be reduced by user training. With training, the probability of confused end users will be reduced.

      Option B: Brainstorm ways to reduce risk impact

      E.g. The impact can be reduced by ensuring having two end users validate each other’s reports before making a major decision.

    4. Document your high-level mitigation strategies in the BI Strategy and Roadmap Template.

    INPUT

    • Step 2.2 outputs

    OUTPUT

    • High-level risk mitigation plans

    Materials

    • Risks and Mitigation section of the BI Strategy and Roadmap Template

    Participants

    • BI sponsor
    • CIO
    • Head of BI

    Translate your findings and ideas into actions that will be integrated into the BI strategy and roadmap

    As you progress through each phase, document findings and ideas as they arise. By phase end, hold a brainstorming session with the project team focused on documenting findings and ideas and substantiating them into improvement actions.

    Translated findings and ideas into actions that will be integrated into the BI strategy and roadmap.

    Ask yourself how BI or analytics can be used to address the gaps and explore opportunities uncovered in each phase. For example, in Phase 1, how do current BI capabilities impede the realization of the business vision?

    Document and prioritize Phase 2 findings, ideas, and action items

    2.2.7

    1-2 hours

    1. Reconvene as a group to review the findings, ideas, and actions harvested in Phase 2. Write the findings, ideas, and actions on sticky notes.
    2. Prioritize the sticky notes to yield those with high business value and low implementation effort. View some sample findings below:
    3. High Business Value, Low Effort High Business Value, High Effort
      Low Business Value, High Effort Low Business Value, High Effort

      Phase 2

      Sample Phase 2 Findings Found a gap between the business expectation and the existing BI content they are getting.
      Our current maturity level is “Level 2 – Operational.” Almost everyone thinks we should be at least “Level 3 – Tactical” with some level 4 elements.
      Found an error in a sales report. A quick fix is identified.
      The current BI program is not able to keep up with the demand.
    4. Select the top items and document the findings in the BI Strategy Roadmap Template. The findings will be used to build a Roadmap in Phase 3.

    INPUT

    • Phase 2 activities

    OUTPUT

    • Other Phase 2 Findings section of the BI Strategy and Roadmap Template

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Project manger
    • Project team
    • Business stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1

    Determine your current BI maturity level

    The analyst will take your project team through Info-Tech’s BI Practice Assessment Tool, which collects perspectives from BI consumer and provider groups on multiple facets of your BI practice in order to establish a current maturity level.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    2.2.1

    Define guiding principles for your target BI state

    Using enterprise architecture principles as a starting point, our analyst will facilitate exercises to help your team establish high-level standards for your future BI practice.

    2.2.2-2.2.3

    Establish your desired BI patterns and matching functionalities

    In developing your BI practice, your project team will have to decide what BI-specific capabilities are most important to your organization. Our analyst will take your team through several BI patterns that Info-Tech has identified and discuss how to bridge the gap between these patterns, linking them to specific functional requirements in a BI solution.

    2.2.4-2.2.5

    Analyze the gaps in your BI practice capabilities

    Our analyst will guide your project team through a number of visualizations and explanations produced by our assessment tool in order to pinpoint the problem areas and generate improvement ideas.

    Phase 3

    Create a BI Roadmap for Continuous Improvement

    Build a Reporting and Analytics Strategy

    Create a BI roadmap for continuous improvement

    Phase 3 Overarching Insight

    The benefit of creating a comprehensive and actionable roadmap is twofold: not only does it keep BI providers accountable and focused on creating incremental improvement, but a roadmap helps to build momentum around the overall project, provides a continuous delivery of success stories, and garners grassroots-level support throughout the organization for BI as a key strategic imperative.

    Understand the Business Context to Rationalize Your BI Landscape Evaluate Your Current BI Practice Create a BI Roadmap for Continuous Improvement
    Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    Assess Your Current BI Maturity
    • SWOT Analysis
    • BI Practice Assessment
    • Summary of Current State
    Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • BI Strategy and Roadmap
    Access Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    Envision BI Future State
    • BI Patterns
    • BI Practice Assessment
    • List of Functions
    Plan for Continuous Improvement
    • Excel Governance Policy
    • BI Ambassador Network Draft
    Undergo Requirements Gathering
    • Requirements Gathering Principles
    • Overall BI Requirements

    Phase 3 overview

    Detailed Overview

    Step 1: Establish Your BI Initiative Roadmap

    Step 2: Identify Opportunities to Enhance Your BI Practice

    Step 3: Create Analytics Strategy

    Step 4: Define CSF and metrics to monitor success of BI and analytics

    Outcomes

    • Consolidate business intelligence improvement objectives into robust initiatives.
    • Prioritize improvement initiatives by cost, effort, and urgency.
    • Create a one-year, two-year, or three-year timeline for completion of your BI improvement initiatives.
    • Identify supplementary programs that will facilitate the smooth execution of road-mapped initiatives.

    Benefits

    • Clear characterization of comprehensive initiatives with a detailed timeline to keep team members accountable.

    Revisit project metrics to track phase progress

    Goals for Phase 3:

    • Put everything together. Findings and observations from Phase 1 and 2 are rationalized in this phase to develop data initiatives and create a strategy and roadmap for BI.
    • Continuous improvements. Your BI program is evolving and improving over time. The program should allow you to have faster, better, and more comprehensive information.

    Info-Tech’s Suggested Metrics for Tracking Phase 3 Goals

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    Program Level Metrics Efficiency
    • Time to information
    • Self-service penetration
    • Derive from the ticket management system
    • Derive from the BI platform
    • 10% reduction in time to information
    • Achieve 10-15% self-service penetration
    • Effectiveness
    • BI Usage
    • Data quality
    • Derive from the BI platform
    • Data quality perception
    • Majority of the users use BI on a daily basis
    • 15% increase in data quality perception
    Comprehensiveness
    • # of integrated datasets
    • # of strategic decisions made
    • Derive from the data integration platform
    • Decision-making perception
    • Onboard 2-3 new data domains per year
    • 20% increase in decision-making perception

    Learn more about the CIO Business Vision program.

    Intangible Metrics:

    Tap into the results of Info-Tech’s CIO Business Vision diagnostic to monitor the changes in business-user satisfaction as you implement the initiatives in your BI improvement roadmap.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that helps you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Create a BI Roadmap for Continuous Improvement

    Proposed Time to Completion: 1-2 weeks

    Step 3.1: Construct a BI Improvement Initiative Roadmap

    Start with an analyst kick off call:

    • Review findings and insights from completion of activities pertaining to current and future state assessments
    • Discuss challenges around consolidating activities into initiatives

    Then complete these activities…

    • Collect improvement objectives/tasks from previous phases
    • Develop comprehensive improvement initiatives
    • Leverage value-effort matrix activities to prioritize these initiatives and place them along an improvement roadmap

    With these tools & templates:

    BI Initiatives and Roadmap Tool

    BI Strategy and Roadmap Template

    Step 3.2: Continuous Improvement Opportunities for BI

    Review findings with analyst:

    • Review completed BI improvement initiatives and roadmap
    • Discuss guidelines presenting a finalized improvement to the relevant committee or stakeholders
    • Discuss additional policies and programs that can serve to enhance your established BI improvement roadmap

    Then complete these activities…

    • Present BI improvement roadmap to relevant stakeholders
    • Develop Info-Tech’s recommended supplementary policies and programs for BI

    With these tools & templates:

    BI Strategy and Roadmap Executive Presentation Template

    Phase 3 Results & Insights:

    • Comprehensive initiatives with associated tasks/activities consolidated and prioritized in an improvement roadmap

    STEP 3.1

    Construct a BI Improvement Initiative Roadmap

    Build an improvement initiative roadmap to solidify your revamped BI strategy

    Step Objectives

    • Bring together activities and objectives for BI improvement to form initiatives
    • Develop a fit-for-purpose roadmap aligned with your BI strategy

    Step Activities

    3.1.1 Characterize individual improvement objectives and activities ideated in previous phases.

    3.1.2 Synthesize and detail overall BI improvement initiatives.

    3.1.3 Create a plan of action by placing initiatives on a roadmap.

    Outcomes

    • Detailed BI improvement initiatives, prioritized by value and effort
    • Defined roadmap for completion of tasks associated with each initiative and accountability

    Research Support

    • Info-Tech’s BI Initiatives and Roadmap Tool

    Proposed Participants in this Step

    Project Manager

    Project Team

    Create detailed BI strategy initiatives by bringing together the objectives listed in the previous phases

    When developing initiatives, all components of the initiative need to be considered, from its objectives and goals to its benefits, risks, costs, effort required, and relevant stakeholders.

    Use outputs from previous project steps as inputs to the initiative and roadmap building:

    The image shows the previous project steps as inputs to the initiative and roadmap building, with arrow pointing from one to the next.

    Determining the dependencies that exist between objectives will enable the creation of unique initiatives with associated to-do items or tasks.

    • Group objectives into similar buckets with dependencies
    • Select one overarching initiative
    • Adapt remaining objectives into tasks of the main initiative
    • Add any additional tasks

    Leverage Info-Tech’s BI Initiatives and Roadmap Tool to build a fit-for-purpose improvement roadmap

    BI Initiatives and Roadmap Tool

    Overview

    Use the BI Initiatives and Roadmap Tool to develop comprehensive improvement initiatives and add them to a BI strategy improvement roadmap.

    Recommended Participants

    • BI project team

    Tool Guideline

    Tab 1. Instructions Use this tab to get an understanding as to how the tool works.
    Tab 2. Inputs Use this tab to customize the inputs used in the tool.
    Tab 3. Activities Repository Use this tab to list and prioritize activities, to determine dependencies between them, and build comprehensive initiatives with them.
    Tab 4. Improvement Initiatives Use this tab to develop detailed improvement initiatives that will form the basis of the roadmap. Map these initiatives to activities from Tab 3.
    Tab 5. Improvement Roadmap Use this tab to create your BI strategy improvement roadmap, assigning timelines and accountability to initiatives and tasks, and to monitor your project performance over time.

    Activity: Consolidate BI activities into the tool and assign dependencies and priorities

    3.1.1

  • 2 hours
    1. Have one person from the BI project team populate Tab 3. Activities Repository with the BI strategy activities that were compiled in Phases 1 and 2. Use drop-downs to indicate in which phase the objective was originally ideated.
    2. With BI project team executives, discuss and assign dependencies between activities in the Dependencies columns. A dependency exists if:
    • An activity requires consideration of another activity.
    • An activity requires the completion of another activity.
    • Two activities should be part of the same initiative.
    • Two activities are very similar in nature.
  • Then discuss and assign priorities to each activity in the Priority column using input from previous Phases. For example, if an activity was previously indicated as critical to the business, if a similar activity appears multiple times, or if an activity has several dependencies, it should be higher priority.
  • Inputs

    • BI improvement activities created in Phases 1 and 2

    Output

    • Activities with dependencies and priorities

    Materials

    • BI Initiatives and Roadmap Tool

    Participants

    • BI project team

    Activity: Consolidate BI activities into the tool and assign dependencies and priorities (cont’d.)

    3.1.1

    2 hours

    Screenshot of Tab 3. BI Activities Repository, with samples improvement activities, dependencies, statuses, and priorities

    The image is of a screenshot of Tab 3. BI Activities Repository, with samples improvement activities, dependencies, statuses, and priorities.

    Revisit the outputs of your current state assessment and note which activities have already been completed in the “Status” column, to avoid duplication of your efforts.

    When classifying the status of items in your activity repository, distinguish between broader activities (potential initiatives) and granular activities (tasks).

    Activity: Customize project inputs and build out detailed improvement initiatives

    3.1.2

    1.5 hours

    1. Follow instructions on Tab 2. Inputs to customize inputs you would like to use for your project.
    2. Review the activities repository and select up to 12 overarching initiatives based on the activities with extreme or highest priority and your own considerations.
    • Rewording where necessary, transfer the names of your initiatives in the banners provided on Tab 4. Improvement Initiatives.
    • On Tab 3, indicate these activities as “Selected (initiatives)” in the Status column.
  • In Tab 4, develop detailed improvement initiatives by indicating the owner, taxonomy, start and end periods, cost and effort estimates, goal, benefit/value, and risks of each initiative.
  • Use drop-downs to list “Related activities,” which will become tasks under each initiative.
    • activities with dependency to the initiative
    • activities that lead to the same goal or benefit/value of the main initiative

    Screenshot of the Improvement Initiative template, to be used for developing comprehensive initiatives

    <p data-verified=The image is a screenshot of the Improvement Initiative template, to be used for developing comprehensive initiatives.">

    Inputs

    • Tab 3. Activities Repository

    Output

    • Unique and detailed improvement initiatives

    Materials

    • BI Initiatives and Roadmap Tool
    • BI Initiatives section of the BI Strategy and Roadmap Template

    Participants

    • BI project team

    Visual representations of your initiative landscape can aid in prioritizing tasks and executing the roadmap

    Building a comprehensive BI program will be a gradual process involving a variety of stakeholders. Different initiatives in your roadmap will either be completed sequentially or in parallel to one another, given dependencies and available resources. The improvement roadmap should capture and represent this information.

    To determine the order in which main initiatives should be completed, exercises such as a value–effort map can be very useful.

    Example: Value–Effort Map for a BI Project

    Initiatives that are high value–low effort are found in the upper left quadrant and are bolded; These may be your four primary initiatives. In addition, initiative five is valuable to the business and critical to the project’s success, so it too is a priority despite requiring high effort. Note that you need to consider dependencies to prioritize these key initiatives.

    Value–Effort Map for a BI Project
    1. Data profiling techniques training
    2. Improve usage metrics
    3. Communication plan for BI
    4. Staff competency evaluation
    5. Formalize practice capabilities
    6. Competency improvement plan program
    7. Metadata architecture improvements
    8. EDW capability improvements
    9. Formalize oversight for data manipulation

    This exercise is best performed using a white board and sticky notes, and axes can be customized to fit your needs (E.g. cost, risk, time, etc.).

    Activity: Build an overall BI strategy improvement roadmap for the entire project

    3.1.3

    45 minutes

    The BI Strategy Improvement Roadmap (Tab 5 of the BI Initiatives and Roadmap Tool) has been populated with your primary initiatives and related tasks. Read the instructions provided at the top of Tab 5.

    1. Use drop-downs to assign a Start Period and End Period to each initiative (already known) and each task (determined here). As you do so, the roadmap will automatically fill itself in. This is where the value–effort map or other prioritization exercises may help.
    2. Assign Task Owners reporting Managers.
    3. Update the Status and Notes columns on an ongoing basis. Hold meetings with task owners and managers about blocked or overdue items.
    • Updating status should also be an ongoing maintenance requirement for Tab 3 in order to stay up to date on which activities have been selected as initiatives or tasks, are completed, or are not yet acted upon.

    Screenshot of the BI Improvement Roadmap (Gantt chart) showing an example initiative with tasks, and assigned timeframes, owners, and status updates.

    INPUTS

    • Tab 3. Activities Repository
    • Tab 4. Improvement Initiatives

    OUTPUT

    • BI roadmap

    Materials

    • BI Initiatives and Roadmap Tool
    • Roadmap section of the BI Strategy and Roadmap Template

    Participants

    • BI project team

    Obtain approval for your BI strategy roadmap by organizing and presenting project findings

    Use a proprietary presentation template

    Recommended Participants

    • Project sponsor
    • Relevant IT & business executives
    • CIO
    • BI project team

    Materials & Requirements

    Develop your proprietary presentation template with:

    • Results from Phases 1 and 2 and Step 3.1
    • Information from:
      • Info-Tech’s Build a Reporting and Analytics Strategy
    • Screen shots of outputs from the:
      • BI Practice Assessment Tool
      • BI Initiatives and Roadmap Tool

    Next Steps

    Following the approval of your roadmap, begin to plan the implementation of your first initiatives.

    Overall Guidelines

    • Invite recommended participants to an approval meeting.
    • Present your project’s findings with the goal of gaining key stakeholder support for implementing the roadmap.
    1. Set the scene using BI vision & objectives.
    2. Present the results and roadmap next.
    3. Dig deeper into specific issues by touching on the important components of this blueprint to generate a succinct and cohesive presentation.
  • Make the necessary changes and updates stemming from discussion notes during this meeting.
  • Submit a formal summary of findings and roadmap to your governing body for review and approval (e.g. BI steering committee, BI CoE).
  • Info-Tech Insight

    At this point, it is likely that you already have the support to implement a data quality improvement roadmap. This meeting is about the specifics and the ROI.

    Maximize support by articulating the value of the data quality improvement strategy for the organization’s greater information management capabilities. Emphasize the business requirements and objectives that will be enhanced as a result of tackling the recommended initiatives, and note any additional ramifications of not doing so.

    Leverage Info-Tech’s presentation template to present your BI strategy to the executives

    Use the BI Strategy and Roadmap Executive Presentation Template to present your most important findings and brilliant ideas to the business executives and ensure your BI program is endorsed. Business executives can also learn about how the BI strategy empowers them and how they can help in the BI journey.

    Important Messages to Convey

    • Executive summary of the presentation
    • Current challenges faced by the business
    • BI benefits and associated opportunities
    • SWOT analyses of the current BI
    • BI end-user satisfaction survey
    • BI vision, mission, and goals
    • BI initiatives that take you to the future state
    • (Updated) Analytical Strategy
    • Roadmap that depicts the timeline

    STEP 3.2

    Continuous Improvement Opportunities for BI

    Create supplementary policies and programs to augment your BI strategy

    Step Objectives

    • Develop a plan for encouraging users to continue to use Excel, but in a way that does not compromise overall BI effectiveness.
    • Take steps to establish a positive organizational culture around BI.

    Step Activities

    3.2.1 Construct a concrete policy to integrate Excel use with your new BI strategy.

    3.2.2 Map out the foundation for a BI Ambassador network.

    Outcomes

    • Business user understanding of where Excel manipulation should and should not occur
    • Foundation for recognizing exceptional BI users and encouraging development of enterprise-wide business intelligence

    Research Support

    • Info-Tech’s BI Initiatives and Roadmap Tool
    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Project Team

    Additional Business Users

    Establish Excel governance to better serve Excel users while making sure they comply with policies

    Excel is the number one BI tool

    • BI applications are developed to support information needs.
    • The reality is that you will never migrate all Excel users to BI. Some Excel users will continue to use it. The key is to support them while imposing governance.
    • The goal is to direct them to use the data in BI or in the data warehouse instead of extracting their own data from various source systems.

    The Tactic: Centralize data extraction and customize delivery

    • Excel users formerly extracted data directly from the production system, cleaned up the data, manipulated the data by including their own business logic, and presented the data in graphs and pivot tables.
    • With BI, the Excel users can still use Excel to look at the information. The only difference is that BI or data warehouse will be the data source of their Excel workbook.

    Top-Down Approach

    • An Excel policy should be created at the enterprise level to outline which Excel use cases are allowed, and which are not.
    • Excel use cases that involve extracting data from source systems and transforming that data using undisclosed business rules should be banned.
    • Excel should be a tool for manipulating, filtering, and presenting data, not a tool for extracting data and running business rules.

    Excel

    Bottom-Up Approach

    • Show empathy to your users. They just want information to get their work done.
    • A sub-optimal information landscape is the root cause, and they are the victims. Excel spreadmarts are the by-products.
    • Make the Excel users aware of the risks associated with Excel, train them in BI, and provide them with better information in the BI platform.

    Activity: Create an Excel governance policy

    3.2.1

    4 hours

    Construct a policy around Excel use to ensure that Excel documents are created and shared in a manner that does not compromise the integrity of your overall BI program.

    1. Review the information artifact list harvested from Step 2.1 and identify all existing Excel-related use cases.
    2. Categorize the Excel use cases into “allowed,” “not allowed,” and “not sure.” For each category define:
    3. Category To Do: Policy Context
      Allowed Discuss what makes these use cases ideal for BI. Document use cases, scenarios, examples, and reasons that allow Excel as an information artifact.
      Not Allowed Discuss why these cases should be avoided. Document forbidden use cases, scenarios, examples, and reasons that use Excel to generate information artifacts.
      Not Sure Discuss the confusions; clarify the gray area. Document clarifications and advise how end users can get help in those “gray area” cases.
    4. Document the findings in the BI Strategy and Roadmap Template in the Manage and Sustain BI Strategy section, or a proprietary template. You may also need to create a separate Excel policy to communicate the Dos and Don’ts.

    Inputs

    • Step 2.1 – A list of information artifacts

    Output

    • Excel-for-BI Use Policy

    Materials

    • BI Strategy Roadmap and Template, or proprietary document

    Participants

    • Business executives
    • CIO
    • Head of BI
    • BI team

    Build a network of ambassadors to promote BI and report to IT with end-user feedback and requests

    The Building of an Insider Network: The BI Ambassador Network

    BI ambassadors are influential individuals in the organization that may be proficient at using BI tools but are passionate about analytics. The network of ambassadors will be IT’s eyes, ears, and even mouth on the frontline with users. Ambassadors will promote BI, communicate any messages IT may have, and keep tabs on user satisfaction.

    Ideal candidate:

    • A good relationship with IT.
    • A large breadth of experience with BI, not just one dashboard.
    • Approachable and well-respected amongst peers.
    • Has a passion for driving organizational change using BI and continually looking for opportunities to innovate.

    Push

    • Key BI Messages
    • Best Practices
    • Training Materials

    Pull

    • Feedback
    • Complaints
    • Thoughts and New Ideas

    Motivate BI ambassadors with perks

    You need to motivate ambassadors to take on this additional responsibility. Make sure the BI ambassadors are recognized in their business units when they go above and beyond in promoting BI.

    Reward Approach Reward Type Description
    Privileges High Priority Requests Given their high usage and high visibility, ambassadors’ BI information requests should be given a higher priority.
    First Look at New BI Development Share the latest BI updates with ambassadors before introducing them to the organization. Ambassadors may even be excited to test out new functionality.
    Recognition Featured in Communications BI ambassadors’ use cases and testimonials can be featured in BI communications. Be sure to create a formal announcement introducing the ambassadors to the organization.
    BI Ambassador Certificate A certificate is a formal way to recognize their efforts. They can also publicly display the certificate in their workspace.
    Rewards Appointed by Senior Executives Have the initial request to be a BI ambassador come from a senior executive to flatter the ambassador and position the role as a reward or an opportunity for success.
    BI Ambassador Awards Award an outstanding BI ambassador for the year. The award should be given by the CEO in a major corporate event.

    Activity: Plan for a BI ambassador network

    3.2.2

    2 hours

    Identify individuals within your organization to act as ambassadors for BI and a bridge between IT and business users.

    1. Obtain a copy of your latest organizational chart. Review your most up-to-date organizational chart and identify key BI consumers across a variety of functional units. In selecting potential BI ambassadors, reflect on the following questions:
    • Does this individual have a good relationship with IT?
    • What is the depth of their experience with developing/consuming business intelligence?
    • Is this individual respected and influential amongst their respective business units?
    • Has this individual shown a passion for innovating within their role?
  • Create a mandate and collateral detailing the roles and responsibilities for the ambassador role, e.g.:
    • Promote BI to members of your group
    • Represent the “voice of the data consumers”
  • Approach the ambassador candidates and explain the responsibilities and perks of the role, with the goal of enlisting about 10-15 ambassadors
  • Inputs

    • An updated organizational chart
    • A list of BI users

    Output

    • Draft framework for BI ambassador network

    Materials

    • BI Strategy and Roadmap Template or proprietary document

    Participants

    • Business executives
    • CIO
    • Head of BI
    • BI team

    Keeping tabs on metadata is essential to creating a data democracy with BI

    A next generation BI not only provides a platform that mirrors business requirements, but also creates a flexible environment that empowers business users to explore data assets without having to go back and forth with IT to complete queries.

    Business users are generally not interested in the underlying architecture or the exact data lineages; they want access to the data that matters most for decision-making purposes.

    Metadata is data about data

    It comes in the form of structural metadata (information about the spaces that contain data) and descriptive metadata (information pertaining to the data elements themselves), in order to answer questions such as:

    • What is the intended purpose of this data?
    • How up-to-date is this information?
    • Who owns this data?
    • Where is this data coming from?
    • How have these data elements been transformed?

    By creating effective metadata, business users are able to make connections between and bring together data sources from multiple areas, creating the opportunity for holistic insight generation.

    Like BI, metadata lies in the Information Dimension layer of our data management framework.

    The metadata needs to be understood before building anything. You need to identify fundamentals of the data, who owns not only that data, but also its metadata. You need to understand where the consolidation is happening and who owns it. Metadata is the core driver and cost saver for building warehouses and requirements gathering.

    – Albert Hui, Principal, Data Economist

    Deliver timely, high quality, and affordable information to enable fast and effective business decisions

    In order to maximize your ROI on business intelligence, it needs to be treated less like a one-time endeavor and more like a practice to be continually improved upon.

    Though the BI strategy provides the overall direction, the BI operating model – which encompasses organization structure, processes, people, and application functionality – is the primary determinant of efficacy with respect to information delivery. The alterations made to the operating model occur in the short term to improve the final deliverables for business users.

    An optimal BI operating model satisfies three core requirements:

    Timeliness

    Effectiveness

  • Affordability
  • Bring tangible benefits of your revamped BI strategy to business users by critically assessing how your organization delivers business intelligence and identifying opportunities for increased operational efficiency.

    Assess and Optimize BI Operations

    Focus on delivering timely, quality, and affordable information to enable fast and effective business decisions

    Implement a fit-for-purpose BI and analytics solution to augment your next generation BI strategy

    Organizations new to business intelligence or with immature BI capabilities are under the impression that simply getting the latest-and-greatest tool will provide the insights business users are looking for.

    BI technology can only be as effective as the processes surrounding it and the people leveraging it. Organizations need to take the time to select and implement a BI suite that aligns with business goals and fosters end-user adoption.

    As an increasing number of companies turn to business intelligence technology, vendors are responding by providing BI and analytics platforms with more and more features.

    Our vendor landscape will simplify the process of selecting a BI and analytics solution by:

    Differentiating between the platforms and features vendors are offering.

    Detailing a robust framework for requirements gathering to pinpoint your organization’s needs.

    Developing a high-level plan for implementation.

    Select and Implement a Business Intelligence and Analytics Solution

    Find the diamond in your data-rough using the right BI & Analytics solution

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-tech analysts with your team:

    3.1.1-3.1.3

    Construct a BI improvement initiative roadmap

    During these activities, your team will consolidate the list of BI initiatives generated from the assessments conducted in previous phases, assign timelines to each action, prioritize them using a value–effort matrix, and finally produce a roadmap for implementing your organization’s BI improvement strategy.

    3.2

    Identify continuous improvement opportunities for BI

    Our analyst team will work with your organization to ideate supplementary programs to support your BI strategy. Defining Excel use cases that are permitted and prohibited in conjunction with your BI strategy, as well as structuring an internal BI ambassador network, are a few extra initiatives that can enhance your BI improvement plans.

    Insight breakdown

    Your BI platform is not a one-and-done initiative.

    A BI program is not a static project that is created once and remains unchanged. Your strategy must be treated as a living platform to be revisited and revitalized in order to provide effective enablement of business decision making. Develop a BI strategy that propels your organization by building it on business goals and objectives, as well as comprehensive assessments that quantitatively and qualitatively evaluate your current BI capabilities.

    Put the “B” back in “BI.”

    The closer you align your new BI platform to real business interests, the stronger will be the buy-in, realized value, and groundswell of enthusiastic adoption. Ultimately, getting this phase right sets the stage to best realize a strong ROI for your investment in the people, processes, and technology that will be your next generation BI platform.

    Go beyond the platform.

    BI success is not based solely on the technology it runs on; technology cannot mask gaps in capabilities. You must be capable in your environment – data management, data quality, and related data practices must be strong, otherwise the usefulness of the intelligence suffers. The best BI solution does not only provide a technology platform, but also addresses the elements that surround the platform. Look beyond tools and holistically assess the maturity of your BI practice with input from both the BI consumer and provider perspectives.

    Appendix

    Detailed list of BI Types

    Style Description Strategic Importance (1-5) Popularity (1-5) Effort (1-5)
    Standards Preformatted reports Standard, preformatted information for backward-looking analysis. 5 5 1
    User-defined analyses Pre-staged information where “pick lists” enable business users to filter (select) the information they wish to analyze, such as sales for a selected region during a selected previous timeframe. 5 4 2
    Ad-hoc analyses Power users write their own queries to extract self-selected pre-staged information and then use the information to perform a user-created analysis. 5 4 3
    Scorecards and dashboards Predefined business performance metrics about performance variables that are important to the organization, presented in a tabular or graphical format that enables business users to see at a glance how the organization is performing. 4 4 3
    Multidimensional analysis (OLAP) Multidimensional analysis (also known as On-line analytical processing): Flexible tool-based user-defined analysis of business performance and the underlying drivers or root causes of that performance. 4 3 3
    Alerts Predefined analyses of key business performance variables, comparison to a performance standard or range, and communication to designated businesspeople when performance is outside the predefined performance standard or range. 4 3 3
    Advanced Analytics Application of long-established statistical and/or operations research methods to historical business information to look backward and characterize a relevant aspect of business performance, typically by using descriptive statistics 5 3 4
    Predictive Analytics Application of long-established statistical and/or operations research methods to historical business information to predict, model, or simulate future business and/or economic performance and potentially prescribe a favored course of action for the future 5 3 5

    Our BI strategy approach follows Info-Tech’s popular IT Strategy Framework

    A comprehensive BI strategy needs to be developed under the umbrella of an overall IT strategy. Specifically, creating a BI strategy is contributing to helping IT mature from a firefighter to a strategic partner that has close ties with business units.

    1. Determine mandate and scope 2. Assess drivers and constraints 3. Evaluate current state of IT 4. Develop a target state vision 5. Analyze gaps and define initiatives 6. Build a roadmap 8. Revamp 7. Execute
    Mandate Business drivers Holistic assessments Vision and mission Initiatives Business-driven priorities
    Scope External drivers Focus-area specific assessments Guiding principles Risks
    Project charter Opportunities to innovate Target state vision Execution schedule
    Implications Objectives and measures

    This BI strategy blueprint is rooted in our road-tested and proven IT strategy framework as a systematic method of tackling strategy development.

    Research contributors

    Internal Contributors

    • Andy Woyzbun, Executive Advisor
    • Natalia Nygren Modjeska, Director, Data & Analytics
    • Crystal Singh, Director, Data & Analytic
    • Andrea Malick, Director, Data & Analytics
    • Raj Parab, Director, Data & Analytics
    • Igor Ikonnikov, Director, Data & Analytics
    • Andy Neill, Practice Lead, Data & Analytics
    • Rob Anderson, Manager Sales Operations
    • Shari Lava, Associate Vice-President, Vendor Advisory Practice

    External Contributors

    • Albert Hui, Principal, DataEconomist
    • Cameran Hetrick, Senior Director of Data Science & Analytics, thredUP
    • David Farrar, Director – Marketing Planning & Operations, Ricoh Canada Inc
    • Emilie Harrington, Manager of Analytics Operations Development, Lowe’s
    • Sharon Blanton, VP and CIO, The College of New Jersey
    • Raul Vomisescu, Independent Consultant

    Research contributors and experts

    Albert Hui

    Consultant, Data Economist

    Albert Hui is a cofounder of Data Economist, a data-consulting firm based in Toronto, Canada. His current assignment is to redesign Scotiabank’s Asset Liability Management for its Basel III liquidity compliance using Big Data technology. Passionate about technology and problem solving, Albert is an entrepreneur and result-oriented IT technology leader with 18 years of experience in consulting and software industry. His area of focus is on data management, specializing in Big Data, business intelligence, and data warehousing. Beside his day job, he also contributes to the IT community by writing blogs and whitepapers, book editing, and speaking at technology conferences. His recent research and speaking engagement is on machine learning on Big Data.

    Albert holds an MBA from the University of Toronto and a master’s degree in Industrial Engineering. He has twin boys and enjoys camping and cycling with them in his spare time.

    Albert Hui Consultant, Data Economist

    Cameran Hetrick

    Senior Director of Analytics and Data Science, thredUP

    Cameran is the Senior Director of Analytics and Data Science at thredUP, a startup inspiring a new generation to think second hand first. There she helps drives top line growth through advanced and predictive analytics. Previously, she served as the Director of Data Science at VMware where she built and led the data team for End User Computing. Before moving to the tech industry, she spent five years at The Disneyland Resort setting ticket and hotel prices and building models to forecast attendance. Cameran holds an undergraduate degree in Economics/Mathematics from UC Santa Barbara and graduated with honors from UC Irvine's MBA program.

    Cameran Hetrick Senior Director of Analytics and Data Science, thredUP

    Bibliography

    Bange, Carsten and Wayne Eckerson. “BI and Data Management in the Cloud: Issues and Trends.” BARC and Eckerson Group, January 2017. Web.

    Business Intelligence: The Strategy Imperative for CIOs. Tech. Information Builders. 2007. Web. 1 Dec. 2015.

    COBIT 5: Enabling Information. Rolling Meadows, IL: ISACA, 2013. Web.

    Dag, Naslund, Emma Sikander, and Sofia Oberg. "Business Intelligence - a Maturity Model Covering Common Challenges." Lund University Publications. Lund University, 2014. Web. 23 Oct. 2015.

    “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK Guide).” First Edition. DAMA International. 2009. Digital. April 2014.

    Davenport, Thomas H. and Bean, Randy. “Big Data and AI Executive Survey 2019.” NewVantage Partners LLC. 2019. Web.

    "Debunking the Business of Analytics." Experian Data Quality. Sept. 2013. Web.

    Bibliography

    Drouin, Sue. "Value Chain." SAP Analytics. February 27, 2015.

    Farrar, David. “BI & Data analytics workshop feedback.” Ricoh Canada. Sept. 2019.

    Fletcher, Heather. "New England Patriots Use Analytics & Trigger Emails to Retain Season Ticket Holders." Target Marketing. 1 Dec. 2011. Web.

    Gonçalves, Alex. "Social Media Analytics Strategy - Using Data to Optimize Business Performance.” Apress. 2017.

    Imhoff, Claudia, and Colin White. "Self Service Business Intelligence: Empowering Users to Generate Insights." SAS Resource Page. The Data Warehouse Institute, 2011. Web.

    Khamassi, Ahmed. "Building An Analytical Roadmap : A Real Life Example." Wipro. 2014.

    Kuntz, Jerry, Pierre Haren, and Rebecca Shockley. IBM Insight 2015 Teleconference Series. Proc. of Analytics: The Upside of Disruption. IBM Institute for Business Value, 19 Oct. 2015. Web.

    Kwan, Anne , Maximillian Schroeck, Jon Kawamura. “Architecting and operating model, A platform for accelerating digital transformation.” Part of a Deliotte Series on Digital Industrial Transformation, 2019. Web.

    Bibliography

    Lebied, Mona. "11 Steps on Your BI Roadmap To Implement A Successful Business Intelligence Strategy." Business Intelligence. July 20, 2018. Web.

    Light, Rob. “Make Business Intelligence a Necessity: How to Drive User Adoption.” Sisense Blog. 30 July 2018.

    Mazenko, Elizabeth. “Avoid the Pitfalls: 3 Reasons 80% of BI Projects Fail.” BetterBuys. October 2015.

    Marr, Bernard. "Why Every Business Needs A Data And Analytics Strategy.” Bernard Marr & Co. 2019.

    Mohr, Niko and Hürtgen, Holger. “Achieving Business Impact with Data.” McKinsey. April 2018.

    MIT Sloan Management

    Quinn, Kevin R. "Worst Practices in Business Intelligence: Why BI Applications Succeed Where BI Tools Fail." (2007): 1-19. BeyeNetwork. Information Builders, 2007. Web. 1 Dec. 2015.

    Ringdal, Kristen. "Learning multilevel Analysis." European social Survey. 2019.

    Bibliography

    Schaefer, Dave, Ajay Chandramouly, Burt Carmak, and Kireeti Kesavamurthy. "Delivering Self-Service BI, Data Visualization, and Big Data Analytics." IT@Intel White Paper (2013): 1-11. June 2013. Web. 30 Nov. 2015.

    Schultz, Yogi. “About.” Corvelle Consulting. 2019.

    "The Current State of Analytics: Where Do We Go From Here?" SAS Resource Page. SAS & Bloomberg Businessweek, 2011. Web.

    "The Four Steps to Defining a Customer Analytics Strategy." CCG Analytics Solutions & Services. Nov 10,2017.

    Traore, Moulaye. "Without a strategic plan, your analytics initiatives are risky." Advisor. March 12, 2018. web.

    Wells, Dave. "Ten Mistakes to Avoid When Gathering BI Requirements." Engineering for Industry. The Data Warehouse Institute, 2008. Web.

    “What is a Business Intelligence Strategy and do you need one?” Hydra. Sept 2019. Web.

    Williams, Steve. “Business Intelligence Strategy and Big Data Analytics.” Morgan Kaufman. 2016.

    Wolpe, Toby. "Case Study: How One Firm Used BI Analytics to Track Staff Performance | ZDNet." ZDNet. 3 May 2013. Web.

    Yuk, Mico. “11 Reasons Why Most Business Intelligence Projects Fail.” Innovative enterprise Channels. May 2019.

    Build an Information Security Strategy

    • Buy Link or Shortcode: {j2store}242|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $45,303 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Many security leaders struggle to decide how to best to prioritize their scarce information security resources
    • The need to move from a reactive approach to security towards a strategic planning approach is clear. The path to getting there is less so.

    Our Advice

    Critical Insight

    The most successful information security strategies are:

    • Holistic – They consider the full spectrum of information security, including people, processes, and technology.
    • Risk aware – They understand that security decisions should be made based on the security risks facing their organization, not just on “best practice.”
    • Business aligned – They demonstrate an understanding of the goals and strategies of the organization and how the security program can support the business.

    Impact and Result

    • Info-Tech has developed a highly effective approach to building an information security strategy, an approach that has been successfully tested and refined for more than seven years with hundreds of different organizations:
    • This approach includes tools for:
      • Ensuring alignment with business objectives.
      • Assessing organizational risk and stakeholder expectations.
      • Enabling a comprehensive current state assessment.
      • Prioritizing initiatives and building out a security roadmap.

    Build an Information Security Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Information Security (IS) Strategy Research – A step-by-step document that helps you build a holistic, risk-based, and business-aligned IS strategy.

    Your security strategy should not be based on trying to blindly follow best practices but on a holistic risk-based assessment that is risk aware and aligns with your business context. Use this storyboard to augment your security strategy by ensuring alignment with business objectives, assessing your organization's risk and stakeholder expectations, understanding your current security state, and prioritizing initiatives and a security roadmap.

    • Build an Information Security Strategy – Phases 1-4

    2. Information Security Requirements Gathering Tool – A tool to make informed security risk decisions to support business needs.

    Use this tool to formally identify business goals and customer and compliance obligations and make explicit links to how security initiatives propose to support these business interests. Then define the scope and boundaries for the security strategy and the risk tolerance definitions that will guide future security risk decisions.

    • Information Security Requirements Gathering Tool

    3. Information Security Pressure Analysis Tool – An evaluation tool to invest in the right security functions using a pressure analysis approach.

    Security pressure posture analysis helps your organization assess your real security context and enables you to invest in the right security functions while balancing the cost and value in alignment with business strategies. Security pressure sets the baseline that will help you avoid over-investing or under-investing in your security functions.

    • Information Security Pressure Analysis Tool

    4. Information Security Program Gap Analysis Tool – A structured tool to systematically understand your current security state.

    Effective security planning should not be one size fits all – it must consider business alignment, security benefit, and resource cost. To enable an effective security program, all areas of security need to be evaluated closely to determine where the organization sits currently and where it needs to go in the future.

    • Information Security Program Gap Analysis Tool

    5. Information Security Strategy Communication Deck – A best-of-breed presentation document to build a clear, concise, and compelling strategy document.

    Use this communication deck template to present the results of the security strategy to stakeholders, demonstrate the progression from the current state to the future state, and establish the roadmap of the security initiatives that will be implemented. This information security communication deck will help ensure that you’re communicating effectively for your cause.

    • Information Security Strategy Communication Deck

    6. Information Security Charter – An essential document for defining the scope and purpose of a security project or program.

    A charter is an essential document for defining the scope and purpose of security. Without a charter to control and set clear objectives for this committee, the responsibility of security governance initiatives will likely be undefined within the enterprise, preventing the security governance program from operating efficiently. This template can act as the foundation for a security charter to provide guidance to the governance of information security.

    • Information Security Charter
    [infographic]

    Workshop: Build an Information Security Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Security Requirements

    The Purpose

    Understand business and IT strategy and plans.

    Key Benefits Achieved

    Defined security obligations, scope, and boundaries.

    Activities

    1.1 Define business and compliance.

    1.2 Establish security program scope.

    1.3 Analyze the organization’s risk and stakeholder pressures.

    1.4 Identify the organizational risk tolerance level.

    Outputs

    Security obligations statement

    Security scope and boundaries statement

    Defined risk tolerance level

    Risk assessment and pressure analysis

    2 Perform a Gap Analysis

    The Purpose

    Define the information security target state.

    Key Benefits Achieved

    Set goals and Initiatives for the security strategy in line with the business objectives.

    Activities

    2.1 Assess current security capabilities.

    2.2 Identify security gaps.

    2.3 Build initiatives to bridge the gaps.

    Outputs

    Information security target state

    Security current state assessment

    Initiatives to address gaps

    3 Complete the Gap Analysis

    The Purpose

    Continue assessing current security capabilities.

    Key Benefits Achieved

    Identification of security gaps and initiatives to bridge them according to the business goals.

    Activities

    3.1 Identify security gaps.

    3.2 Build initiatives to bridge the maturity gaps.

    3.3 Identify initiative list and task list.

    3.4 Define criteria to be used to prioritize initiatives.

    Outputs

    Completed security current state assessment

    Task list to address gaps

    Initiative list to address gaps

    Prioritize criteria

    4 Develop the Roadmap

    The Purpose

    Create a plan for your security strategy going forward.

    Key Benefits Achieved

    Set path forward to achieving the target state for the business through goal cascade and gap initiatives.

    Activities

    4.1 Conduct cost/benefit analysis on initiatives.

    4.2 Prioritize gap initiatives based on cost and alignment with business.

    4.3 Build an effort list.

    4.4 Determine state times and accountability.

    4.5 Finalize security roadmap and action plan.

    4.6 Create communication plan.

    Outputs

    Information security roadmap

    Draft communication deck

    5 Communicate and Implement

    The Purpose

    Finalize deliverables.

    Key Benefits Achieved

    Consolidate documentation into a finalized deliverable that can be used to present to executives and decision makers to achieve buy-in for the project.

    Activities

    5.1 Support communication efforts.

    5.2 Identify resources in support of priority initiatives.

    Outputs

    Security strategy roadmap documentation

    Detailed cost and effort estimates

    Mapping of Info-Tech resources against individual initiatives

    Further reading

    Build an Information Security Strategy

    Create value by aligning your strategy to business goals and business risks.

    Analyst Perspective

    Set your security strategy up for success.

    “Today’s rapid pace of change in business innovation and digital transformation is a call to action to information security leaders.

    Too often, chief information security officers find their programs stuck in reactive mode, a result of years of mounting security technical debt. Shifting from a reactive to proactive stance has never been more important. Unfortunately, doing so remains a daunting task for many.

    While easy to develop, security plans premised on the need to blindly follow ‘best practices’ are unlikely to win over many stakeholders. To be truly successful, an information security strategy needs to be holistic, risk-aware, and business-aligned.”

    Kevin Peuhkurinen

    Research Director – Security, Risk & Compliance

    Info-Tech Research Group

    Executive summary

    Your Challenge

    • Many security leaders struggle to decide how best to prioritize their scarce information security resources.
    • The need to move from a reactive approach to security toward a strategic planning approach is clear. The path to getting there is less clear.

    Common Obstacle

    • Developing a security strategy can be challenging. Complications include:
      • Performing an accurate assessment of your current security program can be extremely difficult when you don’t know what to assess or how.
      • Determining the appropriate target state for security can be even more challenging. A strategy built around following best practices is unlikely to garner significant support from business stakeholders.

    Info-Tech’s Approach

    • Info-Tech has developed a highly effective approach to building an information security strategy, an approach that has been successfully tested and refined for 7+ years with hundreds of organizations.
    • This unique approach includes tools for:
      • Ensuring alignment with business objectives.
      • Assessing organizational risk and stakeholder expectations.
      • Enabling a comprehensive current state assessment.
      • Prioritizing initiatives and building out a security roadmap.

    Info-Tech Insight

    The most successful information security strategies are:

    • Holistic. They consider the full spectrum of information security, including people, processes, and technologies.
    • Risk-Aware. They understand that security decisions should be made based on the security risks facing their organization, not just on best practice.
    • Business-Aligned. They demonstrate an understanding of the goals and strategies of the organization, and how the security program can support the business.

    It’s not a matter of if you have a security incident, but when

    Organizations need to prepare and expect the inevitable security breach.

    Fifty-eight percent of companies surveyed that experienced a breach were small businesses.

    Eighty-nine percent of breaches have a financial or espionage motive.

    Three graphs are depicted. The first is labeled ‘Total Cost for Three Data Breach Root Causes,’ the second ‘Distribution of Benchmark by Root Cause of the Data Breach,’ and the third ‘Per Capita for Three Root Causes of a Data Breach.’ The three root causes are malicious or criminal attack (US$166 million per capita), system glitch ($132 million per capita), and human error ($133 million per capita).

    Source: Ponemon Institute, “2019 Global Cost of Data Breach Study”

    An information security strategy can help you prepare for incidents

    Organizations need to expect the inevitable security breach.

    90%

    of businesses have experienced an external threat in the last year.

    50%

    of IT professionals consider security to be their number one priority.

    53%

    of organizations claimed to have experienced an insider attack in the previous 12 months. 1

    46%

    of businesses believe the frequency of attacks is increasing. 2

    Effective IT leaders approach their security strategy from an understanding that attacks on their organization will occur. Building a strategy around this assumption allows your security team to understand the gaps in your current approach and become proactive instead of being reactive.

    Sources: 1 Kaspersky Lab, “Global IT Security Risks Survey”; 2 CA Technologies, “Insider Threat 2018 Report”

    Persistent Issues

    Evolving Ransomware

    • Continual changes in types and platforms make ransomware a persistent threat. The frequency of ransomware attacks was reported to have increased by 67% in the past five years. 1

    Phishing Attacks

      • Despite filtering and awareness, email remains the most common threat vector for phishing attacks (94%) and an average of 3% of participants in phishing campaigns still click on them. 2

    Insider Privilege and Misuse

    • Typically, 34% of breaches are perpetrated by insiders, with 15% involving privilege misuse. Takeaway: Care less about titles and more about access levels. 3

    Denial of Service

    • The median amount of time that an organization is under attack from DDoS attack is three days.

    Emerging Trends

    Advanced Identity and Access Governance

    • Using emerging technologies in automation, orchestration, and machine learning, the management and governance of identities and access has become more advanced.

    Sources: 1 Accenture, “2019 The Cost of Cyber Crime Study”; 2,3 Verizon, “2019 Data Breach Investigations Report”

    New threat trends in information security aren’t new.

    Previously understood attacks are simply an evolution of prior implementations, not a revolution.

    Traditionally, most organizations are not doing a good-enough job with security fundamentals, which is why attackers have been able to use the same old tricks.

    However, information security has finally caught the attention of organizational leaders, presenting the opportunity to implement a comprehensive security program.

    Cyberattacks have a significant financial impact

    Global average cost of a data breach: $3.92 Million

    Source: Ponemon Institute, “2019 Cost of a Data Breach Study: Global Overview”

    A bar graph, titled ‘Average cost of data breach by industry,’ is depicted. Of 17 industries depicted, public is the lowest average cost (US$1.29 million) and health is the highest average cost ($6.45 million).

    Primary incident type (with a confirmed data breach)

    1. Leading incident type is Denial of Service attacks (DoS), taking up to 70% of all incidents.
    2. When it comes to data breaches, we see that the use of stolen credentials leads to the most cases of confirmed breaches, accounting for 29%.

    Personal records tend to be the most compromised data types, while databases tend to be the most frequently involved asset in breaches.

    Source: Verizon, “2019 Data Breach Investigations Report”

    Security threats are not going away

    We continue to see and hear of security breaches occurring regularly.

    A bar graph depicts the percentage of businesses who experienced a data breach in the last year–US total and global total. Numbers have increased from 2016 to 2019. In 2016, 19 percent of US businesses experienced a breach. In 2019, this number was 59 percent.

    An attacker must be successful only once. The defender – you – must be successful every time.

    Info-Tech’s approach

    Maturing from reactive to strategic information security

    Two circular graphs depict the move from ‘reactive security’ to ‘strategic security’ organizations can accomplish using Info-Tech’s approach.

    Tools icon that is used in the first three stages of the strategic security graph above. Indicates Info-Tech tools included in this blueprint.

    The Info-Tech difference:

    1. A proven, structured approach to mature your information security program from reactive to strategic.
    2. A comprehensive set of tools to take the pain out of each phase in the strategy building exercise.
    3. Visually appealing templates to communicate and socialize your security strategy and roadmap to your stakeholders.

    Info-Tech’s Security Strategy Model

    Info-Tech’s Security Strategy Model is depicted in this rectangular image with arrows. The first level depicts business context (enterprise goals, compliance obligations, scope and boundaries) and pressures (security risks, risk tolerance, stakeholder expectations). The second level depicts security target state (maturity model, security framework, security alignment goals, target maturity, time frame) and current state (current state assessment, gap analysis). The third level depicts the information security roadmap (initiative list, task list, prioritization methodology, and Gantt chart).

    The Info-Tech difference:

    An information security strategy model that is:

    1. Business-Aligned. Determines business context and cascades enterprise goals into security alignment goals.
    2. Risk-Aware. Understands the security risks of the business and how they intersect with the overall organizational risk tolerance.
    3. Holistic. Leverages a best-of-breed information security framework to provide comprehensive awareness of organizational security capabilities.

    Info-Tech’s best-of-breed security framework

    This image shows how Info-Tech’s framework is based on ISO 27000 series, CIS Top 20, COBIT 2019, NIST 800-53, and NIST CSF.

    Info-Tech’s approach

    Creating an information security strategy

    Value to the business

    Outcome

    Best-of-breed security strategy

    Have documentation that paints a picture of the road to compliance. Integrate your framework with your risk tolerance and external pressures.

    Be ready for future changes by aligning your security strategy to security framework best practices.

    Address the nature of your current information security

    Eliminate gaps in process and know what is in scope for your security strategy. Learn what pressures your business and industry are under.

    Gain insight into your current state, allowing you to focus on high-value projects first, transitioning towards a target state.

    Highlight overlooked functions of your current security strategy

    Build a comprehensive security program that brings to light all aspects of your security program.

    Instead of pursing ad hoc projects, know what needs work and how to prioritize your pressing security issues.

    Create a tangible roadmap to your target state

    Create a plan for your future state of information security. Refer to and update your target state as your business needs change.

    Document your current progress and path forward in the future. Know your goals and requirements, codified in a living document.

    Use our prepopulated deliverables to fast track your progress

    Let Info-Tech do the work for you. With completed deliverables, have tangible documents to convey your business needs.

    A comprehensive set of deliverables with concrete, defensible data to justify any business changes.

    A living security strategy

    Pivot and change prioritization to meet the needs of your security deficits.

    Future-proof your security strategy for any contingency.

    The Info-Tech difference:

    Evolve the security program to be more proactive by leveraging Info-Tech’s approach to building a security strategy.

    • Dive deep into security obligations and security pressures to define the business context.
    • Conduct a thorough current state and future state analysis that is aligned with a best-of-breed framework.
    • Prioritize gap-closing initiatives to create a living security strategy roadmap.

    Use Info-Tech’s blueprint to save one to three months

    This image depicts how using Info-Tech’s four-phase blueprint can save an estimated seven to 14 weeks of an organization’s time and effort.

    Iterative benefit

    Over time, experience incremental value from your initial security strategy. Through continual updates your strategy will evolve but with less associated effort, time, and costs.

    These estimates are based on experiences with Info-Tech clients throughout the creation of this blueprint.

    Key deliverable:

    Information Security Strategy Communication Deck (PPT)

    Present your findings in a prepopulated document that can summarizes all key findings of the blueprint.

    Screenshots from Info-Tech’s Information Security Strategy Communication Deck Template.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Information Security Requirements Gathering Tool

    Define the business, customer, and compliance alignment for your security program.

    Information Security Pressure Analysis Tool

    Determine your organization’s security pressures and ability to tolerate risk.

    Information Security Program Gap Analysis Tool

    Use our best-of-breed security framework to perform a gap analysis between your current and target states.

    Information Security Charter

    Ensure the development and management of your security policies meet the broader program vision.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostic and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical Guided Implementation on this topic look like?

    Guided Implementation #1 - Assess security requirements
    • Call #1 - Introduce project and complete pressure analysis.
    Guided Implementation #2 - Build a gap initiative strategy
    • Call #1 - Introduce the maturity assessment.
    • Call #2 - Perform gap analysis and translate into initiatives.
    • Call #3 - Consolidate related gap initiatives and define, cost, effort, alignment, and security benefits.
    Guided Implementation #3 - Prioritize initiatives and build roadmap
    • Call #1 - Review cost/benefit analysis and build an effort map.
    • Call #2 - Build implementation waves and introduce Gantt chart.
    Guided Implementation #4 - Execute and maintain
    • Call #1 - Review Gantt chart and ensure budget/buy-in support.
    • Call #2 - Three-month check-in: Execute and maintain.

    A Guided Implementation is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical Guided Implementation is between 2-12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information, or contact workshops@infotech.com or 1-888-670-8889.

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Activities

    Assess Security Requirements

    Perform a Gap Analysis

    Complete the Gap Analysis

    Develop Roadmap

    Communicate and Implement

    1.1 Understand business and IT strategy and plans

    1.2 Define business and compliance requirements

    1.3 Establish the security program scope

    1.4 Analyze the organization’s risks and stakeholder pressures

    1.5 Identify the organizational risk tolerance level

    2.1 Define the information security target state

    2.2 Assess current security capabilities

    2.3 Identify security gaps

    2.4 Build initiatives to bridge the gaps

    3.1 Continue assessing current security capabilities

    3.2 Identify security gaps

    3.3 Build initiatives to bridge the maturity gaps

    3.4 Identify initiative list and task list

    3.5 Define criteria to be used to prioritize initiatives

    4.1 Conduct cost/benefit analysis on initiatives

    4.2 Prioritize gap initiatives based on cost, time, and alignment with the business

    4.3 Build effort map

    4.4 Determine start times and accountability

    4.5 Finalize security roadmap and action plan

    4.6 Create communication plan

    5.1 Finalize deliverables

    5.2 Support communication efforts

    5.3 Identify resources in support of priority initiatives

    Deliverables

    1.Security obligations statement

    2.Security scope and boundaries statement

    3.Defined risk tolerance level

    4.Risk assessment and pressure analysis

    1.Information security target state

    2.Security current state assessment

    3.Initiatives to address gaps

    1.Completed security current state assessment

    2.Task list to address gaps address gaps

    4.Prioritization criteria

    1.Information security roadmap

    2.Draft communication deck

    1.Security strategy roadmap documentation

    2.Detailed cost and effort estimates

    3.Mapping of Info-Tech resources against individual initiatives

    Executive Brief Case Study

    Credit Service Company

    Industry: Financial Services

    Source: Info-Tech Research group

    Founded over 100 years ago, Credit Service Company (CSC)* operates in the United States with over 40 branches located across four states. The organization services over 50,000 clients.

    Situation

    Increased regulations, changes in technology, and a growing number of public security incidents had caught the attention of the organization’s leadership. Despite awareness, an IT and security strategy had not been previously created. Management was determined to create a direction for the security team that aligned with their core mission of providing exceptional service and expertise.

    Solution

    During the workshop, the IT team and Info-Tech analysts worked together to understand the organization’s ideal state in various areas of information security. Having a concise understanding of requirements was a stepping stone to beginning to develop CSC’s prioritized strategy.

    Results

    Over the course of the week, the team created a document that concisely prioritized upcoming projects and associated costs and benefits. On the final day of the workshop, the team effectively presented the value of the newly developed security strategy to senior management and received buy-in for the upcoming project.

    *Some details have been changed for client privacy.

    Phase 1

    Assess Security Requirements

      Phase 1

    • 1.1 Define goals & scope
    • 1.2 Assess risks
    • 1.3 Determine pressures
    • 1.4 Determine risk tolerance
    • 1.5 Establish target state

      Phase 2

    • 2.1 Review Info-Tech’s security framework
    • 2.2 Assess your current state
    • 2.3 Identify gap closure actions

      Phase 3

    • 3.1 Define tasks & initiatives
    • 3.2 Perform cost/benefit analysis
    • 3.3 Prioritize initiatives
    • 3.4 Build roadmap

      Phase 4

    • 4.1 Build communication deck
    • 4.2 Develop a security charter
    • 4.3 Execute on your roadmap

    This phase will walk you through the following activities:

    1.1 Define goals and scope of the security strategy.

    1.2 Assess your organization’s current inherent security risks.

    1.3 Determine your organization’s stakeholder pressures for security.

    1.4 Determine your organization’s risk tolerance.

    1.5 Establish your security target state.

    1.1.1 Record your business goals

    Once you have identified your primary and secondary business goals, as well as the corresponding security alignment goals, record them in the Information Security Requirements Gathering Tool. The tool provides an activity status that will let you know if any parts of the tool have not been completed.

    1. Record your identified primary and secondary business goals in the Goals Cascade tab of the Information Security Requirements Gathering Tool.

    Use the drop-down lists to select an appropriate goal or choose “Other.” If you do choose “Other,” you will need to manually enter an appropriate business goal.

    2. For each of your business goals, select one to two security alignment goals. The tool will provide you with recommendations, but you can override these by selecting a different goal from the drop-down lists.

    A screenshot of the ‘Business Goals Cascade,’ which is part of the ‘Information Security Requirements Gathering Tool.’

    A common challenge for security leaders is how to express their initiatives in terms that are meaningful to business executives. This exercise helps to make an explicit link between what the business cares about and what security is trying to accomplish.

    1.1.2 Review your goals cascade

    Estimated Time: 15 minutes

    1. When you have completed the goals cascade, you can review a graphic diagram that illustrates your goals. The graphic is found on the Results tab of the Information Security Requirements Gathering Tool.
      • Security must support the primary business objectives. A strong security program will enable the business to compete in new and creative ways, rather than simply acting as an obstacle.
      • Failure to meet business obligations can result in operational problems, impacting the organization’s ability to function and the organization’s bottom line.
    2. Once you have reviewed the diagram, copy it into the Information Security Strategy Communication Deck.

    A screenshot of the ‘Goal Cascade Diagrams,’ which is part of the ‘Information Security Requirements Gathering Tool.’

    Identify your compliance obligations

    Most conventional regulatory obligations are legally mandated legislation or compliance obligations, such as:

    Sarbanes-Oxley Act (SOX)

    Applies to public companies that have registered equity or debt securities within the SEC to guarantee data integrity against financial fraud.

    Payment Card Industry Data Security Standard (PCI DSS)

    Applies to any organization that processes, transmits, or stores credit card information to ensure cardholder data is protected.

    Health Insurance Portability and Accountability Act (HIPAA)

    Applies to the healthcare sector and protects the privacy of individually identifiable healthcare information.

    Health Information Technology for Economic and Clinical Health (HITECH)

    Applies to the healthcare sector and widens the scope of privacy and security protections available under HIPAA.

    Personal Information Protection and Electronic Documents Act (PIPEDA)

    Applies to private sector organizations that collect personal information in Canada to ensure the protection of personal information in the course of commercial business.

    Compliance obligations also extend to voluntary security frameworks:

    NIST

    National Institute of Standards and Technology; a non-regulatory agency that develops and publicizes measurement

    CIS – 20 CSC

    Center for Internet Security – 20 Critical Security Controls; foundational set of effective cybersecurity practices.

    ISO 27001

    An information security management system framework outlining policies and procedures.

    COBIT 5

    An information technology and management and governance framework.

    HITRUST

    A common security framework for organizations that use or hold regulated personal health information.

    1.1.3 Record your compliance obligations

    Estimated Time: 30 minutes

    1. Identify your compliance obligations. Most organizations have compliance obligations that must be adhered to. These can include both mandatory and voluntary obligations. Mandatory obligations include:
      • Laws
      • Government regulations
      • Industry standards
      • Contractual agreements
      Voluntary obligations include standards that the organization has chosen to follow for best practices and any obligations that are required to maintain certifications. Organizations will have many different compliance obligations. For the purposes of your security strategy, include only those that have information security or privacy requirements.
    2. Record your compliance obligations, along with any notes, in your copy of the Information Security Requirements Gathering Tool.

    A screenshot of ‘Security Compliance Obligations,’ part of the ‘Information Security Requirements Gathering Tool.’

    Establish your scope and boundaries

    It is important to know at the outset of the strategy: what are we trying to secure?

    This includes physical areas we are responsible for, types of data we care about, and departments or IT systems we are responsible for.

    This also includes what is not in scope. For some outsourced services or locations, you may not be responsible for their security. In some business departments, you may not have control of security processes. Ensure that it is made explicit at the outset what will be included and what will be excluded from security considerations.

    Physical Scope and Boundaries

    • How many offices and locations does your organization have?
    • Which locations/offices will be covered by your information security management system (ISMS)?
    • How sensitive is the data residing at each location?
    • You may have many physical locations, and it is not necessary to list every one. Rather, list exceptional cases that are specifically in or out of scope.

    IT Systems Scope and Boundaries

    • There may be hundreds of applications that are run and maintained in your organization. Some of these may be legacy applications. Does your ISMS need to secure all your programs or a select few?
    • Is the system owned or outsourced?
    • Where are we accountable for security?
    • How sensitive is the data that each system handles?

    Organizational Scope and Boundaries

    • Will your ISMS cover all departments within your organization? For example, do certain departments (e.g. Operations) not need any security coverage?
    • Do you have the ability to make security decisions for each department?
    • Who are the key stakeholders/data owners for each department?

    Organizational scope considerations

    Many different groups will fall within the purview of the security strategy. Consider these two main points when deciding which departments will be in scope:

    1. If a group/user has access to data or systems that can impact the organization, then securing that group/user should be included within scope of the security strategy.
    2. If your organization provides some work direction to a group/user, they should be included within scope of the security strategy.
    1. Identify your departments and business groups
      • Start by identifying departments that provide some essential input or service to the organization or departments that interact with sensitive data.
    2. Break out different subsidiaries or divisions
      • Subsidiaries may or may not be responsible for securing themselves and protecting their data, but either way they are often heavily reliant on corporate for guidance and share IT resourcing support.
    3. Identify user groups
      • Many user groups exist, all requiring different levels of security. For example, from on-premises to remote access, from full-time employees to part-time or contractors.

    Physical scope considerations

    List physical locations by type

    Offices

    The primary location(s) where business operations are carried out. Usually leased or owned by the business.

    Regional Offices

    These are secondary offices that can be normal business offices or home offices. These locations will have a VPN connection and some sort of tenant.

    Co-Locations

    These are redundant data center sites set up for additional space, equipment, and bandwidth.

    Remote Access

    This includes all remaining instances of employees or contractors using a VPN to connect.

    Clients and Vendors

    Various vendors and clients have dedicated VPN connections that will have some control over infrastructure (whether owed/laaS/other).

    List physical locations by nature of the location

    Core areas within physical scope

    These are many physical locations that are directly managed. These are high-risk locations with many personal and services, resulting in many possible vulnerabilities and attack vectors.

    Locations on the edge of control

    These are on the edge of the physical scope, and thus, in scope of the security strategy. These include remote locations, remote access connections, etc.

    Third-party connections

    Networks of third-party users are within physical scope and need defined security requirements and definitions of how this varies per user.

    BYOD

    Mostly privately owned mobile devices with either on-network or remote access.

    It would be overkill and unhelpful to list every single location or device that is in scope. Rather, list by broad categories as suggested above or simply list exceptional cases that are in/out of scope.

    IT systems scope considerations

    Consider identifying your IT systems by your level of control or ownership.

    Fully owned systems

    These are systems that are wholly owned or managed by your organization.

    IT is almost always the admin of these systems. Generally they are hosted on premises. All securitization through methods such as patching or antivirus is done and managed by your IT department.

    Cloud/remote hosted (SaaS)

    These are systems with a lot of uncertainties because the vendor or service provided is either not known or what they are doing for security is not fully known.

    These systems need to be secured regardless, but supplier and vendor relationship management becomes a major component of how to manage these systems. Often, each system has varying levels of risk based on vendor practices.

    Hybrid owned (IaaS/PaaS)

    You likely have a good understanding of control for these systems, but they may not be fully managed by you (i.e. ownership of the infrastructure). These systems are often hosted by third parties that do some level of admin work.

    A main concern is the unclear definition of responsibility in maintaining these systems. These are managed to some degree by third parties; it is challenging for your security program to perform the full gamut of security or administrative functions.

    Unknown/unowned systems

    There are often systems that are unowned and even unknown and that very few people are using. These apps can be very small and my not fall under your IT management system framework. These systems create huge levels of risk due to limited visibility.

    For example, unapproved (shadow IT) file sharing or cloud storage applications would be unknown and unowned.

    1.1.4 Record your scope and boundaries

    Estimated Time: 30-60 minutes

    1. Divide into groups and give each group member a handful of sticky notes. Ask them to write down as many items as possible for the organization that could fall under one of the scope buckets.
    2. Collect each group’s responses and discuss the sticky notes and the rationale for including them. Discuss your security-related locations, data, people, and technologies, and define their scope and boundaries.
      • Careful attention should be paid to any elements of the strategy that are not in scope.
    3. Discuss and aggregate all responses as to what will be in scope of the security strategy and what will not be. Record these in the Information Security Requirements Gathering Tool.

    A screenshot of ‘Scope and Boundaries,’ part of the ‘Information Security Requirements Gathering Tool.’

    1.2 Conduct a risk assessment

    Estimated Time: 1-3 hours

    1. As a group, review the questions on the Risk Assessment tab of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following risk elements:
      • Threats
      • Assets
      • Vulnerabilities (people, systems, supply chain)
      • Historical security incidents

    Input

    • List of organizational assets
    • Historical data on information security incidents

    Output

    • Completed risk assessment

    Materials

    • Information Security Pressure Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Risk Management

    Download the Information Security Pressure Analysis Tool

    1.2.1 Complete the risk assessment questionnaire

    Estimated Time: 60-90 minutes

    1. Review each question in the questionnaire and provide the most appropriate response using the drop-down list.
      • If you are unsure of the answer, consult with subject matter experts to obtain the required data.
      • Otherwise, provide your best estimation
    2. When providing responses for the historical incident questions, only count incidents that had a sizeable impact on the business.

    A screenshot of the ‘Organizational Security Risk Assessment,’ part of the ‘Information Security Pressure Analysis Tool.’

    Info-Tech Insight

    Understanding your organization’s security risks is critical to identifying the most appropriate level of investment into your security program. Organizations with more security risks will need more a mature security program to mitigate those risks.

    1.2.2 Review the results of the risk assessment

    Estimated Time: 30 minutes

    1. Once you have completed the risk assessment, you can review the output on the Results tab.
    2. If required, the weightings of each of the risk elements can be customized on the Weightings tab.
    3. Once you have reviewed the results, copy your risk assessment diagram into the Information Security Strategy Communication Deck.

    A screenshot showing sample results of the ‘Organizational Risk Assessment,’ part of the ‘Information Security Pressure Analysis Tool.’

    It is important to remember that the assessment measures inherent risk, meaning the risk that exists prior to the implementation of security controls. Your security controls will be assessed later as part of the gap analysis.

    1.3 Conduct pressure analysis

    Estimated Time: 1-2 hours

    1. As a group, review the questions on the Pressure Analysis tab of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following pressure elements:
      • Compliance and oversight
      • Customer expectations
      • Business expectations
      • IT expectations

    Input

    • Information on various pressure elements within the organization

    Output

    • Completed pressure analysis

    Materials

    • Information Security Pressure Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Business Leaders
    • Compliance

    Download the Information Security Pressure Analysis Tool

    Risk tolerance considerations

    At this point, we want to frame risk tolerance in terms of business impact. Meaning, what kinds of impacts to the business would we be able to tolerate and how often? This will empower future risk decisions by allowing the impact of a potential event to be assessed, then compared against the formalized tolerance. We will consider impact from three perspectives:

    F

    Functional Impact

    The disruption or degradation of business/organizational processes.

    I

    Informational Impact

    The breach of confidentiality, privacy, or integrity of data/information.

    R

    Recoverability Impact

    The disruption or degradation of the ability to return to conditions prior to a security incident.

    Consider these questions:

    Questions to ask

    Description

    Is there a hard-dollar impact from downtime?

    This refers to when revenue or profits are directly impacted by a business disruption. For example, when an online ordering system is compromised and shut down, it affects sales, and therefore, revenue.

    Is regulatory compliance a factor?

    Depending on the circumstances of the vulnerabilities, it can be a violation of compliance obligations that would cause significant fines.

    Are any critical services dependent on this asset?

    Functional dependencies are sometimes not obvious, and assets that appear marginal can have huge impacts on critical services.

    Is there a health or safety risk?

    Some operations are critical to health and safety. For example, medical organizations have operations that are necessary to ensure uninterrupted critical health services. An exploited vulnerability that impacts these operations can have life and death consequences.

    ANALYST PERSPECTIVE

    It is crucial to keep in mind that you care about a risk scenario impact to the main business processes.

    For example, imagine a complete functional loss of the corporate printers. For most businesses, even the most catastrophic loss of printer function will have a small impact on their ability to carry out the main business functions.

    On the flip side, even a small interruption to email or servers could have a large functional impact on business processes.

    Risk tolerance descriptions

    High

    • Organizations with high risk tolerances are often found in industries with limited security risk, such as Construction, Agriculture and Fishing, or Mining.
    • A high risk tolerance may be appropriate for organizations that do not rely on highly sensitive data, have limited compliance obligations, and where their customers do not demand strong security controls. Organizations that are highly focused on innovation and rapid growth may also tend towards a higher risk tolerance.
    • However, many organizations adopt a high risk tolerance by default simply because they have not adequately assessed their risks.

    Moderate

    • Organizations with medium risk tolerances are often found in industries with moderate levels of security risk, such as Local Government, Education, or Retail and Wholesale
    • A medium risk tolerance may be appropriate for organizations that store and process some sensitive data, have a modest number of compliance obligations, and where customer expectations for security tend to be implicit rather than explicit.

    Low

    • Organizations with low risk tolerances are often found in industries with elevated security risk, such as Financial Services, Federal Governments, or Defense Contractors.
    • A low risk tolerance may be appropriate for organizations that store very sensitive data, process high-value financial transactions, are highly regulated, and where customers demand strong security controls.
    • Some organizations claim to have a low risk tolerance, but in practice will often allow business units or IT to accept more security risk than would otherwise be permissible. A strong information security program will be required to manage risks to an acceptable level.

    1.4.1 Complete the risk tolerance questionnaire

    Estimated Time: 30-60 minutes

    1. In a group discussion, review the low-, medium-, and high-impact scenarios and examples for each impact category. Ensure that everyone has a consistent understanding of the scenarios.
    2. For each impact type, use the frequency drop-down list to identify the maximum frequency that the organization could tolerate for the event scenarios, considering:
      • The current frequency with which the scenarios are occurring in your organization may be a good indication of your tolerance. However, keep in mind that you may be able to tolerate these incidents happening more frequently than they do.
      • Hoping is not the same as tolerating. While everyone hopes that high-impact incidents never occur, carefully consider whether you could tolerate them occurring more frequently.

    A screenshot showing the ‘Organizational Security Risk Tolerance Assessment,’ part of the ‘Information Security Pressure Analysis Tool.’

    1.4.2 Review the results of the risk tolerance analysis

    Estimated Time: 30 minutes

    1. Once you have completed the risk tolerance exercise, you can review the output on the Results tab.
    2. If required, the weightings of each of the impact types can be customized on the Weightings tab.
    3. Once you have reviewed the results, copy your risk tolerance diagram into the Information Security Strategy Communication Deck.

    A screenshot showing the results of the 'Information Security Risk Tolerance Assessment,' part of the ‘Information Security Pressure Analysis Tool.’

    A low risk tolerance will require a stronger information security program to ensure that operational security risk in the organization is minimized. If this tool reports that your risk tolerance is low, it is recommended that you review the results with your senior stakeholders to ensure agreement and support for the security program.

    1.5 Establish your target state

    Estimated Time: 30-60 minutes

    1. As a group, review the overall results of the requirements gathering exercise:
      • Business goals cascade
      • Compliance obligations
      • Scope
    2. Review the overall results of the risk assessment, pressure analysis, and risk tolerance exercises.
    3. Conduct a group discussion to arrive at a consensus of what the ideal target state for the information security program should look like.
      • Developing mission and vision statements for security may be useful for focusing the group.
      • This discussion should also consider the desired time frame for achieving the target state.

    Download the Information Security Pressure Analysis Tool

    Input

    • Information security requirements (goals cascade, compliance obligations, scope)
    • Risk assessment
    • Pressure analysis
    • Risk tolerance

    Output

    • Completed information security target state

    Materials

    Participants

    • Security Team
    • IT Leadership
    • Risk Management
    • Business Leaders
    • Compliance

    Understanding security target states

    Maturity models are very effective for determining information security target states. This table provides general descriptions for each maturity level. As a group, consider which description most accurately reflects the ideal target state for information security in your organization.

    1. AD HOC

      Initial/Ad hoc security programs are reactive. Lacking strategic vision, these programs are less effective and less responsive to the needs of the business.
    2. DEVELOPING

      Developing security programs can be effective at what they do but are not holistic. Governance is largely absent. These programs tend to rely on the talents of individuals rather than a cohesive plan.
    3. DEFINED

      A defined security program is holistic, documented, and proactive. At least some governance is in place, however, metrics are often rudimentary and operational in nature. These programs still often rely on best practices rather than strong risk management.
    4. MANAGED

      Managed security programs have robust governance and metrics processes. Management and board-level metrics for the overall program are produced. These are reviewed by business leaders and drive security decisions. More mature risk management practices take the place of best practices.
    5. OPTIMIZED

      An optimized security program is based on strong risk management practices, including the production of key risk indicators (KRIs). Individual security services are optimized using key performance indicators (KPIs) that continually measure service effectiveness and efficiency.

    1.5.1 Review the results of the target state recommendation

    Estimated Time: 30-60 minutes

    1. Based upon your risk assessment, pressure analysis, and risk tolerance, the Information Security Pressure Analysis Tool will provide a recommended information security target state.
    2. With your group, review the recommendation against your expectations.
    3. If required, the weightings of each of the factors can be customized on the Weightings tab.
    4. Once you have reviewed the results, copy your target state diagram into the Information Security Strategy Communication Deck.

    A screenshot showing the results of the ‘Information Security Target State,’ part of the ‘Information Security Pressure Analysis Tool.’

    Info-Tech Insight

    Higher target states require more investment to attain. It is critical to ensure that all key stakeholders agree on the security target state. If you set a target state that aims too high, you may struggle to gain support and funding for the strategy. Taking this opportunity to ensure alignment from the start will pay off dividends in future.

    1.5.2 Review and adjust risk and pressure weightings

    Estimated Time: 30 minutes

    1. If the results of your risk assessment, pressure analysis, risk tolerance, or target state do not match your expectations, you may need to review and adjust the weightings for the elements within one or more of these areas.
    2. On the Weightings tab, review each of the strategic categories and adjust the weights as required.
      • Each domain is weighted to contribute to your overall pressure score based on the perceived importance of the domain to the organization.
      • The sum of all weights for each category must add up to 100%.

    A screenshot showing the results of the weightings given to each factor in a category, part of the ‘Information Security Pressure Analysis Tool.’

    Case Study

    Credit Service Company

    Industry: Financial Services

    Source: Info-Tech Research group

    Below are some of the primary requirements that influenced CSC’s initial strategy development.

    External Pressure

    Pressure Level: High

    • Highly regulated industries, such as Finance, experience high external pressure.
    • Security pressure was anticipated to increase over the following three years due to an increase in customer requirement.

    Obligations

    Regulatory: Numerous regulations and compliance requirements as a financial institution (PCI, FFIEC guidance).

    Customer: Implicitly assumes personal, financial, and health information will be kept secure.

    Risk Tolerance

    Tolerance Level: Low

    1. Management: Are risk averse and have high visibility into information security.
    2. Multiple locations controlled by a central IT department decreased the organization’s risk tolerance.

    Summary of Security Requirements

    Define and implement dynamic information security program that understands and addresses the business’ inherent pressure, requirements (business, regulatory, and customer), and risk tolerance.

    Phase 2

    Build a Gap Initiative Strategy

      Phase 1

    • 1.1 Define goals & scope
    • 1.2 Assess risks
    • 1.3 Determine pressures
    • 1.4 Determine risk tolerance
    • 1.5 Establish target state

      Phase 2

    • 2.1 Review Info-Tech’s security framework
    • 2.2 Assess your current state
    • 2.3 Identify gap closure actions

      Phase 3

    • 3.1 Define tasks & initiatives
    • 3.2 Perform cost/benefit analysis
    • 3.3 Prioritize initiatives
    • 3.4 Build roadmap

      Phase 4

    • 4.1 Build communication deck
    • 4.2 Develop a security charter
    • 4.3 Execute on your roadmap

      This phase will walk you through the following activities:

    • 2.1 Review Info-Tech’s framework.
    • 2.2 Assess your current state of security against your target state.
    • 2.3 Identify actions required to close gaps.

    2.1 Review the Info-Tech framework

    Estimated Time: 30-60 minutes

    1. As a group, have the security team review the security framework within the Information Security Gap Analysis Tool.
    2. Customize the tool as required using the instructions on the following slides.

    Input

    • Information security requirements
    • Security target state

    Output

    • Customized security framework

    Materials

    • Information Security Gap Analysis Tool

    Participants

    • Security Team

    Download the Information Security Gap Analysis Tool

    Understand the Info-Tech framework

    Info-Tech’s security framework uses a best-of-breed approach to leverage and align with most major security standards, including:

    • ISO 27001/27002
    • COBIT
    • Center for Internet Security (CIS) Critical Controls
    • NIST Cybersecurity Framework
    • NIST SP 800-53
    • NIST SP 800-171

    A diagram depicting Info-Tech’s best-of-breed security framework.

    A best-of-breed approach ensures holistic coverage of your information security program while refraining from locking you in to a specific compliance standard.

    2.1.1 Configure the Information Security Gap Analysis Tool

    Estimated Time: 30 minutes

    Review the Setup tab of the Information Security Gap Analysis Tool. This tab contains several configurable settings that should be customized to your organization. For now, the three settings you will need to modify are:

    • The security target state. Enter the target state from your Information Security Pressure Analysis Tool. If you do not enter a target state, the tool will default to a target of 3 (Defined).
    • Your Security Alignment Goals (from your Information Security Requirements Gathering Tool).
    • The starting year for your security roadmap.

    A screenshot showing the ‘Setup’ tab of the ‘Information Security Gap Analysis Tool.’

    2.2 Assess current state of security

    Estimated Time: 8-16 hours

    1. Using the Information Security Gap Analysis Tool, review each of the controls in the Gap Analysis tab.
    2. Follow the instructions on the next slides to complete your current state and target state assessment.
    3. For most organizations, multiple internal subject matter experts will need to be consulted to complete the assessment.

    Input

    • Security target state
    • Information on current state of security controls, including sources such as audit findings, vulnerability and penetration test results, and risk registers

    Output

    • Gap analysis

    Materials

    • Information Security Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management

    Download the Information Security Gap Analysis Tool

    Example maturity levels

    To help determine appropriate current and target maturity levels, refer to the example below for the control “Email communication is filtered for spam and potential malicious communications.”

    AD HOC 01

    There is no centrally managed spam filter. Spam may be filtered by endpoint email clients.

    DEVELOPING 02

    There is a secure email gateway. However, the processes for managing it are not documented. Administrator roles are not well defined. Minimal fine-tuning is performed, and only basic features are in use.

    DEFINED 03

    There is a policy and documented process for email security. Roles are assigned and administrators have adequate technical training. Most of the features of the solution are being used. Rudimentary reports are generated, and some fine-tuning is performed.

    MANAGED 04

    Metrics are produced to measure the effectiveness of the email security service. Advanced technical features of the solution have been implemented and are regularly fine-tuned based on the metrics.

    OPTIMIZED 05

    There is a dedicated email security administrator with advanced technical training. Custom filters are developed to further enhance security, based on relevant cyber threat intelligence. Email security metrics feed key risk indicators that are reported to senior management.

    2.2.1 Conduct current state assessment

    Estimated Time: 8-16 hours

    1. Carefully review each of the controls in the Gap Analysis tab. For each control, indicate the current maturity level using the drop-down list.
      • You should only use “N/A” if you are confident that the control is not required in your organization.
      • For example, if your organization does not perform any software development then you can select “N/A” for any controls related to secure coding practices.
    2. Provide comments to describe your current state. This step is optional but recommended as it may be important to record this information for future reference.
    3. Select the target maturity for the control. The tool will default to the target state for your security program, but this can be overridden using the drop-down list.

    2.2.1 Conduct current state assessment

    Estimated Time: 8-16 hours

    1. Carefully review each of the controls in the Gap Analysis tab. For each control, indicate the current maturity level using the drop-down list.
      • You should only use “N/A” if you are confident that the control is not required in your organization. For example, if your organization does not perform any software development then you can select “N/A” for any controls related to secure coding practices.
    2. Provide comments to describe your current state. This step is optional but recommended as it may be important to record this information for future reference.
    3. Select the target maturity for the control. The tool will default to the target state for your security program, but this can be overridden using the drop-down list.

    A screenshot showing the 'Gap Analysis' tab of the 'Information Security Gap Analysis Tool.'

    Review the Gap Analysis Dashboard

    Use the Gap Assessment Dashboard to map your progress. As you fill out the Gap Analysis Tool, check with the Dashboard to see the difference between your current and target state.

    Use the color-coded legend to see how large the gap between your current and target state is. The legend can be customized further if desired.

    Security domains that appear white have not yet been assessed or are rated as “N/A.”

    2.2.3 Identify actions required to close gaps

    Estimated Time: 4-8 hours

    1. Using the Information Security Gap Analysis Tool, review each of the controls in the Gap Analysis tab.
    2. Follow the instructions on the next slides to identify gap closure actions for each control that requires improvement.
    3. For most organizations, multiple internal subject matter experts will need to be consulted to complete the assessment.

    Input

    • Security control gap information

    Output

    • Gap closure action list

    Materials

    • Information Security Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management

    Download the Information Security Gap Analysis Tool

    2.3.1 Identify gap closure actions

    Estimated Time: 4-8 hours

    1. For each of the controls where there is a gap between the current and target state, a gap closure action should be identified:
      • Review the example actions and copy one or more of them if appropriate. Otherwise, enter your own gap closure action.
    2. Identify whether the action should be managed as a task or as an initiative. Most actions should be categorized as an initiative. However, it may be more appropriate to categorize them as a task when:
      1. They have no costs associated with them
      2. They require a low amount of initial effort to implement and no ongoing effort to maintain
      3. They can be accomplished independently of other tasks

    A screenshot showing gap closure actions, part of the 'Gap Analysis' tab of the 'Information Security Gap Analysis Tool.'

    Considerations for gap closure actions

    • In small groups, have participants ask, “what would we have to do to achieve the target state?” Document these in the Gap Closure Actions column.
    • The example gap closure actions may be appropriate for your organization, but do not simply copy them without considering whether they are right for you.
    • Not all gaps will require their own action. You can enter one action that may address multiple gaps.
    • If you find that many of your actions are along the lines of “investigate and make recommendations,” you should consider using the estimated gap closure percentage column to track the fact that these gaps will not be fully closed by the actions.

    A screenshot showing considerations for gap closure actions, part of the 'Gap Analysis' tab of the 'Information Security Gap Analysis Tool.'

    2.3.2 Define gap closure action effectiveness

    Estimated Time: 1-2 hours

    For each of the gap closure actions, optionally enter an estimated gap closure percentage to indicate how effective the action will be in fully closing the gap.

    • For instance, an action to “investigate solutions and make recommendations” will not fully close the gap.
    • This is an optional step but will be helpful to understand how much progress towards your security target state you will make based on your roadmap.
    • If you do not fill in this column, the tool will assume that your actions will fully close all gaps.

    A screenshot showing considerations for estimated gap closure percentage, part of the 'Gap Analysis' tab of the 'Information Security Gap Analysis Tool.'

    Completing this step will populate the “Security Roadmap Progression” diagram in the Results tab, which will provide a graphic illustration of how close to your target state you will get based upon the roadmap.

    Phase 3

    Prioritize Initiatives and Build Roadmap

    Phase 1

    • 1.1 Define goals & scope
    • 1.2 Assess risks
    • 1.3 Determine pressures
    • 1.4 Determine risk tolerance
    • 1.5 Establish target state

    Phase 2

    • 2.1 Review Info-Tech’s security framework
    • 2.2 Assess your current state
    • 2.3 Identify gap closure actions

    Phase 3

    • 3.1 Define tasks & initiatives
    • 3.2 Perform cost/benefit analysis
    • 3.3 Prioritize initiatives
    • 3.4 Build roadmap

    Phase 4

    • 4.1 Build communication deck
    • 4.2 Develop a security charter
    • 4.3 Execute on your roadmap

    This phase will walk you through the following activities:

    • 3.1 Define tasks and initiatives.
    • 3.2 Define cost, effort, alignment, and security benefit of each initiative.
    • 3.3 Prioritize initiatives.
    • 3.4 Build the prioritized security roadmap

    3.1 Define tasks and initiatives

    Estimated Time: 2-4 hours

    1. As a group, review the gap actions identified in the Gap Analysis tab.
    2. Using the instructions on the following slides, finalize your task list.
    3. Using the instructions on the following slides, review and consolidate your initiative list.

    Input

    • Gap analysis

    Output

    • List of tasks and initiatives

    Materials

    • Information Security Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Information Security Gap Analysis Tool

    3.1.1 Finalize your task list

    Estimated Time: 1-2 hours

    1. Obtain a list of all your task actions by filtering on the Action Type column in the Gap Analysis tab.
    2. Paste the list into the table on the Task List tab.
      • Use Paste Values to retain the table formatting
    3. Enter a task owner and due date for each task. Without accountability, it is too easy to fall into complacency and neglect these tasks.

    A screenshot showing the 'Task List' tab of the 'Information Security Gap Analysis Tool.'

    Info-Tech Insight

    Tasks are not meant to be managed to the same degree that initiatives will be. However, they are still important. It is recommended that you develop a process for tracking these tasks to completion.

    3.1.2 Consolidate your gap closure actions into initiatives

    Estimated Time: 2-3 hours

    1. Once you have finalized your task list, you will need to consolidate your list of initiative actions. Obtain a list of all your initiative actions by filtering on the Action Type column in the Gap Analysis tab.
    2. Create initiatives on the Initiative List tab. While creating initiatives, consider the following:
      • As much as possible, it is recommended that you consolidate multiple actions into a single initiative. Reducing the total number of initiatives will allow for more efficient management of the overall roadmap.
      • Start by identifying areas of commonality between gap closure actions, for instance:
        • Group all actions within a security domain into a single initiative.
        • Group together similar actions, such as all actions that require updating policies.
        • Consider combining actions that have inter-dependencies.
      • While it is recommended that you consolidate actions as much as possible, some actions should become initiatives on their own. This will be appropriate when:
        • The action is time sensitive and consolidating it with other actions will cause scheduling issues.
        • Actions that could otherwise be consolidated have different business sponsors or owners and need to be kept separate for funding or accountability reasons.
    3. Link the initiative actions on the Gap Analysis tab using the drop-down list in the Initiative Name column.

    Initiative consolidation example

    In the example below, we see three gap closure actions within the Security Culture and Awareness domain being consolidated into a single initiative “Develop security awareness program.”

    We can also see one gap closure action within the same domain being grouped with two actions from the Security Policies domain into another initiative “Update security policies.”

    Info-Tech Insight

    As you go through this exercise, you may find that some actions that you previously categorized as tasks could be consolidated into an initiative.

    A screenshot showing how six sample gap closure actions can be distilled into two gap closure initiatives. Part of the 'Information Security Gap Analysis Tool.'

    3.1.3 Finalize your initiative list

    Estimated Time: 30 minutes

    1. Review your final list of initiatives and make any required updates.
    2. Optionally, add a description or paste in a list of the individual gap closure actions that are associated with the initiative. This will make it easier to perform the cost and benefit analysis.
    3. Use the drop-down list to indicate which of the security alignment goals most appropriately reflects the objectives of the initiative. If you are unsure, use the legend next to the table to find the primary security domain associated with the initiative and then select the recommended security alignment goal.
      • This step is important to understand how the initiative supports the business goals identified earlier.

     A screenshot showing the primary security alignment goal, part of the 'Initiative List' tab of the 'Information Security Gap Analysis Tool.'

    3.2 Conduct cost/ benefit analysis

    Estimated Time: 1-2 hours

    1. As a group, define the criteria to be used to conduct the cost/benefit analysis, following the instructions on the next slide.
    2. Assign costing and benefits information for each initiative.
    3. Define dependencies or business impacts if they will help with prioritization.

    Input

    • Gap analysis
    • Initiative list

    Output

    • Completed cost/benefit analysis for initiative list

    Materials

    • Information Security Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Information Security Gap Analysis Tool

    3.2.1 Define costing criteria

    Estimated Time: 30 minutes

    1. On the Setup tab of the Information Security Gap Analysis Tool, enter high, medium, and low ranges for initial and ongoing costs and efforts.
      1. Initial costs are one-time, upfront capital investments (e.g. hardware and software costs, project-based consulting fees, training).
      2. Ongoing cost is any annually recurring operating expenses that are new budgetary costs (e.g. licensing, maintenance, subscription fees).
      3. Initial staffing in hours is total time in person hours required to complete a project. It is not total elapsed time but dedicated time. Consider time required to gather requirements and to design, test, and implement the solution.
      4. Ongoing staffing in FTEs is the ongoing average effort required to support that initiative after implementation.
    2. In addition to ranges, provide an average for each. These will be used to calculate estimated total costs for the roadmap.

    A screenshot showing the initiative costs for estimation, part of the 'Setup' tab of the 'Information Security Gap Analysis Tool.' The range of costs is labeled with an arrow with number 1 on it, and the average cost per initiative is labeled with an arrow with number 2 on it.

    Make sure that your ranges allow for differentiation between initiatives to enable prioritization. For instance, if you set your ranges too low, all your initiatives will be assessed as high cost, providing no help when you must prioritize them.

    3.2.2 Define benefits criteria

    Estimated Time: 30 minutes

    1. On the Setup tab of the Information Security Gap Analysis Tool, enter high, medium, and low values for the Alignment with Business Benefit.
      • This variable is meant to capture how well each initiative aligns with organizational goals and objectives.
      • By default, this benefit is linked directly to business goals through the primary and secondary security alignment goals. This allows the tool to automatically calculate the benefit based on the security alignment goals associated with each initiative.
      • If you change these values, you may need to override the calculated values in the prioritization tab.
    2. Enter a high, medium, and low value for the Security Benefit.
      • This variable is meant to capture the relative security benefit or risk reduction being provided by the gap initiative.
      • By default, this benefit is linked to security risk reduction.

    A screenshot showing the initiative benefits for estimation, part of the 'Setup' tab of the 'Information Security Gap Analysis Tool.'

    Some organizations prefer to use the “Security Benefit” criteria to demonstrate how well each initiative supports specific compliance goals.

    3.2.3 Complete the cost/benefit analysis

    Estimated Time: 1-2 hours

    1. On the Prioritization tab, use the drop-down lists to enter the estimated costs and efforts for each initiative, using the criteria defined earlier.
      • If you have actual costs available, you can optionally enter them under the Detailed Cost Estimates columns.
    2. Enter the estimated benefits, also using the criteria defined earlier.
      • The Alignment with Business benefit will be automatically populated, but you can override this value using the drop-down list if desired.

    A screenshot showing the estimated cost, estimated effort, and estimated benefits section, part of the 'Prioritization' tab of the 'Information Security Gap Analysis Tool.' Estimated cost and estimated effort are labeled with an arrow with number 1 on it, and estimated benefits is labeled with an arrow with a number 2 on it.

    3.2.4 Optionally enter detailed cost estimates

    Estimated Time: 30 minutes

    1. For each initiative, the tool will automatically populate the Detailed Cost Estimates and Detailed Staffing Estimates columns using the averages that you provided in steps 3.2.1 and 3.2.2. However, if you have more detailed data about the costs and effort requirements for an initiative, you can override the calculated data by manually entering it into these columns. For example:
      • You are planning to subscribe to a security awareness vendor, and you have a quote from them specifying that the initial cost will be $75,000.
      • You have defined your “Medium” cost range as being “$10-100K”, so you select medium as your initial cost for this initiative in step 3.2.3. As you defined the average for medium costs as being $50,000, this is what the tool will put into the detailed cost estimate.
      • You can override this average by entering $75,000 as the initial cost in the detailed cost estimate column.

    A screenshot showing the detailed cost estimates and detailed staffing estimates columns, part of the 'Prioritization' tab of the 'Information Security Gap Analysis Tool.' These columns are labeled with an arrow with a number 1 on it.

    Case Study

    Credit Service Company

    Industry: Financial Services

    Source: Info-Tech Research Group

    A chart titled 'Framework Components,' displaying how the Credit Service Company profiled in the case study performed a current state assessment, created gap initiatives, and prioritized gap initiatives.

    3.3 Prioritize initiatives

    Estimated Time: 2-3 hours

    1. As a group, review the results of the cost/benefit analysis. Optionally, complete the Other Considerations columns in the Prioritization tab:
      • Dependencies can refer to other initiatives on the list or any other dependency that relates to activities or projects within the organization.
      • Business impacts can be helpful to document as they may require additional planning and communication that could impact initiative timelines.
    2. Follow step 3.3.1 to create an effort map with the results of the cost/benefit analysis.
    3. Follow step 3.3.2 to assign initiatives into execution waves.

    Input

    • Gap analysis
    • Initiative list
    • Cost/benefit analysis

    Output

    • Prioritized list of initiatives

    Materials

    • Information Security Gap Analysis Tool
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Download the Information Security Gap Analysis Tool

    3.3.1 Create effort map

    Estimated Time: 30 minutes

    1. On a whiteboard, draw the quadrant diagram shown.
    2. Create sticky notes for each initiative on your initiative list.
    3. For each initiative, use the “Cost/Effort Rating” and the “Benefit Rating” calculated on the Prioritization tab to place the corresponding sticky note onto the diagram.

    An effort map is a tool used for the visualization of a cost/benefit analysis. It is a quadrant output that visually shows how your gap initiatives were prioritized. In this example, the initiative “Update Security Policies” was assessed as low cost/effort (3) and high benefit (10).

    An image showing how 'update security policies,' as ranked on a cost/effort and benefit quadrant, translates to a cost/effort and benefit rating on the 'Prioritization' tab of the 'Information Security Gap Analysis Tool.'

    3.3.2 Assign initiatives to execution waves

    Estimated Time: 60 minutes

    1. Using sticky flip chart sheets, create four sheets and label them according to the four execution waves:
      • MUST DO – These are initiatives that need to get moving right away. They may be quick wins, items with critical importance, or foundational projects upon which many other initiatives depend.
      • SHOULD DO – These are important initiatives that need to get done but cannot launch immediately due to budget constraints, dependencies, or business impacts that require preparation.
      • COULD DO – Initiatives that have merit but are not a priority.
      • WON’T DO – Initiatives where the costs outweigh the benefits.
    2. Using the further instructions on the following slides, move the initiative sticky notes from your effort map into the waves.

    Considerations for prioritization

    • Starting from the top right of the effort map, begin pulling stickies off and putting them in the appropriate roadmap category.
    • Keep dependencies in mind. If an important initiative depends on a low-priority one being completed first, then pull dependent initiatives up the list.
    • It may be helpful to think of each wave as representing a specific time frame (e.g. wave 1 = first year of your roadmap, wave 2 = year two, wave 3 = year three).

    Info-Tech Insight

    Use an iterative approach. Most organizations tend to put too many initiatives into wave 1. Be realistic about what you can accomplish and take several passes at the exercise to achieve a balance.

    An image showing how to map the sticky notes from a sample exercise, as placed on a cost/effort and benefit quadrant, into waves.

    3.3.3 Finalize prioritization

    Estimated Time: 30 minutes

    1. Once you have completed placing your initiative sticky notes into the waves, update the Prioritization tab with the Roadmap Wave column.
    2. Optionally, use the Roadmap Sub-Wave column to prioritize initiatives within a single wave.
      • This will allow you more granular control over the final prioritization, especially where dependencies require extra granularity.

    Any initiatives that are currently in progress should be assigned to Wave 0.

    An image showing the roadmap wave and roadmap sub-wave sections, part of the 'Prioritization' tab of the 'Information Security Gap Analysis Tool.' Roadmap wave is labeled with an arrow with a number 1 on it, and roadmap sub-wave is labeled with an arrow with a number 2 on it.

    3.4 Build roadmap

    Estimated Time: 1-3 hours

    1. As a group, follow step 3.4.1 to create your roadmap by scheduling initiatives into the Gantt chart within the Information Security Gap Analysis Tool.
    2. Review the roadmap for resourcing conflicts and adjust as required.
    3. Review the final cost and effort estimates for the roadmap.

    Input

    • Gap analysis
    • Cost/benefit analysis
    • Prioritized initiative list
    • (Optional) List of other non-security IT and business projects

    Output

    • Security strategic roadmap

    Materials

    • Information Security Gap Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Download the Information Security Gap Analysis Tool

    3.4.1 Schedule initiatives using the Gantt chart

    Estimated Time: 1-2 Hours

    1. On the Gantt Chart tab for each initiative, enter an owner (the individual who will be primarily responsible for execution).
    2. Additionally, enter a start month and year for the initiative and the expected duration in months.
      • You can filter the Wave column to only see specific waves at any one time to assist with the scheduling.
      • You do not need to schedule Wave 4 initiatives as the expectation is that these initiatives will not be done.

    Info-Tech Insight

    Use the Owner column to help identify resourcing constraints. If a single individual is responsible for many different initiatives that are planned to start at the same time, consider staggering those initiatives.

    An image showing the owner and planned start sections, part of the 'Security Roadmap Gantt Chart' tab of the 'Information Security Gap Analysis Tool.' The owner column is labeled with an arrow with a 1 on it, and the planned start column is labeled with an arrow with a 2 on it.

    3.4.2 Review your roadmap

    Estimated Time: 30-60 minutes

    1. When you have completed the Gantt chart, as a group review the overall roadmap to ensure that it is reasonable for your organization. Consider the following:
      • Do you have other IT or business projects planned during this time frame that may impact your resourcing or scheduling?
      • Does your organization have regular change freezes throughout the year that will impact the schedule?
      • Do you have over-subscribed resources? You can filter the list on the Owner column to identify potential over-subscription of resources.
      • Have you considered any long vacations, sabbaticals, parental leaves, or other planned longer-term absences?
      • Are your initiatives adequately aligned to your budget cycle? For instance, if you have an initiative that is expected to make recommendations for capital expenditure, it must be completed prior to budget planning.

    A screenshot image showing parts of the 'Security Roadmap Gantt Chart' tab with sample data in it. Taken from the 'Information Security Gap Analysis Tool.'

    3.4.3 Review your expected roadmap progression

    Estimated Time: 30 minutes

    1. If you complete the optional exercise of filling in the Estimated Gap Closure Percentage column on the Gap Analysis tab, the tool will generate a diagram showing how close to your target state you can expect to get based on the tasks and initiatives in your roadmap. You can review this diagram on the Results tab.
      • Remember that this Expected Maturity at End of Roadmap score assumes that you will complete all tasks and initiatives (including all Wave 4 initiatives).
    2. Copy the diagram into the Information Security Strategy Communication Deck.

    Info-Tech Insight

    Often, internal stakeholders will ask the question “If we do everything on this roadmap, will we be at our target state?” This diagram will help answer that question.

    A screenshot image showing the 'Expected Security Roadmap Progression' with sample data in it. Part of the 'Results' tab of the 'Information Security Gap Analysis Tool.'

    3.4.4 Review your cost/effort estimates table

    Estimated Time: 30 minutes

    1. Once you have completed your roadmap, review the total cost/effort estimates. This can be found in a table on the Results tab. This table will provide initial and ongoing costs and staffing requirements for each wave. This also includes the total three-year investment. In your review consider:
      • Is this investment realistic? Will completion of your roadmap require adding more staff or funding than you otherwise expected?
      • If the investment seems unrealistic, you may need to revisit some of your assumptions, potentially reducing target levels or increasing the amount of time to complete the strategy.
      • This table provides you with the information to have important conversations with management and stakeholders
    2. When you have completed your review, copy the table into the Information Security Strategy Communication Deck.

    A screenshot image showing the 'Information Security Roadmap Cost/Effort Estimates,' part of the 'Results' tab of the 'Information Security Gap Analysis Tool.'

    Phase 4

    Execute and Maintain

    Phase 1

    • 1.1 Define goals & scope
    • 1.2 Assess risks
    • 1.3 Determine pressures
    • 1.4 Determine risk tolerance
    • 1.5 Establish target state

    Phase 2

    • 2.1 Review Info-Tech’s security framework
    • 2.2 Assess your current state
    • 2.3 Identify gap closure actions

    Phase 3

    • 3.1 Define tasks & initiatives
    • 3.2 Perform cost/benefit analysis
    • 3.3 Prioritize initiatives
    • 3.4 Build roadmap

    Phase 4

    • 4.1 Build communication deck
    • 4.2 Develop a security charter
    • 4.3 Execute on your roadmap

    This phase will walk you through the following activities:

    • 4.1 Build your security strategy communication deck.
    • 4.2 Develop a security charter.
    • 4.3 Execute on your roadmap.

    4.1 Build your communication deck

    Estimated Time: 1-3 hours

    1. As a group, review the Information Security Strategy Communication Deck.
    2. Follow the instructions within the template and on the next few slides to customize the template with the results of your strategic roadmap planning.

    Input

    • Completed Security Requirements Gathering Tool
    • Completed Security Pressure Analysis Tool
    • Completed Security Gap Analysis Tool

    Output

    • Information Security Strategy Communication Deck

    Materials

    • Information Security Strategy Communication Deck

    Participants

    • Security Team
    • IT Leadership

    Download the Information Security Gap Analysis Tool

    4.1.1 Customize the Communication Deck

    Estimated Time: 1-2 hours

    1. When reviewing the Information Security Strategy Communication Deck, you will find slides that contain instructions within green text boxes. Follow the instructions within the boxes, then delete the boxes.
      • Most slides only require that you copy and paste screenshots or tables from your tools into the slides.
      • However, some slides require that you customize or add text explanations that need to reflect your unique organization.
      • It is recommended that you pay attention to the Next Steps slide at the end of the deck. This will likely have a large impact on your audience.
    2. Once you have customized the existing slides, you may wish to add additional slides. For instance, you may wish to add more context to the risk assessment or pressure analysis diagrams or provide details on high-priority initiatives.

    An image showing the 'Business Goals Cascade,' part of the 'Information Security Strategy Communication Deck.' A green box on top of the screenshot instructs you to 'Paste your goals cascade from the Information Security Requirements Gathering Tool here.'

    Consider developing multiple versions of the deck for different audiences. Senior management may only want an executive summary, whereas the CIO may be more interested in the methodology used to develop the strategy.

    Communication considerations

    Developing an information security strategy is only half the job. For the strategy to be successful, you will need to garner support from key internal stakeholders. These may include the CIO, senior executives, and business leaders. Without their support, your strategy may never get the traction it needs. When building your communication deck and planning to present to these stakeholders, consider the following:

    • Gaining support from stakeholders requires understanding their needs. Before presenting to a new audience, carefully consider their priorities and tailor your presentation to address them.
    • Use the communication deck to clarify the business context and how your initiatives that will support business goals.
    • When presenting to senior stakeholders, anticipate what questions they might ask and be sure to prepare answers in advance. Always be prepared to speak to any data point within the deck.
    • If you are going to present your strategy to a group and you anticipate that one or more members of that group may be antagonistic, seek out an opportunity to speak to them before the meeting and address their concerns one on one.

    If you have already fully engaged your key stakeholders through the requirements gathering exercises, presenting the strategy will be significantly easier. The stakeholders will have already bought in to the business goals, allowing you to show how the security strategy supports those goals.

    Info-Tech Insight

    Reinforce the concept that a security strategy is an effort to enable the organization to achieve its core mission and goals and to protect the business only to the degree that the business demands. It is important that stakeholders understand this point.

    4.2 Develop a security charter

    Estimated Time: 1-3 hours

    1. As a group, review the Information Security Charter.
    2. Customize the template as required to reflect your information security program. It may include elements such as:
      • A mission and vision statement for information security in your organization
      • The objectives and scope of the security program
      • A description of the security principles upon which your program is built
      • High-level roles and responsibilities for information security within the organization

    Input

    • Completed Security Requirements Gathering Tool
    • Completed Security Pressure Analysis Tool
    • Completed Security Gap Analysis Tool

    Output

    • Information security charter

    Materials

    • Information Security Charter

    Participants

    • Security Team

    Download the Information Security Gap Analysis Tool

    4.2.1 Customize the Information Security Charter

    Estimated Time: 1-3 hours

    1. Involve the stakeholders that were present during Phase 1 activities to allow you to build a charter that is truly reflective of your organization.
    2. The purpose of the security charter is too:
      • Establish a mandate for information security within the organization.
      • Communicate executive commitment to risk and information security management.
      • Outline high-level responsibilities for information security within the organization.
      • Establish awareness of information security within the organization.

    A screenshot of the introduction of the 'Information Security Charter' template.

    A security charter is a formalized and defined way to document the scope and purpose of your security program. It will define security governance and allow it to operate efficiently through your mission and vision.

    4.3 Execute on your roadmap

    1. Executing on your information security roadmap will require coordinated effort by multiple teams within your organization. To ensure success, consider the following recommendations:
      1. If you have a project management office, leverage them to help apply formal project management methodologies to your initiatives.
      2. Develop a process to track the tasks on your strategy task list. Because these will not be managed as formal initiatives, it will be easy to lose track of them.
      3. Develop a schedule for regular reporting of progress on the roadmap to senior management. This will help hold yourself and others accountable for moving the project forward.
    2. Plan to review and update the strategy and roadmap on a regular basis. You may need to add, change, or remove initiatives as priorities shift.

    Input

    • Completed Security Gap Analysis Tool

    Output

    • Execution of your strategy and roadmap

    Materials

    • Information Security Gap Analysis Tool
    • Project management tools as required

    Participants

    • Security Team
    • Project Management Office
    • IT and Corporate Teams, as required

    Info-Tech Insight

    Info-Tech has many resources that can help you quickly and effectively implement most of your initiatives. Talk to your account manager to learn more about how we can help your strategy succeed.

    Summary of Accomplishment

    Knowledge Gained

    • Knowledge of organizational pressures and the drivers behind them
    • Insight into stakeholder goals and obligations
    • A defined security risk tolerance information and baseline
    • Comprehensive knowledge of security current state and summary initiatives required to achieve security objectives

    Deliverables Completed

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Information Security Program Gap Analysis Tool

    Use our best-of-breed security framework to perform a gap analysis between your current and target states.

    Information Security Requirements Gathering Tool

    Define the business, customer, and compliance alignment for your security program.

    Related Info-Tech Research

    Develop a Security Operations Strategy

    A unified security operations process actively transforms security events and threat information into actionable intelligence, driving security prevention, detection, analysis, and response processes, addressing the increasing sophistication of cyberthreats, and guiding continuous improvement.

    This blueprint will walk through the steps of developing a flexible and systematic security operations program relevant to your organization.

    Implement a Security Governance and Management Program

    Your security governance and management program needs to be aligned with business goals to be effective.

    This approach also helps to provide a starting point to develop a realistic governance and management program.

    This project will guide you through the process of implementing and monitoring a security governance and management program that prioritizes security while keeping costs to a minimum.

    Align Your Security Controls to Industry Frameworks for Compliance

    Don’t reinvent the wheel by reassessing your security program using a new framework.

    Instead, use the tools in this blueprint to align your current assessment outcomes to required standards.

    Bibliography

    “2015 Cost of Data Breach Study: United States.” Sponsored by IBM. Ponemon Institute, May 2015. Web.

    “2016 Cost of Cyber Crime Study & the Risk of Business Innovation.” Ponemon Institute, Oct. 2016. Web. 25 Oct. 2016.

    “2016 Cost of Data Breach Study: Global Analysis.” Ponemon Institute, June 2016. Web. 26 Oct. 2016.

    “2016 Data Breach Investigations Report.” Verizon, 2016. Web. 25 Oct. 2016.

    “2016 NowSecure Mobile Security Report.” NowSecure, 2016. Web. 5 Nov. 2016.

    “2017 Cost of Cyber Crime Study.” Ponemon Institute, Oct. 2017. Web.

    “2018 Cost of Data Breach Study: Global Overview.” Ponemon Institute, July 2018. Web.

    “2018 Data Breach Investigations Report.” Verizon, 2018. Web. Oct. 2019.

    “2018 Global State of Information Security Survey.” CSO, 2017. Web.

    “2018 Thales Data Threat Report.” Thales eSecurity, 2018. Web.

    “2019 Data Breach Investigations Report.” Verizon, 2020. Web. Feb. 2020.

    “2019 Global Cost of a Data Breach Study.” Ponemon Institute, Feb. 2020. Web.

    “2019 The Cost of Cyber Crime Study.” Accenture, 2019. Web Jan 2020.

    “2020 Thales Data Threat Report Global Edition.” Thales eSecurity, 2020. Web. Mar. 2020.

    Ben Salem, Malek. “The Cyber Security Leap: From Laggard to Leader.” Accenture, 2015. Web. 20 Oct. 2016.

    “Cisco 2017 Annual Cybersecurity Report.” Cisco, Jan. 2017. Web. 3 Jan. 2017.

    “Cyber Attack – How Much Will You Lose?” Hewlett Packard Enterprise, Oct. 2016. Web. 3 Jan. 2017.

    “Cyber Crime – A Risk You Can Manage.” Hewlett Packard Enterprise, 2016. Web. 3 Jan. 2017.

    “Global IT Security Risks Survey.” Kaspersky Lab, 2015. Web. 20 October 2016.

    “How Much Is the Data on Your Mobile Device Worth?” Ponemon Institute, Jan. 2016. Web. 25 Oct. 2016.

    “Insider Threat 2018 Report.” CA Technologies, 2018. Web.

    “Kaspersky Lab Announces the First 2016 Consumer Cybersecurity Index.” Press Release. Kaspersky Lab, 8 Sept. 2016. Web. 3 Jan. 2017.

    “Kaspersky Lab Survey Reveals: Cyberattacks Now Cost Large Businesses an Average of $861,000.” Press Release. Kaspersky Lab, 13 Sept. 2016. Web. 20 Oct. 2016.

    “Kaspersky Security Bulletin 2016.” Kaspersky Lab, 2016. Web. 25 Oct. 2016.

    “Managing Cyber Risks in an Interconnected World: Key Findings From the Global State of Information Security Survey 2015.” PwC, 30 Sept. 2014. Web.

    “Measuring Financial Impact of IT Security on Business.” Kaspersky Lab, 2016. Web. 25 Oct. 2016.

    “Ponemon Institute Releases New Study on How Organizations Can Leapfrog to a Stronger Cyber Security Posture.” Ponemon Institute, 10 Apr. 2015. Web. 20 Oct. 2016.

    “Predictions for 2017: ‘Indicators of Compromise’ Are Dead.” Kaspersky Lab, 2016. Web. 4 Jan. 2017.

    “Take a Security Leap Forward.” Accenture, 2015. Web. 20 Oct. 2016.

    “Trends 2016: (In)security Everywhere.” ESET Research Laboratories, 2016. Web. 25 Oct. 2016.

    Research Contributors

    • Peter Clay, Zeneth Tech Partners, Principal
    • Ken Towne, Zeneth Tech Partners, Security Architect
    • Luciano Siqueria, Road Track, IT Security Manager
    • David Rahbany, The Hain Celestial Group, Director IT Infrastructure
    • Rick Vadgama, Cimpress, Head of Information Privacy and Security
    • Doug Salah, Wabtec Corp, Manager of Information Security and IT Audit
    • Peter Odegard, Children’s Hospitals and Clinics, Information Security Officer
    • Trevor Butler, City of Lethbridge, Information Technology General Manager
    • Shane Callahan, Tractor Supply, Director of Information Security
    • Jeff Zalusky, Chrysalis, President/CEO
    • Candy Alexander, Independent Consultant, Cybersecurity and Information Security Executive
    • Dan Humbert, YMCA of Central Florida, Director of Information Technology
    • Ron Kirkland, Crawford & Co, Manager ICT Security & Customer Service
    • Jason Bevis – FireEye, Senior Director Orchestration Product Management - Office of the CTO
    • Joan Middleton, Village of Mount Prospect, IT Director
    • Jim Burns, Great America Financial Services, Vice President Information Technology
    • Ryan Breed, Hudson’s Bay, Information Security Analyst
    • James Fielder, Farm Credit Services – Central Illinois, Vice President of Information Systems

    Train Managers to Strengthen Employee Relationships to Improve Engagement

    • Buy Link or Shortcode: {j2store}545|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • The responsibility of employee engagement has been on the shoulders of HR and the executive team for years, but managers, not HR or executives, should be primarily responsible for employee engagement.
    • Managers often fail to take steps to improve due to the following reasons:
      • They don’t understand the impact they can have on engagement.
      • They don’t understand the value of an engaged workforce.
      • They don’t feel that they are responsible for engagement.
      • They don’t know what steps they can personally take to improve engagement levels.

    Our Advice

    Critical Insight

    • Managers have a large impact on employee engagement and retention. According to McLean & Company’s engagement data, every 10% increase in the category “my manager inspires me to improve” resulted in a 3.6% increase in an employee’s intent to stay.
    • To improve the manager relationship driver, managers cannot abdicate the responsibility of strengthening relationships with employees to HR – they must take the ownership role.

    Impact and Result

    • When an organization focuses on strengthening manager relationships with employees, managers should be the owner and IT leadership should be the facilitator.
    • Info-Tech recommends starting with the three most important actions to improve employee trust and therefore engagement: inform employees of the why behind decisions, interact with them on a personal level, and involve them in decisions that affect them (also known as the “3 I’s”).
    • Use this blueprint to prepare to train managers on how to apply the 3 I principles and improve the score on this engagement driver.

    Train Managers to Strengthen Employee Relationships to Improve Engagement Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the case

    Educate managers on the impact they have on engagement.

    • Train Managers to Strengthen Employee Relationships to Improve Engagement Storyboard

    2. Prepare for the training session by understanding key concepts

    Learn the 3 I’s of engagement and understand IT leaders as role models for engagement.

    • Training Deck: Train Managers to Build Trusting Relationships to Improve Engagement

    3. Plan the training session and customize the materials

    Determine the logistics of the training session: the who, what, and where.

    • Participant Notebook: Take Ownership of Manager Relationships

    4. Track training success metrics and follow up

    Determine ways to track the impact the training has on employee engagement.

    • Training Evaluation: Manager Relationships
    [infographic]

    Workshop: Train Managers to Strengthen Employee Relationships to Improve Engagement

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Make the Case for Strengthening Manager Relationships

    The Purpose

    Educate managers on the impact they have on engagement and the relationship between employee trust and engagement.

    Identify reasons why managers fail to positively impact employee engagement.

    Inform managers of their responsibility for employee engagement.

    Key Benefits Achieved

    Increased awareness of managers regarding their impact on employee engagement.

    Improved understanding of manager role.

    Creation of plan to increase employee trust and engagement.

    Activities

    1.1 Describe relationship between trust and engagement.

    1.2 Review data on manager’s impact on engagement.

    Outputs

    Gain an understanding of the 3 I’s of building trust.

    Address key objections managers might have.

    2 Prepare for the Training Session by Understanding Key Concepts and Your Role as HR

    The Purpose

    Understand key concepts for engagement, such as inform, interact, and involve.

    Use McLean & Company’s advice to get past pain points with managers.

    Key Benefits Achieved

    Understand the key principles and activities in the manager training deck.

    Gain advice for dealing with pushback from managers.

    Learn about actions that you can take to adopt the 3 I’s principle and act as a role model.

    Activities

    2.1 Practice manager training exercises on informing, interacting with, and involving employees.

    Outputs

    Become familiar with and prepared to take managers through key training exercises.

    3 Plan the Training Session and Customize the Materials

    The Purpose

    Determine who will participate in the manager training session.

    Become familiar with the content in the training deck and ensure the provided examples are appropriate.

    Key Benefits Achieved

    Logistics planned for your own training session.

    Your own case made more powerful by adding your engagement data to the training deck slides.

    Improved delivery of training, making it more effective and engaging for participants.

    Activities

    3.1 Consider your audience for delivering the training.

    3.2 Plan out logistics for the training session—the who, where, and when.

    Outputs

    Ensure that your training sessions include the appropriate participants.

    Deliver a smooth and successful training session.

    4 Track Training Success Metrics and Follow Up

    The Purpose

    Determine ways to track the impact the training has on employee engagement.

    Understand how to apply the 3 I’s principle across HR functions. 

    Key Benefits Achieved

    Measure the value of engagement training.

    Gain immediate feedback on employee engagement with the McLean Leadership Index.

    Determine how HR can support managers in building stronger relationships with employees.

    Activities

    4.1 Determine how HR can support management in strengthening employee relationships.

    Outputs

    Create a culture of trust throughout the organization.

    There should never be only one.

    • Large vertical image:
    • member rating overall impact: High Impact
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    Today, we're talking about a concept that’s both incredibly simple and dangerously overlooked: the single point of failure, or SPOF for short.

    Imagine you’ve built an impenetrable fortress. It has high walls, a deep moat, and strong gates. But the entire fortress can only be accessed through a single wooden bridge. That bridge is your single point of failure. If it collapses or is destroyed, your magnificent fortress is completely cut off. It doesn't matter how strong the rest of it is; that one weak link renders the entire system useless.

    In your work, your team, and your processes and technology, these single bridges are everywhere. A SPOF is any part of a system that, if it stops working, will cause the entire system to shut down. It’s the one critical component, the one indispensable person, or the one vital process that everything else depends on.

    When you identify and fix these weak points you aren't being pessimistic; you're fixing the very foundation of something that can withstand shocks and surprises. It’s about creating truly resilient systems and teams, not just seemingly strong ones. So, let’s explore where these risks hide and what you can do about them.

    When People Become the Problem

    For those of you who know me, saying something like this feels at odds with who I am. And yet, it's one of the most common and riskiest areas in any organization. Human single points of failure don't happen because of malicious intent. They typically grow out of good intentions, hard work, and necessity. But the result is the same: a fragile system completely dependent on an individual.

    The Rise of the Hero

    We all know a colleague like this. The “hero” is the one person who has all the answers. When a critical system goes down at 3 AM, they're the only one who can fix it. They understand the labyrinthine codebase nobody else dares to touch. They have the historical context for every major decision made in the last decade. On the surface, this person is invaluable. Management loves them because they solve problems. The team relies on them because they’re a walking encyclopedia.

    But here’s the inconvenient truth: your hero is your biggest liability.

    This isn’t their fault. They likely became the hero by stepping up when no one else would or could. The hero may actually feel like they are the only ones qualified to handle the issue because “management” does not take the necessary actions to train other people. Or “management” places other priorities. Be aware, this is a perception thing. The manager is very likely to be very concerned about the well-being of their employee. (I'm taking "black companies", akin to black sites, out of the equation for a moment and concentrating on generally healthy workplaces.) The hero will likely feel a strong bond to their environment. Also, every hero is different. There is a single point of failure, but not a single type of person. Every person has a different driver.

    I watched a YouTube video by a famous entrepreneur the other day. And she said something that triggered a response in me, because it sows the seeds of the hero. She said, Would you rather have an employee who just fixes it, handles it, and deals with it? Or an employee that talks about it? Obviously, the large majority will take the person behind door number 1. I would too. But then you need to step up as a manager, as an owner, as an executive, and enforce knowledge sharing.

    If you channel all critical knowledge and capabilities through one person, if you let this person become your go-to specialist for everything, you've created a massive SPOF. What happens when your hero gets sick, takes a well deserved two week vacation to a place with no internet, or leaves the company for a new opportunity? The system grinds to a halt. A minor issue becomes a major crisis because the only person who can fix it is unavailable.

    This overreliance doesn't just create a risk; it stifles growth. Other team members don't get the opportunity to learn and develop new skills because the hero is always there to swoop in and save the day. The answer? I guess that depends on your situation and what your ability is to keep this person happy without alienating the rest of the team. The answer may lie in the options discussed later in the article around KPIs.

    The Knowledge Hoarders

    A step beyond the individual hero is the team that acts as a collective SPOF. This is the team that “protects” its know how. They might use complex, undocumented tools, speak in a language of acronyms only they understand, or resist any attempts to standardize their processes. They've built a silo around their work, making themselves indispensable as a unit.

    Unlike the hero, this often comes from a place of perceived self preservation. If they are the only ones who understand how something works, their jobs are secure, right? But this behavior is incredibly damaging to the organization's resilience. Not to mention that it is just plain wrong. The team becomes inundated with requests for new features, but also for help in solving incidents. The result in numerous instances is that the team succeeds in neither. Next the manager is called to the senior management because the business is complaining that things don't progress as expected. 

    This team thus has become a bottleneck. Any other team that needs to interact with their system is completely at their mercy. Progress slows to a crawl, dependent on their availability and willingness to cooperate. Preservation has turned into survival.  

    The real root cause at the heart of both the hero and the knowledge hoarding team is a failure of knowledge management. When information isn't shared, documented, and made accessible, you are actively choosing to create single points of failure. We'll dive deeper into building a robust knowledge sharing culture in a future article, but for now, recognize that knowledge kept in one person's or team's head is a disaster waiting to happen.

    When Your Technology is a House of Cards

    People aren't the only source of fragility. The way you build and manage your technology stacks can easily create critical SPOFs that leave you vulnerable. These are often less obvious at first, but they can cause dangerous failures when they finally break.

    The Danger of the Single Node

    Let's start with the most straightforward technical SPOF: the single node setup. Imagine you have a critical application like maybe your company's main website or an internal database. If you run that entire application on one single server (a single “node”), you've created a classic SPOF.

    It’s like a restaurant with only one chef. If that chef goes home, the kitchen closes. It doesn't matter how many waiters or tables you have. If that single server experiences a hardware failure, a software crash, or even just needs to be rebooted for an update, your entire service goes offline. There is no failover. The service is simply down until that one machine is fixed, patched or rebooted.

    You need to set up your systems so that when one node goes down, the other takes over. This is not just something for large enterprises. SMEs must do the same. I've had numerous calls from business owners who did something to their web server or system and now “it doesn't work!” Not only are they down, now they have to call me and I then must arrange for subject matter experts to fix it immediately. Typically at a cost much larger than if they had set up their system with active, warm or even cold standbys. 

    The Mystery of Closed Technologies

    Another major risk comes from an overreliance on closed, proprietary technologies. This happens when you build a core part of your business on a piece of software or hardware that you don't control and can't inspect. It’s a “black box.” You know what it’s supposed to do, but you have no idea how it does it, and you can’t fix it if it breaks. When something goes wrong, you are completely at the mercy of the company that created it. You have to submit a support ticket and wait.

    This is actually relatable to the next chapter, please follow along and take the advice there.

    The Trap of Vendor Lock In

    Closely related to closed technology is the concept of vendor lock-in. This is a subtle but powerful SPOF. It happens when you become so deeply integrated with a single vendor's ecosystem that the cost and effort of switching to a competitor are impossibly high. Your vendor effectively becomes a strategic single point of failure. Your ability to innovate, control costs, and pivot your strategy is now tied to the decisions of another company.

    This may even run afoul of legal standards. In Europe, we have the DORA and NIS2 regulations. DORA specifically mandates that companies have exit plans for their systems, starting with their critical and important functions. Functions refers to business services, to be clear. 

    But we get there so easily. The native functions of AWS, Azure and Google Cloud, just to name a few, are very enticing to use. They offer convenience, low code, and performance on tap. It's just that, once you integrate deeply with them, you are taken, hook, line, and sinker. And then you have people like me, or worse, your regulator, who demands “What is your exit plan?”

    Your Resilience Playbook: Practical Steps to Eliminate SPOFs

    Identifying your single points of failure is the first step. The real work is in systematically eliminating them. This isn't about a single, massive project; it's about building new habits and principles into your daily work. Here's a playbook I think you can start using today.

    Mitigate People-Based Risks

    The cure for depending on one person is to create a culture where knowledge is fluid and shared by default. Your goal is to move from individual heroics to collective resilience.

    • Mandate real vacations. This might sound strange, but one of the best ways to reveal and fix a “hero” problem is to make sure your hero takes a real, disconnected vacation. This isn't a punishment; it's a benefit to them and a necessary stress test for the team. It forces others to step up and document their processes in preparation. The first time will be painful, but it gets easier each time as the team builds its own knowledge.

    • Adopt the “teach, don't just do” rule. Coach your senior experts to see their role as multipliers. When someone asks them a question, their first instinct should be to show, not just to do. This can be a five minute screen sharing session, grabbing a colleague to pair program on a fix, or taking ten minutes to write down the answer in a shared knowledge base so it never has to be asked again.

      Many companies have knowledge sharing solutions in place. Take a moment to actually use them. Prepare for when new people come into the company. Have a place where they can get into the groove and learn the heart beat of the company. There is a reason why the Madonna song is so captivating to so many people. Getting into the groove elevates you. And the same thing happens in your company. 

    • Rotate responsibilities and run "game days". Actively move people around. Let a developer handle support tickets for a week to understand common customer issues. Have your infrastructure expert sit with the product team. Also, create “game days” where you simulate a crisis. For example: "Okay team, our lead developer is 'on vacation' today. Let's practice a full deployment without them.” This makes learning safe and proactive.

    • Celebrate team success, not individual firefighting. Shift your praise and recognition. Instead of publicly thanking a single person for working all night to resolve a problem, celebrate the team that built a system so resilient it didn't break in the first place. Reward the team that wrote excellent documentation that allowed a junior member to solve a complex issue. Culture follows what you celebrate. At the same time, if the team does not pony up, definitely praise the person and follow up with the team to fix this.

    • Host internal demos and tech talks. Create a regular, informal forum where people can share what they're working on. This could be a “brown bag lunch” session or a Friday afternoon demo. It demystifies what other teams are doing, breaks down silos, and encourages people to ask questions in a low pressure environment.

    • Remunerate sharing. Make sharing knowledge a bonus-eligible key performance indicator. The more sharing an expert does, with their peers acknowledging this, the more the expert earns. You can easily incorporate this into your peer feedback system. 

    • Run DRP exercises without your top engineers: This is taking a leap of faith, and I would never recommend this until all of the above are in place and proven. 

    Building Resilient Technical Systems

    The core principle here is to assume failure will happen and to design for it. A resilient system isn't one where parts never fail, but one where the system as a whole keeps working even when they do.

    • Embrace the rule of three. This is a simple but powerful guideline. For critical data, aim to have three copies on two different types of media, with one copy stored off-site (or in a different cloud region). For critical services, aim for at least three instances running in different availability zones. This simple rule protects you from a wide range of common failures.

    • Automate everything you can. Every manual process is a potential SPOF. It relies on a person remembering a series of steps perfectly, often under pressure. Automate your testing, your deployments, your server setup, and your backup procedures. Scripts are consistent and repeatable; tired humans at 3 AM are not.

    • Use health checks and smart monitoring. It's not enough to have a backup server; you need to know that it's healthy and ready to take over. Implement automated health checks that constantly monitor your primary and redundant systems. Your monitoring should alert you the moment a backup component fails, not just when the primary one does.

    • Practice chaos engineering. Don't wait for a real failure to test your resilience. Intentionally introduce failures in a controlled environment. This is known as chaos engineering. Start small. What happens if you turn off a non-critical service during work hours? Does the system handle it gracefully? Does the team know how to respond? This turns a potential crisis into a planned, educational drill.

    Avoiding Technology and Vendor Traps

    Your resilience also depends on the choices you make about the technology and partners you rely on. The goal is to maintain control over your destiny.

    • Build abstraction layers. Instead of having your application code talk directly to a specific vendor's service, create an intermediary layer that you control. This “abstraction layer” acts as a buffer. If you ever need to switch vendors, you only have to update your abstraction layer, not your entire application. It’s more work up front but gives you immense flexibility later.

    • Make “ease of exit” a key requirement. When you evaluate a new technology or vendor, make portability a primary concern. Ask tough questions: How do we get our data out? What is the process for migrating to a competitor? Is the technology based on open standards? Run a small proof of concept to test how hard it would be to leave before you commit fully.

    • Consider a multi-vendor strategy. For your most critical dependencies, like cloud hosting, avoid going all in on a single provider if you can. Using services from two or more vendors is an advanced strategy, but it provides the ultimate protection against a massive, platform wide outage or unfavorable changes in pricing or terms.

    It's a journey, not a destination

    You will never be “ready.” Building resilience by eliminating single points of failure isn't a one time project you can check off a list. It’s a continuous process. New SPOFs will emerge as your systems evolve, people change roles, and your business grows.

    The key is to make this thinking a part of your culture. Make “What's the bus factor for this project?” a regular question in your planning meetings. Make redundancy and documentation a non negotiable requirement for new systems. By constantly looking for the one thing that can bring everything down, you can build teams and technology that don't just survive shocks—they eat them for breakfast.

    2023-Q1 Research Agenda

    This 2023-Q1 research agenda slide deck provides you with a comprehensive overview of our most up-to-date published research. Each piece offers you valuable insights, allowing you to take effective decisions and informed actions. All TY|Info-tech research is backed by our team of expert analysts who share decades of IT and industry experience.

    Register to read more …

    Manage Third-Party Service Security Outsourcing

    • Buy Link or Shortcode: {j2store}539|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • A lack of high-skill labor increases the cost of internal security, making outsourcing more appealing.
    • It is unclear what processes could or should be outsourced versus what functions should remain in-house.
    • It is not feasible to have 24/7/365 monitoring in-house for most firms.

    Our Advice

    Critical Insight

    • You are outsourcing support, not accountability, unless you preface that with your customer.
    • For most of you, you won’t have a choice – you’ll have to outsource high-end security skills to meet future needs.
    • Third-party service providers may be able to more effectively remediate threats because of their large, disparate customer base and wider scope.

    Impact and Result

    • Documented obligations and processes. This will allow you to determine which solution (outsourcing vs. insourcing) allows for the best use of resources, and maintains your brand reputation.
    • A list of variables and features to rank potential third-party providers vs. internal delivery to find which solution provides the best fit for your organization.
    • Current limitations of your environment and the limitations of third parties identified for the environments you are looking to mature.
    • Security responsibilities determined that can be outsourced, and which should be outsourced in order to gain resource allocation and effectiveness, and to improve your overall security posture.
    • The limitations or restrictions for third-party usage understood.

    Manage Third-Party Service Security Outsourcing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand how to avoid common mistakes when it comes to outsourcing security, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. What to outsource

    Identify different responsibilities/functions in your organization and determine which ones can be outsourced. Complete a cost analysis.

    • Manage Third-Party Service Security Outsourcing – Phase 1: What to Outsource
    • Insourcing vs. Outsourcing Costing Tool

    2. How to outsource

    Identify a list of features for your third-party provider and analyze.

    • Manage Third-Party Service Security Outsourcing – Phase 2: How to Outsource
    • MSSP Selection Tool
    • Checklist for Third-Party Providers

    3. Manage your third-party provider

    Understand how to align third-party providers to your organization.

    • Manage Third-Party Service Security Outsourcing – Phase 3: Manage Your Third-Party Provider
    • Security Operations Policy for Third-Party Outsourcing
    • Third-Party Security Policy Charter Template
    [infographic]

    Tymans Group Consulting

    IT resilience, carefree entrepreneurship.

    Discover and implement all the ingredients that make your IT perform fast and rock solid.

    Yes, I want stable and performant IT Operations

    We are multidisciplinary infrastructure and IT Operations experts.
    We bring passion, focus, and results to our work and your company.

    TY innovates resilience embedding in your organization

    Let's have a chat

    • TY as your advisor

      This gives you our expertise on tap. Do you have an issue? Call us. You want to have a sparring partner to solve a problem? Call us. Do you need a sounding board? Call us.

      TY provides advisory services as well as traditional consulting. We also execute study and revision services for your policies, standards, procedures, and guidelines to ensure compliance with DORA, NIS2 and corporate requirements of both your own company and that of your clients. And we also check against our internal best ways of working.

      Book a conversation

    • Focused Consulting and Implementing

      This is where you have our undivided attention, and we work with you one on one until resolution. Note that there is a waiting period for this service at this time.

      If you are interested, please first book a call so that we can determine if we are a good fit together.

      Book a conversation

    What our relations tell us

    • Citigroup Manager

      As a technical consultant, Gert is an All-Star performer...  He has got many wins under his belt... His willingness to work hard, knowledge of regional systems (especially Tokyo) and Microsoft Office is well respected within the Group 

    • Sandra

      Tx for all the efforts done! Great Job! And good luck for the ones amongst you that still need to work tomorrow Grtz Sandra VB
    • Patrick A.

      Hi Gert, I'm busy documenting .... Thanks for your real friendly and careful, yet effective support :-) Patrick A.
    • Lucie VH

      During my vacation, Gert took over the management of a number of ongoing problems. Even before I actually left for my trip, he took action and proposed a number of improvements. Gert coordinated between the different stakeholders and PTA's and resolved a number of acute issues. And he did this in a very pleasant, yet effective way.
    • Dawn

      No worries. It only freaked me out for a few minutes, then I saw that the system had blocked them from doing any real damage. Thanks for the cleanup and extra measures, though! As always, you rock!
    • After a successful DRP

      Thanks for all the efforts done ans special Tx Gert for Coordinating this again!
    • A CIO

      Yet again Gert, Thanks for handling this in such a top way!
    • A Sales Manager

      Awesome Gert, I will let the team know we can close this issue!
    • Investment bank manager

      Flexibility, Adaptability, problem Solving are Gert's strong points, Exceptionally beneficial in "crisis." I can attest that Gert will always see a problem through. if he needs to hand it off, it will aways have good handoff notes. His business knowledge is good and will part of the next project.

    • Wall Street Performance Review

      As with the classes for SFC, Gert organised formal classes for all of the Research IT teams.... I would class this job as well done, given everything that was going on with Rsearch IT. 

    • Stuart B on Gert Taeymans

      Excellent technical resource. Quick help on issues and provide explanations to regional teams. Often covers for us in the evenings or when things get particularly busy.

    • Asia support to roll out global system

      Gert time in Japan was a great success. He really helped the IT group through a really difficult tume during the roll out of {the global research publishing system} and had to cover all the bases that had not been properly coverd by the previous person in Japan. Gert's visit also coincided with Stuart's joining into the Asia IT Research group. Gert was very flexible  in the hours that he worked and the lenght of time he was out in Tokyo (in the end more than 4 weeks.)

      The feedback from both the users and the IT group was VERY positive on Gertt's contribution. He was more than capabable to put across technical points to the IT team, in their language.

    • IT Director

      Gert is a knowledgeable individual who takes on additional responsibility... rapidly addressng end-user issues and developing custom solutions when needed.

    Benefits of working with Tymans Group

    • We focus on actual deliverables

      TY delivers on the IT resilience what and how. Get actionable IT, management, governance, and productivity research, insights, blueprints with templates, easy-to-use tools, and clear instructions to help you execute effectively and become IT resilient.

    • Get insights from top IT professionals

      Our TY network base constantly informs us about our IT resilience research and validates it through client experiences. TY adds to that by applying this research to real-world situations in Belgium, the Netherlands, Germany, Europe and the US.

    • Data-driven insights

      It is tempting to use your gut instinct. Don't. Everything TY does, is data-driven. From our research to our interactions with you, we use an analytical approach to help you move forward with your key IT resilience projects.

    Frequently asked questions

    • How does Tymans Group IT Operations advisory work?

      TY believes strongly in leveraging technology and personal delivery. That is why TY uses one on one calling sessions using Teams and Zoom. When needed I do on site delivery.

      Every advisory option has a set number of interactive contact points in addition to email and chat options. Every contact request is answered by me personally. 

      Through the use of technology, I ensure that instead of you having to drive to your coach, the coach “comes” to you!

    • What are Tymans Group advisory service timings?

      TY is available on European time from 09:00 until 17:00 and US EST 09:00-17:00 (depending on already booked appointments). 

    • How much to Tymans Group programs cost?

      While this is a difficult question to answer, let's give it a shot.

      Ideally I work value-based. But this is more for well-defined projects where the ROI is quantifiable rather than qualifiable.

      Often advisory services are a discovery and we obtain results together. You may even only need an experienced sounding board. This type of pricing starts from €4,500.

    • Does Tymans Group have a "pick your brain" option?

      By popular demand, yes, I added this. It is not the cheapest way to use me, but it may be the most effective for you.

    • How are Tymans Group advisory services delivered?

      TY believes strongly in leveraging technology and personal delivery. That is why TY uses one on one calling sessions using Teams and Zoom. When needed I do on site delivery.

      This way I ensure that instead of you having to drive to your coach, the coach “comes” to you!

      You are allowed to record the sessions and use them internally in your organization, including as part of your internal training. You are not allowed to resell these without a resale agreement.

    • Tymans Group is delivered online via calls? Isn't on-site better?

      Interestingly, in the majority of advisory services the answer is no.

      Purely on-site automatically limits the time we can spend together. Thus, typically, the interactions are of a shorter duration. Even when this is done over a longer timeframe, like 5 to 10 days, this is really too short for effective advising, coaching and mentoring. 

      We stay away from accelerated programs, where I can send a lot of information, and most of it will not stick.

      Terry Sejnowski  a neuroscientist, actually states that cramming does not help you remember. It gets you, maybe, through the next exam, but the information is not retained. The way to integrate and remember information is to spread out the study and repeat. This is called the spacing effect.

      This is why I employ the online delivery method. When you record our sessions, you can come back and again repeat it, note down your questions and fire them off to me. I respond and you go back into the talk. Then you apply, possibly fail, and come back again until it succeeds, and then you make it your own.

      That is why time-pressured, on-site delivery does not work. Our method makes you effective because you internalized the material and feedback. This can then be rounded-off by on-site finalization.

      10-15 years ago, this was not possible, as the web-based tools were simply not fast enough. Today, unless you are taking classes like carpentry or other topics that require on-site delivery, online delivery is the way to go.

    • Can I pay by wire transfer?

      We actually prefer wire transfer. It cuts down on the financial fees and it is the norm in the European Union. Our US customer can also use this feature and pay into our US bank.

    • Where is Tymans Group located?

      Tymans Group has two locations:

      In Europe, Belgium and in Greenville, DE, United States, 

      The HQ is in Belgium.

    • Does this work for less than 25 employees?

      Resilience is not size-dependent. That said, if you are supplying critical services to financial services firms, you may not have a choice. In that case, be prepared to up your game. Call TY in this case. We can help you fulfill third-party requirements, such as the DORA regulation.

      In other cases, if you plan to grow your company beyond 25 employees, then yes. Start with the basics, though. Make sure you have a good understanding of your current challenges. Schedule a chat with me to determine the right baseline.

      If you are just starting out and want to ensure that your company's processes are correct right out of the gate, it's better to give me a call. We can start you off in the right direction without spending too much.

      Our guides are only available to existing advisory clients. Let's chat informally if we are a fit for you.

    • I'm a small business owner, can I do all this by myself?

      Our guides are only available to existing advisory clients.

      But also see the above question about company size and target clients. If you have fewer than 25 employees and you are not supplying critical services to financial institutions, then maybe some of our guides are not for you. We can still help you organize your resilience, but it may be more cost-effective to use only our TY Advisory services.

      Once you grow beyond 25 employees, you will benefit from our processes. Just implement what you need. How do you know what you require? You probably already have an inkling of what is lacking in your organization. If you are unsure, please get in touch with us.

      In short, the answer is yes, and TY can help you. Once you know what you are looking for, that guide allows you to handle it yourself. If you require help selecting the right guide, please get in touch with us.

    • Do you provide refunds?

      Before buying the DIY guides, available only to existing advisory clients,, please refer to the free Executive Summary when available. If there is no Executive summary available, please contact me with any questions you have. 

      As these are downloadable products, I cannot provide any refunds, but I will help you with any exchange where you have a good reason. 

    • I bought the wrong item

      If you bought the wrong item, please contact me and we'll be happy to provide an alternative item.

    • I want more assistance

      Yes, more assistance is available.  Tymans Group can provide you with any assistance you require within the parameters of your contract.

      Per-guide assistance ranges from a single phone or video consultation to guided implementation or a workshop. Alternatively we can go to do-it-for-you implementation or even full-time consulting.

      Note that our guides are only available to existing advisory clients.

      Please contact me for a talk.

    I want more information to become more resilient.

    Continue reading

    Improve Security Governance With a Security Steering Committee

    • Buy Link or Shortcode: {j2store}373|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Security is still seen as an IT problem rather than a business risk, resulting in security governance being relegated to the existing IT steering committee.
    • Security is also often positioned in the organization where they are not privy to the details of the organization’s overall strategy. Security leaders struggle to get the full enterprise picture.

    Our Advice

    Critical Insight

    • Work to separate the Information Security Steering Committee (ISSC) from the IT Steering Committee (ITSC). Security transcends the boundaries of IT and needs an independent, eclectic approach to make strategic decisions.
    • Be the lawyer, not the cop. Ground your communications in business terminology to facilitate a solution that makes sense to the entire organization.
    • Develop and stick to the agenda. Continued engagement from business stakeholders requires sticking to a strategic level-focused agenda. Dilution of purpose will lead to dilution in attendance.

    Impact and Result

    • Define a clear scope of purpose and responsibilities for the ISSC to gain buy-in and consensus for security governance receiving independent agenda time from the broader IT organization.
    • Model the information flows necessary to provide the steering committee with the intelligence to make strategic decisions for the enterprise.
    • Determine membership and responsibilities that shift with the evolving security landscape to ensure participation reflects interested parties and that money being spent on security mitigates risk across the enterprise.
    • Create clear presentation material and strategically oriented meeting agendas to drive continued participation from business stakeholders and executive management.

    Improve Security Governance With a Security Steering Committee Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to improve your security governance with a security steering committee, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define committee purpose and responsibilities

    Identify the purpose of your committee, determine the capabilities of the committee, and define roles and responsibilities.

    • Improve Security Governance With a Security Steering Committee – Phase 1: Define Committee Purpose and Responsibilities
    • Information Security Steering Committee Charter

    2. Determine information flows, membership & accountabilities

    Determine how information will flow and the process behind that.

    • Improve Security Governance With a Security Steering Committee – Phase 2: Determine Information Flows, Membership & Accountabilities

    3. Operate the Information Security Steering Committee

    Define your meeting agendas and the procedures to support those meetings. Hold your kick-off meeting. Identify metrics to measure the committee’s success.

    • Improve Security Governance With a Security Steering Committee – Phase 3: Operate the Information Security Steering Committee
    • Security Metrics Summary Document
    • Information Security Steering Committee Stakeholder Presentation
    [infographic]

    Further reading

    Improve Security Governance With a Security Steering Committee

    Build an inclusive committee to enable holistic strategic decision making.

    ANALYST PERSPECTIVE

    "Having your security organization’s steering committee subsumed under the IT steering committee is an anachronistic framework for today’s security challenges. Conflicts in perspective and interest prevent holistic solutions from being reached while the two permanently share a center stage.

    At the end of the day, security is about existential risks to the business, not just information technology risk. This focus requires its own set of business considerations, information requirements, and delegated authorities. Without an objective and independent security governance body, organizations are doomed to miss the enterprise-wide nature of their security problems."

    – Daniel Black, Research Manager, Security Practice, Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs
    • CISOs
    • IT/Security Leaders

    This Research Will Help You:

    • Develop an effective information security steering committee (ISSC) that ensures the right people are involved in critical decision making.
    • Ensure that business and IT strategic direction are incorporated into security decisions.

    This Research Will Also Assist:

    • Information Security Steering Committee (ISSC) members

    This Research Will Help Them:

    • Formalize roles and responsibilities.
    • Define effective security metrics.
    • Develop a communication plan to engage executive management in the organization’s security planning.

    Executive summary

    Situation

    • Successful information security governance requires a venue to address security concerns with participation from across the entire business.
    • Without access to requisite details of the organization – where we are going, what we are trying to do, how the business expects to use its technology – security can not govern its strategic direction.

    Complication

    • Security is still seen as an IT problem rather than a business risk, resulting in security governance being relegated to the existing IT steering committee.
    • Security is also often positioned in the organization where they are not privy to the details of the organization’s overall strategy. Security leaders struggle to get the full enterprise picture.

    Resolution

    • Define a clear scope of purpose and responsibilities for the Information Security Steering Committee to gain buy-in and consensus for security governance receiving independent agenda time from the broader IT organization.
    • Model the information flows necessary to provide the steering committee with the intelligence to make strategic decisions for the enterprise.
    • Determine membership and responsibilities that shift with the evolving security landscape to ensure participation reflects interested parties and that money being spent on security mitigates risk across the enterprise.
    • Create security metrics that are aligned with committee members’ operational goals to incentivize participation.
    • Create clear presentation material and strategically oriented meeting agendas to drive continued participation from business stakeholders and executive management.

    Info-Tech Insight

    1. Work to separate the ISSC from the IT Steering Committee (ITSC). Security transcends the boundaries of IT and needs an independent, eclectic approach to make strategic decisions.
    2. Be the lawyer, not the cop. Ground your communications in business terminology to facilitate a solution that make sense to the entire organization.
    3. Develop and stick to the agenda. Continued engagement from business stakeholders requires sticking to a strategic level-focused agenda. Dilution of purpose will lead to dilution in attendance.

    Empower your security team to act strategically with an ISSC

    Establishing an Information Security Steering Committee (ISSC)

    Even though security is a vital consideration of any IT governance program, information security has increasingly become an important component of the business, moving beyond the boundaries of just the IT department.

    This requires security to have its own form of steering, beyond the existing IT Steering Committee, that ensures continual alignment of the organization’s security strategy with both IT and business strategy.

    An ISSC should have three primary objectives:

    • Direct Strategic Planning The ISSC formalizes organizational commitments to strategic planning, bringing visibility to key issues and facilitating the integration of security controls that align with IT and business strategy.
    • Institute Clear Accountability The ISSC facilitates the involvement and commitment of executive management through clearly defined roles and accountabilities for security decisions, ensuring consistency in participation as the organization’s strategies evolve.
    • Optimize Security Resourcing The ISSC maximizes security by monitoring the implementation of the security strategic plan, making recommendations on prioritization of effort, and securing necessary resources through the planning and budgeting processes, as necessary.

    What does the typical ISSC do?

    Ensuring proper governance over your security program is a complex task that requires ongoing care and feeding from executive management to succeed.

    Your ISSC should aim to provide the following core governance functions for your security program:

    1. Define Clarity of Intent and Direction How does the organization’s security strategy support the attainment of the business and IT strategies? The ISSC should clearly define and communicate strategic linkage and provide direction for aligning security initiatives with desired outcomes.
    2. Establish Clear Lines of Authority Security programs contain many important elements that need to be coordinated. There needs to be clear and unambiguous authority, accountability, and responsibility defined for each element so lines of reporting/escalation are clear and conflicting objectives can be mediated.
    3. Provide Unbiased Oversight The ISSC should vet the organization’s systematic monitoring processes to make certain there is adherence to defined risk tolerance levels and ensure that monitoring is appropriately independent from the personnel responsible for implementing and managing the security program.
    4. Optimize Security Value Delivery Optimized value delivery occurs when strategic objectives for security are achieved and the organization’s acceptable risk posture is attained at the lowest possible cost. This requires constant attention to ensure controls are commensurate with any changes in risk level or appetite.

    Formalize the most important governance functions for your organization

    Creation of an ISSC is deemed the most important governance and oversight practice that a CISO can implement, based on polling of IT security leaders analyzing the evolving role of the CISO.

    Relatedly, other key governance practices reported – status updates, upstream communications, and executive-level sponsorship – are within the scope of what organizations traditionally formalize when establishing their ISSC.

    Vertical bar chart highlighting the most important governance functions according to respondents. The y axis is labelled 'Percentage of Respondents' with the values 0%-60%, and the x axis is labelled 'Governance and Oversight Practices'. Bars are organized from highest percentage to lowest with 'Creation of cross-functional committee to oversee security strategy' at 56%, 'Regularly scheduled reporting on the state of security to stakeholders' at 55%, 'Upstream communication channel from security leadership to CEO' at 46%, and 'Creation of program charter approved by executive-level sponsor' at 37%. Source: Ponemon Institute, 2017; N=184 organizations; 660 respondents.

    Despite the clear benefits of an ISSC, organizations are still falling short

    83% of organizations have not established formal steering committees to evaluate the business impact and risks associated with security decisions. (Source: 2017 State of Cybersecurity Metrics Report)

    70% of organizations have delegated cybersecurity oversight to other existing committees, providing security limited agenda time. (Source: PwC 2017 Annual Corporate Director Survey)

    "This is a group of risk managers an institution would bring together to deal with a response anyway. Having them in place to do preventive discussions and formulate policy to mitigate the liability sets and understand compliance obligations is just powerful." (Kirk Bailey, CISO, University of Washington)

    Prevent the missteps that make 9 out of 10 steering committees unsuccessful

    Why Do Steering Committees Fail?

    1. A lack of appetite for a steering committee from business partners. An effective ISSC requires participation from core members of the organization’s leadership team. The challenge is that most business partners don’t understand the benefits of an ISSC and the responsibilities aren’t tailored to participants’ needs or interests. It’s the CISO’s (or senior IT/security leader’s) responsibility to make this case to stakeholders and right-size the committee responsibilities and membership.
    2. ISSC committees are given inappropriate responsibilities. The steering committee is fundamentally about decision making; it’s not a working committee. Security leadership typically struggles with clarifying these responsibilities on two fronts: either the responsibilities are too vague and there is no clear way to execute on them within a meeting or responsibilities are too tactical and require knowledge that participants do not have. Responsibilities should determine who is on the ISSC, not the other way around.
    3. Lack of process around execution. An ISSC is only valuable if members are able to successfully execute on its mandate. Without well-defined processes it becomes nearly impossible for the ISSC to be actionable. As a result, participants lack the information they need to make critical decisions, agendas are unmet, and meetings are seen as a waste of time.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Improve Security Governance With a Security Steering Committee – project overview

    1. Define Committee Purpose and Responsibilities

    2. Determine Information Flows, Membership & Accountabilities

    3. Operate the Information Security Steering Committee

    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Tailor Info-Tech’s Information Security Steering Committee Charter Template to define terms of reference for the ISSC

    1.2 Conduct a SWOT analysis of your information security governance capabilities

    1.3 Identify the responsibilities and duties of the ISSC

    1.4 Draft the committee purpose statement of your ISSC

    2.1 Define your SIPOC model for each of the ISSC responsibilities

    2.2 Identify committee participants and responsibility cadence

    2.3 Define ISSC participant RACI for each of the responsibilities

    3.1 Define the ISSC meeting agendas and procedures

    3.2 Define which metrics you will report to the ISSC

    3.3 Hold a kick-off meeting with your ISSC members to explain the process, responsibilities, and goals

    3.4 Tailor the Information Security Steering Committee Stakeholder Presentation template

    3.5 Present the information to the security leadership team

    3.6 Schedule your first meeting of the ISSC

    Guided Implementations

    • Identify the responsibilities and duties of the ISSC.
    • Draft the committee purpose of the ISSC.
    • Determine SIPOC modeling of information flows.
    • Determine accountabilities and responsibilities.
    • Set operational standards.
    • Determine effectiveness metrics.
    • Steering committee best practices.
    Associated Activity icon

    Onsite Workshop

    This blueprint can be combined with other content for onsite engagements, but is not a standalone workshop.
    Phase 1 Outcome:
    • Determine the purpose and responsibilities of your information security steering committee.
    Phase 2 Outcome:
    • Determine membership, accountabilities, and information flows to enable operational excellence.
    Phase 3 Outcome:
    • Define agendas and standard procedures to operate your committee.
    • Design an impactful stakeholder presentation.

    Improve Security Governance With a Security Steering Committee

    PHASE 1

    Define Committee Purpose and Responsibilities

    Phase 1: Define Committee Purpose and Responsibilities

    ACTIVITIES:

    • 1.1 Tailor Info-Tech’s Information Security Steering Committee Charter Template to define terms of reference for the ISSC
    • 1.2 Conduct a SWOT analysis of your information security governance capabilities
    • 1.3 Identify the responsibilities and duties of the ISSC
    • 1.4 Draft the committee purpose statement for your ISSC

    OUTCOMES:

    • Conduct an analysis of your current information security governance capabilities and identify opportunities and weaknesses.
    • Define a clear scope of purpose and responsibilities for your ISSC.
    • Begin to customize your ISSC charter.

    Info-Tech Insight

    Balance vision with direction. Purpose and responsibilities should be defined so that they encompass your mission and objectives to the enterprise in clear terms, but provide enough detail that you can translate the charter into operational plans for the security team.

    Tailor Info-Tech’s Information Security Steering Committee Charter Template to define terms of reference for the ISSC

    Supporting Tool icon 1.1

    A charter is the organizational mandate that outlines the purpose, scope, and authority of the ISSC. Without a charter, the steering committee’s value, scope, and success criteria are unclear to participants, resulting in unrealistic stakeholder expectations and poor organizational acceptance.

    Start by reviewing Info-Tech’s template. Throughout the next two sections we will help you to tailor its contents.

    • Committee Purpose: The rationale, benefits of, and overall function of the committee.
    • Organization and Membership: Who is on the committee and how is participation measured against organizational need.
    • Responsibilities and Duties: What tasks/decisions the accountable committee is making.
    • RACI: Who is accountable, responsible, consulted, and informed regarding each responsibility.
    • Committee Procedures and Agendas: Includes how the committee will be organized and how the committee will interact and communicate with interested parties.
    Sample of the Info-Tech deliverable 'Information Security Steering Committee Charter Template'.

    Download the Information Security Steering Committee Charter to customize your organization’s charter

    Conduct a SWOT analysis of your information security governance capabilities

    Associated Activity icon 1.2

    INPUT: Survey outcomes, Governance overview handouts

    OUTPUT: SWOT analysis, Top identified challenges and opportunities

    1. Hold a meeting with your IT leadership team to conduct a SWOT analysis on your current information security governance capabilities.
    2. In small groups, or individually, have each group complete a SWOT analysis for one of the governance areas. For each consider:
      • Strengths: What is currently working well in this area?
      • Weaknesses: What could you improve? What are some of the challenges you’re experiencing?
      • Opportunities: What are some organizational trends that you can leverage? Consider whether your strengths or weaknesses could create opportunities.
      • Threats: What are some key obstacles across people, process, and technology?
    3. Have each team or individual rotate until each person has contributed to each SWOT. Add comments from the stakeholder survey to the SWOT.
    4. As a group, rank the inputs from each group and highlight the top five challenges and the top five opportunities you see for improvement.

    Identify the responsibilities and duties of the ISSC

    Associated Activity icon 1.3

    INPUT: SWOT analysis, Survey reports

    OUTPUT: Defined ISSC responsibilities

    1. With your security leadership team, review the typical responsibilities of the ISSC on the following slides (also included in the templated text of the charter linked below).
    2. Print off the following two slides, and in small teams or individually, identify which responsibilities the ISSC should have in your organization, brainstorm any additional responsibilities, and document reasoning.
    3. Have each team present to the larger group, track the similarities and differences between each of the groups, and come to consensus on the list of categories and responsibilities.
    4. Complete a sanity check: review your SWOT analysis. Do the responsibilities you’ve identified resolve the critical challenges or weaknesses?
    5. As a group, consider the responsibilities and whether you can reasonably implement those in one year or if there are any that will need to wait until year two of the committee.

    Add or modify responsibilities in Info-Tech’s Information Security Steering Committee Charter.

    Typical ISSC responsibilities and duties

    Use the following list of responsibilities to customize the list of responsibilities your ISSC may take on. These should link directly to the Responsibilities and Duties section of your ISSC charter.

    Strategic Oversight

    • Provide oversight and ensure alignment between information security strategy and company objectives.
    • Assess the adequacy of resources and funding to sustain and advance successful security programs and practices for identifying, assessing, and mitigating cybersecurity risks across all business functions.
    • Review controls to prevent, detect, and respond to cyber-attacks or information or data breaches involving company electronic information, intellectual property, data, or connected devices.
    • Review the company’s cyberinsurance policies to ensure appropriate coverage.
    • Provide recommendations, based on security best practices, for significant technology investments.

    Policy Governance

    • Review company policies pertaining to information security and cyberthreats, taking into account the potential for external threats, internal threats, and threats arising from transactions with trusted third parties and vendors.
    • Review privacy and information security policies and standards and the ramifications of updates to policies and standards.
    • Establish standards and procedures for escalating significant security incidents to the ISSC, board, other steering committees, government agencies, and law enforcement, as appropriate.

    Typical ISSC responsibilities and duties (continued)

    Use the following list of responsibilities to customize the list of responsibilities your ISSC may take on. These should link directly to the Responsibilities and Duties section of your ISSC charter.

    Risk Governance

    • Review and approve the company’s information risk governance structure and key risk management processes and capabilities.
    • Assess the company’s high-risk information assets and coordinate planning to address information privacy and security needs.
    • Provide input to executive management regarding the enterprise’s information risk appetite and tolerance.
    • Review the company’s cyber-response preparedness, incident response plans, and disaster recovery capabilities as applicable to the organization’s information security strategy.
    • Promote an open discussion regarding information risk and integrate information risk management into the enterprise’s objectives.

    Monitoring & Reporting

    • Receive periodic reports and coordinate with management on the metrics used to measure, monitor, and manage cyber and IT risks posed to the company and to review periodic reports on selected risk topics as the Committee deems appropriate.
    • Review reports provided by the IT organization regarding the status of and plans for the security of the company’s data stored on internal resources and with third-party providers.
    • Monitor and evaluate the quality and effectiveness of the company’s technology security, capabilities for disaster recovery, data protection, cyberthreat detection and cyber incident response, and management of technology-related compliance risks.

    Review the organization’s security strategy to solidify understanding of the ISSC’s purpose

    The ISSC should consistently evolve to reflect the strategic purpose of the security program. If you completed Info-Tech’s Security Strategy methodology, review the results to inform the scope of your committee. If you have not completed Info-Tech’s methodology, determining these details should be achieved through iterative stakeholder consultations.

    Strategy Components

    ISSC Considerations

    Security Pressure Analysis

    Review the ten security domains and your organization’s pressure levels to review the requisite maturity level of your security program. Consider how this may impact the focus of your ISSC.

    Security Drivers/Obligations

    Review how your security program supports the attainment of the organization’s business objectives. By what means should the ISSC support these objectives? This should inform the rationale, benefits, and overall function of the committee.

    Security Strategy Scope and Boundaries

    Consider the scope and boundaries of your security program to reflect on what the program is responsible for securing. Is this reflected adequately in the language of the committee’s purpose? Should components be added or redacted?

    Draft the committee purpose statement of your ISSC

    Associated Activity icon 1.4

    INPUT: SWOT Analysis, Security Strategy

    OUTPUT: ISSC Committee Purpose

    1. In a meeting with your IT leadership team – and considering the organization’s security strategy, defined responsibilities, and opportunities and threats identified – review the example goal statement in the Information Security Steering Committee Charter, and identify whether any of these statements apply to your organization. Select the statements that apply and collaboratively make any changes needed.
    2. Define unique goal statements by considering the following questions:
      • What three things would you realistically list for the ISSC to achieve?
      • If you were to accomplish three things in the next year, what would those be?
    3. With those goal statements in mind, consider the overall purpose of the committee. The purpose statement should be a reflection of what the committee does, why, and the goals.
    4. Have each individual review the example purpose statement and draft what they think a good purpose statement would be.
    5. Present each statement, and work together to determine a best-of-breed statement.

    Alter the Committee Purpose section in the Information Security Steering Committee Charter.

    Build an Application Department Strategy

    • Buy Link or Shortcode: {j2store}180|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $220,866 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Application delivery has modernized. There are increasing expectations on departments to deliver on organizational and product objectives with increasing velocity.
    • Application departments produce many diverse, divergent products, applications, and services with expectations of frequent updates and changes based on rapidly changing landscapes

    Our Advice

    Critical Insight

    • There is no such thing as a universal “applications department.” Unlike other domains of IT, there are no widely accepted frameworks that clearly outline universal best practices of application delivery and management.
    • Different software needs and delivery orientations demand a tailored structure and set of processes, especially when managing a mixed portfolio or multiple delivery methods.

    Impact and Result

    Understand what your department’s purpose is through articulating its strategy in three steps:

    • Determining your application department’s values, principles, and orientation.
    • Laying out the goals, objectives, metrics, and priorities of the department.
    • Building a communication plan to communicate your overall department strategy.

    Build an Application Department Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build an application department strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take stock of who you are

    Consider and record your department’s values, principles, orientation, and capabilities.

    • Build an Application Department Strategy – Phase 1: Take Stock of Who You Are
    • Application Department Strategy Supporting Workbook

    2. Articulate your strategy

    Define your department’s strategy through your understanding of your department combined with everything that you do and are working to do.

    • Build an Application Department Strategy – Phase 2: Articulate Your Strategy
    • Application Department Strategy Template

    3. Communicate your strategy

    Communicate your department’s strategy to your key stakeholders.

    • Build an Application Department Strategy – Phase 3: Communicate Your Strategy

    Infographic

    Workshop: Build an Application Department Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Take Stock of Who You Are

    The Purpose

    Understand what makes up your application department beyond the applications and services provided.

    Key Benefits Achieved

    Articulating your guiding principles, values, capabilities, and orientation provides a foundation for expressing your department strategy.

    Activities

    1.1 Identify your team’s values and guiding principles.

    1.2 Define your department’s orientation.

    Outputs

    A summary of your department’s values and guiding principles

    A clear view of your department’s orientation and supporting capabilities

    2 Articulate Your Strategy

    The Purpose

    Lay out all the details that make up your application department strategy.

    Key Benefits Achieved

    A completed application department strategy canvas containing everything you need to communicate your strategy.

    Activities

    2.1 Write your application department vision statement.

    2.2 Define your application department goals and metrics.

    2.3 Specify your department capabilities and orientation.

    2.4 Prioritize what is most important to your department.

    Outputs

    Your department vision

    Your department’s goals and metrics that contribute to achieving your department’s vision

    Your department’s capabilities and orientation

    A prioritized roadmap for your department

    3 Communicate Your Strategy

    The Purpose

    Lay out your strategy’s communication plan.

    Key Benefits Achieved

    Your application department strategy presentation ready to be presented to your stakeholders.

    Activities

    3.1 Identify your stakeholders.

    3.2 Develop a communication plan.

    3.3 Wrap-up and next steps

    Outputs

    List of prioritized stakeholders you want to communicate with

    A plan for what to communicate to each stakeholder

    Communication is only the first step – what comes next?

    Tech Trend Update: If Digital Ethics Then Data Equity

    • Buy Link or Shortcode: {j2store}100|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    COVID-19 is driving the need for quick technology solutions, including some that require personal data collection. Organizations are uncertain about the right thing to do.

    Our Advice

    Critical Insight

    Data equity approaches personal data like money, putting the owner in control and helping to protect against unethical systems.

    Impact and Result

    There are some key considerations for businesses grappling with digital ethics:

    1. If partnering, set expectations.
    2. If building, invite criticism.
    3. If imbuing authority, consider the most vulnerable.

    Tech Trend Update: If Digital Ethics Then Data Equity Research & Tools

    Tech Trend Update: If Digital Ethics Then Data Equity

    Understand how to use data equity as an ethical guidepost to create technology that will benefit everyone.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Tech Trend Update: If Digital Ethics Then Data Equity Storyboard
    [infographic]

    Time Study

    • Buy Link or Shortcode: {j2store}260|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • In ESG’s 2018 report “The Life of Cybersecurity Professionals,” 36% of participants expressed the overwhelming workload was a stressful aspect of their job.
    • Organizations expect a lot from their security specialists. From monitoring the threat environment, protecting business assets, and learning new tools, to keeping up with IT initiatives, cybersecurity teams struggle to balance their responsibilities with the constant emergencies and disruptions that take them away from their primary tasks.
    • Businesses fail to recognize the challenges associated with task prioritization and the time management practices of a security professional.

    Our Advice

    Critical Insight

    • The majority of scheduled calendar meetings include employees and peers.
      • Our research indicates cybersecurity professionals spent the majority of their meetings with employees (28%) and peers (24%). Other stakeholders involved in meetings included by myself (15%), boss (13%), customers (10%), vendors (8%), and board of directors (2%).
    • Calendar meetings are focused on project work, management, and operations.
      • When asked to categorize calendar meetings, the focus was on project work (26%), management (23%), and operations (22%). Other scheduled meetings included ones focused on strategy (15%), innovation (9%), and personal time (5%).
    • Time management scores were influenced by the percentage of time spent with employees and peers.
      • When participants were divided into good and poor time managers, we found good time managers spent less time with their peers and more time with their employees. This may be due to the nature of employee meetings being more directly tied to the project outputs of the manager than their peer meetings. Managers who spend more time in meetings with their employees feel a sense of accomplishment, and hence rate themselves higher in time management.

    Impact and Result

    • Understand how cybersecurity professionals allocate their time.
    • Gain insight on whether perceived time management skills are associated with calendar maintenance factors.
    • Identify common time management pain points among cybersecurity professionals.
    • Identify current strategies cybersecurity professionals use to manage their time.

    Time Study Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Read our Time Study

    Read our Time Study to understand how cybersecurity professionals allocate their time, what pain points they endure, and tactics that can be leveraged to better manage time.

    • Time Study Storyboard
    [infographic]

    Maximize Business Value From IT Through Benefits Realization

    • Buy Link or Shortcode: {j2store}337|cart{/j2store}
    • member rating overall impact: 6.0/10 Overall Impact
    • member rating average dollars saved: 4 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • IT and the business are often misaligned because business value is not well defined or communicated.
    • Decisions are made without a shared perspective of value. This results in cost misallocation and unexploited opportunities to improve efficiency and drive innovation.

    Our Advice

    Critical Insight

    • IT exists to provide business value and is part of the business value chain. Most IT organizations lack a way to define value, which complicates the process of making value-based strategic business decisions.
    • IT must link its spend to business value to justify its investments. IT doesn’t have an established process to govern benefits realization and struggles to demonstrate how it provides value from its investments.
    • Pursue value, not technology. The inability to articulate value leads to IT being perceived as a cost center.

    Impact and Result

    • Ensure there is a common understanding within the organization of what is valuable to drive growth and consistent strategic decision making.
    • Equip IT to evaluate, direct, and monitor investments to support the achievement of organizational values and business benefits.
    • Align IT spend with business value through an enhanced governance structure to achieve cost optimization. Ensure IT visibly contributes to the creation and maintenance of value.

    Maximize Business Value From IT Through Benefits Realization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish a benefits realization process, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand business value

    Ensure that all key strategic stakeholders hold a current understanding of what is valuable to the organization and a sense of what will be valuable based on future needs.

    • Maximize Business Value from IT Through Benefits Realization – Phase 1: Understand Business Value
    • Business Value Statement Template
    • Business Value Statement Example
    • Value Statement Email Communication Template
    • Feedback Consolidation Tool

    2. Incorporate benefits realization into governance

    Establish the process to evaluate spend on IT initiatives based on expected benefits, and implement the methods to monitor how well the initiatives achieve these benefits.

    • Maximize Business Value from IT Through Benefits Realization – Phase 2: Incorporate Benefits Realization into Governance
    • Business Value Executive Presentation Template

    3. Ensure an accurate reference of value

    Re-evaluate, on a consistent basis, the accuracy of the value drivers stated in the value statement with respect to the organization’s current internal and external environments.

    • Maximize Business Value from IT Through Benefits Realization – Phase 3: Ensure an Accurate Reference of Value
    [infographic]

    Workshop: Maximize Business Value From IT Through Benefits Realization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Business Value

    The Purpose

    Establish the business value statement.

    Understand the importance of implementing a benefits realization process.

    Key Benefits Achieved

    Unified stakeholder perspectives of business value drivers

    Establish supporters of the initiative

    Activities

    1.1 Understand what governance is and how a benefits realization process in governance will benefit the company.

    1.2 Discuss the mission and vision of the company, and why it is important to establish the target state prior to defining value.

    1.3 Brainstorm and narrow down organization value drivers.

    Outputs

    Stakeholder buy-in on benefits realization process

    Understanding of interrelations of mission, vision, and business value drivers

    Final three prioritized value drivers

    Completed business value statement

    2 Incorporate Benefits Realization Into Governance

    The Purpose

    Establish the intake, assessment and prioritization, and output and monitoring processes that are involved with implementing benefits realization.

    Assign cut-over dates and accountabilities.

    Establish monitoring and tracking processes.

    Key Benefits Achieved

    A thorough implementation plan that can be incorporated into existing governance documents

    Stakeholder understanding of implemented process, process ownership

    Activities

    2.1 Devise the benefits realization process.

    2.2 Establish launch dates, accountabilities, and exception handling on processes.

    2.3 Devise compliance monitoring and exception tracking methods on the benefits realization process.

    Outputs

    Benefits realization process incorporated into governance documentation

    Actionable plan to implement benefits realization process

    Reporting processes to ensure the successful delivery of the improved governance process

    3 Ensure an Accurate Reference of Value

    The Purpose

    Implement a process to ensure that business value drivers remain current to the organization.

    Key Benefits Achieved

    Align IT with the business and business to its environment

    Activities

    3.1 Determine regular review cycle to reassess business value drivers.

    3.2 Determine the trigger events that may cause off-cycle revisits to value.

    3.3 Devise compliance monitoring on value definition.

    Outputs

    Agenda and tools to assess the business context to verify the accuracy of value

    List of possible trigger events specific to your organization

    Reporting processes to ensure the continuous adherence to the business value definition

    Improve IT Team Effectiveness

    • Buy Link or Shortcode: {j2store}521|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $16,549 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • Organizations rely on team-based work arrangements to provide organizational benefits and to help them better navigate the volatile, uncertain, complex, and ambiguous (VUCA) operating environment.
    • This is becoming more challenging in a hybrid model as interactions now rely less on casual encounters and now must become more intentional.
    • A high-performing team is more than productive. They are more resilient and able to recognize opportunities. They are proactive instead of reactive due to trust and a high level of communication and collaboration.
    • IT teams are more unique, which also provides unique challenges other teams don’t experience.

    Our Advice

    Critical Insight

    IT teams have:

    • Multiple disciplines that tend to operate in parallel versus within a sequence of events.
    • Multiple incumbent roles where people operate in parallel versus needing to share information to produce an outcome.
    • Multiple stakeholders who create a tension with competing priorities.

    Impact and Result

    Use Info-Tech’s phased approach to diagnose your team and use the IDEA model to drive team effectiveness.

    The IDEA model includes four factors to identify team challenges and focus on areas for improvement: identity, decision making, exchanges within the team, and atmosphere of team psychological safety.

    Improve IT Team Effectiveness Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Team Effectiveness Storyboard – A step-by-step document that walks you through how to properly assess your team’s effectiveness and activities that will identify solutions to overcome.

    The storyboard will walk you through three critical steps to assess, analyze, and build solutions to improve your team’s effectiveness.

  • Having your team members complete an assessment.
  • Reviewing and sharing the results.
  • Building a list of activities to select from based on the assessment results to ensure you target the problem you are facing.
    • Improve IT Team Effectiveness Storyboard – Phases 1-3

    2. The Team Effectiveness Survey – A tool that will determine what areas you are doing well in and where you can improve team relations and increase productivity.

    Each stage has a deliverable that will support your journey on increasing effectiveness starting with how to communicate to the assessment which will accumulate into a team charter and action plan.

    • IT Team Effectiveness Survey
    • IT Team Effectiveness Survey Tool

    3. Facilitation Guide – A collection of activities to select from and use with your team.

    The Facilitation Guide contains instructions to facilitating several activities aligned to each area of the IDEA Model to target your approach directly to your team’s results.

  • Determining roles and responsibilities on the team.
  • Creating a decision-making model that outlines levels of authority and who makes the decisions.
  • Assessing the team communications flow, which highlights the communication flow on the team and any bottlenecks.
  • Building a communication poster that articulates methods used to share different information within the team.
    • Improve IT Team Effectiveness Facilitation Guide
    • Identity – Responsibilities and Dependencies
    • Decision Making Accountability Workbook
    • Exchanges – Team Communications Flow
    • Exchanges – Communications Guide Poster Template
    • Atmosphere – SCARF Worksheet

    4. Action Plan – A template to help build your team action plan.

    The Action Plan Template captures next steps for the team on what they are committing to in order to build a more effective team.

    • Action Plan Template

    5. Team Charter – A template to create a charter for a work group or project team.

    A Team Charter captures the agreements your team makes with each other in terms of accepted behaviors and how they will communicate, make decisions, and create an environment that everyone feels safe contributing in.

    • IT Team Charter Template

    Infographic

    Workshop: Improve IT Team Effectiveness

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Team

    The Purpose

    Determine if proceeding is valuable.

    Key Benefits Achieved

    Set context for team members.

    Activities

    1.1 Review the business context.

    1.2 Identify IT team members to be included.

    1.3 Determine goals and objectives.

    1.4 Build execution plan and determine messaging.

    1.5 Complete IDEA Model assessment.

    Outputs

    Execution and communication plan

    IDEA Model assessment distributed

    2 Review Results and Action Plan

    The Purpose

    Review results to identify areas of strength and opportunity.

    Key Benefits Achieved

    As a team, discuss results and determine actions.

    Activities

    2.1 Debrief results with leadership team.

    2.2 Share results with team.

    2.3 Identify areas of focus.

    2.4 Identify IDEA Model activities to support objectives and explore areas of focus.

    Outputs

    IDEA assessment results

    Selection of specific activities to be facilitated

    3 Document and Measure

    The Purpose

    Review results to identify areas of strength and opportunity.

    Key Benefits Achieved

    build an action plan of solutions to incorporate into team norms.

    Activities

    3.1 Create team charter.

    3.2 Determine action plan for improvement.

    3.3 Determine metrics.

    3.4 Determine frequency of check-ins.

    Outputs

    Team Charter

    Action Plan

    Further reading

    Improve IT Team Effectiveness

    Implement the four critical factors required for all high-performing teams.

    Analyst Perspective

    All teams need to operate effectively; however, IT teams experience unique challenges.

    IT often struggles to move from an effective to a high-performing team due to the very nature of their work. They work across multiple disciplines and with multiple stakeholders.

    When operating across many disciplines it can become more difficult to identify the connections or points of interactions that define effective teams and separate them from being a working group or focus on their individual performance.

    IT employees also work in close partnership with multiple teams outside their IT domain, which can create confusion as to what team are they a primary member of. The tendency is to advocate for or on behalf of the team they primarily work with instead of bringing the IT mindset and alignment to IT roadmap and goals to serve their stakeholders.

    A Picture of Amanda Mathieson

    Amanda Mathieson
    Research Director, People & Leadership Practice
    Info-Tech Research Group

    Executive Summary

    The Challenge

    Organizations rely on team-based work arrangements to provide organizational benefits and better navigate the volatile, uncertain, complex, and ambiguous (VUCA) operating environment.

    This is becoming more challenging in a hybrid environment as interactions now rely less on casual encounters and must become more intentional.

    A high-performing team is more than productive. They are more resilient and able to recognize opportunities. They are proactive instead of reactive due to the trust and high level of communication and collaboration.

    Common Obstacles

    IT teams are more unique, which also provides unique challenges other teams don't experience:

    • Multiple disciplines that tend to operate in parallel versus within a sequence of events
    • Multiple incumbent roles where people operate in parallel versus needing to share information to produce an outcome
    • Multiple stakeholders that create a tension with competing priorities

    Info-Tech's Approach

    Use Info-Tech's phased approach to diagnose your team and use the IDEA model to drive team effectiveness.

    The IDEA model includes four factors to identify team challenges and focus on areas for improvement: identity, decision making, exchanges within the team, and atmosphere of team psychological safety.

    Info-Tech Insight

    IT teams often fail to reach their full potential because teamwork presents unique challenges and complexities due to the work they do across the organization and within their own group. Silos, not working together, and not sharing knowledge are all statements that indicate a problem. As a leader it's difficult to determine what to do first to navigate the different desires and personalities on a team.

    How this blueprint will help

    Assess, diagnose, and address issues to realize your team's full potential.

    This research helps IT support:

    • Work Teams: Operate under one organizational unit or function. Their membership is generally stable with well-defined roles.
    • Project Teams: Typically, are time-limited teams formed to produce a particular output or project. Their membership and expertise tend to vary over time.
    • Management or Leadership Teams: Provide direction and guidance to the organization and are accountable for overall performance. Membership is structured by the hierarchy of the organization and includes a diverse set of skills, experience, and expertise.

    Traditionally, organizations have tried to fix ineffective teams by focusing on these four issues: composition, leadership competencies, individual-level performance, and organizational barriers. While these factors are important, our research has shown it is beneficial to focus on the four factors of effective teams addressed in this blueprint first. Then, if additional improvement is needed, shift your focus to the traditional issue areas.

    Common obstacles

    These barriers make it difficult to address effectiveness for many IT teams:

    • Teams do not use one standard set of processes because they may have a wide variety of assignments requiring different sets of processes.
      Source: Freshworks
    • There are multiple disciplines within IT that require vastly different skill sets. Finding the connection points can be difficult when on the surface it seems like success doesn't require interconnectivity.
    • IT has many people in the same roles that act independently based on the stakeholder or internal customer they are serving. This can lead to duplication of effort if information and solutions aren't shared.
    • IT serves many parts of the organization that can bring competing priorities both across the groups they support and with the IT strategy and roadmap itself. Many IT leaders work directly in or for the business, which can see them associate with the internal client team more than their IT team – another layer of conflicting priorities.

    IT also experience challenges with maturity and data silos

    48%

    of IT respondents rate their team as low maturity.

    Maturity is defined by the value they provide the business, ranging from firefighting to innovative partner.

    Source: Info-Tech Research Group, Tech Trends, 2022

    20 Hours

    Data Silos: Teams waste more than 20 hours per month due to poor collaboration and communication.

    Source: Bloomfire, 2022

    Current realities require teams to operate effectively

    How High-Performing Teams Respond:

    Volatile: High degree of change happening at a rapid pace, making it difficult for organizations to respond effectively.

    Teams are more adaptable to change because they know how to take advantage of each others' diverse skills and experience.

    Uncertain: All possible outcomes are not known, and we cannot accurately assess the probability of outcomes that are known.

    Teams are better able to navigate uncertainty because they know how to work through complex challenges and feel trusted and empowered to change approach when needed.

    Complex: There are numerous risk factors, making it difficult to get a clear sense of what to do in any given situation.

    Teams can reduce complexity by working together to identify and plan to appropriately mitigate risk factors.

    Ambiguous: There is a lack of clarity with respect to the causes and consequences of events.

    Teams can reduce ambiguity through diverse situational knowledge, improving their ability to identify cause and effect.

    Teams struggle to realize their full potential

    Poor Communication

    To excel, teams must recognize and adapt to the unique communication styles and preferences of their members.

    To find the "just right" amount of communication for your team, communication and collaboration expectations should be set upfront.

    85% of tech workers don't feel comfortable speaking in meetings.
    Source: Hypercontext, 2022

    Decision Making

    Decision making is a key component of team effectiveness. Teams are often responsible for decisions without having proper authority.

    Establishing a team decision-making process becomes more complicated when appropriate decision-making processes vary according to the level of interdependency between team members and organizational culture.

    20% of respondents say their organization excels at decision making.
    Source: McKinsey, 2019

    Resolving Conflicts

    It is common for teams to avoid/ignore conflict – often out of fear. People fail to see how conflict can be healthy for teams if managed properly.

    Leaders assume mature adults will resolve conflicts on their own. This is not always the case as people involved in conflicts can lack an objective perspective due to charged emotions.

    56% of respondents prioritize restoring harmony in conflict and will push own needs aside.
    Source: Niagara Institute, 2022

    Teams with a shared purpose are more engaged and have higher performance

    Increased Engagement

    3.5x

    Having a shared team goal drives higher engagement. When individuals feel like part of a team working toward a shared goal, they are 3.5x more likely to be engaged.

    Source: McLean & Company, Employee Engagement Survey, IT respondents, 2023; N=5,427

    90%

    Engaged employees are stronger performers with 90% reporting they regularly accomplish more than what is expected.

    Source: McLean & Company, Employee Engagement Survey, IT respondents, 2023; N=4,363

    Effective and high-performing teams exchange information freely. They are clear on the purpose and goals of the organization, which enable empowerment.

    Info-Tech Insight

    Clear decision-making processes allow employees to focus on getting the work done versus navigating the system.

    Case Study

    Project Aristotle at Google – What makes a team effective at Google?

    INDUSTRY: Technology
    SOURCE: reWork

    Challenge

    Google wanted to clearly define what makes a team effective to drive a consistent meaning among its employees. The challenge was to determine more than quantitative measures, because more is not always better as it can just mean more mistakes to fix, and include the qualitative factors that bring some groups of people together better than others.

    Solution

    There was no pattern in the data it studied so Google stepped back and defined what a team is before embarking on defining effectiveness. There is a clear difference between a work group (a collection of people with little interdependence) and a team that is highly interdependent and relies on each other to share problems and learn from one another. Defining the different meanings took time and Google found that different levels of the organization were defining effectiveness differently.

    Results

    Google ended up with clear definitions that were co-created by all employees, which helped drive the meaning behind the behaviors. More importantly it was also able to define factors that had no bearing on effectiveness; one of which is very relevant in today's hybrid world – colocation.

    It was discovered that teams need to trust, have clarity around goals, have structure, and know the impact their work has.

    Overcoming barriers

    Teams often lack the skills or knowledge to increase effectiveness and performance.

    • Leaders struggle with team strife and ineffectiveness.
    • A leader's ability to connect with and engage team members is vital for driving desired outcomes. However, many team leads struggle to deal with low-performing or conflict-ridden teams.
    • Without adequate training on providing feedback, coaching, and managing difficult conversations, team leads often do not have the skills to positively affect team performance – and they do not appreciate the impact their actions have on desired outcomes.
    • Team leads often find it difficult to invest time and resources in addressing challenges when the team is working toward deadlines.
    • Team leads who are new to a management role within the organization often struggle to transition from independent contributor to leader – especially when they are tasked with managing team members who are former peers.
    • Some team leads believe that soliciting help will be viewed as a personal failure, so they are reluctant to seek support for team performance management from more-senior leaders.

    It's unrealistic to expect struggling teams to improve without outside help; if they were able to, they would have already done so.
    To improve, teams require:

    • A clearly defined team identity
    • A clearly defined decision-making paradigm
    • Consistently productive exchanges within the team
    • An atmosphere of psychological safety

    BUT these are the very things they are lacking when they're struggling.

    An image of Info-Tech's Insights for Improving IT Team Effectiveness.

    Improving team effectiveness

    Use the Info-Tech IDEA Model to assess and improve your team's effectiveness.

    Begin by assessing, recognizing, and addressing challenges in:

    • Identity – team goals, roles, responsibilities, and accountabilities
    • Decision-making paradigms and processes within the team.
    • Exchanges of information, motivation, and emotions between team members
    • Atmosphere of team psychological safety

    IDEA Model of Team Effectiveness

    Effective Team

    • Identity
    • Decisions
    • Exchanges
    • Atmosphere

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1: Assess the team Phase 2: Review results and action plan Phase 3: Document and measure

    Call #1: Scope requirements, objectives, and your specific challenges.
    Call #2: Prepare to assess your team(s) using the assessment tool.

    Call #3: Review the assessment results and plan next steps.
    Call #4: Review results with team and determine focus using IDEA model to identify activity based on results.
    Call #5: Complete activity to determine solutions to build your action plan.

    Call #6: Build out your team agreement.
    Call #7: Identify measures and frequency of check-ins to monitor progress.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1
    (Half Day)

    Day 2

    Day 3

    Day 4

    Determine objectives and assess

    Review survey results

    Determine and conduct activities to increase effectiveness

    Bridge the gap and
    create the strategy

    Activities

    With Leader – 1 hour
    1.1 Review the business context.
    1.2 Identify IT team members to be included.
    1.3 Determine goals and objectives.
    1.4 Build execution plan and determine messaging.
    With Team – 90 minutes
    1.5 Share messaging, set context.
    1.6 Complete Team Effectiveness Survey.

    2.1 Debrief results with leadership team.
    2.2 Share results with team.
    2.3 Identify areas of focus.
    2.4 Identify IDEA Model activities to support objectives and explore areas of focus.

    3.1 Conduct IDEA Model Activities:

    • Identify – Clarify goals, roles, and responsibilities.
    • Decisions – Determine levels of authority; decision-making process.
    • Exchanges – Review information shared with communication methods and preferred styles of each team member.
    • Atmosphere – Create a psychologically safe environment.

    3.2 Record outcomes and actions.

    4.1 Create team charter or agreement.
    4.2 Identify metrics to measure progress.
    4.3 Identify risks.
    4.4 Determine frequency of check-ins to review progress.
    4.5 Check-in with sponsor.

    Deliverables

    1. Execution and communication plan
    2. Team Effectiveness Survey
    1. Assessment results
    2. IDEA Model team-building activities
    1. List of solutions to incorporate into team norms
    2. Action Plan
    1. Team Charter

    Phase 1

    Assess the team

    Phase 1

    Phase 2

    Phase 3

    1.1 Identify team members
    and behaviors to improve using IDEA Model
    1.2 Determine messaging including follow-up plan
    1.3 Send survey

    1.1 Review results with team
    1.2 Determine IDEA focus area(s)
    1.3 Conduct activity to determine solutions

    1.1 Document outcomes and actions
    1.2 Create team charter
    1.3 Identify metrics to show success
    1.4 Schedule check-in

    Improving team effectiveness

    Use the Info-Tech IDEA Model to assess and improve your team's effectiveness

    Begin by assessing, recognizing, and addressing challenges in:

    • Identity – team goals, roles, responsibilities, and accountabilities.
    • Decision-making paradigms and processes within the team.
    • Exchanges of information, motivation, and emotions between team members.
    • Atmosphere of team psychological safety.

    Effective Team

    • Identity
    • Decisions
    • Exchanges
    • Atmosphere

    Assess the shared understanding of team identity

    In addition to having a clear understanding of the team's goals and objectives, team members must also:

    • Understand their own and each other's roles, responsibilities, and accountabilities.
    • Recognize and appreciate the value of each team member.
    • Realize how their actions impact each others' work and the overall goals and objectives.
    • Understand that working in silos is considered a work group whereas a team coordinates activities, shares information, and supports each other to achieve their goals.

    Clear goals enable employees to link their contributions to overall success of the team. Those who feel their contributions are important to the success of the department are two times more likely to feel they are part of a team working toward a shared goal compared to those who don't (McLean & Company, Employee Engagement Survey, IT respondents, 2023; N=4,551).

    Goals matter in teamwork

    The goals and objectives of the team are the underlying reason for forming the team in the first place. Without a clear and agreed-upon goal, it is difficult for teams to understand the purpose of their work.

    Clear goals support creating clear roles and the contributions required for team success.

    Team Identity = Team goals and Objectives + Individual roles, responsibilities, and accountabilities

    Assess the shared understanding of decision making

    Decision making adds to the complexity of teamwork.
    Individual team members hold different information and opinions that need to be shared to make good decisions.
    Ambiguous decision-making processes can result in team members being unable to continue their work until they get clear direction.
    The most appropriate decision-making process depends on the type of team:

    • The higher the degree of interconnectivity in team members' work, the greater the need for a general consensus approach to decision making. However, if you opt for a general consensus approach, a backup decision-making method must be identified in the event consensus cannot be reached.
    • High-pressure and high-stakes environments tend to centralize decision making to make important decisions quickly.
    • Low-pressure and low-stakes environments are more likely to adopt consensus models.

    Spectrum of Decision Making

    General consensus between all team members.

    A single, final decision maker within the team.

    Ensure team members understand how decisions are made within the team. Ask:

    • Do team members recognize the importance of sharing information, opinions, and suggestions?
    • Do team members feel their voices are heard?
    • Must there be consensus between all team members?
    • Is there a single decision maker?

    Assess team exchanges by focusing on communication

    Evaluate exchanges within your team using two categories:

    These categories are related, but there is not always overlap. While some conflicts involve failures to successfully exchange information, conflict can also occur even when everyone is communicating successfully.

    Communication

    Managing Conflict

    Information, motivations, emotions

    Accepting and expressing diverse perspectives

    Resolving conflict (unified action through diverse perspectives)

    Transmission

    Reception
    (listening)

    Success is defined in terms of how well information, motivations, and emotions are transmitted and received as intended.

    Success is defined in terms of how well the team can move to united action through differences of opinion. Effective teams recognize that conflict can be healthy if managed effectively.

    Successful exchange behaviors

    • Shared understanding of how to motivate one another and how team members respond emotionally.
    • Team moving beyond conflict to united action.
    • Formalized processes used for resolving conflicts.
    • Platforms provided for expressing diverse or conflicting perspectives and opinions – and used in a constructive manner.
    • Use of agendas at meetings as well as clearly defined action items that reflect meeting outcomes.
    • Avoidance of language that is exclusive, such as jargon and inside jokes.

    Exchanges of information, emotion, and motivation

    When selecting a method of communication (for example, in-person versus email), consider how that method will impact the exchange of all three aspects – not just information.

    Downplaying the importance of emotional and motivational exchanges and focusing solely on information is very risky since emotional and motivational exchanges can impact human relationships and team psychological safety.

    • Information: data or opinions.
    • Emotions: feelings and evaluations about the data or opinions.
    • Motivations: what we feel like doing in response to the data or opinions.

    Communication affects the whole team

    Effects are not limited to the team members communicating directly:

    • How team members interact one on one transmits information and causes emotional and motivational responses in other group members not directly involved.
    • How the larger group receives information, emotions, and motivations will also impact how individuals relate to each other in group settings.

    Remember to watch the reactions and behavior of participants and observers when assessing how the team behaves.

    Managing conflict

    Identify how conflict management is embedded into team practices.

    • Resolving conflicts is difficult and uses up a lot of time and energy. This is especially true if the team needs to figure out what to do each and every time people disagree.
    • Teams that take the time to define conflict resolution processes upfront:
      • Demonstrate their commitment to resolving conflict in a healthy way.
      • Signal that diverse perspectives and opinions are valued, even if they spur disagreement sometimes.
      • Are ready for conflict when it arises – prepared to face it and thrive.

    Successfully communicating information, emotions, and motivations is not the same as managing conflict.

    Teams that are communicating well are more likely to uncover conflicting perspectives and opinions than teams that are not.

    Conflict is healthy and can be an important element of team success if it is managed.

    The team should have processes in place to resolve conflicts and move to united action.

    Assess the atmosphere

    Team psychological safety

    A team atmosphere that exists when all members feel confident that team members can do the following without suffering negative interpersonal consequences such as blame, shame, or exclusion:

    • Admit mistakes
    • Raise questions or concerns
    • Express dissenting views

    (Administrative Science Quarterly, 1999;
    The New York Times, 2016)

    What psychologically safe teams look like:

    • Open and learning-focused approach to error.
    • Effective conflict management within the team.
    • Emotional and relational awareness between team members.
    • Existence of work-appropriate interpersonal relationships between team members (i.e. beyond mere working relationships).

    (Administrative Science Quarterly, 1999;
    The New York Times, 2016)

    What "team psychological safety" is not:

    • A situation where all team members are friends.
      In some cases psychologically safe team atmospheres might be harder to create when team members are friends since they might be more reluctant to challenge or disagree with friends.
    • Merely trust. Being able to rely on people to honor their commitments is not the same as feeling comfortable admitting mistakes in front of them or disagreeing with them.

    "Psychological safety refers to an individual's perception of the consequences of taking an interpersonal risk or a belief that a team is safe for risk taking in the face of being seen as ignorant, incompetent, negative, or disruptive… They feel confident that no one on the team will embarrass or punish anyone else for admitting a mistake, asking a question, or offering a new idea."

    – re:Work

    Psychological safety

    The impact of psychological safety on team effectiveness

    Why does an atmosphere of team psychological safety matter?

    • Prevents groupthink.
      • People who do not feel safe to hold or express dissenting views gravitate to teams that think like they do, resulting in the well-known dangers of groupthink.
    • Encourages contribution and co-operation.
      • One study found that if team psychological safety is present, even people who tend to avoid teamwork will be more likely to contribute in team settings, thereby increasing the diversity of perspectives that can be drawn on (Journal of Organizational Culture, 2016).

    Creating psychological safety in a hybrid environment requires a deliberate approach to creating team connectedness.

    In the Info-Tech State of Hybrid Work in IT report autonomy and team connectedness present an interesting challenge in that higher levels of autonomy drove higher perceptions of lack of connectedness to the respondent's team. In a hybrid world, this means leaders need to be intentional in creating a safe team dynamic.

    47% of employees who experienced more control over their decisions related to where, when, and how they work than before the pandemic are feeling less connected to their teams.
    Source: Info-Tech, State of Hybrid Work in IT, 2022

    1.1 Prepare to launch the survey

    1-2 hours

    1. Review and record the objectives and outcomes that support your vision of a high-performing team:
      1. Why is this important to you?
      2. What reactions do you anticipate from the team?
    2. In your team meeting, share your vision of what a high-performing team looks like. Engage the team in a discussion:
      1. Ask how they work. Ask them to describe their best working team environment from a previous experience or an aspirational one.
      2. Option: Instruct them to write on sticky notes, one idea per note, and share. This approach will allow for theming of ideas.
    3. Introduce the survey as a way, together as a team, the current state can be assessed against the desired state discussed.
      1. Be clear that as the leader, you won't be completing the survey as you don't want to influence their perceptions of the team. As the leader, you hold authority, and therefore, experience the team differently. This is about them and their feedback.

    Input

    • Observations of team behavior
    • Clearly articulated goals for team cohesion

    Output

    • Speaking notes for introducing survey
    • Survey launch

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • IDEA Assessment

    Participants

    • Leader
    • Team Members

    Download the IT Team Effectiveness Survey

    1.2 Launch the survey

    1-2 hours

    1. Determine how the survey will be completed.
      1. Paper-based
        1. Email a copy of the Word document IT Team Effectiveness Survey for each person to complete individually.
        2. Identify one person to collect each survey and enter the results into the team effectiveness survey tool (tab 2. Data – Effectiveness Answers and tab 3. Data – Team Type Answers). This must be someone outside the team.
      2. Online direct input into Team Effectiveness Survey Tool
        1. Post the document in a shared folder.
        2. Instruct individuals to select one of the numbered columns and enter their information into tab 2. Data – Effectiveness Answers and tab 3. Data – Team Type Answers.
        3. To protect anonymity and keep results confidential, suggest each person opens document in "Cognito mode."
        4. Hide the Summary and Results tabs to avoid team members previewing them.

    Download the IT Team Effectiveness Survey Results Tool

    Paper-Based Cautions & Considerations

    • Heavily dependent on a trusted third party for genuine results
    • Can be time consuming to enter the results

    Online Direct Cautions & Considerations

    • Ensure that users keep to the same numbered column across both entry tabs
    • Seeing other team members' responses may influence others
    • Least amount of administration

    Phase 2

    Review Results and Action Plan

    Phase 1

    Phase 2

    Phase 3

    1.1 Identify team members
    and behaviors to improve using IDEA Model
    1.2 Determine messaging including follow-up plan
    1.3 Send survey

    1.1 Review results with team
    1.2 Determine IDEA focus area(s)
    1.3 Conduct activity to determine solutions

    1.1 Document outcomes and actions
    1.2 Create team charter
    1.3 Identify metrics to show success
    1.4 Schedule check-in

    This phase will walk you through the following activities:

    • Analyzing and debriefing the results to determine themes and patterns to come to a team consensus on what to focus on.
    • Facilitated activities to drive awareness, build co-created definitions of what an effective team looks like, and identify solutions the team can undertake to be more effective.

    This phase involves the following participants:

    • Leader of the team
    • All team members

    Deliverables:

    • A presentation that communicates the team assessment results
    • A plan for effectively delivering the assessment results

    Phase 2: Build a plan to review results and create an action plan

    Reviewing assessment results and creating an improvement action plan is best accomplished through a team meeting.

    Analyzing and preparing for the team meeting may be done by:

    • The person charged with team effectiveness (i.e. team coach).
    • For teams that are seriously struggling with team effectiveness, the coach should complete this step in its entirety.
    • The team coach and the team lead.
    • Truly effective teams are self-reliant. Begin upskilling team leads by involving team leads from the start.
    1. Analyze team assessment results
    2. Prepare to communicate results to the team
    3. Select team activities that will guide the identification of action items and next steps
    4. Facilitate the team meeting

    2.1 Analyze results

    Health Dials

    1. Once the results are final, review the Health Dials for each of the areas.
      1. For each area of the team's effectiveness
        • Red indicates a threat – this will derail the team and you will require an external person to help facilitate conversations.
          It would be recommended to contact us for additional guidance if this is one of your results.
        • Yellow is a growth opportunity.
        • Green is a strength and pay attention to where the dial is – deep into strength or just past the line?
      2. Think about these questions and record your initial reactions.
        1. What surprises you – either positively or negatively?
        2. What areas are as expected?
        3. What behaviors are demonstrated that support the results?

    Prioritize one to two factors for improvement by selecting those with:

    • The lowest overall score.
    • The highest variance in responses.
    • If psychological safety is low, be sure to prioritize this factor; it is the foundation of any effective team.

    An image of the Health dials for each area.

    2.2 Analyze results

    Alignment of Responses

    1. The alignment of responses area provides you with an overview of the range of responses from the team for each area.
      • The more variety in the bars indicates how differently each person is experiencing the team.
      • The more aligned the bars are the more shared the experiences.

    The flatter the bars are across the top, the more agreement there was. Factors that show significant differences in opinion should be discussed to diagnose what is causing the misalignment within your team.

    1. Recommendation is to look at high scores and the alignment and lower scores and the alignment to determine where you may want to focus.

    The alignment chart below shows varied responses; however, there are two distinct patterns. This will be an important area to review.
    Things to think about:

    • Are there new team members?
    • Has there been a leadership change?
    • Has there been a change that has impacted the team?
    An image showing the alignment of responses for Identity, Decisions; Exchange; and Atmosphere.

    2.3 Analyze results

    Team Characteristics and Stakes

    1. Team Characteristics. Use the Team Type Results tab in the IT Team Effectiveness Assessment Tool to identify how the team characterizes itself along the High-Low Scale. The closer the dark blue bar is to the right or left suggests to which degree the team views the characteristic.
      1. Interdependence highlights the team's view on how interconnected and dependent they are on each other to get work done. Think of examples where they should be sharing or collaborating, and they are not.
      2. Virtual describes the physicality of the team. This area has changed a lot since 2020; however, it's still important to note if the team shares the same understanding of work location. Are they thinking of team members in a different geography or referring to hybrid work?
      3. Decision making describes the scale of one decision maker or many. Where are most decisions made by on your team or who is making them?
      4. Stability refers to the degree to which the team stays the same – no membership change or turnover. It can be defined by length of time the group has been together. Looking at this will help understand alignment results. If alignment is varied, one might expect a less stable team.
    2. Stakes and Pressure
      1. Pressure refers to the conditions in which the team must work. How urgent are requests?
      2. Stakes refers to the degree of impact the work has. Will outputs impact safety, health, or a service?
      3. This category can be reviewed against decision making – high pressure, high stakes environments usually have a high concentration of authority. Low pressure, low stakes decisions can also be made either by one person as there is relatively no impact or with many as you have time to get many perspectives.
      4. This area informs what your decision-making protocols should look like.

    A bar graph for Team Characteristics, and a quadrant analysis for comparing Stakes and Pressure.

    2.4 Prepare for meeting

    1-2 hours

    1. Select a facilitator
      • The right person to facilitate the meeting and present the results is dependent upon the results themselves, the team lead's comfort level, and the root and degree of team dysfunction.
      • Typically, the team lead will facilitate and present the results. However, it will be more appropriate to have a member of the HR team or an external third party facilitate.
    2. Set the agenda (recommended sample to the right) that ensures:
      • Team members reflect on the results and discuss reaction to the results. (E.g. Are they surprised? Why/why not?)
      • Results are clearly understood and accepted by team members before moving on to activities.
      • The aim of the meeting is kept in mind. The purpose of the team meeting is to involve all team members in the creation of an effectiveness improvement plan.
    3. Customize the Facilitation Guide and activities in the Improve IT Team Effectiveness Facilitation Guide. (Activities are aligned with the four factors in the IDEA model.)
      • Identify a clear objective for each activity given the team assessment results. (E.g. What are the areas of improvement? What is the desired outcome of the activity?)
      • Review and select the activities that will best achieve the objectives.
      • Customize and prepare for chosen activities appropriately.
      • Obtain all necessary materials.
      • Practice by anticipating and preparing for questions, objectives, and what you will say and do.

    Facilitation Factors
    Select a third-party facilitator if:

    • The team lead is uncomfortable.
    • The leadership or organization is implicated in the team's dysfunction, a third party can be sought in place of HR.
    • Regardless of who facilitates, it is critical that the team lead understands the process and results and is comfortable answering any questions that arise.

    Agenda

    • Review the IDEA Model.
    • Discuss the assessment results.
    • Invite team members to reflect on the results and discuss reaction to the results.
    • Ensure results are clearly understood and accepted.
    • Examine team challenges and strengths through selected team activities.
    • Create a team charter and effectiveness improvement plan.

    Materials

    • IT Team Effectiveness Activities Facilitation Guide
    • IT Team Effectiveness Survey results

    Participants

    • Leader

    2.5 Run the meeting

    2-3 hours

    Facilitate the team meeting and agree on the team effectiveness improvement plan.

    Work with the team to brainstorm and agree on an action plan of continuous improvements.

    By creating an action plan together with the team, there is greater buy-in and commitment to the activities identified within the action plan.

    Don't forget to include timelines and task owners in the action plan – it isn't complete without them.

    Document final decisions in Info-Tech's Improve IT Team Effectiveness Action Plan Tool.

    Review activity Develop Team Charter in the Improve IT Team Effectiveness Facilitation Guide and conclude the team meeting by creating a team charter. With a team charter, teams can better understand:

    • Team objectives
    • Team membership and roles
    • Team ground rules

    Facilitation Factors

    Encourage and support participation from everyone.

    Be sure no one on the team dismisses anyone's thoughts or opinions – they present the opportunity for further discussion and deeper insight.

    Watch out for anything said or done during the activities that should be discussed in the activity debrief.

    Debrief after each activity, outlining any lessons learned, action items, and next steps.

    Agenda

    • Review the IDEA Model.
    • Discuss the assessment results.
    • Invite team members to reflect on the results and discuss reaction to the results.
    • Ensure results are clearly understood and accepted.
    • Examine team challenges and strengths through selected team activities.
    • Create a team charter and effectiveness improvement plan.

    Materials

    • IT Team Effectiveness Activities Facilitation Guide
    • Whiteboard/flip charts
    • Sticky notes
    • IT Team Effectiveness Survey results

    Participants

    • Leader
    • Team Members
    • Optional – External Facilitator

    Phase 3

    Document and measure

    Phase 1

    Phase 2

    Phase 3

    1.1 Identify team members
    and behaviors to improve using IDEA Model
    1.2 Determine messaging including follow-up plan
    1.3 Send survey

    1.1 Review results with team
    1.2 Determine IDEA focus area(s)
    1.3 Conduct activity to determine solutions

    1.1 Document outcomes and actions
    1.2 Create team charter
    1.3 Identify metrics to show success
    1.4 Schedule check-in

    This phase will walk you through the following activities:
    Building your team charter that will include:

    • Team vision, mission, and goals
    • Roles and responsibilities of each member
    • Decision-making responsibilities and process
    • How information will be shared and by whom
    • Ways to build psychological safety on the team

    This phase involves the following participants:

    • Leader of the team
    • All team members

    Document and agree to regular check-ins to reassess.

    As a team it will be important to drive your brainstormed solutions into an output that is co-created.

    • Agree to what actions can be implemented.
    • Capture agreed-to team goals, roles, responsibilities, and decision process into a team charter. Also include your communication protocol that articulates how information will be shared in future.
    1. Review suggestions and actions
    2. Capture in team charter
    3. Assign metrics to measure success and determine when to review
    4. Complete ongoing check-ins with team through team meeting and plan to reassess if agreed to

    Team Charter

    Never assume everyone "just knows."

    Set clear expectations for the team's interactions and behaviors.

    • Some teams call this a team agreement, team protocol, or ways of working. Determine the naming convention that works best for your team and culture.
    • This type of document saw a renewed popularity during COVID-19 as face-to-face interactions were more difficult, and as teams, news ways to work needed to be discovered, shared, and documented.
    • A co-created team charter is a critical component to onboarding new employees in the hybrid world.

    Info-Tech Insight – State of Hybrid Work in IT

    One contributor to the report shared the effort and intention around maintaining their culture during the pandemic. The team agreement created became a critical tool to enable conversations between leaders and their team – it was not a policy document.

    Team effectiveness is driven through thoughtful planned conversations. And it's a continued conversation.

    A screenshot of the IT Team Charter Template page

    Download the IT Team Charter Template

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    Identify the impact that improved team effectiveness will have on the organization.
    Determine your baseline metrics to assess the success of your team interventions and demonstrate the impact to the rest of the organization using pre-determined goals and metrics.
    Share success stories through:

    • Newsletters or email announcements
    • Team meetings
    • Presentations to business partners or the organization

    Sample effectiveness improvement goal

    Sample Metric

    Increase employee engagement
    Increase overall employee engagement scores in the Employee Engagement survey by 5% by December 31, 2023.

    • Overall employee engagement

    Strengthen manager/employee relationships
    Increase manager driver scores in the Employee Engagement survey by 5% by December 31, 2023.

    • Employee engagement – manager driver
    • Employee engagement – senior leadership driver

    Reduce employee turnover (i.e. increase retention)
    Reduce voluntary turnover by 5% by December 31, 2023.

    • Voluntary turnover rate
    • Turnover by department or manager
    • Cost of turnover

    Increase organizational productivity
    Increase the value added by human capital by 5% by December 31, 2023.

    • Value added by human capital
    • Employee productivity
    • Human capital return on investment
    • Employee engagement

    Reassess team effectiveness

    Reassess and identify trends after they have worked on key focus areas for improvement.

    Track the team's progress by reassessing their effectiveness six to twelve months after the initial assessment.
    Identify if:

    • Team characteristics have changed.
    • Areas of team strengths are still a source of strength.
    • Areas for improvement have, in fact, improved.
    • There are opportunities for further improvement.

    As the team matures, priorities and areas of concern may shift; it is important to regularly reassess team effectiveness to ensure ongoing alignment and suitability.
    Note: It is not always necessary to conduct a full formal assessment; once teams become more effective and self-sufficient, informal check-ins by team leads will be sufficient.

    If you assess team effectiveness for multiple teams, you have the opportunity to identify trends:

    • Are there common challenges within teams?
    • If so, what are they?
    • How comfortable are teams with intervention?
    • How often is outside help required?

    Identifying these trends, initiatives, training, or tactics may be used to improve team effectiveness across the department – or even the organization.

    Teams are ultimately accountable for their own effectiveness.

    As teams mature, the team lead should become less involved in action planning. However, enabling truly effective teams takes significant time and resources from the team lead.

    Use the action plan created and agreed upon during the team meeting to hold teams accountable:

    • Ensure teams follow through on action items.
    • Ensure you are continuously assessing team effectiveness (formally or informally).

    The team coach should have a plan to transition into a supportive role by:

    • Providing teams with the knowledge, resources, and tools required to improve and sustain high effectiveness.
    • Providing team members and leads with a safe, open, and honest environment.
    • Stepping in as an objective third party when required.

    If the team continues to face barriers

    Other important information: If team effectiveness has not significantly improved, other interventions may be required that are beyond the scope of this project.

    The four factors outlined in the IDEA Model of team effectiveness are very important, but they are not the only things that have a positive or negative impact on teams. If attempts to improve the four factors have not resulted in the desired level of team effectiveness, evaluate other barriers:

    For organizational culture, ask if performance and reward programs do the following:

    • Value teamwork alongside individual achievement and competition
    • Provide incentives that promote a focus on individual performance over team performance
    • Reward or promote those who sabotage their teams

    For learning and development, ask:

    • Is team effectiveness included in our manager or leadership training?
    • Do we offer resources to employees seeking to improve their teamwork competencies?

    If an individual team member's or leader's performance is not meeting expectations, potential remedies include a performance improvement plan, reassignment, and termination of employment.

    These kinds of interventions are beyond the control of the team itself. In these cases, we recommend you consult with your HR department; HR professionals can be important advocates because they possess the knowledge, influence, and authority in the company to promote changes that support teamwork.

    Related Info-Tech Research

    Redesign Your IT Department

    • You could have the best IT employees in the world, but if they aren't structured well your organization will still fail in reaching its vision.
    • Increase the effectiveness of IT as a function.
    • Provide employees with clarity in their roles and responsibilities.

    Build an IT Employee Engagement Program

    • With the growing IT job market, turnover is a serious threat to IT's ability to deliver seamless value and continuously drive innovation.
    • Engagement initiatives are often seen as being HR's responsibility; however, IT leadership needs to take accountability for the retention and productivity of their employees in order to drive business value.

    Info-Tech Leadership Programs

    • Development of the leadership mind should never stop. This program will help IT leaders continue to craft their leadership competencies to navigate the ever-changing world in which we operate.
    • Actively delegate responsibilities and opportunities that engage and develop team members to build on current skills and prepare for the future.

    Research Contributors and Experts

    A picture of Carlene McCubbin

    Carlene McCubbin
    Practice Lead
    Info-Tech Research Group

    A picture of Nick Kozlo

    Nick Kozlo
    Senior Research Analyst
    Info-Tech Research Group

    A picture of Heather Leier-Murray

    Heather Leier-Murray
    Senior Research Analyst
    Info-Tech Research Group

    A picture of Stephen O'Conner

    Stephen O'Conner
    Executive Counselor
    Info-Tech Research Group

    A picture of Jane Kouptsova

    Jane Kouptsova
    Research Director
    Info-Tech Research Group

    Dr. Julie D. Judd, Ed.D.
    Chief Technology Officer
    Ventura County Office of Education

    Works Cited

    Aminov, I., A. DeSmet, and G. Jost. "Decision making in the age of urgency." McKinsey. April 2019. Accessed January 2023.
    Duhigg, Charles. "What Google Learned From Its Quest to Build the Perfect Team." The New York Times, 25 Feb. 2016. Accessed January 2023.
    Edmondson, Amy. "Psychological Safety and Learning Behavior in Work Teams." Administrative Science Quarterly, vol. 44, no. 2, June 1999, pp. 350-383.
    Gardner, Kate. "Julie Judd – Ventura County Office of Education." Toggle, 12 Sept. 2022. Accessed January 2023.
    Google People Operations. "Guide: Understand Team Effectiveness." reWork, n.d. Accessed February 2023.
    Harkins, Phil. "10 Leadership Techniques for Building High-Performing Teams." Linkage Inc., 2014. Accessed 10 April 2017.
    Heath, C. and D. Heath. Decision: How to make better choices in life and work. Random House, 2013, ISBN 9780307361141.
    Hill, Jon. "What is an Information Silo and How Can You Avoid It." Bloomfire, 23 March 2022. Accessed January 2023.
    "IT Team Management Software for Enhanced Productivity." Freshworks, n.d. Accessed January 2023.
    Jackson, Brian. "2022 Tech Trends." Info-Tech Research Group, 2022. Accessed December 2022.
    Kahneman, Daniel. Thinking fast and slow. Farrar, Straus and Giroux. 2011.
    Kouptsova, J., and A. Mathieson. "State of Hybrid Work in IT." Info-Tech Research Group, 2023. Accessed January 2023.
    Mayfield, Clifton, et al. "Psychological Collectivism and Team Effectiveness: Moderating Effects of Trust and Psychological Safety." Journal of Organizational Culture, Communications and Conflict, vol. 20, no. 1, Jan. 2016, pp. 78-94.
    Rock, David. "SCARF: A Brain-Based Model for Collaborating With and Influencing Others." NeuroLeadership Journal, 2008. Web.
    "The State of High Performing Teams in Tech Hypercontext." Hypercontext. 2022. Accessed November 2022.
    Weick, Carl, and Kathleen Sutcliff. Managing the unexpected. John Wiley & Sons, 2007.
    "Workplace Conflict Statistics: How we approach conflict at work." The Niagara Institute, August 2022. Accessed December 2022.

    Jump Start Your Vendor Management Initiative

    • Buy Link or Shortcode: {j2store}211|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $137,332 Average $ Saved
    • member rating average days saved: 31 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Each year, IT organizations spend more money “outsourcing” tasks, activities, applications, functions, and other items.
    • The increased spend and associated outsourcing leads to less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.

    Our Advice

    Critical Insight

    • Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. There are commonalites among vendor management initiatives, but the key is to adapt vendor management principles to fit your needs, not the other way around.
    • All vendors are not of equal importance to an organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization’s investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.
    • Having a solid foundation is critical to the VMI’s ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates “informally,” starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.

    Impact and Result

    • Build and implement a vendor management initiative tailored to your environment.
    • Create a solid foundation to sustain your vendor management initiative as it evolves and matures.
    • Leverage vendor management-specific tools and templates to manage vendors more proactively and improve communication.
    • Concentrate your vendor management resources on the right vendors.
    • Build a roadmap and project plan for your vendor management journey to ensure you reach your destination.
    • Build collaborative relationships with critical vendors.

    Jump Start Your Vendor Management Initiative Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should jump start a vendor management initiative, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plan

    Organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI.

    • Jump Start Your Vendor Management Initiative – Phase 1: Plan
    • Jump – Phase 1 Tools and Templates Compendium

    2. Build

    Configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.

    • Jump Start Your Vendor Management Initiative – Phase 2: Build
    • Jump – Phase 2 Tools and Templates Compendium
    • Jump – Phase 2 Vendor Classification Tool
    • Jump – Phase 2 Vendor Risk Assessment Tool

    3. Run

    Begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI.

    • Jump Start Your Vendor Management Initiative – Phase 3: Run

    4. Review

    Identify what the VMI should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    • Jump Start Your Vendor Management Initiative – Phase 4: Review

    Infographic

    Workshop: Jump Start Your Vendor Management Initiative

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Plan

    The Purpose

    Getting Organized

    Key Benefits Achieved

    Defined Roles and Goals for the VMI

    Activities

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities – OIC Chart

    1.5 Process Mapping

    1.6 Vendor Inventory Tool (Overview)

    Outputs

    Completed Mission Statement and Goals

    List of Items In Scope and Out of Scope for the VMI

    List of Strengths and Obstacles for the VMI

    Completed OIC Chart

    Sample Process Map for One Process

    Begun Using Vendor Inventory Tool

    2 Plan/Build/Run

    The Purpose

    Build VMI Tools and Templates

    Key Benefits Achieved

    Configured Tools and Templates for the VMI Based on Its Roles and Goals

    Activities

    2.1 Maturity Assessment

    2.2 Structure and Job Descriptions

    2.3 Attributes of a Valuable Vendor

    2.4 Classification Model

    2.5 Risk Assessment Tool

    2.6 Scorecards and Feedback

    2.7 Business Alignment Meeting Agenda

    Outputs

    Completed Maturity Assessment.

    Sample Job Descriptions and Phrases.

    List of Attributes of a Valuable Vendor.

    Configured Classification Model.

    Configured Risk Assessment Tool.

    Configured Scorecard and Feedback Questions.

    Configured Business Alignment Meeting Agenda.

    3 Build/Run

    The Purpose

    Continue Building VMI Tools and Templates

    Key Benefits Achieved

    Configured Tools and Templates for the VMI Based on Its Roles and Goals

    Activities

    3.1 Relationship Alignment Document

    3.2 Vendor Orientation

    3.3 Policies and Procedures

    3.4 3-Year Roadmap

    3.5 90-Day Plan

    3.6 Quick Wins

    3.7 Reports

    3.8 Kickoff Meeting

    Outputs

    Relationship Alignment Document Sample and Checklist

    Vendor Orientation Checklist

    Policies and Procedures Checklist

    Completed 3-Year Roadmap

    Completed 90-Day Plan

    List of Quick Wins

    List of Reports

    4 Review

    The Purpose

    Review the Past 12 Months of VMI Operations and Improve

    Key Benefits Achieved

    Keeping the VMI Aligned With the Organization’s Goals and Ensuring the VMI Is Leveraging Leading Practices

    Activities

    4.1 Develop/Improve Vendor Relationships.

    4.2 Assess Compliance.

    4.3 Incorporate Leading Practices.

    4.4 Leverage Lessons Learned.

    4.5 Maintain Internal Alignment.

    4.6 Update Governances.

    Outputs

    Further reading

    Jump Start Your Vendor Management Initiative

    Create and implement a vendor management framework to begin obtaining measurable results in 90 days.

    EXECUTIVE BRIEF

    Analyst Perspective

    What is vendor management?

    When you read the phrase “vendor management,” what comes to mind? This isn’t a rhetorical question. Take your time … I’ll wait.

    Unfortunately, those words conjure up a lot of different meanings, and much of that depends on whom you ask. Those who work in the vendor management field will provide a variety of answers. To complicate matters, those who are vendor management “outsiders” will have a totally different view of what vendor management is. Why is this important? Because we need a common definition to communicate more effectively, even if the definition is broad.

    Let’s start creating a working definition that is not circular. Vendor management is not simply managing vendors. That expression basically reorders the words and does nothing to advance our cause; it only adds to the existing confusion surrounding the concept.

    Vendor management is best thought of as a spectrum or continuum with many points rather than a specific discipline like accounting or finance. There are many functions and activities that fall under the umbrella term of vendor management: some of them will be part of your vendor management initiative (VMI), some will not, and some will exist in your organization but be outside the VMI. This is the unique part of vendor management – the part that makes it fun, but also the part that leads to the confusion. For example, accounts payable sits within the accounting department almost exclusively, but contract management can sit within or outside the VMI. The beauty of vendor management is its flexibility; your VMI can be created to meet your specific needs and goals while leveraging common vendor management principles.

    Every conversation around vendor management needs to begin with “What do you mean by that?” Only then can we home in on the scope and nature of what people are discussing. “Managing vendors” is too narrow because it often ignores many of the reasons organizations create VMIs in the first place: to reduce costs, to improve performance, to improve processes, to improve relationships, to improve communication, and to manage risk better.

    Vendor management is a strategic initiative that takes the big picture into account … navigating the cradle to grave lifecycle to get the most out of your interactions and relationships with your vendors. It is flexible and customizable; it is not plug and play or overly prescriptive. Tools, principles, templates, and concepts are adapted rather than adopted as is. Ultimately, you define what vendor management is for your organization.

    We look forward to helping you on your vendor management journey no matter what it looks like. But first, let’s have a conversation about how you want to define vendor management in your environment.

    This is a picture of Phil Bode, Principal  Research Director, Vendor Management at Info-Tech Research Group.

    Phil Bode
    Principal Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Each year, IT organizations “outsource” tasks, activities, functions, and other items. During 2021:

    • Spend on as-a-service providers increased 38% over 2020.*
    • Spend on managed service providers increased 16% over 2020.*
    • IT service providers increased their merger and acquisition numbers by 47% over 2020.*

    *Source: Information Services Group, Inc., 2022.

    This leads to more spend, less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.

    Common Obstacles

    As new contracts are negotiated and existing contracts are renegotiated or renewed, there is a perception that the contracts will yield certain results, output, performance, solutions, or outcomes. The hope is that these will provide a measurable expected value to IT and the organization. Oftentimes, much of the expected value is never realized. Many organizations don’t have a VMI to help:

    • Ensure at least the expected value is achieved.
    • Improve on the expected value through performance management.
    • Significantly increase the expected value through a proactive VMI.

    Info-Tech’s Approach

    Vendor management is a proactive, cross-functional lifecycle. It can be broken down into four phases:

    • Plan
    • Build
    • Run
    • Review

    The Info-Tech process addresses all four phases and provides a step-by-step approach to configure and operate your VMI. The content in this blueprint helps you quickly establish your VMI and set a solid foundation for its growth and maturity.

    Info-Tech Insight

    Vendor management is not a one-size-fits-all initiative. It must be configured:

    • For your environment, culture, and goals.
    • To leverage the strengths of your organization and personnel.
    • To focus your energy and resources on your critical vendors.

    Executive Summary

    Your Challenge

    Spend on managed service providers and as-a-service providers continues to increase. In addition, IT services vendors continue to be active in the mergers and acquisitions arena. This increases the need for a VMI to help with the changing IT vendor landscape. In 2021, there was increases of:

    38%

    Spend on As-a-Service Providers

    16%

    Spend on Managed Services Providers

    47%

    IT Services Merger & Acquisition Growth (Transactions)

    Source: Information Services Group, Inc., 2022.

    Executive Summary

    Common Obstacles

    When organizations execute, renew, or renegotiate a contract, there is an “expected value” associated with that contract. Without a robust VMI, most of the expected value will never be realized. With a robust VMI, the realized value significantly exceeds the expected value during the contract term.

    A contract’s realized value with and without a vendor management initiative

    Two bars are depicted, showing that vendor collaboration and vendor performance management exceed expected value with a VMI, but without VMI, 75% of a contract's expected value can disappear within 18 months.

    Source: Based on findings from Geller & Company, 2003.

    Executive Summary

    Info-Tech’s Approach

    A sound, cyclical approach to vendor management will help you create a VMI that meets your needs and stays in alignment with your organization as they both change (i.e. mature and grow).

    This is an image of Info-Tech's approach to VMI.  It includes the following four steps: 01 - Plan; 02 - Build; 03 - Run; 04 - Review

    Info-Tech’s Methodology for Creating and Operating Your VMI

    Phase 1: Plan Phase 2: Build Phase 3: Run Phase 4: Review

    Phase Steps

    1.1 Mission Statement and Goals
    1.2 Scope
    1.3 Strengths and Obstacles
    1.4 Roles and Responsibilities
    1.5 Process Mapping
    1.6 Charter
    1.7 Vendor Inventory
    1.8 Maturity Assessment
    1.9 Structure

    2.1 Classification Model
    2.2 Risk Assessment Tool
    2.3 Scorecards and Feedback
    2.4 Business Alignment Meeting Agenda
    2.5 Relationship Alignment Document
    2.6 Vendor Orientation
    2.7 Job Descriptions
    2.8 Policies and Procedures
    2.9 3-Year Roadmap
    2.10 90-Day Plan
    2.11 Quick Wins
    2.12 Reports

    3.1 Classify Vendors
    3.2 Conduct Internal “Kickoff” Meeting
    3.3 Conduct Vendor Orientation
    3.4 Compile Scorecards
    3.5 Conduct Business Alignment Meetings
    3.6 Work the 90-Day Plan
    3.7 Manage the 3-Year Roadmap
    3.8 Measure and Monitor Risk
    3.9 Issue Reports
    3.10 Develop/Improve Vendor Relationships
    3.11 Contribute to Other Processes

    4.1 Assess Compliance
    4.2 Incorporate Leading Practices
    4.3 Leverage Lessons Learned
    4.4 Maintain Internal Alignment
    4.5 Update Governances

    Phase Outcomes

    This phase helps you organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI. This phase helps you configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan. This phase helps you begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI. This phase helps the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    Insight Summary

    Insight 1

    Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. While there are commonalities and leading practices associated with vendor management, your initiative won’t look exactly like another organization’s. The key is to adapt vendor management principles to fit your needs.

    Insight 2

    All vendors are not of equal importance to your organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization’s investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.

    Insight 3

    Having a solid foundation is critical to the VMI’s ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates “informally,” starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.

    Blueprint Deliverables

    The four phases of creating and running a vendor management initiative are supported with configurable tools, templates, and checklists to help you stay aligned internally and achieve your goals.

    VMI Tools and Templates

    This image contains two screenshots of Info-Tech's VMI Tools and Templates

    Build a solid foundation for your VMI and configure tools and templates to help you manage your vendor relationships.

    Key Deliverables:

    1. Jump – Phase 1 Tools and Templates Compendium
    2. Jump – Phase 2 Tools and Templates Compendium
    3. Jump – Phase 2 Vendor Classification Tool
    4. Jump – Phase 2 Vendor Risk Assessment Tool

    A suite of tools and templates to help you create and implement your vendor management initiative.

    Blueprint benefits

    IT Benefits

    • Identify and manage risk proactively.
    • Reduce costs and maximize value.
    • Increase visibility with your critical vendors.
    • Improve vendor performance.
    • Create a collaborative environment with key vendors.
    • Segment vendors to allocate resources more effectively and more efficiently.

    Business Benefits

    • Improve vendor accountability.
    • Increase collaboration between departments.
    • Improve working relationships with your vendors.
    • Create a feedback loop to address vendor or customer issues before they get out of hand or are more costly to resolve.
    • Increase access to meaningful data and information regarding important vendors.

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    Using the Maturity Assessment and 90-Day Plan tools, track how well you are able to achieve your goals and objectives:

    • Did you meet the targeted maturity level for each maturity category as determined by the point system?
    • Did you finish each activity in the 90-Day Plan completely and on time?
    1-Year Maturity Roadmap(by Category) Target Maturity (Total Points) Actual Maturity (Total Points)
    Contracts 12 12
    Risk 8 7
    Vendor Selection 9 9
    Vendor Relationships 21 21
    VMI Operations 24 16
    90-Day Plan (by Activity) Activity Completed
    Finalize mission and goals; gain executive approval Yes
    Finalize OIC chart; gain buy-in from other departments Yes
    Classify top 40 vendors by spend Yes
    Create initial scorecard Yes
    Develop the business alignment meeting agenda Yes
    Conduct two business alignment meetings No
    Update job descriptions Yes
    Map two VMI processes No

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phases 2 & 3 Phase 4

    Call #1: Mission statement and goals, scope, and strengths and obstacles.

    Call #5: Classification model.

    Call #9: Policies and procedures and reports.

    Call #12: Assess compliance, incorporate leading practices, leverage lessons learned, maintain internal alignment, and update governances.

    Call #2: Roles and responsibilities and process mapping.

    Call #6: Risk assessment.

    Call #10: 3-year roadmap.

    Call #3: Charter and vendor inventory.

    Call #7: Scorecards and feedback and business alignment meetings.

    Call #11: 90-day plan and quick wins.

    Call #4: Maturity assessment and VMI structure.

    Call #8: Relationship alignment document, vendor orientation, and job descriptions.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4
    Plan Plan/Build/Run Build/Run Review

    Activities

    1.1 Mission Statement and Goals
    1.2 Scope
    1.3 Strengths and Obstacles
    1.4 Roles and Responsibilities
    1.5 Process Mapping
    1.6 Charter
    1.7 Vendor Inventory
    1.8 Maturity Assessment
    1.9 Structure

    2.1 Classification Model
    2.2 Risk Assessment Tool
    2.3 Scorecards and Feedback
    2.4 Business Alignment Meeting Agenda
    2.5 Relationship Alignment Document
    2.6 Vendor Orientation
    2.7 Job Descriptions
    2.8 Policies and Procedures
    2.9 3-Year Roadmap
    2.10 90-Day Plan
    2.11 Quick Wins
    2.12 Reports

    3.1 Classify Vendors
    3.2 Conduct Internal “Kickoff” Meeting
    3.3 Conduct Vendor Orientation
    3.4 Compile Scorecards
    3.5 Conduct Business Alignment Meetings
    3.6 Work the 90-Day Plan
    3.7 Manage the 3-Year Roadmap
    3.8 Measure and Monitor Risk
    3.9 Issue Reports
    3.10 Develop/Improve Vendor Relationships
    3.11 Contribute to Other Processes

    4.1 Assess Compliance
    4.2 Incorporate Leading Practices
    4.3 Leverage Lessons Learned
    4.4 Maintain Internal Alignment
    4.5 Update Governances

    Deliverables

    1. Completed Mission Statement and Goals
    2. List of Items In Scope and Out of Scope for the VMI
    3. List of Strengths and Obstacles for the VMI
    4. Completed OIC Chart
    5. Sample Process Map for One Process
    6. Vendor Inventory tab
    1. Completed Maturity Assessment
    2. Sample Job Descriptions and Phrases
    3. List of Attributes of a Valuable Vendor
    4. Configured Classification Model
    5. Configured Risk Assessment Tool
    6. Configured Scorecard and Feedback Questions
    7. Configured Business Alignment Meeting Agenda
    1. Relationship Alignment Document Sample and Checklist
    2. Vendor Orientation Checklist
    3. Policies and Procedures Checklist
    4. Completed 3-Year Roadmap
    5. Completed 90-Day Plan
    6. List of Quick Wins
    7. List of Reports

    Phase 1: Plan

    Get Organized

    1.1 Mission Statement and Goals
    1.2 Scope
    1.3 Strengths and Obstacles
    1.4 Roles and Responsibilities
    1.5 Process Mapping
    1.6 Charter
    1.7 Vendor Inventory
    1.8 Maturity Assessment
    1.9 Structure

    Phase 1 Phase 2 Phase 3 Phase 4
    1.1 Mission Statement and Goals
    1.2 Scope
    1.3 Strengths and Obstacles
    1.4 Roles and Responsibilities
    1.5 Process Mapping
    1.6 Charter
    1.7 Vendor Inventory
    1.8 Maturity Assessment
    1.9 Structure

    2.1 Classification Model
    2.2 Risk Assessment Tool
    2.3 Scorecards and Feedback
    2.4 Business Alignment Meeting Agenda
    2.5 Relationship Alignment Document
    2.6 Vendor Orientation
    2.7 Job Descriptions
    2.8 Policies and Procedures
    2.9 3-Year Roadmap
    2.10 90-Day Plan
    2.11 Quick Wins
    2.12 Reports

    3.1 Classify Vendors
    3.2 Conduct Internal “Kickoff” Meeting
    3.3 Conduct Vendor Orientation
    3.4 Compile Scorecards
    3.5 Conduct Business Alignment Meetings
    3.6 Work the 90-Day Plan
    3.7 Manage the 3-Year Roadmap
    3.8 Measure and Monitor Risk
    3.9 Issue Reports
    3.10 Develop/Improve Vendor Relationships
    3.11 Contribute to Other Processes

    4.1 Assess Compliance
    4.2 Incorporate Leading Practices
    4.3 Leverage Lessons Learned
    4.4 Maintain Internal Alignment
    4.5 Update Governances

    This phase will walk you through the following activities:

    Organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Procurement/Sourcing
    • IT
    • Others as needed

    Jump Start Your Vendor Management Initiative

    Phase 1: Plan

    Get organized.

    Phase 1: Plan focuses on getting organized. Foundational elements (mission statement, goals, scope, strengths and obstacles, roles and responsibilities, and process mapping) will help you define your VMI. These and the other elements of this Phase will follow you throughout the process of standing up your VMI and running it.

    Spending time up front to ensure that everyone is on the same page will help avoid headaches down the road. The tendency is to skimp (or even skip) on these steps to get to “the good stuff.” To a certain extent, the process provided here is like building a house. You wouldn’t start building your dream home without having a solid blueprint. The same is true with vendor management. Leveraging vendor management tools and techniques without the proper foundation may provide some benefit in the short term, but in the long term it will ultimately be a house of cards waiting to collapse.

    Step 1.1: Mission statement and goals

    Identify why the VMI exists and what it will achieve.

    Whether you are starting your vendor management journey or are already down the path, it is important to know why the vendor management initiative exists and what it hopes to achieve. The easiest way to document this is with a written declaration in the form of a mission statement and goals. Although this is the easiest way to proceed, it is far from easy.

    The mission statement should identify at a high level the nature of the services provided by the VMI, who it will serve, and some of the expected outcomes or achievements. The mission statement should be no longer than one or two sentences.

    The complement to the mission statement is the list of goals for the VMI. Your goals should not be a reassertion of your mission statement in bullet format. At this stage it may not be possible to make them SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based), but consider making them as SMART as possible. Without some of the SMART parameters attached, your goals are more like dreams and wishes. At a minimum, you should be able to determine the level of success achieved for each of the VMI goals.

    Although the VMI’s mission statement will stay static over time (other than for significant changes to the VMI or organization as a whole), the goals should be re-evaluated periodically using a SMART filter and adjusted as needed.

    1.1.1: Mission statement and goals

    20-40 minutes

    1. Meet with the participants and use a brainstorming activity to list on a whiteboard or flip chart the reasons why the VMI will exist.
    2. Review external mission statements for inspiration.
    3. Review internal mission statements from other areas to ensure consistency.
    4. Draft and document your mission statement in the Phase 1 Tools and Templates Compendium, Tab 1.1 Mission Statement and Goals.
    5. Continue brainstorming and identify the high-level goals for the VMI.
    6. Review the list of goals and make them as SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based) as possible.
    7. Document your goals in the Phase 1 Tools and Templates Compendium, Tab 1.1 Mission Statement and Goals.
    8. Obtain sign-off on the mission statement and goals from stakeholders and executives as required.

    Input

    • Brainstorming results
    • Mission statements from other internal and external sources

    Output

    • Completed mission statement and goals

    Materials

    • Whiteboard/Flip Charts
    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.1 Mission Statement and Goals

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 1.2: Scope

    Determine what is in scope and out of scope for the VMI

    Regardless of where your VMI resides or how it operates, it will be working with other areas within your organization. Some of the activities performed by the VMI will be new and not currently handled by other groups or individuals internally; at the same time, some of the activities performed by the VMI may be currently handled by other groups or individuals internally. In addition, executives, stakeholders, and other internal personnel may have expectations or make assumptions about the VMI. As a result, there can be a lot of confusion about what the VMI does and doesn’t do, and the answers cannot always be found in the VMI’s mission statement and goals.

    One component of helping others understand the VMI landscape is formalizing the VMI scope. The scope will define boundaries for the VMI. The intent is not to fence itself off and keep others out but provide guidance on where the VMI’s territory begins and ends. Ultimately, this will help clarify the VMI’s roles and responsibilities, improve workflow, and reduce errant assumptions.

    When drafting your VMI scoping document, make sure you look at both sides of the equation (similar to what you would do when following best practices for a statement of work): Identify what is in scope and what is out of scope. Be specific when describing the individual components of the VMI scope, and make sure executives and stakeholders are on board with the final version.

    1.2.1: Scope

    20-40 minutes

    1. Meet with the participants and use a brainstorming activity to list on a whiteboard or flip chart the activities and functions in scope and out of scope for the VMI.
      1. Be specific to avoid ambiguity and improve clarity.
      2. Go back and forth between in scope and out of scope as needed; it is not necessary to list all of the in-scope items and then turn your attention to the out-of-scope items.
    2. Review the lists to make sure there is enough specificity. An item may be in scope or out of scope but not both.
    3. Use the Phase 1 Tools and Templates Compendium, Tab 1.2 Scope, to document the results.
    4. Obtain sign-off on the scope from stakeholders and executives as required.

    Input

    • Brainstorming
    • Mission statement and goals

    Output

    • Completed list of items in and out of scope for the VMI

    Materials

    • Whiteboard/Flip Charts
    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.2 Scope

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 1.3: Strengths and obstacles

    Pinpoint the VMI’s strengths and obstacles.

    A SWOT analysis (strengths, weaknesses, opportunities, and threats) is a valuable tool, but it is overkill for your VMI at this point. However, using a modified and simplified form of this tool (strengths and obstacles) will yield significant results and benefit the VMI as it grows and matures.

    Your output will be two lists: the strengths associated with the VMI and the obstacles facing the VMI. For example, strengths could include items such as smart people working within the VMI and executive support. Obstacles could include items such as limited headcount and training required for VMI staff.

    The goals are 1) to harness the strengths to help the VMI be successful and 2) to understand the impact of the obstacles and plan accordingly. The output can also be used to enlighten executives and stakeholders about the challenges associated with their directives or requests (e.g. human bandwidth may not be sufficient to accomplish some of the vendor management activities and there is a moratorium on hiring until the next budget year).

    For each strength identified, determine how you will or can leverage it when things are going well or when the VMI is in a bind. For each obstacle, list the potential impact on the VMI (e.g. scope, growth rate, and number of vendors that can actively be part of the VMI).

    As you do your brainstorming, be as specific as possible and validate your lists with stakeholders and executives as needed.

    1.3.1: Strengths and obstacles

    20-40 minutes

    1. Meet with the participants and use a brainstorming activity to list on a whiteboard or flip chart the VMI’s strengths and obstacles.
      1. Be specific to avoid ambiguity and improve clarity.
      2. Go back and forth between strengths and obstacles as needed; it is not necessary to list all of the strengths and then turn your attention to the obstacles.
      3. It is possible for an item to be a strength and an obstacle; when this happens, add details to distinguish the situations.
    2. Review the lists to make sure there is enough specificity.
    3. Determine how you will leverage each strength and how you will manage each obstacle.
    4. Use the Phase 1 Tools and Templates Compendium, Tab 1.3 Strengths and Obstacles, to document the results.
    5. Obtain sign-off on the strengths and obstacles from stakeholders and executives as required.

    Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

    Input

    • Brainstorming
    • Mission statement and goals
    • Scope

    Output

    • Completed list of items impacting the VMI’s ability to be successful: strengths the VMI can leverage and obstacles the VMI must manage

    Materials

    • Whiteboard/Flip Charts
    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.3 Strengths and Obstacles

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 1.4: Roles and responsibilities

    Obtain consensus on who is responsible for what.

    One crucial success factor for VMIs is gaining and maintaining internal alignment. There are many moving parts to an organization, and a VMI must be clear on the various roles and responsibilities related to the relevant processes. Some of this information can be found in the VMI’s scope, referenced in Step 1.2, but additional information is required to avoid stepping on each other’s toes since many of the processes require internal departments to work together. (For example, obtaining requirements for a request for proposal takes more than one person or one department to complete this process.) While it is not necessary to get too granular, it is imperative that you have a clear understanding of how the VMI activities will fit within the larger vendor management lifecycle (which is comprised of many sub processes) and who will be doing what.

    As we have learned through our workshops and guided implementations, a traditional RACI* or RASCI* chart does not work well for this purpose. These charts are not intuitive, and they lack the specificity required to be effective. For vendor management purposes, a higher-level view and a slightly different approach provide much better results.

    This step will lead your through the creation of an OIC* chart to determine vendor management lifecycle roles and responsibilities. Afterward, you’ll be able to say, “Oh, I see clearly who is involved in each part of the process and what their role is.”

    *RACI – Responsible, Accountable, Consulted, Informed
    *RASCI – Responsible, Accountable, Support, Consulted, Informed
    *OIC – Owner, Informed, Contributor

    This is an image of a table which shows an example of which role would be responsible for which step

    Step 1.4: Roles and responsibilities (cont.)

    Obtain consensus on who is responsible for what.

    To start, define the vendor management lifecycle steps or process applicable to your VMI. Next, determine who participates in the vendor management lifecycle. There is no need to get too granular – think along the lines of departments, subdepartments, divisions, agencies, or however you categorize internal operational units. Avoid naming individuals other than by title; this typically happens when a person oversees a large group (e.g. the CIO [chief information officer] or the CPO [chief procurement officer]). Be thorough, but the chart can get out of hand quickly. For each role and step of the lifecycle, ask whether the entry is necessary – does it add value to the clarity of understanding the responsibilities associated with the vendor management lifecycle? Consider two examples, one for roles and one for lifecycle steps: 1) Is IT sufficient or do you need IT Operations and IT Development? 2) Is “negotiate contract documents” sufficient or do you need “negotiate the contract” and “negotiate the renewal”? The answer will always depend on your culture and environment, but be wary of creating a spreadsheet that requires an 85-inch monitor to view it in its entirety.

    After defining the roles (departments, divisions, agencies) and the vendor management lifecycle steps or process, assign one of three letters to each box in your chart:

    • O – Owner – who owns the process; they may also contribute to it.
    • I – Informed – who is informed about the progress or results of the process.
    • C – Contributor – who contributes or works on the process; it can be tangible or intangible contributions.

    This activity can be started by the VMI or done as a group with representatives from each of the named roles. If the VMI starts the activity, the resulting chart should be validated by the each of the named roles.

    1.4.1: Roles and responsibilities

    1-6 hours

    1. Meet with the participants and configure the OIC Chart in the Jump – Phase 1 Tools and Templates Compendium, Tab 1.4 OIC Chart.
      1. Review the steps or activities across the top of the chart and modify as needed.
      2. Review the roles listed along the left side of the chart and modify as needed.
    2. For each activity or step across the top of the chart, assign each role a letter – O for owner of that activity or step; I for informed; or C for contributor. Use only one letter per cell.
    3. Work your way across the chart. Every cell should have an entry or be left blank if it is not applicable.
    4. Review the results and validate that every activity or step has an O assigned to it; there must be an owner for every activity or step.
    5. Obtain sign-off on the OIC chart from stakeholders and executives as required.

    Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

    Input

    • A list of activities or steps to complete a project, starting with requirements gathering and ending with ongoing risk management
    • A list of internal areas (departments, divisions, agencies, etc.) and stakeholders that contribute to completing a project

    Output

    • Completed OCI chart indicating roles and responsibilities for the VMI and other internal areas

    Materials

    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.4 OIC Chart

    Participants

    • VMI team
    • Procurement/Sourcing
    • IT
    • Representatives from other areas as needed
    • Applicable stakeholders and executives as needed

    Step 1.5: Process mapping

    Diagram the workflow.

    Although policies and procedures are important, their nature can make it difficult to grasp how things work at a high level (or even at the detail level). To help bridge the gap, map the applicable processes (determined by how deep and wide you want to go) involving the VMI. To start, look at the OIC chart from Step 1.4. You can expand the breadth and depth of your mapping to include the VMI scope, the 3-year roadmap (see Step 2.9), and the processes driven by the day-to-day work within the VMI.

    Various mapping tools can be used. Three common approaches that can be mixed and matched are:

    • Traditional flowcharts.
    • Swimlane diagrams.
    • Work breakdown structures.
    This is an example of a Workflow Process Map

    Step 1.5: Process mapping (cont.)

    Diagram the workflow.

    Your goal is not to create an in-depth diagram for every step of the vendor management lifecycle. However, for steps owned by the VMI, the process map should include sufficient details for the owner and the contributors (see Step 1.4) to understand what is required of them to support that step in the lifecycle.

    For VMI processes that don’t interact with other departments, follow the same pattern as outlined above for steps owned by the VMI.

    Whatever methodology you use to create your process map, make sure it includes enough details so that readers and users can identify the following elements:

    • Input:
      • What are the inputs?
      • Where do the inputs originate or come from?
    • Process:
      • Who is involved/required for this step?
      • What happens to the inputs in this step?
      • What additional materials, tools, or resources are used or required during this step?
    • Output:
      • What are the outputs?
      • Where do the outputs go next?

    1.5.1: Process Mapping

    1-8 hours (or more)

    1. Meet with the participants and determine which processes you want to map.
      1. For processes owned by the VMI, map the entire process.
      2. For processes contributed to by the VMI, map the entire process at a high level and map the VMI portion of the process in greater detail.
    2. Select the right charts/diagrams for your output.
      1. Flowchart
      2. Swimlane diagram
      3. Modified SIPOC (Supplier, Input, Process, Output, Customer)
      4. WBS (work breakdown structure)
    3. Begin mapping the processes either in a tool or using sticky notes. You want to be able to move the steps and associated information easily; most people don’t map the entire process accurately or with sufficient detail the first time through. An iterative approach works best.
    4. Obtain signoff on the process maps from stakeholders and executives as required. A copy of the final output can be kept in the Jump – Phase 1 Tools and Templates Compendium, Tab 1.5 Process Mapping, if desired.

    Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

    Input

    • Existing processes (formal, informal, documented, and undocumented)
    • OIC chart

    Output

    • Process maps for processes contributed to or owned by the VMI

    Materials

    • Sticky Notes
    • Flowchart/process mapping software or something similar
    • (Optional) Jump – Phase 1 Tools and Templates Compendium, Tab 1.5 Process Mapping

    Participants

    • VMI team
    • Procurement/Sourcing
    • IT
    • Representatives from other areas as needed
    • Applicable stakeholders and executives (as needed)

    Step 1.6: Charter

    Document how the VMI will operate.

    As you continue getting organized by working through steps 1.1-1.5, you may want to document your progress in a charter and add some elements. Basically, a charter is a written document laying out how the VMI will operate within the organization. It clearly states the VMI’s mission, goals, scope, roles and responsibilities, and vendor governance model. In addition, it can include a list of team members and sponsors.

    Whether you create a VMI charter will largely depend on:

    • Your organization’s culture.
    • Your organization’s formality.
    • The perceived value of creating a charter.

    If you decide to create a VMI charter, this is a good place in the process to create an initial draft. As you continue working through the blueprint and your VMI matures, update the VMI charter as needed.

    VMI Charter:

    • Purpose
    • Sponsors
    • Roles
    • Responsibilities
    • Governance

    1.6.1: Charter

    1-4 hours

    1. Meet with the participants and review the template in Jump – Phase 1 Tools and Templates Compendium, Tab 1.6 Charter.
    2. Determine whether the participants will use this template or add materials to your standard charter template.
    3. Complete as much of the charter as possible, knowing that some information may not be available until later.
    4. Return to the charter as needed until it is completed.
    5. Obtain sign-off on the charter from stakeholders and executives as required.

    Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

    Input

    • Mission statement and goals
    • Scope
    • Strengths and obstacles
    • OIC chart
    • List of stakeholders and executives and their VMI roles and responsibilities

    Output

    • Completed VMI charter

    Materials

    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.6 Charter
    • Your organization’s standard charter document

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 1.7: Vendor inventory

    Compile a list of vendors and relevant vendor information.

    As you prepare your VMI for being operational, it’s critical to identify all of your current vendors providing IT products or services to the organization. This can be tricky and may depend on how you view things internally. For example, you may have traditional IT vendors that are managed by IT, and you may have IT vendors that are managed by other internal departments (shadow IT or out-in-the-open IT). If it wasn’t determined with the help of stakeholders and executives before now, make sure you establish the purview of the VMI at this point. What types of vendors are included and excluded from the VMI?

    You may find that a vendor can be included and excluded based on the product or service they provide. A vendor may provide a service that is managed by IT and a service that is managed/controlled by another department. In this instance, a good working relationship and clearly defined roles and responsibilities between the VMI and the other department will be required. But, it all starts with compiling a list of vendors and validating the VMI’s purview (and any limitations) for the vendors with stakeholders and executives.

    Step 1.7: Vendor inventory (cont.)

    Compile a list of vendors and relevant vendor information.

    At a minimum, the VMI should be able to quickly retrieve key information about each of “its” vendors:

    • Vendor Name
    • Classification (see Steps 2.1 and 3.1)
    • Categories of Service
    • Names of Products and Services Provided
    • Brief Descriptions of Products and Services Provided
    • Annualized Vendor Spend
    • Vendor Contacts
    • Internal Vendor Relationship Owner

    Not all of this information will be available at this point, but you can begin designing or configuring your tool to meet your needs. As your VMI enters Phase 3: Run and continues to mature, you will return to this tool and update the information. For example, the vendor classification category won’t be known until Phase 3, and it can change over time.

    1.7.1: Vendor inventory

    1-10 hours

    Meet with the participants and review the Jump – Phase 1 Tools and Templates Compendium, Tab 1.7 Vendor Inventory. Determine whether the VMI wants to collect and/or monitor additional information and make any necessary modifications to the tool.

    Enter the “Annual IT Vendor Spend” amount in the appropriate cell toward the top of the spreadsheet. This is for IT spend for vendor-related activities within the VMI’s scope; include shadow IT spend and “non-shadow” IT spend if those vendors will be included in the VMI’s scope.

    Populate the data fields for your top 50 vendors by annual spend; you may need multiple entries for the same vendor depending on the nature of the products and services they provide.

    Ignore the “Classification” column for now; you will return to this later when classification information is available.

    Ignore the “Percentage of IT Budget” column as well; it uses a formula to calculate this information.

    Input

    • Data from various internal and external sources such as accounts payable, contracts, and vendor websites

    Output

    • List of vendors with critical information required to manage relationships with key vendors

    Materials

    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.7 Vendor Inventory

    Participants

    • VMI team (directly)
    • Other internal and external personnel (indirectly)

    Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

    Step 1.8: Maturity assessment

    Establish a VMI maturity baseline and set an ideal future state.

    Knowing where you are and where you want to go are essential elements for any journey in the physical world, and the same holds true for your VMI journey. Start by assessing your current-state VMI maturity. This will provide you with a baseline to measure progress against. Next, using the same criteria, determine the level of VMI maturity you would like to achieve one year in the future. This will be your future-state VMI maturity. Lastly, identify the gaps and plot your course.

    The maturity assessment provides three main benefits:

    1. Focus – you’ll know what is important to you moving forward.
    2. 3-Year Roadmap (discussed more fully in Step 2.9) – you’ll have additional input for your short-term and long-term roadmap (1, 2, and 3 years out).
    3. Quantifiable Improvement – you’ll be able to measure your progress and make midcourse corrections when necessary.

    Step 1.8: Maturity assessment (cont.)

    Establish a VMI maturity baseline and set an ideal future state.

    The Info-Tech VMI Maturity Assessment tool evaluates your maturity across several criteria across multiple categories. Once completed, the assessment will specify:

    • A current-state score by category and overall.
    • A target-state score by category and overall.
    • A quantifiable gap for each criterion.
    • A priority assignment for each criterion.
    • A level of effort required by criterion to get from the current state to the target state.
    • A target due date by criterion for achieving the target state.
    • A rank order for each criterion (note: limit your ranking to your top 7 or 9).

    Many organizations will be tempted to mature too quickly. Resource constraints and other items from Step 1.3 (Strengths and Obstacles) will impact how quickly you can mature. Being aggressive is fine, but it must be tempered with a dose of reality. Otherwise, morale, perception, and results can suffer.

    1.8.1: Maturity assessment

    45-90 minutes

    1. Meet with the participants and use Jump – Phase 1 Tools and Templates Compendium, Tab 1.8 Maturity Assessment Input, to complete the first part of this activity. Provide the required information indicated below.
      1. Review each statement in column B and enter a value in the “Current” column using the drop-down menus based on how much you disagree or agree (0-4) with the statement. This establishes a baseline maturity.
      2. Repeat this process for the “Future” column using a target date of one year from now to achieve this level. This is your desired maturity.
      3. Enter information regarding priority, level of effort, and target due date in the applicable columns using the drop-down menus. (Priority levels are critical, high, medium, low, and maintain; Levels of Effort are high, medium, and low; Target Due Dates are broken into timelines: 1-3 months, 4-6 months, 7-9 months, and 10-12 months.)
    2. Review the information on Jump – Phase 1 Tools and Templates Compendium, Tab 1.8 Maturity Assessment Output; use the Distribution Tables to help you rank your top priorities. Enter a unique number into the Priority (Rank) column. Limit your ranking to the top 7 to 9 activities to provide focus.

    Input

    • Knowledge of current VMI practices and desired future states

    Output

    • VMI maturity baseline
    • Desired VMI target maturity state (in one year)
    • Prioritized areas to improve and due dates
    • Graphs and tables to identify maturity deltas and track progress

    Materials

    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.8 Maturity Assessment Input
    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.8 Maturity Assessment Output

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 1.9: Structure

    Determine the VMI’s organizational and reporting structure.

    There are two parts to the VMI structure:

    1. Organization Structure. Who owns the VMI – where does it fit on the organization chart?
    2. Reporting Structure. What is the reporting structure within the VMI – what are the job functions, titles, and solid and dotted lines of accountability?

    VMI Organization Structure

    The decision regarding who owns the VMI can follow one of two paths:

    1. The decision has already been made by the board of directors, executives, senior leadership, or stakeholders; OR
    2. The decision has not been made, and options will be reviewed and evaluated before it is implemented.

    Many organizations overlook the importance of this decision. The VMI’s position on the organization chart can aid or hinder its success. Whether the decision has already been made or not, this is the perfect time to evaluate the decision or options based on the following question: Why is the VMI being created and how will it operate? Review the documents you created during Steps 1.1-1.8 and other factors to answer this question.

    Step 1.9: Structure (cont.)

    Determine the VMI’s organizational and reporting structure.

    Based on your work product from Steps 1.1-1.8 and other factors, select where the VMI will be best located from the following areas/offices or their equivalent:

    • Chief Compliance Officer (CCO)
    • Chief Information Officer (CIO)
    • Chief Financial Officer (CFO)
    • Chief Procurement Officer (CPO)
    • Chief Operating Officer (COO)
    • Other area

    Without the proper support and placement in the organization chart, the VMI can fail. It is important for the VMI to find a suitable home with a direct connection to one of the sponsors identified above and for the VMI lead to have significant stature (aka title) within the organization. For example, if the VMI lead is a “manager” level who is four reporting layers away from the chief officer/sponsor, the VMI will have an image issue within and outside of the sponsor’s organization (as well as within the vendor community). While this is not to say that the VMI lead should be a vice president* or senior director, our experience and research indicate that the VMI and the VMI lead will be taken more seriously when the VMI lead is at least a director level reporting directly to a CXO.

    *For purposes of the example above, the reporting structure hierarchy used is manager, senior manager, director, senior director, vice president, CXO.

    Step 1.9: Structure (cont.)

    Determine the VMI’s organizational and reporting structure.

    VMI Reporting Structure

    As previously mentioned, the VMI reporting structure describes and identifies the job functions, titles, and lines of accountability. Whether you have a formal vendor management office or you are leveraging the principles of vendor management informally, your VMI reporting structure design will involve some solid lines and some dotted lines. In this instance, the dotted lines represent part-time participation or people/areas that will assist the VMI in some capacity. For example, if the VMI sits within IT, a dotted line to Procurement will show that a good working relationship is required for both parties to succeed; or a dotted line to Christina in Legal will indicate that Christina will be helping the VMI with legal issues.

    There is no one-size-fits-all reporting structure for VMIs, and your approach must leverage the materials from Steps 1.1-1.8, your culture, and your needs. By way of example, your VMI may include some or all of the following functions:

    • Contract Management
    • Relationship Management
    • Financial Management
    • Asset Management
    • Performance Management
    • Sourcing/Procurement
    • Risk Management

    Step 1.9: Structure (cont.)

    Determine the VMI’s organizational and reporting structure.

    Once you’ve identified the functional groups, you can assign titles, responsibilities, and reporting relationships. A good diagram goes a long way to helping others understand your organization. Traditional organization charts work well with VMIs, but a target diagram allows for rapid absorption of the dotted-line relationships. Review the two examples below and determine an approach that works best for you.

    An organizational Chart is depicted.  At the top of the chart is: Office of the CIO.  Below that is: VMI: Legal; Accounting & Finance; Corporate Procurement; below that are the following: Vendor Risk Management; Vendor Reporting and Analysis; Asset Management; Performance Management; Contract Management; IT Procurement Three concentric circles are depicted.  In the inner circle is the term: VMI.  In the middle circle are the terms: Reporting & Analysis; Asset Mgmt; Contract Mgmt; Performance Mgmt; It Proc; Vendor Risk.  In the outer circle are the following terms: Compliance; Finance; HR; Accounting; Procurement; Business Units; Legal; IT

    1.9.1: Structure

    15-60 minutes

    1. Meet with the participants and review decisions that have been made or options that are available regarding the VMI’s placement in the organization chart.
      1. Common options include the Chief Information Officer (CIO), Chief Financial Officer (CFO), or Chief Procurement Officer (CPO).
      2. Less common but viable options include the Chief Compliance Officer (CCO), Chief Operating Officer (COO), or another area.
    2. Brainstorm and determine the job functions and titles
    3. Define the reporting structure within the VMI.
    4. Identify the “dotted line” relationships between the VMI and other internal areas.
    5. Using flowchart, org. chart, or other similar software, reduce your results to a graphic representation that indicates where the VMI resides, its reporting structure, and its dotted-line relationships.
    6. Obtain sign-off on the structure from stakeholders and executives as required. A copy of the final output can be kept in the Jump – Phase 1 Tools and Templates Compendium, Tab 1.9 Structure, if desired.

    Input

    • Mission statement and goals
    • Scope
    • Maturity assessment results (current and target state)
    • Existing org. charts
    • Brainstorming

    Output

    • Completed org. chart with job titles and reporting structure

    Materials

    • Whiteboard/flip chart
    • Sticky notes
    • Flowchart/org. chart software or something similar
    • (Optional) Jump – Phase 1 Tools and Templates Compendium, Tab 1.9 Structure

    Participants

    • VMI team
    • VMI sponsor
    • Stakeholders and executives

    Phase 2: Build

    Create and Configure Tools, Templates, and Processes

    Phase 1Phase 2Phase 3Phase 4
    1.1 Mission Statement and Goals


    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    1.5 Process Mapping

    1.6 Charter

    1.7 Vendor Inventory

    1.8 Maturity Assessment

    1.9 Structure

    2.1 Classification Model
    2.2 Risk Assessment Tool
    2.3 Scorecards and Feedback
    2.4 Business Alignment Meeting Agenda
    2.5 Relationship Alignment Document
    2.6 Vendor Orientation
    2.7 Job Descriptions
    2.8 Policies and Procedures
    2.9 3-Year Roadmap
    2.10 90-Day Plan
    2.11 Quick Wins
    2.12 Reports

    3.1 Classify Vendors
    3.2 Conduct Internal “Kickoff” Meeting
    3.3 Conduct Vendor Orientation
    3.4 Compile Scorecards
    3.5 Conduct Business Alignment Meetings
    3.6 Work the 90-Day Plan
    3.7 Manage the 3-Year Roadmap
    3.8 Measure and Monitor Risk
    3.9 Issue Reports
    3.10 Develop/Improve Vendor Relationships
    3.11 Contribute to Other Processes

    4.1 Assess Compliance
    4.2 Incorporate Leading Practices
    4.3 Leverage Lessons Learned
    4.4 Maintain Internal Alignment
    4.5 Update Governances

    This phase will walk you through the following activities:

    Configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Human Resources
    • Legal
    • Others as needed

    Jump Start Your Vendor Management Initiative

    Phase 2: Build

    Create and configure tools, templates, and processes.

    Phase 2: Build focuses on creating and configuring the tools and templates that will help you run your VMI. Vendor management is not a plug-and-play environment, and unless noted otherwise, the tools and templates included with this blueprint require your input and thought. The tools and templates must work in concert with your culture, values, and goals. That will require teamwork, insights, contemplation, and deliberation.

    During this Phase, you’ll leverage the various templates and tools included with this blueprint and adapt them for your specific needs and use. In some instances, you’ll be starting with mostly a blank slate; while in others, only a small modification may be required to make it fit your circumstances. However, it is possible that a document or spreadsheet may need heavy customization to fit your situation. As you create your VMI, use the included materials for inspiration and guidance purposes rather than as absolute dictates.

    Step 2.1: Classification model

    Configure the COST Vendor Classification Tool.

    One of the functions of a VMI is to allocate the appropriate level of vendor management resources to each vendor since not all vendors are of equal importance to your organization. While some people may be able intuitively to sort their vendors into vendor management categories, a more objective, consistent, and reliable model works best. Info-Tech’s COST model helps you assign your vendors to the appropriate vendor management category so that you can focus your vendor management resources where they will do the most good.

    COST is an acronym for Commodity, Operational, Strategic, and Tactical. Your vendors will occupy one of these vendor management categories, and each category helps you determine the nature of the resources allocated to that vendor, the characteristics of the relationship desired by the VMI, and the governance level used.

    The easiest way to think of the COST model is as a 2x2 matrix or graph. The model should be configured for your environment so that the criteria used for determining a vendor’s classification align with what is important to you and your organization. However, at this point in your VMI’s maturation, a simple approach works best. The Classification Model included with this blueprint requires minimal configuration to get you started and that is discussed on the activity slide associated with this Step 2.1.


    Speed
    Operational Strategic
    Commodity Tactical
    →→→
    Criticality and Risk to the Organization

    Step 2.1: Classification model (cont.)

    Configure the COST Vendor Classification Tool.

    Common Characteristics by Vendor Management Category

    Operational Strategic
    • Low to moderate risk and criticality; moderate to high spend and switching costs
    • Product or service used by more than one area
    • Price is a key negotiation point
    • Product or service is valued by the organization
    • Quality or the perception of quality is a differentiator (i.e. brand awareness)
    • Moderate to high risk and criticality; moderate to high spend and switching costs
    • Few competitors and differentiated products and services
    • Product or service significantly advances the organization’s vision, mission, and success
    • Well-established in their core industry
    Commodity Tactical
    • Low risk and criticality; low spend and switching costs
    • Product or service is readily available from many sources
    • Market has many competitors and options
    • Relationship is transactional
    • Price is the main differentiator
    • Moderate to high risk and criticality; low to moderate spend and switching costs
    • Vendor offerings align with or support one or more strategic objectives
    • Often IT vendors “outside” of IT (i.e. controlled and paid for by other areas)
    • Often niche or new vendors

    Source: Compiled in part from Stephen Guth, “Vendor Relationship Management Getting What You Paid for (And More)”

    2.1.1: Classification Model

    15-30 minutes

    1. Meet with the participants to configure the spend ranges in Jump – Phase 2 Vendor Classification Tool, Tab 1. Configuration, for your environment.
    2. Sort the data from Jump – Phase 1 Tools and Templates Compendium, Tab 1.7 Vendor Inventory, by spend; if you used multiple line items for a vendor in the Vendor Inventory tab, you will have to aggregate the spend data for this activity.
    3. Update cells F14-J14 in the Classification Model based on your actual data.
      1. Cell F14 – set the boundary at a point between the spend for your 10th and 11th ranked vendors. For example, if the 10th vendor by spend is $1,009,850 and the 11th vendor by spend is $980,763, the range for F14 would be $1,000,00+.
      2. Cell G14 – set the bottom of the range at a point between the spend for your 30th and 31st ranked vendors; the top of the range will be $1 less than the bottom of the range specified in F14.
      3. Cell H14 – set the bottom of the range slightly below the spend for your 50th ranked vendor; the top of the range will be $1 less than the bottom of the range specified in G14.
      4. Cells I14 and J14 – divide the remaining range in half and split it between the two cells; for J14 the range will be $0 to $1 less than the bottom range in I14.
    4. Ignore the other variables at this time.

    Download the Info-Tech Jump – Phase 2 Vendor Risk Assessment Tool

    Input

    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.7 Vendor Inventory

    Output

    • Configured Vendor Classification Tool

    Materials

    • Jump – Phase 2 Vendor Classification Tool, Tab 1. Configuration

    Participants

    • VMI team

    Step 2.2: Risk assessment tool

    Identify risks to measure, monitor, and report on.

    One of the typical drivers of a VMI is risk management. Organizations want to get a better handle on the various risks their vendors pose. Vendor risks originate from many areas: financial, performance, security, legal, and many others. However, security risk is the high-profile risk and the one organizations often focus on almost exclusively, which leaves the organization vulnerable in other areas.

    Risk management is a program, not a project – there is no completion date. A proactive approach works best and requires continual monitoring, identification, and assessment. Reacting to risks after they occur can be costly and can have other detrimental effects on the organization. Any risk that adversely affects IT will adversely affect the entire organization.

    While the VMI won’t necessarily be quantifying or calculating the risk directly, it generally is the aggregator of risk information across the risk categories, which it then includes in its reporting function. (See Steps 2.12 and 3.8.)

    At a minimum, your risk management strategy should involve:

    • Identifying the risks you want to measure and monitor.
    • Identifying your risk appetite (the amount of risk you are willing to live with).
    • Measuring, monitoring, and reporting on the applicable risks.
    • Developing and deploying a risk management plan to minimize potential risk impact.

    Vendor risk is a fact of life, but you do have options for how you handle it. Be proactive and thoughtful in your approach, and focus your resources on what is important.

    2.2.1: Risk assessment tool

    30-90 minutes

    1. Meet with the participants to configure the risk indicators in Jump – Phase 2 Vendor Risk Assessment Tool, Tab 1. Set Parameters, for your environment.
    2. Review the risk categories and determine which ones you will be measuring and monitoring.
    3. Review the risk indicators under each risk category and determine whether the indicator is acceptable as written, is acceptable with modifications, should be replaced, or should be deleted.
    4. Make the necessary changes to the risk indicators; these changes will cascade to each of the vendor tabs. Limit the number of risk indicators to no more than seven per risk category.
    5. Gain input and approval as needed from sponsors, stakeholders, and executives as required.

    Download the Info-Tech Jump – Phase 2 Vendor Risk Assessment Tool

    Input

    • Scope
    • OIC Chart
    • Process Maps
    • Brainstorming

    Output

    • Configured Vendor Classification Tool

    Materials

    • Jump – Phase 2 Vendor Classification Tool, Tab 1. Configuration

    Participants

    • VMI team

    Step 2.3: Scorecards and feedback

    Design a two-way feedback loop with your vendors.

    A vendor management scorecard is a great tool for measuring, monitoring, and improving relationship alignment. In addition, it is perfect for improving communication between you and the vendor.

    Conceptually, a scorecard is similar to a report card you received when you were in school. At the end of a learning cycle, you received feedback on how well you did in each of your classes. For vendor management, the scorecard is also used to provide periodic feedback, but there are some different nuances and some additional benefits and objectives when compared to a report card.

    Although scorecards can be used in a variety of ways, the main focus here will be on vendor management scorecards – contract management, project management, and other types of scorecards will not be included in the materials covered in this Step 2.3 or in Step 3.4.

    Category 1 Score
    Vendor Objective A 4
    Objective B 3
    Objective C 5
    Objective D 4 !

    Step 2.3: Scorecards and feedback (cont.)

    Design a two-way feedback loop with your vendors.

    Anatomy

    The Info-Tech Scorecard includes five areas:

    • Measurement Categories. Measurement categories help organize the scorecard. Limit the number of measurement categories to three to five; this allows the parties to stay focused on what’s important. Too many measurement categories make it difficult for the vendor to understand the expectations.
    • Criteria. The criteria describe what is being measured. Create criteria with sufficient detail to allow the reviewers to fully understand what is being measured and to evaluate it. Criteria can be objective or subjective. Use three to five criteria per measurement category.
    • Measurement Category Weights. Not all of your measurement categories may be of equal importance to you; this area allows you to give greater weight to a measurement category when compiling the overall score.
    • Rating. Reviewers will be asked to assign a score to each criteria using a 1 to 5 scale.
    • Comments. A good scorecard will include a place for reviewers to provide additional information regarding the rating or other items that are relevant to the scorecard.

    An overall score is calculated based on the rating for each criteria and the measurement category weights.

    Step 2.3: Scorecards and feedback (cont.)

    Design a two-way feedback loop with your vendors.

    Goals and Objectives

    Scorecards can be used for a variety of reasons. Some of the common ones are listed below:

    • Improve vendor performance.
    • Convey expectations to the vendor.
    • Identify and recognize top vendors.
    • Increase alignment between the parties.
    • Improve communication with the vendor.
    • Compare vendors across the same criteria.
    • Measure items not included in contract metrics.
    • Identify vendors for “strategic alliance” consideration.
    • Help the organization achieve specific goals and objectives.
    • Identify and resolve issues before they impact performance or the relationship.

    Identifying your scorecard drivers first will help you craft a suitable scorecard.

    Step 2.3: Scorecards and feedback (cont.)

    Design a two-way feedback loop with your vendors.

    Info-Tech recommends starting with simple scorecards to allow you and the vendors to acclimate to the new process and information. As you build your scorecards, keep in mind that internal personnel will be scoring the vendors and the vendors will be reviewing the scorecard. Make your scorecard easy for your personnel to fill out and composed of meaningful content to drive the vendor in the right direction. You can always make the scorecard more complex in the future.

    Our recommendation of five categories is provided below. Choose three to five categories to help you accomplish your scorecard goals and objectives:

    1. Timeliness – responses, resolutions, fixes, submissions, completions, milestones, deliverables, invoices, etc.
    2. Cost – total cost of ownership, value, price stability, price increases/decreases, pricing models, etc.
    3. Quality – accuracy, completeness, mean time to failure, bugs, number of failures, etc.
    4. Personnel – skilled, experienced, knowledgeable, certified, friendly, trustworthy, flexible, accommodating, etc.
    5. Risk – adequate contractual protections, security breaches, lawsuits, finances, audit findings, etc.

    Some criteria may be applicable in more than one category. The categories above should cover at least 80% of the items that are important to your organization. The general criteria listed for each category is not an exhaustive list, but most things break down into time, money, quality, people, and risk issues.

    Step 2.3: Scorecards and feedback (cont.)

    Design a two-way feedback loop with your vendors.

    Additional Considerations

    • Even a good rating system can be confusing. Make sure you provide some examples or a way for reviewers to discern the differences between 1, 2, 3, 4, and 5. Don’t assume your “Rating Key” will be intuitive.
    • When assigning weights, don’t go lower than 10% for any measurement category. If the weight is too low, it won’t be relevant enough to have an impact on the total score. If it doesn’t “move the needle,” don’t include it.
    • Final sign-off on the scorecard template should occur outside of the VMI. The heavy lifting can be done by the VMI to create it, but the scorecard is for the benefit of the organization overall and those impacted by the vendors specifically. You may end up playing arbiter or referee, but the scorecard is not the exclusive property of the VMI. Try to reach consensus on your final template whenever possible.
    • You should notice improved ratings and total scores over time for your vendors. One explanation for this is the Pygmalion Effect: “The Pygmalion [E]ffect describes situations where someone’s high expectations improves our behavior and therefore our performance in a given area. It suggests that we do better when more is expected of us.”* Convey your expectations and let the vendors’ competitive juices take over.
    • While you’re creating your scorecard and materials to explain the process to internal personnel, identify those pieces that will help you explain it to your vendors as part of your vendor orientation (see steps 2.6 and 3.4). Leveraging pre-existing materials is a great shortcut.

    *Source: The Decision Lab, 2020

    Step 2.3: Scorecards and feedback (cont.)

    Design a two-way feedback loop with your vendors.

    Vendor Feedback

    After you’ve built your scorecard, turn your attention to the second half of the equation – feedback from the vendor. A communication loop cannot be successful without the dialogue flowing both ways. While this can happen with just a scorecard, a mechanism specifically geared toward the vendor providing you with feedback improves communication, alignment, and satisfaction.

    You may be tempted to create a formal scorecard for the vendor to use. Our recommendation is to avoid that temptation until later in your maturity or development of the VMI. You’ll be implementing a lot of new processes, deploying new tools and templates, and getting people to work together in new ways. Work on those things first.

    For now, implement an informal process for obtaining information from the vendor. Start by identifying information that you will find useful, information that will allow you to improve overall, to reduce waste or time, to improve processes, to identify gaps in skills. Incorporate these items into your business alignment meetings (see Steps 2.4 and 3.5). Create three to five good questions to ask the vendor and include these in the business alignment meeting agenda. The goal is to get meaningful feedback, and that starts with asking good questions.

    Keep it simple at first. When the time is right, you can build a more formal feedback form or scorecard. Don’t be in a rush though. So long as the informal method works, keep using it.

    2.3.1: Scorecards and feedback

    30-60 minutes

    1. Meet with the participants and brainstorm ideas for your scorecard measurement categories:
      1. What makes a vendor valuable to your organization?
      2. What differentiates a “good” vendor from a “bad” vendor?
      3. What items would you like to measure and provide feedback to the vendor to improve performance, the relationship, risk, and other areas?
    2. Select three, but no more than five, of the following measure categories: timeliness, cost, quality, personnel, and risk.
    3. Within each measurement category, list two or three criteria that you want to measure and track for your vendors; choose items that are as universal as possible rather than being applicable to one vendor or one vendor type.
    4. Assign a weight to each measurement category, ensuring that the total weight is 100% for all measurement categories.
    5. Document your results as you go in Jump – Phase 2 Tools and Templates Compendium, Tab 2.3 Scorecard.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming

    Output

    • Configured scorecard template

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.3 Scorecard

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    2.3.2: Scorecards and feedback

    15-30 minutes

    1. Meet with the participants and brainstorm ideas for feedback to seek from your vendors during your business alignment meetings. During the brainstorming, identify questions to ask the vendor about your organization that will:
      1. Help you improve the relationship.
      2. Help you improve your processes or performance.
      3. Help you improve ongoing communication.
      4. Help you evaluate your personnel.
    2. Identify the top five questions you want to include in your business alignment meeting agenda. (Note: you may need to refine the actual questions from the brainstorming activity before they are ready to include in your business alignment meeting agenda.)
    3. Document both your brainstorming activity and your final results in Jump – Phase 2 Tools and Templates Compendium, Tab 2.3 Feedback. The brainstorming questions can be used in the future as your VMI matures and your feedback transforms from informal to formal. The final results will be used in Steps 2.4 and 3.5.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming

    Output

    • Feedback questions to include with the business alignment meeting agenda

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.3 Feedback

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 2.4: Business alignment meeting agenda

    Craft an agenda that meets the needs of the VMI.

    A business alignment meeting (BAM) is a great, multi-faceted tool to ensure the customer and the vendor stay focused on what is important to the customer at a high level. BAMs are not traditional “operational” meetings where the parties get into the details of the contracts, deal with installation problems, address project management issues, or discuss specific cost overruns. The main focus of the BAM is the scorecard (see Step 2.3), but other topics are discussed and other purposes are served. For example, you can use the BAM to develop the relationship with the vendor’s leadership team so that if escalation is ever needed, your organization is more than just a name on a spreadsheet or customer list; you can learn about innovations the vendor is working on (without the meeting turning into a sales call); you can address high-level performance trends and request corrective action as needed; you can clarify your expectations; you can educate the vendor about your industry, culture, and organization; and you can learn more about the vendor.

    As you build your BAM agenda, someone in your organization may say, “Oh, that’s just a quarterly business review (QBR) or top-to-top meeting.” However, in most instances, an existing QBR or top-to-top meeting is not the same as a BAM. Using the term QBR or top-to-top meeting instead of BAM can lead to confusion internally. The VMI may say to the business unit, Procurement, or another department, “We’re going to start running some QBRs for our strategic vendors.” The typical response is, “There’s no need to do that. We already run QBRs/top-to-top meetings with our important vendors.” This may be accompanied by an invitation to join their meeting, where you may be an afterthought, have no influence, and get five minutes at the end to talk about your agenda items. Keep your BAM separate so that it meets your needs.

    Step 2.4: Business alignment meeting agenda (cont.)

    Craft an agenda that meets the needs of the VMI.

    As previously noted, using the term BAM more accurately depicts the nature of the VMI meeting and prevents confusion internally with other meetings already occurring. In addition, hosting the BAM yourself rather than piggybacking onto another meeting ensures that the VMI’s needs are met. The VMI will set and control the BAM agenda and determine the invite list for internal personnel and vendor personnel. As you may have figured out by now, having the right customer and vendor personnel attend will be essential.

    BAMs are conducted at the vendor level … not the contract level. As a result, the frequency of the BAMs will depend on the vendor’s classification category (see Steps 2.1 and 3.1). General frequency guidelines are provided below, but they can be modified to meet your goals:

    • Commodity Vendors – Not applicable
    • Operational Vendors – Biannually or annually
    • Strategic Vendors – Quarterly
    • Tactical Vendors – Quarterly or biannually

    BAMs can help you achieve some additional benefits not previously mentioned:

    • Foster a collaborative relationship with the vendor.
    • Avoid erroneous assumptions by the parties.
    • Capture and provide a record of the relationship (and other items) over time.

    Step 2.4: Business alignment meeting agenda (cont.)

    Craft an agenda that meets the needs of the VMI.

    As with any meeting, building the proper agenda will be one of the keys to an effective and efficient meeting. A high-level BAM agenda with sample topics is set out below:

    BAM Agenda

    • Opening Remarks
      • Welcome and introductions
      • Review of previous minutes
    • Active Discussion
      • Review of open issues
      • Scorecard and feedback
      • Current status of projects to ensure situational awareness by the vendor
      • Roadmap/strategy/future projects
      • Accomplishments
    • Closing Remarks
      • Reinforce positives (good behavior, results, and performance, value added, and expectations exceeded)
      • Recap
    • Adjourn

    2.4.1: Business alignment meeting agenda

    20-45 minutes

    1. Meet with the participants and review the sample agenda in Jump – Phase 2 Tools and Templates Compendium, Tab 2.4 BAM Agenda.
    2. Using the sample agenda as inspiration and brainstorming activities as needed, create a BAM agenda tailored to your needs.
      1. Select the items from the sample agenda applicable to your situation.
      2. Add any items required based on your brainstorming.
      3. Add the feedback questions identified during Activity 2.3.2 and documented in Jump – Phase 2 Tools and Templates Compendium, Tab 2.3 Feedback.
    3. Gain input and approval from sponsors, stakeholders, and executives as required or appropriate.
    4. Document the final BAM agenda in Jump – Phase 2 Tools and Templates Compendium, Tab 2.4 BAM Agenda.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming
    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.3 Feedback

    Output

    • Configured BAM agenda

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.4 BAM Agenda

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 2.5: Relationship alignment document

    Draft a document to convey important VMI information to your vendors.

    Throughout this blueprint, alignment is mentioned directly (e.g. business alignment meetings [Steps 2.4 and 3.5]) or indirectly implied. Ensuring you and your vendors are on the same page, have clear and transparent communication, and understand each other’s expectations is critical to fostering strong relationships. One component of gaining and maintaining alignment with your vendors is the relationship alignment document (RAD). Depending upon the scope of your VMI and what your organization already has in place, your RAD will fill in the gaps on various topics.

    Early in the VMI’s maturation, the easiest approach is to develop a short document (i.e. 1 page) or a pamphlet (i.e. the classic trifold) describing the rules of engagement when doing business with your organization. The RAD can convey expectations, policies, guidelines, and other items. The scope of the document will depend on 1) what you believe is important for the vendors to understand, and 2) any other similar information already provided to the vendors.

    The first step to drafting a RAD is to identify what information vendors need to know to stay on your good side. For example, you may want vendors to know about your gift policy (e.g. employees may not accept gifts from vendors above a nominal value such as a pen or mousepad). Next, compare your list of what vendors need to know and determine if the content is covered in other vendor-facing documents such as a vendor code of conduct or your website’s vendor portal. Lastly, create your RAD to bridge the gap between what you want and what is already in place. In some instances, you may want to include items from other documents to reemphasize them with the vendor community.

    Info-Tech Insight

    The RAD can be used with all vendors regardless of classification category. It can be sent directly to the vendors or given to them during vendor orientation (see Step 3.3)

    2.5.1: Relationship alignment document

    1-4 hours

    1. Meet with the participants and review the RAD sample and checklist in Jump – Phase 2 Tools and Templates Compendium, Tab 2.5 Relationship Alignment Doc.
    2. Determine:
      1. Whether you will create one RAD for all vendors or one RAD for strategic vendors and another RAD for tactical and operational vendors; whether you will create a RAD for commodity vendors.
      2. The concepts you want to include in your RAD(s).
      3. The format for your RAD(s) – traditional, pamphlet, or other.
      4. Whether signoff or acknowledgement will be required by the vendors.
    3. Draft your RAD(s) and work with other internal areas such as Marketing to create a consistent brand for the RADS and Legal to ensure consistent use and preservation of trademarks or other intellectual property rights and other legal issues.
    4. Review other vendor-facing documents (e.g. supplier code of conduct, onsite safety and security protocols) for consistencies between them and the RAD(s).
    5. Obtain signoff on the RAD(s) from stakeholders, sponsors, executives, Legal, Marketing, and others as needed.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming
    • Vendor-facing documents, policies, and procedures

    Output

    • Completed relationship alignment document(s)

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.5 Relationship Alignment Doc

    Participants

    • VMI team
    • Marketing, as needed
    • Legal, as needed

    Step 2.6: Vendor orientation

    Create a VMI awareness process to build bridges with your vendors.

    Vendor Orientation: 01 - Orientation; 02 - Reorientation; 03 - Debrief

    Your organization is unique. It may have many similarities with other organizations, but your culture, risk tolerance, mission, vision, and goals, finances, employees, and “customers” (those that depend on you) make it different. The same is true of your VMI. It may have similar principles, objectives, and processes to other organizations’ VMIs, but yours is still unique. As a result, your vendors may not fully understand your organization and what vendor management means to you.

    Vendor orientation is another means to helping you gain and maintain alignment with your important vendors, educate them on what is important to you, and provide closure when/if the relationship with the vendor ends. Vendor orientation is comprised of three components, each with a different function:

    • Orientation
    • Reorientation
    • Debrief

    Vendor orientation focuses on the vendor management pieces of the puzzle (e.g. the scorecard process) rather than the operational pieces (e.g. setting up a new vendor in the system to ensure invoices are processed smoothly).

    Step 2.6: Vendor orientation (cont.)

    Create a VMI awareness process to build bridges with your vendors.

    Vendor Orientation: 01 - Orientation

    Orientation

    Orientation is conceptually similar to new hire orientation for employees at your organization. Generally conducted as a meeting, orientation provides your vendors with the information they need to be successful when working with your organization. Sadly, this is often overlooked by customers; it can take months or years for vendors to figure it out by themselves. By controlling the narrative and condensing the timeline, vendor relationships and performance improve more rapidly.

    A partial list of topics for orientation is set out below:

    • Your organization’s structure
    • Your organization’s culture
    • Your relationship expectations
    • Your governances (VMI and other)
    • Their vendor classification designation (commodity, operational, strategic, or tactical)
    • The scorecard process
    • Business alignment meetings
    • Relationship alignment documents

    In short, this is the first step toward building (or continuing to build) a robust, collaborative, mutually beneficial relationship with your important vendors.

    Step 2.6: Vendor orientation (cont.)

    Create a VMI awareness process to build bridges with your vendors.

    Vendor Orientation: 02 - Reorientation

    Reorientation

    Reorientation is either identical or similar to orientation, depending upon the circumstances. Reorientation occurs for a number of reasons, and each reason will impact the nature and detail of the reorientation content. Reorientation occurs whenever:

    • There is a significant change in the vendor’s products or services.
    • The vendor has been through a merger, acquisition, or divestiture.
    • A significant contract renewal/renegotiation has recently occurred.
    • Sufficient time has passed from orientation; commonly 2 to 3 years.
    • The vendor has been placed in a “performance improvement plan” or “relationship improvement plan” protocol.
    • Significant turnover has occurred within your organization (executives, key stakeholders, and/or VMI personnel).
    • Substantial turnover has occurred at the vendor at the executive or account management level.
    • The vendor has changed vendor classification categories after the most current classification.

    As the name implies, the goal is to refamiliarize the vendor with your current VMI situation, governances, protocols, and expectations. The drivers for reorientation will help you determine its scope, scale, and frequency.

    Step 2.6: Vendor orientation (cont.)

    Create a VMI awareness process to build bridges with your vendors.

    Vendor Orientation: 03 - Debrief

    Debrief

    To continue the analogy from orientation, debrief is similar to an exit interview for an employee when their employment is terminated. In this case, debrief occurs when the vendor is no longer an active vendor with your organization – all contracts have terminated or expired, and no new business with the vendor is anticipated within the next three months.

    Similar to orientation and reorientation, debrief activities will be based on the vendor’s classification category within the COST model. Strategic vendors don’t go away very often; usually, they transition to operational or tactical vendors first. However, if a strategic vendor is no longer providing products or services to you, dig a little deeper into their experiences and allocate extra time for the debrief meeting.

    The debrief should provide you with feedback on the vendor’s experience with your organization and their participation in your VMI. In addition, it can provide closure for both parties since the relationship is ending. Be careful that the debrief does not turn into a finger-pointing meeting or therapy session for the vendor. It should be professional and productive; if it is going off the rails, terminate the meeting before more damage can occur.

    End the debrief on a high note if possible. Thank the vendor, highlight its key contributions, and single out any personnel who went above and beyond. You never know when you will be doing business with this vendor again – don’t burn bridges!

    Step 2.6: Vendor orientation (cont.)

    Create a VMI awareness process to build bridges with your vendors.

    • As you create your vendor orientation materials, focus on the message you want to convey.
    • For orientation and reorientation:
      • What is important to you that vendors need to know?
      • What will help the vendors understand more about your organization … your VMI?
      • What and how are you different from other organizations overall … in your “industry”?
      • What will help them understand your expectations?
      • What will help them be more successful?
      • What will help you build the relationship?
    • For debrief:
      • What information or feedback do you want to obtain?
      • What information or feedback to you want to give?
    • The level of detail you provide strategic vendors during orientation and reorientation may be different from the information you provide tactical and operational vendors. Commodity vendors are not typically involved in the vendor orientation process. The orientation meetings can be conducted on a one-to-one basis for strategic vendors and a one-to-many basis for operational and tactical vendors; reorientation and debrief are best conducted on a one-to-one basis. Lastly, face-to-face or video meetings work best for vendor orientation; voice-only meetings, recorded videos, or distributing only written materials seldom hit their mark or achieve the desired results.

    2.6.1: Vendor orientation

    1 to several hours

    1. Meet with the participants and review the Phase Tools and Templates Compendium, Tab 2.6 Vendor Orientation.
      1. Use the orientation checklist to identify the materials you want to create for your orientation meetings.
      2. Use the reorientation checklist to identify the materials you want to create for your reorientation meetings.
    2. The selections can be made by classification category (i.e. different items can apply to strategic, operational, and tactical vendors).
    3. Create the materials and seek input and/or approval from sponsors, stakeholders, and executives as needed.
    4. Use the debrief section of the tool to create an agenda, list the questions you want to ask vendors, and list information you want to provide to vendors. The agenda, questions, and information can be segregated by classification category.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming

    Output

    • Agendas and materials for orientation, reorientation, and debrief

    Materials

    • Phase Tools and Templates Compendium, Tab 2.6 Vendor Orientation

    Participants

    • VMI team

    Step 2.7: Job descriptions

    Ensure new and existing job descriptions are up to date.

    Based on your work product from Steps 1.1-1.9, it’s time to start drafting new or modifying existing job descriptions applicable to the VMI team members. Some of the VMI personnel may be dedicated full-time to the VMI, while others may be supporting the VMI on a part-time basis. At a minimum, create or modify your job descriptions based on the categories set out below. Remember to get the internal experts involved so that you stay true to your environment and culture.

    01 Title

    This should align overall with what the person will be doing and what the person will be responsible for. Your hands may be tied with respect to titles, but try to make them intuitively descriptive if possible.

    02 Duties

    This is the main portion of the job description. List the duties, responsibilities, tasks, activities, and results expected. Again, there may be some limitations imposed by your organization, but be as thorough as possible.

    03 Qualifications

    This tends to be a gray area for many organizations, with the qualifications, certifications, and experience desired expressed in “ranges” so that good candidates are not eliminated from consideration unnecessarily.

    2.7.1: Job descriptions

    1 to several hours

    1. Meet with the participants and review the VMI structure from Step 1.9.
      1. List the positions that require new job descriptions.
      2. List the positions that require updated job descriptions.
    2. Review the other Phase 1 work product and list the responsibilities, tasks, and functions that need to be incorporated into the new and updated job descriptions.
    3. Review the sample VMI job descriptions and sample VMI job description language in Jump – Phase 2 Tools and Templates Compendium, Tab 2.7 Job Descriptions, and identify language and concepts you want to include in the new and revised job descriptions.
    4. Using your template, draft the new job descriptions and modify the existing job descriptions to synchronize with the VMI structure. Work with other internal areas such as Human Resources to ensure cultural fit and compliance.
    5. Obtain input and signoff on the job descriptions from stakeholders, sponsors, executives, Human Resources, and others as needed.
    6. Document your final job descriptions in Jump – Phase 2 Tools and Templates Compendium, Tab 2.7 Job Descriptions.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming
    • Existing job descriptions
    • Work product from Phase 1

    Output

    • Job descriptions for new positions
    • Updated job descriptions for existing positions

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.7 Job Descriptions

    Participants

    • VMI team
    • Human Resources (as needed)
    • Applicable stakeholders and executives (as needed)

    Step 2.8: Policies and procedures

    Prepare policies and procedures for VMI functions.

    Policies and procedures are often thought of as boring documents that are 1) tedious to create, 2) seldom read after creation, and 3) only used to punish people when they do something “wrong.” However, when done well, these documents:

    • Communicate expectations.
    • Capture institutional knowledge.
    • Provide guidance for decision making.
    • Help workers avoid errors and minimize risk.
    • Ensure regulatory and organizational compliance.
    • List the steps required to achieve consistent results.

    Definitions of Policies and Procedures

    Policies and procedures are essential, but they are often confused with each other. A policy is a rule, guideline, or framework for making decisions. For example, in the vendor management space, you may want a policy indicating your organization’s view on gifts from vendors. A procedure is a set of instructions for completing a task or activity. For example, staying in the vendor management space, you may want a procedure to outline the process for classifying vendors.

    Step 2.8: Policies and procedures (cont.)

    Prepare policies and procedures for VMI functions.

    Start With Your Policy/Procedure Template or Create One for Consistency

    When creating policies and procedures, follow your template. If you don’t have one (or want to see if anything is missing from your template) the following list of potential components for your governance documents is provided.* Not every concept is required. Use your judgment and err on the side of caution when drafting; balance readability and helpfulness against over documenting and over complicating.

    • Descriptive Title
    • Policy Number
    • Brief Overview
    • Purpose
    • Scope
    • The Policy or Procedure
    • Definitions
    • Revision Date
    • History
    • Related Documents
    • Keywords

    Step 2.8: Policies and procedures (cont.)

    Prepare policies and procedures for VMI functions.

    Although they are not ever going to be compared to page-turning novels, policies and procedures can be improved by following a few basic principles. By following the guidelines set out below, your VMI policies and procedures will contribute to the effectiveness of your initiative.*

    • Use short sentences.
    • Organize topics logically.
    • Use white space liberally.
    • Use mandatory language.
    • Use gender-neutral terms.
    • Write with an active voice.
    • Avoid jargon when possible.
    • Use a consistent “voice” and tone.
    • Use pictures or diagrams when they will help.
    • Write in the same tense throughout the document.
    • Use icons and colors to designate specific elements.
    • Make sure links to other policies and procedures work.
    • Define all acronyms and jargon (when it must be used).
    • Avoid a numbering scheme with more than three levels.

    *Adapted in part from smartsheet.com

    Info-Tech Insight

    Drafting policies and procedures is an iterative process that requires feedback from the organization’s leadership team.

    2.8.1: Policies and procedures

    Several hours

    1. Meet with the participants and review the sample policies and procedures topics in Jump – Phase 2 Tools and Templates Compendium, Tab 2.8 Policies and Procedures.
    2. Determine:
      1. The concepts you want to include in your policies and procedures; brainstorm for any additional concepts you want to include.
      2. The format/template for your policies and procedures.
    3. Draft your policies and procedures based on the sample topics and your brainstorming activity. Work with other internal areas such as Legal and Human Resources to ensure cultural and environmental fit within your organization.
    4. Obtain input and signoff on the policies and procedures from stakeholders, sponsors, executives, Legal, Human Resources, and others as needed.
    5. Document your final policies and procedures in Jump – Phase 2 Tools and Templates Compendium, Tab 2.8 Policies and Procedures.
    6. Publish your policies and procedures and conduct training sessions or awareness sessions as needed.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Existing policies and procedures (if any)
    • Existing policies and procedures template (if any)
    • Scope
    • OIC chart
    • Process maps
    • Brainstorming

    Output

    • VMI policies and procedures

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.8 Policies and Procedures

    Participants

    • VMI team
    • Legal and Human Resources (as needed)
    • Applicable stakeholders and executives (as needed)

    Step 2.9: 3-year roadmap

    Plot your path at a high level.

    The VMI exists in many planes concurrently: 1) it operates both tactically and strategically, and 2) it focuses on different timelines or horizons (e.g. the past, the present, and the future). Creating a 3-year roadmap facilitates the VMI’s ability to function effectively across these multiple landscapes.

    The VMI roadmap will be influenced by many factors. The work product from Phase 1: Plan, input from executives, stakeholders, and internal clients, and the direction of the organization as a whole are great sources of information as you begin to build your roadmap.

    To start, identify what you would like to accomplish in Year 1. This is arguably the easiest year to complete: budgets are set (or you have a good idea what the budget will look like), personnel decisions have been made, resources have been allocated, and other issues impacting the VMI are known with a higher degree of certainty than any other year. This does not mean things won’t change during the first year of the VMI, but expectations are usually lower and the short event horizon makes things more predictable during the Year-1 ramp-up period.

    Years 2 and 3 are more tenuous, but the process is the same: identify what you would like to accomplish or roll out in each year. Typically, the VMI maintains the Year 1 plan into subsequent years and adds to the scope or maturity. For example, you may start Year 1 with BAMs and scorecards for three of your strategic vendors; during Year 2, you may increase that to five vendors; and during Year 3, you may increase that to nine vendors. Or, you may not conduct any market research during Year 1, waiting to add it to your roadmap in Year 2 or 3 as you mature.

    Breaking things down by year helps you identify what is important and the timing associated with your priorities. A conservative approach is recommended. It is easy to overcommit, but the results can be disastrous and painful.

    2.9.1: 3-year roadmap

    45-90 minutes

    1. Meet with the participants and decide how to coordinate Year 1 of your 3-year roadmap with your existing fiscal year or reporting year. Year 1 may be shorter or longer than a calendar year.
    2. Review the VMI activities listed in Jump – Phase 2 Tools and Templates Compendium, Tab 2.9 3-Year Roadmap. Use brainstorming and your prior work product from Phase 1 and Phase 2 to identify additional items for the roadmap and add them at the bottom of the spreadsheet.
    3. Starting with the first activity, determine when that activity will begin and put an X in the corresponding column; if the activity is not applicable, leave it blank or insert N/A.
    4. Go back to the top of the list and add information as needed.
      1. For any Year-1 or Year-2 activities, add an X in the corresponding columns if the activity will be expanded/continued in subsequent periods (e.g. if a Year 2 activity will continue in Year 3, put an X in Year 3 as well).
      2. Use the comments column to provide clarifying remarks or additional insights related to your plans or “X’s.” For example, “Scorecards begin in Year 1 with three vendors and will roll out to five vendors in Year 2 and nine vendors in Year 3.”
    5. Obtain signoff from stakeholders, sponsors, and executives as needed.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Phase 1 work product
    • Steps 2.1-2.8 work product
    • Brainstorming

    Output

    • High level 3-year roadmap for the VMI

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.9 3-Year Roadmap

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 2.10: 90-day plan

    Pave your short-term path with a series of detailed quarterly plans.

    Now that you have prepared a 3-year roadmap, it’s time to take the most significant elements from the first year and create action plans for each three-month period. Your first 90-day plan may be longer or shorter if you want to sync to your fiscal or calendar quarters. Aligning with your fiscal year can make it easier for tracking and reporting purposes; however, the more critical item is to make sure you have a rolling series of four 90-day plans to keep you focused on the important activities and tasks throughout the year.

    The 90-day plan is a simple project plan that will help you measure, monitor, and report your progress. Use the Info-Tech tool to help you track:

    • Activities
    • Tasks comprising each activity
    • Who will be performing the tasks
    • An estimate of the time required per person per task
    • An estimate of the total time to achieve the activity
    • A due date for the activity
    • A priority of the activity

    The first 90-day plan will have the greatest level of detail and should be as thorough as possible; the remaining three 90-day plans will each have less detail for now. As you approach the middle of the first 90-day plan, start adding details to the next 90-day plan; toward the end of the first quarter add a high-level 90-day plan to the end of the chain. Continue repeating this cycle each quarter and consult the 3-year roadmap and the leadership team as necessary.

    90 Days

    2.10.1: 90-day plan

    45-90 minutes

    1. Meet with the participants and decide how to coordinate the first 90-day plan with your existing fiscal year or reporting cycles. Your first plan may be shorter or longer than 90 days.
    2. Looking at the Year 1 section of the 3-year roadmap, identify the activities that will be started during the next 90 days.
    3. Using the Jump – Phase 2 Tools and Templates Compendium, Tab 2.10 90-Day Plan, enter the following information into the spreadsheet for each activity to be accomplished during the next 90 days:
      1. Activity description
      2. Tasks required to complete the activity (be specific and descriptive)
      3. The people who will be performing each task
      4. The estimated number of hours required to complete each task
      5. The start date and due date for each task or the activity
    4. Validate the tasks are a complete list for each activity and the people performing the tasks have adequate time to complete the tasks by the due date(s).
    5. Assign a priority to each activity.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • 3-year roadmap
    • Phase 1 work product
    • Steps 2.1-2.9 work product
    • Brainstorming

    Output

    • Detailed plan for the VMI for the next quarter or 90 days

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.10 90-Day Plan

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 2.11: Quick wins

    Identify potential short-term successes to gain momentum and show value immediately.

    As the final step in the timeline trilogy, you are ready to identify some quick wins for the VMI. Using the first 90-day plan and a brainstorming activity, create a list of things you can do in 15 to 30 days that add value to your initiative and build momentum.

    As you evaluate your list of potential candidates, look for things that:

    • Are achievable within the stated timeline.
    • Don’t require a lot of effort.
    • Involve stopping a certain process, activity, or task; this is sometimes known as a “stop doing stupid stuff” approach.
    • Will reduce or eliminate inefficiencies; this is sometimes known as the war on waste.
    • Have a moderate to high impact or bolster the VMI’s reputation.

    As you look for quick wins, you may find that everything you identify does not meet the criteria. That’s ok … don’t force the issue. Return your focus to the 90-day plan and 3-year roadmap, and update those documents if the brainstorming activity associated with this Step 2.11 identified anything new.

    2.11.1: Quick wins

    15-30 minutes

    1. Meet with the participants and review the 3-year roadmap and 90-day plan. Determine if any item on either document can be completed:
      1. Quickly (30 days or less)
      2. With minimal effort
      3. To provide or show moderate to high levels of value or provide the VMI with momentum
    2. Brainstorm to identify any other items that meet the criteria in step 1 above.
    3. Compile a comprehensive list of these items and select up to five to pursue.
    4. Document the list in the Jump – Phase 2 Tools and Templates Compendium, Tab 2.11 Quick Wins.
    5. Manage the quick wins list and share the results with the VMI team and applicable stakeholders and executives.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • 3-year roadmap
    • 90-day plan
    • Brainstorming

    Output

    • A list of activities that require low levels of effort to achieve moderate to high levels of value in a short period

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.11 Quick Wins

    Participants

    • VMI team

    Step 2.12: Reports

    Construct your reports to resonate with your audience.

    Issuing reports is a critical piece of the VMI since the VMI is a conduit of information for the organization. It may be aggregating risk data from internal areas, conducting vendor research, compiling performance data, reviewing market intelligence, or obtaining relevant statistics, feedback, comments, facts, and figures from other sources. Holding onto this information minimizes the impact a VMI can have on the organization; however, the VMI’s internal clients, stakeholders, and executives can drown in raw data and ignore it completely if it is not transformed into meaningful, easily-digested information.

    Before building a report, think about your intended audience:

    • What information are they looking for … what will help them understand the big picture?
    • What level of detail is appropriate, keeping in mind the audience may not be like-minded?
    • What items are universal to all of the readers and what items are of interest to one or two readers?
    • How easy or hard will it be to collect the data … who will be providing it, how time consuming will it be?
    • How accurate, valid, and timely will the data be?
    • How frequently will each report need to be issued?

    Step 2.12: Reports (cont.)

    Construct your reports to resonate with your audience.

    Use the following guidelines to create reports that will resonate with your audience:

    • Value information over data, but sometimes data does have a place in your report.
    • Use pictures, graphics, and other representations more than words, but words are often necessary in small, concise doses.
    • Segregate your report by user; for example, general information up top, CIO information below that on the right, CFO information to the left of CIO information, etc.
    • Send a draft report to the internal audience and seek feedback, keeping in mind you won’t be able to cater to or please everyone.

    Step 2.12: Reports (cont.)

    Construct your reports to resonate with your audience.

    The report’s formatting and content display can make or break your reports.*

    • Make the report look inviting and easy to read. Use:
      • Short paragraphs and bullet points.
      • A simple layout and uncluttered, wide margins.
      • Minimal boldface, underline, or italics to attract the readers’ attention.
      • High contrast between text and background.
    • Charts, graphs, and infographics should be intuitive and tell the story on their own.
    • Make it easy to peruse the report for topics of interest.
      • Maintain consistent design features.
      • Use impactful, meaningful headings and subheadings.
      • Include callouts to draw attention to important high-level information.
    • Demonstrate the impact of the accomplishments or success stories when appropriate.
    • Finish with a simple concise summary when appropriate. Consider adding:
      • Key points for the reader to takeaway.
      • Action items or requests.
      • Plans for next reporting period.

    *Sources: Adapted and compiled in part from: designeclectic.com, ahrq.gov, and 60secondmarketer.com.

    2.12.1: Reports

    15-45 minutes

    1. Meet with the participants and review the applicable work product from Phases 1 and 2; identify qualitative and quantitative items the VMI measures, monitors, tracks, or aggregates.
    2. Determine which items will be reported and to whom (by category):
      1. Internally to personnel within the VMI
      2. Internally to personnel outside the VMI
      3. Externally to vendors
    3. Within each category above, determine your intended audiences/recipients. For example, you may have a different list of recipients for a risk report than you do a scorecard summary report. This will help you identify the number of reports required.
    4. Create a draft structure for each report based on the audience and the information being conveyed. Determine the frequency of each report and person responsible for creating for each report.
    5. Document your final choices in Jump – Phase 2 Tools and Templates Compendium, Tab 2.12 Reports.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming
    • Phase 1 work product
    • Steps 2.1-2.11 work product

    Output

    • A list of reports used by the VMI
    • For each report:
    • The conceptual content
    • A list of who will receive or have access
    • A creation/distribution frequency

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.12 Reports

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Phase 3: Run

    Implement Your Processes and Leverage Your Tools and Templates

    Phase 1 Phase 2 Phase 3 Phase 4
    1.1 Mission Statement and Goals
    1.2 Scope
    1.3 Strengths and Obstacles
    1.4 Roles and Responsibilities
    1.5 Process Mapping
    1.6 Charter
    1.7 Vendor Inventory
    1.8 Maturity Assessment
    1.9 Structure

    2.1 Classification Model
    2.2 Risk Assessment Tool
    2.3 Scorecards and Feedback
    2.4 Business Alignment Meeting Agenda
    2.5 Relationship Alignment Document
    2.6 Vendor Orientation
    2.7 Job Descriptions
    2.8 Policies and Procedures
    2.9 3-Year Roadmap
    2.10 90-Day Plan
    2.11 Quick Wins
    2.12 Reports

    3.1 Classify Vendors
    3.2 Conduct Internal “Kickoff” Meeting
    3.3 Conduct Vendor Orientation
    3.4 Compile Scorecards
    3.5 Conduct Business Alignment Meetings
    3.6 Work the 90-Day Plan
    3.7 Manage the 3-Year Roadmap
    3.8 Measure and Monitor Risk
    3.9 Issue Reports
    3.10 Develop/Improve Vendor Relationships
    3.11 Contribute to Other Processes

    4.1 Assess Compliance
    4.2 Incorporate Leading Practices
    4.3 Leverage Lessons Learned
    4.4 Maintain Internal Alignment
    4.5 Update Governances

    This phase will walk you through the following activities:

    Begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Others as needed

    Jump Start Your Vendor Management Initiative

    Phase 3: Run

    Implement your processes and leverage your tools and templates.

    All of the hard work invested in Phase 1: Plan and Phase 2: Build begins to pay off in Phase 3: Run. It’s time to stand up your VMI and ensure that the proper level of resources is devoted to your vendors and the VMI itself. There’s more hard work ahead, but the foundational elements are in place. This doesn’t mean there won’t be adjustments and modifications along the way, but you are ready to use the tools and templates in the real world; you are ready to begin reaping the fruits of your labor.

    Phase 3: Run guides you through the process of collecting data, monitoring trends, issuing reports, and conducting effective meetings to:

    • Manage risk better.
    • Improve vendor performance.
    • Improve vendor relationships.
    • Identify areas where the parties can improve.
    • Improve communication between the parties.
    • Increase the value proposition with your vendors.

    Step 3.1: Classify vendors

    Begin classifying your top 25 vendors by spend.

    Step 3.1 sets the table for many of the subsequent steps in Phase 3: Run. The results of your classification process will determine: which vendors go through the scorecarding process (Step 3.4); which vendors participate in BAMs (Step 3.5); the nature and content of the vendor orientation activities (Step 3.3); which vendors will be part of the risk measurement and monitoring process (Step 3.8); which vendors will be included in the reports issued by the VMI (Step 3.9); and which vendors you will devote relationship-building resources to (Step 3.10).

    As you begin classifying your vendors, Info-Tech recommends using an iterative approach initially to validate the results from the classification model you configured in Step 2.1.

    1. Using the information from the Vendor Inventory tab (Step 1.7), identify your top 25 vendors by spend.
    2. Run your top 10 vendors by spend through the classification model and review the results.
      1. If the results are what you expected and do not contain any significant surprises, go to next page.
      2. If the results are not what you expected or contain significant surprises, look at the configuration page of the tool (Tab 1) and adjust the weights or the spend categories slightly. Be cautious in your evaluation of the results before modifying the configuration page – some legitimate results are unexpected or surprising based on bias. If you modify the weighting, review the new results and repeat your evaluation. If you modify the spend categories, review the answers on the vendor tabs to ensure that the answers are still accurate; review the new results and repeat your evaluation.

    Step 3.1: Classify vendors (cont.)

    Review your results and adjust the classification tool as needed.

    1. Run your top 11 through 25 vendors by spend through the classification model and review the results. Identify any unexpected results or surprises. Determine if further configuration makes sense and repeat the process outlined in 2.b, previous page, as necessary. If no further modifications are required, continue to 4, below.
    2. Share the preliminary results with the leadership team, executives, and stakeholders to obtain their approval or adjustments to the results.
      1. They may have questions and want to understand the process before approving the results.
      2. They may request that you move a vendor from one quadrant to another based on your organization’s roadmap, the vendor’s roadmap, or other information not available to you.
    3. Identify the vendors that will be part of the VMI at this stage – how many and which ones. Based on this number and the VMI’s scope (Step 1.2), make sure you have the resources necessary to accommodate the number of vendors participating in the VMI. Proceed cautiously and gradually increase the number of vendors participating in the VMI.

    Step 3.1: Classify vendors (cont.)

    Finalize the results and update VMI tools and templates.

    1. Update the Vendor Inventory tab (Step 1.7) to indicate the current classification status for the top 25 vendors by spend. Once your vendors have been classified, you can sort the Vendor Inventory tab by classification status to see all the vendors in that category at once.
    2. Review your 3-year roadmap (Step 2.9) and 90-day plans (Step 2.10) to determine if any modifications are needed to the activities and timelines.

    Additional classification considerations:

    • You should only have a few vendors that fit in the strategic category. As a rough guideline, no more than 5% to 10% of your IT vendors should end up in the strategic category. If you have a large number of vendors, even 5% may be too many. The classification model is an objective start to the classification process, but common sense must prevail over the “math” at the end of the day.
    • At this point, there is no need to go beyond the top 25 by spend. Most VMIs starting out can’t handle more than three to five strategic vendors initially. Allow the VMI to run a pilot program with a small sample size, work out any bugs, make adjustments, and then ramp up the VMI’s rollout in waves. Vendors can be added quarterly, biannually, or annually, depending upon the desired goals and available resources.

    Step 3.1: Classify vendors (cont.)

    Align your vendor strategy to your classification results.

    As your VMI matures, additional vendors will be part of the VMI. Review the table below and incorporate the applicable strategies into your deployment of vendor management principles over time. Stay true to your mission, goals, and scope, and remember that not all of your vendors are of equal importance.

    Operational Strategic
    • Focus on spend containment
    • Concentrate on lowering total cost of ownership
    • Invest moderately in cultivating the relationship
    • Conduct BAMs biannually or annually
    • Compile scorecards quarterly or biannually
    • Identify areas for performance and cost improvement
    • Focus on value, collaboration, and alignment
    • Review market intelligence for the vendor’s industry
    • Invest significantly in cultivating the relationship
    • Initiate executive-to-executive relationships
    • Conduct BAMs quarterly
    • Compile scorecards quarterly
    • Understand how the vendors view your organization

    Commodity

    Tactical

    • Investigate vendor rationalization and consolidation
    • Negotiate for the best-possible price
    • Leverage competition during negotiations
    • Streamline the purchasing and payment process
    • Allocate minimal VMI resources
    • Assign the lowest priority for vendor management metrics
    • Conduct risk assessments biannually or annually
    • Cultivate a collaborative relationship based on future growth plans or potential with the vendor
    • Conduct BAMs quarterly or biannually
    • Compile scorecards quarterly
    • Identify areas of performance improvement
    • Leverage innovation and creative problem solving

    Step 3.1: Classify vendors (cont.)

    Be careful when using the word “partner” with your strategic and other vendors.

    For decades, vendors have used the term “partner” to refer to the relationship they have with their clients and customers. In many regards, this is often an emotional ploy used by the vendors to get the upper hand. To fully understand the terms “partner” and “partnership” let’s evaluate them through two more-objective, less-cynical lenses.

    If you were to talk to your in-house or outside legal counsel, you may be told that partners share in profits and losses, and they have a fiduciary obligation to each other. Unless there is a joint venture between the parties, you are unlikely to have a partnership with a vendor from this perspective.

    What about a “business” partnership … one that doesn’t involve sharing profits and losses? What would that look like? Here are some indicators of a business partnership (or preferably a strategic alliance):

    • Trust and transparent communication exist.
    • You have input into the vendor’s roadmap for products and services.
    • The vendor is aligned with your desired outcomes and helps you achieve success.
    • You and the vendor are accountable for actions and inactions, with both parties being at risk.
    • There is parity in the peer-to-peer relationships between the organizations (e.g. C-Level to C-Level).
    • The vendor provides transparency in pricing models and proactively suggests ways for you to reduce costs.
    • You and the vendor work together to make each party better, providing constructive feedback on a regular basis.
    • The vendor provides innovative suggestions for you to improve your processes, performance, the bottom line, etc.
    • Negotiations are not one-sided; they are meaningful and productive, resulting in an equitable distribution of money and risk.

    Step 3.1: Classify vendors (cont.)

    Understand the implications and how to leverage the words “partner” and “partnership.”

    By now you might be thinking, “What’s all the fuss? Why does it matter?” At Info-Tech, we’ve seen firsthand how referring to the vendor as a partner can have the following impact:

    • Confidences are disclosed unnecessarily.
    • Negotiation opportunities and leverage are lost.
    • Vendors no longer have to earn the customer’s business.
    • Vendor accountability is missing due to shared responsibilities.
    • Competent skilled vendor resources are assigned to other accounts.
    • Value erodes over time since contracts are renewed without being competitively sourced.
    • One-sided relationships are established, and false assurances are provided at the highest levels within the customer organization.

    Proceed with caution when using partner or partnership with your vendors. Understand how your organization benefits from using these terms and mitigate the negatives outlined above by raising awareness internally to ensure people understand the psychology behind the terms. Finally, use the term to your advantage when warranted by referring to the vendor as a partner when you want or need something that the vendor is reluctant to provide. Bottom line: Be strategic in how you refer to vendors and know the risks.

    Step 3.2: Conduct internal “kickoff” meeting

    Raise awareness about the VMI and its mission, vision, and goals.

    To be effective, your VMI needs executive support, a clear vision, appropriate governances and tools, personnel with the right skills, and other items discussed in this blueprint. However, the VMI doesn’t exist in a vacuum … it can’t sit back and be reactive. As part of being proactive, the VMI must be aware of its brand and “market” its services. An effective way to market the VMI is to conduct an internal kickoff meeting. There are at least a couple of ways to do this:

    • Host a meeting for stakeholders, executives, and others who will be contributing to the VMI processes (but are not part of the VMI). The meeting can be part of a townhall or standalone meeting; it can be done live or via a recorded video.
    • Attend appropriate staff meetings and make your presentation.

    With either approach above or one of your choosing, keep in mind the following objectives for your kickoff meeting:

    • Make sure you provide a way for those in attendance to ask questions at that time and later. You want to create and foster a communication loop with the people who will be impacted by the VMI or participating with it.
    • Raise awareness of your existence and personnel. Tell the VMI’s story by sharing your mission statement, goals, and scope; this will help dispel (or confirm) rumors about the VMI that often lead to confusion and faulty assumptions.
    • As you share the VMI’s vision, connect the story to how the VMI will impact the organization and individuals and to how they can help. The VMI tends to be the least autonomous area within an organization; it needs the assistance of others to be successful. Convey an atmosphere of collaboration and appreciation for their help.

    Host a kickoff meeting annually to kickoff the new year. Remind people of your story, announce successes from the past year, and indicate what the future year holds. Keep it brief, make it personal for the audience, and help them connect the names of VMI personnel to faces.

    Step 3.3: Conduct vendor orientation

    Introduce your VMI to your top vendors.

    Based on the results from your vendor classification (Step 3.1) and your VMI deployment timeline, identify the vendors who will participate in the initial orientation meetings. Treat the orientation as a formal, required meeting for the vendors to attend. Determine the attendee list for your organization and the vendors, and send out invites. Ideally, you will want the account manager, a sales director or vice president, the “delivery” director or vice president, and an executive from the vendor in the meeting. From the customer side, you may need more than one or two people from the VMI to entice the vendor’s leadership team to attend; you may need attendance from your own leadership team to add weight or credibility to the meeting (unfortunately).

    Before going into the meeting, make sure everyone on your side knows their roles and responsibilities, and review the agenda. Control the agenda or the meeting is likely to get out of hand and turn into a sales call.

    Conduct orientation meetings even if the participating vendors have been doing business with you for several years. Don’t assume they know all about your organization and your VMI (even if their other clients have a VMI).

    Run two or three orientation meetings and then review the “results.” What needs to be modified? What lessons have you learned? Make any necessary adjustments and continue rolling out the orientation meetings.

    Early in the VMI’s deployment, reorientation and debrief may not be in play. As time passes, it is important to remember them! Use them when warranted to help with vendor alignment.

    Step 3.4: Compile scorecards

    Begin scoring your top vendors.

    The scorecard process typically is owned and operated by the VMI, but the actual rating of the criteria within the measurement categories is conducted by those with day-to-day interactions with the vendors, those using or impacted by the services and products provided by the vendors, and those with the skills to research other information on the scorecard (e.g. risk). Chances are one person will not be able to complete an entire scorecard by themselves. As a result, the scorecard process is a team sport comprising sub-teams where necessary.

    The VMI will compile the scores, calculate the final results, and aggregate all of the comments into one scorecard. There are two common ways to approach this task:

    1. Send out the scorecard template to those who will be scoring the vendor and ask them to return it when completed, providing them with a due date a few days before you actually need it; you’ll need time to compile, calculate, and aggregate.
    2. Invite those who will be scoring the vendor to a meeting and let the contributors use that time to score the vendors; make VMI team members available to answer questions and facilitate the process.

    Step 3.4: Compile scorecards (cont.)

    Gather input from stakeholders and others impacted by the vendors.

    Since multiple people will be involved in the scorecarding process or have information to contribute, the VMI will have to work with the reviewers to ensure that the right mix of data is provided. For example:

    • If you are tracking lawsuits filed by or against the vendor, one person from Legal may be able to provide that, but they may not be able to evaluate any other criteria on the scorecard.
    • If you are tracking salesperson competencies, multiple people from multiple areas may have valuable insights.
    • If you are tracking deliverable timeliness, several project managers may want to contribute across several projects.

    Where one person is contributing exclusively to limited criteria, make it easy for the person to identify the criteria they are to evaluate. When multiple people from the same functional area will provide insights, they can contribute individually (and the VMI will average their responses) or they can respond collectively after reaching consensus among themselves.

    After the VMI has compiled, calculated, and aggregated, share the results with executives, impacted stakeholders, and others who will be attending the BAM for that vendor. Depending upon the comments provided by internal personnel, you may need to create a sanitized version of the scorecard for the vendor.

    Make sure your process timeline has a buffer built in. You’ll be sending the final scorecard to the vendor three to five days before the BAM, and you’ll need some time to assemble the results. The scorecarding process can be perceived as a low-priority activity for people outside of the VMI, and other “priorities” will arise for them. Without a timeline buffer, the VMI may find itself behind schedule and unprepared due to things beyond its control.

    Step 3.5: Conduct business alignment meetings

    Determine which vendors will participate and how long the meetings will last.

    At their core, BAMs aren’t that different from any other meeting. The basics of running a meeting still apply, but there are a few nuances that apply to BAMs Set out below are leading practices for conducing your BAMs; adapt them to meet your needs and suit your environment.

    Who

    Initially, BAMs are conducted with the strategic vendors in your pilot program. Over time, you’ll add vendors until all of your strategic vendors are meeting with you quarterly. After that, roll out the BAMs to those tactical and operational vendors located close to the strategic quadrant in the classification model (Steps 2.1 and 3.1) and as VMI resources allow. It may take several years before you are holding regular BAMs with all of your strategic, tactical, and operational vendors.

    Duration

    Keep the length of your meetings reasonable. The first few with a vendor may need to be 60 to 90 minutes long. After that, you should be able to trim them to 45 to 60 minutes. The BAM does not have to fill the entire time. When you are done, you are done.

    Step 3.5: Conduct business alignment meetings (cont.)

    Identify who will be invited and send out invitations.

    Invitations

    Set up a recurring meeting whenever possible. Changes will be inevitable, but keeping the timeline regular works to your advantage. Also, the vendors included in your initial BAMs won’t change for twelve months. For the first BAM with a vendor, provide adequate notice; four weeks is sufficient in most instances, but calendars will fill up quickly for the main attendees from the vendor. Treat the meeting as significant and make sure your invitation reflects this. A simple meeting request will often be rejected, treated as optional, or ignored completely by the vendor’s leadership team (and maybe yours as well!).

    Invitees

    Internal invitees should include those with a vested interest in the vendor’s performance and the relationship. In addition, other functional areas may be invited based on need or interest. Be careful the attendee list doesn’t get too big. Based on this, internal BAM attendees often include representatives from IT, Sourcing/Procurement, and the applicable business units. At times, Finance and Legal are included.

    From the vendor’s side, strive to have decision makers and key leaders attend. The salesperson/account manager is often included for continuity, but a director or vice president of sales will have more insights and influence. The project manager is not needed at this meeting due to the nature of the meeting and its agenda; however, a director or vice president from the “product or service delivery” area is a good choice. Bottom line: get as high into the vendor’s organization as possible whenever possible; look at the types of contracts you have with that vendor to provide guidance on the type of people to invite.

    Step 3.5: Conduct business alignment meetings (cont.)

    Prepare for the meetings and maintain control.

    Preparation

    Send the scorecard and agenda to the vendor five days prior to the BAM. The vendor should provide you with any information you require for the meeting five days prior as well.

    Decide who will run the meeting. Some customers like to lead and others let the vendor present. How you craft the agenda and your preferences will dictate who runs the show.

    Make sure the vendor knows what materials it should bring to the meeting or have access to. This will relate to the agenda and any specific requests listed under the discussion points. You don’t want the vendor to be caught off guard and unable to discuss a matter of importance to you.

    Running the BAM

    Regardless of which party leads, make sure you manage the agenda to stay on topic. This is your meeting – not the vendor’s, not IT’s, not Procurement’s or Sourcing’s. Don’t let anyone hijack it.

    Make sure someone is taking notes. If you are running this virtually, consider recording the meeting. Check with your legal department first for any concerns, notices, or prohibitions that may impact your recording the session.

    As a reminder, this is not a sales call, and this is not a social activity. Innovation discussions are allowed and encouraged, but that can quickly devolve into a sales presentation. People can be friendly toward one another, but the relationship building should not overwhelm the other purposes.

    Step 3.5: Conduct business alignment meetings (cont.)

    Follow these additional guidelines to maximize your meetings.

    More Leading Practices

    • Remind everyone that the conversation may include items covered by various confidentiality provisions or agreements.
    • Publish the meeting minutes on a timely basis (within 48 hours).
    • Focus on the bigger picture by looking at trends over time; get into the details only when warranted.
    • Meet internally immediately beforehand to prepare – don’t go in cold; review the agenda and the roles and responsibilities for the attendees.
    • Physical meetings are better than virtual meetings, but travel constraints, budgets, and pandemics may not allow for physical meetings.

    Final Thoughts

    • When performance or the relationship is suffering, be constructive in your feedback and conversations rather than trying to assign blame; lead with the carrot rather than the stick.
    • Look for collaborative solutions whenever possible and avoid referencing the contract if possible. Communicate your willingness to help resolve outstanding issues.
    • Use inclusive language and avoid language that puts the vendor on the defensive.
    • Make sure that your meetings are not focused exclusively on the negative, but don’t paint a rosy picture where one doesn’t exist.
    • A vendor that is doing well should be commended. This is an important part of relationship building.

    Step 3.6: Work the 90-day plan

    Monitor your progress and share your results.

    Having a 90-day plan is a good start, but assuming the tasks on the plan will be accomplished magically or without any oversight can lead to failure. While it won’t take a lot of time to work the plan, following a few basic guidelines will help ensure the 90-day plan gets results and wasn’t created in vain.

    90-Day Plan: Activity 1; Activity 2; Activity 3; Activity 4; Activity 5
    1. Measure and track your progress against the initial/current 90-day plan at least weekly; with a short timeline, any delay can have a huge impact.
    2. If adjustments are needed to any elements of the plan, understand the cause and the impact of those adjustments before making them.
    3. Make adjustments ONLY when warranted. The temptation will be to push activities and tasks further out on the timeline (or to the next 90-day plan!) when there is any sort of “hiccup” along the way, especially when personnel outside the VMI are involved. Hold true to the timeline whenever possible; once you start slipping, it often becomes a habit.
    4. Report on progress every week and hold people accountable for their assignments and contributions.
    5. Take the 90-day plan seriously and treat it as you would any significant project – this is part of the VMI’s branding and image.

    Step 3.7: Manage the 3-year roadmap

    Keep an eye on the future since it will feed the present.

    The 3-year roadmap is a great planning tool, but it is not 100% reliable. There are inherent flaws and challenges. Essentially, the roadmap is a set of three “crystal balls” attempting to tell you what the future holds. The vision for Year 1 may be fairly clear, but for each subsequent year, the crystal ball becomes foggier. In addition, the timeline is constantly changing; before you know it, tomorrow becomes today and Year 2 becomes Year 1.

    To help navigate through the roadmap and maximize its potential, follow these principles:

    • Manage each year of the roadmap differently.
      • Review the Year 1 map each quarter to update your 90-day plans (See steps 2.10 and 3.6).
      • Review the Year 2 map every six months to determine if any changes are necessary. As you cycle through this, your vantage point of Year 2 will be 6 months or 12 months away from the beginning of Year 2, and time moves quickly.
      • Review the Year 3 map annually, and determine what needs to be added, changed, or deleted. Each time you review Year 3, it will be a “new” Year 3 that needs to be built.
    • Analyze the impact on the proposed modifications from two perspectives: 1) What is the impact if a requested modification is made? 2) What is the impact if a requested modification is not made?
    • Validate all modifications with leadership and stakeholders before updating the 3-year roadmap to ensure internal alignment.

    Step 3.8: Measure and monitor risk

    Understand and manage risk levels.

    Using the configured Vendor Risk Assessment Tool (Step 2.2), confirm which risks you will be measuring and monitoring and identify the vendors that will be part of the initial risk management process. Generally, organizations start measuring and monitoring risk in two to five risk categories for two or three strategic vendors. Over time, additional risk categories and/or vendors can be added in waves. Resist the temptation to add risk categories or vendors into the mix too quickly. Expanding requires resources inside and outside of the VMI.

    The VMI will rely heavily on other areas to provide input or the risk data, and the VMI needs to establish good working relationships with those areas. For example, if legal risk is something being measured and monitored, the VMI will need data from Legal on the number and nature of any lawsuits filed by or against the applicable vendors; the VMI will need data from Legal, Contract Management, or Procurement/Sourcing on the number and nature of any agreed upon deviations from your organization’s preferred contract terms that increase legal risk.

    With respect to risk, the VMI’s main role is threefold: 1) take the data obtained from others (or in some instances the VMI may have the data) and turn it into useful information, 2) monitor the risk categories over time and periodically issue reports, and 3) work with other areas to manage the risk.

    Step 3.9: Issue reports

    Inform internal personnel and vendors about trends, issues, progress, and results.

    Issuing the reports created in Step 2.12 is one of the main ways the VMI 1) will communicate with internal and external personnel and 2) track trends and information over time. Even with input from the potential reviewers of the reports, you’ll still want to seek their feedback and input periodically. It may take a few iterations until the reports are hitting their mark. You may find that a metric is no longer required, that a metric is missing completely or it is missing a component, or a formatting change would improve the report’s readability. Once a report has been “finalized,” try not to change it until you are engaged in Phase 4: Review activities. It can be unsettling for the reviewers when reports change constantly.

    Whenever possible, find ways to automate the reports. While issuing reports is critical, the function should not consume more time than necessary. Automation can remove some of the manual and repetitive tasks.

    Internal reports may need to be kept confidential. An automated dashboard or reporting tool can help lock down who has access to the information. At a minimum, the internal reports should contain a “Confidential” stamp, header, watermark, or other indicator that the materials are sensitive and should not be disclosed outside of your organization without approval.

    Reports for vendors may not need to be sent as often as reports are generated or prepared for internal personnel. Establish a cadence by classification model category and stick to it. Letting each vendor choose the frequency will make it more difficult for you to manage. The vendors can choose to ignore the report if they so choose.

    This is an image of an example of a bar graph showing ROI and Benchmark for Categories 1-6

    Step 3.10: Develop/improve vendor relationships

    Drive better performance through better relationships.

    One of the key components of a VMI is relationship management. Good relationships with your vendors provide many benefits for both parties, but they don’t happen by accident. Do not assume the relationship will be good or is good merely because your organization is buying products and services from a vendor.

    In many respects, the VMI should mirror a vendor’s sales organization by establishing relationships at multiple levels within the vendor organizations – not just with the salesperson or account manager. Building and maintaining relationships is hard work, but the return on investment makes it worthwhile.

    Business relationships are comprised of many components, not all of which have to be present to have a great relationship. However, there are some essential components. Whether you are trying to develop, improve, or maintain a relationship with a vendor, make sure you are conscious of the following:*

    • Focus your energies on strategic vendors first and then tactical and operational vendors.
    • Be transparent and honest in your communications.
    • Continue building trust by being responsive and honoring commitments (timely).
    • Create a collaborative environment and build upon common ground.
    • Thank the vendor when appropriate.
    • Resolve disputes early, avoid the “blame game,” and be objective when there are disagreements.

    Step 3.11: Contribute to other processes

    Continue assisting others and managing roles and responsibilities outside of the VMI.

    The VMI has processes that it owns and processes that it contributes to. Based on the VMI scope (Step 1.2), the OIC chart (Step 1.4), and the process mapping activities (Step 1.5), ensure that the VMI is honoring its contribution commitments. This is often easier said than done though. A number of factors can make it difficult to achieve the balance required to handle VMI processes and contribute to other processes associated with the VMI’s mission and vision. Understanding the issues is half the battle. If you see signs of these common “vampires,” take action quickly to address the situation.

    • The VMI’s first focus is often internal, and the tendency is to operate in a bubble. Classifying vendors, running BAMs, coordinating the risk process, and other inward-facing processes can consume all of the VMI’s energy. As a result, there is little time, effort, or let’s be honest, desire to participate in other processes outside of the VMI.
    • It is easy for VMI personnel to get dragged into processes and situations that are outside of its scope. This often happens when personnel join the VMI from other internal areas or departments and have good relationships with their former teammates. The relationships make it hard to say “No” when out-of-scope assistance is being requested.
    • The VMI may have “part-time” personnel who have responsibilities across internal departments, divisions, agencies, or teams. When the going gets tough and time is at a premium, people gravitate toward the easiest or most comfortable work. That work may not be VMI work.

    Phase 4: Review

    Keep Your VMI Up to Date and Running Smoothly

    Phase 1Phase 2Phase 3Phase 4
    1.1 Mission Statement and Goals


    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    1.5 Process Mapping

    1.6 Charter

    1.7 Vendor Inventory

    1.8 Maturity Assessment

    1.9 Structure

    2.1 Classification Model
    2.2 Risk Assessment Tool
    2.3 Scorecards and Feedback
    2.4 Business Alignment Meeting Agenda
    2.5 Relationship Alignment Document
    2.6 Vendor Orientation
    2.7 Job Descriptions
    2.8 Policies and Procedures
    2.9 3-Year Roadmap
    2.10 90-Day Plan
    2.11 Quick Wins
    2.12 Reports

    3.1 Classify Vendors
    3.2 Conduct Internal “Kickoff” Meeting
    3.3 Conduct Vendor Orientation
    3.4 Compile Scorecards
    3.5 Conduct Business Alignment Meetings
    3.6 Work the 90-Day Plan
    3.7 Manage the 3-Year Roadmap
    3.8 Measure and Monitor Risk
    3.9 Issue Reports
    3.10 Develop/Improve Vendor Relationships
    3.11 Contribute to Other Processes

    4.1 Assess Compliance
    4.2 Incorporate Leading Practices
    4.3 Leverage Lessons Learned
    4.4 Maintain Internal Alignment
    4.5 Update Governances

    This phase will walk you through the following activities:

    Identify what the VMI should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Others as needed

    Jump Start Your Vendor Management Initiative

    Phase 4: Review

    Keep your VMI up to date and running smoothly.

    As the old adage says, “The only thing constant in life is change.” This is particularly true for your VMI. It will continue to mature; people inside and outside of the VMI will change; resources will expand or contract from year to year; your vendor base will change. As a result, your VMI needs the equivalent of a physical every year. In place of bloodwork, x-rays, and the other paces your physician may put you through, you’ll assess compliance with your policies and procedures, incorporate leading practices, leverage lessons learned, maintain internal alignment, and update governances.

    Be thorough in your actions during this Phase to get the most out of it. It requires more than the equivalent of gauging a person’s health by taking their temperature, measuring their blood pressure, and determining their body mass index. Keeping your VMI up to date and running smoothly takes hard work.

    Some of the items presented in this Phase require an annual review; others may require quarterly review or timely review (i.e. when things are top of mind and current). For example, collecting lessons learned should happen on a timely basis rather than annually, and classifying your vendors should occur annually rather than every time a new vendor enters the fold.

    Ultimately, the goal is to improve over time and stay aligned with other areas internally. This won’t happen by accident. Being proactive in the review of your VMI further reinforces the nature of the VMI itself – proactive vendor management, NOT reactive!

    Step 4.1: Assess compliance

    Determine what is functionally going well and not going well.

    Whether you have a robust set of vendor management-related policies and procedures or they are the bare minimum, gathering data each quarter and conducting an assessment each year will provide valuable feedback. The scope of your assessment should focus on two concepts: 1) are the policies and procedures being followed and 2) are the policies and procedures accurate and relevant. This approach requires parallel thinking, but it will help you understand the complete picture and minimize the amount of time required.

    Use the steps listed below (or modify them for your culture) to conduct your assessment:

    • Determine the type of assessment – formal or informal.
    • Determine the scale of the assessment – which policies and procedures will be reviewed and how many people will be interviewed.
    • Determine the compliance levels, and seek feedback on the policies and procedures – what is going well and what can be improved?
    • Review the compliance deviations.
    • Conduct a root cause analysis for the deviations.
    • Create a list of improvements and gain approval.
    • Create a plan for minimizing noncompliance in the future.
      • Improve/increase education and awareness.
      • Clarify/modify policies and procedures.
      • Add resources, tools, and people (as necessary and as allowed).

    Step 4.2: Incorporate leading practices

    Identify and evaluate what external VMIs are doing.

    The VMI’s world is constantly shifting and evolving. Some changes will take place slowly, while others will occur quickly. Think about how quickly the cloud environment has changed over the past five years versus the 15 years before that; or think about issues that have popped up and instantly altered the landscape (we’re looking at you COVID-19 and ransomware). As a result, the VMI needs to keep pace, and one of the best ways to do that is to incorporate leading practices.

    At a high level, a leading practice is a way of doing something that is better at producing a particular outcome or result or performing a task or activity than other ways of proceeding. The leading practice can be based on methodologies, tools, processes, procedures, and other items. Leading practices change periodically due to innovation, new ways of thinking, research, and other factors. Consequently, a leading practice is to identify and evaluate leading practices each year.

    Step 4.2: Incorporate leading practices (cont.)

    Update your VMI based on your research.

    • A simple approach for incorporating leading practices into your regular review process is set out below:
    • Research:
      • What other VMIs in your industry are doing.
      • What other VMIs outside your industry are doing.
      • Vendor management in general.
    • Based on your results, list specific leading practices others are doing that would improve your VMI (be specific – e.g. other VMIs are incorporating risk into their classification process).
    • Evaluate your list to determine which of these potential changes fit or could be modified to fit your culture and environment.
    • Recommend the proposed changes to leadership (with a short business case or explanation/justification, as needed) and gain approval.

    Remember: Leading practices or best practices may not be what is best for you. In some instances, you will have to modify them to fit your culture and environment; in other instances, you will elect not to implement them at all (in any form).

    Step 4.3: Leverage lessons learned

    Tap into the collective wisdom and experience of your team members.

    There are many ways to keep your VMI running smoothly, and creating a lessons learned library is a great complement to the other ways covered in this Phase 4: Review. By tapping into the collective wisdom of the team and creating a safe feedback loop, the VMI gains the following benefits:

    • Documented institutional wisdom and knowledge normally found only in the team members’ brains.
    • The ability for one team member to gain insights and avoid mistakes without having to duplicate the events leading to the insights or mistakes.
    • Improved methodologies, tools, processes, procedures, skills, and relationships.

    Many of the processes raised in this Phase can be performed annually, but a lessons learned library works best when the information is “deposited” in a timely manner. How you choose to set up your lessons learned process will depend on the tools you select and your culture. You may want to have regular “input” meetings to share the lessons as they are being deposited, or you may require team members to deposit lessons learned on a regular basis (within a week after they happen, monthly, or quarterly). Waiting too long can lead to vague or lost memories and specifics – timeliness of the deposits is a crucial element.

    Step 4.3: Leverage lessons learned (cont.)

    Create a library to share valuable information across the team.

    Lessons learned are not confined to identifying mistakes or dissecting bad outcomes. You want to reinforce good outcomes as well. When an opportunity for a lessons-learned deposit arises, identify the following basic elements:

    • A brief description of the situation and outcome.
    • What went well (if anything) and why did it go well?
    • What didn't go well (if anything) and why didn't it go well?
    • What would/could you do differently next time?
    • A synopsis of the lesson(s) learned.

    Info-Tech Insights

    The lessons learned library needs to be maintained. Irrelevant material needs to be culled periodically, and older or duplicate material may need to be archived.

    The lessons learned process should be blameless. The goal is to share insightful information … not to reward or punish people based on outcomes or results.

    Step 4.4: Maintain internal alignment

    Review the plans of other internal areas to stay in sync.

    Maintaining internal alignment is essential for the ongoing success of the VMI. Over time, it is easy to lose sight of the fact that the VMI does not operate in a vacuum; it is an integral component of a larger organization whose parts must work well together to function optimally. Focusing annually on the VMI’s alignment within the enterprise helps reduce any breakdowns that could derail the organization.

    To ensure internal alignment:

    • Review the key components of the applicable materials from Phase 1: Plan and Phase 2: Build with the appropriate members of the leadership team (e.g. executives, sponsors, and stakeholders). Not every item from those Phases and Steps needs to be reviewed, but err on the side of caution for the first set of alignment discussions, and be prepared to review each item. You can gauge the audience’s interest on each topic and move quickly when necessary or dive deeper when needed. Identify potential changes required to maintain alignment.
    • Review the strategic plans (e.g. 1-, 3-, and 5- year plans) for various portions of the organization if you have access to them or gather insights if you don’t have access.
      • If the VMI is under the IT umbrella, review the strategic plans for IT and its departments.
      • Review the strategic plans for the areas the VMI works with (e.g. Procurement, Business Units).
      • The organization itself.
    • Create and vet a list of modifications to the VMI and obtain approval.
    • Develop a plan for making the necessary changes.

    Step 4.5: Update governances

    Revise your protocols and return to the beginning of cyclical processes.

    You’re at the final Step and ready to update governances. This is comprised of two sequential paths.

    • First, use the information from Steps 4.1-4.4 to make any required modifications to the items in Phase 1: Plan, Phase 2: Build, and Phase 3: Run. For example, you may need to update your policies and procedures (Step 2.8) based on your findings in Step 4.1; or you may need to update the VMI’s scope (Step 1.2) to ensure internal alignment issues identified in Step 4.4. are accounted for.
    • Second, return to Phase 3: Run to perform the activities below; they tend to be performed annually, but use your discretion and perform them on an as-needed basis:
      • Reclassify vendors.
      • Complete a new maturity assessment.
      • Run reorientation sessions for vendors.
      • Conduct a kickoff meeting to update internal personnel.

    Other activities and tasks (e.g. scorecards and BAMs) may be impacted by the modifications made above, but the nature of their performance follows a shorter cadence. As a result, they are not specifically called out here in this Step 4.5 since they are performed on an ongoing basis. However, don’t overlook them as part of your update.

    Summary of Accomplishment

    Problem Solved

    Vendor management is a broad, often overwhelming, comprehensive spectrum that encompasses many disciplines. By now, you should have a great idea of what vendor management can or will look like in your organization. Focus on the basics first: Why does the VMI exist and what does it hope to achieve? What is its scope? What are the strengths you can leverage, and what obstacles must you manage? How will the VMI work with others? From there, the spectrum of vendor management will begin to clarify and narrow.

    Leverage the tools and templates from this blueprint and adapt them to your needs. They will help you concentrate your energies in the right areas and on the right vendors to maximize the return on your organization’s investment in the VMI of time, money, personnel, and other resources. You may have to lead by example internally and with your vendors at first, but they will eventually join you on your path if you stay true to your course.

    At the heart of a good VMI is the relationship component. Don’t overlook its value in helping you achieve your vendor management goals. The VMI does not operate in a vacuum, and relationships (internal and external) will be critical.

    Lastly, seek continual improvement from the VMI and from your vendors. Both parties should be held accountable, and both parties should work together to get better. Be proactive in your efforts, and you, the VMI, and the organization will be rewarded.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Related Info-Tech Research

    Prepare for Negotiations More Effectively

    Don't leave negotiation preparations and outcomes to chance. Learn how to prepare for negotiations more effectively and improve your results.

    Understand Common IT Contract Provisions to Negotiate More Effectively

    Info-Tech’s guidance and insights will help you navigate the complex process of contract review and identify the key details necessary to maximize the protections for your organization.

    Capture and Market the ROI of Your VMO

    Calculating the impact or value of a vendor management office (VMO) can be difficult without the right framework and tools. Let Info-Tech’s tools and templates help you account for the contributions made by your VMO.

    Bibliography

    “Best Practices for Writing Corporate Policies and Procedures.” PowerDMS, 29 Dec. 2020. Accessed 11 January 2022.

    Duncan. “Top 10 Tips for Creating Compelling Reports.” Design Eclectic, 11 October 2019. Accessed 29 March 2022.

    Eby, Kate. “Master Writing Policies, Procedures, Processes, and Work Instructions.” 1 June 2018, updated 19 July 2021. Accessed 11 January 2022.

    “Enterprise Risk Management.” Protiviti, n.d. Accessed 16 Feb. 2017.

    Geller & Company. “World-Class Procurement — Increasing Profitability and Quality.” Spend Matters, 2003. Accessed 4 March 2019.

    Guth, Stephen. “Vendor Relationship Management Getting What You Paid for (And More).” Citizens, 26 Feb. 2015. Web.

    Guth, Stephen. The Vendor Management Office: Unleashing the Power of Strategic Sourcing. Lulu.com, 2007. Print.

    “ISG Index 4Q 2021.” Information Services Group, Inc., 2022. Web.

    “Six Tips for Making a Quality Report Appealing and Easy To Skim.” AHRQ, Oct. 2019. Accessed 29 March 2022.

    Tucker, Davis. “Marketing Reporting: Tips to Create Compelling Reports.” 60 Second Marketer, 28 March 2020. Accessed 29 March 2022.

    “Why Do We Perform Better When Someone Has High Expectations of Us?” The Decision Lab, 9 Sept. 2020. Accessed 31 January 2022.

    2021 IT Talent Trend Report

    • Buy Link or Shortcode: {j2store}516|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $9,919 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • In March 2020, many organizations were forced to switch to a virtual working world. IT enabled organizations to be successful while working from home. Ultimately, this shift changed the way that we all work, and in turn, the way IT leaders manage talent.
    • Many organizations are considering long-term remote work (Kelly, 2020).
    • Change is starting but is lagging.

    Our Advice

    Critical Insight

    • Increase focus on employee experience to navigate new challenges.
    • A good employee experience is what is best for the IT department.

    Impact and Result

    • The data shows IT is changing in the area of talent management.
    • IT has a large role in enabling organizations to work from home, especially from a technological and logistics perspective. There is evidence to show that they are now expanding their role to better support employees when working from home.
    • Survey respondents identified efforts already underway for IT to improve employee experience and subsequently, IT effectiveness.

    2021 IT Talent Trend Report Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should focus on the employee experience and get an overview of what successful IT leaders are doing differently heading into 2021 – the five new talent management trends.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. DEI: A top talent objective

    The focus on diversity, equity, and inclusion (DEI) initiatives spans the entire organization beyond just HR. Learn which DEI efforts are underway with IT.

    • 2021 IT Talent Trend Report – Trend 1: DEI: A Top Talent Objective

    2. Remote work is here to stay

    Forced work-from-home demonstrated to organizations that employees can be productive while working away from the physical office. Learn more about how remote work is changing work.

    • 2021 IT Talent Trend Report – Trend 2: Remote Work Is Here to Stay

    3. A greater emphasis on wellbeing

    When the pandemic hit, organizations were significantly concerned about how employees were doing. Learn more about wellbeing.

    • 2021 IT Talent Trend Report – Trend 3: A Greater Emphasis on Wellbeing

    4. A shift in skills priorities

    Upskilling and finding sought after skills were challenging before the pandemic. How has it changed since? Learn more about skills priorities.

    • 2021 IT Talent Trend Report – Trend 4: A Shift in Skills Priorities

    5. Uncertainty unlocks performance

    The pandemic and remote work has affected performance. Learn about how uncertainty has impacted performance management.

    • 2021 IT Talent Trend Report – Trend 5: Uncertainty Unlocks Performance
    [infographic]

    Satisfy Customer Requirements for Information Security

    • Buy Link or Shortcode: {j2store}259|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $247 Average $ Saved
    • member rating average days saved: 3 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Your customers and potential customers are increasingly demanding assurance that you will meet their information security requirements.
    • Responding to these assurance demands requires ever more effort from the security team, which distracts them from their primary mission of protecting the organization.
    • Every customer seems to have their own custom security questionnaire they want you to complete, increasing the effort you have to expend to respond to them.

    Our Advice

    Critical Insight

    • Your security program can be a differentiator and help win and retain customers.
    • Value rank your customers to right-size the level of effort your security team dedicates to responding to questionnaires.
    • SOC 2 or ISO 27001 certification can be an important part of your security marketing, but only if you make the right business case.

    Impact and Result

    • CISOs need to develop a marketing strategy for their information security program.
    • Ensure that your security team dedicates the appropriate amount of effort to sales by value ranking your potential customers and aligning efforts to value.
    • Develop a business case for SOC 2 or ISO 27001 to determine if certification makes sense for your organization, and to gain support from key stakeholders.

    Satisfy Customer Requirements for Information Security Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should proactively satisfy customer requirements for information security, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage customer expectations for information security

    Identify your customers’ expectations for security and privacy, value rank your customers to right-size your efforts, and learn how to impress them with your information security program.

    • Satisfy Customer Requirements for Information Security – Phase 1: Manage Customer Expectations for Information Security

    2. Select a certification path

    Decide whether to obtain SOC 2 or ISO 27001 certification, and build a business case for certification.

    • Satisfy Customer Requirements for Information Security – Phase 2: Select a Certification Path
    • Security Certification Selection Tool
    • Security Certification Business Case Tool

    3. Obtain and maintain certification

    Develop your certification scope, prepare for the audit, and learn how to maintain your certification over time.

    • Satisfy Customer Requirements for Information Security – Phase 3: Obtain and Maintain Certification
    [infographic]

    Prepare Your Application for PaaS

    • Buy Link or Shortcode: {j2store}181|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • The application may have been written a long time ago, and have source code, knowledge base, or design principles misplaced or lacking, which makes it difficult to understand the design and build.
    • The development team does not have a standardized practice for assessing cloud benefits and architecture, design principles for redesigning an application, or performing capacity for planning activities.

    Our Advice

    Critical Insight

    • An infrastructure-driven cloud strategy overlooks application specific complexities. Ensure that an application portfolio strategy is a precursor to determining the business value gained from an application perspective, not just an infrastructure perspective.
    • Business value assessment must be the core of your decision to migrate and justify the development effort.
    • Right-size your application to predict future usage and minimize unplanned expenses. This ensures that you are truly benefiting from the tier costing model that vendors offer.

    Impact and Result

    • Identify and evaluate what cloud benefits your application can leverage and the business value generated as a result of migrating your application to the cloud.
    • Use Info-Tech’s approach to building a robust application that can leverage scalability, availability, and performance benefits while maintaining the functions and features that the application currently supports for the business.
    • Standardize and strengthen your performance testing practices and capacity planning activities to build a strong current state assessment.
    • Use Info-Tech’s elaboration of the 12-factor app to build a clear and robust cloud profile and target state for your application.
    • Leverage Info-Tech’s cloud requirements model to assess the impact of cloud on different requirements patterns.

    Prepare Your Application for PaaS Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a right-sized, design-driven approach to moving your application to a PaaS platform, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Prepare Your Application for PaaS – Phases 1-2

    1. Create your cloud application profile

    Bring the business into the room, align your objectives for choosing certain cloud capabilities, and characterize your ideal PaaS environment as a result of your understanding of what the business is trying to achieve. Understand how to right-size your application in the cloud to maintain or improve its performance.

    • Prepare Your Application for PaaS – Phase 1: Create Your Cloud Application Profile
    • Cloud Profile Tool

    2. Evaluate design changes for your application

    Assess the application against Info-Tech’s design scorecard to evaluate the right design approach to migrating the application to PaaS. Pick the appropriate cloud path and begin the first step to migrating your app – gathering your requirements.

    • Prepare Your Application for PaaS – Phase 2: Evaluate Design Changes for Your Application
    • Cloud Design Scorecard Tool

    [infographic]

     
     

    Select and Prioritize Digital Initiatives

    • Buy Link or Shortcode: {j2store}102|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    • If selection criteria are not identified and well defined, then digital initiatives risk being misprioritized or, worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Our Advice

    Critical Insight

    Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins. CIOs must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.

    Impact and Result

    By using an appropriate selection process, CIOs can prioritize the digital initiatives that will matter most to the organization and drive business value.

    Select and Prioritize Digital Initiatives Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select and Prioritize Digital Initiatives Storyboard – A step-by-step document that walks you through how to prepare an IT department to embrace innovation and support the organization’s digital initiatives.

    Part of Info-Tech’s seven-phase approach for aligning IT with the business’ digital strategy, this deck focuses the core and enabling initiatives that define IT’s innovation goals. By the end of this deck, the IT leader will have a roadmap of prioritized initiatives that enable the organization’s digital business initiatives.

    • Select and Prioritize Digital Initiatives Storyboard
    [infographic]

    Further reading

    Select and Prioritize Digital Initiatives

    Build your digital investment business case.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.
    35,000 members sharing best practices you can leverage. Millions spent annually developing tools and templates. Leverage direct access to over 100 analysts as an extension of your team. Use our massive database of benchmarks and vendor assessments. Get up to speed in a fraction of the time.

    Key Concepts

    Digital initiative

    A project – or a group of interdependent projects – whose primary purpose is to enable digital technologies and/or digital business models. These technologies and models may be net new to the organization, or they may be existing ones that are optimized and improved by the initiative itself.

    The feasibility of any initiative is gauged by answering:

    • What amount of return on investment (ROI) or value does it bring to the organization?
    • What level of complexity does it pose to project execution?
    • To what extent does it solve a problem or leverage an opportunity?
    • To what degree is it aligned with digital business goals?

    Digital strategy

    The plan to deploy existing/emerging technologies to look at developing new products and services, new business models, and operational efficiency to meet or exceed performance targets.

    IT strategy

    The plan for deploying and maintaining applications, hardware, infrastructure, and IT services that support the business goals in a secure/regulatory-compliant manner to ensure reliability.

    Digital transformation

    Digital transformation is an at-scale change program – planned and executed over a finite time period – with the aspiration of creating material and sustainable improvement in the performance of an organization. Techniques include deploying a programmatic approach to innovation along with enabling technologies, capabilities, and practices that drive efficiency and create new products, markets, and business models.

    Your Challenge

    • Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins.
    • The CIO must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.
    • But where to start with prioritization? What should the selection criteria be?
    • To answer these all-important questions, the CIO must identify what success actually looks like.

    Common Obstacles

    • If selection criteria are not identified and well-defined, then digital initiatives risk being neglected or worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Solution

    • Determine and set your selection criteria by leveraging the matrix provided in this deck.
    • Evaluate each proposed initiative against this repeatable process in order to test your assumptions.
    • Develop a business case for each high priority digital initiative that captures its benefits and business value.
    • Assemble your prioritized list of digital initiatives to present to stakeholders.

    Info-Tech Insight

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    Analyst Perspective

    Prioritization follows ideation, and it’s not always easy.

    Ross Armstrong

    Your stakeholders have spent considerable time and effort identifying and articulating a digital business strategy. Now that ideas have turned into opportunities, the CIO must prioritize those opportunities as actual initiatives. Where to begin?

    Your first task is to identify the criteria that will be used to conduct prioritization activities. These criteria should be immutable and rigorously applied.

    Your second task will be to develop business cases for each opportunity that passes muster. But don’t worry, you won’t need an MBA to get the job done properly.

    Ross Armstrong

    Principal Research Director
    Info-Tech Research Group

    Info-Tech’s digital transformation journey

    Info-Tech’s digital transformation journey: 1 - Visualize the art of the digitally possible, 2 - Evolve your digital business strategy, 3 - Execute with confidence

    Info-Tech's digital transformation journey for industry members. Table shows the stakeholders, advisory support and deliverables for each industry members

    By now, you have established your current strategic context

    You have reviewed trends to reimagine the future of your industry and undertaken a digital maturity assessment to validate your business objectives and innovation goals. Now you need to evolve the current scope of your digital vision and opportunities.

    • Phase 1.1: Industry Trends Report

    • Phase 1.2: Digital Maturity Assessment

    • Phase 2.1: Zero In on Business Objectives

    By this point you have leveraged industry roundtables to better understand the art of the possible – exploring global trends, shifts in market forces or industry, customer needs, emerging technologies, and economic forecasts and creating opportunities out of these disruptions.

    In Phase 2.1, you identified your business and innovation goals and documented your current capabilities, prioritized for transformation.

    Business and innovation goals have been established through stakeholder interviews and business document review.

    Current capabilities have been prioritized for transformation and heat mapped.

    You have also formalized your digital strategy

    Throughout the course of Phase 2.2, you identified new digital opportunities, identified the business capabilities required to capitalize those opportunities, and updated the digital goals of your organization, accordingly.

    An example of a formalized digital strategy from Phase 2.2.

    The end result of this exercise is a new goals cascade that aligns digital goals and capabilities with those of the business. Digital initiatives were also identified but not yet selected or prioritized for execution at the project level.

    Now you will select and prioritize digital initiatives

    The goal of this phase is to ensure that initiatives that are green-lit for execution have been successfully assessed against your chosen criteria and that the business case for each initiative is firmly established and documented.

    Info-Tech’s digital transformation journey for industry members.

    There are three key activities outlined here that describe the actions that can be undertaken by industry members to help select and prioritize digital initiatives for the business.

    1. Identify your selection criteria

    2. Evaluate initiatives against criteria

    3. Determine a prioritized list of initiatives

    Info-Tech’s approach

    1

    Identify your selection criteria

    • Define what viability actually looks like.
    • Conduct an evaluation session to test your assumptions
    2

    Evaluate initiatives against criteria

    • Evaluate and validate an initiative to determine its viability.
    • Map the benefits and value proposition for each initiative.
    • Build a business case and profile for each selected initiative.
    3

    Determine a prioritized list of initiatives

    • Finalize your initiatives list and compile all relevant information.
    • Communicate the list to stakeholders.

    Step 1: Identify Your Selection Criteria

    Understand which conditions must be met in order to turn an opportunity into a digital initiative.

    Step 1: Identify Your Selection Criteria

    Step 1

    Identify Your Selection Criteria

    1.1

    Define what "viable" looks like

    Set criteria types and thresholds.

    It is impossible to gauge whether or not an opportunity is worthwhile if you don’t have a yardstick to measure it by. However, what is viable for one organization in a particular industry may not be viable for a company elsewhere.

    Consider:
    • Use the criteria already set forth in this deck.
    • If for any reason you cannot use these criteria, work with stakeholders to establish viability factors that suit both the business and IT.
    Avoid:
    • Vague language when establishing your own criteria.
    • Ambiguity in both measures and their definitions. Be crystal clear.

    1.2

    Conduct an evaluation session

    Test your assumptions by piloting prioritization.

    Select an initiative from one of the opportunity profiles from Phase 2.2 and run it through the selection criteria. From there, determine if your assumptions are sound. If not, tweak the criteria and test again until all stakeholders have confidence in the process.

    Consider:
    • Most if not all projects must go through the IT project management office (PMO) or project management leader, so why not create a “digital-only” track for digital business initiatives?
    • Which digital initiatives also represent a sound strategic fit to the organization?
    • Have we undertaken previous projects that are similar? Were those successful? Why or why not?
    Avoid:
    • Making too many initiatives high priority. IT resources are limited, so be ruthless.
    • Taking on too many initiatives at once. Most IT organizations can only work on a small number at any given time.

    Use these selection criteria to prioritize initiatives

    Ideas matter, but not all ideas are created equal. Now that you have elicited ideas and identified opportunities, discuss the assumptions, risks, and benefits associated with each proposed digital business initiative.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Prioritize opportunities into initiatives

    Recall that the opportunities identified in Phase 2.2 also became proposed digital initiatives demonstrated in your goals cascade.

    In your discussion, evaluate each opportunity through a matrix to create tension between value and complexity or other dimensions. Capture the information based on measurable business benefits-realization; risks or considerations; assumptions; and competencies, talent, and assets needed to deliver.

    Prioritize opportunities into Initiatives. For example: new digital products and services, intelligent fleet management via automation, ERP automation etc.

    Leverage opportunity profiles from your digital strategy

    To start, take one of the opportunity profiles you created in Phase 2.2, Build Your Digital Vision and Strategy, and use it throughout the following steps. Once done, repeat with the next opportunity profile until all have been vetted against criteria. If you did not use Info-Tech’s approach, simply use whatever list of digital business opportunities provided to you from stakeholders.

    Robotic process automation Template.

    Prioritization Criteria

    Run each initiative through the following evaluation criteria. When finished, any opportunities that appear in the top left quadrant (high value/low complexity) are now your highest priority digital initiatives.

    Instructions:

    Assign each initiative a letter. As you decide on each one, move a copy of the circled letter to its appropriate place on the 2x2 selection matrix.

    List of digital opportunities.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Info-Tech Insight

    Evaluation should be based on the insights from analysis across all criteria. Leverage group discussion to help contextualize and challenge assumptions when validating opportunities.

    Digital initiative ≠ IT project

    Every idea is a good one, unless you need one that works. What “works” as a digital initiative is not the same thing as a straightforward IT project that would be typically managed by a project manager or PMO. These latter projects will be addressed in Phase 3.1 of the digital journey.

    Opportunities and business needs > Business model > Impact > Mandatory > Innovation path forward

    Digital Track

    Focus: Transform the business and operations

    1. Problem may not be well defined.
    2. “Initiative” is not clear.
    3. Based on market research, customer needs, trend analysis, and economic forecast, risk to the business if fit-for-purpose initiative is not identified.
    4. Previous delivery results not as expected, or uncertain how to continue the project.
    5. Highly complex with significant impact to transform the business or operations.
    6. Execution approach is not clear.
    7. Capabilities may not exist within IT.

    IT PMO

    1. Emerging technology trends create opportunities to modernize IT, not transform business.
    2. Problem is well defined and understood.
    3. Initiative is clearly identified.
    4. New IT project.
    5. Can be complex but does not transform the business.
    6. Standard PMP approach is a good fit.
    7. Capabilities exist to execute within IT.
    8. Software vendor or systems integrator is initiative provider.

    Step 2: Evaluate Initiatives Against Criteria

    Ruthlessly prioritize which opportunities will deliver the greatest business value and pose the best chance of success.

    Step 2: Evaluate initiatives against criteria.

    Step 2

    Evaluate Initiatives Against Criteria

    2.1

    Evaluate and validate

    Evaluate and validate (or invalidate) opportunities.

    Now that you have tested and refined the selection criteria, take each opportunity profile from Phase 2.2 and run it through its paces. Once plotted on the 2x2 matrix, you will have a clear and concise view of high priority digital initiatives.

    Consider:
    • What are the timing, relevance, and impact of each initiative being evaluated?
    • What are the merits of each opportunity?
    • What are the extent and reach of their impacts?
    Avoid:
    • Guesswork. Stick with what you know based on the available information and data at hand.

    2.2

    Determine benefits

    Document benefits and value proposition.

    Identify and determine the benefits of each high priority initiative, including the benefit type (e.g. observable, financial, etc.). In addition, discuss and articulate the value proposition for each high priority initiative.

    Consider:
    • Tangible and intangible benefits.
    • Creating a vision statement for each initiative selected as high priority.
    Avoid:
    • Don’t reach too much when identifying benefits. Be realistic.

    2.3

    Make your case

    Build a business case for each initiative.

    Once you have enunciated the value and benefits of each high priority initiative, create a business case and profile for each one that includes known costs, risks, and so on. These materials will be crucial for project execution and IT capability planning in Phase 2.3 of your digital journey.

    Consider:
    • All forms of costs, both in terms of time, labor, and physical assets and resources.
    • Stick with a short-form business case for now to save time. You can always expand it into full-form business case later on, if necessary.
    Avoid:
    • Generalities. Be conservative in your estimates and keep them grounded in what has transpired in past initiatives at the organization.

    Exemplar: Prioritization criteria

    Your prioritization matrix should look something like this. Initiatives B and C will now have short-form business cases developed for them. Initiatives in the “Should Plan” quadrant can be dealt with later.

    List of initiatives for digital opportunities. Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Draw information from the opportunity profiles

    You created opportunity profiles in Phase 2.2 to clarify, validate and evaluate specific ideas for digital initiatives. In these profiles, you considered the timing, relevance, and impact of those opportunities.

    Some prioritized initiatives will have an immediate and significant impact on your business. Some may have a significant impact, but on a longer timeline. Understanding this is important context for your overall digital business strategy.

    Above all, you must be able to communicate to stakeholders how the newly prioritized digital initiatives are relevant to driving the strategic growth of the business.

    Start by elucidating further on initiative benefits and business value as outlined in the opportunity profile. This will become crucial for completing your next step – building a short-form business case for each prioritized initiative.

    Robotics Process Automation Template. Benefits and outcomes as well as incremental value are highlighted. The next slide is a template for the short-form business case, while the slides after that contain instructions on how to fill out each section of the business case.

    Short-Form Business Case Template

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Prepare your business case for each initiative

    Tasks:

    1. On a whiteboard, draw the visual initiative canvas supplied below.
    2. For each prioritized initiative, leverage its opportunity profile (if used) to list the resulting customer or stakeholder products/services and its pain relievers and gain creators in the associated sections of the canvas.
    3. Ensure that the top pains, gains, and jobs are addressed by products/services, pain relievers, and gain creators.
    4. Use this information as a basis for further exercises in this section, such as defining benefits, articulating value proposition and vision, and cost estimates.
    Initiative canvas example.

    Input

    • The initiative’s opportunity profile from Phase 2.2 of the Digital Journey series (if used)

    Output

    • Short-form initiative business case

    Materials

    • Whiteboard and markers

    Participants

    • Opportunity owner
    • Opportunity group/team

    Expand on the key benefits of each initiative

    Business cases are not just a vehicle with which to acquire resources for investments, they are a mechanism that helps ensure the benefits of an investment are realized. To accomplish this, a business case must have a set of clearly defined benefits, combined with an understanding of how they will be measured and an explicitly stated beneficiary who can corroborate that the benefit has been realized.

    What is a benefit?

    Benefits are the advantages, or outcomes, that specific groups or individuals realize as a result of the proposed initiative’s implementation.

    Initiative inputs

    Initiative inputs are the time, resources, and scope dedicated to the endeavor of implementing an initiative.

    Benefits of initiative and initiative inputs diagram.

    Identify how to measure benefit achievement

    Benefits are realized when an organization either starts doing something new, stops doing something, or improves the way something is already being done. The impact of these changes must be measured in order to determine whether the change is positive and if the case warrants more resources in order to scale.

    Types of benefits

    • Observable: These are measured by opinion or judgement.
    • Measurable: These can be identified when there is an existing measure in place for the benefit (or when one can be easily created).
    • Quantifiable: Similar to measurable benefits; however, these benefits additionally feature size or magnitude (if it can be reliably estimated).
    • Financial: These are benefits that can be communicated in monetary terms. A benefit should only be classified as financial when sufficient evidence is available to show that the stated value is likely to be achieved.

    Benefit owners and responsibilities

    1. Each benefit should have assigned to it an explicit owner who gains an advantage as a result of the initiative’s implementation.
    2. For most benefits, the owner will be the primary beneficiary of the initiative.
    3. These individuals are the ones who must corroborate that a benefit has been realized.
    4. Assigning an owner to each benefit will foster a sense of accountability in terms of benefits realization and will also create a traceable path that helps track the success of the initiative.

    Complete the benefits section of the business case

    Tasks:

    1. Use the Short-Form Business Case Template included in this deck.
    2. Arrange a meeting with the key beneficiary or beneficiaries of your initiative. Refer back to the benefits and outcomes section of the initiative’s opportunity profile (if used) as a starting point.
    3. Clearly define what the key benefits of your initiative will be and list them in the Short-Form Business Case Template.
    4. Assign an owner to each benefit – the individual who will corroborate that the benefit has accrued.
    5. Come to a mutual agreement with the beneficiaries as to whether each benefit is:
      • Financial
      • Quantifiable
      • Measurable
      • Observable
    6. Discuss and list the methods that will be used to measure each benefit and list them in the Short-Form Business Case Template.

    Input

    • Key benefits of the initiative, how they will be measured, and who owns the benefits

    Output

    • Completed benefits section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Key beneficiary

    Craft value proposition and vision statements

    The way one articulates the value an initiative provides is just as important as the initiative itself. Use the previous exercises as inputs to craft a statement that reflects the value your initiative will provide, but also describes how the initiative will create value. Specifically, a value proposition should answer the following questions:

    1. Who is the initiative for?
    2. What is the initiative?
    3. What does the initiative do?
    4. How is the initiative different from others?

    Complete value prop and vision statement sections of the business case

    Tasks:

    1. Having already completed the benefits section of the Short-Form Business Case Template, turn your attention to the value proposition section.
    2. Using your problem and initiative canvases, in addition to the benefits section, craft a value proposition statement that answers the following questions in one or two sentences:
      • Who is the initiative for?
      • What is the initiative?
      • What does the initiative do?
      • How is the initiative different?
    3. Input the value proposition statement into the value proposition section of the Short-Form Business Case Template.

    Input

    • Initiative canvas
    • Benefits section of the Short-Form Business Case Template

    Output

    • Completed value proposition section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Identify initiative steps and add to business case

    Tasks:

    Turn your attention to the roadmap section of the Short-Form Business Case Template and fill it in through the following steps:

    1. Select which scope, resource, and/or time reduction tactics to apply given the context of the project.
    2. Use the test, run, gauge, and collect framework supplied, unless you elect to generate your own project phases. If that is the case, ensure that phases are mutually exclusive and completely exhaustive (MECE).
    3. For each phase, supply a brief description of the activities to be undertaken for that phase.
    4. Map the benefits to be accrued within each phase.
    5. For each phase, supply a set of two to three potential factors that create risk toward the benefits listed.
    6. For each risk, supply a mitigation tactic that could be employed to diffuse the risk or to mitigate it completely.

    Input

    • Project benefits
    • Scope, resource, and time reduction tactics

    Output

    • Roadmap section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner

    Fill out the cost section of the business case

    Tasks:

    1. Having already completed the roadmap part of the Short-Form Business Case Template, turn your attention to the cost section.
    2. Use the scope, resource, and time reduction tactics and roadmap to estimate the cost necessary to execute the project. Remember that costs are a factor of the resources required and the cost type.
      • Resources:
        • Hardware
        • Software
        • Human
        • Network and communications
        • Facilities
      • Cost Types:
        • Acquisition
        • Operation
        • Growth and change
    3. Complete the cost section of the Short-Form Business Case Template with the cost estimate for the project.

    Input

    • Roadmap
    • Scope, resource, and time reduction tactics

    Output

    • Cost section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Exemplar: Short-Form Business Case

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Step 3: Determine a Prioritized List of Initiatives

    Green-light opportunities for digital investment and create your list of high-priority digital initiatives.

    Step 3: Determine a prioritized list of initiatives.

    Step 3

    Determine a Prioritized List of Initiatives

    3.1

    Compile information

    Finalize your list of high priority initiatives.

    This list should also include the short-form business cases that you completed in the previous step. This compilation of initiative information will be used in the next phase of your digital journey and is critical for its successful completion.

    Consider:
    • Checking your work. Does it ring true? Does it create excitement? People will be working on these initiatives in the near future, so it’s ideal if they feel good about the outcomes.
    • Integrating with your IT strategy, if you have one. These digital initiatives will figure prominently in the fiscal quarters to come.
    Avoid:
    • Dramatic effect. While you want stakeholders and IT staff to be enthusiastic about the work ahead, don’t dress up the initiatives as something they’re not.

    3.2

    Communicate

    It’s time to communicate with stakeholders.

    By now you should have a relatively short yet potent list of digital business initiatives – plus a business case for each – that has been thoroughly vetted and prioritized. Stakeholders are eager to learn more about these initiatives, though the details that matter most may differ from stakeholder to stakeholder.

    Consider:
    • Socializing the business cases before formally presenting to stakeholders for approval.
    • You will want to first elicit feedback and make any recommended changes to messaging.
    • Tailoring your message depending on stakeholder type, their priorities and concerns, and so on.
    Avoid:
    • Sugar coating. Many, if not all, of these stakeholders have the authority to invalidate or disapprove any business case that fails to pass muster. Give it to them straight.

    Compile your prioritized initiatives

    There are two follow-up actions to do with your newly prioritized list of digital initiative business cases: present them to stakeholders for approval and then add them to your IT strategic roadmap.

    Compile prioritized initiatives. Present to stakeholders and then add them to your IT strategic roadmap.

    Present business cases to stakeholders

    For most high-profile digital business initiatives, the short-form business case will not be the first time stakeholders hear about them. By this point, securing approval should only be a formality if the initiative has been effectively socialized beforehand. If this is not the case, one must build an adequate understanding of the stakeholder landscape and then use this understanding to effectively present business cases for digital initiative and receive approval to proceed with them.

    Gauge the importance of various stakeholders and tailor your message according to their concerns and the requirements of their role. Consider the following important questions about each stakeholder:

    • Authority: How much influence does the stakeholder have? Enough to drive the initiative forward?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the initiative already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the initiative? Neutral? A resistor?

    Develop a stakeholder map

    A stakeholder map helps visualize the importance of various stakeholders and their concerns so you can prioritize your time according to those stakeholders who are most impacted by a digital initiative, as well as those who have the authority to green-light them.

    1. Evaluate each stakeholder in terms of authority, involvement, impact, and support, as discussed in the previous slide.
    2. Map each stakeholder to an area on the right template (slide four) based upon the level of their authority and involvement (high or low).
      • Vary the size of the circle to distinguish stakeholders that are highly impacted by the IT strategy from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.
    3. Ask yourself if the stakeholder map looks accurate. Is there someone who has no involvement in digital initiatives, but should?
      • A) For example, if a CFO who has the authority to disapprove project funding is heavily impacted and not involved, the success of the business cases will be put at risk.
    4. Draw a dotted circle to show where that stakeholder needs to be located (increased involvement and support), and an arrow with a dotted line to signify the needed change. Some stakeholders may have influence over others.
      • B) For example, a COO who highly values the opinion of the director of operations would be influenced by that director. Draw an arrow from one stakeholder to another to signify this relationship.

    Focus on key players: Relevant stakeholders who have high power are highly impacted and should have high involvement. Engage the stakeholders that are impacted most and have the authority to influence digital initiatives and approve business cases.

    Stakeholder map. Authority versus involvement of key players.

    Summary of key insights

    By now, you should have a firm understanding of the principles and desired actions, behaviors, and outcomes that have been presented in this methodology. Furthermore:

    1. Prioritization of digital opportunities can be a relatively straightforward task as long as the correct stakeholders are involved and use a common and agreed upon set of criteria.
    2. Developing a business case for a digital initiative in an agile manner need not be a grueling exercise provided that a vetted and repeatable process is used.
    3. Above all, remember that this is a journey. Going from an intangible (macro-trend, problem, or opportunity) to a tangible (actual project or initiative) does not happen all at once.

    Related Info-Tech Research

    Understand Industry Trends

    Assess how the external environment presents opportunities or threats to your organization.

    Build a Business-Aligned IT Strategy

    Align with the business by creating an IT strategy that documents the business context, key initiatives, and a strategic roadmap.

    Define Your Digital Business Strategy

    Design a strategy that applies innovation to your business model, streamlines and transforms processes, and makes use of technologies to enhance interactions with customers and employees.

    Research Contributors and Experts

    Ross Armstrong

    Ross Armstrong

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Ross Armstrong is a Principal Research Director in the CIO Advisory practice at Info-Tech Research Group, covering the areas of IT strategic planning, digital strategy, digital transformation, and IT innovation.

    Ross has worked in a variety of public and private sector industries including automotive, IT, mobile/telecom, and higher education. All of his roles over the years have centered around data-driven market research – in pursuit of insightful and successful product development and product management – at their core.

    In addition to his long tenure as an Info-Tech Research Group analyst, Ross has worked in research and product innovation positions at Autodata initiatives (J.D. Power), BlackBerry, and Ivey Business School (Western University).

    Ross holds a Master of Arts degree in English Language and Literature from Western University (UWO) and has served as an advisory board member for a number of not-for-profit and educational institutions.

    Joanne Lee

    Joanne Lee

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Joanne is an executive with over 25 years of experience providing leadership in digital technology and management consulting across both public and private entities from initiative delivery to organizational redesign across BC, Ontario, and Globally.

    A Director within KPMG’s CIO Advisory Management Consulting services and practice lead for Digital Health in BC, Joanne has led various client engagements from ERP Cloud Strategy, IT Operating Models, Data and Analytics maturity, to process redesign. More recently, Joanne was the Chief Program Officer and Executive Director responsible for leading the implementation of a $450M technology and business transformation initiative across 13 hospitals and community services for one of the largest health authorities in BC.

    A former clinician, Joanne has held progressive leadership roles in healthcare with accountabilities across IT operations and service management, data analytics, project management office (PMO), clinical informatics, and privacy and contract management. Joanne is passionate about connecting people, concepts, and capital.

    Bibliography

    “AI: From Data to ROI.” Cognizant, September 2020. Accessed November 2022.

    Bughin, Jacques, et al. “The Case for Digital Reinvention.” McKinsey Quarterly, February 2017. Accessed November 2022.

    “The Business Case for Digital Transformation.” CPA Canada, June 2021. Accessed November 2022.

    “The Case for Digital Transformation.” The National Center for the Middle Market, Ohio State University, 2020. Accessed October 2022.

    “Digital Transformation in Government Case Study.” Ionology, April 2020. Accessed October 2022.

    Louis, Peter, et al. “Internet of Things – From Buzzword to Business Case.” Siemens, 11 January 2021. Accessed December 2022.

    Miesen, Nick. “Case Studies of Digital Transformations in Process and Aerospace Industries.” Jugaad, 2018. Accessed November 2022.

    Proff, Harald, and Claudia Bittrich. “The Digital Business Case - Done Right!” Deloitte, August 2019. Accessed October 2022.

    “Propelling an Aerospace Innovator.” Accenture, 2021. Accessed October 2022.

    Schmidt-Subramanian, Maxie. “The ROI of CX Transformation.” Forrester, 15 August 2019. Accessed November 2022.

    Ward, John, et al. “Building Better Business Cases for IT Investments.” California Management Review, Sept. 2007. Web.

    Establish an Effective Data Protection Plan

    • Buy Link or Shortcode: {j2store}504|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $6,850 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Business requirements can be vague. Not knowing the business needs often results in overspending and overexposure to liability through data hoarding.
    • Backup options are abundant. Disk, tape, or cloud? Each has drawbacks, efficiencies, and cost factors that should be considered.
    • Backup infrastructure is never greenfield. Any organization with a history has been doing backup. Existing software was likely determined by past choices and architecture.

    Our Advice

    Critical Insight

    • Don’t let failure be your metric.
      The past is not an indication of future performance! Quantify the cost of your data being unavailable to demonstrate value to the business.
    • Stop offloading backup to your most junior staff.
      Data protection should not exist in isolation. Get key leadership involved to ensure you can meet organizational requirements.
    • A lot of data is useless. Neglecting to properly tag and classify data will lead to a costly data protection solution that protects redundant, useless, or outdated data

    Impact and Result

    • Determine the current state of your data protection strategy by identifying the pains and gains of the solution and create a business-facing diagram to present to relevant stakeholders.
    • Quantify the value of data to the business to properly understand the requirements for data protection through a business impact analysis.
    • Identify the attributes and necessary requirements for your data tiers to procure a fit-for-purpose solution.

    Establish an Effective Data Protection Plan Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why the business should be involved in your data protection plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define the current state of your data protection plan

    Define the current state of your data protection practices by documenting the backup process and identifying problems and opportunities for the desired state.

    • Establish an Effective Data Protection Plan – Phase 1: Define the Current State of Your Data Protection Plan
    • Data Protection Value Proposition Canvas Template

    2. Conduct a business impact analysis to understand requirements for restoring data

    Understand the business priorities.

    • Establish an Effective Data Protection Plan – Phase 2: Conduct a Business Impact Analysis to Understand Requirements for Restoring Data
    • DRP Business Impact Analysis Tool
    • Legacy DRP Business Impact Analysis Tool
    • Data Protection Recovery Workflow

    3. Propose the future state of your data protection plan

    Determine the desired state.

    • Establish an Effective Data Protection Plan – Phase 3: Propose the Future State of Your Data Protection Plan

    4. Establish proper governance for your data protection plan

    Explore the component of governance required.

    • Establish an Effective Data Protection Plan – Phase 4: Establish Proper Governance for Your Data Protection Plan
    • Data Protection Proposal Template
    [infographic]

    Select and Use SDLC Metrics Effectively

    • Buy Link or Shortcode: {j2store}150|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $2,991 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization wants to implement (or revamp existing) software delivery metrics to monitor performance as well as achieve its goals.
    • You know that metrics can be a powerful tool for managing team behavior.
    • You also know that all metrics are prone to misuse and mismanagement, which can lead to unintended consequences that will harm your organization.
    • You need an approach for selecting and using effective software development lifecycle (SDLC) metrics that will help your organization to achieve its goals while minimizing the risk of unintended consequences.

    Our Advice

    Critical Insight

    • Metrics are powerful, dangerous, and often mismanaged, particularly when they are tied to reward or punishment. To use SDLC metrics effectively, know the dangers, understand good practices, and then follow Info-Tech‘s TAG (team-oriented, adaptive, and goal-focused) approach to minimize risk and maximize impact.

    Impact and Result

    • Begin by understanding the risks of metrics.
    • Then understand good practices associated with metrics use.
    • Lastly, follow Info-Tech’s TAG approach to select and use SDLC metrics effectively.

    Select and Use SDLC Metrics Effectively Research & Tools

    Start here – read the Executive Brief

    Understand both the dangers and good practices related to metrics, along with Info-Tech’s TAG approach to the selection and use of SDLC metrics.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the dangers of metrics

    Explore the significant risks associated with metrics selection so that you can avoid them.

    • Select and Use SDLC Metrics Effectively – Phase 1: Understand the Risks of Metrics

    2. Know good practices related to metrics

    Learn about good practices related to metrics and how to apply them in your organization, then identify your team’s business-aligned goals to be used in SDLC metric selection.

    • Select and Use SDLC Metrics Effectively – Phase 2: Know Good Practices Related to Metrics
    • SDLC Metrics Evaluation and Selection Tool

    3. Rank and select effective SDLC metrics for your team

    Follow Info-Tech’s TAG approach to selecting effective SDLC metrics for your team, create a communication deck to inform your organization about your selected SDLC metrics, and plan to review and revise these metrics over time.

    • Select and Use SDLC Metrics Effectively – Phase 3: Rank and Select Effective SDLC Metrics for Your Team
    • SDLC Metrics Rollout and Communication Deck
    [infographic]

    Workshop: Select and Use SDLC Metrics Effectively

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Dangers of Metrics

    The Purpose

    Learn that metrics are often misused and mismanaged.

    Understand the four risk areas associated with metrics: Productivity loss Gaming behavior Ambivalence Unintended consequences

    Productivity loss

    Gaming behavior

    Ambivalence

    Unintended consequences

    Key Benefits Achieved

    An appreciation of the dangers associated with metrics.

    An understanding of the need to select and manage SDLC metrics carefully to avoid the associated risks.

    Development of critical thinking skills related to metric selection and use.

    Activities

    1.1 Examine the dangers associated with metric use.

    1.2 Share real-life examples of poor metrics and their impact.

    1.3 Practice identifying and mitigating metrics-related risk.

    Outputs

    Establish understanding and appreciation of metrics-related risks.

    Solidify understanding of metrics-related risks and their impact on an organization.

    Develop the skills needed to critically analyze a potential metric and reduce associated risk.

    2 Understand Good Practices Related to Metrics

    The Purpose

    Develop an understanding of good practices related to metric selection and use.

    Introduce Info-Tech’s TAG approach to metric selection and use.

    Identify your team’s business-aligned goals for SDLC metrics.

    Key Benefits Achieved

    Understanding of good practices for metric selection and use.

    Document your team’s prioritized business-aligned goals.

    Activities

    2.1 Examine good practices and introduce Info-Tech’s TAG approach.

    2.2 Identify and prioritize your team’s business-aligned goals.

    Outputs

    Understanding of Info-Tech’s TAG approach.

    Prioritized team goals (aligned to the business) that will inform your SDLC metric selection.

    3 Rank and Select Your SDLC Metrics

    The Purpose

    Apply Info-Tech’s TAG approach to rank and select your team’s SDLC metrics.

    Key Benefits Achieved

    Identification of potential SDLC metrics for use by your team.

    Collaborative scoring/ranking of potential SDLC metrics based on their specific pros and cons.

    Finalize list of SDLC metrics that will support goals and minimize risk while maximizing impact.

    Activities

    3.1 Select your list of potential SDLC metrics.

    3.2 Score each potential metric’s pros and cons against objectives using a five-point scale.

    3.3 Collaboratively select your team’s first set of SDLC metrics.

    Outputs

    A list of potential SDLC metrics to be scored.

    A ranked list of potential SDLC metrics.

    Your team’s first set of goal-aligned SDLC metrics.

    4 Create a Communication and Rollout Plan

    The Purpose

    Develop a rollout plan for your SDLC metrics.

    Develop a communication plan.

    Key Benefits Achieved

    SDLC metrics.

    A plan to review and adjust your SDLC metrics periodically in the future.

    Communication material to be shared with the organization.

    Activities

    4.1 Identify rollout dates and responsible individuals for each SDLC metric.

    4.2 Identify your next SDLC metric review cycle.

    4.3 Create a communication deck.

    Outputs

    SDLC metrics rollout plan

    SDLC metrics review plan

    SDLC metrics communication deck

    Select a Sourcing Partner for Your Development Team

    • Buy Link or Shortcode: {j2store}508|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Application Development
    • Parent Category Link: /application-development
    • You have identified that a change to your sourcing strategy is required, based on market and company factors.
    • You are ready to select a new sourcing partner to drive innovation, time to market, increased quality, and improved financial performance.
    • Taking on a new partner is a significant investment and risk, and you must get it right the first time.
    • You need to make a change now to prevent losing clients and falling further behind your performance targets and your market.

    Our Advice

    Critical Insight

    Selecting a sourcing partner is a function of matching complex factors to your own firm. It is not a simple RFP exercise; it requires significant introspection, proactive planning, and in-depth investigation of potential partners to choose the right fit.

    Impact and Result

    Choosing the right sourcing partner is a four-step process:

    1. Assess your companies' skills and processes in the key areas of risk to sourcing initiatives.
    2. Based on the current situation, define a profile for the matching sourcing partner.
    3. Seek matching partners from the market, either in terms of vendor partners or in terms of sourcing locations.
    4. Based on the choice of partner, build a plan to implement the partnership, define metrics to measure success, and a process to monitor.

    Select a Sourcing Partner for Your Development Team Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select a Sourcing Partner for Your Development Team Storyboard – Use this presentation to select a partner to best fit your sourcing needs and deliver long-term value.

    This project helps select a partner for sourcing of your development team so that you can realize the benefits from changing your sourcing strategy.

    • Select a Sourcing Partner for Your Development Team Storyboard

    2. Select a Sourcing Partner for Your Development Team Presentation Template – Use this template to build a presentation to detail your decision on a sourcing partner for your development team.

    This presentation template is designed to capture the results from the exercises within the storyboard and allow users to build a presentation to leadership showing how selection was done.

    • Select a Sourcing Partner for Your Development Team Presentation Template

    3. Select a Sourcing Partner for Your Development Team Presentation Example – Use this as a completed example of the template.

    This presentation template portrays what the completed template looks like by showing sample data in all tables. It allows members to see how each exercise leads to the final selection of a partner.

    • Select a Sourcing Partner for Your Development Team Example Template
    [infographic]

    Further reading

    Select a Sourcing Partner for Your Application Development Team

    Choose the right partner to enable your firm to maximize the value realized from your sourcing strategy.

    Analyst Perspective

    Selecting the right partner for your sourcing needs is no longer a cost-based exercise. Driving long-term value comes from selecting the partner who best matches your firm on a wide swath of factors and fits your needs like a glove.

    Sourcing in the past dealt with a different kind of conversation involving two key questions:

    Where will the work be done?

    How much will it cost?

    How people think about sourcing has changed significantly. People are focused on gaining a partner, and not just a vendor to execute a single transaction. They will add skills your team lacks, and an ability to adapt to your changing needs, all while ensuring you operate within any constraints based on your business.

    Selecting a sourcing partner is a matching exercise that requires you to look deep into yourself, understand key factors about your firm, and then seek the partner who best meets your profile.

    The image contains a picture of Dr. Suneel Ghei.

    Dr. Suneel Ghei
    Principal Research Director, Application Development
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • You have identified that a change to your sourcing strategy is required based on market and company factors.
    • You are ready to select a new sourcing partner to drive innovation, time to market, increased quality, and improve financial performance.
    • Taking on a new partner is a significant investment and risk, and you must get it right the first time.
    • You need to make a change now to avoid falling further behind your performance targets and your market, and losing clients.

    Almost half of all sourcing initiatives do not realize the projected savings, and the biggest reason is the choice of partner.

    The market for Application Development partners has become more diverse, increasing choice and the risk of making a costly mistake by choosing the wrong partner.

    Firms struggle with how best to support the sourcing partner and allocate resources with the right skills to maximize success, increasing the cost and time to implement, and limiting benefits.

    Making the wrong choice means inferior products, and higher costs and losing both clients and reputation.

    • Choosing the right sourcing partner is a four-step process:
    1. Assess your company's skills and processes in the key areas of risk to sourcing initiatives.
    2. Based on the current situation, define a profile for the matching sourcing partner.
    3. Seek matching partners from the market, either in terms of vendor partners or in terms of sourcing locations.
    4. Based on your choice of partner, build a plan to implement the partnership, and define metrics to measure success and a process to monitor.

    Info-Tech Insight

    Successfully selecting a sourcing partner is not a simple RFP exercise to choose the lowest cost. It is a complex process of introspection, detailed examination of partners and locations, and matching the fit. It requires you to seek a partner that is the Yin to your Yang, and failure is not an option.

    You need a new source for development resources

    You are facing immediate challenges that require a new approach to development resourcing.

    • Your firm is under fire; you are facing pressures financially from clients and your competitors.
    • Your pace of innovation and talent sourcing is too slow and too limiting.
    • Your competition is moving faster and your clients are considering their options.
    • Revenues and costs of development are trending in the wrong direction.
    • You need to act now to avoid spiraling further.

    Given how critical our applications are to the business and our clients, there is no room for error in choosing our partner.

    A study of 121 firms outsourcing various processes found that 50% of those surveyed saw no gains from the outsourcing arrangement, so it is critical to make the right choice the first time.

    Source: Zhang et al

    Big challenges await you on the journey

    The road to improving sourcing has many potholes.

    • In a study of 121 firms who moved development offshore, almost 50% of all outsourcing and offshoring initiatives do not achieve the desired results.
    • In another study focused on large corporations, it was shown that 70% of respondents saw negative outcomes from offshoring development.
    • Globalization of IT Services and the ability to work from anywhere have contributed to a significant increase in the number of development firms to choose from.
    • Choosing and implementing a new partner is costly, and the cost of choosing the wrong partner and then trying to correct your course is significant in dollars and reputation:
      • Costs to find a new partner and transition
      • Lost revenue due to product issues
      • Loss of brand and reputation due to poor choice
    • The wrong choice can also cost you in terms of your own resources, increasing the risk of losing more knowledge and skills.

    A survey of 25 large corporate firms that outsourced development offshore found that 70% of them had negative outcomes.

    (Source: University of Oregon Applied Information Management, 2019)

    Info-Tech’s approach

    Selecting the right partner is a matching exercise.

    Selecting the right partner is a complex exercise with many factors

    1. Look inward. Assess your culture, your skills, and your needs.
    • Market
    • People
    • Culture
    • Technical aspects
  • Create a profile for the perfect partner to fit your firm.
    • Sourcing Strategy
    • Priorities
    • Profile
  • Find the partner that best fits your needs
    • Define RFx
    • Target Partners
    • Evaluate
  • Implement the partner and put in metrics and process to manage.
    • Contract Partner
    • Develop Goals
    • Create Process and Metrics

    The Info-Tech difference:

    1. Assess your own organization’s characteristics and capabilities in four key areas.
    2. Based on these characteristics and the sourcing strategy you are seeking to implement, build a profile for your perfect partner.
    3. Define an RFx and assessment matrix to survey the market and select the best partner.
    4. Implement the partner with process and controls to manage the relationship, built collaboratively and in place day 1.

    Insight summary

    Overarching insight

    Successfully selecting a sourcing partner is not a simple RFP exercise to choose the lowest cost. It is a complex process of introspection, detailed examination of partners and locations, and matching the fit. It requires you to seek a partner that is the Yin to your Yang, and failure is not an option.

    Phase 1 insight

    Fitting each of these pieces to the right partner is key to building a long-term relationship of value.

    Selecting a partner requires you to look at your firm in depth from a business, technical, and organizational culture perspective.

    Phase 2 insight

    The factors we have defined serve to build us a profile for the ideal partner to engage in sourcing our development team. This profile will lead us to be able to define our RFP / RFI and assess respondents.

    Phase 3/4 insight

    Implement the relationship the same way you want it to work, as one team. Work together on contract mechanism, shared goals, metrics, and performance measurement. By making this transparent you hasten the development of a joint team, which will lead to long-term success.

    Tactical insight

    Ensure you assess not just where you are but where you are going, in choosing a partner. For example, you must consider future markets you might enter when choosing the right sourcing, or outsourcing location to maintain compliance.

    Tactical insight

    Sourcing is not a replacement for your full team. Skills must be maintained in house as well, so the partner must be willing to work with the in-house team to share knowledge and collaborate on deliverables.

    Addressing the myth – Single country offshoring or outsourcing

    Research shows that a multi-country approach has a higher chance of success.

    • Research shows that firms trying their own captive development centers fail 20% of the time. ( Journal of Information Technology, 2008)
    • Further, the overall cost of ownership for an offshore center has shown to be significantly higher than the cost of outsourcing, as the offshore center requires more internal management and leadership.
    • Research shows that offshoring requires the offshore location to also house business team members to allow key relationships to be built and ensure more access to expertise. (Arxiv, 2021)
    • Given the specificity of employment laws, cultural differences, and leadership needs, it is very beneficial to have a Corporate HR presence in countries where an offshore center is being set up. (Arxiv, 2021)
    • Lastly, given the changing climate on security, geopolitical changes, and economic factors, our research with service providers and corporate clients shows a need to have more diversity in provider location than a single center can provide.

    Info-Tech Insight

    Long-term success of sourcing requires more than a development center. It requires a location that houses business and HR staff to enable the new development team to learn and succeed.

    Addressing the myth – Outsourcing is a simple RFP for skills and lowest cost

    Success in outsourcing is an exercise in finding a match based on complex factors.

    • In the past, outsourcing was a simple RFP exercise to find the cheapest country with the skills.
    • Our research shows this is no longer true; the decision is now more complex.
    • Competition has driven costs higher, while time business integration and security constraints have served to limit the markets available.
    • Company culture fit is key to the ability to work as one team, which research shows is a key element in delivery of long-term value. (University of Oregon, 2019).
    • These are some of the many factors that need to be considered as you choose your outsourcing partner.
    • The right decision is to find the vendor that best matches the current state of your culture, meets your market constraints, and will allow for best integration to your team – it's not about cheapest or pure skills. (IEEE Access, 2020)

    Info-Tech Insight

    Finding the right outsourcing vendor is an exercise in knowing yourself and then finding the best match to align with your key traits. It's not just costs and skills, but the partner who best matches with your ability to mitigate the risks of outsourcing.

    Phase 1

    Look inward to gain insight on key factors

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    This phase will walk you through assessing and documenting the key driving factors about your firm and the current situation.

    By defining these factors, you will be able to apply this information in the matching process to select the best fit in a partner.

    This phase involves the following participants:

    Line of Business leaders

    Technology leaders

    Key criteria to assess your firm

    Research shows firms must assess themselves in different areas.

    Market factors

    • Who are your clients and your competitors, and what legal constraints do you face?

    People / Process factors

    • What employee skills are you seeking, what is your maturity in product management and stakeholder engagement, and what languages are spoken most predominantly?

    Cultural factors

    • What is your culture around communications, collaboration, change management, and conflict resolution?

    Technical factors

    • What is your current / future technical platform, and what is the maturity of your applications?

    Info-Tech Best Practice

    When assessing these areas, consider where you are today and where you want to go tomorrow, as choosing a partner is a long-term endeavor.

    Step 1.1

    Assess your market factors

    Activities

    1.1.1 Review your client list and future projections to determine your market factors.

    1.1.2 Review your competitive analysis to determine your competitive factors

    This step involves the following participants:

    Business leaders

    Product Owners

    Technology leaders

    Outcomes of this step

    Details of key market factors that will drive the selection of the right partner.

    Market factors

    The Market has a lot to say about the best match for your application development partner.

    Research in the space has defined key market-based factors that are critical when selecting a partner.

    1. Market sectors you service or plan to service – This is critical, as many market sectors have constraints on where their data can be accessed or stored. These restrictions also change over time, so they must be consistently reviewed.
    • E.g. Canadian government data must be stored and only accessed in Canada.
    • E.g. US Government contracts require service providers to avoid certain countries.
  • Your competitors – Your competitors can often seize on differences and turn them to differentiators; for example, offshoring to certain countries can be played up as a risk by a competitor who does all their work in a particular country.
  • Your clients – Research shows that clients can have very distinct views on services being performed in certain countries due to perceived risk, culture, and geopolitical factors. Understanding the views of major clients on globalization of services is a key factor in maintaining client satisfaction.
  • Info-Tech Insight

    Understanding your current and future market factors ensure that your business can not only be successful with the chosen partner today, but also in the future.

    1.1.1 Assess your market factors

    30 min

    Market factors

    1. Group your current client list into three categories:
      1. Those that have no restrictions on data security, privacy or location.
      2. Those that ask for assurances on data security, privacy and location.
      3. Those clients who have compliance restrictions related to data security, privacy, and location.
    2. Categorize future markets into the same three categories.
    3. Based on revenue projections, estimate the revenue from each category as a percentage of your total revenue.

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Current client list
    • Future market plans
    • Competitive analysis
    • Completion of the Market Factors chart in the Select a Sourcing Partner for Your Development Team template
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Line of business leaders
    • Finance leaders

    Assess your market factors

    Market and sector

    Market share and constraints

    Market category

    Sector – Public, private or both

    Market share of category

    Key areas of concern

    Not constrained by data privacy, security or location

    Private

    50%

    Require assurances on data security, privacy or location

    Public

    45%

    Data access

    Have constraints that preclude choices related to data security, privacy and location

    Public

    5%

    Data residency

    1.1.2 Review your competitive factors

    30 min

    Competitive factors

    1. List your largest competitors.
    2. Document their sourcing strategies for their development team – are they all onshore or nearshore? Do they outsource?
    3. Based on this, identify competitive threats based on changing sourcing strategies.

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Current client list
    • Future market plans
    • Competitive analysis
    • Completion of the Market Factors chart in the Select a Sourcing Partner for Your Development Team template
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Line of business leaders
    • Finance leaders

    Review your competitive factors

    Competitors

    Competitor sourcing strategy

    Competitive threats

    Competitor

    Where is the market?

    Is this onshore / near shore / offshore?

    Data residency

    How could competitors take advantage of a change in our sourcing strategy?

    Competitor X

    Canada / US

    All work done in house and onshore

    Kept in Canada / US

    If we source offshore, we will face a Made in Canada / US threat

    Step 1.2

    Consider your people-related factors

    Activities

    1.2.1 Define your people factors

    1.2.2 Assess your process factors

    This step involves the following participants:

    Technical leaders

    Outcomes of this step

    Details of key people factors that will drive the selection of the right partner.

    People / process factors

    People and process have a large hand in the success or failure of a partner relationship.

    • Alignment of people and process are critical to the success of the partner relationship over the long term.
    • In research on outsourcing / offshoring, Rahman et al identified ten factors that directly impact success or failure in offshoring or outsourcing of development.
    • Key among them are the following:
      • Employee skills
      • Project management
      • Maturity of process concerning product and client management
      • Language barrier

    Info-Tech Insight

    People are a critical resource in any sourcing strategy. Making sure the people and the processes will mesh seamlessly is how to ensure success.

    1.2.1 Define your people factors

    30 min

    Skills Inventory

    1. List skills needed in the development team to service current needs.
    2. Based on future innovation and product direction, add skills you foresee needing in the next 12-24 months. Where do you see a new technology platform (e.g. move from .NET to Java) or innovation (addition of Mobile)?
    3. List current skills present in the team.
    4. Identify skills gaps.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Product plans for current and future products
    • Technology platform plans for current products
    • Future innovation plans
    • People- and process-related factors that influence sourcing decisions
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Solution architects

    Assess your people - Skills inventory

    Skills required

    Strategic value

    Skills present

    Skill you are seeking

    Required today or in the future

    Rate the skill level required in this area

    Is this a strategic focus for the firm for future targets?

    Is this skill present in the team today?

    Rate current skill level (H/M/L)

    Java Development

    Future

    High

    Yes

    No

    Low

    .Net Development

    Today

    Med

    No

    Yes

    High

    1.2.2 Assess your process factors

    30 min

    Process factors

    1. Do you have a defined product ownership practice?
    2. How mature is the product ownership for the product you are seeking to change sourcing for (H/M/L)?
    3. Do you have project management principles and governance in place for software releases?
    4. What is the relative maturity / skill in the areas you are seeking sourcing for (H/M/L)?

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Product plans for current and future products
    • Technology platform plans for current products
    • Future innovation plans
    • People- and process-related factors that influence sourcing decisions
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Solution architects

    Assess your process factors

    Product ownership

    Project management

    Product where sourcing is being changed

    Product ownership in place?

    Skills / maturity rating (H/M/L)

    Project management / governance in place for software releases

    Rate current maturity / skill level (H/M/L)

    ABC

    Yes

    High

    Yes

    High

    SQW

    No

    Low

    Yes

    High

    Step 1.3

    Review your current culture

    Activities

    1.3.1 Assess your communications factors

    1.3.2 Assess your conflict resolution factors

    This step involves the following participants:

    Technical leaders

    Product owners

    Project managers

    Outcomes of this step

    Details of key culture factors that will drive the selection of the right partner.

    Cultural factors

    Organization culture fit is a driver of collaboration between the teams, which drives success.

    • In their study of country attractiveness for sourcing development, Kotlarsky and Oshri point to the ability of the client and their sourcing partner to work as one team as a key to success.
    • This requires synergies in many cultural factors to avoid costly miscommunications and misinterpretations that damage collaboration.
    • Key factors in achieving this are:
      • Communications methodology and frequency; managing and communicating to the teams as one team vs two, and communicating at all levels, vs top down.
      • Managing the team as one integrated team, with collaboration enabled between all resources, rather than the more adversarial client vs partner approach.
      • Conflict resolution strategies must align so all members of the extended team work together to resolve conflict vs the traditional “Blame the Contractors”.
      • Strong change management is required to keep all team members aligned.

    Info-Tech Insight

    Synergy of culture is what enables a good partner selection to become a long-term relationship of value.

    1.3.1 Assess your communications factors

    30 min

    1. List all the methods you use to communicate with your development team – face to face, email, conference call, written.
    2. For each form of communication confirm frequency, medium, and audience (team vs one-on-one)
    3. Confirm if these communications take into account External vs Internal resources and different time zones, languages, and cultures.
    4. Is your development team broken up into teams by function, by location, by skill, etc., or do you operate as one team?

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Communication process with existing development team
    • Examples of how external staff have been integrated into the process
    • Examples of conflicts and how they were resolved
    • Documentation of key cultural characteristics that need to be part of provider profiling
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Project managers

    Assess your communications strategy

    Communications

    Type

    Frequency

    Audience

    One communication or one per audience?

    Level of two-way dialogue

    Face-to-face team meetings

    Weekly

    All developers

    One

    High

    Daily standup

    Daily

    Per team

    One per audience

    Low

    1.3.2 Assess your conflict resolution factors

    30 min

    1. How does your organization handle the following types of conflict? Rate from 1-5, with 1 being hierarchical and 5 being openly collaborative.
      1. Developers on a team disagree.
      2. Development team disagrees with manager.
      3. Development team disagrees with product owner.
      4. Development team disagrees with line of business.
    2. Rate each conflict resolution strategy based on effectiveness.
    3. Confirm if this type of strategy is used for internal and external resources, or internal only.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Communication process with existing development team
    • Examples of how external staff have been integrated into the process
    • Examples of conflicts and how they were resolved
    • Documentation of key cultural characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Project managers

    Assess your conflict resolution strategy

    Conflict

    Resolution strategy

    Effectiveness

    Audience

    Conflict type

    Rate the resolution strategy from hierarchical to collaborative (1-5)

    How effective is this method of resolution from 1-5?

    Is this strategy used for external parties as well as internal?

    Developer to product owner

    44

    Yes

    Developer to manager

    12

    Yes

    Step 1.4

    Document your technical factors

    Activities

    1.4.1 Document your product / platform factors

    1.4.2 Document your environment details

    This step involves the following participants:

    Technical leaders

    Product owners

    Outcomes of this step

    Details of key technical factors that will drive the selection of the right partner.

    Technical factors

    Technical factors are still the foundation for a Development sourcing relationship.

    • While there are many organizational factors to consider, the matching of technological factors is still the root on which the sourcing relationship is built; the end goal is to build better software.
    • Key technical Items that need to be aligned based on the research are:
      • Technical infrastructure
      • Development environments
      • Development methodology and tools
      • Deployment methodology and tools
      • Lack of/poor-quality technical documentation
    • Most RFPs focus purely on skills, but without alignment on the above items, work becomes impossible to move forward quickly, limiting the chances of success.

    Info-Tech Insight

    Technical factors are the glue that enables teams to function together. Ensuring that they are fully integrated is what enables team integration; seams in that integration represent failure points.

    1.4.1 Document your product / platform factors

    30 mins

    1. How many environments does each software release go through from the start of development through release to production?
    2. What is the infrastructure and development platform?

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Development process
    • Deployment process
    • Operations process
    • IT security policies
    • Documentation of key technical characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Development leaders
    • Deployment team leaders
    • Infrastructure leaders
    • IT operations leaders
    • Product owners
    • Project managers

    Document your product / platform

    Product / Platform

    Product you are seeking a sourcing solution for

    What is the current infrastructure platform?

    How many environments does the product pass through?

    What is the current development toolset?

    ABC

    Windows

    Dev – QA – Preprod - Prod

    .Net / Visual Studio

    1.4.2 Document your environment details

    30 min

    For each environment detail the following:

    1. Environment on premises or in cloud
    2. Access allowed to external parties
    3. Production data present and unmasked
    4. Deployment process: automated or manual
    5. Tools used for automated deployment
    6. Can the environment be restored to last known state automatically?
    7. Does documentation exist on the environment, processes and procedures?

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Development process
    • Deployment process
    • Operations process
    • IT security policies
    • Documentation of key technical characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Development leaders
    • Deployment team leaders
    • Infrastructure leaders
    • IT operations leaders
    • Product owners
    • Project managers

    Document Your Environment Details

    Environment

    Location

    Access

    Deployment

    Data

    Name of Environment

    Is the environment on premises or in the cloud (which cloud)?

    Is external access allowed?

    Is deployment automated or manual?

    Tool used for deployment

    Is reset automated?

    Does the environment contain unmasked production data?

    Dev

    Cloud

    Yes

    Automated

    Azure DevOps

    Yes

    No

    QA

    Cloud

    Yes

    Automated

    Azure DevOps

    Yes

    No

    Preprod

    On Premises

    No

    Manual

    N/A

    No

    Yes

    Phase 2

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    This phase will help you to build a profile of the partner you should target in your search for a sourcing partner.

    This phase involves the following participants:

    Technology leaders

    Procurement leaders

    Product owners

    Project managers

    Build a profile for the right partner

    • Finding the perfect partner is a puzzle to solve, an exercise between the firm and the partners.
    • It is necessary to be able to prioritize and to identify opportunities where you can adapt to create a fit.
    • You must also bring forward the sourcing model you are seeking and prioritize factors based on that; for example, if you are seeking a nearshore partner, language may be less of a factor.

    Review factors based on sourcing choice

    Different factors are more important depending on whether you are insourcing or outsourcing.

    Key risks for insourcing

    • Alignment on communication strategy and method
    • Ability to align culturally
    • Need for face-to-face relationship building
    • Need for coaching skills

    Key risks for outsourcing

    • Giving control to the vendor
    • Legal and regulatory issues
    • Lack of knowledge at the vendor
    • Language and cultural fit

    Assessing your firm's position

    • The model you derived from the Sourcing Strategy research will inform the prioritization of factors for matching partners.

    Info-Tech Insight

    To find the best location for insourcing, or the best vendor for outsourcing, you need to identify your firm's positions on key risk areas.

    Step 2.1

    Recall your sourcing strategy

    Activities

    2.1.1 Define the key factors in your sourcing strategy

    This step involves the following participants:

    Technology Leaders

    Outcomes of this step

    Documentation of the Sourcing Strategy you arrived at in the Define a Sourcing Strategy exercises

    Choosing the right model

    The image contains a screenshot of the legend that will be used down below. The legend contains circles, from the left there is a empty circle, a one quarter filled circle, half filled circle, three-quarter filled circle , and a fully filled in circle.

    Determinant

    Key Questions to Ask

    Onshore

    Nearshore

    Offshore

    Outsource role(s)

    Outsource team

    Outsource product(s)

    Business dependence

    How much do you rely on business resources during the development cycle?

    The image contains a screenshot of the filled in whole circle to demonstrate high. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the empty circle to demonstrate low.

    Absorptive capacity

    How successful has the organization been at bringing outside knowledge back into the firm?

    The image contains a screenshot of the empty circle to demonstrate low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the filled in whole circle to demonstrate high.

    Integration complexity

    How many integrations are required for the product to function – fewer than 5, 5-10, or more than 10?

    The image contains a screenshot of the filled in whole circle to demonstrate high. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the empty circle to demonstrate low.

    Product ownership

    Do you have full-time product owners in place for the products? Do product owners have control of their roadmaps?

    The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the filled in whole circle to demonstrate high. The image contains a screenshot of the filled in whole circle to demonstrate high.

    Organization culture fit

    What are your organization’s communication and conflict resolution strategies? Is your organization geographically dispersed?

    The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the filled in whole circle to demonstrate high.

    Vendor mgmt skills

    What is your skill level in vendor management? How old are your longest-standing vendor relationships?

    The image contains a screenshot of the empty circle to demonstrate low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the filled in whole circle to demonstrate high.

    2.1.1 Define the key factors in your sourcing strategy

    30 min

    For each product you are seeking a sourcing strategy for, document the following:

    1. Product or team name.
    2. Sourcing strategy based on Define a Sourcing Strategy.
    3. The primary drivers that led to this selection – Business Dependence, Absorptive Capacity, Integration Complexity, Product Ownership, Culture or Vendor Management.
    4. The reasoning for the selection based on that factor – e.g. we chose nearshoring based on high business dependence by our development team.

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Sourcing Strategy from Define a Sourcing Strategy for your Development Team
    • Reasoning that drove the sourcing strategy selection
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leadership

    Define sourcing strategy factors

    Sourcing strategy

    Factors that led to selection

    Product you are seeking a sourcing solution for

    Strategy defined

    Key factors that led to that choice

    Reasoning

    ABC

    Outsourcing - Offshore

    • Product ownership
    • Business integration
    • Product maturity
    • Technical environment

    Mature product ownership and low requirement for direct business involvement.

    Mature product with lower environments in cloud.

    Step 2.2

    Prioritize your company factors

    Activities

    2.2.1 Prioritize the factors from your sourcing strategy and confirm if mitigation or adaptation are possible.

    This step involves the following participants:

    IT Leadership team

    Outcomes of this step

    Prioritized list of key factors

    2.2.1 Prioritize your sourcing strategy factors

    30 min

    1. For each of the factors listed in exercise 2.1, prioritize them by importance to the firm.
    2. For each factor, please confirm if there is room to drive change internally to overcome the lack of a match – for example, if the culture being changed in language and conflict resolution is an option, then say Yes for that factor.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Sourcing Strategy factors from 2.1
    • Prioritized list of sourcing strategy factors
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders

    Sourcing strategy factors and priority

    Sourcing strategy

    Factors that led to selection

    Priority of factor in decision

    Change possible

    Product you are seeking a sourcing solution for

    Strategy defined

    Key factors that led to your choice

    Reasoning

    Priority of factor 1-x

    Is there an opportunity to adapt this factor to a partner?

    ABC

    Outsourcing - offshore

    • Product ownership
    • Business integration
    • Product maturity
    • Technical environment

    Mature product ownership

    Low requirement for direct business involvement

    Mature product with lower environments in cloud

    2

    1

    3

    N

    N

    Y

    Step 2.3

    Create target profile

    Activities

    2.3.1 Profile your best fit

    This step involves the following participants:

    IT Leadership team

    Outcomes of this step

    Profile of the target partner

    Profiling your best fit

    Creating a target profile will help you determine which partners should be included in the process.

    Given the complexity of all the factors and trying to find the best fit from a multitude of partners, Info-Tech recommends forming a target profile for your best fit of partner.

    This profile provides a detailed assessment matrix to use to review potential partners.

    Profile should be created based on priority; "must haves" are high priority, while properties that have mitigation opportunities are optional or lower priority.

    Criteria

    Priority

    Some US Govt contracts – data and staff in NATO

    1

    Windows environment – Azure DEVOPS

    2

    Clients in FS

    3

    Agile SDLC

    4

    Collaborative communication and conflict resolution

    5

    Mature product management

    6

    Languages English and Spanish

    7

    Partner Profile

    • Teams in NATO and non-NATO countries
    • Windows skills with Azure
    • Financial Services experience
    • Utilize Agile and willing to plug into our teams
    • Used to collaborating with clients in one team environment
    • One centre in Latin / South America

    Info-Tech Insight

    The factors we have defined serve to build us a profile for the ideal partner to engage in sourcing our development team. This profile will lead us to be able to define our RFP / RFI and assess respondents.

    Case study: Cognizant is partnering with clients on product development

    INDUSTRY: Technology Services

    SOURCE: Interview with Jay MacIsaac, Cognizant

    Cognizant is driving quality solutions for clients

    • Strives to be primarily an industry-aligned organization that delivers multiple service lines in multiple geographies.
    • Seeks to carefully consider client culture to create one team.
    • Value proposition is a consultative approach bringing thought leadership and mutually adding value to the relationship vs the more traditional order taker development partner
    • Wants to share in solution development to facilitate shared successes. Geographic alignment drives knowledge of the client and their challenges, not just about time zone and supportability.
    • Offers one of the largest offshore capabilities in the world, supported by local and nearshore resources to drive local knowledge.
    • Realizes today’s clients don’t typically want a black box, they are sophisticated and want transparency around the process and solution, to have a partner.
    • Understands that clients do want to know where the work is being delivered from and how it's being delivered, and want to help manage expectations and overall risk.

    Synergy with Info-Tech’s approach

    • Best relationship comes when teams operate as one.
    • Clients are seeking value, not a development black box.
    • Clients want to have a partner they can engage with, not just an order taker.
    • Goal is a one-team culture with shared goals and delivering business value.
    • Ideal is a partner that will add to their thinking, not echo it.

    Results of this approach

    • Cognizant is continuing to deliver double-digit growth and continues to strive for top quartile performance.
    • Growth in the client base has seen the company grow to over 340,000 associates worldwide.

    Case study: Cabot Technology Solutions uses industry knowledge to drive successful partnerships

    INDUSTRY: Technology Services

    SOURCE: Interview with Shibu Basheer, Cabot Technology Solutions

    Cabot Technology Solutions findings

    • Cabot Technology Solutions looks to partner with clients and deliver expertise and value, not just application development.
      • Focus on building deep knowledge in their chosen vertical, Healthcare.
      • Focus on partnering with clients in this space who are seeking a partner to provide industry knowledge and use this to propel them forward.
      • Look to work with clients seeking a one team philosophy.
      • Avoid clients looking for a cheap provider.
    • Recognizing the initial apprehension to India as a location, they have built a practice in Ontario that serves as a bridge for their offshore team.
    • Cabot overcame initial views and built trust, while integrating the India team in parallel.

    Synergy with Info-Tech approach

    • Preference is partners, not a client/vendor relationship.
    • Single country model is set aside in favor of mix of near and offshore.
    • Culture is a one team approach, not the more adversarial order-taker approach.
    • Goal is to build long-term relationships of value, not task management.

    Results of this approach

    • Cabot is a recognized as a top software development company in many markets across the USA.
    • Cabot continues to drive growth and build referenceable client relationships across North America.

    2.3.1 Profile your best fit

    30 min

    1. Document the list of skills you are seeking from the People Factors – Skills Inventory in Section 1.2 – these represent the skills you are seeking in a partner.
    2. Document the culture you are looking for in a partner with respect to communications and conflict resolution in the culture section of the requirements – this comes from Section 1.3.
    3. Confirm the type of partner you are seeking – nearshore, offshore, or outsourcing based on the sourcing strategy priorities in Section 2.2.
    4. Confirm constraints that the partner must work under based on constraints from your market and competitor factors in Section 1.1.
    5. Confirm your technical requirements in terms of environments, tools, and processes that the vendor must align to from Section 1.4.

    Download the Select a Sourcing Partner Presentation Template

    Input Output

    All exercises done in Steps 11-1.4 and 2.1-2.2

    Profile of a target partner to drive the RFx Criteria

    Materials Participants

    Select a Sourcing Partner for Your Development Team Presentation template

    Development leaders

    Deployment team leaders

    Infrastructure leaders

    IT operations leaders

    Product owners

    Project managers

    RFP skills requirement

    People skills required

    Product ownership

    Project management

    Skill

    Skill level required

    Tools / platform requirement

    Details of product management methodology and skills

    Details of firm's project management methodology

    .NET

    Medium

    Windows

    Highly mature, high skill

    Highly mature, high skill

    Java

    High

    Windows

    Low

    High

    RFx cultural characteristics

    Communication strategy

    Conflict resolution

    Organization / management

    Communication mediums supported

    Frequency of meetings expected

    Conflict resolutions strategies used at the firm

    Management methodology

    Face to face

    Weekly

    Collaborative

    Online

    Daily

    Hierarchical with manager

    Hierarchical

    RFx market constraints

    Constraints

    Partner proposal

    Constraint type

    Restrictions

    Market size required for

    Reasoning

    Data residency

    Data must stay in Canada for Canadian Gov't clients

    5% Canada public sector

    Competitive

    Offshoring dev means competition can take advantage

    95% Clients

    Need strategy to show data and leadership in NA, but delivering more innovation at lower cost by going offshore

    RFx technical requirements

    Technical environments

    Infrastructure

    Alignment of SDLC

    Tools required for development team

    Access control software required

    Infrastructure location

    Number of environments from development to production

    .Net Visual Studio

    Microsoft

    Azure

    4

    RFx scope of services

    Work being sourced

    Team sizing

    Work being sourced

    Skill level required

    Average size of release

    Releases per year

    Java development of new product

    High

    3-month development

    6

    .NET staff augmentation

    Medium

    ½-month development

    12

    Phase 3

    Choose the partner that will best enable you to move forward as one integrated team.

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    For more details on Partner Selection, please refer to our research blueprint entitled Select an ERP Partner

    This phase will help you define your RFx for your provider search

    This phase involves the following participants:

    Vendor Management Team

    IT Leadership

    Finance Team

    Finding the right fit should always come before rates to determine value

    The right fit

    Determined in previous activities

    Negotiating will eventually bring the two together

    Value

    Rates

    Determined by skill and location

    Statement of Work (SOW) quality

    A quality SOW is the result of a quality RFI/RFP (RFx).

    The process up to now has been gathering the materials needed to build a quality RFx. Take this opportunity to review the outputs of the preceding activities to ensure that:

    • All the right stake holders have been engaged.
    • The requirements are complete.

    Info-Tech’s RFP Review as a Service looks for key items to ensure your RFx will generate quality responses and SOWs.

    • Is it well-structured with a consistent use of fonts and bullets?
    • Is it laid out in sections that are easily identifiable and progress from high-level to more detailed information?
    • Can a vendor quickly identify the ten (or fewer) things that are most important to you?

    The image contains a screenshot of the Request for Proposal Review as a Service.

    Step 3.1

    Review your RFx

    Activities

    3.1.1 Select your RFx template

    3.1.2 Finalize your RFx

    3.1.3 Weight each evaluation criteria

    This step involves the following participants:

    • Project team
    • Evaluation team
    • Vendor management team
    • CIO

    Outcomes of this step

    • Completed RFx

    Info-Tech’s RFI/RFP process

    Info-Tech has well-established vendor management templates and practices

    • Identify Need
    • Define Business Requirements
    • Gain Business Authorization
    • Perform RFI/RFP
    • Negotiate Agreement
    • Purchase Goods and Services
    • Assess and Measure Performance

    Info-Tech Best Practice

    You’ll want to customize templates for your organization, but we strongly suggest that you take whatever you feel best meets your needs from both the long- and short-form RFPs presented in this blueprint.

    The secret to managing an RFP is to make it manageable. And the secret to making an RFP manageable is to treat it like any other aspect of business – by developing a process. With a process in place, you are better able to handle whatever comes your way, because you know the steps you need to follow to produce a top-notch RFP.

    Your RFP process should be tailored to fit the needs and specifics of your organization and IT.

    Info-Tech Insight

    Create a better RFP process using Info-Tech’s well-established templates and methodology.

    Create a Better RFP Process

    In a hurry? Consider an enhanced RFI instead of an RFP.

    While many organizations rarely use RFIs, they can be an effective tool in the vendor manager’s toolbox when used at the right time in the right way. RFIs can be deployed in competitive targeted negotiations. An enhanced RFI (ERFI) is a two-stage strategy that speeds up the typical RFP process. The first stage is like an RFI on steroids, and the second stage is targeted competitive negotiation.

    Stage 1:

    Create an RFI with all the customary components. Next, add a few additional RFP-like requirements (e.g. operational and technical requirements). Make sure you include a request for budgetary pricing and provide any significant features and functionality requirements so that the vendors have enough information to propose solutions. In addition, allow the vendors to ask questions through your single point of coordination and share answers with all the vendors. Finally, notify the vendors that you will not be doing an RFP – this is it!

    Stage 2:

    Review the vendors’ proposals and select the best two. Negotiate with both vendors and then make your decision.

    The ERFI shortens the typical RFP process, maintains leverage for your organization, and works great with low- to medium-spend items (however your organization defines them). You’ll get clarification on vendors’ competencies and capabilities, obtain a fair market price, and meet your internal clients’ aggressive timelines while still taking steps to protect your organization.

    RFI Template

    The image contains a screenshot of the RFI Template.

    Use this template to create your RFI baseline template. Be sure to modify and configure the template to your organization’s specifications.

    Request for Information Template

    Long-Form RFP Template

    Configure Info-Tech’s Long-Form RFP Template for major initiatives

    The image contains a screenshot of the long-form RFP Template.

    A long-form or major RFP is an excellent tool for more complex and complicated requirements. This example is for a baseline RFP.

    It starts with best-in-class RFP terms and conditions that are essential to maintaining your control throughout the RFP process. The specific requirements for the business, functional, technical, and pricing areas should be included in the exhibits at the end of the template. That makes it easier to tailor the RFP for each deal, since you and your team can quickly identify specific areas that need modification. Grouping the exhibits together also makes it convenient for both your team to review, and the vendors to respond.

    You can use this sample RFP as the basis for your template RFP, taking it all as is or picking and choosing the sections that best meet the mission and objectives of the RFP and your organization.

    Source: Info-Tech’s The Art of Creating a Quality RFP

    Short-Form RFP Template

    Configure Info-Tech’s Short-Form RFP Template for minor or smaller initiatives

    The image contains a screenshot of the Short-Form RFP Template.

    This example is for a less complex RFP that has relatively basic requirements and perhaps a small window in which the vendors can respond. As with the long-form RFP, exhibits are placed at the end of the RFP, an arrangement that saves time for both your team and the vendors. Of course, the short-form RFP contains fewer specific instructions, guidelines, and rules for vendors’ proposal submissions.

    We find that short-form RFPs are a good choice when you need to use something more than a request for quote (RFQ) but less than an RFP running 20 or more pages. It’s ideal, for example, when you want to send an RFP to only one vendor or to acquire items such as office supplies, contingent labor, or commodity items that require significant vendor's risk assessment.

    Source: The Art of Creating a Quality RFP

    3.1.1 Select your RFx template

    1-3 hours

    1. As a group, download the RFx templates from the previous three slides.
    2. Review your RFx process as a group. Be sure to include the vendor management team.
    3. Be sure to consider organization-specific procurement guidelines. These can be included. The objective here is to find the template that is the best fit. We will finalize the template in the next activity.
    4. Determine the best template for this project.
    Input Output
    • RFx templates
    • The RFx template that will be used for this project
    Materials Participants
    • Info-Tech’s Enhanced RFI Template, Long-Form RFP Template, and Short-Form RFP Template
    • Vendor management team
    • Project team
    • Project manager

    Finalize your RFx

    Key insights

    Leverage the power of the RFP

    • Too often RFPs fail to achieve their intended purposes, and your organization feels the effects of a poorly created RFP for many years.
    • If you are faced with a single source vendor, you can perform an RFP to one to create the competitive leverage.

    Make the response and evaluation process easier

    • Being strategic in your wording and formatting makes it easier on both parties – easier for the vendors to submit meaningful proposals, and easier for customer teams to evaluate.
    • Create a level playing field to encourage competition. Without multiple proposals, your options are limited and your chances for a successful project plummet.

    Maximize the competition

    • Leverage a pre-proposal conference to resolve vendor questions and to ensure all vendors receive the same answers to all questions. No vendor should have an information advantage.

    Do’s

    • Leverage your team’s knowledge.
    • Document and explain your RFP process to stakeholders and vendors.
    • Include contract terms in your RFP.
    • Measure and manage performance after contract award.
    • Seek feedback from the RFP team on your process and improve it as necessary.

    Don'ts

    • Reveal your budget.
    • Do an RFP in a vacuum.
    • Send an RFP to a vendor your team is not willing to award the business to.
    • Hold separate conversations with candidate vendors during your RFP process.
    • Skimp on the requirements definition to speed the process.
    • Tell the vendor they are selected before negotiating.

    3.1.2 Finalize your RFx

    1-3 hours

    1. As a group, review the selected RFI or RFP template.
    2. This is YOUR document. Modify it to suit the needs of the organization and even add sections from the other RFP templates that are relevant to your project.
    3. Use the Supplementary RFx Material as a guide.
    4. Add the content created in Steps 1 and 2.
    5. Add any organization-specific clauses or requirements.
    6. Have the project team review and comment on the RFP.
    7. Optional: Use Info-Tech’s RFP Review Concierge Service.

    Download the RFx Vendor Evaluation Tool

    Download the Supplementary RFx Material

    InputOutput
    • RFx template
    • Organizational specific guidelines
    • Materials from Steps 1 and 2
    • Supplementary RFx Material
    • Finalized RFx
    MaterialsParticipants
    • Electronic RFP document for editing
    • Vendor management team
    • Project team
    • Project manager

    3.1.2 Bring it all together

    Supplementary RFx Material

    The image contains a screenshot of Supplementary RFx Material.

    Review the sample content to get a feel for how to incorporate the results of the activities you have worked through into the RFx template.

    RFx Templates

    Use one of our templates to build a ready-for-distribution implementation partner RFx tailored to the unique success factors of your implementation.

    Exercises in Steps 1 and 2

    The image contains a screenshot of Exercises in Steps 1 and 2

    Use the material gathered during each activity to inform and populate the implementation partner requirements that are specific for your organization and project.

    The image contains a screenshot of the Long Form RFx template.The image contains a screenshot of the Short Form RFx template.

    3.1.3 Weight each evaluation criteria

    1-3 hours

    1. As a group, review the selected RFI or RFP template.
    2. This is your document. Modify it to suit the needs of the organization and even add sections from the other RFP templates that are relevant to your project.
    3. Use the Supplementary RFx Material as a guide.
    4. Utilize the content defined in Steps 1 and 2.
    5. Add any organization-specific clauses or requirements.
    6. Have the project team review and comment on the RFP.
    7. Optional: Use Info-Tech’s RFP Review Concierge Service.

    Download the Supplementary RFx Material

    InputOutput

    RFx Vendor Evaluation Tool

    Exercises from Steps 1 and 2

    • Weighted scoring tool to evaluate responses
    MaterialsParticipants
    • RFx Vendor Evaluation Tool
    • Supplementary RFx Material
    • Vendor management team
    • Project team
    • Project manager

    3.1.3 Apply weight to each evaluation criteria

    Use this tool to weight each critical success factor based on results of the activities within the vendor selection workbook for later scoring results.

    The image contains a screenshot of the RFx Vendor Evaluation Tool.

    Download the RFx Vendor Evaluation Tool

    Step 3.2

    Identify target vendors

    Activities

    3.2.1 Identify target vendors

    3.2.2 Define your RFx timeline

    This step involves the following participants:

    • Project team
    • Vendor management team

    Outcomes of this step

    • Targeted vendor list
    • Initial RFx timeline

    3.2.1 Identify target vendors

    1-3 hours

    1. Based on the profile defined in Step 2.3, research potential partners that fit the profile, starting with those you may have used in the past. From this, build your initial list of vendors to target with your RFx.
    2. Break into smaller groups (or continue as a single group if it is already small) and review each shortlisted vendor to see if they will likely respond to the RFx.
    Input Output
    • Websites
    • Peers
    • Advisory groups
    • A shortlist of vendors to target with your RFx
    Materials Participants
    • RFx Vendor Evaluation Tool
    • CIO
    • Vendor management team
    • Project team
    • Evaluation team

    Download the RFx Vendor Evaluation Tool

    Define your RFx timeline

    Provider RFx timelines need to be clearly defined to keep the project and participants on track. These projects and processes can be long. Set yourself up for success by identifying the time frames clearly and communicating them to participants.

    1. Current
    • Concurrent ERP product selection
    • RFx preparation
    • Release of RFX
  • Near-term
    • Responses received
    • Scoring responses
    • Shortlisting providers
    • Provider interviews
    • Provider selection
    • Provider contract negotiations
    • Contract with provider
  • Future
    • Initiation of knowledge transfer
    • Joint development period
    • Cutover to provider team

    89% of roadmap views have at least some representation of time. (Roadmunk, n.d.)

    Info-Tech Insight

    The true value of time horizons is in dividing your timeline and applying different standards and rules, which allows you to speak to different audiences and achieve different communication objectives.

    3.2.2 Define your RFx timeline

    1-3 hours

    1. As a group identify an appropriate timeline for your RFP process. Info-Tech recommends no less than three months from RFx release to contract signing.

      Keep in mind that you need to allow for time to engage the team and perform some level of knowledge transfer, and to seed the team with internal resources for the initial period.
    2. Leave enough time for vendor responses, interviews, and reference checks.
    3. Once the timeline is finalized, document it and communicate it to the organization.

    Download the RFx Vendor Evaluation Tool

    Input Output
    • RFx template
    • Provider RFx timeline
    Materials Participants
    • RFx Vendor Evaluation Tool
    • Vendor management team
    • Project team
    • Project manager

    Define your RFx timeline

    The image contains a screenshot of an example of an RFx timeline.

    Step 3.3

    Evaluate vendor responses

    Activities

    3.3.1 Evaluate responses

    This step involves the following participants:

    • Evaluation team

    Outcomes of this step

    • Vendor submission scores

    3.3.1 Evaluate responses

    1-3 hours

    1. Use the RFx Vendor Evaluation Tool to collect and record the evaluation team's scores for each vendor's response to your RFx.
    2. Then record and compare each team member's scores to rank the vendors' responses.
    3. The higher the score, the closer the fit.

    Download the RFx Vendor Evaluation Tool

    InputOutput
    • Vendor responses
    • Vendor presentations
    • Vendor scores
    MaterialsParticipants
    • RFx Vendor Evaluation Tool
    • Evaluation team

    3.3.1 Score vendor results

    Use the RFx Vendor Evaluation Tool to score the vendors' responses to your RFx using the weighted scale from Activity 3.1.3.

    The image contains a screenshot of the RFx Vendor Evaluation Tool.

    Download the RFx Vendor Evaluation Tool

    Phase 4

    Measuring the new relationship

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    This phase will allow you to define the relationship with your newly chosen partner, including choosing the right contract mechanism, defining shared goals for the relationship, and selecting the metrics and processes to measure performance.

    This phase involves the following participants:

    IT leadership

    Procurement team

    Product owners

    Project managers

    Implementing the Partner

    Implementing the new partner is an exercise in collaboration

    • Successfully implementing your new partner is an exercise in working together
    1. Define a contract mechanism that is appropriate for the relationship, but is not meant as punitive, contract-based management – this sets you up for failure.
    2. Engage with your team and your partner as one team to build shared, measurable goals
    3. Work with the team to define the metrics and processes by which progress against these goals will be measured
  • Goals, metrics and process should be transparent to the team so all can see how their performance ties to success
  • Make sure to take time to celebrate successes with the whole team as one
  • Info-Tech Insight

    Implement the relationship the same way you want it to work: as one team. Work together on contract mechanism, shared goals, metrics, and performance measurement. This transparency and collaboration will build a one team view, leading to long-term success.

    Step 4.1

    Engage partner to choose contract mechanism

    Activities

    4.1.1 Confirm your contract mechanism

    This step involves the following participants:

    IT leadership

    Procurement team

    Vendor team

    Outcomes of this step

    Contract between the vendor and the firm for the services

    Negotiate agreement

    Evaluate your RFP responses to see if they are complete and if the vendor followed your instructions.

    Then:

    Plan negotiation(s) with one or more vendors based on your questions and opportunities identified during evaluation.

    Select finalist(s).

    Apply selection criteria.

    Resolve vendors' exceptions.

    Negotiate before you select your vendor:

    Negotiating with two or more vendors will maintain your competitive leverage while decreasing the time it takes to negotiate the deal.

    Perform legal reviews as necessary.

    Use sound competitive negotiations principles.

    Info-Tech Insight

    Be certain to include any commitments made in the RFP, presentations, and proposals in the agreement, as the standard for an underperforming vendor.

    Info-Tech Insight

    Providing contract terms in an RFP can dramatically reduce time for this step by understanding the vendor’s initial contractual position for negotiation.

    Leverage ITRG's negotiation process research for additional information

    For more details on this process please see our research Drive Successful Sourcing Outcomes with a Robust RFP Process

    4.1.1 Confirm your contract mechanism

    30 min

    1. Does the firm have prior experience with this type of sourcing arrangement?
    2. Does the firm have an existing services agreement with the selected partner?
    3. What contract mechanisms have been used in the past for these types of arrangements?
    4. What mechanism was proposed by the partner in their RFP response?

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Past sourcing agreements from Procurement
    • Proposed agreement from partner
    • Agreed upon contract mechanism
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Vendor management group
    • Partner leaders

    Choose the appropriate contract method

    Work being sourced

    Partner proposal

    Agreed-upon mechanism

    Work being sourced

    Vendor management experience with type

    Partner proposed contract method

    Agreed-upon contract method

    Java development team to build new product

    Similar work done with fixed price with another vendor

    Time and materials per scrum team

    Time and materials per scrum team to avoid vendor conflicts inherent in fixed price which limit innovation

    Step 4.2

    Engage partner team to define shared goals

    Activities

    4.2.1 Define your shared goals

    This step involves the following participants:

    IT leadership

    Vendor leadership

    Outcomes of this step

    Shared goals for the team

    Define success and shared goals

    Work together to define how you will measure yourselves.

    One team

    • Treating the new center and the existing team as one team is critical to long-term success.
    • Having a plan that allows for teams to meet frequently face-to-face "get to know you" and "stay connected" sessions will help the team gel.

    Shared goals

    • New group must share common goals and measurements.

    Common understanding

    • New team must have a common understanding and culture on key facets such as:
      • Measurement of quality
      • Openness to feedback and knowledge sharing
      • Culture of collaboration
      • Issue and Risk Management

    4.2.1 Define your shared goals

    30 min

    1. List each item in the scope of work for the sourcing arrangement – e.g. development of product XXX.
    2. For each scope item, detail the benefit expected by the firm – e.g. development cost expected to drop by 10% per year, or customer satisfaction improvement.
    3. For each benefit define how you will measure success – e.g. track cost of development for the development team assigned, or track Customer Satisfaction Survey results.
    4. For each measure, define a target for this year – e.g. 10% decrease over last year's cost, or customer satisfaction improvement from 6 to 7.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Services being procured from RFx
    • Benefits expected from the sourcing strategy
    • Baseline scores for measurements
    • Shared goals agreed upon between team and partner
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Partner leaders

    Define goals collaboratively

    Role and benefit

    Goals and objectives

    Role / work being sourced

    Benefit expected

    Measure of success

    Year over year targets

    Java development team to build new product

    New product to replace aging legacy

    Launch of new product

    Agree on launch schedule and MVP for each release / roadmap

    Step 4.3

    Choose your success metrics

    Activities

    4,3.1 Define metrics and process to monitor

    This step involves the following participants:

    IT leadership

    Product owners

    Project managers

    Vendor leaders

    Outcomes of this step

    Metrics and process to measure performance

    4.3.1 Define metrics and process to monitor

    30 min

    1. For each goal defined and measure of success, break down the measure into quantifiable, measurable factors – e.g. Development cost is defined as all the costs tracked to the project including development, deployment, project management, etc.
    2. For each factor choose the metric that can be reported on – e.g. project actuals.
    3. For each metric define the report and reporting frequency – e.g. monthly project actuals from project manager.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Development process
    • Deployment process
    • Operations process
    • IT Security policies
    • Documentation of key technical characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Development leaders
    • Deployment team leaders
    • Infrastructure leaders
    • IT operations leaders
    • Product owners
    • Project managers

    Agreed-upon metrics

    Goal

    Metrics and process

    Agreed-upon goal

    Year 1 target

    Metric to measure success

    Measurement mechanism

    Deliver roadmap of releases

    3 releases – MVP in roadmap

    Features and stories delivered

    Measure delivery of stories from Jira

    Research Contributor

    The image contains a picture of Alaisdar Graham.

    Alaisdar Graham

    Executive Counsellor

    Info-Tech Research Group

    During Alaisdar’s 35-year career in information and operational technology, Alaisdar has been CIO for public sector organizations and private sector companies. He has been an entrepreneur with his own consultancy and a founder or business advisor with four cyber-security start-ups, Alaisdar has developed experience across a broad range of industries within a number of different countries and become known for his ability to drive business benefits and improvements through the use of technology.

    Alaisdar has worked with CXO-level executives across different businesses. Whether undertaking a digital transformation, building and improving IT functions across your span of control, or helping you create and execute an integrated technology strategy, Alaisdar can provide insight while introducing you to Info-Tech Research Group’s experts. Alaisdar’s experience with organizational turn- around, governance, project, program and portfolio management, change management, risk and security will support your organization’s success.

    Research Contributor

    The image contains a picture of Richard Nachazel.

    Richard Nachazel

    Executive Counsellor

    Info-Tech Research Group

    • Richard has more than 40 years working in various Fortune 500 organizations. His specialties are collaborating with business and IT executives and senior stakeholders to define strategic goals and transform operational protocols, standards, and methodologies. He has established a reputation at multiple large companies for taking charge of critical, high-profile enterprise projects in jeopardy of failure and turning them around. Colleagues and peers recognize his ability to organize enterprise efforts, build, develop, and motivate teams, and deliver outstanding outcomes.
    • Richard has worked as a Global CISO & Head of IT Governance for a Swiss Insurance company, Richard developed and led a comprehensive Cyber-Security Framework that provided leadership and oversight of the cyber-security program. Additionally, he was responsible for their IT Governance Risk & Compliance Operation and the information data security compliance in a complex global environment. Richard’s experience with organizational turn around, governance, risk, and controls, and security supports technology delivery integration with business success. Richard’s ability to engage executive and senior management decision makers and champion vision will prove beneficial to your organization.

    Research Contributor

    The image contains a picture of Craig Broussard.

    Craig Broussard

    Executive Counsellor

    Info-Tech Research Group

    • Craig has over 35 years of IT experience including software development, enterprise system management, infrastructure, and cyber security operations. Over the last 20 years, his focus has been on infrastructure and security along with IT service management. He’s been an accomplished speaker and panelist at industry trade events over the past decade.
    • Craig has served as Global Infrastructure Director for NCH Corporation, VP of Information Technology at ATOS, and earlier in his career as the Global Head of Data Center Services at Nokia Siemens Networks. Craig also worked for MicroSolutions (a Mark Cuban Company). Additionally, Craig received formal consulting training while working for IBM Global Services.
    • Craig’s deep experience across many aspects of IT from Governance through Delivery makes him an ideal partner for Info-Tech members.

    Bibliography

    Offshore, Onshore or Hybrid–Choosing the Best IT Outsourcing Model. (n.d.).
    Offshore Dedicated Development Team – A Compelling Hiring Guide. (n.d.).
    The Three Non-Negotiables Of IT Offshoring. (n.d.). Forbes.
    Top Ten Countries For Offshoring. Forbes, 2004.
    Nearshoring in Europe: Choose the Best Country for IT Outsourcing - The World Financial Review. (n.d.).
    Select an Offshore Jurisdiction. The Best Countries for Business in 2021-2022! | InternationalWealth.info. (n.d.).
    How to Find the Best Country to Set Up an Offshore Company. (n.d.). biz30.
    Akbar, M. A., Alsanad, A., Mahmood, S., & Alothaim, A. (2021). Prioritization-based taxonomy of global software development challenges: A FAHP based analysis. IEEE Access, 9, 37961–37974
    Ali, S. (2018). Practices in Software Outsourcing Partnership: Systematic Literature Review Protocol with Analysis. Journal of Computers, (February), 839–861
    Baird Georgia, A. (2007). MISQ Research Curation on Health Information Technology 2. Progression of Health IT Research in MIS Quarterly. MIS Quarterly, 2007(June), 1–14.
    Akbar, M. A., Alsanad, A., Mahmood, S., & Alothaim, A. (2021). Prioritization-based taxonomy of global software development challenges: A FAHP based analysis. IEEE Access, 9, 37961–37974
    Ali, S. (2018). Practices in Software Outsourcing Partnership: Systematic Literature Review Protocol with Analysis. Journal of Computers, (February), 839–861
    Baird Georgia, A. (2007). MISQ Research Curation on Health Information Technology 2. Progression of Health IT Research in MIS Quarterly. MIS Quarterly, 2007(June), 1–14.
    Carmel, E., & Abbott, P. (2006). Configurations of global software development: offshore versus nearshore. … on Global Software Development for the Practitioner, 3–7.
    Hanafizadeh, P., & Zare Ravasan, A. (2018). A model for selecting IT outsourcing strategy: the case of e-banking channels. Journal of Global Information Technology Management, 21(2), 111–138.
    Ishizaka, A., Bhattacharya, A., Gunasekaran, A., Dekkers, R., & Pereira, V. (2019). Outsourcing and offshoring decision making. International Journal of Production Research, 57(13), 4187–4193.
    Jeong, J. J. (2021). Success in IT offshoring: Does it depend on the location or the company? Arxiv.
    Joanna Minkiewicz, J. E. (2009). Deakin Research Online Online. 2007, Interrelationships between Innovation and Market Orientation in SMEs, Management Research News, Vol. 30, No. 12, Pp. 878-891., 30(12), 878–891.

    Bibliography

    King, W. R., & Torkzadeh, G. (2016). Special Issue Information Systems Offshoring : Research Status and Issues. MIS Quarterly, 32(2), 205–225.
    Kotlarsky, J., & Oshri, I. (2008). Country attractiveness for offshoring and offshore outsourcing: Additional considerations. Journal of Information Technology, 23(4), 228–231.
    Lehdonvirta, V., Kässi, O., Hjorth, I., Barnard, H., & Graham, M. (2019). The Global Platform Economy: A New Offshoring Institution Enabling Emerging-Economy Microproviders. Journal of Management, 45(2), 567–599.
    Mahajan, A. (2018). Risks and Benefits of Using Single Supplier in Software Development. Oulu University of Applied Sciences. Retrieved from
    Murberg, D. (2019). IT Offshore Outsourcing: Best Practices for U.S.-Based Companies. University of Oregon Applied Information Management, 1277(800), 824–2714.
    Nassimbeni, G., Sartor, M., & Dus, D. (2012). Security risks in service offshoring and outsourcing. Industrial Management and Data Systems, 112(3), 405–440.
    Olson, G. M., & Olson, J. S. (2000). Distance matters. Human-Computer Interaction, 15(2–3), 139–178.
    Pilkova, A., & Holienka, M. (2018). Home-Based Business in Visegrad Countries: Gem Perspective. Innovation Management, Entrepreneurship and Sustainability 2018 Proceedings of the 6th International Conference.
    Rahman, H. U., Raza, M., Afsar, P., Alharbi, A., Ahmad, S., & Alyami, H. (2021). Multi-criteria decision making model for application maintenance offshoring using analytic hierarchy process. Applied Sciences (Switzerland), 11(18).
    Rahman, H. U., Raza, M., Afsar, P., Khan, H. U., & Nazir, S. (2020). Analyzing factors that influence offshore outsourcing decision of application maintenance. IEEE Access, 8, 183913–183926.
    Roadmunk. What is a product roadmap? Roadmunk, n.d. Accessed 12 Oct. 2021.
    Rottman, J. W., & Lacity, M. C. (2006). Proven practices for effectively offshoring IT work. MIT Sloan Management Review.
    Smite, D., Moe, N. B., Krekling, T., & Stray, V. (2019). Offshore Outsourcing Costs: Known or Still Hidden? Proceedings - 2019 ACM/IEEE 14th International Conference on Global Software Engineering, ICGSE 2019, 40–47.
    Welsum, D. Van, & Reif, X. (2005). Potential Offshoring: Evidence from Selected OECD Countries. Brookings Trade Forum, 2005(1), 165–194.
    Zhang, Y., Liu, S., Tan, J., Jiang, G., & Zhu, Q. (2018). Effects of risks on the performance of business process outsourcing projects: The moderating roles of knowledge management capabilities. International Journal of Project Management, 36(4), 627–639.

    10 Secrets for Successful Disaster Recovery in the Cloud

    • Buy Link or Shortcode: {j2store}419|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,096 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • The pay-per-use pricing structure of cloud services make it a cheaper DR option, but there are gotchas you need to avoid, ranging from unexpected licensing costs to potential security vulnerabilities.
    • You likely started on the path to cloud DR with consideration of cloud storage for offsite retention of backups. Systems recovery in the cloud can be a real value-add to using cloud as a backup target.
    • Your cloud-based DR environment has to be secure and compliant, but performance also has to be “good enough” to operate the business.
    • Location still matters, and selecting the DR site that optimizes latency tolerance and geo-redundancy can be difficult.

    Our Advice

    Critical Insight

    • Keep your systems dormant until disaster strikes. Prepare as much of your environment as possible without tapping into compute resources. Enjoy the low at-rest costs, and leverage the reliability of the cloud in your failover.
    • Avoid failure on the failback! Bringing up your systems in the cloud is a great temporary solution, but an expensive long-term strategy. Make sure you have a plan to get back on premises.
    • Leverage cloud DR as a start for cloud migration. Cloud DR provides a gateway for broader infrastructure lift and shift to cloud IaaS, but this should only be the first phase of a longer-term roadmap that ends in multi-service hybrid cloud.

    Impact and Result

    • Calculate the cost of your DR solution with a cloud vendor. Test your systems often to build out more accurate budgets and to define failover and failback action plans to increase confidence in your capabilities.
    • Define “good enough” performance by consulting with the business and setting correct expectations for the recovery state.
    • Dig deeper into the various flavors of cloud-based DR beyond backup and restore, including pilot light, warm standby, and multi-site recovery. Each of these has unique benefits and challenges when done in the cloud.

    10 Secrets for Successful Disaster Recovery in the Cloud Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out the 10 secrets for success in cloud-based DR deployment, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    [infographic]

    Right-Size the Service Desk for Small Enterprise

    • Buy Link or Shortcode: {j2store}487|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk

    The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.

    Determining the right level of documentation to provide backup and getting the right level of data for good reporting may seem like a waste of time when the team is small, but this is key to knowing when to invest in more people, upgraded technology, and whether your efforts to improve service are successful.

    Our Advice

    Critical Insight

    It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer centric service desk and a change to the way the technicians think about providing support.

    • Make the best use of the team. Clearly define roles and responsibilities and monitor those wearing multiple hats to make sure they don’t burn out.
    • Build cross training and documentation into your culture to preserve service levels while giving team members time off to recharge.
    • Don’t discount the benefit of good tools. As volume increases, so does the likelihood of issues and requests getting missed. Look for tools that will help to keep a customer focus.

    Impact and Result

    • Improved workload distribution for technicians and enable prioritization based on work type, urgency, and impact.
    • Improved communications methods and messaging will help the technicians to set expectations appropriately and reduce friction between each other and their supported end users.
    • Best practices and use of industry standard tools will reduce administrative overhead while improving workload management.

    Right-Size the Service Desk for Small Enterprise Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Right-Size the Service Desk for Small Enterprise Storyboard – A step-by-step guide to help you identify and prioritize initiatives to become more customer centric.

    This blueprint provides a framework to quickly identify a plan for service desk improvements. It also provides references to build out additional skills and functionality as a continual improvement initiative.

    • Right-Size the Service Desk for Small Enterprise Storyboard

    2. Maturity Assessment – An assessment to determine baseline maturity.

    The maturity assessment will provide a baseline and identify areas of focus based on level of current and target maturity.

    • IT Service Desk Maturity Assessment for Small Enterprise

    3. Standard Operating Procedure – A template to build out a clear, concise SOP right-sized for a small enterprise.

    The SOP provides an excellent guide to quickly inform new team members or contractors of your support approach.

    • Incident Management and Service Desk SOP for Small Enterprise

    4. Categorization Scheme – A template to build out an effective categorization scheme.

    The categorization scheme template provides examples of asset-based categories, resolution codes and status.

    • Service Desk Asset-Based Categories Template

    5. Improvement Plan – A template to present the improvement plan to stakeholders.

    This template provides a starting point for building your communications on planned improvements.

    • Service Desk Improvement Initiative
    [infographic]

    Further reading

    Right-Size the Service Desk for Small Enterprise

    Turn your help desk into a customer-centric service desk.

    Analyst Perspective

    Small enterprises have many of the same issues as large ones, but with far fewer resources. Focus on the most important aspects to improve customer service.

    The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.

    Evaluate documentation to ensure there is always redundancy built in to cover absences. Determining coverage will be an important factor, especially if vendors will be brought into the organization to assist during shortages. They will not have the same level of knowledge as teammates and may have different requirements for documentation.

    It is important to be customer centric, thinking about how services are delivered and communicated with a focus on providing self-serve at the appropriate level for your users and determining what information the business needs for expectation-setting and service level agreements, as well as communications on incidents and changes.

    And finally, don’t discount the value of good reporting. There are many reasons to document issues besides just knowing the volume of workload and may become more important as the organization evolves or grows. Stakeholder reporting, regulatory reporting, trend spotting, and staff increases are all good reasons to ensure minimum documentation standards are defined and in use.

    Photo of Sandi Conrad, Principal Research Director, Info-Tech Research Group. Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Table of Contents

    Title Page Title Page
    Blueprint benefits 6 Incident management 25
    Start / Stop / Continue exercise 10 Prioritization scheme 27
    Complete a maturity assessment 11 Define SLAs 29
    Select an ITSM tool 13 Communications 30
    Define roles & responsibilities 15 Reporting 32
    Queue management 17 What can you do to improve? 33
    Ticket handling best practices 18 Staffing 34
    Customer satisfaction surveys 19 Knowledge base & self-serve 35
    Categorization 20 Customer service 36
    Separate ticket types 22 Ticket analysis 37
    Service requests 23 Problem management 38
    Roadmap 39

    Insight summary

    Help desk to service desk

    It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer-centric service desk and a change to the way the technicians think about providing support.

    Make the best use of the team

    • Clearly define primary roles and responsibilities, and identify when and where escalations should occur.
    • Divide the work in a way that makes the most sense based on intake patterns and categories of incidents or service requests.
    • Recognize who is wearing multiple hats, and monitor to make sure they don’t burn out or struggle to keep up.
    • Determine the most appropriate areas to outsource based on work type and skills required.

    Build cross-training into your culture

    • Primary role holders need time off and need to know the day-to-day work won’t be waiting for them when they come back.
    • The knowledge base is your first line of defense to make sure incidents don’t have to wait for resolution and to avoid having technicians remote in on their day off.
    • When volumes spike for incidents and service requests, everyone needs to be prepared to pitch in. Train the team to recognize and step up to the call to action.

    Don’t discount the benefit of good tools

    • When volume increases, so does the likelihood of missing issues and requests.
    • Designate a single solution to manage the workload, so there is one place to go for work orders, incident reporting, asset data, and more.
    • Set up self-serve for users so they have access to how-to articles and can check the status of tickets themselves.
    • Create a service catalog to make it easy for them to request the most frequent items easily.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Standard Operating Procedures

    Sample of the Standard Operating Procedures deliverable.

    Maturity Assessment

    Sample of the Maturity Assessment deliverable.

    Categorization scheme

    Sample of the Categorization scheme deliverable.

    Improvement Initiative

    Sample of the Improvement Initiative deliverable.
    Create a standard operating procedure to ensure the support team has a consistent understanding of how they need to engage with the business.

    Blueprint benefits

    IT benefits

    • Improve workload distribution for technicians and enable prioritization based on work type, urgency, and impact.
    • Improved communications methods and messaging will help the technicians set expectations appropriately and reduce friction between each other and their supported end users.
    • Best practices and use of industry-standard tools will reduce administrative overhead while improving workload management.

    Business benefits

    • IT taking a customer-centric approach will improve access to support and reduce interruptions to the way they do business.
    • Expectation setting and improved communications will allow the business to better plan their work around new requests and will have a better understanding of service level agreements.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of three to four months.

    The current state discussion will determine the path.

    What does a typical GI on this topic look like?

    Current State & Vision

    Best Practices

    Service Requests & Incidents

    Communications

    Next Steps & Roadmap

    Call #1: Discuss current state & create a vision

    Call #2: Document roles & responsibilities

    Call #3:Review and define best practices for ticket handling Call #4: Review categorization

    Call #5: Discuss service requests & self-serve

    Call #6: Assess incident management processes
    Call #7: Assess and document reporting and metrics

    Call #8: Discuss communications methods

    Call #9: Review next steps

    Call #10: Build roadmap for updates

    For a workshop on this topic, see the blueprint Standardize the Service Desk

    Executive Brief Case Study

    Southwest CARE Center
    Logo for Southwest Care.
    INDUSTRY
    Healthcare

    Service Desk Project

    After relying on a managed service provider (MSP) for a number of years, the business hired Kevin to repatriate IT. As part of that mandate, his first strategic initiative was to build a service desk. SCC engaged Info-Tech Research Group to select and build a structure; assign roles and responsibilities; implement incident management, request fulfilment, and knowledge management processes; and integrate a recently purchased ITSM tool.

    Over the course of a four-day onsite engagement, SCC’s IT team worked with two Info-Tech analysts to create and document workflows, establish ticket handling guidelines, and review their technological requirements.

    Results

    The team developed a service desk standard operating procedure and an implementation roadmap with clear service level agreements.

    Southwest CARE Center (SCC) is a leading specialty healthcare provider in New Mexico. They offer a variety of high-quality services with a focus on compassionate, patient-centered healthcare.

    “Info-Tech helped me to successfully rebrand from an MSP help desk to an IT service desk. Sandi and Michel provided me with a customized service desk framework and SOP that quickly built trust within the organization. By not having to tweak and recalibrate my service desk processes through trial and error, I was able to save a year’s worth of work, resulting in cost savings of $30,000 to $40,000.” (Kevin Vigil, Director of Information Technology, Southwest CARE Center)

    The service desk is the cornerstone for customer satisfaction

    Bar charts comparing 'Dissatisfied' vs 'Satisfied End Users' in both 'Service Desk Effectiveness' and 'Timeliness'.
    N=63, small enterprise organizations from the End-User Satisfaction Diagnostic, at December 2021
    Dissatisfied was classified as those organizations with an average score less than 7.
    Satisfied was classified as those organizations with an average score greater or equal to 8.
    • End users who were satisfied with service desk effectiveness rated all other IT processes 36% higher than dissatisfied end users.
    • End users who were satisfied with service desk timeliness rated all other IT processes 34% higher than dissatisfied end-users.

    Improve the service desk with a Start, Stop, Continue assessment

    Use this exercise as an opportunity to discuss what’s working and what isn’t with your current help desk. Use this to define your goals for the improvement project, with a plan to return to the results and rerun the exercise on a regular basis.

    STOP

    • What service desk processes are counterproductive?
    • What service blockers exist that consistently undermine good results?
    • Are end-user relationships with individual team members negatively impacting satisfaction?
    • Make notes on initial ideas for improvement.

    START

    • What service process improvements could be implemented immediately?
    • What technical qualifications do individual staff members need to improve?
    • What opportunities exist to improve service desk communications with end users?
    • How can escalation and triage be more efficient?

    CONTINUE

    • What aspects of your current service desk are positive?
    • What processes are efficient and can be emulated elsewhere?
    • Where can you identify high levels of end-user satisfaction?

    Complete a maturity assessment to create a baseline and areas of focus

    The Service Desk Maturity Assessment tool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

    The tool will help guide improvement efforts and measure your progress.

    • The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
    • The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
    • Document the results of the efficiency assessment in the Service Desk Improvement Initiative.
    • The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.
    Sample of the Service Desk Maturity Assessment.

    Define your vision for the support structure

    Use this vision for communicating with the business and your IT team

    Consider service improvements and how those changes can be perceived by the organization. For example, offering multiple platforms, such as adding Macs to end-user devices, could translate to “Providing the right IT solutions for the way our employees want to work.”

    To support new platforms, you might need to look at the following steps to get there:
    • Evaluate skills needed – can you upskill generalists quickly, or will specialists be required? Determine training needs for support staff on new platforms.
    • Estimate uptake of the new platform and adjusting budgets – will these mostly be role-based decisions?
    • Determine what applications will work on the new platform and which will have a parity offering, which will require a solution like Parallels or VirtualBox, and which might need substitute applications.
    • What utilities will be needed to secure your solutions such as for encryption, antivirus, and firewalls?
    • What changes in the way you deploy and patch machines?
    • What level of support do you need to provide – just platform, or applications as well? What self-serve training can be made available?
    If you need to change the way you deploy equipment, you may want to review the blueprint Simplify Remote Deployment With Zero-Touch Provisioning

    Info-Tech Insight

    Identify some high-level opportunities and plan out how these changes will impact the way you provide support today. Document steps you’ll need to follow to make it happen. This may include new offerings and product sourcing, training, and research.

    Facilitate service desk operations with an ITSM tool

    You don’t need to spend a fortune. Many solutions are free or low-cost for a small number of users, and you don’t necessarily have to give up functionality to save money.

    Encourage users to submit requests through email or self-serve to keep organized. Ensure that reporting will provide you with the basics without effort, but ensure report creation is easy enough if you need to add more.

    Consider tools that do more than just store tickets. ITSM tools for small enterprises can also assist with:
    • Equipment and software license management
    • Self-serve for password reset and improving the experience for end users to submit tickets
    • Software deployment
    • Onboarding and offboarding workflows
    • Integration with monitoring tools
    Info-Tech Insight Buying rather than building allows you the greatest flexibility and can provide enterprise-level functionality at small-enterprise pricing. Use Info-Tech’s IT Service Management Selection Guide to create a business case and list of requirements for your ITSM purchase.
    Logo for Spiceworks.
    Logo for ZenDesk. Logo for SysAid.
    Logo for ManageEngine.
    Logo for Vector Networks.
    Logo for Freshworks.
    Logo for Squadcast.
    Logo for Jira Software.
    Logos contain links

    ITSM implementations are the perfect time to fix processes

    Consider engaging a partner for the installation and setup as they will have the expertise to troubleshoot and get you to value quickly.

    Even with a partner, don’t rely on them to set up categories, prioritizations, and workflows. If you have unique requirements, you will need to bring your design work to the table to avoid getting a “standard install” that will need to be modified later.

    When we look at what makes a strong and happy product launch, it boils down to a few key elements:
    • Improving customer service, or at least avoiding a decline
    • Improving access to information for technical team and end users
    • Successfully taking advantage of workflows, templates, and other features designed to improve the technician and user experience
    • Using existing processes with the new tools, without having to completely reengineer how things are done
    For a complete installation guide, visit the blueprint Build an ITSM Implementation Plan
    To prepare for a quick time to value in setting up the new ITSM tool, prioritize in this order:
    1. Categorization and status codes
    2. Prioritization
    3. Divide tickets into incidents and service requests
    4. Create workflows for onboarding and offboarding (automate where you can)
    5. Track escalations to vendors
    6. Reporting
    7. Self-serve
    8. Equipment inventory (leading to hardware asset management)

    Define roles looking to balance between customer service and getting things done

    The team will need to provide backfill for each other with high volume, vacations, and leave, but also need to proactively manage interruptions appropriately as they work on projects.
    Icon of a bullseye. First contact – customer service, general knowledge
    Answers phones, chats, responds to email, troubleshooting, creates knowledge articles for end users.
    Icon of a pie chart. Analyst – experienced troubleshooter, general knowledge
    Answers phone when FC isn’t available, responds to email, troubleshooting, creates knowledge articles for first contact, escalates to other technicians or vendors.
    Icon of a lightbulb. Analyst – experienced troubleshooter, specialist
    Answers phones only when necessary, troubleshooting, creates knowledge articles for anyone in IT, consults with peers, escalates to vendors.
    Icon of gear on a folder. Engineer – deep expertise, specialist
    Answers phones only when necessary, troubleshooting, creates knowledge articles for anyone in IT, consults with peers, escalates to vendors.
    Icon of a handshake. Vendor, Managed Service Providers
    Escalation point per contract terms, must meet SLAs, communicate regularly with analysts and management as appropriate. Who escalates and who manages them?
    Row of colorful people.

    Note roles in the Incident Management and Service Desk – Standard Operating Procedure Template

    Keep customers happy and technicians calm by properly managing your queue

    If ticket volume is too high or too dispersed to effectively have teams self-select tickets, assign a queue manager to review tickets throughout the day to ensure they’re assigned and on the technician’s schedule. This is particularly important for technicians who don’t regularly work out of the ticketing system. Follow up on approaching or missed SLAs.

    • Separate incidents (break fix) and service requests: Prioritize incidents over service requests to focus on getting users doing business as soon as possible. Schedule service requests for slower times or assign to technicians who are not working the front lines.
    • First in/first out…mostly: We typically look to prioritize incidents over service requests and only prioritize incidents if there are multiple people or VIPs affected. Where everything is equal, deal with the oldest first. Pause occasionally to deal with quick wins such as password resets.
    • Update ticket status and notes: Knowing what tickets are in progress and which ones are waiting on information or parts is important for anyone looking to pick up the next ticket. Make sure everyone is aware of the benefits of keeping this information up to date, so technicians know what to work on next without duplicating each other’s work.
    • Implement solutions quickly by using knowledge articles: Continue to build out the knowledge base to be able to resolve end-user issues quickly, check to see if additional information is needed before escalating tickets to other technicians.
    • Encourage end users to create tickets through the portal: Issues called in are automatically moved to the front of the queue, regardless of urgency. Make it easy for users to report issues using the portal and save the phone for urgent issues to allow appropriate prioritization of tickets.
    • Create a process to add additional resources on a regular basis to keep control of the backlog: A few extra hours once a week may be enough if the team is focused without interruptions.
    • Determine what backlog is acceptable to your users: Set that as a maximum time to resolve. Ideally, set up automated escalations for tickets that are approaching target SLAs, and build flexibility into schedules to have an “all hands on deck” option if the volume gets too high.

    Info-Tech Insight

    Make sure your queue manager has an accurate escalation list and has the authority to assign tickets and engage with the technical team to manage SLAs; otherwise, SLAs will never be consistently managed.

    Best practices for ticket handling

    Accurate data leads to good decisions. If working toward adding staff members, reducing recurring incidents, gaining access to better tools, or demonstrating value to the business, tickets will enable reporting and dashboards to manage your day-to-day business and provide reports to stakeholders.
    • Provide an easy way for end users to electronically submit tickets and encourage them to do so. This doesn’t mean you shouldn’t still accept phone calls, but that should be encouraged for time sensitive issues.
    • Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
    • Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along to the next technician.
    • Update user of ETA if issue cannot be resolved quickly.
    • Update categories to reflect the actual issue and resolution.
    • Reference or link to the knowledge base article as the documented steps taken to resolve the incident.
    • Validate incident is resolved with client. Automate this process with ticket closure after a certain time.
    • Close or resolve the ticket on time.
    Ticket templates (or quick tickets) for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
    Sample ticket template.

    Create a right-sized self-service portal

    Review tickets and talk to the team to find out the most frequent requests and the most frequent incidents that could be solved by the end user if there were clear instructions. Check with your user community to see what they would like to see in the portal.

    A portal is only as attractive as it is useful. Enabling ticket creation and review is the bare minimum and may not entice users to the portal if email is just as easy to use for ticket creation.

    Consider opening the portal to groups other than IT. HR, finance, and others may have information they want to share or forms to fill in or download where an employee portal rather than an IT portal could be helpful. Work with other departments to see if they would find value. Make sure your solution is easy to use when adding content. Low-code options are useful for this.

    Portals could be built in the ITSM solution or SharePoint/Teams and should include:

    • Easy ways to create and see status on all tickets
    • Manuals, how-to articles, links to training
    • Answers to common questions, could be a wiki or Q&A for users to help each other as well as IT
    • Could have a chatbot to help people find documents or to create a ticket

    Info-Tech Insight

    Consider using video capture software to create short how-to videos for common questions. Vendors such as TechSmith Snagit , Vimeo Screen Recorder, Screencast-O-Matic Video Recording, and Movavi Screen Recording may be quick and easy to learn.

    49%

    49% of employees have trouble finding information at work

    35%

    Employees can cut time spent looking for information by 35% with quality intranet

    (Source: Liferay)

    Use customer satisfaction surveys to monitor service levels

    Transactional surveys are tied to specific interactions and provide a means of communication to help users communicate satisfaction or dissatisfaction with single interactions.
    • Keep it simple: One question to rate the service with opportunity to add a comment is enough to understand the sentiment and potential issues, and it will be more likely that the user will fill it out.
    • Follow up: Feedback will only be provided if customers think it’s being read and actioned. Set an alert to receive notification of any negative feedback and follow up within one or two business days to show you’re listening.

    A simple customer feedback form with smiley face scale.

    Relationship surveys can be run annually to obtain feedback on the overall customer experience.

    Inform yourself of how well you are doing or where you need improvement in the broad services provided.

    Provide a high-level perspective on the relationship between the business and IT.

    Help with strategic improvement decisions.

    Should be sent over a duration of time and to the entire customer base after they’ve had time to experience all the services provided by the service desk. This can be done on an annual basis.

    For example: Info-Tech’s End User Satisfaction Diagnostic. Included in your membership.

    Keep categorizations simple

    Asset categorization provides reports that are straightforward and useful for IT and that are typically used where the business isn’t demanding complex reports.

    Too many options can cause confusion; too few options provide little value. Try to avoid using “miscellaneous” – it’s not useful information. Test your tickets against your new scheme to make sure it works for you. Effective classification schemes are concise, easy to use correctly, and easy to maintain.

    Build out the categories with these questions:
    • What kind of asset am I working on? (type)
    • What general asset group am I working on? (category)
    • What particular asset am I working on? (sub-category)

    Create resolution codes to further modify the data for deeper reporting. This is typically a separate field, as you could use the same code for many categories. Keep it simple, but make sure it’s descriptive enough to understand the type of work happening in IT.

    Create and define simple status fields to quickly review tickets and know what needs to be actioned. Don’t stop the clock for any status changes unless you’re waiting on users. The elapsed time is important to measure from a customer satisfaction perspective.

    Info-Tech Insight

    Think about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value.

    Example table of categorizations.


    Need to make quick progress? Use Info-Tech Research Group’s Service Desk Asset-Based Categories template.

    1.1 Build or review your categories

    1-3 hours

    Input: Existing tickets

    Output: Categorization scheme

    Materials: Whiteboard/Flip charts, Markers, Sample categorization scheme

    Participants: CIO, Service desk manager, Technicians

    Discuss:

    • How can you use categories and resolution information to enhance reporting?
    • What level of detail do you need to be able to understand the data and take action? What level of detail is too much?
    • Are current status fields allowing you to accurately assess pending work at a glance?

    Draft:

    1. Start with existing categories and review, identifying duplicates and areas of inconsistency.
    2. Write out proposed resolution codes and status fields and critically assess their value.
    3. Test categories and resolution codes against a few recent tickets.
    4. Record the ticket categorization scheme in the Incident Management and Service Desk – Standard Operating Procedure.

    Download the Incident Management and Service Desk – Standard Operating Procedure Template

    Separate tickets into service requests and incidents

    Tickets should be separated into different ticket types to be able to see briefly what needs to be prioritized. This may seem like a non-issue if you have a small team, but if you ever need to report how quickly you’re solving break-fix issues or whether you’re doing root cause analysis, this will save on future efforts. Separating ticket types may make it easier to route tickets automatically or to a new provider in the future.

    INCIDENTS

    SERVICE REQUESTS

    Icon of a bullseye.

    PRIORITIZATION

    Incidents will be prioritized based on urgency and impact to the organization. Service requests will be scheduled and only increase in prioritization if there is an issue with the request process (e.g. new hire start).
    Icon of a handshake.

    SLAs

    Did incidents get resolved according to prioritization rules? REPONSE & RESOLUTION Did service requests get completed on time? SCHEDULING & FULFILMENT
    Icon of a lightbulb.

    TRIAGE & ROOT CAUSE ANALYSIS

    Incidents will typically need triage at the service desk unless something is set up to go directly to a specialist. Service requests don’t need triage and can be routed automatically for approvals and fulfillment.

    “For me, the first key question is, is this keeping you from doing business? Is this a service request? Is it actually something that's broken? Well, okay. Now let's have the conversation about what's broken and keeping you from doing business.” (Anonymous CIO)

    Determine how service requests will be fulfilled

    Process steps for service requests: 'Request, Approve, Schedule, Fulfill, Notify requester, Close ticket'.

    • Identify standard requests, meaning any product approved for use and deployment in the organization.
    • Determine whether this should be published and how. Consider a service catalog with the ability to create tickets right from the request page. If there is an opportunity to automate fulfillment, build that into your workflow and project plans.
    • Create workflows for complicated requests such as onboarding, and build them into a template in the service desk tool. This will allow you to reduce the administrative work to deploy tasks.
    • Who will fulfill requests? There may be a need for more than one technician to be able to fulfill if volume dictates, but it’s important to determine what will be done by each level to quickly assign those tickets for scheduling. Define what will be done by each group of technicians.
    • Determine reasonable SLAs for most service requests. Identify which ones will not meet “normal” SLAs. As you build out a service catalog or automate fulfillment, SLAs can be refined.

    Info-Tech Insight

    Service requests are not as urgent as incidents and should be scheduled.

    Set the SLA based on time to fulfill, plus a buffer to schedule around more urgent service requests.

    1.2 Identify service requests and routing needs

    2-3 hours

    Input: Ticket data, Existing workflow diagrams

    Output: Workflow diagrams

    Materials: Whiteboard/Flip charts, Markers, Visio

    Participants: CIO, Service desk manager, Technicians

    Identify:

    1. Create your list of typical service requests and identify the best person to fulfill, based on complexity, documentation, specialty, access rights.
    2. Review service requests which include multiple people or departments, such as onboarding and offboarding
    3. Draw existing processes.
    4. Discuss challenges and critique existing process.
    5. Document proposed changes and steps that will need to be taken to improve the process.

    Download the Incident Management and Service Desk – Standard Operating Procedure Template

    Incident management

    Critical incidents and normal incidents

    Even with a small team, it’s important to define a priority for response and resolution time for SLA and uptime reporting and extracting insights for continual improvement efforts.

    • Mission-critical systems or problems that affect many people should always come first (i.e. Severity Level 1).
    • The bulk of reported problems, however, are often individual problems with desktop PCs (i.e. Severity Level 3 or 4).
    • Some questions to consider when deciding on problem severity include:
      • How is productivity affected?
      • How many users are affected?
      • How many systems are affected?
      • How critical are the affected systems to the organization?
    • Decide how many severity levels the organization needs the service desk to have. Four levels of severity is ideal for most organizations.
    Go to incident management for SE

    Super-specialization of knowledge is also a common factor in smaller teams and is caused by complex architectures. While helpful, if that knowledge isn’t documented, it can walk out the door with the resource and the rest of the team is left scrambling.

    Lessons learned may be gathered for critical incidents but often are not propagated, which impacts the ability to solve recurring incidents.

    Over time, repeated incidents can have a negative impact on the customer’s perception that the service desk is a credible and essential service to the business.

    Cover image for 'Incident Management for Small Enterprise'.
    Click picture for a link to the blueprint

    1.3 Activity: Identify critical systems

    1 hour

    Input: Ticket data, Business continuity plan

    Output: Service desk SOP

    Materials: Whiteboard/Flip charts, Markers

    Participants: CIO, Service desk manager, Technicians

    Discuss and document:

    1. Create a list of the most critical systems, and identify and document the escalation path.
    2. Review inventory of support documents for critical systems and identify any that require runbooks to ensure quick resolution in the event of an outage or major performance issue. Refer to the blueprint Incident Management for Small Enterprise to prioritize and document runbooks as needed.
    3. Review vendor agreements to determine if SLAs are appropriate to support needs. If there is a need for adjustments, determine options for modifying or renegotiating SLAs.

    Download the Incident Runbook Prioritization Tool

    Prioritization scheme

    Keep the priority scheme simple and meaningful, using this framework to communicate and report to stakeholders and set SLAs for response and resolution.
    1. Focus primarily on incidents. Service requests should always be medium urgency, unless there is a valid reason to move one to high level.
    2. Separate major outages from all other tickets as these are a major factor in business impact.
    3. Decide how many levels of severity are appropriate for your organization.
    4. Build a prioritization matrix, breaking down priority levels by impact and urgency.
    5. Build out the definitions of “impact” and “urgency” to complete the prioritization matrix.
    6. Run through examples of each priority level to make sure everyone is on the same page.
    A matrix of prioritization with rows as levels of 'IMPACT' and columns as levels of 'URGENCY'. Ratings range from 'Critical' at 'Extensive/Critical' to 'Low' at 'Low Impact/Low'.

    Document escalation rules and contacts

    Depending on the size of the team, escalations may be mostly to internal technical colleagues or could be primarily to vendors.

    • Ensure the list of escalation rules and contacts is accurate and available, adding expected SLAs for quick reference
    • If tickets are being escalated but shouldn’t be, ensure knowledge articles and training materials are up to date
    • Follow up on all external escalations, ensuring SLAs are respected
    • Publish an escalation path for clients if service is not meeting their needs (for internal and external providers) and automate escalations for tickets breaching SLAs
    Escalation rules strung together.
    User doesn’t know who will fix the issue but expects to see it done in a reasonable time. If issue cannot be resolved right away, set expectations for resolution time.
    • Document information so next technician doesn’t need to ask the same questions.
    • Escalate to the right technician the first time.
    • Check notes to catch up on the issue.
    • Run tests if necessary.
    • Contact user to troubleshoot and fix.
    • Meet SLAs or update client on new ETA.
    • Provide complete information to vendor.
    • Monitor resolution.
    • Follow up with vendor if delays.
    • Update client as needed.
    • Vendor will provide support according to agreement.
    • Encourage vendor to provide regular updates to IT.
    • Review vendor performance regularly.
    • IT will validate issue is resolved and close ticket.
    Validate user is happy with the experience

    Define, measure, and report on service level agreements

    Improving communications is the most effective way to improve customer service
    1. Set goals for time to respond and time to resolve for different incident levels, communicate to the technical team, and test ability to meet these goals.
    2. Set goals for time to fulfil for most service requests, document exceptions (e.g. onboarding).
    3. Create reports to measure against goals and determine what information will be most effective for reporting to the business.
    4. Management: Communicate expectations to the business leaders and end users.
    5. Management: Set regular cadence to meet with stakeholders to discuss expectations and review relevant metrics.
    6. Management: Determine how metrics will be tracked and reviewed to manage technical partners.
    Keep messaging simple
    • Be prepared with detailed reporting if needed, but focus on a few key metrics to inform stakeholders of progress against goals.
    • Use trending to tell a story, especially when presenting success stories.
    • Use appropriate media for each type of message. For example: SLAs can be listed on automated ticket responses or in a banner on the portal.

    Determine what communications are most important and who will do them

    Icon of a bperson ascending a staircase.

    PROACTIVE, PLANNED CHANGES

    From: Service Desk

    Messaging provided by engineer or director, sent to all employees; proactive planning with business unit leaders.

    Icon of a bullseye.

    OUTAGES & UPDATES

    From: Service Desk

    Use templates to send out concise messaging and updates hourly, with input from technical team working on restoring services to all; director to liaise with business stakeholders.

    Icon of a lightbulb.

    UPDATES TO SERVICES, SELF-SERVE

    From: Director

    Send announcements no more than monthly about new services and processes.

    Icon of a handshake.

    REGULAR STAKEHOLDER COMMUNICATIONS

    From: Director

    Monthly reporting to business and IT stakeholders on strategic and project goals, manage escalations.

    1.4 Create communications plan

    2 hours

    Input: Sample past communications

    Output: Communications templates

    Materials: Whiteboard/flip charts, Markers

    Participants: CIO, Service desk manager, Technicians

    Determine where templates are needed to ensure quick and consistent communications. Review sample templates and modify to suit your needs:

    1. Proactive, planned changes
    2. Outages and updates
    3. Updates to services, self-serve
    4. Regular stakeholder communications

    Download the communications templates

    Create reports that are useful and actionable

    Reporting serves two purposes:

    1. Accountability to stakeholders
    2. Identification of items that need action

    To determine what reports are needed, ask yourself:

    • What are your goals?
    • What story are you trying to tell?
    • What do you need to manage day to day?
    • What do you need to report to get funding?
    • What do you need to report to your stakeholders for service updates?

    Determine which metrics will be most useful to suit your strategic and operational goals

    STRATEGIC GOAL (stakeholders): Improve customer service evidenced by:

    TIME

    • Aged backlog
    • Service requests solved within SLA (could also look for quick ones, e.g. tickets solved in one day, % solved within one hour)
    • Volume of incidents and time to solve each type
    • Critical incidents solved in 4 hours
    • Incidents solved same day

    QUALITY

    • Percentage of tickets solved at first contact
    • SLAs missed
    • Percentage of services available to request through catalog
    • Percentage of tickets created through portal (speaks to quality of experience)
    • Customer satisfaction survey results – transactional and annual

    RESOURCES

    • Knowledge articles used by technicians
    • Knowledge articles used by end users
    • Tickets resolved at each technician level (volume)
    • Non-standard requests evaluated and fulfilled by volume & time served
    • Volume of recurring incidents
    OPERATIONAL GOALS: Report to director & technicians

    What else can you do to improve service?

    Review the next few pages to see if you need additional blueprints to help you:
    • Evaluate staffing and training needs to ensure the right number of resources are available and they have the skills they need for your environment.
    • Create self-service for end users to get quick answers and create tickets.
    • Create a knowledge base to ensure backup for technical expertise.
    • Develop customer service skills through training.
    • Perform ticket analysis to better understand your technical environment.

    Be agile in your approach to service

    It’s easy for small teams to get overwhelmed when covering for vacations, illness, or leave. Determine where priorities may be adjusted during busy or short-staffed times.

    • Have a plan to cross-train technicians and create comprehensive knowledge articles for coverage during vacations and unexpected absences.
    • Know where it makes sense to bring in vendors, such as for managed print services, or to cover for extended absences.
    • Look for opportunities to automate functions or reduce administrative overhead through workflows.
    • Identify any risks and determine how to mitigate, such as managing or changing administrative passwords.
    • Create self-serve to enable ticket creation and self-solve for those users who wish to use it.

    Staff the service desk to meet demand

    • With increasing complexity of support and demand on service desks, staff are often left feeling overwhelmed and struggling to keep up with ticket volume, resulting in long resolution times and frustrated end users.
    • However, it’s not as simple as hiring more staff to keep up with ticket volume. IT managers must have the data to support their case for increasing resources or even maintaining their current resources in an environment where many executives are looking to reduce headcount.
    • Without changing resources to match demand, IT managers will need to determine how to maximize the use of their resources to deliver better service.

    Cover image for 'Staff the Service Desk to Meet Demand'.
    Click picture for a link to the blueprint

    Create and manage a knowledge base

    With a small team, it may seem redundant to create a knowledge base, but without key system and process workflows and runbooks, an organization is still at risk of bottlenecks and knowledge failure.

    • Use a knowledge base to document pre-escalation troubleshooting steps, known errors and workarounds, and runbook solutions.
    • Where incidents may have many root causes, document which are the most frequent solutions and where variations are typically used.
    • Start with an inventory of personal documents, compare and consolidate into the knowledge base, and ensure they are accurate and up to date.
    • Assign someone to review articles on a regular basis and flag for editing and archiving as the technical environment changes.
    • Supplement with vendor-provided or purchased content. Two options for purchased content include RightAnswers or Netformx.

    Info-Tech Insight

    Appeal to a broad audience. Use non-technical language whenever possible to help less technical readers. Identify error messages and use screenshots where it makes sense. Take advantage of social features like voting buttons to increase use.

    Optimize the service desk with a shift-left strategy

    • “Shift left” is a strategy which moves appropriate technical work to users through knowledge articles, automation and service catalogs, freeing up time for technicians to work on more complex issues.
    • Many organizations have built a great knowledge base but fail to see the value of it over time as it becomes overburdened with overlapping and out-of-date information. Knowledge capture, updating, and review must be embedded into your processes if you want to keep the knowledge base useful.
    • Similarly, the self-service portal is often deployed out of the box with little input from end users and fails to deliver its intended benefits. The portal needs to be designed from the end user’s point of view with the goal of self-resolution if it will serve its purpose of deflecting tickets.

    Cover image for 'Optimize the Service Desk With a Shift-Left Strategy'.
    Click picture for a link to the blueprint

    Customer service isn’t just about friendliness

    Your team will all need to deal with end users at some point, and that may occur in times of high stress. Ensure the team has the skills they need to actively listen, stay positive, and de-escalate.

    Info-Tech’s customer service program is a modular approach to improve skills one area at a time. Delivering good customer service means being effective in these areas:
    • Customer focus – Focus on the customer and use a positive, caring, and helpful attitude.
    • Listening and verbal communication skills – Demonstrate empathy and patience, actively listen, and speak in user-friendly ways to help get your point across.
    • Written communication skills – Use appropriate tone, language, and terms in writing (whether via chat, email, or other).
    • Manage difficult situations – Remain calm and in control when dealing with difficult customers and situations.
    • Go the extra mile – Go beyond simply resolving the request to make each interaction positive and memorable.

    Deliver a customer service training program to your IT department

    • There’s a common misconception that customer service skills can’t be taught, so no effort is made to improve those skills.
    • Even when there is a desire to improve customer service, it’s hard for IT teams to make time for training and improvement when they’re too busy trying to keep up with tickets.
    • A talented service desk agent with both great technical and customer service skills doesn’t have to be a rare unicorn, and an agent without innate customer service skills isn’t a lost cause. Relevant and impactful customer service habits, techniques, and skills can be taught through practical, role-based training.
    • IT leaders can make time for this training through targeted, short modules along with continual on-the-job coaching and development.

    Cover image for 'Deliver Customer Service Training Program to Your IT Department'.
    Click picture for a link to the blueprint

    Improve your ticket analysis

    Once you’ve got great data coming into the ticketing system, it’s important to rethink your metrics and determine if there are more insights to be found.

    Analyzing ticket data involves:
    • Collecting ticket data and keeping it clean. Based on the metrics you’re analyzing, define ticket expectations and keep the data up to date.
    • Showing the value of the service desk. SLAs are meaningless if they are not met consistently. The prerequisite to implementing proper SLAs is fully understanding the proper workload of the service desk.
    • Understanding – and improving – the user experience. You cannot improve the user experience without meaningful metrics that allow you to understand the user experience. Different user groups will have different needs and different expectations of the level of service. Your metrics should reflect those needs and expectations.

    Analyze your service desk ticket data

    Properly analyzing ticket data is challenging for the following reasons:
    • Poor ticket hygiene and unclear ticket handling
    • Service desk personnel are not sure where to start with analysis
    • Too many metrics are tracked to parse actionable data from the noise
    Ticket data won’t give you a silver bullet, but it can help point you in the right direction.

    Cover image for 'Analyze Your Service Desk Ticket Data'.
    Click picture for a link to the blueprint

    Start doing problem management

    Proactively focusing on root cause analysis will reduce the most disruptive incidents to the organization.

    • A focus on elimination of critical incidents and the more disruptive recurring incidents will reduce future workloads for the team and improve customer satisfaction.
    • This can be challenging when the team is already struggling with workload; however, setting a regular cadence to review tickets, looking for trends, and identifying at least one focus area a month can be a positive outcome for everyone.
    • Focus on the most impactful ticket or service first. The initial goal should be to reduce or eliminate critical and high-impact incidents. Once the high-stress situations are reduced, proactively scheduling the smaller but still time-consuming repeatable incidents can be done.
    • Where you have vendors involved, work with them to determine when root cause analysis must happen and where they’ll need to coordinate with your team or other supporting vendors.

    Problem management

    Problem management can be challenging because it requires skills and knowledge to go deep into a problem and troubleshoot the root cause of an issue, but it also requires uninterrupted time.
    • Problem management, however, can be taught, and the issue isn’t always hard to spot if you have time to look.
    • Using tried and true methods for walking through an issue step by step will enable the team to improve their investigative and troubleshooting skills.
    • Reduction of one or two major incidents and recurring incidents per month will pay off quickly in reducing reactive ticket volume and improve customer satisfaction.

    Cover image for 'Problem Management'.
    Click picture for a link to the blueprint

    Create your roadmap with high-level requirements

    Determine what tasks and projects need to be completed to meet your improvement goals. Create a high-level project plan and balance with existing resources.

    Roadmap of high-level requirements with 'Goals' as row headers and their timelines mapped out across fiscal quarters.

    Bibliography

    Taylor, Sharon and Ivor Macfarlane. ITIL Small Scale Implementation. Office of Government Commerce, 2005.

    “Share, Collaborate, and Communicate on One Consistent Platform.” Liferay, n.d. Accessed 19 July 2022.

    Rodela, Jimmy. “A Beginner’s Guide to Customer Self-Service.” The Ascent, 18 May 2022. Web.

    Implement and Optimize Application Integration Governance

    • Buy Link or Shortcode: {j2store}361|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Enterprises begin integrating their applications without recognizing the need for a managed and documented governance model.
    • Application Integration (AI) is an inherently complex concept, involving the communication among multiple applications, groups, and even organizations; thus developing a governance model can be overwhelming.
    • The options for AI Governance are numerous and will vary depending on the size, type, and maturity of the organization, adding yet another layer of complexity.

    Our Advice

    Critical Insight

    • Governance is essential with integrated applications. If you are planning to integrate your applications, you should already be considering a governance model.
    • Proper governance requires oversight into chains of responsibility, policy, control mechanisms, measurement, and communication.
    • People and process are key. Technology options to aid in governance of integrated apps exist, but will not greatly contribute to the success of AI.

    Impact and Result

    • Assess your capabilities and determine which area of governance requires the most attention to achieve success in AI.
    • Form an Integration Center of Competency to oversee AI governance to ensure compliance and increase success.
    • Conduct ongoing training with your personnel to ensure up-to-date skills and end user understanding.
    • Frequently revisit your AI governance strategy to ensure alignment with business goals.

    Implement and Optimize Application Integration Governance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Implement and optimize Application Integration Governance

    Know where to start and where to focus your attention in the implementation of an AI governance strategy.

    • Storyboard: Implement and Optimize Application Integration Governance

    2. Assess the organization's capabilities in AI Governance

    Assess your current and target states in AI Governance.

    • Application Integration Governance Gap Analysis Tool

    3. Create an Integration Center of Competency

    Have a governing body to oversee AI Governance.

    • Integration Center of Competency Charter Template

    4. Establish AI Governance principles and guidelines

    Create a basis for the organization’s AI governance model.

    • Application Integration Policy and Principles Template

    5. Create an AI service catalog

    Keep record of services and interfaces to reduce waste.

    • Integration Service Catalog Template
    [infographic]

    Improve Requirements Gathering

    • Buy Link or Shortcode: {j2store}523|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $153,578 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Requirements & Design
    • Parent Category Link: /requirements-and-design
    • Poor requirements are the number one reason that projects fail. Requirements gathering and management has been an ongoing issue for IT professionals for decades.
    • If proper due diligence for requirements gathering is not conducted, then the applications that IT is deploying won’t meet business objectives and will fail to deliver adequate business value.
    • Inaccurate requirements definition can lead to significant amounts of project rework and hurt the organization’s financial performance. It will also create significant damage to the working relationship between IT and the business.
    • Often, business analysts haven’t developed the right competencies to successfully execute requirements gathering processes, even when they are in place.

    Our Advice

    Critical Insight

    • To avoid makeshift solutions, an organization needs to gather requirements with the desired future state in mind.
    • Creating a unified set of standard operating procedures is essential for effectively gathering requirements, but many organizations fail to do it.
    • Centralizing governance of requirements processes with a requirements gathering steering committee or requirements gathering center of excellence can bring greater uniformity and cohesion when gathering requirements across projects.
    • Business analysts must be targeted for competency development to ensure that the processes developed above are being successfully executed and the right questions are being asked of project sponsors and stakeholders.

    Impact and Result

    • Enhanced requirements analysis will lead to tangible reductions in cycle time and reduced project overhead.
    • An improvement in requirements analysis will strengthen the relationship between business and IT, as more and more applications satisfy stakeholder needs.
    • More importantly, the applications delivered by IT will meet all of the must-have and at least some of the nice-to-have requirements, allowing end users to successfully execute their day-to-day responsibilities.

    Improve Requirements Gathering Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should invest in optimizing your requirements gathering processes.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the target state for the requirements gathering process

    Capture a clear understanding of the target needs for the requirements process.

    • Build a Strong Approach to Business Requirements Gathering – Phase 1: Build the Target State for the Requirements Gathering Process
    • Requirements Gathering SOP and BA Playbook
    • Requirements Gathering Maturity Assessment
    • Project Level Selection Tool
    • Business Requirements Analyst
    • Requirements Gathering Communication Tracking Template

    2. Define the elicitation process

    Develop best practices for conducting and structuring elicitation of business requirements.

    • Build a Strong Approach to Business Requirements Gathering – Phase 2: Define the Elicitation Process
    • Business Requirements Document Template
    • Scrum Documentation Template

    3. Analyze and validate requirements

    Standardize frameworks for analysis and validation of business requirements.

    • Build a Strong Approach to Business Requirements Gathering – Phase 3: Analyze and Validate Requirements
    • Requirements Gathering Documentation Tool
    • Requirements Gathering Testing Checklist

    4. Create a requirements governance action plan

    Formalize change control and governance processes for requirements gathering.

    • Build a Strong Approach to Business Requirements Gathering – Phase 4: Create a Requirements Governance Action Plan
    • Requirements Traceability Matrix
    [infographic]

    Workshop: Improve Requirements Gathering

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Current State and Target State for Requirements Gathering

    The Purpose

    Create a clear understanding of the target needs for the requirements gathering process.

    Key Benefits Achieved

    A comprehensive review of the current state for requirements gathering across people, processes, and technology.

    Identification of major challenges (and opportunity areas) that should be improved via the requirements gathering optimization project.

    Activities

    1.1 Understand current state and document existing requirement process steps.

    1.2 Identify stakeholder, process, outcome, and training challenges.

    1.3 Conduct target state analysis.

    1.4 Establish requirements gathering metrics.

    1.5 Identify project levels 1/2/3/4.

    1.6 Match control points to project levels 1/2/3/4.

    1.7 Conduct project scoping and identify stakeholders.

    Outputs

    Requirements Gathering Maturity Assessment

    Project Level Selection Tool

    Requirements Gathering Documentation Tool

    2 Define the Elicitation Process

    The Purpose

    Create best practices for conducting and structuring elicitation of business requirements.

    Key Benefits Achieved

    A repeatable framework for initial elicitation of requirements.

    Prescribed, project-specific elicitation techniques.

    Activities

    2.1 Understand elicitation techniques and which ones to use.

    2.2 Document and confirm elicitation techniques.

    2.3 Create a requirements gathering elicitation plan for your project.

    2.4 Build the operating model for your project.

    2.5 Define SIPOC-MC for your selected project.

    2.6 Practice using interviews with business stakeholders to build use case models.

    2.7 Practice using table-top testing with business stakeholders to build use case models.

    Outputs

    Project Elicitation Schedule

    Project Operating Model

    Project SIPOC-MC Sub-Processes

    Project Use Cases

    3 Analyze and Validate Requirements

    The Purpose

    Build a standardized framework for analysis and validation of business requirements.

    Key Benefits Achieved

    Policies for requirements categorization, prioritization, and validation.

    Improved project value as a result of better prioritization using the MOSCOW model.

    Activities

    3.1 Categorize gathered requirements for use.

    3.2 Consolidate similar requirements and eliminate redundancies.

    3.3 Practice prioritizing requirements.

    3.4 Build the business process model for the project.

    3.5 Rightsize the requirements documentation template.

    3.6 Present the business requirements document to business stakeholders.

    3.7 Identify testing opportunities.

    Outputs

    Requirements Gathering Documentation Tool

    Requirements Gathering Testing Checklist

    4 Establish Change Control Processes

    The Purpose

    Create formalized change control processes for requirements gathering.

    Key Benefits Achieved

    Reduced interjections and rework – strengthened formal evaluation and control of change requests to project requirements.

    Activities

    4.1 Review existing CR process.

    4.2 Review change control process best practices and optimization opportunities.

    4.3 Build guidelines for escalating changes.

    4.4 Confirm your requirements gathering process for project levels 1/2/3/4.

    Outputs

    Requirements Traceability Matrix

    Requirements Gathering Communication Tracking Template

    5 Establish Ongoing Governance for Requirements Gathering

    The Purpose

    Establish governance structures and ongoing oversight for business requirements gathering.

    Key Benefits Achieved

    Consistent governance and oversight of the requirements gathering process, resulting in fewer “wild west” scenarios.

    Better repeatability for the new requirements gathering process, resulting in less wasted time and effort at the outset of projects.

    Activities

    5.1 Define RACI for the requirements gathering process.

    5.2 Define the requirements gathering steering committee purpose.

    5.3 Define RACI for requirements gathering steering committee.

    5.4 Define the agenda and cadence for the requirements gathering steering committee.

    5.5 Identify and analyze stakeholders for communication plan.

    5.6 Create communication management plan.

    5.7 Build the action plan.

    Outputs

    Requirements Gathering Action Plan

    Further reading

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Analyst Perspective

    A strong process for business requirements gathering is essential for application project success. However, most organizations do not take a strategic approach to optimizing how they conduct business analysis and requirements definition.

    "Robust business requirements are the basis of a successful project. Without requirements that correctly articulate the underlying needs of your business stakeholders, projects will fail to deliver value and involve significant rework. In fact, an Info-Tech study found that of projects that fail over two-thirds fail due to poorly defined business requirements.

    Despite the importance of good business requirements to project success, many organizations struggle to define a consistent and repeatable process for requirements gathering. This results in wasted time and effort from both IT and the business, and generates requirements that are incomplete and of dubious value. Additionally, many business analysts lack the competencies and analytical techniques needed to properly execute the requirements gathering process.

    This research will help you get requirements gathering right by developing a set of standard operating procedures across requirements elicitation, analysis, and validation. It will also help you identify and fine-tune the business analyst competencies necessary to make requirements gathering a success."

    – Ben Dickie, Director, Enterprise Applications, Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • The IT applications director who has accountability for ensuring that requirements gathering procedures are both effective and efficient.
    • The designated business analyst or requirements gathering professional who needs a concrete understanding of how to execute upon requirements gathering SOPs.

    This Research Will Help You:

    • Diagnose your current state and identify (and prioritize) gaps that exist between your target requirements gathering needs and your current capabilities and processes.
    • Build a requirements gathering SOP that prescribes a framework for requirements governance and technology usage, as well as techniques for elicitation, analysis, and validation.

    This Research Will Also Assist:

    • The business partner/stakeholder who is interested in ways to work with IT to improve upon existing procedures for requirements gathering.
    • Systems analysts and developers who need to understand how business requirements are effectively gathered upstream.

    This Research Will Help Them:

    • Understand the significance and importance of business requirements gathering on overall project success and value alignment.
    • Create rules of engagement for assisting IT with the collection of requirements from the right stakeholders in a timely fashion.

    Executive summary

    Situation

    • Strong business requirements are essential to project success – inadequate requirements are the number one reason that projects fail.
    • Organizations need a consistent, repeatable, and prescriptive set of standard operating procedures (SOPs) that dictate how business requirements gathering should be conducted.

    Complication

    • If proper due diligence for requirements gathering is not conducted, then the applications that IT is deploying won’t meet business objectives, and they will fail to deliver adequate business value.
    • Inaccurate requirements definition can lead to significant amounts of project rework and hurt the organization’s financial performance. It will also damage the relationship between IT and the business.

    Resolution

    • To avoid delivering makeshift solutions (paving the cow path), organizations need to gather requirements with the desired future state in mind. Organizations need to keep an open mind when gathering requirements.
    • Creating a unified set of SOPs is essential for effectively gathering requirements; these procedures should cover not just elicitation, analysis, and validation, but also include process governance and documentation.
    • BAs who conduct requirements gathering must demonstrate proven competencies for stakeholder management, analytical techniques, and the ability to speak the language of both the business and IT.
    • An improvement in requirements analysis will strengthen the relationship between business and IT, as more and more applications satisfy stakeholder needs. More importantly, the applications delivered by IT will meet all of the must-have and at least some of the nice-to-have requirements, allowing end users to execute their day-to-day responsibilities.

    Info-Tech Insight

    1. Requirements gathering SOPs should be prescriptive based on project complexity. Complex projects will require more analytical rigor. Simpler projects can be served by more straightforward techniques like user story development.
    2. Business analysts (BA) can make or break the execution of the requirements gathering process. A strong process still needs to be executed well by BAs with the right blend of skills and knowledge.

    Understand what constitutes a strong business requirement

    A business requirement is a statement that clearly outlines the functional capability that the business needs from a system or application. There are several attributes to look at in requirements:

    Verifiable
    Stated in a way that can be easily tested

    Unambiguous
    Free of subjective terms and can only be interpreted in one way

    Complete
    Contains all relevant information

    Consistent
    Does not conflict with other requirements

    Achievable
    Possible to accomplish with budgetary and technological constraints

    Traceable
    Trackable from inception through to testing

    Unitary
    Addresses only one thing and cannot be decomposed into multiple requirements

    Agnostic
    Doesn’t pre-suppose a specific vendor or product

    Not all requirements will meet all of the attributes.

    In some situations, an insight will reveal new requirements. This requirement will not follow all of the attributes listed above and that’s okay. If a new insight changes the direction of the project, re-evaluate the scope of the project.

    Attributes are context specific.

    Depending on the scope of the project, certain attributes will carry more weight than others. Weigh the value of each attribute before elicitation and adjust as required. For example, verifiable will be a less-valued attribute when developing a client-facing website with no established measuring method/software.

    Build a firm foundation: requirements gathering is an essential step in any project, but many organizations struggle

    Proper requirements gathering is critical for delivering business value from IT projects, but it remains an elusive and perplexing task for most organizations. You need to have a strategy for end-to-end requirements gathering, or your projects will consistently fail to meet business expectations.

    50% of project rework is attributable to problems with requirements. (Info-Tech Research Group)

    45% of delivered features are utilized by end users. (The Standish Group)

    78% of IT professionals believe the business is “usually” or “always” out of sync with project requirements. (Blueprint Software Systems)

    45% of IT professionals admit to being “fuzzy” about the details of a project’s business objectives. (Blueprint Software Systems)

    Requirements gathering is truly an organization-spanning issue, and it falls directly on the IT directors who oversee projects to put prudent SOPs in place for managing the requirements gathering process. Despite its importance, the majority of organizations have challenges with requirements gathering.

    What happens when requirements are no longer effective?

    • Poor requirements can have a very visible and negative impact on deployed apps.
    • IT receives the blame for any project shortcomings or failures.
    • IT loses its credibility and ability to champion future projects.
    • Late projects use IT resources longer than planned.

    Requirements gathering is a core component of the overall project lifecycle that must be given its due diligence

    PMBOK’s Five Phase Project Lifecycle

    Initiate – Plan: Requirements Gathering Lives Here – Execute – Control – Close

    Inaccurate requirements is the 2nd most common cause of project failure (Project Management Institute ‒ Smartsheet).

    Requirements gathering is a critical stage of project planning.

    Depending on whether you take an Agile or Waterfall project management approach, it can be extended into the initiate and execute phases of the project lifecycle.

    Strong stakeholder satisfaction with requirements gathering results in higher satisfaction in other areas

    Organizations that had high satisfaction with requirements gathering were more likely to be highly satisfied with the other areas of IT. In fact, 72% of organizations that had high satisfaction with requirements gathering were also highly satisfied with the availability of IT capacity to complete projects.

    A bar graph measuring % High Satisfaction when projects have High Requirements Gathering vs. Not High Requirements Gathering. The graph shows a substantially higher percentage of high satisfaction on projects with High Requirements Gathering

    Note: High satisfaction was classified as organizations with a score greater or equal to 8. Not high satisfaction was every other organization that scored below 8 on the area questions.

    N=395 organizations from Info-Tech’s CIO Business Vision diagnostic

    Requirements gathering efforts are filled with challenges; review these pitfalls to avoid in your optimization efforts

    The challenges that afflict requirements gathering are multifaceted and often systemic in nature. There isn’t a single cure that will fix all of your requirements gathering problems, but an awareness of frequently encountered challenges will give you a basis for where to consider establishing better SOPs. Commonly encountered challenges include:

    Process Challenges

    • Requirements may be poorly documented, or not documented at all.
    • Elicitation methods may be inappropriate (e.g. using a survey when collaborative whiteboarding is needed).
    • Elicitation methods may be poorly executed.
    • IT and business units may not be communicating requirements in the same terms/language.
    • Requirements that conflict with one another may not be identified during analysis.
    • Requirements cannot be traced from origin to testing.

    Stakeholder Challenges

    • Stakeholders may be unaware of the requirements needed for the ideal solution.
    • Stakeholders may have difficulty properly articulating their desired requirements.
    • Stakeholders may have difficulty gaining consensus on the ideal solution.
    • Relevant stakeholders may not be consulted on requirements.
    • Sign-off may not be received from the proper stakeholders.

    70% of projects fail due to poor requirements. (Info-Tech Research Group)

    Address the root cause of poor requirements to increase project success

    Root Causes of Poor Requirements Gathering:

    • Requirements gathering procedures don’t exist.
    • Requirements gathering procedures exist but aren’t followed.
    • There isn't enough time allocated to the requirements gathering phase.
    • There isn't enough involvement or investment secured from business partners.
    • There is no senior leadership involvement or mandate to fix requirements gathering.
    • There are inadequate efforts put towards obtaining and enforcing sign-off.

    Outcomes of Poor Requirements Gathering:

    • Rework due to poor requirements leads to costly overruns.
    • Final deliverables are of poor quality.
    • Final deliverables are implemented late.
    • Predicted gains from deployed applications are not realized.
    • There are low feature utilization rates by end users.
    • There are high levels of end-user dissatisfaction.
    • There are high levels of project sponsor dissatisfaction.

    Info-Tech Insight

    Requirements gathering is the number one failure point for most development or procurement projects that don’t deliver value. This has been and continues to be the case as most organizations still don't get requirements gathering right. Overcoming organizational cynicism can be a major obstacle when it is time to optimize the requirements gathering process.

    Reduce wasted project work with clarity of business goals and analysis of requirements

    You can reduce the amount of wasted work by making sure you have clear business goals. In fact, you could see an improvement of as much as 50% by going from a low level of satisfaction with clarity of business goals (<2) to a high level of satisfaction (≥5).

    A line graph demonstrating that as the amount of wasted work increases, clarity of business goals satisfaction decreases.

    Likewise, you could see an improvement of as much as 43% by going from a low level of satisfaction with analysis of requirements (less than 2) to a high level of satisfaction (greater than or equal to 5).

    A line graph demonstrating that as the Amount of Wasted Work decreases, the level of satisfaction with analysis of requirements shifts from low to high.

    Note: Waste is measured by the amount of cancelled projects; suboptimal assignment of resources; analyzing, fixing, and re-deploying; inefficiency, and unassigned resources.

    N=200 teams from the Project Portfolio Management diagnostic

    Effective requirements gathering supports other critical elements of project management success

    Good intentions and hard work aren’t enough to make a project successful. As you proceed with a project, step back and assess the critical success factors. Make sure that the important inputs and critical activities of requirements gathering are supporting, not inhibiting, project success.

    1. Streamlined Project Intake
    2. Strong Stakeholder Management
    3. Defined Project Scope
    4. Effective Project Management
    5. Environmental Analysis

    Don’t improvise: have a structured, end-to-end approach for successfully gathering useful requirements

    Creating a unified SOP guide for requirements elicitation, analysis, and validation is a critical step for requirements optimization; it gives your BAs a common frame of reference for conducting requirements gathering.

    • The key to requirements optimization is to establish a strong set of SOPs that provide direction on how your organization should be executing requirements gathering processes. This SOP guide should be a holistic document that walks your BAs through a requirements gathering project from beginning to end.
    • An SOP that is put aside is useless; it must be well communicated to BAs. It should be treated as the veritable manifesto of requirements management in your organization.

    Info-Tech Insight

    Having a standardized approach to requirements management is critical, and SOPs should be the responsibility of a group. The SOP guide should cover all of the major bases of requirements management. In addition to providing a walk-through of the process, an SOP also clarifies requirements governance.

    Leverage Info-Tech’s proven Requirements Gathering Framework as the basis for building requirements processes

    A graphic with APPLICATIONS THAT DELIVER BUSINESS VALUE written in the middle. Three steps are named: Elicit; Analyze; Validate. Around the outer part of the graphic are 4 arrows arranged in a circle, with the labels: Plan; Monitor; Communicate; Manage.

    Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework has been extensively road-tested with our clients to ensure that it balances the needs of IT and business stakeholders to give a holistic, end-to-end approach for requirements gathering. It covers the foundational issues (elicitation, analysis, and validation) and prescribes techniques for planning, monitoring, communicating, and managing the requirements gathering process.

    Don’t forget resourcing: the best requirements gathering process will still fail if you don’t develop BA competencies

    When creating the process for requirements gathering, think about how it will be executed by your BAs, and what the composition of your BA team should look like. A strong BA needs to serve as an effective translator, being able to speak the language of both the business and IT.

    1. To ensure alignment of your BAs to the requirements gathering process, undertake a formal skills assessment to identify areas where analysts are strong, and areas that should be targeted for training and skills development.
    2. Training of BAs on the requirements gathering process and development of intimate familiarity with SOPs is essential; you need to get BAs on the same page to ensure consistency and repeatability of the requirements process.
    3. Consider implementing a formal mentorship and/or job shadowing program between senior and junior BAs. Many of our members report that leveraging senior BAs to bootstrap the competencies of more junior team members is a proven approach to building skillsets for requirements gathering.

    What are some core competencies of a good BA?

    • Strong stakeholder management.
    • Proven track record in facilitating elicitation sessions.
    • Ability to bridge the gulf between IT and the business by speaking both languages.
    • Ability to ask relevant probing questions to uncover latent needs.
    • Experience with creating project operating models and business process diagrams.
    • Ability to set and manage expectations throughout the process.

    Throughout this blueprint, look for the “BA Insight” box to learn how steps in the requirements gathering process relate to the skills needed by BAs to facilitate the process effectively.

    A mid-sized local government overhauls its requirements gathering approach and sees strong results

    CASE STUDY

    Industry

    Government

    Source

    Info-Tech Research Group Workshop

    The Client

    The organization was a local government responsible for providing services to approximately 600,000 citizens in the southern US. Its IT department is tasked with deploying applications and systems (such as HRIS) that support the various initiatives and mandate of the local government.

    The Requirements Gathering Challenge

    The IT department recognized that a strong requirements gathering process was essential to delivering value to its stakeholders. However, there was no codified process in place – each BA unilaterally decided how they would conduct requirements gathering at the start of each project. IT recognized that to enhance both the effectiveness and efficiency of requirements gathering, it needed to put in place a strong, prescriptive set of SOPs.

    The Improvement

    Working with a team from Info-Tech, the IT leadership and BA team conducted a workshop to develop a new set of SOPs that provided clear guidance for each stage of the requirements process: elicitation, analysis, and validation. As a result, business satisfaction and value alignment increased.

    The Requirements Gathering SOP and BA Playbook offers a codified set of SOPs for requirements gathering gave BAs a clear playbook.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Strong Approach to Business Requirements Gathering – project overview

    1. Build the Target State for Requirements Gathering 2. Define the Elicitation Process 3. Analyze and Validate Requirements 4. Create a Requirements Governance Action Plan
    Best-Practice Toolkit

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    Guided Implementations
    • Review Info-Tech’s requirements gathering methodology.
    • Assess current state for requirements gathering – pains and challenges.
    • Determine target state for business requirements gathering – areas of opportunity.
    • Assess elicitation techniques and determine best fit to projects and business environment.
    • Review options for structuring the output of requirements elicitation (i.e. SIPOC).
    • Create policies for requirements categorization and prioritization.
    • Establish best practices for validating the BRD with project stakeholders.
    • Discuss how to handle changes to requirements, and establish a formal change control process.
    • Review options for ongoing governance of the requirements gathering process.
    Onsite Workshop Module 1: Define the Current and Target State Module 2: Define the Elicitation Process Module 3: Analyze and Validate Requirements Module 4: Governance and Continuous Improvement Process
    Phase 1 Results: Clear understanding of target needs for the requirements process. Phase 2 Results: Best practices for conducting and structuring elicitation. Phase 3 Results: Standardized frameworks for analysis and validation of business requirements. Phase 4 Results: Formalized change control and governance processes for requirements.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Define Current State and Target State for Requirements Gathering

    • Understand current state and document existing requirement process steps.
    • Identify stakeholder, process, outcome, and reigning challenges.
    • Conduct target state analysis.
    • Establish requirements gathering metrics.
    • Identify project levels 1/2/3/4.
    • Match control points to project levels 1/2/3/4.
    • Conduct project scoping and identify stakeholders.

    Define the Elicitation Process

    • Understand elicitation techniques and which ones to use.
    • Document and confirm elicitation techniques.
    • Create a requirements gathering elicitation plan for your project.
    • Practice using interviews with business stakeholders to build use case models.
    • Practice using table-top testing with business stakeholders to build use case models.
    • Build the operating model for your project

    Analyze and Validate Requirements

    • Categorize gathered requirements for use.
    • Consolidate similar requirements and eliminate redundancies.
    • Practice prioritizing requirements.
    • Rightsize the requirements documentation template.
    • Present the business requirements document (BRD) to business stakeholders.
    • Identify testing opportunities.

    Establish Change Control Processes

    • Review existing CR process.
    • Review change control process best practices & optimization opportunities.
    • Build guidelines for escalating changes.
    • Confirm your requirements gathering process for project levels 1/2/3/4.

    Establish Ongoing Governance for Requirements Gathering

    • Define RACI for the requirements gathering process.
    • Define the requirements gathering governance process.
    • Define RACI for requirements gathering governance.
    • Define the agenda and cadence for requirements gathering governance.
    • Identify and analyze stakeholders for communication plan.
    • Create communication management plan.
    • Build the action plan.
    Deliverables
    • Requirements gathering maturity assessment
    • Project level selection tool
    • Requirements gathering documentation tool
    • Project elicitation schedule
    • Project operating model
    • Project use cases
    • Requirements gathering documentation tool
    • Requirements gathering testing checklist
    • Requirements traceability matrix
    • Requirements gathering communication tracking template
    • Requirements gathering action plan

    Phase 1: Build the Target State for the Requirements Gathering Process

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Build the Target State

    Proposed Time to Completion: 2 weeks

    Step 1.1: Understand the Benefits of Requirements Optimization

    Start with an analyst kick off call:

    • Review Info-Tech’s requirements gathering methodology.

    Then complete these activities…

    • Hold a fireside chat.

    With these tools & templates:

    Requirements Gathering SOP and BA Playbook

    Step 1.2: Determine Your Target State for Requirements Gathering

    Review findings with analyst:

    • Assess current state for requirements gathering – pains and challenges.
    • Determine target state for business requirements gathering – areas of opportunity.

    Then complete these activities…

    • Identify your business process model.
    • Define project levels.
    • Match control points to project level.
    • Identify and analyze stakeholders.

    With these tools & templates:

    • Requirements Gathering Maturity Assessment
    • Project Level Selection Tool
    • Business Requirements Analyst job description
    • Requirements Gathering Communication Tracking Template

    Phase 1 Results & Insights:

    Clear understanding of target needs for the requirements process.

    Step 1.1: Understand the Benefits of Requirements Optimization

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Identifying challenges with requirements gathering and identifying objectives for the workshop.
    This step involves the following participants:
    • Business stakeholders
    • BAs
    Outcomes of this step
    • Stakeholder objectives identified.

    Requirements optimization is powerful, but it’s not free; gauge the organizational capital you’ll need to make it a success

    Optimizing requirements management is not something that can be done in isolation, and it’s not necessarily going to be easy. Improving your requirements will translate into better value delivery, but it takes real commitment from IT and its business partners.

    There are four “pillars of commitment” that will be necessary to succeed with requirements optimization:

    1. Senior Management Organizational Capital
      • Before organizations can establish revised SOPs for requirements gathering, they’ll need a strong champion in senior management to ensure that updated elicitation and sign-off techniques do not offend people. A powerful sponsor can lead to success, especially if they are in the business.
    2. End-User Organizational Capital
      • To overcome cynicism, you need to focus on convincing end users that there is something to be gained from participating in requirements gathering (and the broader process of requirements optimization). Frame the value by focusing on how good requirements mean better apps (e.g. faster, cheaper, fewer errors, less frustration).
    3. Staff Resourcing
      • You can have a great SOP, but if you don’t have the right resources to execute on it you’re going to have difficulty. Requirements gathering needs dedicated BAs (or equivalent staff) who are trained in best practices and can handle elicitation, analysis, and validation successfully.
    4. Dedicated Cycle Time
      • IT and the business both need to be willing to demonstrate the value of requirements optimization by giving requirements gathering the time it needs to succeed. If these parties are convinced by the concept in theory, but still try to rush moving to the development phase, they’re destined for failure.

    Rethink your approach to requirements gathering: start by examining the business process, then tackle technology

    When gathering business requirements, it’s critical not to assume that layering on technology to a process will automatically solve your problems.

    Proper requirements gathering views projects holistically (i.e. not just as an attempt to deploy an application or technology, but as an endeavor to enable new or re-engineered business processes). Neglecting to see requirements gathering in the context of business process enablement leads to failure.

    • Far too often, organizations automate an existing process without putting much thought into finding a better way to do things.
    • Most organizations focus on identifying a series of small improvements to make to a process and realize limited gains.
    • The best way to generate transformational gains is to reinvent how the process should be performed and work backwards from there.
    • You should take a top-down approach and begin by speaking with senior management about the business case for the project and their vision for the target state.
    • You should elicit requirements from the rank-and-file employees while centering the discussion and requirements around senior management’s target state. Don’t turn requirements gathering into a griping session about deficiencies with a current application.

    Leverage Info-Tech’s proven Requirements Gathering Framework as the basis for building requirements processes

    A graphic with APPLICATIONS THAT DELIVER BUSINESS VALUE written in the middle. Three steps are named: Elicit; Analyze; Validate. Around the outer part of the graphic are 4 arrows arranged in a circle, with the labels: Plan; Monitor; Communicate; Manage.

    Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework has been extensively road-tested with our clients to ensure that it balances the needs of IT and business stakeholders to give a holistic, end-to-end approach for requirements gathering. It covers both the foundational issues (elicitation, analysis, and validation) as well as prescribing techniques for planning, monitoring, communicating, and managing the requirements gathering process.

    Requirements gathering fireside chat

    1.1.1 – 45 minutes

    Output
    • Stakeholder objectives
    Materials
    • Whiteboard, markers, sticky notes
    Participants
    • BAs

    Identify the challenges you’re experiencing with requirements gathering, and identify objectives.

    1. Hand out sticky notes to participants, and ask the group to work independently to think of challenges that exist with regards to requirements gathering. (Hint: consider stakeholder challenges, process challenges, outcome challenges, and training challenges.) Ask participants to write their current challenges on sticky notes, and place them on the whiteboard.
    2. As a group, review all sticky notes and group challenges into themes.
    3. For each theme you uncover, work as a group to determine the objective that will overcome these challenges throughout the workshop and write this on the whiteboard.
    4. Discuss how these challenges will be addressed in the workshop.

    Don’t improvise: have a structured, prescriptive end-to-end approach for successfully gathering useful requirements

    Creating a unified SOP guide for requirements elicitation, analysis, and validation is a critical step for requirements optimization; it gives your BAs a common frame of reference for conducting requirements gathering.

    • The key to requirements optimization is to establish a strong set of SOPs that provide direction on how your organization should be executing requirements gathering processes. This SOP guide should be a holistic document that walks your BAs through a requirements gathering project from beginning to end.
    • An SOP that is put aside is useless; it must be well communicated to BAs. It should be treated as the veritable manifesto of requirements management in your organization.

    Info-Tech Insight

    Having a standardized approach to requirements management is critical, and SOPs should be the responsibility of a group. The SOP guide should cover all of the major bases of requirements management. In addition to providing a walk-through of the process, an SOP also clarifies requirements governance.

    Use Info-Tech’s Requirements Gathering SOP and BA Playbook to assist with requirements gathering optimization

    Info-Tech’s Requirements Gathering SOP and BA Playbook template forms the basis of this blueprint. It’s a structured document that you can fill out with defined procedures for how requirements should be gathered at your organization.

    Info-Tech’s Requirements Gathering SOP and BA Playbook template provides a number of sections that you can populate to provide direction for requirements gathering practitioners. Sections provided include: Organizational Context Governance Procedures Resourcing Model Technology Strategy Knowledge Management Elicitation SOPs Analysis SOPs Validation SOPs.

    The template has been pre-populated with an example of requirements management procedures. Feel free to customize it to fit your specific needs.

    Download the Requirements Gathering SOP and BA Playbook template.

    Step 1.2: Determine Your Target State for Requirements Gathering

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Conduct a current and target state analysis.
    • Identify requirements gathering business process model.
    • Establish requirements gathering performance metrics.
    • Define project levels – level 1/2/3/4.
    • Match control points to project level.
    • Conduct initial brainstorming on the project.
    This step involves the following participants:
    • BAs
    Outcomes of this step:
    • Requirements gathering maturity summary.
    • Requirements gathering business process model.
    • Identification of project levels.
    • Identification of control points.

    Plan for requirements gathering

    The image is the Requirements Gathering Framework from earlier slides, but with all parts of the graphic grey-out, except for the arrows containing Plan and Monitor, at the top.

    Establishing an overarching plan for requirements governance is the first step in building an SOP. You must also decide who will actually execute the requirements gathering processes, and what technology they will use to accomplish this. Planning for governance, resourcing, and technology is something that should be done repeatedly and at a higher strategic level than the more sequential steps of elicitation, analysis, and validation.

    Establish your target state for requirements gathering processes to have a cogent roadmap of what needs to be done

    Visualize how you want requirements to be gathered in your organization. Do not let elements of the current process restrict your thinking.

    • First, articulate the impetus for optimizing requirements management and establish clear goals.
    • Use these goals to drive the target state.

    For example:

    • If the goal is to improve the accuracy of requirements, then restructure the validation process.
    • If the goal is to improve the consistency of requirements gathering, then create SOPs or use electronic templates and tools.

    Refrain from only making small changes to improve the existing process. Think about the optimal way to structure the requirements gathering process.

    Define the attributes of a good requirement to help benchmark the type of outputs that you’re looking for

    Attributes of Good Requirements

    Verifiable – It is stated in a way that can be tested.

    Unambiguous – It is free of subjective terms and can only be interpreted in one way.

    Complete – It contains all relevant information.

    Consistent – It does not conflict with other requirements.

    Achievable – It is possible to accomplish given the budgetary and technological constraints.

    Traceable – It can tracked from inception to testing.

    Unitary – It addresses only one thing and cannot be decomposed into multiple requirements.

    Accurate – It is based on proven facts and correct information.

    Other Considerations:

    Organizations can also track a requirement owner, rationale, priority level (must have vs. nice to have), and current status (approved, tested, etc.).

    Info-Tech Insight

    Requirements must be solution agnostic – they should focus on the underlying need rather than the technology required to satisfy the need as it can be really easy to fall into the technology solution trap.

    Use Info-Tech’s Requirements Gathering Maturity Assessment tool to help conduct current and target state analysis

    Use the Requirements Gathering Maturity Assessment tool to help assess the maturity of your requirements gathering function in your organization, and identify the gaps between the current state and the target state. This will help focus your organization's efforts in closing the gaps that represent high-value opportunities.

    • On tab 2. Current State, use the drop-down responses to provide the answer that best matches your organization, where 1= Strongly disagree and 5 = Strongly agree. On tab 3. Target State, answer the same questions in relation to where your organization would like to be.
    • Based on your responses, tab 4. Maturity Summary will display a visual of the gap between the current and target state.

    Conduct a current and target state analysis

    1.2.1 – 1 hour

    Complete the Requirements Gathering Maturity Assessment tool to define your target state, and identify the gaps in your current state.

    Input
    • Current and target state maturity rating
    Output
    • Requirements gathering maturity summary
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    1. For each component of requirements gathering, write out a series of questions to evaluate your current requirements gathering practices. Use the Requirements Gathering Maturity Assessment tool to assist you in drafting questions.
    2. Review the questions in each category, and agree on a rating from 1-5 on their current maturity: 1= Strongly disagree and 5 = Strongly agree. (Note: it will likely be very rare that they would score a 5 in any category, even for the target state.)
    3. Once the assigned categories have been completed, have groups present their assessment to all, and ensure that there is consensus. Once consensus has been reached, input the information into the Current State tab of the tool to reveal the overall current state of maturity score for each category.
    4. Now that the current state is complete, go through each category and define the target state goals.
    5. Document any gaps or action items that need to be addressed.

    Example: Conduct a current and target state analysis

    The Requirements Gathering Maturity Assessment - Target State, with example data inputted.

    Select the project-specific KPIs that will be used to track the value of requirements gathering optimization

    You need to ensure your requirements gathering procedures are having the desired effect and adjust course when necessary. Establishing an upfront list of key performance indicators that will be benchmarked and tracked is a crucial step.

    • Without following up on requirements gathering by tracking project metrics and KPIs, organizations will not be able to accurately gauge if the requirements process re-engineering is having a tangible, measurable effect. They will also not be able to determine what changes (if any) need to be made to SOPs based on project performance.
    • This is a crucial step that many organizations overlook. Creating a retroactive list of KPIs is inadequate, since you must benchmark pre-optimization project metrics in order to assess and isolate the value generated by reducing errors and cycle time and increasing value of deployed applications.

    Establish requirements gathering performance metrics

    1.2.2 – 30 minutes

    Input
    • Historical metrics
    Output
    • Target performance metrics
    Materials
    • Whiteboard
    • Markers
    • Paper
    Participants
    • BAs
    1. Identify the following information for the last six months to one year:
      1. Average number of reworks to requirements.
      2. Number of change requests.
      3. Percent of feature utilization by end users.
      4. User adoption rate.
      5. Number of breaches in regulatory requirements.
      6. Percent of final deliverables implemented on time.
      7. End-user satisfaction score (if possible).
    2. As a group, look at each metric in turn and set your target metrics for six months to one year for each of these categories.

    Document the output from this exercise in section 2.2 of the Requirements Gathering SOP and BA Playbook.

    Visualize your current and target state process for requirements gathering with a business process model

    A business process model (BPM) is a simplified depiction of a complex process. These visual representations allow all types of stakeholders to quickly understand a process, how it affects them, and enables more effective decision making. Consider these areas for your model:

    Stakeholder Analysis

    • Identify who the right stakeholders are
    • Plan communication
    • Document stakeholder responsibilities in a RACI

    Elicitation Techniques

    • Get the right information from stakeholders
    • Document it in the appropriate format
    • Define business need
    • Enterprise analysis

    Documentation

    • How are outputs built?
    • Process flows
    • Use cases
    • Business rules
    • Traceability matrix
    • System requirements

    Validation & Traceability

    • Make sure requirements are accurate and complete
    • Trace business needs to requirements

    Managing Requirements

    • Organizing and prioritizing
    • Gap analysis
    • Managing scope
    • Communicating
    • Managing changes

    Supporting Tools

    • Templates to standardize
    • Checklists
    • Software to automate the process

    Your requirements gathering process will vary based on the project level

    It’s important to determine the project levels up front, as each project level will have a specific degree of elicitation, analysis, and validation that will need to be completed. That being said, not all organizations will have four levels.

    Level 4

    • Very high risk and complexity.
    • Projects that result in a transformative change in the way you do business. Level 4 projects affect all lines of business, multiple technology areas, and have significant costs and/or risks.
    • Example: Implement ERP

    Level 3

    • High risk and complexity.
    • Projects that affect multiple lines of business and have significant costs and/or risks.
    • Example: Implement CRM

    Level 2

    • Medium risk and complexity.
    • Projects with broader exposure to the business that present a moderate level of risk to business operations.
    • Example: Deploy Office 365

    Level 1

    • Low risk and complexity.
    • Routine/straightforward projects with limited exposure to the business and low risk of negative business impact.
    • Example: SharePoint Update

    Use Info-Tech’s Project Level Selection Tool to classify your project level and complexity

    1.3 Project Level Selection Tool

    The Project Level Selection Tool will classify your projects into four levels, enabling you to evaluate the risk and complexity of a particular project and match it with an appropriate requirements gathering process.

    Project Level Input

    • Consider the weighting criteria for each question and make any needed adjustments to better reflect how your organization values each of the criterion.
    • Review the option levels 1-4 for each of the six questions, and make any modifications necessary to better suit your organization.
    • Review the points assigned to each of the four buckets for each of the six questions, and make any modifications needed.

    Project Level Selection

    • Use this tab to evaluate the project level of each new project.
    • To do so, answer each of the questions in the tool.

    Define project levels – Level 1/2/3/4

    1.2.3 – 1 hour

    Input
    • Project level assessment criteria
    Output
    • Identification of project levels
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs

    Define the project levels to determine the appropriate requirements gathering process for each.

    1. Begin by asking participants to review the six criteria for assessing project levels as identified in the Project Level Selection Tool. Have participants review the list and ensure agreement around the factors. Create a chart on the board using Level 1, Level 2, Level 3, and Level 4 as column headings.
    2. Create a row for each of the chosen factors. Begin by filling in the chart with criteria for a level 4 project: What constitutes a level 4 project according to these six factors?
    3. Repeat the exercise for Level 3, Level 2, and Level 1. When complete, you should have a chart that defines the four project levels at your organization.
    4. Input this information into the tool, and ask participants to review the weighting factors and point allocations and make modifications where necessary.
    5. Input the details from one of the projects participants had selected prior to the workshop beginning and determine its project level. Discuss whether this level is accurate, and make any changes needed.

    Document the output from this exercise in section 2.3 of the Requirements Gathering SOP and BA Playbook.

    Define project levels

    1.2.3 – 1 hour

    Category Level 4 Level 3 Level 2 Level 1
    Scope of Change Full system update Full system update Multiple modules Minor change
    Expected Duration 12 months + 6 months + 3-6 months 0-3 months
    Impact Enterprise-wide, globally dispersed Enterprise-wide Department-wide Low users/single division
    Budget $1,000,000+ $500,000-1,000,000 $100,000-500,000 $0-100,000
    Services Affected Mission critical, revenue impacting Mission critical, revenue impacting Pervasive but not mission critical Isolated, non-essential
    Confidentiality Yes Yes No No

    Define project levels

    1.2.3 – 1 hour

    The tool is comprised of six questions, each of which is linked to at least one type of project risk.

    Using the answers provided, the tool will calculate a level for each risk category. Overall project level is a weighted average of the individual risk levels, based on the importance weighting of each type of risk set by the project manager.

    This tool is an excerpt from Info-Tech’s exhaustive Project Level Assessment Tool.

    The image shows the Project Level Tool, with example data filled in.

    Build your initial requirements gathering business process models: create different models based on project complexity

    1.2.4 – 30 minutes

    Input
    • Current requirements gathering process flow
    Output
    • Requirements gathering business process model
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs

    Brainstorm the ideal target business process flows for your requirements gathering process (by project level).

    1. As a group, create a process flow on the whiteboard that covers the entire requirements gathering lifecycle, incorporating the feedback from exercise 1.2.1. Draw the process with input from the entire group.
    2. After the process flow is complete, compare it to the best practice process flow on the following slide. You may want to create different process flows based on project level (i.e. a process model for Level 1 and 2 requirements gathering, and a process model for how to collect requirements for Level 3 and 4). As you work through the blueprint, revisit and refine these models – this is the initial brainstorming!

    Document the output from this exercise in section 2.4 of the Requirements Gathering SOP and BA Playbook.

    Example: requirements gathering business process model

    An example of the requirements gathering business process model. The model depicts the various stages of the requirements gathering process.

    Develop your BA team to accelerate collecting, analyzing, and translating requirements

    Having an SOP is important, but it should be the basis for training the people who will actually execute the requirements gathering process. Your BA team is critical for requirements gathering – they need to know the SOPs in detail, and you need to have a plan for recruiting those with an excellent skill set.

    • The designated BA(s) for the project have responsibility for end-to-end requirements management – they are responsible for executing the SOPs outlined in this blueprint, including elicitation, analysis, and validation of requirements during the project.
    • Designated BAs must work collaboratively with their counterparts in the business and IT (e.g. developer teams or procurement professionals) to ensure that the approved requirements are met in a timely and cost-effective manner.

    The ideal candidates for requirements gathering are technically savvy analysts (but not necessarily computer science majors) from the business who are already fluent with the business’ language and cognizant of the day-to-day challenges that take place. Organizationally, these BAs should be in a group that bridges IT and the business (such as an RGCOE or PMO) and be specialists rather than generalists in the requirements management space.

    A BA resourcing strategy is included in the SOP. Customize it to suit your needs.

    "Make sure your people understand the business they are trying to provide the solution for as well if not better than the business folks themselves." – Ken Piddington, CIO, MRE Consulting

    Use Info-Tech’s Business Requirements Analyst job description template for sourcing the right talent

    1.4 Business Requirements Analyst

    If you don’t have a trained group of in-house BAs who can execute your requirements gathering process, consider sourcing the talent from internal candidates or calling for qualified applicants. Our Business Requirements Analyst job description template can help you quickly get the word out.

    • Sometimes, you will have a dedicated set of BAs, and sometimes you won’t. In the latter case, the template covers:
      • Job Title
      • Description of Role
      • Responsibilities
      • Target Job Skills
      • Target Job Qualifications
    • The template is primarily designed for external hiring, but can also be used to find qualified internal candidates.

    Info-Tech Deliverable
    Download the Business Requirements Analyst job description template.

    Standardizing process begins with establishing expectations

    CASE STUDY

    Industry Government

    Source Info-Tech Workshop

    Challenge

    A mid-sized US municipality was challenged with managing stakeholder expectations for projects, including the collection and analysis of business requirements.

    The lack of a consistent approach to requirements gathering was causing the IT department to lose credibility with department level executives, impacting the ability of the team to engage project stakeholders in defining project needs.

    Solution

    The City contracted Info-Tech to help build an SOP to govern and train all BAs on a consistent requirements gathering process.

    The teams first set about establishing a consistent approach to defining project levels, defining six questions to be asked for each project. This framework would be used to assess the complexity, risk, and scope of each project, thereby defining the appropriate level of rigor and documentation required for each initiative.

    Results

    Once the project levels were defined, the team established a formalized set of steps, tools, and artifacts to be created for each phase of the project. These tools helped the team present a consistent approach to each project to the stakeholders, helping improve credibility and engagement for eliciting requirements.

    The project level should set the level of control

    Choose a level of control that facilitates success without slowing progress.

    No control Right-sized control Over-engineered control
    Final deliverable may not satisfy business or user requirements. Control points and communication are set at appropriate stage-gates to allow for deliverables to be evaluated and assessed before proceeding to the next phase. Excessive controls can result in too much time spent on stage-gates and approvals, which creates delays in the schedule and causes milestones to be missed.

    Info-Tech Insight

    Throughout the requirements gathering process, you need checks and balances to ensure that the projects are going according to plan. Now that we know our stakeholder, elicitation, and prioritization processes, we will set up the control points for each project level.

    Plan your communication with stakeholders

    Determine how you want to receive and distribute messages to stakeholders.

    Communication Milestones Audience Artifact Final Goal
    Project Initiation Project Sponsor Project Charter Communicate Goals and Scope of Project
    Elicitation Scheduling Selected Stakeholders (SMEs, Power Users) Proposed Solution Schedule Elicitation Sessions
    Elicitation Follow-Up Selected Stakeholders Elicitation Notes Confirm Accuracy of Notes
    First Pass Validation Selected Stakeholders Consolidated Requirements Validate Aggregated Requirements
    Second Pass Validation Selected Stakeholders Prioritized Requirements Validate Requirements Priority
    Eliminated Requirements Affected Stakeholders Out of Scope Requirements Affected Stakeholders Understand Impact of Eliminated Requirements
    Solution Selection High Authority/Expertise Stakeholders Modeled Solutions Select Solution
    Selected Solution High Authority/Expertise Stakeholders and Project Sponsor Requirements Package Communicate Solution
    Requirements Sign-Off Project Sponsor Requirements Package Obtain Sign-Off

    Setting control points – approvals and sign-offs

    # – Control Point: A decision requiring specific approval or sign-off from defined stakeholders involved with the project. Control points result in accepted or rejected deliverables/documents.

    A – Plan Approval: This control point requires a review of the requirements gathering plan, stakeholders, and elicitation techniques.

    B – Requirements Validation: This control point requires a review of the requirements documentation that indicates project and product requirements.

    C – Prioritization Sign-Off: This requires sign-off from the business and/or user groups. This might be sign-off to approve a document, prioritization, or confirm that testing is complete.

    D – IT or Peer Sign-Off: This requires sign-off from IT to approve technical requirements or confirm that IT is ready to accept a change.

    Match control points to project level and identify these in your requirements business process models

    1.2.5 – 45 minutes

    Input
    • Activity 1.2.4 business process diagram
    Output
    • Identify control points
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • Business stakeholders
    • BAs

    Define all of the key control points, required documentation, and involved stakeholders.

    1. On the board, post the initial business process diagram built in exercise 1.2.4. Have participants suggest appropriate control points. Write the control point number on a sticky note and place it where the control point should be.
    2. Now that we have identified the control points, consider each control point and define who will be involved in each one, who provides the approval to move forward, the documentation required, and the overall goal.

    Document the output from this exercise in section 6.1 of the Requirements Gathering SOP and BA Playbook.

    A savvy BA should clarify and confirm project scope prior to embarking on requirements elicitation

    Before commencing requirements gathering, it’s critical that your practitioners have a clear understanding of the initial business case and rationale for the project that they’re supporting. This is vital for providing the business context that elicitation activities must be geared towards.

    • Prior to commencing the requirements gathering phase, the designated BA should obtain a clear statement of scope or initial project charter from the project sponsor. It’s also advisable for the BA to have an in-person meeting with the project sponsor(s) to understand the overarching strategic or tactical impetus for the project. This initial meeting should be less about eliciting requirements and more about understanding why the project is moving forward, and the business processes it seeks to enable or re-engineer (the target state).
    • During this meeting, the BA should seek to develop a clear understanding of the strategic rationale for why the project is being undertaken (the anticipated business benefits) and why it is being undertaken at this time. If the sponsor has any business process models they can share, this would be a good time to review them.

    During requirements gathering, BAs should steer clear of solutions and focus on capturing requirements. Focus on traceable, hierarchical, and testable requirements. Focusing on solution design means you are out of requirements mode.

    Identify constraints early and often, and ensure that they are adequately communicated to project sponsors and end users

    Constraints come in many forms (i.e. financial, regulatory, and technological). Identifying these constraints prior to entering requirements gathering enables you to remain alert; you can separate what is possible from what is impossible, and set stakeholder expectations accordingly.

    • Most organizations don’t inventory their constraints until after they’ve gathered requirements. This is dangerous, as clients may inadvertently signal to end users or stakeholders that an infeasible requirement is something they will pursue. As a result, stakeholders are disappointed when they don’t see it materialize.
    • Organizations need to put advanced effort into constraint identification and management. Too much time is wasted pursuing requirements that aren't feasible given existing internal (e.g. budgets and system) and external (e.g. legislative or regulatory) constraints.
    • Organizations need to manage diverse stakeholders for requirements analysis. Communication will not always be solely with internal teams, but also with suppliers, customers, vendors, and system integrators.

    Stakeholder management is a critical aspect of the BA’s role. Part of the BA’s responsibility is prioritizing solutions and demonstrating to stakeholders the level of effort required and the value attained.

    A graphic, with an arrow running down the left side, pointing downward, which is labelled Constraint Malleability. On the right side of the arrow are three rounded arrows, stacked. The top arrow is labelled Legal/Regulatory Constraints, the second is labelled System/Technical Constraints and the third is labelled Stakeholder Constraints

    Conduct initial brainstorming on the scope of a selected enterprise application project (real or a sample of your choice)

    1.2.6 – 30 minutes

    Input
    • Project details
    Output
    • Initial project scoping
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Begin the requirements gathering process by conducting some initial scoping on why we are doing the project, the goals, and the constraints.

    1. Share the project intake form/charter with each member of the group, and give them a few minutes to read over the project details.
    2. On the board write the project topic and three sub-topics:
      • Why does the business want this?
      • What do you want customers (end users) to be able to do?
      • What are the constraints?
    3. As a group, brainstorm answers to each of these questions and write them on the board.

    Example: Conduct initial brainstorming on the project

    Image shows an example for initial brainstorming on a project. The image shows the overall idea, Implement CRM, with question bubbles emerging out of it, and space left blank to brainstorm the answers to those questions.

    Identify stakeholders that must be consulted during the elicitation part of the process; get a good spectrum of subject matter experts (SMEs)

    Before you can dive into most elicitation techniques, you need to know who you’re going to speak with – not all stakeholders hold the same value.

    There are two broad categories of stakeholders:

    Customers: Those who ask for a system/project/change but do not necessarily use it. These are typically executive sponsors, project managers, or interested stakeholders. They are customers in the sense that they may provide the funding or budget for a project, and may have requests for features and functionality, but they won’t have to use it in their own workflows.

    Users: Those who may not ask for a system but must use it in their routine workflows. These are your end users, those who will actually interact with the system. Users don’t necessarily have to be people – they can also be other systems that will require inputs or outputs from the proposed solution. Understand their needs to best drive more granular functional requirements.

    "The people you need to make happy at the end of the day are the people who are going to help you identify and prioritize requirements." – Director of IT, Municipal Utilities Provider

    Need a hand with stakeholder identification? Leverage Info-Tech’s Stakeholder Planning Tool to catalog and prioritize the stakeholders your BAs will need to contact during the elicitation phase.

    Exercise: Identify and analyze stakeholders for the application project prior to beginning formal elicitation

    1.2.7 – 45 minutes

    Input
    • List of stakeholders
    Output
    • Stakeholder analysis
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs

    Practice the process for identifying and analyzing key stakeholders for requirements gathering.

    1. As a group, generate a complete list of the project stakeholders. Consider who is involved in the problem and who will be impacted by the solution, and record the names of these stakeholders/stakeholder groups on a sticky note. Categories include:
      1. Who is the project sponsor?
      2. Who are the user groups?
      3. Who are the project architects?
      4. Who are the specialty stakeholders (SMEs)?
      5. Who is your project team?
    2. Now that you’ve compiled a complete list, review each user group and indicate their level of influence against their level of involvement in the project to create a stakeholder power map by placing their sticky on a 2X2 grid.
    3. At the end of the day, record this list in the Requirements Gathering Communication Tracking Template.

    Use Info-Tech’s Requirements Gathering Communication Tracking Template

    1.5 Requirements Gathering Communication Tracking Template

    Use the Requirements Gathering Communication Tracking Template for structuring and managing ongoing communications among key requirements gathering implementation stakeholders.

    An illustration of the Stakeholder Power Map Template tab of the Requirements Gathering Communication Tracking Template

    Use the Stakeholder Power Map tab to:

    • Identify the stakeholder's name and role.
    • Identify their position on the power map using the drop-down menu.
    • Identify their level of support.
    • Identify resisters' reasons for resisting as: unwilling, unable, and/or unknowing.
    • Identify which committees they currently sit on, and which they will sit on in the future state.
    • Identify any key objections the stakeholder may have.

    Use the Communication Management Plan tab to:

    • Identify the vehicle/communication medium (status update, meeting, training, etc.).
    • Identify the audience for the communication.
    • Identify the purpose for communication.
    • Identify the frequency.
    • Identify who is responsible for the communication.
    • Identify how the communication will be distributed, and the level of detail.

    Right-size your investments in requirements management technology; sometimes the “suite spot” isn’t necessary

    Recording and analyzing requirements needs some kind of tool, but don’t overinvest in a dedicated suite if you can manage with a more inexpensive solution (such as Word, Excel, and/or Visio). Top-tier solutions may be necessary for an enterprise ERP deployment, but you can use a low-cost solution for low-level productivity application.

    • Many companies do things in the wrong order. Organizations need to right-size the approach that they take to recording and analyzing requirements. Taking the suite approach isn’t always better – often, inputting the requirements into Word or Excel will suffice. An RM suite won’t solve your problems by itself.
    • If you’re dealing with strategic approach or calculated approach projects, their complexity likely warrants a dedicated RM suite that can trace system dependencies. If you’re dealing with primarily elementary or fundamental approach projects, use a more basic tool.

    Your SOP guide should specify the technology platform that your analysts are expected to use for initial elicitation as well as analysis and validation. You don’t want them to use Word if you’ve invested in a full-out IBM RM solution.

    The graphic shows a pyramid shape next to an arrow, pointing up. The arrow is labelled Project Complexity. The pyramid includes three text boxes, reading (from top to bottom) Dedicated RM Suite; RM Module in PM Software; and Productivity APP (Word/Excel/Visio)

    If you need to opt for a dedicated suite, these vendors should be strong contenders in your consideration set

    Dedicated requirements management suites are a great (although pricey) way to have full control over recording, analysis, and hierarchical categorization of requirements. Consider some of the major vendors in the space if Word, Excel, and Visio aren’t suitable for you.

    • Before you purchase a full-scale suite or module for requirements management, ensure that the following contenders have been evaluated for your requirements gathering technology strategy:
      • Micro Focus Requirements Management
      • IBM Requisite Pro
      • IBM Rational DOORS
      • Blueprint Requirements Management
      • Jama Software
      • Polarion Software (a Siemens Company)

    A mid-sized consulting company overhauls its requirement gathering software to better understand stakeholder needs

    CASE STUDY

    Industry Consulting

    Source Jama Software

    Challenge

    ArcherPoint is a leading Microsoft Partner responsible for providing business solutions to its clients. Its varied customer base now requires a more sophisticated requirements gathering software.

    Its process was centered around emailing Word documents, creating versions, and merging issues. ArcherPoint recognized the need to enhance effectiveness, efficiency, and accuracy of requirements gathering through a prescriptive set of elicitation procedures.

    Solution

    The IT department at ArcherPoint recognized that a strong requirements gathering process was essential to delivering value to stakeholders. It needed more scalable and flexible requirements gathering software to enhance requirements traceability. The company implemented SaaS solutions that included traceability and seamless integration features.

    These features reduced the incidences of repetition, allowed for tracing of requirements relationships, and ultimately led to an exhaustive understanding of stakeholders’ needs.

    Results

    Projects are now vetted upon an understanding of the business client’s needs with a thorough requirements gathering collection and analysis.

    A deeper understanding of the business needs also allows ArcherPoint to better understand the roles and responsibilities of stakeholders. This allows for the implementation of structures and policies which makes the requirements gathering process rigorous.

    There are different types of requirements that need to be gathered throughout the elicitation phase

    Business Requirements

    • Higher-level statements of the goals, objectives, or needs of the enterprise.
    • Describe the reasons why a project has been initiated, the objectives that the project will achieve, and the metrics that will be used to measure its success.
    • Business requirements focus on the needs of the organization as a whole, not stakeholders within it.
    • Business requirements provide the foundation on which all further requirements analysis is based:
      • Ultimately, any detailed requirements must map to business requirements. If not, what business need does the detailed requirement fulfill?

    Stakeholder Requirements

    • Statements of the needs of a particular stakeholder or class of stakeholders, and how that stakeholder will interact with a solution.
    • Stakeholder requirements serve as a bridge between business requirements and the various classes of solution requirements.
    • When eliciting stakeholder requirements, other types of detailed requirements may be identified. Record these for future use, but keep the focus on capturing the stakeholders’ needs over detailing solution requirements.

    Solution options or preferences are not requirements. Be sure to identify these quickly to avoid being forced into untimely discussions and sub-optimal solution decisions.

    Requirement types – a quick overview (continued)

    Solution Requirements: Describe the characteristics of a solution that meet business requirements and stakeholder requirements. They are frequently divided into sub-categories, particularly when the requirements describe a software solution:

    Functional Requirements

    • Describe the behavior and information that the solution will manage. They describe capabilities the system will be able to perform in terms of behaviors or operations, i.e. specific information technology application actions or responses.
    • Functional requirements are not detailed solution specifications; rather, they are the basis from which specifications will be developed.

    Non-Functional Requirements

    • Capture conditions that do not directly relate to the behavior or functionality of the solution, but rather describe environmental conditions under which the solution must remain effective or qualities that the systems must have. These can include requirements related to capacity, speed, security, availability, and the information architecture and presentation of the user interface.
    • Non-functional requirements often represent constraints on the ultimate solution. They tend to be less negotiable than functional requirements.
    • For IT solutions, technical requirements would fit in this category.
    Info-Tech Insight

    Remember that solution requirements are distinct from solution specifications; in time, specifications will be developed from the requirements. Don’t get ahead of the process.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.2.1 Conduct current and target state analysis

    An analyst will facilitate a discussion to assess the maturity of your requirements gathering process and identify any gaps in the current state.

    1.2.2 Establish requirements gathering performance metrics

    Speak to an analyst to discuss and determine key metrics for measuring the effectiveness of your requirements gathering processes.

    1.2.4 Identify your requirements gathering business process model

    An analyst will facilitate a discussion to determine the ideal target business process flow for your requirements gathering.

    1.2.3; 1.2.5 Define control levels and match control points

    An analyst will assist you with determining the appropriate requirements gathering approach for different project levels. The discussion will highlight key control points and define stakeholders who will be involved in each one.

    1.2.6; 1.2.7 Conduct initial scoping and identify key stakeholders

    An analyst will facilitate a discussion to highlight the scope of the requirements gathering optimization project as well as identify and analyze key stakeholders in the process.

    Phase 2: Define the Elicitation Process

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Define the Elicitation Process

    Proposed Time to Completion: 2 weeks

    Step 2.1: Determine Elicitation Techniques

    Start with an analyst kick off call:

    • Understand and assess elicitation techniques.
    • Determine best fit to projects and business environment.

    Then complete these activities…

    • Understand different elicitation techniques.
    • Record the approved elicitation techniques.
    Step 2.2: Structure Elicitation Output

    Review findings with analyst:

    • Review options for structuring the output of requirements elicitation.
    • Build the requirements gathering operating model.

    Then complete these activities…

    • Build use case model.
    • Use table-top testing to build use case models.
    • Build the operating model.

    With these tools & templates:

    • Business Requirements Document Template
    • Scrum Documentation Template
    Phase 2 Results & Insights:
    • Best practices for conducting and structuring elicitation.

    Step 2.1: Determine Elicitation Techniques

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:

    • Understand requirements elicitation techniques.

    This step involves the following participants:

    • BAs
    • Business stakeholders

    Outcomes of this step

    • Select and record best-fit elicitation techniques.

    Eliciting requirements is all about effectively creating the initial shortlist of needs the business has for an application

    The image is the Requirements Gathering Framework, shown earlier. All parts of the framework are greyed-out, except for the arrow containing the word Elicit in the center of the image, with three bullet points beneath it that read: Prepare; Conduct; Confirm.

    The elicitation phase is where the BAs actually meet with project stakeholders and uncover the requirements for the application. Major tasks within this phase include stakeholder identification, selecting elicitation techniques, and conducting the elicitation sessions. This phase involves the most information gathering and therefore requires a significant amount of time to be done properly.

    Good requirements elicitation leverages a strong elicitation framework and executes the right elicitation techniques

    A mediocre requirements practitioner takes an order taker approach to elicitation: they elicit requirements by showing up to a meeting with the stakeholder and asking, “What do you want?” This approach frequently results in gaps in requirements, as most stakeholders cannot free-form spit out an accurate inventory of their needs.

    A strong requirements practitioner first decides on an elicitation framework – a mechanism to anchor the discussion about the business requirements. Info-Tech recommends using business process modelling (BPM) as the most effective framework. The BA can now work through several key questions:

    • What processes will this application need to support?
    • What does the current process look like?
    • How could we improve the process?
    • In a target state process map, what are the key functional requirements necessary to support this?

    The second key element to elicitation is using the right blend of elicitation techniques: the tactical approach used to actually collect the requirements. Interviews are the most popular means, but focus groups, JAD sessions, and observational techniques can often yield better results – faster. This section will touch on BPM/BPI as an elicitation framework, then do deep dive on different elicitation techniques.

    The elicitation phase of most enterprise application projects follows a similar four-step approach

    Prepare

    Stakeholders must be identified, and elicitation frameworks and techniques selected. Each technique requires different preparation. For example, brainstorming requires ground rules; focus groups require invitations, specific focus areas, and meeting rooms (perhaps even cameras). Look at each of these techniques and discuss how you would prepare.

    Conduct

    A good elicitor has the following underlying competencies: analytical thinking, problem solving, behavioral characteristics, business knowledge, communication skills, interaction skills, and proficiency in BA tools. In both group and individual elicitation techniques, interpersonal proficiency and strong facilitation is a must. A good BA has an intuitive sense of how to manage the flow of conversations, keep them results-oriented, and prevent stakeholder tangents or gripe sessions.

    Document

    How you document will depend on the technique you use. For example, recording and transcribing a focus group is probably a good idea, but you still need to analyze the results and determine the actual requirements. Use cases demand a software tool – without one, they become cumbersome and unwieldy. Consider how you would document the results before you choose the technique. Some analysts prefer to use solutions like OneNote or Evernote for capturing the raw initial notes, others prefer pen and paper: it’s what works best for the BA at hand.

    Confirm

    Review the documentation with your stakeholder and confirm the understanding of each requirement via active listening skills. Revise requirements as necessary. Circulating the initial notes of a requirements interview or focus group is a great practice to get into – it ensures jargon and acronyms are correctly captured, and that nothing has been lost in the initial translation.

    BPM is an extremely useful framework for framing your requirements elicitation discussions

    What is BPM? (Source: BPMInstitute.org)

    BPMs can take multiple forms, but they are created as visual process flows that depict a series of events. They can be customized at the discretion of the requirements gathering team (swim lanes, legends, etc.) based on the level of detail needed from the input.

    When to use them?

    BPMs can be used as the basis for further process improvement or re-engineering efforts for IT and applications projects. When the requirements gathering process owner needs to validate whether or not a specific step involved in the process is necessary, BPM provides the necessary breakdown.

    What’s the benefit?

    Different individuals absorb information in a variety of ways. Visual representations of a process or set of steps tend to be well received by a large sub-set of individuals, making BPMs an effective analysis technique.

    This related Info-Tech blueprint provides an extremely thorough overview of how to leverage BPM and process improvement approaches.

    Use a SIPOC table to assist with zooming into a step in a BPM to help define requirements

    Build a Sales Report
    • Salesforce
    • Daily sales results
    • Sales by product
    • Sales by account rep
    • Receive customer orders
    • Process invoices
    • GL roll-up
    • Sales by region
    • Sales by rep
    • Director of Sales
    • CEO
    • Report is accurate
    • Report is timely
    • Balance to GL
    • Automated email notification

    Source: iSixSigma

    Example: Extract requirements from a BPM for a customer service solution

    Look at an example for a claims process, and focus on the Record Claim task (event).

    Task Input Output Risks Opportunities Condition Sample Requirements
    Record Claim Customer Email Case Record
    • An agent accidentally misses the email and the case is not submitted.
    • The contents of the email are not properly ported over into the case for the claim.
    • The claim is routed to the wrong recipient within the claims department.
    • There is translation risk when the claim is entered in another language from which it is received.
    • Reduce the time to populate a customer’s claim information into the case.
    • Automate the data capture and routing.
    • Pre-population of the case with the email contents.
    • Suggested routing based on the nature of the case.
    • Multi-language support.

    Business:

    • The system requires email-to-case functionality.

    Non-Functional:

    • The cases must be supported in multiple languages.
    • Case management requires Outlook integration.

    Functional:

    • The case must support the following information:
    • Title; Customer; Subject; Case Origin; Case Type; Owner; Status; Priority
    • The system must pre-populate the claims agent based on the nature of the case.

    The image is an excerpt from a table, with the title Claims Process at the top. The top row is labelled Customer Service, and includes a textbox that reads Record Claim. The bottom row is labelled Claims, and includes a textbox that reads Manage Claim. A downward-pointing arrow connects the two textboxes.

    Identify the preferred elicitation techniques in your requirements gathering SOP: outline order of operations

    Conducting elicitation typically takes the greatest part of the requirements management process. During elicitation, the designated BA(s) should be reviewing documentation, and conducting individual and group sessions with key stakeholders.

    • When eliciting requirements, it’s critical that your designated BAs use multiple techniques; relying only on stakeholder interviews while neglecting to conduct focus groups and joint whiteboarding sessions will lead to trouble.
    • Avoid makeshift solutions by focusing on target state requirements, but don’t forget about the basic user needs. These can often be neglected because one party assumes that the other already knows about them.
    • The SOP guide should provide your BAs with a shortlist of recommended/mandated elicitation techniques based on business scenarios (examples in this section). Your SOP should also suggest the order in which BAs use the techniques for initial elicitation. Generally, document review comes first, followed by group, individual, and observational techniques.

    Elicitation is an iterative process – requirements should be refined in successive steps. If you need more information in the analysis phases, don’t be afraid to go back and conduct more elicitation.

    Understand different elicitation techniques

    2.1.1 – 1 hour

    Input
    • Elicitation techniques
    Output
    • Elicitation technique assessment
    Materials
    • Whiteboard
    • Markers
    • Paper
    Participants
    • BAs
    1. For this exercise, review the following elicitation techniques: observation, document review, surveys, focus groups, and interviews. Use the material in the next slides to brainstorm around the following questions:
      1. What types of information can the technique be used to collect?
      2. Why would you use this technique over others?
      3. How will you prepare to use the technique?
      4. How will you document the technique?
      5. Is this technique suitable for all projects?
      6. When wouldn’t you use it?
    2. Have each group present their findings from the brainstorming to the group.

    Document any changes to the elicitation techniques in section 4.0 of the Requirements Gathering SOP and BA Playbook.

    Understand different elicitation techniques – Interviews

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Structured One-on-One Interview In a structured one-on-one interview, the BA has a fixed list of questions to ask the stakeholder and follows up where necessary. Structured interviews provide the opportunity to quickly home in on areas of concern that were identified during process mapping or group elicitation techniques. They should be employed with purpose, i.e. to receive specific stakeholder feedback on proposed requirements or to help identify systemic constraints. Generally speaking, they should be 30 minutes or less. Low Medium
    Unstructured One-on-One Interview In an unstructured one-on-one interview, the BA allows the conversation to flow free form. The BA may have broad themes to touch on but does not run down a specific question list. Unstructured interviews are most useful for initial elicitation, when brainstorming a draft list of potential requirements is paramount. Unstructured interviews work best with senior stakeholders (sponsors or power users), since they can be time consuming if they’re applied to a large sample size. It’s important for BAs not to stifle open dialogue and allow the participants to speak openly. They should be 60 minutes or less. Medium Low
    Info-Tech Insight

    Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements, as well as allow effective communication around requirements at a later point (i.e. during the analysis and validation phases).

    Understand the diverse approaches for interviews

    Use a clear interview approach to guide the preparation, facilitation styles, participants, and interview schedules you manage for a specific project.

    Depending on your stakeholder audience and interview objectives, apply one or more of the following approaches to interviews.

    Interview Approaches

    • Unstructured
    • Semi-structured
    • Structured

    The Benefits of Interviews

    Fosters direct engagement

    IT is able to hear directly from stakeholders about what they are looking to do with a solution and the level of functionality that they expect from it.

    Offers greater detail

    With interviews, a greater degree of insight can be gained by leveraging information that wouldn’t be collected through traditional surveys. Face-to-face interactions provide thorough answers and context that helps inform requirements.

    Removes ambiguity

    Face-to-face interactions allow opportunities for follow-up around ambiguous answers. Clarify what stakeholders are looking for and expect in a project.

    Enables stakeholder management

    Interviews are a direct line of communication with a project stakeholder. They provide input and insight, and help to maintain alignment, plan next steps, and increase awareness within the IT organization.

    Select an interview structure based on project objectives and staff types

    Consider stakeholder types and characteristics, in conjunction with the best way to maximize time, when selecting which of the three interview structures to leverage during the elicitation phase of requirements gathering.

    Structured Interviews

    • Interviews conducted using this structure are modelled after the typical Q&A session.
    • The interviewer asks the participant a variety of closed-ended questions.
    • The participant’s response is limited to the scope of the question.

    Semi-Structured Interviews

    • The interviewer may prepare a guide, but it acts as more of an outline.
    • The goal of the interview is to foster and develop conversation.
    • Participants have the ability to answer questions on broad topics without compromising the initial guide.

    Unstructured Interviews

    • The interviewer may have a general interview guide filled with open-ended questions.
    • The objective of the questions is to promote discussion.
    • Participants may discuss broader themes and topics.

    Select the best interview approach

    Review the following questions to determine what interview structure you should utilize. If you answer the question with “Yes,” then follow the corresponding recommendations for the interview elements.

    Question Structure Type Facilitation Technique # of Participants
    Do you have to interview multiple participants at once because of time constraints? Semi-structured Discussion 1+
    Does the business or stakeholders want you to ask specific questions? Structured Q&A 1
    Have you already tried an unsuccessful survey to gather information? Semi-structured Discussion 1+
    Are you utilizing interviews to understand the area? Unstructured Discussion 1+
    Do you need to gather requirements for an immediate project? Structured Q&A 1+

    Decisions to make for interviews

    Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements and allow for effective communication around requirements during the analysis and validation stages.

    Who to engage?

    • Individuals with an understanding of the project scope, constraints and considerations, and high-level objectives.
    • Project stakeholders from across different functional units to solicit a varied set of requirement inputs.

    How to engage?

    • Approach selected interview candidate(s) with a verbal invitation to participate in the requirements gathering process for [Project X].
    • Take the initiative to book time in the candidate’s calendar. Include in your calendar invitation a description of the preparation required for the interview, the anticipated outputs, and a brief timeline agenda for the interview itself.

    How to drive participant engagement?

    • Use introductory interview questions to better familiarize yourself with the interviewee and to create an environment in which the individual feels welcome and at ease.
    • Once acclimatized, ensure that you hold the attention of the interviewee by providing further probing, yet applicable, interview questions.

    Manage each point of the interaction in the interview process

    Interviews generally follow the same workflow regardless of which structure you select. You must manage the process to ensure that the interview runs smoothly and results in an effective gathering requirements process.

    1. Prep Schedule
      • Recommended Actions
        • Send an email with a proposed date and time for the meeting.
        • Include an overview of what you will be discussing.
        • Mention if other people will be joining (if group interview).
    2. Meeting Opening
      • Recommended Actions
        • Provide context around the meeting’s purpose and primary focal points.
        • Let interviewee(s) know how long the interview will last.
        • Ask if they have any blockers that may cause the meeting to end early.
    3. Meeting Discussion
      • Recommended Actions
        • Ask questions and facilitate discussion in accordance with the structure you have selected.
        • Ensure that the meeting’s dialogue is being either recorded using written notes (if possible) or a voice recorder.
    4. Meeting Wrap-Up
      • Recommended Actions
        • Provide a summary of the big findings and what was agreed upon.
        • Outline next steps or anything else you will require from the participant.
        • Let the interviewee(s) know that you will follow up with interview notes, and will require feedback from them.
    5. Meeting Follow-Up
      • Recommended Actions
        • Send an overview of what was covered and agreed upon during the interview.
        • Show the mock-ups of your work based on the interview, and solicit feedback.
        • Give the interviewee(s) the opportunity to review your notes or recording and add value where needed.

    Solve the problem before it occurs with interview troubleshooting techniques

    The interview process may grind to a halt due to challenging situations. Below are common scenarios and corresponding troubleshooting techniques to get your interview back on track.

    Scenario Technique
    Quiet interviewee Begin all interviews by asking courteous and welcoming questions. This technique will warm the interviewee up and make them feel more comfortable. Ask prompting questions during periods of silence in the interview. Take note of the answers provided by the interviewee in your interview guide, along with observations and impact statements that occur throughout the duration of the interview process.
    Disgruntled interviewee Avoid creating a hostile environment by eliminating the interviewee’s perception that you are choosing to focus on issues that the interviewee feels will not be resolved. Ask questions to contextualize the issue. For example, ask why they feel a particular way about the issue, and determine whether they have valid concerns that you can resolve.
    Interviewee has issues articulating their answer Encourage the interviewee to use a whiteboard or pen and paper to kick start their thought process. Make sure you book a room with these resources readily available.

    Understand different elicitation techniques – Observation

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Casual Observation The process of observing stakeholders performing tasks where the stakeholders are unaware they are being observed. Capture true behavior through observation of stakeholders performing tasks without informing them they are being observed. This information can be valuable for mapping business process; however, it is difficult to isolate the core business activities from unnecessary actions. Low Medium
    Formal Observation The process of observing stakeholders performing tasks where the stakeholders are aware they are being observed. Formal observation allows BAs to isolate and study the core activities in a business process because the stakeholder is aware they are being observed. Stakeholders may become distrusting of the BA and modify their behavior if they feel their job responsibilities or job security are at risk Low Medium

    Info-Tech Insight

    Observing stakeholders does not uncover any information about the target state. Be sure to use contextual observation in conjunction with other techniques to discover the target state.

    Understand different elicitation techniques – Surveys

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Closed-Response Survey A survey that has fixed responses for each answer. A Likert-scale (or similar measures) can be used to have respondents evaluate and prioritize possible requirements. Closed response surveys can be sent to large groups and used to quickly gauge user interest in different functional areas. They are easy for users to fill out and don’t require a high investment of time. However, their main deficit is that they are likely to miss novel requirements not listed. As such, closed response surveys are best used after initial elicitation or brainstorming to validate feature groups. Low Medium
    Open-Response Survey A survey that has open-ended response fields. Questions are fixed, but respondents are free to populate the field in their own words. Open-response surveys take longer to fill out than closed, but can garner deeper insights. Open-response surveys are a useful supplement (and occasionally replacement) for group elicitation techniques, like focus groups, when you need to receive an initial list of requirements from a broad cross-section of stakeholders. Their primary shortcoming is the analyst can’t immediately follow up on interesting points. However, they are particularly useful for reaching stakeholders who are unavailable for individual one-on-ones or group meetings. Low Medium

    Info-Tech Insight

    Surveys can be useful mechanisms for initial drafting of raw requirements (open-response) and gauging user interest in proposed requirements or feature sets (closed-response). However, they should not be the sole focus of your elicitation program due to lack of interactivity and two-way dialogue with the BA.

    Be aware: Know the implications of leveraging surveys

    What are surveys?

    Surveys take a sample population’s written responses for data collection. Survey respondents can identify themselves or choose to remain anonymous. Anonymity removes the fear of repercussions for giving critical responses to sensitive topics.

    Who needs to be involved?

    Participants of a survey include the survey writer, respondent(s), and results compiler. There is a moderate amount of work that comes from both the writer and compiler, with little work involved on the end of the respondent.

    What are the benefits?

    The main benefit of surveys is their ability to reach large population groups and segments without requiring personal interaction, thus saving money. Surveys are also very responsive and can be created and modified rapidly to address needs as they arise on an on-going basis.

    When is it best to employ a survey method?

    Surveys are most valuable when completed early in the requirements gathering stage.

    Intake and Scoping → Requirements Gathering → Solution Design → Development/ Procurement → Implementation/ Deployment

    When a project is announced, develop surveys to gauge what users consider must-have, should-have, and could-have requirements.

    Use surveys to profile the demand for specific requirements.

    It is often difficult to determine if requirements are must haves or should haves. Surveys are a strong method to assist in narrowing down a wide range of requirements.

    • If all survey respondents list the same requirement, then that requirement is a must have.
    • If no participants mention a requirement, then that requirement is not likely to be important to project success.
    • If the results are scattered, it could be that the organization is unsure of what is needed.

    Are surveys worth the time and effort? Most of the time.

    Surveys can generate insights. However, there are potential barriers:

    • Well-constructed surveys are difficult to make – asking the right questions without being too long.
    • Participants may not take surveys seriously, giving non-truthful or half-hearted answers.

    Surveys should only be done if the above barriers can easily be overcome.

    Scenario: Survey used to gather potential requirements

    Scenario

    There is an unclear picture of the business needs and functional requirements for a solution.

    Survey Approach

    Use open-ended questions to allow respondents to propose requirements they see as necessary.

    Sample questions

    • What do you believe _______ (project) should include to be successful?
    • How can _______ (project) be best made for you?
    • What do you like/dislike about ________ (process that the project will address)?

    What to do with your results

    Take a step back

    If you are using surveys to elicit a large number of requirements, there is probably a lack of clear scope and vision. Focus on scope clarification. Joint development sessions are a great technique for defining your scope with SMEs.

    Moving ahead

    • Create additional surveys. Additional surveys can help narrow down the large list of requirements. This process can be reiterated until there is a manageable number of requirements.
    • Move onto interviews. Speak directly with the users to get a grasp of the importance of the requirements taken from surveys.

    Employ survey design best practices

    Proper survey design determines how valuable the responses will be. Review survey principles released by the University of Wisconsin-Madison.

    Provide context

    Include enough detail to contextualize questions to the employee’s job duties.

    Where necessary:

    • Include conditions
    • Timeline considerations
    • Additional pertinent details

    Give clear instructions

    When introducing a question identify if it should be answered by giving one answer, multiple answers, or a ranking of answers.

    Avoid IT jargon

    Ensure the survey’s language is easily understood.

    When surveying colleagues from the business use their own terms, not IT’s.

    E.g. laptops vs. hardware

    Saying “laptops” is more detailed and is a universal term.

    Use ranges

    Recommended:

    In a month your Outlook fails:

    • 1-3 times
    • 4-7 times
    • 7+ times

    Not Recommended:

    Your Outlook fails:

    • Almost never
    • Infrequently
    • Frequently
    • Almost always

    Keep surveys short

    Improve responses and maintain stakeholder interest by only including relevant questions that have corresponding actions.

    Recommended: Keep surveys to ten or less prompts.

    Scenario: Survey used to narrow down requirements

    Scenario

    There is a large list of requirements and the business is unsure of which ones to further pursue.

    Survey Approach

    Use closed-ended questions to give degrees of importance and rank requirements.

    Sample questions

    • How often do you need _____ (requirement)?
      • 1-3 times a week; 4-6 times a week; 7+ times a week
    • Given the five listed requirements below, rank each requirement in order of importance, with 1 being the most important and 5 being the least important.
    • On a scale from 1-5, how important is ________ (requirement)?
      • 1 – Not important at all; 2 – Would provide minimal benefit; 3 – Would be nice to have; 4 – Would provide substantial benefit; 5 – Crucial to success

    What to do with your results

    Determine which requirements to further explore

    Avoid simply aggregating average importance and using the highest average as the number-one priority. Group the highest average importance requirements to be further explored with other elicitation techniques.

    Moving ahead

    The group of highly important requirements needs to be further explored during interviews, joint development sessions, and rapid development sessions.

    Scenario: Survey used to discover crucial hidden requirements

    Scenario

    The business wanted a closer look into a specific process to determine if the project could be improved to better address process issues.

    Survey Approach

    Use open-ended questions to allow employees to articulate very specific details of a process.

    Sample questions

    • While doing ________ (process/activity), what part is the most frustrating to accomplish? Why?
    • Is there any part of ________ (process/activity) that you feel does not add value? Why?
    • How would you improve _________ (process/activity)?

    What to do with your results

    Set up prototyping

    Prototype a portion with the new requirement to see if it meets the user’s needs. Joint application development and rapid development sessions pair developers and users together to collaboratively build a solution.

    Next steps

    • Use interviews to begin solution mapping. Speak to SMEs and the users that the requirement would affect. Understand how to properly incorporate the discovered requirement(s) into the solution.
    • Create user stories. User stories allow developers to step into the shoes of the users. Document the user’s requirement desires and their reason for wanting it. Give those user stories to the developers.

    Explore mediums for survey delivery

    Online

    Free online surveys offer quick survey templates but may lack customization. Paid options include customizable features. Studies show that most participants find web-based surveys more appealing, as web surveys tend to have a higher rate of completion.

    Potential Services (Not a comprehensive list)

    SurveyMonkey – free and paid options

    Good Forms – free options

    Ideal for:

    • Low complexity surveys
    • High complexity surveys
    • Quick responses
    • Low cost (free survey options)

    Paper

    Paper surveys offer complete customizability. However, paper surveys take longer to distribute and record, and are also more expensive to administer.

    Ideal for:

    • Low complexity surveys
    • High complexity surveys
    • Quick responses
    • Low cost

    Internally-developed

    Internally-developed surveys can be distributed via the intranet or email. Internal surveys offer the most customization. Cost is the creator’s time, but cost can be saved on distribution versus paper and paid online surveys.

    Ideal for:

    • Low complexity surveys
    • High complexity surveys
    • Quick responses
    • Low cost (if created quickly)

    Understand different elicitation techniques – Focus Groups

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Focus Group Focus groups are sessions held between a small group (typically ten individuals or less) and an experienced facilitator who leads the conversation in a productive direction. Focus groups are highly effective for initial requirements brainstorming. The best practice is to structure them in a cross-functional manner to ensure multiple viewpoints are represented, and the conversation doesn’t become dominated by one particular individual. Facilitators must be wary of groupthink in these meetings (i.e. the tendency to converge on a single POV). Medium Medium
    Workshop Workshops are larger sessions (typically ten people or more) that are led by a facilitator, and are dependent on targeted exercises. Workshops may be occasionally decomposed into smaller group sessions. Workshops are highly versatile: they can be used for initial brainstorming, requirement prioritization, constraint identification, and business process mapping. Typically, the facilitator will use exercises or activities (such as whiteboarding, sticky note prioritization, role-playing, etc.) to get participants to share and evaluate sets of requirements. The main downside to workshops is a high time commitment from both stakeholders and the BA. Medium High

    Info-Tech Insight

    Group elicitation techniques are most useful for gathering a wide spectrum of requirements from a broad group of stakeholders. Individual or observational techniques are typically needed for further follow-up and in-depth analysis with critical power users or sponsors.

    Conduct focus groups and workshops

    There are two specific types of group interviews that can be utilized to elicit requirements: focus groups and workshops. Understand each type’s strengths and weaknesses to determine which is better to use in certain situations.

    Focus Groups Workshops
    Description
    • Small groups are encouraged to speak openly about topics with guidance from a facilitator.
    • Larger groups are led by a facilitator to complete target exercises that promote hands-on learning.
    Strengths
    • Highly effective for initial requirements brainstorming.
    • Insights can be explored in depth.
    • Any part of the requirements gathering process can be done in a workshop.
    • Use of activities can increase the learning beyond simple discussions.
    Weaknesses
    • Loudest voice in the room can induce groupthink.
    • Discussion can easily veer off topic.
    • Extremely difficult to bring together such a large group for extended periods of time.
    Facilitation Guidance
    • Make sure the group is structured in a cross-functional manner to ensure multiple viewpoints are represented.
    • If the group is too large, break the members into smaller groups. Try putting together members who would not usually interact.

    Solution mapping and joint review sessions should be used for high-touch, high-rigor BPM-centric projects

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Solution Mapping Session A one-on-one session to outline business processes. BPM methods are used to write possible target states for the solution on a whiteboard and to engineer requirements based on steps in the model. Solution mapping should be done with technically savvy stakeholders with a firm understanding of BPM methodologies and nomenclature. Generally, this type of elicitation method should be done with stakeholders who participated in tier one elicitation techniques who can assist with reverse-engineering business models into requirement lists. Medium Medium
    Joint Requirements Review Session This elicitation method is sometimes used as a last step prior to moving to formal requirements analysis. During the review session, the rough list of requirements is vetted and confirmed with stakeholders. A one-on-one (or small group) requirements review session gives your BAs the opportunity to ensure that what was recorded/transcribed during previous one-on-ones (or group elicitation sessions) is materially accurate and representative of the intent of the stakeholder. This elicitation step allows you to do a preliminary clean up of the requirements list before entering the formal analysis phase. Low Low

    Info-Tech Insight

    Solution mapping and joint requirements review sessions are more advanced elicitation techniques that should be employed after preliminary techniques have been utilized. They should be reserved for technically sophisticated, high-value stakeholders.

    Interactive whiteboarding and joint development sessions should be leveraged for high-rigor BPM-based projects

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Interactive White- boarding A group session where either a) requirements are converted to BPM diagrams and process flows, or b) these flows are reverse engineered to distil requirement sets. While the focus of workshops and focus groups is more on direct requirements elicitation, interactive whiteboarding sessions are used to assist with creating initial solution maps (or reverse engineering proposed solutions into requirements). By bringing stakeholders into the process, the BA benefits from a greater depth of experience and access to SMEs. Medium Medium
    Joint Application Development (JAD) JAD sessions pair end-user teams together with developers (and BA facilitators) to collect requirements and begin mapping and developing prototypes directly on the spot. JAD sessions fit well with organizations that use Agile processes. They are particularly useful when the overall project scope is ambiguous; they can be used for project scoping, requirements definition, and initial prototyping. JAD techniques are heavily dependent on having SMEs in the room – they should preference knowledge power users over the “rank and file.” High High

    Info-Tech Insight

    Interactive whiteboarding should be heavily BPM-centric, creating models that link requirements to specific workflow activities. Joint development sessions are time-consuming but create greater cohesion and understanding between BAs, developers, and SMEs.

    Rapid application development sessions add some Agile aspects to requirements elicitation

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Rapid Application Development A form of prototyping, RAD sessions are akin to joint development sessions but with greater emphasis on back-and-forth mock-ups of the proposed solution. RAD sessions are highly iterative – requirements are gathered in sessions, developers create prototypes offline, and the results are validated by stakeholders in the next meeting. This approach should only be employed in highly Agile-centric environments. High High

    For more information specific to using the Agile development methodology, refer to the project blueprint Implement Agile Practices That Work.

    The role of the BA differs with an Agile approach to requirements gathering. A traditional BA is a subset of the Agile BA, who typically serves as product owner. Agile BAs have elevated responsibilities that include bridging communication between stakeholders and developers, prioritizing and detailing the requirements, and testing solutions.

    Overview of JAD and RDS techniques (Part 1)

    Use the following slides to gain a thorough understanding of both JAD and rapid development sessions (RDS) to decide which fits your project best.

    Joint Application Development Rapid Development Sessions
    Description JAD pairs end users and developers with a facilitator to collect requirements and begin solution mapping to create an initial prototype. RDS is an advanced approach to JAD. After an initial meeting, prototypes are developed and validated by stakeholders. Improvements are suggested by stakeholders and another prototype is created. This process is iterated until a complete solution is created.
    Who is involved? End users, SMEs, developers, and a facilitator (you).
    Who should use this technique? JAD is best employed in an Agile organization. Agile organizations can take advantage of the high amount of collaboration involved. RDS requires a more Agile organization that can effectively and efficiently handle impromptu meetings to improve iterations.
    Time/effort versus value JAD is a time/effort-intensive activity, requiring different parties at the same time. However, the value is well worth it. JAD provides clarity for the project’s scope, justifies the requirements gathered, and could result in an initial prototype. RDS is even more time/effort intensive than JAD. While it is more resource intensive, the reward is a more quickly developed full solution that is more customized with fewer bugs.

    Overview of JAD and RDS techniques (Part 2)

    Joint Application Development

    Timeline

    Projects that use JAD should not expect dramatically quicker solution development. JAD is a thorough look at the elicitation process to make sure that the right requirements are found for the final solution’s needs. If done well, JAD eliminates rework.

    Engagement

    Employees vary in their project engagement. Certain employees leverage JAD because they care about the solution. Others are asked for their expertise (SMEs) or because they perform the process often and understand it well.

    Implications

    JAD’s thorough process guarantees that requirements gathering is done well.

    • All requirements map back to the scope.
    • SMEs are consulted throughout the duration of the process.
    • Prototyping is only done after final solution mapping is complete.

    Rapid Development Sessions

    Timeline

    Projects that use RDS can either expect quicker or slower requirements gathering depending on the quality of iteration. If each iteration solves a requirement issue, then one can expect that the solution will be developed fairly rapidly. If the iterations fail to meet requirements the process will be quite lengthy.

    Engagement

    Employees doing RDS are typically very engaged in the project and play a large role in helping to create the solution.

    Implications

    RDS success is tied to the organization’s ability to collaborate. Strong collaboration will lead to:

    • Fewer bugs as they are eliminated in each iteration.
    • A solution that is highly customized to meet the user’s needs.

    Poor collaboration will lead to RDS losing its full value.

    When is it best to use JAD?

    JAD is best employed in an Agile organization for application development and selection. This technique best serves relatively complicated, large-scale projects that require rapid or sequential iterations on a prototype or solution as a part of requirements gathering elicitation. JAD effectuates each step in the elicitation process well, from initial elicitation to narrowing down requirements.

    When tackling a project type you’ve never attempted

    Most requirement gathering professionals will use their experience with project type standards to establish key requirements. Avoid only relying on standards when tackling a new project type. Apply JAD’s structured approach to a new project type to be thorough during the elicitation phase.

    In tandem with other elicitation techniques

    While JAD is an overarching requirements elicitation technique, it should not be the only one used. Combine the strengths of other elicitation techniques for the best results.

    When is it best to use RDS?

    RDS is best utilized when one, but preferably both, of the below criteria is met.

    When the scope of the project is small to medium sized

    RDS’ strengths lie in being able to tailor-make certain aspects of the solution. If the solution is too large, tailor-made sections are impossible as multiple user groups have different needs or there is insufficient resources. When a project is small to medium sized, developers can take the time to custom make sections for a specific user group.

    When most development resources are readily available

    RDS requires developers spending a large amount of time with users, leaving less time for development. Having developers at the ready to take on users’ improvement maintains the effectiveness of RDS. If the same developer who speaks to users develops the entire iteration, the process would be slowed down dramatically, losing effectiveness.

    Techniques to compliment JAD/RDS

    1. Unstructured conversations

    JAD relies on unstructured conversations to clarify scope, gain insights, and discuss prototyping. However, a structure must exist to guarantee that all topics are discussed and meetings are not wasted.

    2. Solution mapping and interactive white-boarding

    JAD often involves visually illustrating how high-level concepts connect as well as prototypes. Use solution mapping and interactive whiteboarding to help users and participants better understand the solution.

    3. Focus groups

    Having a group development session provides all the benefits of focus groups while reducing time spent in the typically time-intensive JAD process.

    Plan how you will execute JAD

    Before the meeting

    1. Prepare for the meeting

    Email all parties a meeting overview of topics that will be discussed.

    During the meeting

    2. Discussion

    • Facilitate the conversation according to what is needed (e.g. skip scope clarification if it is already well defined).
    • Leverage solution mapping and other visual aids to appeal to all users.
    • Confirm with SMEs that requirements will meet the users’ needs.
    • Discuss initial prototyping.

    After the meeting

    3. Wrap-up

    • Provide a key findings summary and set of agreements.
    • Outline next steps for all parties.

    4. Follow-up

    • Send the mock-up of any agreed upon prototype(s).
    • Schedule future meetings to continue prototyping.

    JAD provides a detail-oriented view into the elicitation process. As a facilitator, take detailed notes to maximize the outputs of JAD.

    Plan how you will execute RDS

    Before the meeting

    1. Prepare for the meeting

    • Email all parties a meeting overview.
    • Ask employees and developers to bring their vision of the solution, regardless of its level of detail.

    During the meeting

    2. Hold the discussion

    • Facilitate the conversation according to what is needed (e.g. skip scope clarification if already well defined).
    • Have both parties explain their visions for the solution.
    • Talk about initial prototype and current iteration.

    After the meeting

    3. Wrap-up

    • Provide a key findings summary and agreements.
    • Outline next steps for all parties.

    4. Follow-up

    • Send the mock-up of any agreed upon prototype(s).
    • Schedule future meeting to continue prototyping.

    RDS is best done in quick succession. Keep in constant contact with both employees and developers to maintain positive momentum from a successful iteration improvement.

    Develop a tailored facilitation guide for JAD and RDS

    JAD/RDS are both collaborative activities, and as with all group activities, issues are bound to arise. Be proactive and resolve issues using the following guidelines.

    Scenario Technique
    Employee and developer visions for the solution don’t match up Focus on what both solutions have in common first to dissolve any tension. Next, understand the reason why both parties have differences. Was it a difference in assumptions? Difference in what is a requirement? Once the answer has been determined, work on bridging the gaps. If there is no resolution, appoint a credible authority (or yourself) to become the final decision maker.
    Employee has difficulty understanding the technical aspect of the developer’s solution Translate the developer’s technical terms into a language that the employee understands. Encourage the employee to ask questions to further their understanding.
    Employee was told that their requirement or proposed solution is not feasible Have a high-level member of the development team explain how the requirement/solution is not feasible. If it’s possible, tell the employee that the requirement can be done in a future release and keep them updated.

    Harvest documentation from past projects to uncover reusable requirements

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Legacy System Manuals The process of reviewing documentation and manuals associated with legacy systems to identify constraints and exact requirements for reuse. Reviewing legacy systems and accompanying documentation is an excellent way to gain a preliminary understanding of the requirements for the upcoming application. Be careful not to overly rely on requirements from legacy systems; if legacy systems have a feature set up one way, this does not mean it should be set up the same way on the upcoming application. If an upcoming application must interact with other systems, it is ideal to understand the integration points early. None High
    Historical Projects The process of reviewing documentation from historical projects to extract reusable requirements. Previous project documentation can be a great source of information and historical lessons learned. Unfortunately, historical projects may not be well documented. Historical mining can save a great deal of time; however, the fact that it was done historically does not mean that it was done properly. None High

    Info-Tech Insight

    Document mining is a laborious process, and as the term “mining” suggests the yield will vary. Regardless of the outcome, document mining must be performed and should be viewed as an investment in the requirements gathering process.

    Extract internal and external constraints from business rules, policies, and glossaries

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Rules The process of extracting business logic from pre-existing business rules (e.g. explicit or implied workflows). Stakeholders may not be fully aware of all of the business rules or the underlying rationale for the rules. Unfortunately, business rule documents can be lengthy and the number of rules relevant to the project will vary. None High
    Glossary The process of extracting terminology and definitions from glossaries. Terminology and definitions do not directly lead to the generation of requirements. However, reviewing glossaries will allow BAs to better understand domain SMEs and interpret their requirements. None High
    Policy The process of extracting business logic from business policy documents (e.g. security policy and acceptable use). Stakeholders may not be fully aware of the different policies or the underlying rationale for why they were created. Going directly to the source is an excellent way to identify constraints and requirements. Unfortunately, policies can be lengthy and the number of items relevant to the project will vary. None High

    Info-Tech Insight

    Document mining should be the first type of elicitation activity that is conducted because it allows the BA to become familiar with organizational terminology and processes. As a result, the stakeholder facing elicitation sessions will be more productive.

    Review the different types of formal documentation (Part 1)

    1. Glossary

    Extract terminology and definitions from glossaries. A glossary is an excellent source to understand the terminology that SMEs will use.

    2. Policy

    Pull business logic from policy documents (e.g. security policy and acceptable use). Policies generally have mandatory requirements for projects, such as standard compliance requirements.

    3. Rules

    Review and reuse business logic that comes from pre-existing rules (e.g. explicit or implied workflows). Like policies, rules often have mandatory requirements or at least will require significant change for something to no longer be a requirement.

    Review the different types of formal documentation (Part 2)

    4. Legacy System

    Review documents and manuals of legacy systems, and identify reusable constraints and requirements. Benefits include:

    • Gain a preliminary understanding of general organizational requirements.
    • Ease of solution integration with the legacy system if needed.

    Remember to not use all of the basic requirements of a legacy system. Always strive to find a better, more productive solution.

    5. Historical Projects

    Review documents from historical projects to extract reusable requirements. Lessons learned from the company’s previous projects are more applicable than case studies. While historical projects can be of great use, consider that previous projects may not be well documented.

    Drive business alignment as an output from documentation review

    Project managers frequently state that aligning projects to the business goals is a key objective of effective project management; however, it is rarely carried out throughout the project itself. This gap is often due to a lack of understanding around how to create true alignment between individual projects and the business needs.

    Use company-released statements and reports

    Extract business wants and needs from official statements and reports (e.g. press releases, yearly reports). Statements and reports outline where the organization wants to go which helps to unearth relevant project requirements.

    Ask yourself, does the project align to the business?

    Documented requirements should always align with the scope of the project and the business objectives. Refer back frequently to your set of gathered requirements to check if they are properly aligned and ensure the project is not veering away from the original scope and business objectives.

    Don’t just read for the sake of reading

    The largest problem with documentation review is that requirements gathering professionals do it for the sake of saying they did it. As a result, projects often go off course due to not aligning to business objectives following the review sessions.

    • When reading a document, take notes to avoid projects going over time and budget and business dissatisfaction. Document your notes and schedule time to review the set of complete notes with your team following the individual documentation review.

    Select elicitation techniques that match the elicitation scenario

    There is a time and place for each technique. Don’t become too reliant on the same ones. Diversify your approach based on the elicitation goal.

    A chart showing Elicitation Scenarios and Techniques, with each marked for their efficacy.

    This table shows the relative strengths and weaknesses of each elicitation technique compared against the five basic elicitation scenarios.

    A typical project will encounter most of the elicitation scenarios. Therefore, it is important to utilize a healthy mix of techniques to optimize effectiveness.

    Very Strong = Very Effective

    Strong = Effective

    Medium = Somewhat Effective

    Weak = Minimally Effective

    Very Weak = Not Effective

    Record the approved elicitation techniques that your BAs should use

    2.1.2 – 30 minutes

    Input
    • Approved elicitation techniques
    Output
    • Execution procedure
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders
    • BAs

    Record the approved elicitation methods and best practices for each technique in the SOP.

    Identify which techniques should be utilized with the different stakeholder classes.

    Segment the different techniques based by project complexity level.

    Use the following chart to record the approved techniques.

    Stakeholder L1 Projects L2 Projects L3 Projects L4 Projects
    Senior Management Structured Interviews
    Project Sponsor Unstructured Interviews
    SME (Business) Focus Groups Unstructured Interviews
    Functional Manager Focus Groups Structured Interviews
    End Users Surveys; Focus Groups; Follow-Up Interviews; Observational Techniques

    Document the output from this exercise in section 4.0 of the Requirements Gathering SOP and BA Playbook.

    Confirm initial elicitation notes with stakeholders

    Open lines of communication with stakeholders and keep them involved in the requirements gathering process; confirm the initial elicitation before proceeding.

    Confirming the notes from the elicitation session with stakeholders will result in three benefits:

    1. Simple miscommunications can compound and result in costly rework if they aren’t caught early. Providing stakeholders with a copy of notes from the elicitation session will eliminate issues before they manifest themselves in the project.
    2. Stakeholders often require an absorption period after elicitation sessions to reflect on the meeting. Following up with stakeholders gives them an opportunity to clarify, enhance, or change their responses.
    3. Stakeholders will become disinterested in the project (and potentially the finished application) if their involvement in the project ends after elicitation. Confirming the notes from elicitation keeps them involved in the process and transitions stakeholders into the analysis phase.

    This is the Confirm stage of the Confirm, Verify, Approve process.

    “Are these notes accurate and complete?”

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 Understand the different elicitation techniques

    An analyst will walk you through the different elicitation techniques including observations, document reviews, surveys, focus groups, and interviews, and highlight the level of effort required for each.

    2.1.2 Select and record the approved elicitation techniques

    An analyst will facilitate the discussion to determine which techniques should be utilized with the different stakeholder classes.

    Step 2.2: Structure Elicitation Output

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Build use-case models.
    • Practice using elicitation techniques with business stakeholders to build use-case models.
    • Practice leveraging user stories to convey requirements.
    This step involves the following participants:
    • BAs
    • Business stakeholders
    Outcomes of this step
    • Understand the value of use-case models for requirements gathering.
    • Practice different techniques for building use-case models with stakeholders.

    Record and capture requirements in solution-oriented formats

    Unstructured notes for each requirement are difficult to manage and create ambiguity. Using solution-oriented formats during elicitation sessions ensures that the content can be digested by IT and business users.

    This table shows common solution-oriented formats for recording requirements. Determine which formats the development team and BAs are comfortable using and create a list of acceptable formats to use in projects.

    Format Description Examples
    Behavior Diagrams These diagrams describe what must happen in the system. Business Process Models, Swim Lane Diagram, Use Case Diagram
    Interaction Diagrams These diagrams describe the flow and control of data within a system. Sequence Diagrams, Entity Diagrams
    Stories These text-based representations take the perspective of a user and describe the activities and benefits of a process. Scenarios, User Stories

    Info-Tech Insight

    Business process modeling is an excellent way to visually represent intricate processes for both IT and business users. For complex projects with high business significance, business process modeling is the best way to capture requirements and create transformational gains.

    Use cases give projects direction and guidance from the business perspective

    Use Case Creation Process

    Define Use Cases for Each Stakeholder

    • Each stakeholder may have different uses for the same solution. Identify all possible use cases attributed to the stakeholders.
    • All use cases are possible test case scenarios.

    Define Applications for Each Use Case

    • Applications are the engines behind the use cases. Defining the applications to satisfy use cases will pinpoint the areas where development or procurement is necessary.

    Consider the following guidelines:

    1. Don’t involve systems in the use cases. Use cases just identify the key end-user interaction points that the proposed solution is supposed to cover.
    2. Some use cases are dependent on other use cases or multiple stakeholders may be involved in a single use case. Depending on the availability of these use cases, they can either be all identified up front (Waterfall) or created at various iterations (Agile).
    3. Consider the enterprise architecture perspective. Existing enterprise architecture designs can provide a foundation of current requirement mappings and system structure. Reuse these resources to reduce efforts.
    4. Avoid developing use cases in isolation. Reusability is key in reducing designing efforts. By involving multiple departments, requirement clashes can be avoided and the likelihood of reusability increases.

    Develop practical use cases to help drive the development effort in the right direction

    Evaluating the practicality and likelihood of use cases is just as important as developing them.

    Use cases can conflict with each other. In certain situations, specific requirements of these use cases may clash with one another even though they are functionally sound. Evaluate use-case requirements and determine how they satisfy the overall business need.

    Use cases are not necessarily isolated; they can be nested. Certain functionalities are dependent on the results of another action, often in a hierarchical fashion. By mapping out the expected workflows, BAs can determine the most appropriate way to implement.

    Use cases can be functionally implemented in many ways. There could be multiple ways to accomplish the same use case. Each of these needs to be documented so that functional testing and user documentation can be based on them.

    Nested Use Case Examples:

    Log Into Account ← Depends on (Nested) Ordering Products Online
    Enter username and password Complete order form
    Verify user is a real person Process order
    Send user forgotten password message Check user’s account
    Send order confirmation to user

    Build a use-case model

    2.2.1 – 45 minutes

    Input
    • Sub processes
    Output
    • Use case model
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders
    • BAs
    Demonstrate how to use elicitation techniques to build use cases for the project.
    1. Identify a sub-process to build the use-case model. Begin the exercise by giving a brief description of the purpose of the meeting.
    2. For each stakeholder, draw a stick figure on the board. Pose the question “If you need to do X, what is your first step?” Go through the process until the end goal and draw each step. Ensure that you capture triggers, causes, decision points, outcomes, tools, and interactions.
    3. Starting at the beginning of the diagram, go through each step again and check with stakeholders if the step can be broken down into more granular steps.
    4. Ask the stakeholder if there are any alternative flows that people use, or any exceptions to process steps. If there are, map these out on the board.
    5. Go back through each step and ask the stakeholder where the current process is causing them grief, and where modification should be made.
    6. Record this information in the Business Requirements Document Template.

    Build a use-case model

    2.2.1

    Example: Generate Letters

    Inspector: Log into system → Search for case → Identify recipient → Determine letter type → Print letter

    Admin: Receive letter from inspector → Package and mail letter

    Citizen: Receive letter from inspector

    Understand user stories and profiles

    What are they?

    User stories describe what requirement a user wants in the solution and why they want it. The end goal of a user story is to create a simple description of a requirement for developers.

    When to use them

    User stories should always be used in requirements gathering. User stories should be collected throughout the elicitation process. Try to recapture user stories as new project information is released to capture any changes in end-customer needs.

    What’s the benefit?

    User stories help capture target users, customers, and stakeholders. They also create a “face” for individual user requirements by providing user context. This detail enables IT leaders to associate goals and end objectives with each persona.

    Takeaway

    To better understand the characteristics driving user requirements, begin to map objectives to separate user personas that represent each of the project stakeholders.

    Are user stories worth the time and effort?

    Absolutely.

    A user’s wants and needs serve as a constant reminder to developers. Developers can use this information to focus on how a solution needs to accomplish a goal instead of only focusing on what goals need to be completed.

    Create customized user stories to guide or structure your elicitation output

    Instructions

    1. During surveys, interviews, and development sessions, ask participants the following questions:
      • What do you want from the solution?
      • Why do you want that?
    2. Separate the answer into an “I want to” and “So that” format.
      • For users who give multiple “I want to” and “So that” statements, separate them into their respective pairs.
    3. Place each story on a small card that can easily be given to developers.
    As a I want to So that Size Priority
    Developer Learn network and system constraints The churn between Operations and I will be reduced. 1 point Low

    Team member

    Increase the number of demonstrations I can achieve greater alignment with business stakeholders. 3 points High
    Product owner Implement a user story prioritization technique I can delegate stories in my product backlog to multiple Agile teams. 3 points Medium

    How to make an effective and compelling user story

    Keep your user stories short and impactful to ensure that they retain their impact.

    Follow a simple formula:

    As a [stakeholder title], I want to [one requirement] so that [reason for wanting that requirement].

    Use this template for all user stories. Other formats will undermine the point of a user story. Multiple requirements from a single user must be made into multiple stories and given to the appropriate developer. User stories should fit onto a sticky note or small card.

    Example

    As an: I want to: So that:
    Administrator Integrate with Excel File transfer won’t possibly lose information
    X Administrator Integrate with Excel and Word File transfer won’t possibly lose information

    While the difference between the two may be small, it would still undermine the effectiveness of a user story. Different developers may work on the integration of Excel or Word and may not receive this user story.

    Assign user stories a size and priority level

    Designate a size to user stories

    Size is an estimate of how many resources must be dedicated to accomplish the want. Assign a size to each user story to help determine resource allocation.

    Assign business priority to user stories

    Based on how important the requirement is to project success, assign each user story a rating of high, medium, or low. The priority given will dictate which requirements are completed first.

    Example:

    Scope: Design software to simplify financial reporting

    User Story Estimated Size Priority
    As an administrator, I want to integrate with Excel so that file transfer won’t possibly lose information. Low High
    As an administrator, I want to simplify graph construction so that I can more easily display information for stakeholders. High Medium

    Combine both size and priority to decide resource allocation. Low-size, high-priority tasks should always be done first.

    Group similar user stories together to create greater impact

    Group user stories that have the same requirement

    When collecting user stories, many will be centered around the same requirement. Group similar user stories together to show the need for that requirement’s inclusion in the solution.

    Even if it isn’t a must-have requirement, if the number of similar user stories is high enough, it would become the most important should-have requirement.

    Group together user stories such as these:
    As an I want So that
    Administrator To be able to create bar graphs Information can be more easily illustrated
    Accountant To be able to make pie charts Budget information can be visually represented

    Both user stories are about creating charts and would be developed similarly.

    Leave these user stories separate
    As an I want So that
    Administrator The program to auto-save Information won’t be lost during power outages
    Accountant To be able to save to SharePoint My colleagues can easily view and edit my work

    While both stories are about saving documents, the development of each feature is vastly different.

    Create customized user profiles

    User profiles are a way of grouping users based on a significant shared details (e.g. in the finance department, website user).

    Go beyond the user profile

    When creating the profile, consider more than the group’s name. Ask yourself the following questions:

    • What level of knowledge and expertise does this user profile have with this type of software?
    • How much will this user profile interact with the solution?
    • What degree of dependency will this user profile have on the solution?

    For example, if a user profile has low expertise but interacts and depends heavily on the program, a more thorough tutorial of the FAQ section is needed.

    Profiles put developers in user’s shoes

    Grouping users together helps developers put a face to the name. Developers can then more easily empathize with users and develop an end solution that is directly catered to their needs.

    Leverage group activities to break down user-story sizing techniques

    Work in groups to run through the following story-sizing activities.

    Planning Poker: This approach uses the Delphi method where members estimate the size of each user story by revealing numbered cards. These estimates are then discussed and agreed upon as a group.

    • Planning poker generates discussion about variances in estimates but dominant personalities may lead to biased results or groupthink.

    Team Sort: This approach can assist in expediting estimation when you are handling numerous user stories.

    • Bucket your user stories into sizes (e.g. extra-small, small, medium, large, and extra-large) based on an acceptable benchmark that may change from project to project.
    • Collaborate as a team to conclude the final size.
    • Next, translate these sizes into points.

    The graphic shows the two activities described, Planning Poker and Team Sort. In the Planning Poker image, 3 sets of cards are shown, with the numbers 13, 5, and 1 on the top of each set. At the bottom of the image are 7 cards, labelled with: 1, 2, 3, 5, 8, 13, 21. In the Team Sort section, there is an arrow pointing in both directions, representing a spectrum from XS to XL. Each size is assigned a point value: XS is 1; S is 3; M is 5; L is 10; and XL is 20. Cards with User Story # written on them are arranged along the spectrum.

    Create a product backlog to communicate business needs to development teams

    Use the product backlog to capture expected work and create a roadmap for the project by showing what requirements need to be delivered.

    How is the product owner involved?

    • The product owner is responsible for keeping in close contact with the end customer and making the appropriate changes to the product backlog as new ideas, insights, and impediments arise.
    • The product owner should have good communication with the team to make accurate changes to the product backlog depending on technical difficulties and needs for clarification.

    How do I create a product backlog?

    • Write requirements in user stories. Use the format: “As a (user role), I want (function) so that (benefit).” Identify end users and understand their needs.
    • Assign each requirement a priority. Decide which requirements are the most important to deliver. Ask yourself, “Which user story will create the most value?”

    What are the approaches to generate my backlog?

    • Team Brainstorming – The product owner, team, and scrum master work together to write and prioritize user stories in a single or a series of meetings.
    • Business Case – The product owner translates business cases into user stories as per the definition of “development ready.”

    Epics and Themes

    As you begin to take on larger projects, it may be advantageous to organize and group your user stories to simplify your release plan:

    • Epics are collections of similar user stories and are used to describe significant and large development initiatives.
    • Themes are collections of similar epics and are normally used to define high-level business objectives.

    To avoid confusion, the pilot product backlog will be solely composed of user stories.

    Example:

    Theme: Increase user exposure to corporate services through mobile devices
    Epic: Access corporate services through a mobile application Epic: Access corporate services through mobile website
    User Story: As a user, I want to find the closest office so that I can minimize travel time As a user, I want to find the closest office so that I can minimize travel time User Story: As a user, I want to submit a complaint so that I can improve company processes

    Simulate product backlog creation

    Overview

    Leverage Info-Tech’s Scrum Documentation Template, using the Backlog and Planning tab, to help walk you through this activity.

    Instructions

    1. Have your product owner describe the business objectives of the pilot project.
    2. Write the key business requirements as user stories.
    3. Based on your business value drivers, identify the business value of your user stories (high, medium, low).
    4. Have your team review the user stories and question the story’s value, priority, goal, and meaning.
    5. Break down the user stories if the feature or business goal is unclear or too large.
    6. Document the perceived business value of each user story, as well as the priority, goal, and meaning.

    Examples:

    As a citizen, I want to know about road construction so that I can save time when driving. Business Value: High

    As a customer, I want to find the nearest government office so that I can register for benefits. Business Value: Medium

    As a voter, I want to know what each candidate believes in so that I can make an informed decision. Business Value: High

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.2.1 Build use-case models

    An analyst will assist in demonstrating how to use elicitation techniques to build use-case models. The analyst will walk you through the table testing to visually map out and design process flows for each use case.

    Phase 3: Analyze and Validate Requirements

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Analyze and Validate Requirements

    Proposed Time to Completion: 1 week
    Step 3.1: Create Analysis Framework

    Start with an analyst kick off call:

    • Create policies for requirements categorization and prioritization.

    Then complete these activities…

    • Create functional requirements categories.
    • Consolidate similar requirements and eliminate redundancies.
    • Prioritize requirements.

    With these tools & templates:

    • Requirements Gathering Documentation Tool
    Step 3.2: Validate Business Requirements

    Review findings with analyst:

    • Establish best practices for validating the BRD with project stakeholders.

    Then complete these activities…

    • Right-size the BRD.
    • Present the BRD to business stakeholders.
    • Translate business requirements into technical requirements.
    • Identify testing opportunities.

    With these tools & templates:

    • Business Requirements Document Template
    • Requirements Gathering Testing Checklist

    Phase 3 Results & Insights:

    • Standardized frameworks for analysis and validation of business requirements

    Step 3.1: Create Analysis Framework

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Categorize requirements.
    • Eliminate redundant requirements.
    This step involves the following participants:
    • BAs
    Outcomes of this step
    • Prioritized requirements list.

    Analyze requirements to de-duplicate them, consolidate them – and most importantly – prioritize them!

    he image is the Requirements Gathering Framework, shown earlier. All parts of the framework are greyed-out, except for the arrow containing the word Analyze in the center of the image, with three bullet points beneath it that read: Organize; Prioritize; Verify

    The analysis phase is where requirements are compiled, categorized, and prioritized to make managing large volumes easier. Many organizations prematurely celebrate being finished the elicitation phase and do not perform adequate diligence in this phase; however, the analysis phase is crucial for a smooth transition into validation and application development or procurement.

    Categorize requirements to identify and highlight requirement relationships and dependencies

    Eliciting requirements is an important step in the process, but turning endless pages of notes into something meaningful to all stakeholders is the major challenge.

    Begin the analysis phase by categorizing requirements to make locating, reconciling, and managing them much easier. There are often complex relationships and dependencies among requirements that do not get noted or emphasized to the development team and as a result get overlooked.

    Typically, requirements are classified as functional and non-functional at the high level. Functional requirements specify WHAT the system or component needs to do and non-functional requirements explain HOW the system must behave.

    Examples

    Functional Requirement: The application must produce a sales report at the end of the month.

    Non-Functional Requirement: The report must be available within one minute after midnight (EST) of the last day of the month. The report will be available for five years after the report is produced. All numbers in the report will be displayed to two decimal places.

    Categorize requirements to identify and highlight requirement relationships and dependencies

    Further sub-categorization of requirements is necessary to realize the full benefit of categorization. Proficient BAs will even work backwards from the categories to drive the elicitation sessions. The categories used will depend on the type of project, but for categorizing non-functional requirements, the Volere Requirements Resources has created an exhaustive list of sub-categories.

    Requirements Category Elements

    Example

    Look & Feel Appearance, Style

    User Experience

    Usability & Humanity Ease of Use, Personalization, Internationalization, Learning, Understandability, Accessibility Language Support
    Performance Speed, Latency, Safety, Precision, Reliability, Availability, Robustness, Capacity, Scalability, Longevity Bandwidth
    Operational & Environmental Expected Physical Environment, Interfacing With Adjacent Systems, Productization, Release Heating and Cooling
    Maintainability & Support Maintenance, Supportability, Adaptability Warranty SLAs

    Security

    Access, Integrity, Privacy, Audit, Immunity Intrusion Prevention
    Cultural & Political Global Differentiation Different Statutory Holidays
    Legal Compliance, Standards Hosting Regulations

    What constitutes good requirements

    Complete – Expressed a whole idea or statement.

    Correct – Technically and legally possible.

    Clear – Unambiguous and not confusing.

    Verifiable – It can be determined that the system meets the requirement.

    Necessary – Should support one of the project goals.

    Feasible – Can be accomplished within cost and schedule.

    Prioritized – Tracked according to business need levels.

    Consistent – Not in conflict with other requirements.

    Traceable – Uniquely identified and tracked.

    Modular – Can be changed without excessive impact.

    Design-independent – Does not pose specific solutions on design.

    Create functional requirement categories

    3.1.1 – 1 hour

    Input
    • Activity 2.2.1
    Output
    • Requirements categories
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs
    Practice the techniques for categorizing requirements.
    1. Divide the list of requirements that were elicited for the identified sub-process in exercise 2.2.1 among smaller groups.
    2. Have groups write the requirements on red, yellow, or green sticky notes, depending on the stakeholder’s level of influence.
    3. Along the top of the whiteboard, write the eight requirements categories, and have each group place the sticky notes under the category where they believe they should fit.
    4. Once each group has posted the requirements, review the board and discuss any requirements that should be placed in another category.

    Document any changes to the requirements categories in section 5.1 of the Requirements Gathering SOP and BA Playbook.

    Create functional requirement categories

    The image depicts a whiteboard with different colored post-it notes grouped into the following categories: Look & Feel; Usability & Humanity; Legal; Maintainability & Support; Operational & Environmental; Security; Cultural & Political; and Performance.

    Consolidate similar requirements and eliminate redundancies

    Clean up requirements and make everyone’s life simpler!

    After elicitation, it is very common for an organization to end up with redundant, complementary, and conflicting requirements. Consolidation will make managing a large volume of requirements much easier.

    Redundant Requirements Owner Priority
    1. The application shall feed employee information into the payroll system. Payroll High
    2. The application shall feed employee information into the payroll system. HR Low
    Result The application shall feed employee information into the payroll system. Payroll & HR High
    Complementary Requirements Owner Priority
    1. The application shall export reports in XLS and PDF format. Marketing High
    2. The application shall export reports in CSV and PDF format. Finance High
    Result The application shall export reports in XLS, CSV, and PDF format. Marketing & Finance High

    Info-Tech Insight

    When collapsing redundant or complementary requirements, it is imperative that the ownership and priority metadata be preserved for future reference. Avoid consolidating complementary requirements with drastically different priority levels.

    Identify and eliminate conflict between requirements

    Conflicting requirements are unavoidable; identify and resolve them as early as possible to minimize rework and grief.

    Conflicting requirements occur when stakeholders have requirements that either partially or fully contradict one another, and as a result, it is not possible or practical to implement all of the requirements.

    Steps to Resolving Conflict:

    1. Notify the relevant stakeholders of the conflict and search for a basic solution or compromise.
    2. If the stakeholders remain in a deadlock, appoint a final decision maker.
    3. Schedule a meeting to resolve the conflict with the relevant stakeholders and the decision maker. If multiple conflicts exist between the same stakeholder groups, try to resolve as many as possible at once to save time and encourage reciprocation.
    4. Give all parties the opportunity to voice their rationale and objectively rate the priority of the requirement. Attempt to reach an agreement, consensus, or compromise.
    5. If the parties remain in a deadlock, encourage the final decision maker to weigh in. Their decision should be based on which party has the greater need for the requirement, the difficulty to implement the requirement, and which requirement better aligns with the project goals.

    Info-Tech Insight

    Resolve conflicts whenever possible during the elicitation phase by using cross-functional workshops to facilitate discussions that address and settle conflicts in the room.

    Consolidate similar requirements and eliminate redundancies

    3.1.2 – 30 minutes

    Input
    • Activity 3.1.1
    Output
    • Requirements categories
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs

    Review the outputs from the last exercise and ensure that the list is mutually exclusive by consolidating similar requirements and eliminating redundancies.

    1. Looking at each category in turn, review the sticky notes and group similar, complementary, and conflicting notes together. Put a red dot on any conflicting requirements to be used in a later exercise.
    2. Have the group start by eliminating the redundant requirements.
    3. Have the group look at the complementary requirements, and consolidate each into a single requirement. Discard originals.
    4. Record this information in the Requirements Gathering Documentation Tool.

    Prioritize requirements to assist with solution modeling

    Prioritization is the process of ranking each requirement based on its importance to project success. Hold a separate meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure efforts are targeted towards the proper requirements as well as to plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.

    The MoSCoW Model of Prioritization

    The image shows the MoSCoW Model of Prioritization, which is shaped like a pyramid. The sections, from top to bottom (becoming incrementally larger) are: Must Have; Should Have; Could Have; and Won't Have. There is additional text next to each category, as follows: Must have - Requirements must be implemented for the solution to be considered successful.; Should have: Requirements are high priority that should be included in the solution if possible.; Could Have: Requirements are desirable but not necessary and could be included if resources are available.; Won't Have: Requirements won’t be in the next release, but will be considered for the future releases.

    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994 (Source: ProductPlan).

    Base your prioritization on the right set of criteria

    Effective Prioritization Criteria

    Criteria

    Description

    Regulatory & Legal Compliance These requirements will be considered mandatory.
    Policy Compliance Unless an internal policy can be altered or an exception can be made, these requirements will be considered mandatory.
    Business Value Significance Give a higher priority to high-value requirements.
    Business Risk Any requirement with the potential to jeopardize the entire project should be given a high priority and implemented early.
    Likelihood of Success Especially in proof-of-concept projects, it is recommended that requirements have good odds.
    Implementation Complexity Give a higher priority to low implementation difficulty requirements.
    Alignment With Strategy Give a higher priority to requirements that enable the corporate strategy.
    Urgency Prioritize requirements based on time sensitivity.
    Dependencies A requirement on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it.

    Info-Tech Insight

    It is easier to prioritize requirements if they have already been collapsed, resolved, and rewritten. There is no point in prioritizing every requirement that is elicited up front when some of them will eventually be eliminated.

    Use the Requirements Gathering Documentation Tool to steer your requirements gathering approach during a project

    3.1 Requirements Gathering Documentation Tool

    Use the Requirements Gathering Documentation Tool to identify and track stakeholder involvement, elicitation techniques, and scheduling, as well as to track categorization and prioritization of requirements.

    • Use the Identify Stakeholders tab to:
      • Identify the stakeholder's name and role.
      • Identify their influence and involvement.
      • Identify the elicitation techniques that you will be using.
      • Identify who will be conducting the elicitation sessions.
      • Identify if requirements were validated post elicitation session.
      • Identify when the elicitation will take place.
    • Use the Categorize & Prioritize tab to:
      • Identify the stakeholder.
      • Identify the core function.
      • Identify the business requirement.
      • Describe the requirement.
      • Identify the categorization of the requirement.
      • Identify the level of priority of the requirement.

    Prioritize requirements

    3.1.3 – 30 minutes

    Input
    • Requirements list
    • Prioritization criteria
    Output
    • Prioritized requirements
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs
    • Business stakeholders

    Using the output from the MoSCoW model, prioritize the requirements according to those you must have, should have, could have, and won’t have.

    1. As a group, review each requirement and decide if the requirement is:
      1. Must have
      2. Should have
      3. Could have
      4. Won’t have
    2. Beginning with the must-have requirements, determine if each has any dependencies. Ensure that each of the dependencies are moved to the must-have category. Group and circle the dependent requirements.
    3. Continue the same exercise with the should-have and could-have options.
    4. Record the results in the Requirements Gathering Documentation Tool.

    Step 1 – Prioritize requirements

    3.1.3

    The image shows a whiteboard, with four categories listed at the top: Must Have; Should Have; Could Have; Won't Have. There are yellow post-it notes under each category.

    Step 2-3 – Prioritize requirements

    This image is the same as the previous image, but with the additions of two dotted line squares under the Must Have category, with arrows pointing to them from post-its in the Should have category.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    3.1.1 Create functional requirements categories

    An analyst will facilitate the discussion to brainstorm and determine criteria for requirements categories.

    3.1.2 Consolidate similar requirements and eliminate redundancies

    An analyst will facilitate a session to review the requirements categories to ensure the list is mutually exclusive by consolidating similar requirements and eliminating redundancies.

    3.1.3 Prioritize requirements

    An analyst will facilitate the discussion on how to prioritize requirements according to the MoSCoW prioritization framework. The analyst will also walk you through the exercise of determining dependencies for each requirement.

    Step 3.2: Validate Business Requirements

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Build the BRD.
    • Translate functional requirements to technical requirements.
    • Identify testing opportunities.

    This step involves the following participants:

    • BAs

    Outcomes of this step

    • Finalized BRD.

    Validate requirements to ensure that they meet stakeholder needs – getting sign-off is essential

    The image is the Requirements Gathering Framework shown previously. In this instance, all aspects of the graphic are greyed out with the exception of the Validate arrow, right of center. Below the arrow are three bullet points: Translate; Allocate; Approve.

    The validation phase involves translating the requirements, modeling the solutions, allocating features across the phased deployment plan, preparing the requirements package, and getting requirement sign-off. This is the last step in the Info-Tech Requirements Gathering Framework.

    Prepare a user-friendly requirements package

    Before going for final sign-off, ensure that you have pulled together all of the relevant documentation.

    The requirements package is a compilation of all of the business analysis and requirements gathering that occurred. The document will be distributed among major stakeholders for review and sign-off.

    Some may argue that the biggest challenge in the validation phase is getting the stakeholders to sign off on the requirements package; however, the real challenge is getting them to actually read it. Often, stakeholders sign the requirements document without fully understanding the scope of the application, details of deployment, and how it affects them.

    Remember, this document is not for the BAs; it’s for the stakeholders. Make the package with the stakeholders in mind. Create multiple versions of the requirements package where the length and level of technical details is tailored to the audience. Consider creating a supplementary PowerPoint version of the requirements package to present to senior management.

    Contents of Requirements Package:

    • Project Charter (if available)
    • Overarching Project Goals
    • Categorized Business Requirements
    • Selected Solution Proposal
    • Rationale for Solution Selection
    • Phased Roll-Out Plan
    • Proposed Schedule/Timeline
    • Signatures Page

    "Sit down with your stakeholders, read them the document line by line, and have them paraphrase it back to you so you’re on the same page." – Anonymous City Manager of IT Project Planning Info-Tech Interview

    Capture requirements in a dedicated BRD

    The BRD captures the original business objectives and high-level business requirements for the system/process. The system requirements document (SRD) captures the more detailed functional and technical requirements.

    The graphic is grouped into two sections, indicated by brackets on the right side, the top section labelled BRD and the lower section labelled as SRD. In the BRD section, a box reads Needs Identified in the Business Case. An arrow points from the bottom of the box down to another box labelled Use Cases. In the SRD section, there are three arrows pointing from the Use Cases box to three boxes in a row. They are labelled Functionality; Usability; and Constraints. Each of these boxes has a plus sign between it and the next in the line. At the bottom of the SRD section is a box with text that reads: Quality of Service Reliability, Supportability, and Performance

    Use Info-Tech’s Business Requirements Document Template to specify the business needs and expectations

    3.2 Business Requirements Document Template

    The Business Requirements Document Template can be used to record the functional, quality, and usability requirements into formats that are easily consumable for future analysis, architectural and design activities, and most importantly in a format that is understandable by all business partners.

    The BRD is designed to take the reader from a high-level understanding of the business processes down to the detailed automation requirements. It should capture the following:

    • Project summary and background
    • Operating model
    • Business process model
    • Use cases
    • Requirements elicitation techniques
    • Prioritized requirements
    • Assumptions and constraints

    Rightsize the BRD

    3.2.1 – 30 minutes

    Input
    • Project levels
    • BRD categories
    Output
    • BRD
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Business stakeholders

    Build the required documentation for requirements gathering.

    1. On the board, write out the components of the BRD. As a group, review the headings and decide if all sections are needed for level 1 & 2 and level 3 & 4 projects. Your level 3-4 project business cases will have the most detailed business cases; consider your level 1-2 projects, and remove any categories you don’t believe are necessary for the project level.
    2. Now that you have a right-sized template, break the team into two groups and have each group complete one section of the template for your selected project.
      1. Project overview
      2. Implementation considerations
    3. Once complete, have each group present its section, and allow the group to make additions and modifications to each section.

    Document the output from this exercise in section 6 of the Requirements Gathering SOP and BA Playbook.

    Present the BRD to business stakeholders

    3.2.2 – 1 hour

    Input
    • Activity 3.2.1
    Output
    • BRD presentation
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Practice presenting the requirements document to business stakeholders.

    1. Hold a meeting with a group of selected stakeholders, and have a representative present each section of the BRD for your project.
    2. Instruct participants that they should spend the majority of their time on the requirements section, in particular the operating model and the requirements prioritization.
    3. At the end of the meeting, have the business stakeholders validate the requirements, and approve moving forward with the project or indicate where further requirements gathering must take place.

    Example:

    Typical Requirements Gathering Validation Meeting Agenda
    Project overview 5 minutes
    Project operating model 10 minutes
    Prioritized requirements list 5 minutes
    Business process model 30 minutes
    Implementation considerations 5 minutes

    Translate business requirements into technical requirements

    3.2.3 – 30 minutes

    Input
    • Business requirements
    Output
    • BRD presentation
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders
    • BAs
    • Developers

    Practice translating business requirements into system requirements.

    1. Bring in representatives from the development team, and have a representative walk them through the business process model.
    2. Present a detailed account of each business requirement, and work with the IT team to build out the system requirements for each.
    3. Document the system requirements in the Requirements Gathering Documentation Tool.

    For requirements traceability, ensure you’re linking your requirements management back to your test strategy

    After a solution has been fully deployed, it’s critical to create a strong link between your software testing strategy and the requirements that were collected. User acceptance testing (UAT) is a good approach for requirement verification.

    • Many organizations fail to create an explicit connection between their requirements gathering and software testing strategies. Don’t follow their example!
    • When conducting UAT, structure exercises in the context of the requirements; run through the signed-off list and ask users whether or not the deployed functionality was in line with the expectations outlined in the finalized requirements documentation.
    • If not – determine whether it was a miscommunication on the requirements management side or a failure of the developers (or procurement team) to meet the agreed-upon requirements.

    Download the Requirements Gathering Testing Checklist template.

    Identify the testing opportunities

    3.2.4 – 30 minutes

    Input
    • List of requirements
    Output
    • Requirements testing process
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Developers

    Identify how to test the effectiveness of different requirements.

    1. Ask the group to review the list of requirements and identify:
      1. Which kinds of requirements enable constructive testing efforts?
      2. Which kinds of requirements enable destructive testing efforts?
      3. Which kinds of requirements support end-user acceptance testing?
      4. What do these validation-enabling objectives mean in terms of requirement specificity?
    2. For each, identify who will do the testing and at what stage.

    Verify that the requirements still meet the stakeholders’ needs

    Keep the stakeholders involved in the process in between elicitation and sign-off to ensure that nothing gets lost in transition.

    After an organization’s requirements have been aggregated, categorized, and consolidated, the business requirements package will begin to take shape. However, there is still a great deal of work to complete. Prior to proceeding with the process, requirements should be verified by domain SMEs to ensure that the analyzed requirements continue to meet their needs. This step is often overlooked because it is laborious and can create additional work; however, the workload associated with verification is much less than the eventual rework stemming from poor requirements.

    All errors in the requirements gathering process eventually surface; it is only a matter of time. Control when these errors appear and minimize costs by soliciting feedback from stakeholders early and often.

    This is the Verify stage of the Confirm, Verify, Approve process.

    “Do these requirements still meet your needs?”

    Put it all together: obtain final requirements sign-off

    Use the sign-off process as one last opportunity to manage expectations, obtain commitment from the stakeholders, and minimize change requests.

    Development or procurement of the application cannot begin until the requirements package has been approved by all of the key stakeholders. This will be the third time that the stakeholders are asked to review the requirements; however, this will be the first time that the stakeholders are asked to sign off on them.

    It is important that the stakeholders understand the significance of their signatures. This is their last opportunity to see exactly what the solution will look like and to make change requests. Ensure that the stakeholders also recognize which requirements were omitted from the solution that may affect them.

    The sign-off process needs to mean something to the stakeholders. Once a signature is given, that stakeholder must be accountable for it and should not be able to make change requests. Note that there are some requests from senior stakeholders that can’t be refused; use discretion when declining requests.

    This is the Approve stage of the Confirm, Verify, Approve process.

    "Once requirements are signed off, stay firm on them!" – Anonymous Hospital Business Systems Analyst Info-Tech Interview

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with out Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.2.1; 3.2.2 Rightsize the BRD and present it to business stakeholders

    An analyst will facilitate the discussion to gather the required documentation for building the BRD. The analyst will also assist with practicing the presenting of each section of the document to business stakeholders.

    3.2.3; 3.2.4 Translate business requirements into technical requirements and identify testing opportunities

    An analyst will facilitate the session to practice translating business requirements into testing requirements and assist in determining how to test the effectiveness of different requirements.

    Phase 4: Create a Requirements Governance Action Plan

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Create a Requirements Governance Action Plan

    Proposed Time to Completion: 3 weeks

    Step 4.1: Create Control Processes for Requirements Changes

    Start with an analyst kick off call:

    • Discuss how to handle changes to requirements and establish a formal change control process.

    Then complete these activities…

    • Develop a change control process.
    • Build the guidelines for escalating changes.
    • Confirm your requirements gathering process.
    • Define RACI for the requirements gathering process.

    With these tools & templates:

    • Requirements Traceability Matrix
    Step 4.2: Build Requirements Governance and Communication Plan

    Review findings with analyst:

    • Review options for ongoing governance of the requirements gathering process.

    Then complete these activities…

    • Define the requirements gathering steering committee purpose.
    • Define the RACI for the RGSC.
    • Define procedures, cadence, and agenda for the RGSC.
    • Identify and analyze stakeholders.
    • Create a communications management plan.
    • Build the requirements gathering process implementation timeline.

    With these tools & templates:

    Requirements Gathering Communication Tracking Template

    Phase 4 Results & Insights:
    • Formalized change control and governance processes for requirements.

    Step 4.1: Create Control Processes for Requirements Changes

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Develop change control process.
    • Develop change escalation process.
    This step involves the following participants:
    • BAs
    • Business stakeholders
    Outcomes of this step
    • Requirements gathering process validation.
    • RACI completed.

    Manage, communicate, and test requirements

    The image is the Requirement Gathering Framework graphic from previous sections. In this instance, all parts of the image are greyed out, with the exception of the arrows labelled Communicate and Manage, located at the bottom of the image.

    Although the manage, communicate, and test requirements section chronologically falls as the last section of this blueprint, that does not imply that this section is to be performed only at the end. These tasks are meant to be completed iteratively throughout the project to support the core requirements gathering tasks.

    Prevent requirements scope creep

    Once the stakeholders sign off on the requirements document, any changes need to be tracked and managed. To do that, you need a change control process.

    Thoroughly validating requirements should reduce the amount of change requests you receive. However, eliminating all changes is unavoidable.

    The BAs, sponsor, and stakeholders should have agreed upon a clearly defined scope for the project during the planning phase, but there will almost always be requests for change as the project progresses. Even a high number of small changes can negatively impact the project schedule and budget.

    To avoid scope creep, route all changes, including small ones, through a formal change control process that will be adapted depending on the level of project and impact of the change.

    Linking change requests to requirements is essential to understanding relevance and potential impact

    1. Receive project change request.
    2. Refer to requirements document to identify requirements associated with the change.
      • Matching requirement is found: The change is relevant to the project.
      • Multiple requirements are associated with the proposed change: The change has wider implications for the project and will require closer analysis.
      • The request involves a change or new business requirements: Even if the change is within scope, time, and budget, return to the stakeholder who submitted the request to identify the potentially new requirements that relate to this change. If the sponsor agrees to the new requirements, you may be able to approve the change.
    3. Findings influence decision to escalate/approve/reject change request.

    Develop a change control process

    4.1.1 – 45 minutes

    Input
    • Current change control process
    Output
    • Updated change control process
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Developers
    1. Ask the team to consider their current change control process. It might be helpful to discuss a project that is currently underway, or already completed, to provide context. Draw the process on the whiteboard through discussion with the team.
    2. If necessary, provide some cues. Below are some change control process activities:
      • Submit project change request form.
      • PM assesses change.
      • Project sponsor assesses change.
      • Bring request to project steering committee to assess change.
      • Approve/reject change.
    3. Ask participants to brainstorm a potential separate process for dealing with small changes. Add a new branch for minor changes, which will allow you to make decisions on when to bundle the changes versus implementing directly.

    Document any changes from this exercise in section 7.1 of the Requirements Gathering SOP and BA Playbook.

    Example change control process

    The image is an example of a change control process, depicted via a flowchart.

    Build guidelines for escalating changes

    4.1.2 – 1 hour

    Input
    • Current change control process
    Output
    • Updated change control process
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Developers

    Determine how changes will be escalated for level 1/2/3/4 projects.

    1. Write down the escalation options for level 3 & 4 projects on the whiteboard:
      • Final decision rests with project manager.
      • Escalate to sponsor.
      • Escalate to project steering committee.
      • Escalate to change control board.
    2. Brainstorm categories for assessing the impact of a change and begin creating a chart on the whiteboard by listing these categories in the far left column. Across the top, list the escalation options for level 3 & 4 projects.
    3. Ask the team to agree on escalation conditions for each escalation option. For example, for the final decision to rest with the project manager one condition might be:
      • Change is within original project scope.
    4. Review the output from exercise 4.1.1 and tailor the process model to meet level 3 & 4 escalation models.
    5. Repeat steps 1-4 for level 1 & 2 projects.

    Document any changes from this exercise in section 7.2 of the Requirements Gathering SOP and BA Playbook.

    Example: Change control process – Level 3 & 4

    Impact Category Final Decision Rests With Project Manager If: Escalate to Steering Committee If: Escalate to Change Control Board If: Escalate to Sponsor If:
    Scope
    • Change is within original project scope.
    • Change is out of scope.
    Budget
    • Change can be absorbed into current project budget.
    • Change will require additional funds exceeding any contingency reserves.
    • Change will require the release of contingency reserves.
    Schedule
    • Change can be absorbed into current project schedule.
    • Change will require the final project close date to be delayed.
    • Change will require a delay in key milestone dates.
    Requirements
    • Change can be linked to an existing business requirement.
    • Change will require a change to business requirements, or a new business requirement.

    Example: Change control process – Level 1 & 2

    Impact CategoryFinal Decision Rests With Project Manager If:Escalate to Steering Committee If:Escalate to Sponsor If:
    Scope
    • Change is within original project scope.
    • Change is out of scope.
    Budget
    • Change can be absorbed into current project budget, even if this means releasing contingency funds.
    • Change will require additional funds exceeding any contingency reserves.
    Schedule
    • Change can be absorbed into current project schedule, even if this means moving milestone dates.
    • Change will require the final project close date to be delayed.
    Requirements
    • Change can be linked to an existing business requirement.
    • Change will require a change to business requirements, or a new business requirement.

    Leverage Info-Tech’s Requirements Traceability Matrix to help create end-to-end traceability of your requirements

    4.1 Requirements Traceability Matrix

    Even if you’re not using a dedicated requirements management suite, you still need a way to trace requirements from inception to closure.
    • Ensuring traceability of requirements is key. If you don’t have a dedicated suite, Info-Tech’s Requirements Traceability Matrix can be used as a form of documentation.
    • The traceability matrix covers:
      • Association ID
      • Technical Assumptions and Needs
      • Functional Requirement
      • Status
      • Architectural Documentation
      • Software Modules
      • Test Case Number

    Info-Tech Deliverable
    Take advantage of Info-Tech’s Requirements Traceability Matrix to track requirements from inception through to testing.

    You can’t fully validate what you don’t test; link your requirements management back to your test strategy

    Create a repository to store requirements for reuse on future projects.

    • Reuse previously documented requirements on future projects to save the organization time, money, and grief. Well-documented requirements discovered early can even be reused in the same project.
    • If every module of the application must be able to save or print, then the requirement only needs to be written once. The key is to be able to identify and isolate requirements with a high likelihood of reuse. Typically, requirements pertaining to regulatory and business rule compliance are prime candidates for reuse.
    • Build and share a repository to store historical requirement documentation. The repository must be intuitive and easy to navigate, or users will not take advantage of it. Plan the information hierarchy in advance. Requirements management software suites have the ability to create a repository and easily migrate requirements over from past projects.
    • Assign one person to manage the repository to create consistency and accountability. This person will maintain the master requirements document and ensure the changes that take place during development are reflected in the requirements.

    Confirm your requirements gathering process

    4.1.3 – 45 minutes

    Input
    • Activity 1.2.4
    Output
    • Requirements gathering process model
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs

    Review the requirements gathering process and control levels for project levels 1/2/3/4 and add as much detail as possible to each process.

    1. Draw out the requirements gathering process for a level 4 project as created in exercise 1.2.4 on a whiteboard.
    2. Review each process step as a group, and break down each step so that it is at its most granular. Be sure to include each decision point, key documentation, and approvals.
    3. Once complete, review the process for level 3, 2 & 1. Reduce steps as necessary. Note: there may not be a lot of differentiation between your project level 4 & 3 or level 2 & 1 processes. You should see differentiation in your process between 2 and 3.

    Document the output from this exercise in section 2.4 of the Requirements Gathering SOP and BA Playbook.

    Example: Confirm your requirements gathering process

    The image is an example of a requirements gathering process, representing in the format of a flowchart.

    Define RACI for the requirements gathering process

    4.1.4 – 45 minutes

    Input
    • List of stakeholders
    Output
    • RACI matrix
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Understand who is responsible, accountable, consulted, and informed for key elements of the requirements gathering process for project levels 1/2/3/4.

    1. As a group, identify the key stakeholders for requirements gathering and place those names along the top of the board.
    2. On the left side of the board, list the process steps and control points for a level 4 project.
    3. For each process step, identify who is responsible, accountable, informed, and consulted.
    4. Repeat this process for project levels 3, 2 & 1.

    Example: RACI for requirements gathering

    Project Requestor Project Sponsor Customers Suppliers Subject Matter Experts Vendors Executives Project Management IT Management Developer/ Business Analyst Network Services Support
    Intake Form A C C I R
    High-Level Business Case R A C C C C I I C
    Project Classification I I C I R A R
    Project Approval R R I I I I I I A I I
    Project Charter R C R R C R I A I R C C
    Develop BRD R I R C C C R A C C
    Sign-Off on BRD/ Project Charter R A R R R R
    Develop System Requirements C C C R I C A R R
    Sign-Off on SRD R R R I A R R
    Testing/Validation A I R C R C R I R R
    Change Requests R R C C A I R C
    Sign-Off on Change Request R A R R R R
    Final Acceptance R A R I I I I R R R I I

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    4.1.1; 4.1.2 Develop a change control process and guidelines for escalating changes

    An analyst will facilitate the discussion on how to improve upon your organization’s change control processes and how changes will be escalated to ensure effective tracking and management of changes.

    4.1.3 Confirm your requirements gathering process

    With the group, an analyst will review the requirements gathering process and control levels for the different project levels.

    4.1.4 Define the RACI for the requirements gathering process

    An analyst will facilitate a whiteboard exercise to understand who is responsible, accountable, informed, and consulted for key elements of the requirements gathering process.

    Step 4.2: Build Requirements Governance and Communication Plan

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:

    • Developing a requirements gathering steering committee.
    • Identifying and analyzing stakeholders for requirements governance.
    • Creating a communication management plan.

    This step involves the following participants:

    • Business stakeholders
    • BAs

    Outcomes of this step

    • Requirements governance framework.
    • Communication management plan.

    Establish proper governance for requirements gathering that effectively creates and communicates guiding principles

    If appropriate governance oversight doesn’t exist to create and enforce operating procedures, analysts and developers will run amok with their own processes.

    • One of the best ways to properly govern your requirements gathering process is to establish a working committee within the framework of your existing IT steering committee. This working group should be given the responsibility of policy formulation and oversight for requirements gathering operating procedures. The governance group should be comprised of both business and IT sponsors (e.g. a director, BA, and “voice of the business” line manager).
    • The governance team will not actually be executing the requirements gathering process, but it will be deciding upon which policies to adopt for elicitation, analysis, and validation. The team will also be responsible for ensuring – either directly or indirectly through designated managers – that BAs or other requirements gathering processionals are following the approved steps.

    Requirements Governance Responsibilities

    1. Provide oversight and review of SOPs pertaining to requirements elicitation, analysis, and validation.

    2. Establish corporate policies with respect to requirements gathering SOP training and education of analysts.

    3. Prioritize efforts for requirements optimization.

    4. Determine and track metrics that will be used to gauge the success (or failure) of requirements optimization efforts and make process and policy changes as needed.

    Right-size your governance structure to your organization’s complexity and breadth of capabilities

    Not all organizations will be best served by a formal steering committee for requirements gathering. Assess the complexity of your projects and the number of requirements gathering practitioners to match the right governance structure.

    Level 1: Working Committee
    • A working committee is convened temporarily as required to do periodic reviews of the requirements process (often annually, or when issues are surfaced by practitioners). This governance mechanism works best in small organizations with an ad hoc culture, low complexity projects, and a small number of practitioners.
    Level 2: IT Steering Committee Sub-Group
    • For organizations that already have a formal IT steering committee, a sub-group dedicated to managing the requirements gathering process is desirable to a full committee if most projects are complexity level 1 or 2, and/or there are fewer than ten requirements gathering practitioners.
    Level 3: Requirements Gathering Steering Committee
    • If your requirements gathering process has more than ten practitioners and routinely deals with high-complexity projects (like ERP or CRM), a standing formal committee responsible for oversight of SOPs will provide stronger governance than the first two options.
    Level 4: Requirements Gathering Center of Excellence
    • For large organizations with multiple business units, matrix organizations for BAs, and a very large number of requirements gathering practitioners, a formal center of excellence can provide both governance as well as onboarding and training for requirements gathering.

    Identify and analyze stakeholders

    4.2.1A – 1 hour

    Input
    • Number of practitioners, project complexity levels
    Output
    • Governance structure selection
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Use a power map to determine which governance model best fits your organization.

    The image is a square, split into four equal sections, labelled as follows from top left: Requirements Steering Committee; Requirements Center of Excellence; IT Steering Committee Sub-Group; Working Committee. The left and bottom edges of the square are labelled as follows: on the left, with an arrow pointing upwards, Project Complexity; on the bottom, with arrow pointing right, # of Requirements Practitioners.

    Define your requirements gathering governance structure(s) and purpose

    4.2.1B – 30 minutes

    Input
    • Requirements gathering elicitation, analysis, and validation policies
    Output
    • Governance mandate
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    This exercise will help to define the purpose statement for the applicable requirements gathering governance team.

    1. As a group, brainstorm key words that describe the unique role the governance team will play. Consider value, decisions, and authority.
    2. Using the themes, come up with a set of statements that describe the overall purpose statement.
    3. Document the outcome for the final deliverable.

    Example:

    The requirements gathering governance team oversees the procedures that are employed by BAs and other requirements gathering practitioners for [insert company name]. Members of the team are appointed by [insert role] and are accountable to [typically the chair of the committee].

    Day-to-day operations of the requirements gathering team are expected to be at the practitioner (i.e. BA) level. The team is not responsible for conducting elicitation on its own, although members of the team may be involved from a project perspective.

    Document the output from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.

    A benefits provider established a steering committee to provide consistency and standardization in requirements gathering

    CASE STUDY

    Industry Not-for-Profit

    Source Info-Tech Workshop

    Challenge

    This organization is a not-for-profit benefits provider that offers dental coverage to more than 1.5 million people across three states.

    With a wide ranging application portfolio that includes in-house, custom developed applications as well as commercial off-the-shelf solutions, the company had no consistent method of gathering requirements.

    Solution

    The organization contracted Info-Tech to help build an SOP to put in place a rigorous and efficient methodology for requirements elicitation, analysis, and validation.

    One of the key realizations in the workshop was the need for governance and oversight over the requirements gathering process. As a result, the organization developed a Requirements Management Steering Committee to provide strategic oversight and governance over requirements gathering processes.

    Results

    The Requirements Management Steering Committee introduced accountability and oversight into the procedures that are employed by BAs. The Committee’s mandate included:

    • Provide oversight and review SOPs pertaining to requirements elicitation, analysis, and validation.
    • Establish corporate policies with respect to training and education of analysts on requirements gathering SOPs.
    • Prioritize efforts for requirements optimization.
    • Determine metrics that can be used to gauge the success of requirements optimization efforts.

    Authority matrix – RACI

    There needs to be a clear understanding of who is accountable, responsible, consulted, and informed about matters brought to the attention of the requirements gathering governance team.

    • An authority matrix is often used within organizations to indicate roles and responsibilities in relation to processes and activities.
    • Using the RACI model as an example, there is only one person accountable for an activity, although several people may be responsible for executing parts of the activity.
    • In this model, accountable means end-to-end accountability for the process. Accountability should remain with the same person for all activities of a process.

    RResponsible

    The one responsible for getting the job done.

    A – Accountable

    Only one person can be accountable for each task.

    C – Consulted

    Involvement through input of knowledge and information.

    I – Informed

    Receiving information about process execution and quality.

    Define the RACI for effective requirements gathering governance

    4.2.2 – 30 minutes

    Input
    • Members’ list
    Output
    • Governance RACI
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • Governance team members

    Build the participation list and authority matrix for the requirements gathering governance team.

    1. Have each participant individually consider the responsibilities of the governance team, and write five participant roles they believe should be members of the governance team.
    2. Have each participant place the roles on the whiteboard, group participants, and agree to five participants who should be members.
    3. On the whiteboard, write the responsibilities of the governance team in a column on the left, and place the sticky notes of the participant roles along the top of the board.
    4. Under the appropriate column for each activity, identify who is the “accountable,” “responsible,” “consulted,” and “informed” role for each activity.
    5. Agree to a governance chair.

    Document any changes from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.

    Example: Steps 2-5: Build the governance RACI

    The image shows an example governance RACI, with the top of the chart labelled with Committee Participants, and the left hand column labelled Committee Responsibilities. Some of the boxes have been filled in.

    Define your requirements gathering governance team procedures, cadence, and agenda

    4.2.3 – 30 minutes

    Input
    • Governance responsibilities
    Output
    • Governance procedures and agenda
    Materials
    • Whiteboard
    • Markers
    Participants
    • Steering committee members

    Define your governance team procedures, cadence, and agenda.

    1. Review the format of a typical agenda as well as the list of responsibilities for the governance team.
    2. Consider how you will address each of these responsibilities in the meeting, who needs to present, and how long each presentation should be.
    3. Add up the times to define the meeting duration.
    4. Consider how often you need to meet to discuss the information: monthly, quarterly, or annually? Are there different actions that need to be taken at different points in the year?
    5. As a group, decide how the governance team will approve changes and document any voting standards that should be included in the charter. Will a vote be taken during or prior to the meeting? Who will have the authority to break a tie?
    6. As a group, decide how the committee will review information and documentation. Will members commit to reviewing associated documents before the meeting? Can associated documentation be stored in a knowledge repository and/or be distributed to members prior to the meeting? Who will be responsible for this? Can a short meeting/conference call be held with relevant reviewers to discuss documentation before the official committee meeting?

    Review the format of a typical agenda

    4.2.3 – 30 minutes

    Meeting call to order [Committee Chair] [Time]
    Roll call [Committee Chair] [Time]
    Review of SOPs
    A. Requirements gathering dashboard review [Presenters, department] [Time]
    B. Review targets [Presenters, department] [Time]
    C. Policy Review [Presenters, department] [Time]

    Define the governance procedures and cadence

    4.2.3 – 30 minutes

    • The governance team or committee will be chaired by [insert role].
    • The team shall meet on a [insert time frame (e.g. monthly, semi-annual, annual)] basis. These meetings will be scheduled by the team or committee chair or designated proxy.
    • Approval for all SOP changes will be reached through a [insert vote consensus criteria (majority, uncontested, etc.)] vote of the governance team. The vote will be administered by the governance chair. Each member of the committee shall be entitled to one vote, excepting [insert exceptions].
    • The governance team has the authority to reject any requirements gathering proposal which it deems not to have made a sufficient case or which does not significantly contribute to the strategic objectives of [insert company name].
    • [Name of individual] will record and distribute the meeting minutes and documentation of business to be discussed in the meeting.

    Document any changes from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.

    Changing the requirements gathering process can be disruptive – be successful by gaining business support

    A successful communication plan involves making the initiative visible and creating staff awareness around it. Educate the organization on how the requirements gathering process will differ.

    People can be adverse to change and may be unreceptive to being told they must “comply” to new policies and procedures. Demonstrate the value in requirements gathering and show how it will assist people in their day-to-day activities.

    By demonstrating how an improved requirements gathering process will impact staff directly, you create a deeper level of understanding across lines-of-business, and ultimately a higher level of acceptance for new processes, rules, and guidelines.

    A proactive communication plan will:
    • Assist in overcoming issues with prioritization, alignment resourcing, and staff resistance.
    • Provide a formalized process for implementing new policies, rules, and guidelines.
    • Detail requirements gathering ownership and accountability for the entirety of the process.
    • Encourage acceptance and support of the initiative.

    Identify and analyze stakeholders to communicate the change process

    Who are the requirements gathering stakeholders?

    Stakeholder:

    • A stakeholder is any person, group, or organization who is the end user, owner, sponsor, or consumer of an IT project, change, or application.
    • When assessing an individual or group, ask whether they can impact or be impacted by any decision, change, or activity executed as part of the project. This might include individuals outside of the organization.

    Key Stakeholder:

    • Someone in a management role or someone with decision-making power who will be able to influence requirements and/or be impacted by project outcomes.

    User Group Representatives:

    • For impacted user groups, follow best practice and engage an individual to act as a representative. This individual will become the primary point of contact when making decisions that impact the group.

    Identify the reasons for resistance to change

    Stakeholders may resist change for a variety of reasons, and different strategies are necessary to address each.

    Unwilling – Individuals who are unwilling to change may need additional encouragement. For these individuals, you’ll need to reframe the situation and emphasize how the change will benefit them specifically.

    Unable – All involved requirements gathering will need some form of training on the process, committee roles, and responsibilities. Be sure to have training and support available for employees who need it and communicate this to staff.

    Unaware – Until people understand exactly what is going on, they will not be able to conform to the process. Communicate change regularly at the appropriate detail to encourage stakeholder support.

    Info-Tech Insight

    Resisters who have influence present a high risk to the implementation as they may encourage others to resist as well. Know where and why each stakeholder is likely to resist to mitigate risk. A detailed plan will ensure you have the needed documentation and communications to successfully manage stakeholder resistance.

    Identify and analyze stakeholders

    4.2.4 – 1 hour

    Input
    • Requirements gathering stakeholders list
    Output
    • Stakeholder power map
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • RGSC members

    Identify the impact and level of resistance of all stakeholders to come up with the right communication plan.

    1. Through discussion, generate a complete list of stakeholders for requirements gathering and record the names on the whiteboard or flip chart. Group related stakeholders together.
    2. Using the template on the next slide, draw the stakeholder power map.
    3. Evaluate each stakeholder on the list based on:
      1. Influence: To what degree can this stakeholder impact progress?
      2. Involvement: How involved is the stakeholder already?
      3. Support: Label supporters with green sticky notes, resisters with red notes, and the rest with a third color.
    4. Based on the assessment, write the stakeholder’s name on a green, red, or other colored sticky note, and place the sticky note in the appropriate place on the power map.
    5. For each of the stakeholders identified as resisters, determine why you think they would be resistant. Is it because they are unwilling, unable, and/or unknowing?
    6. Document changes to the stakeholder analysis in the Requirements Gathering Communication Tracking Template.

    Identify and analyze stakeholders

    4.2.4 – 1 hour

    Use a power map to plot key stakeholders according to influence and involvement.

    The image shows a power map, which is a square divided into 4 equally-sized sections, labelled from top left: Focused Engagement; Key Players; Keep Informed; Minimal Engagement. On the left side of the square, there is an arrow pointing upwards labelled Influence; at the bottom of the square, there is an arrow pointing right labelled Involvement. On the right side of the image, there is a legend indicating that a green dot indicates a Supporter; a grey dot indicated Neutral; and a red dot indicates a Resister.

    Example: Identify and analyze stakeholders

    Use a power map to plot key stakeholders according to influence and involvement.

    The image is the same power map image from the previous section, with some additions. A red dot is located at the top left, with a note: High influence with low involvement? You need a strategy to increase engagement. A green dot is located mid-high on the right hand side. Grey dots are located left and right in the bottom of the map. The bottom right grey dot has the note: High involvement with lower influence? Make sure to keep these stakeholders informed at regular intervals and monitor engagement.

    Stakeholder analysis: Reading the power map

    High Risk:

    Stakeholders with high influence who are not as involved in the project or are heavily impacted by the project are less likely to give feedback throughout the project lifecycle and need to be engaged. They are not as involved but have the ability to impact project success, so stay one step ahead.

    Do not limit your engagement to kick-off and close – you need to continue seeking input and support at all stages of the project.

    Mid Risk:

    Key players have high influence, but they are also more involved with the project or impacted by its outcomes and are thus easier to engage.

    Stakeholders who are heavily impacted by project outcomes will be essential to your organizational change management strategy. Do not wait until implementation to engage them in preparing the organization to accept the project – make them change champions.

    Low Risk:

    Stakeholders with low influence who are not impacted by the project do not pose as great of a risk, but you need to keep them consistently informed of the project and involve them at the appropriate control points to collect feedback and approval.

    Inputs to the communications plan

    Stakeholder analysis should drive communications planning.

    Identify Stakeholders
    • Who is impacted by this project?
    • Who can affect project outcomes?
    Assess Stakeholders
    • Influence
    • Involvement
    • Support
    Stakeholder Change Impact Assessment
    • Identify change supporters/resistors and craft change messages to foster acceptance.
    Stakeholder Register
    • Record assessment results and preferred methods of communication.
    The Communications Management Plan:
    • Who will receive information?
    • What information will be distributed?
    • How will information be distributed?
    • What is the frequency of communication?
    • What will the level of detail be?
    • Who is responsible for distributing information?

    Communicate the reason for the change and stay on message throughout the change

    Leaders of successful change spend considerable time developing a powerful change message: a compelling narrative that articulates the desired end state and makes the change concrete and meaningful to staff. They create the change vision with staff to build ownership and commitment.

    The change message should:

    • Explain why the change is needed.
    • Summarize the things that will stay the same.
    • Highlight the things that will be left behind.
    • Emphasize the things that are being changed.
    • Explain how the change will be implemented.
    • Address how the change will affect the various roles in the organization.
    • Discuss staff’s role in making the change successful.

    The five elements of communicating the reason for the change:

    COMMUNICATING THE CHANGE

    What is the change?

    Why are we doing it?

    How are we going to go about it?

    How long will it take us?

    What will the role be for each department and individual?

    Create a communications management plan

    4.2.5 – 45 minutes

    Input
    • Exercise 4.1.1
    Output
    • Communications management plan
    Materials
    • Whiteboard
    • Markers
    Participants
    • RGSC members

    Build the communications management plan around your stakeholders’ needs.

    1. Build a chart on the board using the template on the next slide.
    2. Using the list from exercise 4.1.1, brainstorm a list of communication vehicles that will need to be used as part of the rollout plan (e.g. status updates, training).
    3. Through group discussion, fill in all these columns for at least three communication vehicles:
      • (Target) audience
      • Purpose (description)
      • Frequency (of the communication)
        • The method, frequency, and content of communication vehicles will change depending on the stakeholder involved. This needs to be reflected by your plan. For example, you may have several rows for “Status Report” to cover the different stakeholders who will be receiving it.
      • Owner (of the message)
      • Distribution (method)
      • (Level of) details
        • High/medium/low + headings
    4. Document your stakeholder analysis in the Requirements Gathering Communication Tracking Template.

    Communications plan template

    4.2.5 – 45 minutes

    Sample communications plan: Status reports

    Vehicle Audience Purpose Frequency Owner Distribution Level of Detail
    Communications Guidelines
    • Regardless of complexity, it is important not to overwhelm stakeholders with information that is not relevant to them. Sending more detailed information than is necessary might mean that it does not get read.
    • Distributing reports too widely may lead to people assuming that someone else is reading it, causing them to neglect reading it themselves.
    • Only distribute reports to the stakeholders who need the information. Think about what information that stakeholder requires to feel comfortable.

    Example: Identify and analyze stakeholders

    Sample communications plan: Status reports

    Vehicle Audience Purpose Frequency Owner Distribution Level of Detail
    Status Report Sponsor Project progress and deliverable status Weekly Project Manager Email

    Details for

    • Milestones
    • Deliverables
    • Budget
    • Schedule
    • Issues
    Status Report Line of Business VP Project progress Monthly Project Manager Email

    High Level for

    • Major milestone update

    Build your requirements gathering process implementation timeline

    4.2.6 – 45 minutes

    Input
    • Parking lot items
    Output
    • Implementation timeline
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • RGSC members

    Build a high-level timeline for the implementation.

    1. Collect the action items identified throughout the week in the “parking lot.”
    2. Individually or in groups, brainstorm any additional action items. Consider communication, additional training required, approvals, etc.
      • Write these on sticky notes and add them to the parking lot with the others.
    3. As a group, start organizing these notes into logical groupings.
    4. Assign each of the tasks to a person or group.
    5. Identify any risks or dependencies.
    6. Assign each of the tasks to a timeline.
    7. Following the exercise, the facilitator will convert this into a Gantt chart using the roadmap for requirements gathering action plan.

    Step 3: Organize the action items into logical groupings

    4.2.6 – 45 minutes

    The image shows a board with 5 categories: Documentation, Approval, Communication, Process, and Training. There are groups of post-it notes under each category title.

    Steps 4-6: Organize the action items into logical groupings

    4.2.6 – 45 minutes

    This image shows a chart with Action Items to be listed in the left-most column, Person or Group Responsible in the next column, Risks/Dependencies in the next columns, and periods of time (i.e. 1-3 months, 2-6 months, etc.) in the following columns. The chart has been partially filled in as an exemplar.

    Recalculate the selected requirements gathering metrics

    Measure and monitor the benefits of requirements gathering optimization.

    • Reassess the list of selected and captured requirements management metrics.
    • Recalculate the metrics and analyze any changes. Don’t expect a substantial result after the first attempt. It will take a while for BAs to adjust to the Info-Tech Requirements Gathering Framework. After the third project, results will begin to materialize.
    • Understand that the project complexity and business significance will also affect how long it takes to see results. The ideal projects to beta the process on would be of low complexity and high business significance.
    • Realize that poor requirements gathering can have negative effects on the morale of BAs, IT, and project managers. Don’t forget to capture the impact of these through surveys.

    Major KPIs typically used for benchmarking include:

    • Number of application bugs/defects (for internally developed applications).
    • Number of support requests or help desk tickets for the application, controlled for user deployment levels.
    • Overall project cycle time.
    • Overall project cost.
    • Requirements gathering as a percentage of project time.

    Revisit the requirements gathering metrics selected in the planning phase and recalculate them after requirements gathering optimization has been attempted.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.2.1; 4.2.2; 4.2.3 – Build a requirements gathering steering committee

    The analyst will facilitate the discussion to define the purpose statement of the steering committee, build the participation list and authority matrix for its members, and define the procedures and agenda.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    4.2.4 Identify and analyze stakeholders

    An analyst will facilitate the discussion on how to identify the impact and level of resistance of all stakeholders to come up with the communication plan.

    4.2.5 Create a communications management plan

    An analyst will assist the team in building the communications management plan based on the stakeholders’ needs that were outlined in the stakeholder analysis exercise.

    4.2.6 Build a requirements gathering implementation timeline

    An analyst will facilitate a session to brainstorm and document any action items and build a high-level timeline for implementation.

    Insight breakdown

    Requirements gathering SOPs should be prescriptive based on project complexity.

    • Complex projects will require more analytical rigor. Simpler projects can be served by more straightforward techniques such as user stories.

    Requirements gathering management tools can be pricy, but they can also be beneficial.

    • Requirements gathering management tools are a great way to have full control over recording, analyzing, and categorizing requirements over complex projects.

    BAs can make or break the execution of the requirements gathering process.

    • A strong process still needs to be executed well by BAs with the right blend of skills and knowledge.

    Summary of accomplishment

    Knowledge Gained

    • Best practices for each stage of the requirements gathering framework:
      • Elicitation
      • Analysis
      • Validation
    • A clear understanding of BA competencies and skill sets necessary to successfully execute the requirements gathering process.

    Processes Optimized

    • Stakeholder identification and management.
    • Requirements elicitation, analysis, and validation.
    • Requirements gathering governance.
    • Change control processes for new requirements.
    • Communication processes for requirements gathering.

    Deliverables Completed

    • SOPs for requirements gathering.
    • Project level selection framework.
    • Communications framework for requirements gathering.
    • Requirements documentation standards.

    Organizations and experts who contributed to this research

    Interviews

    • Douglas Van Gelder, IT Manager, Community Development Commission of the County of Los Angeles
    • Michael Lyons, Transit Management Analyst, Metropolitan Transit Authority
    • Ken Piddington, CIO, MRE Consulting
    • Thomas Dong, Enterprise Software Manager, City of Waterloo
    • Chad Evans, Director of IT, Ontario Northland
    • Three anonymous contributors

    Note: This research also incorporates extensive insights and feedback from our advisory service and related research projects.

    Bibliography

    “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint Software Systems, 2012. Web.

    “BPM Definition.” BPMInstitute.org, n.d. Web.

    “Capturing the Value of Project Management.” PMI’s Pulse of the Profession, 2015. Web.

    Eby, Kate. “Demystifying the 5 Phases of Project Management.” Smartsheet, 29 May 2019. Web.

    “Product Management: MoSCoW Prioritization.” ProductPlan, n.d. Web.

    “Projects Delivered on Time & on Budget Result in Larger Market Opportunities.” Jama Software, 2015. Web.

    “SIPOC Table.” iSixSigma, n.d. Web.

    “Survey Principles.” University of Wisconsin-Madison, n.d. Web.

    “The Standish Group 2015 Chaos Report.” The Standish Group, 2015. Web.

    GDPR, Implemented!

    GDPR, Are You really ready?

    It is now 2020 and the GDPR has been in effect for almost 2 years. Many companies thought: been there, done that. And for a while the regulators let some time go by.

    The first warnings appeared quickly enough. Eg; in September 2018, the French regulator warned a company that they needed to get consent of their customers for getting geolocation based data.

    That same month, an airline was hacked and, on top of the reputational damage and costs to fix the IT systems, it faced the threat of a stiff fine.

    Even though we not have really noticed, fines started being imposed as early as January 2019.

    But these fines, that is when you have material breaches...

    Wrong! The fines are levied in a number of cases. And to make it difficult to estimate, there are guidelines that will shape the decision making process, but no hard and fast rules!

    The GDPR is very complex and consists of both articles and associated recitals that you need to be in compliance with. it is amuch about the letter as it is about the spirit.

    We have a clear view on what most of those cases are.
    And more importantly, when you follow our guidelines, you will be well placed to answer any questions by your clients and cooperate with the regulator in a proactive way.

    They will never come after me. I'm too small.

    And besides, I have my privacy policy and cookie notice in place

    Company size has nothing to do with it.

    While in the beginning, it seemed mostly a game for the big players (for names, you have to contact us) that is just perception.

    As early as March 2018 a €10M revenue company was fined around €120,000. 2 days later another company with operating revenues of  around €6.2M was fined close to €200.000 for failing to abide by the DSRR stipulatons.

    Don't know what these are?
    Fill out the form below and we'll let you in on the good stuff.

     

    Continue reading

    Optimize the IT Operations Center

    • Buy Link or Shortcode: {j2store}449|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Your team’s time is burned up by incident response.
    • Manual repetitive work uses up expensive resources.
    • You don’t have the visibility to ensure the availability the business demands.

    Our Advice

    Critical Insight

    • Sell the project to the business.
    • Leverage the Operations Center to improve IT Operations.

    Impact and Result

    • Clarify lines of accountability and metrics for success.
    • Implement targeted initiatives and track key metrics for continual improvement.

    Optimize the IT Operations Center Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should Optimize the IT Operations Center, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Lightning Phase: Pluck Low-Hanging Fruit for Quick Wins

    Get quick wins to demonstrate early value for investments in IT Operations.

    • Optimize the IT Operations Center – Lightning Phase: Pluck Low-Hanging Fruit for Quick Wins

    2. Get buy-in

    Get buy-in from business stakeholders by speaking their language.

    • Optimize the IT Operations Center – Phase 1: Get Buy-In
    • IT Operations Center Prerequisites Assessment Tool
    • IT Operations Center Stakeholder Buy-In Presentation
    • IT Operations Center Continual Improvement Tracker

    3. Define accountability and metrics

    Formalize process and task accountability and develop targeted metrics.

    • Optimize the IT Operations Center – Phase 2: Define Accountability and Metrics
    • IT Operations Center RACI Charts Template

    4. Assess gaps and prioritize initiatives

    Identify pain points and determine the top solutions.

    • Optimize the IT Operations Center – Phase 3: Assess Gaps and Prioritize Initiatives
    • IT Operations Center Gap and Initiative Tracker
    • IT Operations Center Initiative Prioritization Tool

    5. Launch initiatives and track metrics

    Lay the foundation for implementation and continual improvement.

    • Optimize the IT Operations Center – Phase 4: Launch Initiatives and Track Metrics
    [infographic]

    Workshop: Optimize the IT Operations Center

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Check Foundation

    The Purpose

    Ensure base maturity in IT Operations processes.

    Key Benefits Achieved

    Verify that foundation is in place to proceed with Operations Center project.

    Activities

    1.1 Evaluate base maturity.

    Outputs

    IT Operations Center Prerequisites Assessment Tool

    2 Define Accountabilities

    The Purpose

    Define accountabilities for Operations processes and tasks.

    Key Benefits Achieved

    Documented accountabilities.

    Activities

    2.1 Pluck low-hanging fruit for quick wins.

    2.2 Complete process RACI.

    2.3 Complete task RACI.

    Outputs

    Project plan

    Process RACI

    Task RACI

    3 Map the Challenge

    The Purpose

    Define metrics and identify accountabilities and gaps.

    Key Benefits Achieved

    List of initiatives to address pain points.

    Activities

    3.1 Define metrics.

    3.2 Define accountabilities.

    3.3 Identify gaps.

    Outputs

    IT Operations Center Gap and Initiative Tracker

    4 Build Action Plan

    The Purpose

    Develop an action plan to boost KPIs.

    Key Benefits Achieved

    Action plan and success criteria.

    Activities

    4.1 Prioritize initiatives.

    Outputs

    IT Operations Center Initiative Prioritization Tool

    5 Map Out Implementation

    The Purpose

    Build an implementation plan for continual improvement.

    Key Benefits Achieved

    Continual improvement against identified metrics and KPIs.

    Activities

    5.1 Build implementation plan.

    Outputs

    IT Operations Center Continual Improvement Tracker

    Further reading

    Optimize the IT Operations Center

    Stop burning budget on non-value-adding activities.

    ANALYST PERSPECTIVE

    The Network Operations Center is not in Kansas anymore.

    "The old-school Network Operations Center of the telecom world was heavily peopled and reactionary. Now, the IT Operations Center is about more than network monitoring. An effective Operations Center provides visibility across the entire stack, generates actionable alerts, resolves a host of different incidents, and drives continual improvement in the delivery of high-quality services.
    IT’s traditional siloed approach cannot provide the value the business demands. The modern Operations Center breaks down these silos for the end-to-end view required for a service-focused approach."

    Derek Shank,
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • IT Operations Managers
    • IT Infrastructure Managers
    • CIOs

    This Research Will Help You:

    • Improve reliability of services.
    • Reduce the cost of incident response.
    • Reduce the cost of manual repetitive work (MRW).

    This Research Will Also Assist

    • Business Analysts
    • Project Managers
    • Business Relationship Managers

    This Research Will Help Them

    • Develop appropriate non-functional requirements.
    • Integrate non-functional requirements into solution design and project implementation.

    Executive Summary

    Situation

    • Your team’s time is burned up by incident response.
    • MRW burns up expensive resources.
    • You don’t have the visibility to ensure the availability the business demands.

    Complication

    • The increasing complexity of technology has resulted in siloed teams of specialists.
    • The business views IT Operations as a cost center and doesn’t want to provide resources to support improvement initiatives.

    Resolution

    • Pluck low-hanging fruit for quick wins.
    • Obtain buy-in from business stakeholders by speaking their language.
    • Clarify lines of accountability and metrics for success.
    • Implement targeted initiatives and track key metrics for continual improvement.

    Info-Tech Insight

    1. Sell the project to the business. Your first job is a sales job because executive sponsorship is key to project success.
    2. Worship the holy trinity of metrics: impact of downtime, cost of incident response, and time spent on manual repetitive work (MRW).
    3. Invest in order to profit. Improving the Operations Center takes time and money. Expect short-term pain to realize long-term gain.

    The role of the Network Operations Center has changed

    • The old approach was technology siloed and the Network Operations Center (NOC) only cared about the network.
    • The modern Operations Center is about ensuring high availability of end-user services, and requires cross-functional expertise and visibility across all the layers of the technology stack.
    A pie chart is depicted. The data displayed on the chart, in decreasing order of size, include: Applications; Servers; LAN; WAN; Security; Storage. Source: Metzler, n.d.

    Most organizations lack adequate visibility

    • The rise of hybrid cloud has made environments more complex, not less.
    • The increasing complexity makes monitoring and incident response more difficult than ever.
    • Only 31% of organizations use advanced monitoring beyond what is offered by cloud providers.
    • 69% perform no monitoring, basic monitoring, or rely entirely on the cloud provider’s monitoring tools.
    A Pie chart is depicted. Two data are represented on the chart. The first, representing 69% of the chart, is: Using no monitoring, basic monitoring, or relying only on the cloud vendor's monitoring. the second, representing 31% of the chart, is Using advanced monitoring beyond what cloud vendors provide. Source: InterOp ITX, 2018

    Siloed service level agreements cannot ensure availability

    You can meet high service level agreements (SLAs) for functional silos, but still miss the mark for service availability. The business just wants things to work!

    this image contains Info-Tech's SLA-compliance rating chart, which displays the categories: Available, behaving as expected; Slow/degraded; and Unavailable, for each of: Webserver; Database; Storage; Network; Application; and, Business Service

    The cost of downtime is massive

    Increasing reliance on IT makes downtime hurt more than ever.
    98% of enterprises lose $100,000+.
    81% of enterprises lose $300,000+ per hour of downtime.

    This is a bar graph, showing the cost per hour of downtime, against the percentage of enterprises.

    Source: ITIC, 2016

    IT is asked to do more with less

    Most IT budgets are staying flat or shrinking.

    57% of IT departments expect their budget to stay flat or to shrink from 2018 to 2019.

    This image contains a pie chart with two data, one is labeled: Increase; representing 43% of the chart. The other datum is labeled: Shrink or stay flat, and represents 57% of the chart.

    Unify and streamline IT Operations

    A well-run Operations Center ensures high availability at reasonable cost. Improving your Operations Center results in:

    • Higher availability
    • Increased reliability
    • Improved project capacity
    • Higher business satisfaction

    Measure success with the holy trinity of metrics

    Focus on reducing downtime, cost of incident response, and MRW.

    This image contains a Funnel Chart showing the inputs: Downtime; Cost of Incident Response; MRW; and the output: Reduce for continual improvement

    Start from the top and employ a targeted approach

    Analyze data to get buy-in from stakeholders, and use our tools and templates to follow the process for continual improvement in IT Operations.

    This image depicts a cycle, which includes: Data analysis; Executive Sponsorship; Success Criteria; Gap Assessment; Initiatives; Tracking & Measurement

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Optimize the IT Operations Center – project overview

    Launch the Project

    Identify Enterprise Services

    Identify Line of Business Services

    Complete Service Definitions

    Best-Practice Toolkit

    🗲 Pluck Low-Hanging Fruit for Quick Wins

    1.1 Ensure Base Maturity Is in Place

    1.2 Make the Case

    2.1 Define Accountabilities

    2.2 Define Metrics

    3.1 Assess Gaps

    3.2 Plan Initiatives

    4.1 Lay Foundation

    4.2 Launch and Measure

    Guided Implementations

    Discuss current state.

    Review stakeholder presentation.

    Review RACIs.

    Review metrics.

    Discuss gaps.

    Discuss initiatives.

    Review plan and metric schedule.

    Onsite Workshop Module 1:

    Clear understanding of project objectives and support obtained from the business.

    Module 2:

    Enterprise services defined and categorized.

    Module 3:

    LOB services defined based on user perspective.

    Module 4:

    Service record designed according to how IT wishes to communicate to the business.

    Phase 1 Results:

    Stakeholder presentation

    Phase 2 Results:
    • RACIs
    • Metrics
    Phase 3 Results:
    • Gaps list
    • Prioritized list of initiatives
    Phase 4 Results:
    • Implementation plan
    • Continual improvement tracker

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Pre-Workshop Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Check Foundation

    Define Accountabilities

    Map the Challenge

    Build Action Plan

    Map Out Implementation

    1.1 Ensure base maturity.

    🗲 Pluck low-hanging fruit for quick wins.

    2.1 Complete process RACI.

    2.2 Complete task RACI.

    3.1 Define metrics.

    3.2 Define accountabilities.

    3.2 Identify gaps.

    4.1 Prioritize initiatives.

    5.1 Build implementation plan.

    Deliverables
    1. IT Operations Center Prerequisites Assessment Tool
    1. IT Operations Center RACI Charts Template
    1. IT Operations Center Gap and Initiative Tracker
    1. IT Operations Center Initiative Prioritization Tool
    1. IT Operations Center Continual Improvement Tracker

    PHASE 🗲

    Pluck Low-Hanging Fruit for Quick Wins

    Optimize the IT Operations Center

    Conduct a ticket-trend analysis

    Generate reports on tickets from your IT service management (ITSM) tool. Look for areas that consume the most resources, such as:

    • Recurring tickets.
    • Tickets that have taken a long time to resolve.
    • Tickets that could have been resolved at a lower tier.
    • Tickets that were unnecessarily or improperly escalated.

    Identify issues

    Analyze the tickets:

    • Look for recurring tickets that may indicate underlying problems.
    • Ask tier 2 and 3 technicians to flag tickets that could have been resolved at a lower tier.
    • Identify painful and/or time consuming service requests.
    • Flag any manual repetitive work.

    Write the issues on a whiteboard.

    Oil & Gas IT reduces manual repetitive maintenance work

    CASE STUDY
    Industry Oil & Gas
    Source Interview

    Challenge

    The company used a webserver to collect data from field stations for analytics. The server’s version did not clear its cache – it filled up its own memory and would not overwrite, so it would just lock up and have to be rebooted manually.

    Solution

    The team found out that the volumes and units of data would cause the memory to fill at a certain time of the month. They wrote a script to reboot the machine and set up a planned outage during the appropriate weekend each month.

    Results

    The team never had to do manual reboots again – though they did have to tweak their reboot script not to rely on their calendar, after a shift in production broke the pattern between memory consumption and the calendar.

    Rank the issues

    🗲.1.1 10 minutes

    1. Assign each participant five sticky dots to use for voting.
    2. Have each participant place any number of dots beside the issue(s) of their choice.
    3. Count the dots and rank the top three most important issues.

    INPUT

    • List of issues

    OUTPUT

    • Top three issues

    Materials

    • Whiteboard
    • Markers
    • Sticky dots

    Participants

    • Operations Manager
    • Infrastructure Manager
    • I&O team members

    Brainstorm solutions

    🗲.1.2 10 minutes

    1. Write the three issues at the top of a whiteboard, each at the head of its own column.
    2. Focusing on one issue at a time, brainstorm potential solutions for each issue. Have one person write all the proposed solutions on the board beneath the issue.

    Info-Tech Best Practice

    Do not censor or evaluate the proposed solutions at this time. During brainstorming, focus on coming up with as many potential solutions as possible, no matter how infeasible or outlandish.

    INPUT

    • Top three issues

    OUTPUT

    • Potential solutions

    Materials

    • Whiteboard
    • Markers

    Participants

    • Operations Manager
    • Infrastructure Manager
    • I&O team members

    Evaluate and rank potential solutions

    🗲.1.3 30 minutes

    1. Score the solutions from 1-5 on each of the two dimensions:
    • Attainability
    • Probable efficacy
  • Identify the top scoring solution for each issue. In the event of a tie, vote to determine the winner.
  • Info-Tech Insight

    Quick wins are the best of both worlds. To get a quick win, pick a solution that is both readily attainable and likely to have high impact.

    INPUT

    • Potential solutions

    OUTPUT

    • Ranked list of solutions

    Materials

    • Whiteboard
    • Markers

    Participants

    • Operations Manager
    • Infrastructure Manager
    • I&O team members

    Develop metrics to measure the effectiveness of solutions

    You should now have a top potential solution for each pain point.

    For each pain point and proposed solution, identify the metric that would indicate whether the solution had been effective or not. For example:

    • Pain point: Too many unnecessary escalations for SharePoint issues.
    • Solution: Train tier 1 staff to resolve SharePoint tickets.
    • Metric: % of SharePoint tickets resolved at tier 1.

    Design solutions

    • Some solutions explain themselves. E.g., hire an extra service desk person.
    • Others require more planning and design, as they involve a bespoke solution. E.g., improve asset management process or automate onboarding of new users.
    • For the solutions that require planning, take the time to design each solution fully before rushing to implement it.

    Build solutions

    • Build any of the solutions that require building. For example, any scripting for automations requires the writing of those scripts, and any automated ticket routing requires configuration of your ITSM tool.
    • Part of the build phase for many solutions should also involve designing the tests of those solutions.

    Test solutions – refine and iterate

    • Think about the expected outcome and results of the solutions that require testing.
    • Test each solution under production-like circumstances to see if the results and behavior are as expected.
    • Refine and iterate upon the solutions as necessary, and test again.

    Implement solutions and measure results

    • Before implementing each solution, take a baseline measurement of the metric that will measure success.
    • Implement the solutions using your change management process.
    • After implementation, measure the success of the solution using the appropriate metric.
    • Document the results and judge whether the solution has been effective.

    Use the top result as a case study to obtain buy-in

    Your most effective solution will make a great case study.

    Write up the results and input the case study into the IT Operations Center Stakeholder Buy-In Presentation.

    This image contains a screenshot of info-tech's default format for presenting case studies.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    🗲.1.2 This image contains a screenshot from section 🗲.1.2 of this blueprint.

    Identify issues

    Look for areas that aren’t working optimally.

    🗲.1.3 this image contains a screenshot from section 🗲.1.3 of this blueprint.

    Evaluate and rank potential solutions

    Sort the wheat from the chaff and plan for quick wins.

    PHASE 1

    Get Buy-In

    Optimize the IT Operations Center

    Step 1.1: Ensure Base Maturity Is in Place

    This step will walk you through the following activities:

    • Assess maturity of base IT Operations processes.

    Outcomes of this step

    • Completed IT Operations Center Prerequisites Assessment Tool

    Base processes underpin the Operations Center

    • Before you optimize your Operations Center, you should have foundational ITSM processes in place: service desk, and incident, problem, and change management.
    • Attempting to optimize Operations before it rests on a solid foundation can only lead to frustration.

    IT Operations Center

    • Service Desk
    • Incident Management
    • Problem Management
    • Change Management

    Info-Tech Insight

    ITIL isn’t dead. New technology such as cloud solutions and advanced monitoring tools have transformed how ITSM processes are implemented, but have not obviated them.

    Assess maturity of prerequisite processes

    1.1.1 IT Operations Center Prerequisites Assessment Tool

    • Don’t try to prematurely optimize your Operations Center.
    • Before undertaking this project, you should already have a base level of maturity in the four foundational IT Operations processes.
    • Complete the IT Operations Center Prerequisites Assessment Tool to assess your current level in service desk, incident management, problem management, and change management.
    this image contains a screenshot from Info-Tech's IT Operations Center Prerequisite Assessment

    Make targeted improvements on prerequisite processes if necessary

    If there are deficiencies in any of your foundational processes, take the time to remedy those first before proceeding with Optimize the IT Operations Center. See Info-Tech’s other blueprints:

    Standardize the Service Desk

    Strengthen your service desk to build a strong ITSM foundation.

    Incident and Problem Management

    Don’t let persistent problems govern your department.

    Optimize Change Management

    Turn and face the change with a right-sized change management process.

    Step 1.2: Make the Case

    This step will walk you through the following activities:

    • Estimate the impact of downtime for top five applications.
    • Estimate the cost of incident response.
    • Estimate the cost of MRW.
    • Set success metrics and estimate the ROI of the Operations Center project.
    • IT Operations Center Stakeholder Buy-In Presentation

    Obtaining buy-in is critical

    Buy-in from top-level stakeholders is critical to the success of the project.

    Before jumping into your initiatives, take the time to make the case and bring the business on board.

    Factors that “prevent us from improving the NOC”

    This image contains a graph of factors that prevent us from improving the NOC. In decreasing order, they include: Lack of strategic guidance from our vendors; The unwillingness of our management to accept new risk; Lack of adequate software tools; Our internal processes; Lack of management vision; Lack of funding; and Lack of personnel resources. There is a red circle drawn around the last three entries, with the words: Getting Buy-in Removes the Top Three Roadblocks to Improvement!. Source: Metzier, n.d

    List your top five applications

    List your top five applications for business criticality.

    Don’t agonize over decisions at this point.

    Generally, the top applications will be customer facing, end-user facing for the most critical business units, or critical for health and safety.

    Estimate impact of downtime

    • Come up with a rough, back-of-the-napkin estimate of the hourly cost of downtime for each application.
    • Complete page two of the IT Operations Center Stakeholder Buy-In Presentation.
    • Estimate loss of revenue per hour, loss of productivity per hour, and IT cost per incident resolution hour.
    • Pull a report on incident hours/outages in the past year from your ITSM tool. Multiply the total cost per incident hour by the incident hours per year to determine the current cost per year of service disruptions for each service.
    • Add up the cost for each of the top five services.
    • Now you can show the business a hard value number that quantifies your availability issues.

    Estimate salary cost of non-value-adding work

    Complete page three of the IT Operations Center Stakeholder Buy-In Presentation.

    • Estimate annual wage cost of incident response: multiply incident response hours per year (take from your ITSM tool) by the average hourly wage of incident responders.
    • Estimate annual cost of MRW: multiply MRW hours per year (take from ITSM tool or from time-keeping tool, or use best guess based on talking to staff members) by the average hourly wage of IT staff performing MRW.
    • Add the two numbers together to calculate the non-value-adding IT salary cost per year.
    • Express the previous number as a percentage of total IT salary. Everything that is not incident response or MRW is value-adding work.

    Now you have the holy trinity of metrics: set some targets

    The holy trinity of metrics:

    • Cost of downtime
    • % of salary on incident response
    • % of salary on MRW

    You want to reduce the above numbers. Set some back-of-the-napkin targets for percentage reductions for each of these areas. These are high-level metrics that business stakeholders will care about.

    Take your best guess at targets. Higher maturity organizations will have less potential for reduction from a percentage point of view (eventually you hit diminishing returns), while organizations just beginning to optimize their Operations Center have the potential for huge gains.

    Calculate the potential gains of targets

    Complete page five of the IT Operations Center Stakeholder Buy-In Presentation.

    • Multiply the targeted/estimated % reductions of the costs by your current costs to determine the potential savings/benefits.
    • Do a back-of-the napkin estimate of the cost of the Operations Center improvement project. Use reasonable numbers for cost of personnel time and cost of tools, and be sure to include ongoing personnel time costs – your time isn’t free and continual improvement takes work and effort.
    • Calculate the ROI.

    Fill out the case study

    • Complete page six of the IT Operations Center Stakeholder Buy-In Presentation. If you completed the lightning phase, use the results of your own quick win project(s) as an example of feasibility.
    • If you did not complete the lightning phase, delete this slide, or use an example of what other organizations have achieved to demonstrate feasibility.
    This image contains a screenshot of info-tech's default format for presenting case studies.

    Present to stakeholders

    • Deliver the presentation to key stakeholders.
    • Focus on the high-level story that the current state is costing real dollars and wages, and that these losses can be minimized through process improvements.
    • Be up front that many of the numbers are based on estimates, but be prepared to defend the reasonableness of the estimates.

    Gain buy-in and identify project sponsor

    • If the business is on board with the project, determine one person to be the executive sponsor for the project. This person should have a strong desire to see the project succeed, and should have some skin in the game.

    Formalize communication with the project sponsor

    • Establish how you will communicate with the sponsor throughout the project (e.g. weekly or monthly e-mail updates, bi-weekly meetings).
    • Set up a regular/recurring cadence and stick to it, so it can be put on auto-pilot. Be clear about who is responsible for initiating communication and sticking to the reporting schedule.

    Info-Tech Insight

    Tailor communication to the sponsor. The project sponsor is not the project manager. The sponsor’s role is to drive the project forward by allocating appropriate resources and demonstrating highly visible support to the broader organization. The sponsor should be kept in the loop, but not bothered with minutiae.

    Note the starting numbers for the holy trinity

    Use the IT Operations Center Continual Improvement Tracker:

    • Enter your starting numbers for the holy trinity of metrics.
    • After planning and implementing initiatives, this tracker will be used to update against the holy trinity to assess the success of the project on an ongoing basis and to drive continual improvement.

    PHASE 2

    Define Accountability and Metrics

    Optimize the IT Operations Center

    Step 2.1: Define Accountabilities

    This step will walk you through the following activities:

    • Formalize RACI for key processes.
    • Formalize RACI for key tasks.

    Outcomes of this step

    • Completed RACIs

    List key Operations Center processes

    Compile a list of processes that are key for the Operations Center.

    These processes should include the four foundational processes:

    • Service Desk
    • Incident Management
    • Problem Management
    • Change Management

    You may also want to include processes such as the following:

    • Event Management
    • Configuration Management

    Avoid listing processes you have yet to develop – stick with those already playing a role in your current state.

    Formalize RACI for key processes

    Use the IT Operations Center RACI Charts Template. Complete a RACI for each of the key processes involved in the IT Operations Center.

    RACI:

    • Responsible (does the work on a day-to-day basis)
    • Accountable (reviews, signs off, and is held accountable for outcomes)
    • Consulted (input is sought to feed into decision making)
    • Informed (is given notification of outcomes)

    As a best practice, no more than one person should be responsible or accountable for any given process. The same person can be both responsible and accountable for a given process, or it could be two different people.

    Avoid making someone accountable for a process if they do not have full visibility into the process for appropriate oversight, or do not have time to give the process sufficient attention.

    Formalize RACI for IT tasks

    Now think about the actual tasks or work that goes on in IT. Which roles and individuals are accountable for which tasks or pieces of work?

    In this case, more than one role/person can be listed as responsible or accountable in the RACI because we’re talking about types or categories of work. No conflict will occur because these individuals will be responsible or accountable for different pieces of work or individual tasks of the same type. (e.g. all service desk staff are responsible for answering phones and inputting tickets into the ITSM tool, but no more than one staff member is responsible for the input of any given ticket from a specific phone call).

    Step 2.2: Define Metrics

    This step will walk you through the following activities:

    • Cascade operational metrics from the holy trinity.
    • Evaluate metrics and identify key performance indicators (KPIs).
    • Cascade performance assessment (PA) metrics to support KPIs.
    • Build feedback loop for PA metrics.

    Outcomes of this step

    • KPIs
    • PA metrics

    Metrics must span across silos for shared accountability

    To adequately support the business goals of the organization, IT metrics should span across functional silos.

    Metrics that span across silos foster shared accountability across the IT organization.

    Metrics supported by all groups

    three grain silos are depicted. below, are the words IT Groups, with arrows pointing from the words to each of the three silos.

    Cascade operational metrics from the holy trinity

    Focus on the holy trinity of metrics.

    From these, cascade down to operational metrics that contribute to the holy trinity. It is possible that an operational metric may support more than one trinity metric. For example:

    a flow chart is depicted. two input circles point toward a central circle, and two output circles point away. the input circles include: Cost of Downtime; Cost of Incident Response. The central circle reads: Mean time to restore service. the output circles include the words: Tier 1 Resolution Rate; %% of Known Errors Captured in ITSM Tool.

    Evaluate metrics and identify KPIs

      • Evaluate your operational metrics and determine which ones are likely to have the largest impact on the holy trinity of metrics.
      • Identify the ten metrics likely to have the most impact: these will be your KPIs moving forward.
      • Enter these KPIs into the IT Operations Center Continual Improvement Tracker.
      this image depicts a cycle around the term KPI. The cycle includes: Objective; Measurement; optimization; strategy; performance; evaluation

    Beware how changing variables/context can affect metrics

    • Changes in context can affect metrics drastically. It’s important to keep the overall context in mind to avoid being led astray by certain numbers taken in isolation.
    • For example, a huge hiring spree might exhaust the stock of end-user devices, requiring time to procure hardware before the onboarding tickets can be completely fulfilled. You may have improved your onboarding process through automation, but see a large increase in average time to onboard a new user. Keep an eye out for such anomalies or fluctuations, and avoid putting too much stock in any single operational KPI.
    • Remember, operational KPIs are just a heuristic tool to support the holy trinity of metrics.

    Determine accountability for KPIs

    • For each operational KPI, assign one person to be accountable for that KPI.
    • Be sure the person in charge has the necessary authority and oversight over the processes and personnel that most affect that KPI – otherwise it makes little sense to hold the individual accountable.
    • Consulting your process RACIs is a good place to start.
    • Record the accountable person for each KPI in the IT Operations Center Continual Improvement Tracker.

    Info-Tech Best Practice

    Match accountability with authority. The person accountable for each KPI should be the one who has the closet and most direct control over the work and processes that most heavily impact that KPI.

    Cascade PA metrics to support KPIs

    KPIs are ultimately driven by how IT does its work, and how individuals work is driven by how their performance is assessed and evaluated.

    For the top KPIs, be sure there are individual PA metrics in place that support the KPI, and if not, develop the appropriate PA metrics.

    For example:

    • KPI: Mean time to resolve incidents
    • PA metric: % of escalations that followed SOP (e.g. not holding onto a ticket longer than supposed to)
    • KPI: Number of knowledge base articles written
    • PA metric: Number of knowledge base articles written/contributed to

    Communicate key changes in PA metrics

    Any changes from the previous step will take time and effort to implement and make stick.

    Changing people’s way of working is extremely difficult.

    Build a communication and implementation plan about rolling out these changes, emphasize the benefits for everyone involved, and get buy-in from the affected staff members.

    Build feedback loops for PA metrics

    Now that PA metrics support your Operations Center’s KPIs, you should create frequent feedback loops to drive and boost those PA metrics.

    Once per year or once per quarter is not frequent enough. Managers should meet with their direct reports at least monthly and review their reports’ performance against PA metrics.

    Use a “set it and forget it” implementation, such as a recurring task or meeting in your calendar.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    2.2.1 This image contains a screenshot from section 2.2.1 of this blueprint.

    Cascade operational metrics from the holy trinity

    Rank goals based on business impact and stakeholder pecking order.

    2.2.2 this image contains a screenshot from section 2.2.2 of this blueprint.

    Determine accountability for KPIs

    Craft a concise and compelling elevator pitch that will drive the project forward.

    PHASE 3

    Assess Gaps and Prioritize Initiatives

    Optimize the IT Operations Center

    Step 3.1: Assess Gaps

    This step will walk you through the following activities:

    • Assess visibility provided by monitoring.
    • Assess process workflows and identify areas for automation.
    • Assess requests and identify potential for automation.
    • Assess Operations Center staff capabilities.
    • Conduct a root cause analysis on the gaps/pain points.

    Outcomes of this step

    • List of gaps
    • List of root causes

    Measure current state of KPIs and identify lagging ones

    Take a baseline measurement of each operational KPI.

    If historical data is available, compare the present state measurement to data points collected over the last year or so.

    Review the measured KPIs.

    Identify any KPIs that seem lagging or low, or that may be particularly important to influence.

    Record lagging KPIs in the IT Operations Center Gap and Initiative Tracker tool.

    Assess visibility provided by monitoring

    List the top five most critical business services supported by IT.
    Assess the current state of your monitoring tools.

    For each business service, rate the level of visibility your monitoring tools allow from the following options:

    1. We have no visibility into the service, or lack visibility into crucial elements.
    2. We have basic visibility (up/down) into all the IT components that support the service.
    3. We have basic visibility (up/down) into the end service itself, in addition to all the IT components that make it up.
    4. We have some advanced visibility into some aspects of the service and/or its IT components.
    5. We have a full, end-to-end view of performance across all the layers of the stack, as well as the end business service itself.

    Identify where more visibility may be necessary

    For most organizations it isn’t practical to have complete visibility into everything. For the areas in which visibility is lacking into key services, think about whether more visibility is actually required or not. Consider some of the following questions:

    • How great is the impact of this service being unavailable?
    • Would greater visibility into the service significantly reduce the mean time to restore the service in the event of incidents?

    Record any deficiencies in the IT Operations CenterGap and Initiative Tracker tool.

    Assess alerting

    Assess alerting for your most critical services.

    Consider whether any of the following problems occur:

    • Often receive no alert(s) in the event of critical outages of key services (we find out about critical outages from the service desk).
    • We are regularly overwhelmed with too many alerts to investigate properly.
    • Our alerts are rarely actionable.
    • We often receive many false alerts.

    Identify areas for potential improvement in the managing of alerts. Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    Assess process workflows and identify areas for automation

    Review your process flows for base processes such as Service Desk, Incident Management, Problem Management, and Change Management.

    Identify areas in the workflows where there may be defects, inefficiencies, or potential for improvement or automation.

    Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    See the blueprint Prepare for Cognitive Service Management for process workflows and areas to look for automation possibilities.

    Prepare for Cognitive Service Management

    Make ready for AI-assisted IT operations.

    Assess requests and identify potential for automation

    • Assess the most common work orders or requests handled by the Operations Center group (i.e. this does not include requests fulfilled by the help desk).
    • Which work orders are the most painful? That is, what common work orders involve the greatest effort or the most manual work to fulfill?
    • Fulfillment of common, recurring work orders is MRW, and should be reduced or removed if possible.
    • Consider automation of certain work orders, or self-service delivery.
    • Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    Assess Operations Center staff capabilities

    • Assess the skills and expertise of your team members.
    • Consider some of the following:
      • Are there team members who could perform their job more effectively by picking up certain skills or proficiencies?
      • Are there team members who have the potential to shift into more valuable or useful roles, given the appropriate training?
      • Are there individual team members whose knowledge is crucial for operations, and whose function cannot be taken up by others?

    Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    Info-Tech Insight

    Train to avoid pain. All too often organizations expose themselves to significant key person risk by relying on the specialized skills and knowledge of one team member. Use cross training to remedy such single points of failure before the risk materializes.

    Brainstorm pain points

    Brainstorm any pain points not discussed in the previous areas.

    Pain points can be specific operational issues that have not yet been considered. For example:

    • Tom is overwhelmed with tickets.
    • Our MSP often breaches SLA.
    • We don’t have a training budget.

    Record any deficiencies in the IT Operations CenterGap and Initiative Tracker tool.

    Conduct a root cause analysis on the gaps/pain points

    • Pain points can often be symptoms of other deficiencies, or somewhat removed from the actual problem.
    • Using the 5 Whys, conduct a root cause analysis on the pain points for which the causes are not obvious.
    • For each pain point, ask “why” for a sequence of five times, attempting to proceed to the root cause of the issue. This root cause is the true gap that needs to be remedied to resolve the pain point.
    • For example:
      • The Wi-Fi network often goes down in the afternoon.
        • Why?: Its bandwidth gets overloaded.
        • Why?: Many people are streaming video.
        • Why?: There’s a live broadcast of a football game at that time.
      • Possible solutions:
        • Block access to the streaming services.
        • Project the game on a screen in a large conference room and encourage everyone to watch it there.

    Step 3.2: Plan Initiatives

    This step will walk you through the following activities:

    • Brainstorm initiatives to boost KPIs and address gaps.
    • Prioritize potential initiatives.
    • Decide which initiatives to include on the roadmap.

    Outcomes of this step

    • Targeted improvement roadmap

    Brainstorm initiatives to boost KPIs and address gaps

    Prioritize potential initiatives

    3.2.1 IT Operations Center Initiative Prioritization Tool

    • Use the IT Operations Center Initiative Prioritization Tool.
    • Enter the initiatives into the tool.
    • For each initiative, input the following ranking criteria:
      • The metric/KPI’s estimated degree of impact on the holy trinity.
      • The gap or pain point’s estimated degree of impact on the metric/KPI.
      • The initiative’s estimated degree of positive impact on the gap or pain point
      • The initiative’s attainability.
    • Estimate the resourcing capacity required for each initiative.
    • For accurate capacity assessment, input as “force include” all current in-flight projects handled by the Operations Center group (including those unrelated to the Operations Center project).

    Decide which initiatives to include on the roadmap

    • Not all initiatives will be worth pursuing – and especially not all at once.
    • Consider the results displayed on the final tab of the IT Operations CenterInitiative Prioritization Tool.
    • Based on the prioritization and taking capacity into account, decide which initiatives to include on your roadmap.
    • Sometimes, for operational or logistical reasons, it may make sense to schedule an initiative at a time other than its priority might dictate. Make such exceptions on a case-by-case basis.

    Assign an owner to each initiative, and provide resourcing

    • For each initiative, assign one person to be the owner of that initiative.
    • Be sure that person has the authority and the bandwidth necessary to drive the initiative forward.
    • Secure additional resourcing for any initiatives you want to include on your roadmap that are lacking capacity.

    Info-Tech Insight

    You must invest resources in order to reduce the time spent on non-value-adding work.

    "The SRE model of working – and all of the benefits that come with it – depends on teams having ample capacity for engineering work. If toil eats up that capacity, the SRE model can’t be launched or sustained. An SRE perpetually buried under toil isn’t an SRE, they are just a traditional long-suffering SysAdmin with a new title."– David N. Blank-Edelman

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    3.1.1 This image contains a screenshot from section 3.1.1 of this blueprint.

    Conduct a root cause analysis on the gaps/pain points

    Find out the cause, so you can come up with solutions.

    3.2.1 this image contains a screenshot from section 3.2.1 of this blueprint.

    Prioritize potential initiatives

    Don’t try to boil the ocean. Target what’s manageable and what will have the most impact.

    PHASE 4

    Launch Initiatives and Track Metrics

    Optimize the IT Operations Center

    Step 4.1: Lay Foundation

    This step will walk you through the following activities:

    • Build initiative communication plan.
    • Develop a testing plan for each technical initiative.

    Outcomes of this step

    • Communication plan
    • Testing plan(s)

    Expect resistance to change

    • It’s not as simple as rolling out what you’ve designed.
    • Anything that affects people’s way of working will inevitably be met with suspicion and pushback.
    • Be prepared to fight the battle.
    • "The hardest part is culture. You must get people to see the value of automation. Their first response is ‘We've been doing it this way for 10 years, why do we need to do it another way?’ It's hard to get someone out of their comfort zone to learn something new, especially when they've been at an organization for 20 years. You need to give them incentives."– Cyrus Kalatbari, Senior IT Architect, Infrastructure/Cloud

    Communicate changes in advance, along with their benefits!

    • Communicate changes well in advance of the date(s) of implementation.
    • Emphasize the benefits of the changes – not just for the organization, but for employees and staff members.
    • Advance communication of changes helps make them more palatable, and builds trust in employees by making them feel informed of what’s going on.

    Involve IT staff in design and implementation of changes

    • As you communicate the coming changes, take the opportunity to involve any affected staff members who have not yet participated in the project.
    • Solicit their feedback and get them to help design and implement the initiatives that involve significant changes to their roles.

    Develop a testing plan for each technical initiative

    • Some initiatives, such as appointing a new change manager or hiring a new staff member, do not make sense to test.
    • On the other hand, technical initiatives such as automation scripts, new monitoring tools or dashboards, and changed alert thresholds should be tested thoroughly before implementation.
    • For each technical initiative, think about the expected results and performance if it were to run in production, and build a test plan to ensure it behaves as expected and there are no corner cases.

    Test technology initiatives and iterate if necessary

    • Test each technical initiative under a variety of circumstances, with as close an environment to production as possible.
    • Try to develop corner cases or unusual or unexpected situations, and see if any of these will break the functionality or produce unintended or unexpected results.
    • Document the results of the testing, and iterate on the initiative and test again if necessary.

    "The most important things – and the things that people miss – are prerequisites and expected results. People jump out and build scripts, then the scripts go into the ditch, and they end up debugging in production." – Darin Stahl, Research Director, Infrastructure & Operations

    Step 4.2: Launch and Measure

    This step will walk you through the following activities:

    • Launch initiatives and track adoption and effectiveness.
    • Investigate initiatives that appear ineffective.
    • Measure success with the holy trinity.

    Outcomes of this step

    • Continual improvement roadmap

    Establish a review cycle for each metric

    Info-Tech Best Practice

    Don’t measure what doesn’t matter. If a metric is not going to be reviewed or reported on for informational or decision-making purposes, it should not be tracked.

    Launch initiatives and track adoption and effectiveness

    • Launch the initiatives.
    • Some initiatives will need to proceed through your change management process in order to roll out, but others will not.
    • Track the adoption of initiatives that require it.
      • Some initiatives will require tracking of adoption, whereas others will not.
      • For example, hiring a new service desk staff member does not require tracking of adoption, but implementing a new process for ticket handling does.
      • The implementation plan should include a way to measure the adoption of such initiatives, and regularly review the numbers to see if the implementation has been successful.
    • For all initiatives, measure their effectiveness by continuing to track the KPI/metric that the initiative is intended to influence.

    Assess metrics according to review cycle for continual improvement

    • Assess metrics according to the review cycle.
    • Note whether metrics are improving in the right direction or not.
    • Correlate changes in the metrics with measures of the adoption of the initiatives – see whether initiatives that have been adopted are moving the needle on the KPIs they are intended to.

    Investigate initiatives that appear ineffective

    • If the adoption of an initiative has succeeded, but the expected impact of that initiative on the KPI has not taken place, investigate further and conduct a root causes analysis to determine why this is the case.
    • Sometimes, anomalies or fluctuations will occur that cause the KPI not to move in accordance with the success of the initiative. In this case, it’s just a fluke and the initiative can still be successful in influencing the KPI over the long term.
    • Other times, the initiative may prove mostly or entirely ineffective, either due to misdesign of the initiative itself, a change of circumstances, or other compounding factors or complexities. If the initiative proves ineffective, consider iterating modifications of the initiative and continuing to measure the effect on KPIs – or perhaps killing the initiative altogether.
    • Remember that experimentation is not a bad thing – it’s okay that not every initiative will always prove worthwhile.

    Measure success with the holy trinity

    • Report to business stakeholders on the effect on the holy trinity of metrics at least annually.
    • Calculate the ROI of the project after two years and compare the results to the targeted ROI you initially presented in the IT Operations Center Stakeholder Buy-In Presentation.
    This image contains a Funnel Chart showing the inputs: Downtime; Cost of Incident Response; MRW; and the output: Reduce for continual improvement

    Iterate on the Operations Center process for continual improvement

    This image depicts a cycle, which includes: Data analysis; Executive Sponsorship; Success Criteria; Gap Assessment; Initiatives; Tracking & Measurement

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    4.1.1This image contains a screenshot from section 3.1.1 of this blueprint.

    Communicate changes in advance, along with their benefits!

    Rank goals based on business impact and stakeholder pecking order.

    4.1.2 this image contains a screenshot from section 3.2.1 of this blueprint.

    Develop a testing plan for each technical initiative

    Craft a concise and compelling elevator pitch that will drive the project forward.

    Research contributors and experts
    This is a picture of Cyrus Kalatbari, IT infrastructure/cloud architect

    Cyrus Kalatbari, IT Infrastructure/Cloud Architect

    Cyrus’ in-depth knowledge cutting across I&O and service delivery has enhanced the IT operations of multiple enterprise-class clients.

    This is a picture of Derek Cullen, Chief Technology Officer

    Derek Cullen, Chief Technology Officer

    Derek is a proven leader in managing enterprise-scale development, deployment, and integration of applications, platforms, and systems, with a sharp focus on organizational transformation and corporate change.

    This is a picture of Phil Webb, Senior Manager

    Phil Webb, Senior Manager – Unified Messaging and Mobility

    Phil specializes in service delivery for cloud-based and hybrid technology solutions, spanning requirements gathering, solution design, new technology introduction, development, integration, deployment, production support, change/release delivery, maintenance, and continuous improvement.

    This is a picture of Richie Mendoza, IT Services Delivery Consultant

    Richie Mendoza, IT Services Delivery Consultant

    Ritchie’s accomplishments include pioneering a cloud capacity management process and presenting to the Operations team and to higher management, while providing a high level of technical leadership in all phases of capacity management activities.

    This is a picture of Rob Thompson, Solutions Architect

    Rob Thomson, Solutions Architect

    Rob is an IT leader with a track record of creating and executing digital transformation initiatives to achieve the desired outcomes by integrating people, process, and technology into an efficient and effective operating model.

    Related Info-Tech research

    Create a Configuration Management Roadmap

    Right-size your CMDB to improve IT operations.

    Harness Configuration Management Superpowers

    Build a CMDB around the IT services that are most important to the organization.

    Develop an IT Infrastructure Services Playbook

    Automation, SDI, and DevOps – build a cheat sheet to manage a changing Infrastructure & Operations environment.

    Develop an Availability and Capacity Management Plan

    Manage capacity to increase uptime and reduce costs.

    Establish a Program to Enable Effective Performance Monitoring

    Maximize the benefits of infrastructure monitoring investments by diagnosing and assessing transaction performance, from network to server to end-user interface.

    Bibliography

    Baker, Dan, and Hal Baylor. “How Benchmarking & Streamlining NOC Operations Can Lower Costs & Boost Effectiveness.” Top Operator, Mar. 2017. Web.

    Blank-Edelman, David. Seeking SRE: Conversations About Running Production Systems at Scale. O'Reilly, 2018. Web.

    CA Technologies. “IT Transformation to Next-Generation Operations Centers: Assure Business Service Reliability by Optimizing IT Operations.” CA Technologies, 2014. Web.

    Ditmore, Jim. “Improving Availability: Where to Start.” Recipes for IT, n.d. Web.

    Ennis, Shawn. “A Phased Approach for Building a Next-Generation Network Operations Center.” Monolith Software, 2009. Web.

    Faraclas, Matt. “Why Does Infrastructure Operations Still Suck?” Ideni, 25 Feb. 2016. Web.

    InterOp ITX. “2018 State of the Cloud.” InterOp ITX, Feb. 2018. Web.

    ITIC. “Cost of Hourly Downtime Soars: 81% of Enterprises Say it Exceeds $300K On Average.” ITIC, 2 Aug. 2016. Web.

    Joe the IT Guy. “Availability Management Is Harder Than it Looks.” Joe the IT Guy, 10 Feb. 2016. Web.

    ---. “Do Quick Wins Exist for Availability Management?” Joe the IT Guy, 15 May 2014. Web.

    Lawless, Steve. “11 Top Tips for Availability Management.” Purple Griffon, 4 Jan. 2019. Web.

    Metzler, Jim. “The Next Generation Network Operations Center: How the Focus on Application Delivery is Redefining the NOC.” Ashton, Metzler & Associates, n.d. Web.

    Nilekar, Shirish. “Beyond Redundancy: Improving IT Availability.” Network Computing, 28 Aug. 2015. Web.

    Slocum, Mac. “Site Reliability Engineering (SRE): A Simple Overview.” O’Reilly, 16 Aug. 2018. Web.

    Spiceworks. “The 2019 State of IT.” Spiceworks, 2019. Web

    Assess Your IT Financial Management Maturity Effectively

    • Buy Link or Shortcode: {j2store}315|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management

    Organizations wishing to mature their IT financial management (ITFM) maturity often face the following obstacles:

    • Unfamiliarity: Lack of knowledge and understanding related to ITFM maturity.
    • Shortsightedness: Randomly reacting to changing circumstances.
    • Exchange: Inability to consistently drive dialogues.
    • Perception: IT is perceived as a cost center instead of a trustworthy strategic partner.

    Our Advice

    Critical Insight

    No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool that is only valuable if you are willing to act on it.

    Impact and Result

    A mature ITFM practice leads to many benefits.

    • Foundation: Improved governance, skill sets, processes, and tools.
    • Data: An appropriate taxonomy/data model alongside accurate data for high-quality reporting and insights.
    • Language: A common vocabulary across the organization.
    • Organization Culture: Improved communication and collaboration between IT and business partners.

    Assess Your IT Financial Management Maturity Effectively Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Your IT Financial Management Maturity Effectively Storyboard – A framework and step-by-step methodology to assess your ITFM maturity.

    This research seeks to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.

    • Assess Your IT Financial Management Maturity Effectively Storyboard

    2. IT Financial Management Maturity Assessment Tool – A structured tool to help you assess your ITFM maturity.

    This Excel workbook guides IT finance practitioners to effectively assess their IT financial management practice. Incorporate the visual outputs into your final executive presentation document. Key activities include context setting, completing the assessment, and prioritizing focus areas based on results.

    • IT Financial Management Maturity Assessment Tool

    3. IT Financial Management Maturity Assessment Report Template – A report summarizing your ITFM maturity assessment results to help you communicate with stakeholders.

    Use this template to document your final ITFM maturity outputs, including the current and target states and your identified priorities.

    • IT Financial Management Maturity Assessment Report Template
    [infographic]

    Further reading

    Assess Your IT Financial Management Maturity Effectively

    Influence your organization’s strategic direction.

    Analyst Perspective

    Make better informed data-driven business decisions.

    Technology has been evolving throughout the years, increasing complexity and investments, while putting more stress on operations and people involved. As an IT leader, you are now entrusted to run your outfit as a business, sit at the executive table as a true partner, and be involved in making decisions that best suit your organization. Therefore, you have an obligation to fulfill the needs of your end customers and live up to their expectations, which is not an easy task.

    IT financial management (ITFM) helps you generate value to your organization’s clientele by bringing necessary trade-offs to light, while driving effective dialogues with your business partners and leadership team.

    This research will focus on Info-Tech’s approach to ITFM maturity, aiming for a state of continuous improvement, where an organization can learn and grow as it adapts to change. As the ITFM practice matures, IT and business leaders will be able to better understand one another and together make better business decisions, driven by data.

    This client advisory presentation and accompanying tool seek to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.

    Photo of Bilal Alberto Saab, Research Director, IT Financial Management, Info-Tech Research Group. Bilal Alberto Saab
    Research Director, IT Financial Management
    Info-Tech Research Group

    Executive Summary

    The value of ITFM is undermined

    ITFM is often discarded and not given enough importance and relevance due to the operational nature of IT, and the specialized skillset of its people, leading to several problems and challenges, such as:

    • Unfamiliarity: Lack of knowledge and understanding related to ITFM maturity.
    • Shortsightedness: Randomly reacting to changing circumstances.
    • Exchange: Inability to consistently drive dialogues.
    • Perception: IT is perceived as a cost center instead of a trustworthy strategic partner.

    Constructive dialogues with business partners are not the norm

    Business-driven conversations around financials (spending, cost, revenue) are a rarity in IT due to several factors, including:

    • Foundation: Weak governance, inadequate skillset, and less than perfect processes and tools.
    • Data: Lack of adequate taxonomy/data model, alongside inaccurate data leading to poor reporting and insights.
    • Language: Lack of a common vocabulary across the organization.
    • Organization culture: No alignment, alongside minimal communication and collaboration between IT and business partners.

    Follow Info-Tech’s approach to move up the ITFM maturity ladder

    Mature your ITFM practice by activating the means to make informed business decisions.

    Info-Tech’s methodology helps you move the dial by focusing on three maturity focus areas:

    • Build an ITFM Foundation
    • Manage and Monitor IT Spending
    • Bridge the Language Barrier

    Info-Tech Insight

    Influence your organization’s strategic direction by maturing your ITFM practice.

    What is ITFM?

    ITFM is not just about finance.

    • ITFM has evolved from traditional budgeting, accounting, and cost optimization; however, it is much more than those activities alone.
    • It starts with understanding the financial implications of technology by adopting different perspectives to become adept in communicating with various stakeholders, including finance, business partners, IT managers, and your CEO.
    • Armed with this knowledge, ITFM helps you address a variety of questions, such as:
      • How are technology funds being spent?
      • Which projects is IT prioritizing and why?
      • What are the resources needed to speed IT delivery?
      • What’s the value of IT within the organization?
    • ITFM’s main objective is thus to improve decision-making capabilities by facilitating communication between IT leaders and stakeholders, while enabling a customer focus attitude throughout the organization.

    “ITFM embeds technology in financial management practices. Through cost, demand, and value, ITFM brings technology and business together, forging the necessary relationships and starting the right conversations to enable the best decisions for the organization.”
    – Monica Braun, Research Director, Info-Tech Research Group

    Your challenge

    IT leaders struggle to articulate and communicate business value.

    • IT spending is often questioned by different stakeholders, such as business partners and various IT business units. These questions, usually resulting from shifts in business needs, may revolve around investments, expenditures, services, and speed to market, among others. While IT may have an idea about its spending habits, aligning it to the business strategy may prove difficult.
    • IT staff often does not have access to, or knowledge of, the business model and its intricacies. In an operational environment, the focus tends to be on technical issues rather than overall value.
    • People tend to fear what they do not know. Some business managers may not be comfortable with technology. They do not recognize the implications and ramifications of certain implementations or understand the related terminology, which puts a strain on any conversation.

    “Value is not the numbers you visualize on a chart, it’s the dialogue this data generates with your business partners and leadership team.”
    – Dave Kish, Practice Lead, Info-Tech Research Group

    Technology is constantly evolving

    Increasing IT spending and decision-making complexity.

    Timeline of IT technology evolution, starting with 'Timesharing' in the 1980s to 'All Things Digital' in the 2020s. 'IT Spend Growth' grows from start to finish.

    Common obstacles

    IT leaders are not able to have constructive dialogues with their stakeholders.

    • The way IT funds are spent has changed significantly, moving from the purchase of discrete hardware and software tools to implementing data lakes, cloud solutions, the metaverse and blockchain. This implies larger investments and more critical decisions. Conversations around interoperability, integration, and service-based solutions that focus more on big-picture architecture than day-to-day operations have become the norm.
    • Speed to market is now a survival criterion for most organizations, requiring IT to shift rapidly based on changing priorities and customer expectations. This leads to the need for greater financial oversight, with the CFO as the gatekeeper. Today’s IT leaders need to possess both business and financial management savvy to justify their spending with various stakeholders.
    • Any IT budget increase is tied to expectations of greater value. Hence, the compelling demands for IT to prove its worth to the business. Promoting value comes in two ways: 1) objectively, based on data, KPIs, and return on investment; and 2) subjectively, based on stakeholder satisfaction, alongside relationships. Building trust, credibility, and confidence can go a long way.

    In a technology-driven world, advances come at a price. With greater spending required, more complex and difficult conversations arise.

    Constructive dialogues are key

    You don’t know what you don’t know.

    • IT, being historically focused on operations, has become a hub for technically savvy personnel. On the downside, technology departments are often alien to business, causing problems such as:
      • IT staff have no knowledge of the business model and lack customer focus.
      • Business is not comfortable with technology and related jargon.
    • The lack of two-way communication and business alignment is hence an important ramification. If the business does not understand technology, and IT does not speak in business terms, where does that lead us?
    • Poor data quality and governance practices, alongside overly manual processes can only exasperate the situation.

    IT Spending Survey

    79% of respondents believe that decisions taking too long to make is either a significant or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).

    81% of respondents believe that ensuring spend efficiency (avoiding waste) is either a challenge or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).

    ITFM is trailing behind

    IT leaders must learn to speak business.

    In today’s world, where organizations are driving customer experience through technology investments, having a seat at the table means IT leaders must be well versed in business language and practice, including solid financial management skills.

    However, IT staff across all industries aren’t very confident in how well IT is doing in managing its finances. This becomes evident after looking at three core processes:

    • Demonstrating IT’s value to the business.
    • Accounting of costs and budgets.
    • Optimizing costs to gain the best return on investment.

    Recent data from 4,137 respondents to Info-Tech’s IT Management & Governance Diagnostic shows that while most IT staff feel that these three financial management processes are important, notably fewer feel that IT management is effective at executing on them.

    IT leadership’s capabilities around fundamental cost data capture appear to be lagging, not to mention the essential value-added capabilities around optimizing costs and demonstrating IT’s contribution to business value.

    Bar charts comparing percentages of people who 'Agree process is important' and 'Agree process is effective' for three processes: Business Value, Cost & Budget Management, and Cost Optimization. In all instances, the importance outweighed the perceived effectiveness.
    Source: Info-Tech Research Group, IT Management & Governance Diagnostic, 2023.

    Info-Tech’s approach

    We take a holistic approach to ITFM and support you throughout your maturity journey.

    Visualization of the IT maturity levels with three goals at the bottom, 'Build am ITFM Foundation', 'Manage & Monitor IT Spending', and 'Bridge the Language Barrier'. The 5 levels, from bottom to top, are 'Nascent - Level 1, Inability to consistently deliver financial planning services', 'Cost Operator - Level 2, Rudimentary financial planning capabilities', 'Trusted Coordinator - Level 3, Enablement of business through cost-effective supply of technology', 'Value Optimizer - Level 4, Effective impact on business performance', and 'Strategic Partner - Level 5, Influence on the organization's strategic direction'.

    The Info-Tech difference:

    • Info-Tech has a methodology and set of tools that will help assess your ITFM maturity and take the first step in developing an improvement plan. We have identified three maturity focus areas:
      • Build an ITFM Foundation
      • Manage and Monitor IT Spending
      • Bridge the Language Barrier
    • No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool, which is only valuable if you are willing to act on it.

    Note: See Appendix A for maturity level definitions and descriptions.

    Climb the maturity ladder

    By growing along three maturity focus areas.

    A diagram with '3 Maturity Focus Areas' and '9 Maturity Levers' within them. The first area is 'Build an ITFM Foundation' with levers 'Establish your Team', 'Set up your Governance Structure', and 'Adopt ITFM Processes & Tools'. The second area is 'Manage & Monitor IT Spending', with levers 'Standardize your Taxonomy & Data Model', 'Identify, Gather & Prepare your Data', and 'Analyze your Findings and Develop your Reports'. The third area is 'Bridge the Language Barrier' with levers 'Communicate your IT Spending', 'Educate the Masses', and 'Influence your Organization's Culture'.

    Info-Tech identified three maturity focus areas, each containing three levers.

    Identify where you stand across the nine maturity levers, detect the gaps, and determine your priorities as a first step to develop an improvement plan.

    Note: See Appendix B for maturity level definitions and descriptions per lever.

    Key project deliverables

    Each step of this activity is accompanied by supporting deliverables to help you accomplish your goals.

    IT Financial Management Maturity Assessment Report Template

    A template of an ITFM maturity assessment report that can be customized based on your own results.

    IT Financial Management Maturity Assessment Tool

    A workbook including an ITFM maturity survey, generating a summary of your current state, target state, and priorities.

    Measure the value of this activity

    Reach your 12-month maturity target.

    • Determine your 12-month maturity target, identify your gaps, and set your priorities.
    • Use the ITFM maturity assessment to kickstart your improvement plan by developing actionable initiatives.
    • Implement your initiatives and monitor your progress to reach your 12-month target.

    Sample of a result page from the ITFM maturity assessment.

    Build your improvement plan and implement your initiatives to move the dial and climb the maturity ladder.

    Sample of a result page from the ITFM maturity assessment with a graph.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Step 1

    Prepare for the ITFM maturity assessment

    Content Overview

    1. Identify your stakeholders
    2. Set the context
    3. Determine the methodology
    4. Identify assessment takers

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    1. Prepare to take the ITFM maturity assessment

    3 hours

    Input: Understanding your context, objectives, and methodology

    Output: ITFM maturity assessment stakeholders and their objectives, ITFM maturity assessment methodology, ITFM maturity assessment takers

    Materials: 1a. Prepare for Assessment tab in the ITFM Maturity Assessment Tool

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Identify your stakeholders and document it in the ITFM Maturity Assessment Tool (see next slides). We recommend having representatives from different business units across the organization, most notably IT, IT finance, finance, and IT audit.
    2. Set the context with your stakeholders and document it in the ITFM Maturity Assessment Tool. Discuss the reason behind taking the ITFM maturity assessment among the various stakeholders. Why do each of your stakeholders want to take the assessment? What are their main objectives? What would they like to achieve?
    3. Determine the methodology and document it in the ITFM Maturity Assessment Tool. Discuss how you want to go about taking the assessment with your stakeholders. Do you want to have representatives from each business unit take the assessment individually, then share and discuss their findings? Do you prefer forming a working group with representatives from each business unit and go through the assessment together? Or does any of your stakeholders have a different suggestion? You will have to consider the effort, skillset, and knowledge required.
    4. Identify the assessment takers and document it in the ITFM Maturity Assessment Tool. Determine who will be taking the assessment (specific names of stakeholders). Consider their availability, knowledge, and skills.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Document your stakeholders, objectives, and methodology

    Excel Workbook: ITFM Maturity Assessment Tool – Prepare for Assessment worksheet

    Refer to the example and guidelines below on how to document stakeholders, objectives, and methodology (table range: columns B to G and rows 8 to 15).

    Example table from the ITFM Maturity Assessment Tool re: 'Maturity Assessment Stakeholders'.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Text Enter the full name of each stakeholder on a separate row.
    D Text Enter the job title related to each stakeholder.
    E Text Enter the objective(s) related to each stakeholder.
    F Text Enter the agreed upon methodology.
    G Text Enter any notes or comments per stakeholder (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the 1a. Prepare for Assessment tab.
    2. Enter the full names and job titles of the ITFM maturity assessment stakeholders.
    3. Document the maturity assessment objective of each of your stakeholders.
    4. Document the agreed-upon methodology.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Document your assessment takers

    Excel Workbook: ITFM Maturity Assessment Tool – Prepare for Assessment worksheet

    Refer to the example and guidelines below on how to document assessment takers (table range: columns B to E and rows 18 to 25).

    Example table from the ITFM Maturity Assessment Tool re: 'Maturity Assessment Takers'.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Text Enter the full name of each assessment taker on a separate row.
    D Text Enter the job title related to each stakeholder to identify which party is being represented per assessment taker.
    E Text Enter any notes or comments per stakeholder (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the 1a. Prepare for Assessment tab.
    2. Enter the full name of each assessment taker, along with the job title of the stakeholder they are representing.

    Download the IT Financial Management Maturity Assessment Tool

    Step 2

    Take the ITFM maturity assessment

    Content Overview

    1. Complete the survey
    2. Review your assessment results
    3. Determine your priorities

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    2. Take the ITFM maturity assessment

    3 hours

    Input: Understanding of your ITFM current state and 12-month target state, ITFM maturity assessment results

    Output: ITFM current- and target-state maturity levels, average scores, and variance, ITFM current- and target-state average scores, variance, and priority by maturity focus area and maturity lever

    Materials: 1b. Glossary, 2a. Assess ITFM Foundation, 2b. Assess Mngt. & Monitoring, 2c. Assess Language, and 3. Assessment Summary tabs in the ITFM Maturity Assessment Tool

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Complete the survey: select the current and target state of each statement – refer to the glossary as needed for definitions of key terms – in the ITFM Maturity Assessment Tool (see next slides). There are three tabs (one per maturity focus area) with three tables each (nine maturity levers). Review and discuss statements with all assessment takers: consider variations, differing opinions, and reach an agreement on each statement inputs.
    2. Review assessment results: navigate to the Assessment Summary tab in the ITFM maturity assessment tool (see next slides) to view your results. Review and discuss with all assessment takers: consider any shocking output and adjust survey input if necessary.
    3. Determine your priorities: decide on the priority (Low/Medium/High) by maturity focus area and/or maturity lever. Rank your maturity focus area priorities from 1 to 3 and your maturity lever priorities from 1 to 9. Consider the feasibility in terms of timeframe, effort, and skillset required, positive and negative impacts on business and technology, likelihood of failure, and necessary approvals. Document your priorities in the ITFM maturity assessment tool (see next slides).
      Review and discuss priorities with all assessment takers: consider variations, differing opinions, and reach an agreement on each priority.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Complete the survey

    Excel workbook: ITFM Maturity Assessment Tool – Survey worksheets

    Refer to the example and guidelines below on how to complete the survey.

    Example table from the ITFM Maturity Assessment Tool re: Survey worksheets.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Formula Automatic calculation, no entry required: ITFM maturity statement to assess.
    D, E Dropdown Select the maturity levels of your current and target states. One of five maturity levels for each statement, from “1. Nonexistent” (lowest maturity) to “5. Advanced” (highest maturity).
    F, G, H Formula Automatic calculation, no entry required: scores associated with your current and target state selection, along with related variance (column G – column F).
    I Text Enter any notes or comments per ITFM maturity statement (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the survey tabs: 2a. Assess ITFM Foundation, 2b. Assess Management and Monitoring, and 2c. Assess Language.
    2. Select the appropriate current and target maturity levels.
    3. Add any notes or comments per ITFM maturity statement where necessary or helpful.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Review your overall result

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example and guidelines below on how to review your results.

    Example table from the ITFM Maturity Assessment Tool re: Assessment Summary worksheet.

    Column ID Input Type Guidelines
    K Formula Automatic calculation, no entry required.
    L Formula Automatic calculation, no entry required: Current State, Target State, and Variance entries. Please ignore the current state benchmark, it’s a placeholder for future reference.
    M Formula Automatic calculation, no entry required: average overall maturity score for your Current State and Target State entries, along with related Variance.
    N, O Formula Automatic calculation, no entry required: maturity level and related name based on the overall average score (column M), where level 1 corresponds to an average score less than or equal to 1.49, level 2 corresponds to an average score between 1.5 and 2.49 (inclusive), level 3 corresponds to an average score between 2.5 and 3.49 (inclusive), level 4 corresponds to an average score between 3.5 and 4.49 (inclusive), and level 5 corresponds to an average score between 4.5 and 5 (inclusive).
    P, Q Formula Automatic calculation, no entry required: maturity definition and related description based on the maturity level (column N).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to tab 3. Assessment Summary.
    2. Review your overall current state and target state result along with the corresponding variance.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Set your priorities

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example and guidelines below on how to review your results per maturity focus area and maturity lever, then prioritize accordingly.

    Example table from the ITFM Maturity Assessment Tool re: Assessment Summary worksheet.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Formula Automatic calculation, no entry required: ITFM maturity focus area or lever, depending on the table.
    D Placeholder Ignore this column because it’s a placeholder for future reference.
    E, F, G Formula Automatic calculation, no entry required: average score related to the current state and target state, along with the corresponding variance per maturity focus area or lever (depending on the table).
    H Formula Automatic calculation, no entry required: preliminary priority based on the average variance (column G), where Low corresponds to an average variance between 0 and 0.5 (inclusive), Medium corresponds to an average variance between 0.51 and 0.99 (inclusive), and High corresponds to an average variance greater than or equal to 1.
    J Dropdown Select your final priority (Low, Medium, or High) per ITFM maturity focus area or lever, depending on the table.
    K Whole Number Enter the appropriate rank based on your priorities; do not use the same number more than once. A whole number between 1 and 3 to rank ITFM maturity focus areas, and between 1 and 9 to rank ITFM maturity levers, depending on the table.

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to tab 3. Assessment Summary.
    2. Review your current-state and target-state result along with the corresponding variance per maturity focus area and maturity lever.
    3. Select the appropriate priority for each maturity focus area and maturity lever.
    4. Enter a unique rank for each maturity focus area (1 to 3).
    5. Enter a unique rank for each maturity lever (1 to 9).

    Download the IT Financial Management Maturity Assessment Tool

    Step 3

    Communicate your ITFM maturity results

    Content Overview

    1. Review your assessment charts
    2. Customize the assessment report
    3. Communicate your results

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    3. Communicate your ITFM maturity results

    3 hours

    Input: ITFM maturity assessment results

    Output: Customized ITFM maturity assessment report

    Materials: 3. Assessment Summary tab in the ITFM Maturity Assessment Tool, ITFM Maturity Assessment Report Template

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Review assessment charts: navigate to the Assessment Summary tab in the ITFM Maturity Assessment Tool (see next slides) to view your results and related charts.
    2. Edit the report template: complete the template based on your results and priorities to develop your customized ITFM maturity assessment report (see next slide).
    3. Communicate results: communicate and deliberate the assessment results with assessment takers at a first stage, and with your stakeholders at a second stage. The objective is to agree on next steps, including developing an improvement plan.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Review assessment charts

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example below on charts depicting different views of the maturity assessment results across the three focus areas and nine levers.

    Samples of different tabs from the ITFM Maturity Assessment Tool: 'Assessment Summary tab: From cell B49 to cell M100' and 'Assessment Summary tab: From cell K13 to cell Q34'.

    From the Excel workbook, after completing your potential initiatives and filling all related entries in the Outline Initiatives tab:

    1. Navigate to tab 3. Assessment Summary.
    2. Review each of the charts.
    3. Navigate back to the survey tabs to examine, drill down, and amend individual entries as you deem necessary.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Customize your report

    PowerPoint presentation: ITFM Maturity Assessment Report Template

    Refer to the example below on slides depicting different views of the maturity assessment results across the three maturity focus areas and nine maturity levers.

    Samples of different slides from the ITFM Maturity Assessment Report Template, detailed below.

    Slide 6: Edit levels based on your assessment results. Copy and paste the appropriate maturity level definition and description from slide 4.

    Slide 7: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title. You can use the “Outer Offset: Bottom” shadow under shape effects on the chart.

    Slide 8: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title and legend. You can use the “Outer Offset: Center” shadow under shape effects on the chart.

    From the ITFM Maturity Assessment Report Template:

    1. Edit the report based on your results found in the assessment summary tab of the Excel workbook (see previous slide).
    2. Review slides 6 to 8 and bring necessary adjustments.

    Download the IT Financial Management Maturity Assessment Report Template

    Make informed business decisions

    Take a holistic approach to ITFM.

    • A thorough understanding of your technology spending in relation to business needs and drivers is essential to make informed decisions. As a trusted partner, you cannot have effective conversations around budgets and cost optimization without a solid foundation.
    • It is important to realize that ITFM is not a one-time exercise, but a continuous, sustainable process to educate (teach, mentor, and train), increase transparency, and assign responsibility.
    • Move up the ITFM maturity ladder by improving across three maturity focus areas:
      • Build an ITFM Foundation
      • Manage and Monitor IT Spending
      • Bridge the Language Barrier

    What’s Next?

    Communicate your maturity results with stakeholders and develop an actionable ITFM improvement plan.

    And remember, having informed discussions with your business partners and stakeholders, where technology helps propel your organization forward, is priceless!

    IT Financial Management Team

    Photo of Dave Kish, Practice Lead, ITFM Practice, Info-Tech Research Group. Dave Kish
    Practice Lead, ITFM Practice
    Info-Tech Research Group
    Photo of Jennifer Perrier, Principal Research Director, ITFM Practice, Info-Tech Research Group. Jennifer Perrier
    Principal Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group. Angie Reynolds
    Principal Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group. Monica Braun
    Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group. Rex Ding
    Research Specialist, ITFM Practice
    Info-Tech Research Group
    Photo of Aman Kumari, Research Specialist, ITFM Practice, Info-Tech Research Group. Aman Kumari
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Research Contributors and Experts

    Photo of Amy Byalick, Vice President, IT Finance, Info-Tech Research Group. Amy Byalick
    Vice President, IT Finance
    Info-Tech Research Group
    Amy Byalick is an IT Finance practitioner with 15 years of experience supporting CIOs and IT leaders elevating the IT financial storytelling and unlocking insights. Amy is currently working at Johnson Controls as the VP, IT Finance, previously working at PepsiCo, AmerisourceBergen, and Jacobs.
    Photo of Carol Carr, Technical Counselor, Executive Services, Info-Tech Research Group. Carol Carr
    Technical Counselor, Executive Services
    Info-Tech Research Group
    Photo of Scott Fairholm, Executive Counselor, Executive Services, Info-Tech Research Group. Scott Fairholm
    Executive Counselor, Executive Services
    Info-Tech Research Group
    Photo of Gokul Rajan, Executive Counselor, Executive Services, Info-Tech Research Group. Gokul Rajan
    Executive Counselor, Executive Services
    Info-Tech Research Group
    Photo of Allison Kinnaird, Practice Lead, Infrastructure & Operations, Info-Tech Research Group. Allison Kinnaird
    Practice Lead, Infrastructure & Operations
    Info-Tech Research Group
    Photo of Isabelle Hertanto, Practice Lead, Security & Privacy, Info-Tech Research Group. Isabelle Hertanto
    Practice Lead, Security & Privacy
    Info-Tech Research Group

    Related Info-Tech Research

    Sample of the IT spending transparency research. Achieve IT Spending Transparency

    Mature your ITFM practice by activating the means to make informed business decisions.

    Sample of the IT cost optimization roadmap research. Build Your IT Cost Optimization Roadmap

    Develop an IT cost optimization strategy based on your specific circumstances and timeline.

    Bibliography

    Eby, Kate. “The Complete Guide to Organizational Maturity: Models, Levels, and Assessments.” Smartsheet, 8 June 2022. Web.

    “Financial Management Maturity Model.” National Audit Office, n.d. Accessed 28 Apr. 2023.

    “ITFM/TBM Program Maturity Guide.” Nicus Software, n.d. Accessed 28 Apr. 2023.

    Jouravlev, Roman. "Service Financial Management: ITIL 4 Practice Guide." Axelos, 2020.

    McCarthy, Seamus. “Financial Management Maturity Model: A Good Practice Guide.” Office of the Comptroller & Auditor General, 26 June 2018. Web.

    “Principles for Effective Risk Data Aggregation and Risk Reporting.“ Bank for International Settlements, Jan. 2013. Web.

    “Role & Influence of the Technology Decision-Maker 2022.” Foundry, 2022. Web.

    Stackpole, Beth. “State of the CIO, 2022: Focus turns to IT fundamentals.” CIO, 21 March 2022. Web.

    “Tech Spend Pulse.” Flexera, 2022. Web.

    Appendix A

    Definition and Description
    Per Maturity Level

    ITFM maturity levels and definitions

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to consistently deliver financial planning services ITFM practices are almost inexistent. Only the most basic financial tasks and activities are being performed on an ad hoc basis to fulfill the Finance department’s requests.
    Cost Operator
    Level 2
    Rudimentary financial planning capabilities. ITFM activities revolve around minimizing the IT budget as much as possible. ITFM practices are not well defined, and IT’s financial view is limited to day-to-day technical operations.
    IT is only involved in low complexity decision making, where financial conversations center on general ledger items and IT spending.
    Trusted Coordinator
    Level 3
    Enablement of business through cost-effective supply of technology. ITFM activities revolve around becoming a proficient and cost-effective technology supplier to business partners.
    ITFM practices are in place, with moderate coordination and adherence to execution. Various IT business units coordinate to produce a consolidated financial view focused on business services.
    IT is involved in moderate complexity decision making, as a technology subject matter expert, where financial conversations center on IT spending in relation to technology services or solutions provided to business partners.
    Value Optimizer
    Level 4
    Effective impact on business performance. ITFM activities revolve around optimizing existing technology investments to improve both IT and business performance.
    ITFM practices are well managed, established, documented, repeatable, and integrated as necessary across the organization. IT’s financial view tie technology investments to lines of business, business products, and business capabilities.
    Business partners are well informed on the technology mix and drive related discussion. IT is trusted to contribute to complex decision making around existing investments to cost-effectively plan initiatives, as well as enhance business performance.
    Strategic Partner
    Level 5
    Influence on the organization’s strategic direction. ITFM activities revolve around predicting the outcome of new or potential technology investments to continuously optimize business performance.
    ITFM practices are fully optimized, reviewed, and improved in a continuous and sustainable manner, and related execution is tracked by gathering qualitative and quantitative feedback. IT’s financial view is holistic and fully integrated with the business, with an outlook on innovation, growth, and strategic transformation.
    Business and IT leaders know the financial ramifications of every business and technology investment decision. IT is trusted to contribute to strategic decision making around potential and future investments to grow and transform the business.

    Appendix B

    Maturity Level Definitions and Descriptions
    Per Lever

    Establish your ITFM team

    Maturity focus area: Build an ITFM foundation.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide any type of financial insight.ITFM tasks, activities, and functions are not being met in any way, shape, or form.
    Cost Operator
    Level 2
    Ability to provide basic financial insights.There is no dedicated ITFM team.


    Basic ITFM tasks, activities, and functions are being performed on an ad hoc basis, such as high-level budget reporting.

    Trusted Coordinator
    Level 3
    Ability to provide basic business insights.A dedicated team is fulfilling essential ITFM tasks, activities, and functions.


    ITFM team can combine and analyze financial and technology data to produce necessary reports.

    Value Optimizer
    Level 4
    Ability to provide valuable business driven insights.A dedicated ITFM team with well-defined roles and responsibilities can provide effective advice to IT leaders, in a timely fashion, and positively influence IT decisions.
    Strategic Partner
    Level 5
    Ability to influence both technology and business decisions.A dedicated and highly specialized ITFM team is trusted and valued by both IT and Business leaders.


    Insights provided by the ITFM team can influence and shape the organization’s strategy.

    Set up your governance structure

    Maturity focus area: Build an ITFM foundation

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to ensure any adherence to rules and regulations.ITFM frameworks, guidelines, policies, and procedures are not developed nor documented.
    Cost Operator
    Level 2
    Ability to ensure basic adherence to rules and regulations.Basic ITFM frameworks, guidelines, policies, and procedures are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation.
    Trusted Coordinator
    Level 3
    Ability to ensure compliance to rules and regulations, as well as accountability across ITFM processes.Essential ITFM frameworks, guidelines, policies, and procedures are in place, coherent, and documented, aiming to (a) comply with rules and regulations, and (b) provide clear accountability.
    Value Optimizer
    Level 4
    Ability to ensure compliance to rules and regulations, as well as structure, transparency, and business alignment across ITFM processes.ITFM frameworks, guidelines, policies, and procedures are well defined, coherent, documented, and regularly reviewed, aiming to (a) comply with rules and regulations, (b) provide clear accountability, and (c) maintain business alignment.
    Strategic Partner
    Level 5
    Ability to:
    • Ensure compliance to rules and regulations, as well as ITFM processes are transparent, structured, focused on business objectives, and support decision making.
    • Reinforce and shape the organization culture.
    ITFM frameworks, guidelines, policies, and procedures are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) comply with rules and regulations, (b) provide clear accountability, (c) maintain business alignment, and (d) facilitate the decision-making process.


    Enforcement of the ITFM governance structure can influence the organization culture.

    Adopt ITFM processes and tools

    Maturity focus area: Build an ITFM foundation.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to deliver IT financial planning and performance output.ITFM processes and tools are not developed nor documented.
    Cost Operator
    Level 2
    Ability to deliver basic IT financial planning output.Basic ITFM processes and tools are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation.
    Trusted Coordinator
    Level 3
    Ability to deliver accurate IT financial output and basic IT performance output in a consistent cadence.Essential ITFM processes and tools are in place, coherent, and documented, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; and (c) provide clear accountability. ITFM tools and processes are adopted by the ITFM team and some IT business units but are not fully integrated.
    Value Optimizer
    Level 4
    Ability to deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders in a consistent cadence.ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision-making. ITFM tools and processes are adopted by IT and business partners but are not fully integrated.
    Strategic Partner
    Level 5
    Ability to:
    • Deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders.
    • Leverage IT financial planning and performance output in real time and when needed by stakeholders.
    ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision making.


    ITFM processes and tools are automated to the full extent needed by the organization, utilized to their full potential, and integrated into a single enterprise platform, providing a holistic view of IT spending and IT performance.

    Standardize your taxonomy and data model

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide transparency across technology spending.ITFM taxonomy and data model are not developed nor documented.
    Cost Operator
    Level 2
    Ability to provide transparency and support IT financial planning data, analysis, and reporting needs of finance stakeholders.ITFM taxonomy and data model are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation, to comply with, and meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT and finance stakeholders.ITFM taxonomy and data model are in place, coherent, and documented to meet the needs of IT and finance stakeholders.
    Value Optimizer
    Level 4
    Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders.ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.


    ITFM taxonomy and data model are standardized to meet the needs of IT, finance, business, and executive stakeholders, but not flexible enough to be adjusted in a timely fashion as needed.

    Strategic Partner
    Level 5
    Ability to:
    • Provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders.
    • Change to meet evolving needs.
    ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.


    ITFM taxonomy and data model are standardized and meet the changing needs of IT, finance, business, and executive stakeholders.

    Identify, gather, and prepare your data

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide accurate and complete across technology spending.ITFM data needs and requirements are not understood.
    Cost Operator
    Level 2
    Ability to provide accurate, but incomplete IT financial planning data to meet the needs of finance stakeholders.Technology spending data is extracted, transformed, and loaded on an ad hoc basis to meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide accurate and complete IT financial planning data to meet the needs of IT and finance stakeholders, but IT performance data remain incomplete.IT financial planning data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT and finance stakeholders.


    IT financial planning data is (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, and (c) sourced from the organization’s system of record.

    Value Optimizer
    Level 4
    Ability to provide accurate and complete IT financial planning and performance data to meet the needs of IT, finance, business, and executive stakeholders.ITFM data needs and requirements are understood.


    ITFM data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT, finance, business, and executive stakeholders.


    IT financial planning and performance data are (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, and (c) sourced from the organization’s system of record.

    Strategic Partner
    Level 5
    Ability to provide accurate and complete IT financial planning and performance data real time and when needed by IT, finance, business, and executive stakeholders.ITFM data needs and requirements are understood.


    IT financial planning and performance data are (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, (c) available and refreshed as needed, and (d) sourced from the organization’s system of record.

    Analyze your findings and develop your reports

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide any type of financial insight.ITFM analysis and reports are not developed nor documented.
    Cost Operator
    Level 2
    Ability to provide basic financial insights.IT financial planning analysis is conducted on an ad hoc basis to meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide basic financial planning and performance insights to meet the needs of IT and finance stakeholders.IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).


    IT financial planning and performance reports are accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.).

    Value Optimizer
    Level 4
    Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate business decision making around technology investments.ITFM analysis and reports support business decision making around technology investments.


    IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).


    IT financial planning and performance reports are (a) accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.), (b) fit for purpose, and (c) regularly validated for inconsistencies.

    Strategic Partner
    Level 5
    Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate strategic decision making.ITFM analysis and reports support strategic decision making.


    IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.), and consider multiple point of views (hypotheses, interpretations, opinions, etc.).


    IT financial planning and performance reports are (a) accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.), (b) fit for purpose, (c) comprehensive, and (d) regularly validated for inconsistencies.

    Communicate your IT spending

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability of organization stakeholders to communicate and understand each other.The organization stakeholders including IT, finance, business, and executives do not understand one another, and cannot speak the same language.
    Cost Operator
    Level 2
    Ability to understand business and finance requirements.IT understands and meets business and financial planning requirements but does not communicate in a similar language.


    IT cannot influence finance or business decision making.

    Trusted Coordinator
    Level 3
    Ability to understand the needs of different stakeholders including IT, finance, business, and executives and take part in decision making around technology spending.The organization stakeholders including IT, finance, business, and executives understand each other’s needs, but do not communicate in a common language.


    IT leaders provide insights as technology subject matter experts, where conversations center on IT spending in relation to technology services or solutions provided to business partners.


    IT can influence technology decisions around its own budget.

    Value Optimizer
    Level 4
    Ability to communicate in a common vocabulary across the organization and take part in business decision making around technology investments.The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.


    IT and business leaders, along with their respective teams, collaborate frequently across various initiatives.


    IT leaders provide valuable insight to support and influence business decision making around existing technology investments.

    Strategic Partner
    Level 5
    Ability to communicate in a common vocabulary across the organization and take part in strategic decision making.The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.


    IT and business leaders, along with their respective teams, collaborate frequently across various initiatives.


    IT leaders provide valuable insight to facilitate decision making around potential and future investments to grow and transform the business, thus influencing the organization’s overall strategic direction.

    Educate the masses

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability of organization stakeholders to acquire knowledge.Educational resources are inexistent.
    Cost Operator
    Level 2
    Ability to acquire financial knowledge and understand financial concepts.IT leaders have access to educational resources to gain the financial knowledge necessary to perform their duties.
    Trusted Coordinator
    Level 3
    Ability to acquire financial and business knowledge and understand related concepts.IT leaders and their respective teams have access to educational resources to gain the financial and business knowledge necessary to perform their duties.


    ITFM team has access to the necessary educational resources to keep up with changing financial regulations and technology developments.

    Value Optimizer
    Level 4
    Ability to acquire knowledge, across technology, business, and finance as needed by different organization stakeholders, and the leadership understand concepts across these various domains.Stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.


    IT leaders have a good understanding of business and financial concepts.


    Business leaders have a good understanding of technology concepts.

    Strategic Partner
    Level 5
    Ability to acquire knowledge, and understand concepts across technology, business, and finance as needed by different organization stakeholders.The organization promotes continuous learning through well designed programs including training, mentorship, and academic courses. Thus, stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.


    IT leaders and their respective teams have a good understanding of business and financial concepts.


    Business leaders and their respective teams have a good understanding of technology concepts.

    Influence your organization’s culture

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide and foster an environment of collaboration and continuous improvement.Stakeholders including IT, finance, business, and executives operate in silos, and collaboration between different teams is inexistent.
    Cost Operator
    Level 2
    Ability to provide an environment of cooperation to meet the needs of IT, finance, and business leaders.IT, finance, and business leaders cooperate to meet financial planning requirements as necessary to perform their duties.
    Trusted Coordinator
    Level 3
    Ability to provide and foster an environment of collaboration across the organization.IT, finance, and business collaborate on various initiatives.

    ITFM employees are trusted and supported by their stakeholders (IT, finance, and business).

    Value Optimizer
    Level 4
    Ability to provide and foster an environment of collaboration and continuous improvement, where employees across the organization feel trusted, supported, empowered, and valued.Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.


    Employees are trusted, supported, empowered, and valued.

    Strategic Partner
    Level 5
    Ability to provide and foster an environment of collaboration and continuous improvement, where leaders are willing to change, and employees across the organization feel trusted, supported, empowered, and valued.Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.


    The organization’s leadership is adaptable and open to change.


    Employees are trusted, supported, empowered, and valued.

    Establish a Foresight Capability

    • Buy Link or Shortcode: {j2store}88|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • To be recognized and validated as a forward-thinking CIO, you must establish a structured approach to innovation that considers external trends as well as internal processes.
    • The CEO is expecting an investment in IT innovation to yield either cost reduction or revenue growth, but growth cannot happen without opportunity identification.

    Our Advice

    Critical Insight

    • Technological innovation is disrupting business models – and it’s happening faster than organizations can react.
    • Smaller, more agile organizations have an advantage because they have less resources tied to existing operations and can move faster.

    Impact and Result

    • Be the disruptor, not the disrupted. This blueprint will help you plan proactively and identify opportunities before your competitors.
    • Strategic foresight gives you the tools you need to effectively process the signals in your environment, build an understanding of relevant trends, and turn this understanding into action.

    Establish a Foresight Capability Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to effectively apply strategic foresight, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Signal gathering

    Develop a better understanding of your external environment and build a database of signals.

    • Establish a Foresight Capability – Phase 1: Signal Gathering
    • Foresight Process Tool

    2. Trends and drivers

    Select and analyze trends to uncover drivers.

    • Establish a Foresight Capability – Phase 2: Trends and Drivers

    3. Scenario building

    Use trends and drivers to build plausible scenarios and brainstorm strategic initiatives.

    • Establish a Foresight Capability – Phase 3: Scenario Building

    4. Idea selection

    Apply the wind tunneling technique to assess strategic initiatives and determine which are most likely to succeed in the face of uncertainty.

    • Establish a Foresight Capability – Phase 4: Idea Selection
    [infographic]

    Workshop: Establish a Foresight Capability

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Pre-workshop – Gather Signals and Build a Repository

    The Purpose

    Note: this is preparation for the workshop and is not offered onsite.

    Gather relevant signals that will inform your organization about what is happening in the external competitive environment.

    Key Benefits Achieved

    A better understanding of the competitive landscape.

    Activities

    1.1 Gather relevant signals.

    1.2 Store signals in a repository for quick and easy recall during the workshop.

    Outputs

    A set of signal items ready for analysis

    2 Identify Trends and Uncover Drivers

    The Purpose

    Uncover trends in your environment and assess their potential impact.

    Determine the causal forces behind relevant trends to inform strategic decisions.

    Key Benefits Achieved

    An understanding of the underlying causal forces that are influencing a trend that is affecting your organization.

    Activities

    2.1 Cluster signals into trends.

    2.2 Analyze trend impact and select a key trend.

    2.3 Perform causal analysis.

    2.4 Select drivers.

    Outputs

    A collection of relevant trends with a key trend selected

    A set of drivers influencing the key trend with primary drivers selected

    3 Build Scenarios and Ideate

    The Purpose

    Leverage your understanding of trends and drivers to build plausible scenarios and apply them as a canvas for ideation.

    Key Benefits Achieved

    A set of potential responses or reactions to trends that are affecting your organization.

    Activities

    3.1 Build scenarios.

    3.2 Brainstorm potential strategic initiatives (ideation).

    Outputs

    Four plausible scenarios for ideation purposes

    A potential strategic initiative that addresses each scenario

    4 Apply Wind Tunneling and Select Ideas

    The Purpose

    Assess the various ideas based on which are most likely to succeed in the face of uncertainty.

    Key Benefits Achieved

    An idea that you have tested in terms of risk and uncertainty.

    An idea that can be developed and pitched to the business or stored for later use. 

    Activities

    4.1 Assign probabilities to scenarios.

    4.2 Apply wind tunneling.

    4.3 Select ideas.

    4.4 Discuss next steps and prototyping.

    Outputs

    A strategic initiative (idea) that is ready to move into prototyping

    Develop Your Agile Approach for a Successful Transformation

    • Buy Link or Shortcode: {j2store}163|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $86,469 Average $ Saved
    • member rating average days saved: 16 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization wants to shorten delivery time and improve quality by adopting Agile delivery methods.
    • You know that Agile transformations are complex and difficult to implement.
    • Your organization may have started using Agile, but with only limited success.
    • You want to maximize your Agile transformation’s chances of success.

    Our Advice

    Critical Insight

    • Agile transformations are more likely to be successful when the entire organization understands Agile fundamentals, principles, and practices; the “different way of working” that Agile requires; and the role each person plays in its success.

    Impact and Result

    • Understand the “what and why” of Agile.
    • Identify your organization’s biggest Agile pain points.
    • Gain a deeper understanding of Agile principles and practices, and apply these to your Agile pain points.
    • Create a list of action items to address your organization’s Agile challenges.

    Develop Your Agile Approach for a Successful Transformation Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify common Agile challenges

    Identify your organization's biggest Agile pain points so you can focus attention on those topics that are impacting your Agile capabilities the most.

    • Develop Your Agile Approach for a Successful Transformation – Phases 1-2

    2. Establish a solid foundation for Agile delivery

    Ensure that your organization has a solid understanding of Agile principles and practices to help ensure your Agile transformation is successful. Understand Agile's different way of working and identify the steps your organization will need to take to move from traditional Waterfall delivery to Agile.

    • Roadmap for Transition to Agile

    3. Backlog Management Module: Manage your backlog effectively

    The Backlog Management Module helps teams develop a better understanding of backlog management and user story decomposition. Improve your backlog quality by implementing a three-tiered backlog with quality filters.

    4. Scrum Simulation Module: Simulate effective Scrum practices

    The Scrum Simulation Module helps teams develop a better understanding of Scrum practices and the behavioral blockers affecting Agile teams and organizational culture. This module features two interactive simulations to encourage a deeper understanding of good Scrum practices and Agile principles.

    • Scrum Simulation Exercise (Online Banking App)

    5. Estimation Module: Improve product backlog item estimation

    The Estimation Module helps teams develop a better understanding of Agile estimation practices and how to apply them. Teams learn how Agile estimation and reconciliation provide reliable planning estimates.

    6. Product Owner Module: Establish an Effective Product Owner Role

    The Product Owner Module helps teams understand product management fundamentals and a deeper understanding of the product owner role. Teams define their product management terminology, create quality filters for PBIs moving through the backlog, and develop their product roadmap approach for key audiences.

    7. Product Roadmapping Module: Create effective product roadmaps

    The Product Roadmapping Module helps teams understand product road mapping fundamentals. Teams learn to effectively use the six tools of Product Roadmapping.

    [infographic]

    Further reading

    Develop Your Agile Approach for a Successful Transformation

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Analyst Perspective

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Pictures of Alex Ciraco and Hans Eckman

    Alex Ciraco and Hans Eckman
    Application Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Your organization wants to shorten delivery time and improve quality by adopting Agile delivery methods.
    • You know that Agile transformations are complex and difficult to implement.
    • Your organization may have started using Agile, but with only limited success.
    • You want to maximize your Agile transformation's chances of success.

    Common Obstacles

    • People seem to have different, conflicting, or inadequate knowledge of Agile principles and practices.
    • Your organization is not seeing the full benefits that Agile promises, and project teams aren't sure they are "doing Agile right."
    • Confusion and misinformation about Agile is commonplace in your organization.

    Info-Tech's Approach

    • Use our Common Agile Challenges Survey to identify your organization's Agile pain points.
    • Leverage this blueprint to level-set the organization on Agile fundamentals.
    • Address your survey's biggest Agile pain points to see immediate benefits and improvements in the way you practice Agile in your organization.

    Info-Tech Insight

    Agile transformations are more likely to be successful when the entire organization genuinely understands Agile fundamentals, principles and practices, as well as the role each person plays in its success. Focus on developing a solid understanding of Agile practices so your organization can "Be Agile", not just "Do Agile".

    Info-Tech's methodology

    1. Identify Common Agile Challenges

    2. Establish a Solid Foundation for Agile Delivery

    3. Agile Modules

    Phase Steps

    1.1 Identify common agile challenges

    2.1 Align teams with Agile fundamentals

    2.2 Interpret your common Agile challenges survey results

    2.3 (Optional) Move stepwise to iterative Agile delivery

    2.4 Identify insights and team feedback

    • Backlog Management Module:
      Manage Your Backlog Effectively
    • Scrum Simulation Module:
      Simulate Effective Scrum Practices
    • Estimation Module:
      Improve Product Backlog Item Estimation
    • Product Owner Module:
      Establish an Effective Product Owner Role
    • Product Roadmapping Module: Create Effective Product Roadmaps
    Phase Outcomes

    Understand common challenges associated with Agile transformations and identify your organization's struggles.

    Establish and apply a uniform understanding of Agile fundamentals and principles.

    Create a roadmap for your transition to Agile delivery and prioritized challenges.

    Foster deeper understanding of Agile principles and practices to resolve pain points.

    Develop your agile approach for a successful transformation

    Everyone's Agile journey is not the same.

    agile journey for a successful transformation

    Application delivery continues to fall short

    78% of IT professionals believe the business is "usually" or "always" out of sync with project requirements.
    Source: "10 Ways Requirements Can Sabotage Your Projects Right From the Start"

    Only 34% of software is rated as both important and effective by users.

    Source: Info-Tech's CIO Business Vision Diagnostic

    Agile DevOps is a progression of cultural, behavioral, and process changes. It takes time.

    An image of the trail to climb Mount Everest, with the camps replaced by the main steps of the agile approach to reaching Nirvana.

    Enhancements and maintenance are misunderstood

    an image showing the relationship between enhancements and maintenance.

    Source: "IEEE Transactions on Software Engineering"

    Why Agile/DevOps? It's about time to value

    Leaders and stakeholders are frustrated with long lead times to implement changes. Agile/DevOps promotes smaller, more frequent releases to start earning value sooner.

    A frequency graph showing the Time to delivering value depends on Frequency of Releases

    Time to delivering value depends on Frequency of Releases

    Embrace change, don't "scope creep" it

    64% of IT professionals adopt Agile to enhance their ability to manage changing priorities.

    71% of IT professionals found their ability to manage changing priorities improved after implementing Agile.

    Info-Tech Insight

    Traditional delivery processes work on the assumption that product requirements will remain constant throughout the SDLC. This results in delayed delivery of product enhancements which are critical to maintaining a positive customer experience.

    Adapted from: "12th Annual State of Agile Report"

    Agile's four core values

    "…while there is value in the items on the right, we value the items on the left more."
    – Source: "The Agile Manifesto"

    We value. . .

    Individuals and Interactions

    OVER

    Processes and Tools

    Working Software

    OVER

    Comprehensive Documentation

    Customer Collaboration

    OVER

    Contract Negotiation

    Responding to Change

    OVER

    Following a Plan

    Being Agile

    OVER

    Being Prescriptive

    Harness Agile's cultural advantages

    Collaboration

    • Team members leverage all their experience working toward a common goal.

    Iterations

    • Cycles provide opportunities for more product feedback.

    Continual Improvement

    • Self-managing teams continually improve their approach for the next iteration.

    Prioritization

    • The most important needs are addressed in the current iteration.

    Compare Waterfall and Agile – the "what" (how are they different?)

    This is an example of the Waterfall Approach.

    A "One and Done" Approach (Planning & Documentation Based)
    Elapsed time to deliver any value: Months to years

    This is an example of the Agile Approach

    An "Iterative" Approach (Empirical/Evidence Based)
    Elapsed time to deliver any value: Weeks

    Be aware of common myths around Agile

    1. … solve development and communication issues.
    2. … ensure you will finish requirements faster.
    3. … mean you don't need planning and documentation.

    "Although Agile methods are increasingly being adopted in globally distributed settings, there is no panacea for success."
    – "Negotiating Common Ground in Distributed Agile Development: A Case Study Perspective."

    "Without proper planning, organizations can start throwing more resources at the work which spirals into the classic Waterfall issues of managing by schedule."
    – Kristen Morton, Associate Implementation Architect,
    OneShield Inc., Info-Tech Interview

    Agile* SDLC

    With shared ownership instead of silos, we can deliver value at the end of every iteration (aka sprint)

    An image of the Agile SDLC Approach.

    * There are many Agile methodologies to choose from, but Scrum is by far the most widely used (and is shown above).

    Key Elements of the Agile SDLC

    • You are not "one-and-done." There are many short iterations with constant feedback.
    • There is an empowered product owner. This is a single authoritative voice that represents stakeholders.
    • There is a fluid product backlog. This enables prioritization of requirements "just-in-time."
    • Cross-functional, self-managing team. This team makes commitments and is empowered by the organization to do so.
    • Working, tested code at the end of each sprint. Value becomes more deterministic along sprint boundaries.
    • Demonstrate to stakeholders. Allow them to see and use the functionality and provide necessary feedback.
    • Feedback is being continuously injected back into the product backlog. This shapes the future of the solution.
    • Continuous improvement through sprint retrospectives.
    • "Internally Governed" when done right (the virtuous cycle of sprint-demo-feedback).

    A backlog stores and organizes PBIs at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    • Detailed Appropriately: Product backlog items (PBIs) are broken down and refined as necessary.
    • Emergent: The backlog grows and evolves over time as PBIs are added and removed.
    • Estimated: The effort a PBI requires is estimated at each tier.
    • Prioritized: The PBIs value and priority are determined at each tier.

    (Perforce, 2018)

    An image showing the Ideas; Qualified; Ready; funnel leading to the sprint approach.

    Outline the criteria to proceed to the next tier via quality filters

    Expand the concepts of defining "ready" and "done" to include the other stages of a PBIs journey through product planning.

    An image showing the approach you will use to Outline the criteria to proceed to the next tier via quality filters

    Info-Tech Insight: A quality filter ensures quality is met and teams are armed with the right information to work more efficiently and improve throughput.

    Deliverables

    Many steps in this blueprint are accompanied by supporting deliverables to help you accomplish your goals.

    Common Agile Challenges Survey
    Survey the organization to understand which of the common Agile challenges the organization is experiencing

    A screenshot from Common Agile Challenges Survey

    Roadmap for Transition to Agile
    Identify steps you will take to move your organization toward Agile delivery

    A screenshot from Roadmap for Transition to Agile

    Blueprint benefits

    IT Benefits

    Business Benefits

    • Consistent Agile delivery teams.
    • Delivery prioritized with business needs and committed work is achievable.
    • Improved ability to adjust future delivery cycles to meet changing business, market, and end-user needs.
    • Increased alignment and stability of resources with products and technology areas.
    • Reduction in the mean time to delivery of product backlog items.
    • Reduction in technical debt.
    • Better delivery alignment with enterprise goals, vision, and outcomes.
    • Improved coordination with product owners and stakeholders.
    • Quantifiable value realization following each release.
    • Product decisions made at the right time and with the right input.
    • Improved team morale and productivity.
    • Improved operational efficiency and process automation.
    • Increased employee retention and quality of new hires.
    • Reduction in accumulated project risk.

    Measure the value of this blueprint

    Implementing quality and consistent Agile practices improves SDLC metrics and reduces time to value.

    • Use Select and Use SDLC Metrics Effectivelyto track and measure the impact of Agile delivery. For example:
      • Reduction in PBI wait time
      • Improve throughput
      • Reduction in defects and defect severity
    • Phase 1 helps you prepare and send your Common Agile Challenges Survey.
    • Phase 2 builds a transformation plan aligned with your top pain points.

    Align Agile coaching and practices to address your key pain points identified in the Common Agile Challenges Survey.

    A screenshot from Common Agile Challenges Survey

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    This is an image of the eight calls which will take place over phases 1-3.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 8 calls over the course of 1 to 2 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phases 1-2
    1.5 - 3.0 days estimated

    Backlog Management
    0.5 - 1.0 days estimated

    Scrum Simulation
    1.25 - 2.25 days estimated

    Estimation
    1.0 - 1.25 days estimated

    Product Owner
    1.0 - 1.75 days estimated

    Product Roadmapping
    0.5 - 1.0 days estimated

    Establish a Solid Foundation for Agile Delivery

    Define the
    IT Target State

    Assess the IT
    Current State

    Bridge the Gap and
    Create the Strategy

    Establish an Effective Product Owner Role

    Create Effective Product Roadmaps

    Activities

    1.1 Gather Agile challenges and gaps
    2.1 Align teams with Agile fundamentals
    2.2 Interpret your common Agile challenges survey results
    2.3 (Optional) Move stepwise to iterative Agile delivery
    2.4 Identify insights and team feedback

    1. User stories and the art of decomposition
    2. Effective backlog management and refinement
    3. Identify insights and team feedback
    1. Scrum sprint planning and retrospective simulation
    2. Pass the balls – sprint velocity game
    1. Improve product backlog item estimation
    2. Agile estimation fundamentals
    3. Understand the wisdom of crowds
    4. Identify insights and team feedback
    1. Understand product management fundamentals
    2. The critical role of the product owner
    3. Manage effective product backlogs and roadmaps
    4. Identify insights and team feedback
    1. Identify your product roadmapping pains
    2. The six "tools" of product roadmapping
    3. Product roadmapping exercise

    Deliverables

    1. Identify your organization's biggest Agile pain points.
    2. Establish common Agile foundations.
    3. Prioritize support for a better Agile delivery approach.
    4. Plan to move stepwise to iterative Agile delivery.
    1. A better understanding of backlog management and user story decomposition.
    1. Scrum sprint planning and retrospective simulation
    2. Pass the balls – sprint velocity game
    1. Improve product backlog item estimation
    2. Agile estimation fundamentals
    3. Understand the wisdom of crowds
    4. Identify insights and team feedback
    1. Understand product management fundamentals
    2. The critical role of the product owner
    3. Manage effective product backlogs and roadmaps
    4. Identify insights and team feedback
    1. Understand product vs. project orientation.
    2. Understand product roadmapping fundamentals.

    Agile Modules

    For additional assistance planning your workshop, please refer to the facilitation planning tool in the appendix.

    Related Info-Tech Research

    Mentoring for Agile Teams
    Get practical help and guidance on your Agile transformation journey.

    Implement DevOps Practices That Work
    Streamline business value delivery through the strategic adoption of DevOps practices.

    Deliver on Your Digital Product Vision
    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale
    Deliver value at the scale of your organization through defining enterprise product families.

    Phase 1

    Phase 1

    Phase 2

    Agile Modules

    1.1 Identify common Agile challenges

    2.1 Align teams with Agile fundamentals

    2.2 Interpret your common Agile challenges survey results

    2.3 (Optional) Move stepwise to iterative Agile delivery

    2.4 Identify insights and team feedback

    • Backlog Management Module: Manage Your Backlog Effectively
    • Scrum Simulation Module: Simulate Effective Scrum Practices
    • Estimation Module: Improve Product Backlog Item Estimation
    • Product Owner Module: Establish an Effective Product Owner Role
    • Product Roadmapping: Create Effective Product Roadmaps

    This phase will walk you through the following activities:

    • Decide who will participate in the Common Agile Challenges Survey
    • Compile the results of the survey to identify your organization's biggest pain points with Agile

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Develop Your Agile Approach for a Successful Transformation

    Step 1.1

    Identify common Agile challenges

    Activities

    1.1 Distribute Common Agile Challenges Survey and collect results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of your organization's Agile pain points.

    Focus Agile support where it is most needed

    A screenshot from Common Agile Challenges Survey

    Info-Tech Insight

    There isn't one approach that cures all the problems your Agile teams are facing. First, understand these common challenges, then develop a plan to address the root causes.

    Use Info-Tech's Common Agile Challenges Survey to determine common issues and what problems individual teams are facing. Use the Agile modules and supporting guides in this blueprint to provide targeted support on what matters most.

    Exercise 1.1.1 Distribute Common Agile Challenges Survey

    30 minutes

    1. Download Survey Template: Info-Tech Common Agile Challenges Survey template.
    2. Create your own local copy of the Common Agile Challenges Survey by using the template. The Common Agile Challenges Survey will help you to identify which of the many common Agile-related challenges your organization may be facing.
    3. Decide on the teams/participants who will be completing the survey. It is best to distribute the survey broadly across the organization and include participants from several teams and roles.
    4. Copy the link for your local survey and distribute it for participants to complete (we suggest giving them one week to complete it).
    5. Collect the consolidated survey results in preparation for the next phase.
    6. NOTE: Using this survey template requires having access to Microsoft Forms. If you do not have access to Microsoft Forms, an Info-Tech analyst can perform the survey for you.

    Output

    • Your organization's biggest Agile pain points

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Record the results in the Roadmap for Transition to Agile Template

    Phase 2

    Establish a Solid Foundation for Agile Delivery

    Phase 1

    Phase 2

    Agile Modules

    1.1 Identify common Agile challenges

    2.1 Align teams with Agile fundamentals

    2.2 Interpret your common Agile challenges survey results

    2.3 (Optional) Move stepwise to iterative Agile delivery

    2.4 Identify insights and team feedback

    • Backlog Management Module: Manage Your Backlog Effectively
    • Scrum Simulation Module: Simulate Effective Scrum Practices
    • Estimation Module: Improve Product Backlog Item Estimation
    • Product Owner Module: Establish an Effective Product Owner Role
    • Product Roadmapping: Create Effective Product Roadmaps

    This phase will walk you through the following activities:

    • Gain a fundamental understanding of Agile
    • Understand why becoming Agile is hard
    • Identify steps needed to become more Agile
    • Understand your biggest Agile pain points

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Step 2.1

    Align teams with Agile fundamentals

    Activities

    2.1.1 Share what Agile means to you
    2.1.2 (Optional) Contrast two delivery teams
    2.1.3 (Optional) Dissect the Agilist's Oath
    2.1.4 (Optional) Create your prototype definitions of ready
    2.1.5 (Optional) Create your prototype definitions of done
    2.1.6 Identify the challenges of implementing agile in your organization

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of what Agile is and why we do it.

    Exercise 2.1.1 Share what Agile means to you

    30-60 minutes

    1. What is Agile? Why do we do it?
    2. As a group, discuss and capture your thoughts on:
      1. What is Agile (its characteristics, practices, differences from alternatives, etc.)?
      2. Why do we do it (its drivers, benefits, advantages, etc.)?
    3. Capture your findings in the table below:

    What is Agile?

    Why do we do it?

    (e.g. Agile mindset, principles, and practices)

    (e.g. benefits)

    Output

    • Your current understanding of Agile and its benefits

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Why Agile/DevOps? It's about time to value

    Leaders and stakeholders are frustrated with long lead times to implement changes. Agile/DevOps promotes smaller, more frequent releases to start earning value sooner.

    A graph demonstrating the increased frequency of release expected over time, from 1960 - present

    Time to delivering value depends on frequency of releases.
    Source: 5Q Partners

    The pandemic accelerated the speed of digital transformation

    With the massive disruption preventing people from gathering, businesses shifted to digital interactions with customers.

    December 2019 - 36%; acceleration of 3 years; July 2020 - 58%.

    Companies also accelerated the pace of creating digital or digitally enhanced products and services.

    December 2019 - 35%; acceleration of 3 years; July 2020 - 55%.

    (McKinsey, 2020 )

    "The Digital Economy incorporates all economic activity reliant on or significantly enhanced by the use of digital inputs, including digital technologies, digital infrastructure, digital services and data."
    (OECD Definition)

    What does "elite" DevOps look like?

    This is an image of an annotated table showing what elite devops looks like.

    Where are you now?
    Where do You Want to Be?

    * Google Cloud/Accelerate State of DevOps 2021

    Realize and sustain value with DevOps

    Businesses with elite DevOps practices…

    973x more frequent faster lead time code deployments from commit to deploy, 3x 6570x lower change failure rate faster time to recover.

    Waterfall vs. Agile – the "what" (How are they different?)

    This is an example of the Waterfall Approach.

    A "One and Done" Approach (Planning & Documentation Based)
    Elapsed time to deliver any value: Months to years

    This is an example of the Agile Approach

    An "Iterative" Approach (Empirical/Evidence Based)
    Elapsed time to deliver any value: Weeks

    (Optional) Exercise 2.1.2 A tale of two teams

    Discussion (5-10 minutes)

    As a group, discuss how these teams differ

    Team 1:
    An image of the business analyst passing the requirements baton to the architect runner.

    Team 2:
    An image of team of soldiers carrying a heavy log up a beach

    Image Credit: DVIDS

    Discuss differences between these teams:
    • How are they different?
    • How would you coach/train/manage/lead?
    • How does team members' behavior differ?
    • How would you measure each team?
    What would have to happen at your organization to make working like this possible?

    Output

    • How your organization can support Agile behavior and mindset

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Dissect the Agilist's Oath

    Read and consider each element of the oath.

    • As a member of this Scrum team, I recognize that we are all equally and collectively responsible for the success of this project.
    • Success is defined as achieving the best possible outcome for our stakeholders given the constraints of time, money, and circumstances we will face.
    • We will achieve this by working collaboratively with our product owner to regularly deliver high-quality, working, tested code that can be demonstrated, and we will adjust our path forward based on the feedback we receive.
    • I will holistically embrace the concept of "good enough for now" into my work practices, because I know that waiting for the best/perfect solution does not yield optimal results.
    • Collectively, we will work to holistically minimize risk for the project across all phases and disciplines.
    • My primary role will be _____ [PO, SM, BA, Dev, Arch, Test, Ops, etc.], but I will contribute wherever and however best serves the current needs of the project.
    • I recognize that working in Agile/Scrum is not an excuse to ignore important things like adequate design and documentation. Collectively, we will ensure that these things are completed incrementally to a level of detail and quality which adequately serves the organization and stakeholders.
    • We are a team, and we will succeed or fail as one.

    Exercise 2.1.3 (Optional) Dissect the Agilist's Oath

    30 minutes

    1. Each bullet point in the Agilist's Oath is chosen to convey one of eight key messages about Agile practices and the mindset change that's required by everyone involved.
    2. As a group, discuss the "message" for each bullet point in the Agilist's Oath. Then identify which of them would be "easy" and "hard" to achieve in your organization.
    • As a member of this Scrum team, I recognize that we are all equally and collectively responsible for the success of this project.
    • Success is defined as achieving the best possible outcome for our stakeholders given the constraints of time, money, and circumstances we will face.
    • We will achieve this by working collaboratively with our product owner to regularly deliver high-quality, working, tested code that can be demonstrated, and we will adjust our path forward based on the feedback we receive.
    • I will holistically embrace the concept of "good enough for now" into my work practices, because I know that waiting for the best/perfect solution does not yield optimal results.
    • Collectively, we will work to holistically minimize risk for the project across all phases and disciplines.
    • My primary role will be _____ [PO, SM, BA, Dev, Arch, Test, Ops, etc.], but I will contribute wherever and however best serves the current needs of the project.
    • I recognize that working in Agile/Scrum is not an excuse to ignore important things like adequate design and documentation. Collectively, we will ensure that these things are completed incrementally to a level of detail and quality which adequately serves the organization and stakeholders.
    • We are a team, and we will succeed or fail as one.

    Which aspects of the Agilist's Oath are "easy" in your org?

    Which aspects of the Agilist's Oath are "hard" in your org?

    Output

    • How your organization can support Agile behavior and mindset

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Be aware of common myths around Agile

    Agile does not . . . .

    1. … solve development and communication issues.
    2. … ensure you will finish requirements faster.
    3. … mean you don't need planning and documentation.

    "Although Agile methods are increasingly being adopted in globally distributed settings, there is no panacea for success."
    – "Negotiating Common Ground in Distributed Agile Development: A Case Study Perspective."

    "Without proper planning, organizations can start throwing more resources at the work which spirals into the classic Waterfall issues of managing by schedule."
    – Kristen Morton, Associate Implementation Architect,
    OneShield Inc., Info-Tech Interview

    Agile's four core values

    "…while there is value in the items on the right, we value the items on the left more."
    – Source: "The Agile Manifesto"

    We value. . .

    Individuals and Interactions

    OVER

    Processes and Tools

    Working Software

    OVER

    Comprehensive Documentation

    Customer Collaboration

    OVER

    Contract Negotiation

    Responding to Change

    OVER

    Following a Plan

    Being Agile

    OVER

    Being Prescriptive

    Consider the traditional/Waterfall SDLC

    With siloes and handoffs, valuable product is delivered only at the end of an extended project lifecycle.

    This is an image of the Traditional Waterfall SDLC approach

    View additional transition models in the appendix

    Agile* SDLC

    With shared ownership instead of silos, we can deliver value at the end of every iteration (aka sprint)

    Key Elements of the Agile SDLC

    • You are not "one-and-done". There are many short iterations with constant feedback.
    • There is an empowered product owner. This is a single authoritative voice that represents stakeholders.
    • There is a fluid product backlog. This enables prioritization of requirements "just-in-time"
    • Cross-functional, self-managing team. This team makes commitments and is empowered by the organization to do so.
    • Working, tested code at the end of each sprint. Value becomes more deterministic along sprint boundaries.
    • Demonstrate to stakeholders. Allow them to see and use the functionality and provide necessary feedback.
    • Feedback is being continuously injected back into the product backlog. This shapes the future of the solution.
    • Continuous improvement through sprint retrospectives.
    • "Internally Governed" when done right (the virtuous cycle of sprint-demo-feedback).

    This is a picture of the Agile SDLC approach.

    * There are many Agile methodologies to choose from, but Scrum (shown above) is by far the most widely used.

    Scrum roles and responsibilities

    Product Owner

    Scrum Master

    Team Members

    Responsible

    • For identifying the product features and their importance in the final deliverable.
    • For refining and reprioritizing the backlog that identifies which features will be delivered in the next sprint based on business importance.
    • For clearing blockers and escalations when necessary.
    • For leading scrums, retrospectives, sprint reviews, and demonstrations.
    • For team building and resolving team conflicts.
    • For creating, testing, deploying, and supporting deliverables and valuable features.
    • For self-managing. There is no project manager assigning tasks to each team member.

    Accountable

    • For delivering valuable features to stakeholders.
    • For ensuring communication throughout development.
    • For ensuring high-quality deliverables for the product owner.

    Consulted

    • By the team through collaboration, rather than contract negotiation.
    • By the product owner on resolution of risks.
    • By the team on suggestions for improvement.
    • By the scrum master and product owner during sprint planning to determine level of complexity of tasks.

    Informed

    • On the progress of the current sprint.
    • By the team on work completed during the current sprint.
    • On direction of the business and current priorities.

    Scrum ceremonies

    Are any of these challenges for your organization? Done When:

    Project Backlog Refinement (PO & SM): Prepare user stories to be used in the next two to three future sprints. User stories are broken down into small manageable pieces of work that should not span sprints. If a user story is too big for a sprint, it is broken down further here. The estimation of the user story is examined, as well as the acceptance criteria, and each is adjusted as necessary from the Agile team members' input.

    Regularly over the project's lifespan

    Sprint Planning (PO, SM & Delivery Team): Discuss the work for the upcoming sprint with the business. Establish a clear understanding of the expectations of the team and the sprint. The product owner decides if priority and content of the user stories is still accurate. The development team decides what they believe can be completed in the sprint, using the user stories, in priority order, refined in backlog refinement.

    At/before the start of each sprint

    Daily Stand-Up (SM & Delivery Team): Coordinate the team to communicate progress and identify any roadblocks as quickly as possible. This meeting should be kept to fifteen minutes. Longer conversations are tabled for a separate meeting. These are called "stand-ups" because attendees should stay standing for the duration, which helps keep the meeting short and focused. The questions each team member should answer at each meeting: What did I do since last stand-up? What will I do before the next stand-up? Do I have any roadblocks?

    Every day during the sprint

    Sprint Demo (PO, SM, Delivery Team & Stakeholders): Review and demonstrate the work completed in the sprint with the business (demonstrate working and tested code which was developed during the sprint and gather stakeholder feedback).

    At the end of each sprint

    Sprint Retrospective (SM & Delivery Team & PO): Discuss how the sprint worked to determine if anything can be changed to improve team efficiency. The intent of this meeting is not to find/place blame for things that went wrong, but instead to find ways to avoid/alleviate pain points.

    At the end of each sprint

    Sample delivery sprint calendar

    The following calendar illustrates a two-week Scrum cadence (including ceremonies). This diagram is for illustrative purposes only. The length of the sprint and timing of ceremonies may differ from delivery team to delivery team based on their needs and schedules.

    An image of a sample sprint delivery calendar

    Sample delivery sprint calendar

    The following calendar illustrates a three-week Scrum cadence (including ceremonies). This diagram is for illustrative purposes only. The length of the sprint and timing of ceremonies may differ from delivery team to delivery team based on their needs and schedules.

    An image of a sample sprint delivery calendar

    Ensure your teams have the right information

    Implement and enforce your definition of ready at each stage of planning. Ensure your teams understand the required tasks by clarifying the definition of done.*

    Ready

    Done
    • The request has a defined problem, and the value is understood.
    • The request is documented, and the owner is identified.
    • Business and IT roles are committed to participating in estimation and planning activities.
    • Estimates and plans are made and validated with IT teams and business representatives.
    • Stakeholders and decision makers accept the estimates and plans as well as the related risks.
    • Estimates and plans are documented and slated for future review.

    * Note that your definitions of ready and done may vary from project to project, and they should be decided on collectively by the delivery team at the beginning of the project (part of setting their "norms") and updated if/when needed.

    Exercise 2.1.4 (Optional) Create definition of ready and done for an oil change

    10-15 minutes

    Step 1:

    1. As a group, create a definition of ready and done for doing an oil change (this will help you to understand the nature and value of a definition of ready and done using a relatable example):

    Definition of Ready

    Checklist:

    Definition of Done

    Checklist – For each user story:

    The checklist of things that must be true/done to begin the oil change.

    • We have the customer's car and keys
    • We know which grade of oil the customer wants

    The checklist of things that must be true/done at the end of the oil change.

    • The oil has been changed
    • A reminder sticker has been placed on windshield

    Exercise 2.1.4 (Optional) Create your prototype definitions of ready

    30-60 minutes

    Step 2:

    1. As a group, review the two sample definitions of ready below and select the one you consider to be the best starting point for your prototype definition of ready.

    Definition of Ready SAMPLE 1:

    Checklist – For each user story:

    • Technical and business risks are identified.
    • Resources are available for development.
    • Story has been assigned to a sprint/iteration.
    • Organizational business value is defined.
    • A specific user has been identified.
    • Stakeholders and needs defined.
    • Process impacts are identified.
    • Data needs are defined.
    • Business rules and non-functional requirements are identified.
    • Acceptance criteria are ready.
    • UI design work is ready.
    • Story has been traced to the project, epic, and sprint goal.

    Definition of Ready SAMPLE 2:

    Checklist – For each user story:

    • The value of story to the user is clearly indicated.
    • The acceptance criteria for story have been clearly described.
    • User story dependencies identified.
    • User story sized by delivery team.
    • Scrum team accepts user experience artifacts.
    • Performance criteria identified, where appropriate.
    • Person who will accept the user story is identified.
    • The team knows how to demo the story.

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.4 (Optional) Create your prototype definitions of ready

    30-60 minutes

    Step 3:

    1. As a group, using the selected sample as your starting point, decide what changes need to be made (keep/add/delete/modify):

    Definition of Ready Checklist – For each user story:

    Disposition

    The value of story to the user is clearly indicated.

    Keep as is

    The acceptance criteria for story have been clearly described. Keep as is
    User story dependencies identified. Modify to: "Story has been traced to the project, epic, and sprint goal"
    User story sized by delivery team. Modify to: "User Stories have been sized by the Delivery team using Story Points"
    Scrum team accepts user experience artifacts. Keep as is
    Performance criteria identified, where appropriate. Keep as is
    Person who will accept the user story is identified.

    Delete

    The team knows how to demo the story. Keep as is

    Add: "Any performance related criteria have been identified where appropriate"

    Add: "Any data model related changes have been identified where needed"

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.4 (Optional) Create your prototype definitions of ready

    30-60 minutes

    Step 4:

    1. As a group, capture and agree on your prototype definition of ready*:

    Definition of Ready

    Checklist – For each user story:

    User stories and related requirements contain clear descriptions of what is expected of a given functionality. Business value is identified.

    • The value of the story to the user is clearly indicated.
    • The acceptance criteria for the story have been clearly described.
    • Story has been traced to the project, epic, and sprint goal.
    • User stories have been sized by the delivery team using story points.
    • Scrum team accepts user experience artifacts.
    • Performance criteria identified, where appropriate.
    • The team knows how to demo the story.
    • Any performance-related criteria have been identified where appropriate.
    • Any data-model-related changes have been identified where needed.

    Record the results in the Roadmap for Transition to Agile Template

    * This checklist helps Agile teams determine if the stories in their backlog are ready for sprint planning. As your team gains experience with Agile, tailor this list to your needs and follow it until the practice becomes second nature.

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.5 (Optional) Create your prototype definitions of done

    30-60 minutes

    Step 5:

    1. As a group, review the two sample definitions of ready below and select the one you consider to be the best starting point for your prototype definition of ready:

    SAMPLE 1:

    Definition of Done Checklist – For each user story:

    • Design complete
    • Code compiles
    • Static code analysis has been performed and passed
    • Peer reviewed with coding standards passed
    • Code merging completed
    • Unit tests and smoke tests are done/functional (preferably automated)
    • Meets the steps identified in the user story
    • Unit & QA test passed
    • Usability testing completed
    • Passes functionality testing including security testing
    • Data validation has been completed
    • Ready to be released to the next stage

    SAMPLE 2:

    Definition of Done Checklist – For each user story:

    • Work was completed in a way that a professional would say they are satisfied with their work.
    • Work has been seen by multiple team members.
    • Work meets the criteria of satisfaction described by the customer.
    • The work is part of a package that will be shared with the customer as soon as possible.
    • The work and any learnings from doing the work have been documented.
    • Completion of the work is known by and visible to all team members.
    • The work has passed all quality, security, and completeness checks as defined by the team.

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.4 (Optional) Create your prototype definitions of done

    30-60 minutes

    Step 6:

    1. As a group, using the selected sample as your starting point, decide what changes need to be made (keep/add/delete/modify):

    Definition of Ready Checklist – For each user story:

    Disposition

    • Work was completed in a way that a professional would say they are satisfied with their work.
    Keep as is
    • Work has been seen by multiple team members.
    Delete
    • Work meets the criteria of satisfaction described by the customer.
    Modify to: "All acceptance criteria for the user story have been met"
    • The work is a part of a package that will be shared with the customer as soon as possible.
    Modify to: "The user story is ready to be demonstrated to Stakeholders"
    • The work and any learnings from doing the work has been documented.
    Keep as is
    • Completion of the work is known by and visible to all team members.
    Keep as is
    • The work has passed all quality, security, and completeness checks as defined by the team.
    Modify to: "Unit, smoke and regression testing has been performed (preferably automated), all tests were passed"
    Add: "Any performance related criteria associated with the story have been met"

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.4 (Optional) Create your prototype definitions of done

    30-60 minutes

    Step 7:

    1. As a group, capture and agree on your prototype Definition of Done*:

    Definition of Done

    Checklist – For each user story:

    When the user story is accepted by the product owner and is ready to be released.

    • Work was completed in a way that a professional would say they are satisfied with their work.
    • All acceptance criteria for the user story have been met.
    • The user story is ready to be demonstrated to stakeholders.
    • The work and any learnings from doing the work have been documented.
    • Completion of the work is known by and visible to all team members.
    • Unit, smoke, and regression testing has been performed (preferably automated), and all tests were passed.
    • Any performance-related criteria associated with the story have been met.

    Record the results in the Roadmap for Transition to Agile Template

    * This checklist helps Agile teams determine if the stories in their backlog are ready for sprint planning. As your team gains experience with Agile, tailor this list to your needs and follow it until the practice becomes second nature.

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Getting to "Agile DevOps Nirvana" is hard, but it's worth it.

    An image of the trail to climb Mount Everest, from camps 1-4

    Agile DevOps is a progression of cultural, behavioral, and process changes.
    It takes time.

    An image of the trail to climb Mount Everest, with the camps replaced by the steps to deploy Agile, to reach Agile/Devops Nirvana

    Agile DevOps may be hard, but it's worth it…

    It turns out Waterfall is not as good at reducing risk and ensuring delivery after all.

    CHAOS RESOLUTION BY AGILE VERSUS WATERFALL
    Size Method Successful Challenged Failed
    All Size Projects Agile 39% 52% 9%
    Waterfall 11% 60% 29%

    Standish Group; CHAOS REPORT 2015

    "I believe in this [Waterfall] concept, but the implementation described above is risky and invites failure."

    – Winston W. Royce

    Compare Waterfall to Agile

    Waterfall

    Agile

    Roles and Responsibilities

    Silo your resources

    Defined/segregated responsibilities

    Handoffs between siloes via documents

    Avoid siloes

    Collective responsibility

    Transitions instead of handoffs

    Belief System

    Trust the process

    Assign tasks to individuals

    Trust the delivery team

    Assign ownership/responsibilities to the team

    Planning Approach

    Create a detailed plan before work begins

    Follow the plan

    High level planning only

    The plan evolves over project lifetime

    Delivery Approach

    One and done (big bang delivery at end of project)

    Iterative delivery (regularly demonstrate working code)

    Governance Approach

    Phases and gates

    Artifacts and approvals

    Demo working tested code and get stakeholder feedback

    Support delivery team and eliminate roadblocks

    Approach to Stakeholders

    Involved at beginning and end of project

    "Arm's length" relationship with delivery team

    Involved throughout project (sprint by sprint)

    Closely involved with delivery team (through full time PO)

    Approach to Requirements/Scope

    One-time requirements gathering at start of project

    Scope is fixed at beginning of project ("carved in stone")

    On going requirements gathering and refinement over time

    Scope is roughly determined at beginning (expect change)

    Approach to Changing Requirements

    Treats change like it is "bad"

    Onerous CM process (discourages change)

    Scope changes "require approval" and are disruptive

    Accepts change as natural part of development.

    Light Change Management process (change is welcome)

    Scope changes are handled like all changes

    Hybrid SDLC: Wagile/Agilfall/WaterScrumFall

    Valuable product delivered in multiple releases

    A picture of a hybrid waterfall - Agile approach.

    If moving directly from Waterfall to Agile is too much for your organization, this can be a valuable interim step (but it won't give you the full benefits of Agile, so be careful about getting stuck here).

    Exercise 2.1.6 Identify the challenges of implementing Agile in your organization

    30-60 minutes

    1. As a group, discuss:
      1. Why being Agile may be difficult in your organization?
      2. What are some of the roadblocks and speed bumps you may face?
      3. What incremental steps might the organization take toward becoming Agile?

    Record the results in the Roadmap for Transition to Agile Template

    Output

    • Why being Agile is hard in your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Step 2.2

    Align teams with Agile fundamentals

    Activities

    2.2.1 Review the results of your Common Agile Challenges Survey (30-60 minutes)
    2.2.2 Align your support with your top five challenges

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your organization's biggest Agile pain points.

    Be aware of common Agile challenges

    The road to Agile is filled with potholes, speedbumps, roadblocks, and brick walls!

    1. Establish an effective product owner role (PO)
    2. Uncertainty about minimum viable product (MVP)
    3. How non-Agile teams (like architecture, infosec, operations, etc.) work with Agile teams
    4. Project governance/gating process
    5. What is the role of a PM/PMO in Agile?
    6. How to budget/plan Agile projects
    7. How to contract and work with an Agile vendor
    8. An Agile skills deficit (e.g. new-to-Agile teams who have difficulty "doing Agile right")
    9. General resistance to change in the organization
    10. Lack of Agile training, piloting, and coaching
    11. Different Agile approaches are used by different teams
    12. Backlog management and user story decomposition challenges
    13. Quality assurance challenges
    14. Hierarchical management practices and organization boundaries
    15. Difficulty with establishing autonomous Agile teams
    16. Lack of management support for Agile
    17. Poor Agile estimation practices
    18. Difficulty creating effective product roadmaps in Agile
    19. How do we know when an Agile project is ready to go live?
    20. Sprint goals are not being consistently met, or sprint deliverables that are full of bugs

    Exercise 2.2.1 Review the results of your Common Agile Challenges Survey

    30-60 minutes

    1. Using the results of your Common Agile Challenges Survey, fill in the bar chart with your top five pain points:

    A screenshot from Common Agile Challenges Survey

    Output

    • Your organization's biggest Agile pain points identified and prioritized

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.2.2 Align your support with your top five challenges

    30 minutes

    Using the Agile Challenges support mapping on the following slides, build your transformation plan and supporting resources. You can build your plan by individual team results or as an enterprise approach.

    Priority Agile Challenge Module Name and Sequence
    1
    1. Agile Foundations
    2. ?
    2
    1. Agile Foundations
    2. ?
    3
    1. Agile Foundations
    2. ?
    4
    1. Agile Foundations
    2. ?
    5
    1. Agile Foundations
    2. ?

    Output

    • Your organization's Agile Challenges transformation plan

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Map challenges to supporting modules

    Agile Challenges

    Supporting Resources

    Difficulty establishing an effective product owner (PO) or uncertainty about the PO role

    Modules:

    • Agile Foundations
    • Establish an Effective Product Owner Role
    Uncertainty about minimum viable product (MVP) and how to identify your MVP

    Modules:

    • Agile Foundations
    • Simulate Effective Scrum Practices
    How non-Agile teams (like architecture, info sec, operations, etc.) work with Agile teams

    Modules:

    • Agile Foundations
    • Work With Non-Agile Teams (Future)
    Project Governance/Gating processes that are unfriendly to Agile

    Modules:

    • Agile Foundations
    • Establish Agile-Friendly Gating (Future)
    Uncertainty about the role of a PM/PMO in Agile

    Modules:

    • Agile Foundations
    • Understand the role of PM/PMO in Agile Delivery (Future)
    Uncertainty about how to budget/plan Agile projects

    Modules:

    • Agile Foundations
    • Simulate Effective Scrum Practices
    • Understand Budgeting and Funding for Agile Delivery (Future)
    Creating an Agile friendly RFP/Contract (e.g. how to contract and work with an Agile vendor)

    Modules:

    • Agile Foundations
    • Work Effectively with Agile Vendors (Future)

    Note: Modules listed as (Future) are in development and may be available in draft format.

    Map challenges to supporting modules

    Agile Challenges

    Supporting Resources

    An Agile skills deficit (e.g. new-to-Agile teams who have difficulty "doing Agile right")

    Modules:

    • Agile Foundations
    General resistance in the organization to process changes required by Agile

    Modules:

    • Agile Foundations
    • Manage Organizational Change to Support Agile Delivery (Future)
    Lack of Agile training, piloting and coaching being offered by the organization

    Modules:

    • Agile Foundations
    Different Agile approaches are used by different teams, making it difficult to work together

    Modules:

    • Agile Foundations
    • Build Your Scrum Playbook (Future)
    Backlog management challenges (e.g. how to manage a backlog, and make effective use of Epics, Features, User Stories, Tasks and Bugs)

    Modules:

    • Agile Foundations
    • Manage Your Backlog Effectively
    Quality Assurance challenges (testing not being done well on Agile projects)

    Modules:

    • Agile Foundations
    • Establish Effect Quality Assurance for Agile Delivery (Future);
    • Use Test Automation Effectively (Future)
    Hierarchical management practices and organization boundaries make it difficult to be Agile

    Modules:

    • Agile Foundations
    • Manage Organizational Change to Support Agile Delivery (Future)

    Note: Modules listed as (Future) are in development and may be available in draft format.

    Map challenges to supporting modules

    Agile Challenges

    Supporting Resources

    Difficulty with establishing autonomous Agile teams (self managing, cross functional teams that are empowered by the organization to deliver)

    Modules:

    • Agile Foundations
    • Manage Organizational Change to Support Agile Delivery (Future)
    Lack of management support for Agile

    Modules:

    • Agile Foundations
    • Manage Organizational Change to Support Agile Delivery (Future)
    Poor understanding of Agile estimation techniques and how to apply them effectively

    Modules:

    • Agile Foundations
    • Estimation Module
    Difficulty creating effective product roadmaps in Agile

    Modules:

    • Agile Foundations
    • Product Roadmapping Tool
    How do we know when an Agile project is ready to go live

    Modules:

    • Agile Foundations
    • Decide When to Go Live (Future)
    Sprint goals are not being consistently met, or Sprint deliverables that are full of bugs

    Modules:

    • Agile Foundations
    • Establish Effect Quality Assurance for Agile Delivery (Future);
    • Use Test Automation Effectively (Future)

    Note: Modules listed as (Future) are in development and may be available in draft format.

    Map challenges to supporting blueprints

    Agile Challenges

    Supporting Resources

    Difficulty establishing an effective product owner (PO) or uncertainty about the PO role

    Blueprints: Build a Better Product Owner; Managing Requirements in an Agile Environment

    Uncertainty about minimum viable product (MVP) and how to identify your MVP

    Blueprints: Deliver on Your Digital Product Vision; Managing Requirements in an Agile Environment

    How non-Agile teams (like architecture, info sec, operations, etc.) work with Agile teams

    Blueprints: Create a Horizontally Optimized SDLC to Better Meet Business Demands, Extend Agile Practices Beyond IT, Implement DevOps Practices That Work; Build Your BizDevOps Playbook, Embed Security into the DevOps Pipeline

    Project Governance/Gating processes that are unfriendly to Agile

    Blueprints: Streamline Your Management Process to Drive Performance, Drive Business Value With a Right-Sized Project Gating Process

    Uncertainty about the role of a PM/PMO in Agile

    Blueprints: Define the Role of Project Management in Agile and Product-Centric Delivery, Create a Horizontally Optimized SDLC to Better Meet Business Demands

    Uncertainty about how to budget/plan Agile projects

    Blueprints: Identify and Reduce Agile Contract Risk

    Creating an Agile friendly RFP/Contract (e.g. how to contract and work with an Agile vendor)

    Blueprints: Identify and Reduce Agile Contract Risk

    Note: Modules listed as (Future) are in development and may be available in draft format.

    Map challenges to supporting blueprints

    Agile Challenges

    Supporting Resources

    An Agile skills deficit (e.g. new-to-Agile teams who have difficulty "doing Agile right")

    Blueprints: Perform an Agile Skills Assessment; Mentoring for Agile Teams

    General resistance in the organization to process changes required by Agile

    Blueprints: Master Organizational Change Management Practices

    Lack of Agile training, piloting and coaching being offered by the organization

    Blueprints: Perform an Agile Skills Assessment; Mentoring for Agile Teams

    Different Agile approaches are used by different teams, making it difficult to work together

    Blueprints: Create a Horizontally Optimized SDLC to Better Meet Business Demands, Extend Agile Practices Beyond IT

    Backlog management challenges (e.g. how to manage a backlog, and make effective use of epics, features, user stories, tasks and bugs)

    Blueprints: Deliver on Your Digital Product Vision, Managing Requirements in an Agile Environment

    Quality Assurance challenges (testing not being done well on Agile projects)

    Blueprints: Build a Software Quality Assurance Program, Automate Testing to Get More Done

    Hierarchical management practices and organization boundaries make it difficult to be Agile

    Blueprints: Master Organizational Change Management Practices

    Map challenges to supporting blueprints

    Agile Challenges

    Supporting Resources

    Difficulty with establishing autonomous Agile teams (self managing, cross functional teams that are empowered by the organization to deliver)

    Blueprints: Master Organizational Change Management Practices

    Lack of management support for Agile

    Blueprints: Master Organizational Change Management Practices

    Poor understanding of Agile estimation techniques and how to apply them effectively

    Blueprints: Estimate Software Delivery with Confidence, Managing Requirements in an Agile Environment

    Difficulty creating effective product roadmaps in Agile

    Blueprints: Deliver on Your Digital Product Vision

    How do we know when an Agile project is ready to go live

    Blueprints: Optimize Applications Release Management,Drive Business Value With a Right-Sized Project Gating Process, Managing Requirements in an Agile Environment

    Sprint goals are not being consistently met, or sprint deliverables that are full of bugs

    Blueprints: Build a Software Quality Assurance Program, Automate Testing to Get More Done, Managing Requirements in an Agile Environment

    Step 2.3

    Move stepwise to iterative Agile delivery (Optional)

    Activities

    2.3.1 (Optional) Identify a hypothetical project
    2.3.2 (Optional) Capture your traditional delivery approach
    2.3.3 (Optional) Consider what a two-phase delivery looks like
    2.3.4 (Optional) Consider what a four-phase delivery looks like
    2.3.5 (Optional) Consider what a four-phase delivery with monthly sprints looks like
    2.3.6 (Optional) Decide on your target state and the steps required to get there

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand the changes that must take place in your organization to support a more Agile delivery approach.

    Moving stepwise from traditional to Agile

    Your transition to Agile and more frequent releases doesn't need to be all at once. Organizations may find it easier to build toward smaller iterations.

    An image of the stepwise approach to adopting Agile.

    Exercise 2.3.1 (Optional) Identify a hypothetical project

    15-30 minutes

    1. As a group, consider some typical, large, mission-critical system deliveries your organization has done in the past (name a few as examples).
    2. Imagine a project like this has been assigned to your team, and the plan calls for delivering the system using your traditional delivery approach and taking two years to complete.
    3. Give this imaginary project a name (e.g. traditional project, our project).

    Name of your imaginary 2-year long project:

    e.g. Big Bang ERP

    Brief Project Description:

    e.g. Replace home-grown legacy ERP with a modern COTS product in a single release scheduled to be delivered in 24 months

    Record this in the Roadmap for Transition to Agile Template

    Info-Tech Best Practice

    For best results, complete these sub-exercises with representatives from as many functional areas as possible
    (e.g. stakeholders, project management, business analysis, development, testing, operations, architecture, infosec)

    Output

    • An imaginary delivery project that is expected to take 2 years to complete

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.2 (Optional) Capture your traditional delivery approach

    30 minutes

    1. As a group, discuss and capture the high-level steps followed (after project approval) in your traditional delivery approach using the table below and on the next page.

    Step

    Description

    Who is involved

    1
    • Gather detailed requirements (work with project stakeholders to capture all requirements of the system and produce a Detailed Requirements Document)

    PM, Business Analysts, Stakeholders, etc.

    2
    • Produce a Detailed Design Document (develop a design that will meet all requirements identified in the Detailed Requirements Document)
    • Produce a Detailed Test Plan for acceptance of the system
    • Produce a Detailed Project Plan for the system delivery
    • Perform threat and privacy assessment (using the detailed requirements and design documents, perform a Threat Risk Assessment and Privacy Impact Analysis)
    • Submit detailed design to Architecture Review Board
    • Provide Operations with full infrastructure requirements
    PM, Architects, InfoSec, ARB, Operations, etc.
    3
    • Develop software (follow the Detailed Design Document and develop a system which meets all requirements)
    • Perform Unit Testing on all modules of the system as they are developed
    PM, Developers, etc.
    4
    • Create Production Environment based on project specification
    • Perform Integration testing of all modules to ensure the system works as designed
    • Produce an Integration Test Report capturing the results of testing and any deficiencies
    PM, Testers, etc.
    5
    • Fix all Sev 1 and Sev 2 deficiencies found during Integration Testing
    • Perform regression testing
    • Perform User Acceptance Testing as per the Detailed Test Plan
    PM, Developers, Testers, Stakeholders, etc.
    6
    • Product Deployment Plan
    • Perform User and Operations Training
    • Produce updated Threat Risk Assessment and Privacy Impact Analysis
    • Seek CAB (Change Approval Board) approval to go live
    PM, Developers, Testers, Operations, InfoSec, CAB, etc.
    7
    • Close out and Lessons Learned
    • Verify value delivery
    PM, etc.

    Output

    • The high-level steps in your current (traditional) delivery approach and who is involved in each step

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.2 (Optional) Capture your traditional delivery approach

    Step

    Description

    Who is involved

    1
    • Gather detailed requirements (work with project stakeholders to capture all requirements of the system and produce a Detailed Requirements Document)

    PM, Business Analysts, Stakeholders, etc.

    2
    • Produce a Detailed Design Document (develop a design that will meet all requirements identified in the Detailed Requirements Document)
    • Produce a Detailed Test Plan for acceptance of the system
    • Produce a Detailed Project Plan for the system delivery
    • Perform threat and privacy assessment (using the detailed requirements and design documents, perform a Threat Risk Assessment and Privacy Impact Analysis)
    • Submit detailed design to Architecture Review Board
    • Provide Operations with full infrastructure requirements
    PM, Architects, InfoSec, ARB, Operations, etc.
    3
    • Develop software (follow the Detailed Design Document and develop a system which meets all requirements)
    • Perform Unit Testing on all modules of the system as they are developed
    PM, Developers, etc.
    4
    • Create Production Environment based on project specification
    • Perform Integration testing of all modules to ensure the system works as designed
    • Produce an Integration Test Report capturing the results of testing and any deficiencies
    PM, Testers, etc.
    5
    • Fix all Sev 1 and Sev 2 deficiencies found during Integration Testing
    • Perform regression testing
    • Perform User Acceptance Testing as per the Detailed Test Plan
    PM, Developers, Testers, Stakeholders, etc.
    6
    • Product Deployment Plan
    • Perform User and Operations Training
    • Produce updated Threat Risk Assessment and Privacy Impact Analysis
    • Seek CAB (Change Approval Board) approval to go live
    PM, Developers, Testers, Operations, InfoSec, CAB, etc.
    7
    • Close out and Lessons Learned
    • Verify value delivery
    PM, etc.

    Output

    • The high-level steps in your current (traditional) delivery approach and who is involved in each step

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.3 (Optional) Consider what a two-phase delivery looks like

    30 minutes

    1. As a group, imagine that project stakeholders tell you two years is too long to wait for the project, and they want to know if they can have something (even if it's not the whole thing) in production sooner.
    2. Now imagine that you are able to convince the stakeholders to work with you to do the following:
      1. Identify their most important project requirements.
      2. Work with you to describe a valuable subset of the project requirements which reflect about ½ of all features they need (call this Phase 1).
      3. Work with you to get this Phase 1 of the project into production in about 1 year.
      4. Agree to leave the remaining requirements (e.g. the less important ones) until Phase 2 (second year of project).
    3. As a group, identify:
      1. How hard this would be for your organization to do, on a scale of 1 to 10.
      2. Identify what changes are needed to make this happen (consider people, processes, and technology).
      3. Capture your results using the table on the following slide.

    Output

    • The high-level steps in your current (traditional) delivery approach and who is involved in each step

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.3 (Optional) Consider what a two-phase delivery looks like

    30 minutes

    1. What would be needed to let you deliver a two-year project in two one-year phases considering people, process, and technology?

    People

    Processes

    Technology

    • e.g. Stakeholders would need to make hard decisions about which features are more valuable/important than others (and stick to them)
    • e.g. Delivery team and stakeholders would need to work closely together to determine what is a feasible and valuable set of features which can go live in Phase 1
    • e.g. Operations will need to be prepared to support Phase 1 (earlier than before), and then support an updated system after Phase 2
    • e.g. No significant change to traditional processes other than delivering in two phases
    • e.g. Need to decide whether requirements for the full project need to be gathered up front, or do you just do Phase 1, and then Phase 2
    • e.g. No significant changes other than we need a production environment sooner, and infrastructure requirements for the full project may be different from what is needed just for Phase 1

    How difficult would this be to achieve in your organization? (1-easy, 10-next to impossible)

    e.g. 2

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.4 (Optional) Consider what a four-phase delivery looks like

    30 minutes

    1. Now, imagine that project stakeholders tell you that even one year is still too long to wait for something of value in production, and they want to know if they can have something (even if it's not the whole thing) in production sooner.
    2. Now imagine that you are able to convince the stakeholders to work with you to do the following:
      1. From the "Phase 1" requirements in Exercise 2.3.3, they will identify the most important ones that they need first.
      2. They will work with you to describe a valuable subset of these project requirements which reflect about ½ of all features they need (call this Phase 1A).
      3. They will work with you to get this Phase 1A of the project into production in about six months.
      4. Agree to leave all the remaining requirements (e.g. the less important ones) until later phases.
    1. As a group, identify:
      1. How hard this would be for your organization to do, on a scale of 1 to 10?
      2. Identify what changes are needed to make this happen (consider people, processes, and technology).
      3. Capture your results using the table on the following slide.

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.4 (Optional) Consider what a four-phase delivery looks like

    30 minutes

    1. What more would be needed to let you deliver a two-year project in four, six-month phases considering people, process, and technology?

    People

    Processes

    Technology

    • e.g. Stakeholders would need to make even harder (and faster) decisions about which features are most valuable/important than others.
    • e.g. Because we will be delivering releases so quickly, we'll ask the stakeholders to nominate a "primary contact" who can make decisions on requirements for each phase (also to answer questions from the project team, when needed, so they aren't slowed down).
    • e.g. Delivery team and the "primary contact" would work closely together to determine what is a feasible and valuable set of features to go live within Phase 1A, and then repeat this for the remaining Phases.
    • e.g. Operations will need to be prepared to support Phase 1A (even earlier than before), and then support the remaining phases. Ask them to dedicate someone as primary contact for this series of releases, and who provides guidance/support as needed.

    e.g. Heavy and time-consuming process steps (e.g. architecture reviews, data modelling, infosec approvals, change approval board) will need to be streamlined and made more "iteration-friendly."

    e.g. Gather detailed requirements only for Phase 1A, and leave the rest as high-level requirements to be more fully defined at the beginning of each subsequent phase.

    • e.g. We will need (at a minimum) a Production, and a Pre-production environment set up (and earlier in the project lifecycle) and solid regression testing at the end of each phase to ensure the latest Release doesn't break anything.
    • e.g. Since we will be going into production multiple times over this 2-year project, we should consider using automation (e.g. automated build, automated regression testing, and automated deployment).

    How difficult would this be to achieve in your organization? (1-easy, 10-next to impossible)

    e.g. 5

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.5 (Optional) Consider what a four-phase delivery with monthly sprints looks like

    30 minutes

    1. Now, imagine that project stakeholders tell you that they are happy with the six-month release approach (e.g. expect to go live four times over the two-year project, with each release providing increased functionality), but they want to see your team's progress frequently between releases.
    2. Additionally, stakeholders tell you that instead of asking you to provide the traditional monthly project status reports, they want you to demonstrate whatever features you have built and work for the system on a monthly basis. This will be done in the form of a demonstration to a selected list of stakeholders each month.
    3. Each month, your team must show working, tested code (not prototypes or mockups, unless asked for) and demonstrate how this month's deliverable brings value to the business.
    4. Furthermore, the stakeholders would like to be able to test out the system each month, so they can play with it, test it, and provide feedback to your team about what they like and what they feel needs to change.
    5. To help you to achieve this, the stakeholders designate their primary contact as the "product owner" (PO) who will be dedicated to the project and will help your team to decide what is being delivered each month. The PO will be empowered by the stakeholders to make decisions on scope and priority on an expedited basis and will also answer questions on their behalf when your team needs guidance.
    6. You agree with the stakeholders these one-month deliverables will be called "sprints."

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.5 (Optional) Consider what a four-phase delivery with monthly sprints looks like

    30 minutes

    1. What more would be needed to let you deliver a two-year project in 24 one-month sprints (plus four six-month releases) considering people, process, and technology?

    People

    Processes

    Technology

    • e.g. The team will need to work closely with the product owner (and/or stakeholders) on a continuous basis to understand requirements and their relative priority
    • e.g. Stakeholders will need to be available for demos and testing at the end of each sprint, and provide feedback to the team as quickly as possible
    • e.g. all functional siloes within IT (e.g. analysts, architects, infosec, developers, testers, operations) will need to work hand in hand on a continuous basis to deliver working tested code into a demo/test environment at the end of each sprint
    • e.g. there isn't enough time in each sprint to have team members working in siloes, instead, we will need to work together as a team to ensure that all aspects of the sprint (requirements, design, build, test, etc.) are worked on as needed (team is equally and collectively responsible for delivery of each sprint)
    • e.g. We can't deliver much in 1-month sprints if we work in siloes and are expected to do traditional documentation and handoffs (e.g. requirements document), so we will use a fluid project backlog instead of requirements documents, we will evolve our design iteratively over the course of the many sprints, and we will need to streamline the CAB process to allow for faster (more frequent) deployments
    • e.g. We will need to evolve the system's data model iteratively over the course of many sprints (rather than a one-and-done approach at the beginning of the project)
    • e.g. We will need to quickly decide the scope to be delivered in each sprint (focusing on highest value functionality first). Each sprint should have a well-defined "goal" that the team is trying to achieve
    • We will need any approval processes (e.g. architecture review, infosec review, CAB approval) to be streamlined and simplified in order to support more frequent and iterative deployment of the system
    • e.g. We will need to maximize our use of automation (build, test, and deploy) in order to maximize what we can deliver in each sprint (Note: the ROI on automation is much higher when we deliver in sprints than in a one-and-done delivery because we are iterating repeatedly over the course of the project
    • e.g. We will need to quickly stand-up environments (dev, test, prod, etc.) and to make changes/enhancements to these environments quickly (it makes sense to leverage infrastructure as a service [IaaS] techniques here)
    • e.g. We will need to automate our security related testing (e.g. static and dynamic security testing, penetration testing, etc.) so that it can be run repeatedly before each release moves into production. We may need to evolve this automated testing with each sprint depending on what new features/functions are being delivered in each release

    How difficult would this be to achieve in your organization? (1-easy, 10-next to impossible)

    e.g. 8

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.6 (Optional) Define the steps to reach your target state

    30 minutes

    1. From Exercises 2.3.1-2.3.5, identify your current state on the stepwise transition from traditional to Agile (e.g. one-and-done).
    2. Then, identify your desired future state (e.g. 24 one-month sprints with six-month releases).
    3. Now, review your people, process, and technology changes identified in Exercises 2.3.1-2.3.5 and create a roadmap for this transition using the table on the next slide.

    Identify your current state from Exercises 2.3.1-2.3.5

    e.g. One-and-done

    Identify your desired state from Exercises 2.3.1-2.3.5

    e.g. 24x1 Month Sprints

    Output

    • A roadmap and timeline for adopting a more Agile delivery approach

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.6 (Optional) Define the steps to reach your target state

    30 minutes

    1. Fill in the table below with your next steps. Identify who will be responsible for each step along with the timeline for completion: "Now" refers to steps you will take in the immediate future (e.g. days to weeks), "Next" refers to steps you will take in the medium term (e.g. weeks to months), and "Later" refers to long-term items (e.g. months to years).

    Now

    Next Later

    What are you going to do now?

    What are you going to do very soon?

    What are you going to do in the future?

    Roadmap Item

    Who

    Date

    Roadmap Item

    Who

    Date

    Roadmap Item

    Who

    Date

    Work with Stakeholders to identify a product owner for the project.

    AC

    Jan 1

    Break down full deliverable into 4 phases with high level requirements for each phase

    DL

    Feb 15

    Work with operations to set up Dev, Test, Pre-Prod, and Prod environments for first phase (make use of automation/scripting)

    DL

    Apr 15

    Work with PO and stakeholders to help them understand Agile approach

    Jan 15

    Work with PO to create a project backlog for the first phase deliverable

    JK

    Feb 28

    Work with QA group to select and implement test automation for the project (start with smoke and regression tests)

    AC

    Apr 30

    Work with project gating body, architecture, infosec and operations to agree on incremental deliveries for the project and streamlined activities to get there

    AC

    Mar 15

    Record the results in the Roadmap for Transition to Agile Template

    Output

    • A roadmap and timeline for adopting a more Agile delivery approach

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Step 2.4

    Identify insights and team feedback

    Activities

    2.4.1 Identify key insights and takeaways
    2.4.2 Perform an exit survey

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways from Phase 2

    Exercise 2.4.1 Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:
    What key insights have you gained? What takeaways have you identified?
    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.4.2 Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:
    Each module provides guidance and supporting activities related to a specific Agile challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.
    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Backlog Management Module

    Manage your backlog effectively

    Activities

    Backlog 1.1 Identify your backlog and user story decomposition pains
    Backlog 1.2 What are user stories and why do we use them?
    Backlog 1.3 User story decomposition: password reset
    Backlog 1.4 (Optional) Decompose a real epic

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of backlog management and user story decomposition.

    Backlog Exercise 1.1 Identify your backlog and user story decomposition pains

    30-60 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What specific challenges you are facing with backlog management
      2. What specific challenges you are facing with user story decomposition
    1. Capture your findings in the table below:

    What are your specific backlog management and user story decomposition challenges?

    • (e.g. We have trouble telling the difference between epics, features, user stories, and tasks)
    • (e.g. We often don't finish all user stories in a sprint because some of them turn out to be too big to complete in one sprint)

    Output

    • Your specific backlog management and user story decomposition challenges

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    User stories and the art of decomposition

    User stories are core to Agile delivery.

    Good user story decomposition practices are key to doing Agile effectively.

    Agile doesn't use traditional "shoulds" and "shalls" to capture requirements

    Backlog Exercise 1.2 What are user stories and why do we use them?

    30-60 minutes

    1. User stories are a simple way of capturing requirements in Agile and have the form:

    Why do we capture requirements as user stories (what value do they provide)?

    How do they differ from traditional (should/shall) requirements (and are they better)?

    What else stands out to you about user stories?

    as a someone I want something so that achieve something.

    Example:
    As a banking customer, I want to see the current balance of my accounts so that I can know how much money I have in each account.

    Output

    • A better understanding of user stories and why they are used in Agile delivery

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    User stories are "placeholders for conversations"

    User stories enable collaboration and conversations to fully determine actual business requirements over time.

    e.g. As a banking customer, I want to see the current balance of my accounts so that I can know how much money I have in each account.

    Requirements, determined within the iterations, outline the steps to complete the story: how the user will access their account, the types of funds allowed, etc.

    User stories allow the product owners to prioritize and manage the product needs (think of them as "virtual sticky notes").

    User stories come in different "sizes"

    These items form a four-level hierarchy: epics, features, user stories, and tasks.
    They are collectively referred to as product backlog items or (PBIs)

    A table with the following headings: Agile; Waterfall; Relationship; Definition

    The process of taking large PBIs (e.g. epics and features) and breaking them down in to small PBIs (e.g. user stories and tasks) is called user story decomposition and is often challenging for new-to-Agile teams

    Backlog Exercise 1.3 User story decomposition: password reset

    30-60 minutes

    1. As a group, consider the following feature, which describes a high-level requirement from a hypothetical system:
      • FEATURE: As a customer, I want to be able to set and reset my password, so that I can transact with the system securely.
    2. Imagine your delivery team tells you that this is user story is too large to complete in one sprint, so they have asked you to decompose it into smaller pieces. Work together to break this feature down into several smaller user stories:
    User Story 1: User Story 2: User Story 3:
    As A I Want So That. As A I Want So That. As A I Want So That.

    Output

    • An epic which has been decomposed into smaller user stories which can be completed independently

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Backlog Exercise 1.3 User story decomposition: password reset

    Epic: As a customer, I want to be able to set and reset my password, so that I can transact securely.

    A single epic can be broken down into multiple user stories

    User Story 1: User Story 2: User Story 3: User Story 4:
    This is a picture of user story 1 This is a picture of user story 2 This is a picture of user story 3 This is a picture of user story 4

    Acceptance Criteria:
    Given that the customer has a password that they want to change,
    When the administrator clicks reset password on the admin console,
    Then the system will change the password and send it to the user.

    Acceptance Criteria:
    Given that the customer has a password that they want to change,
    When they click reset password in the system,
    Then the system will allow them to choose a new password and will save it the password and send it to the user.

    Acceptance Criteria:
    Given that the customer has not logged onto the system before,
    When they initially log in,
    Then the system will prompt them to change their password.

    Acceptance Criteria:
    Given that a password is stored in the database,
    When anyone looks at the password field in the database,
    Then the actual password will not be visible or easily decrypted.

    Are enablers included in your backlogs? Should they be?

    An enabler is any support activity needed to provide the means for future functionality. Enablers build out the technical foundations (e.g. architecture) of the product and uphold technical quality standards.

    Your audience will dictate the level of detail and granularity you should include in your enabler, but it is a good rule of thumb to stick to the feature level.

    Enablers

    Description

    Enabler Epics

    Non-functional and other technical requirements that support your features (e.g. data and system requirements)

    Enabler Capabilities of Features

    Enabler Stories

    Consider the various types of enabler

    Exploration

    Architectural

    Any efforts toward learning customer or user needs and creation of solutions and alternatives. Exploration enablers are heavily linked to learning milestones.

    Any efforts toward building components of your architecture. These will often be linked to delivery teams other than your pure development team.

    Infrastructure

    Compliance

    Any efforts toward building various development and testing environments. Again, these are artifacts that will relate to other delivery teams.

    Any efforts toward regulatory and compliance requirements in your development activities. These can be both internal and external.

    Source: Scaled Agile, "Enablers."

    Create, split, and bundle your PBIs

    The following questions can be helpful in dissecting an epic down to the user story level. The same line of thinking can also be useful for bundling multiple small PBIs together.

    An image showing how to Create, split, and bundle your PBIs

    Backlog Exercise 1.4 (Optional)
    Decompose a real epic

    30 minutes

    1. As a group, select a real epic or feature from one of your project backlogs which needs to be decomposed:
    2. Work together to decompose this epic down into several smaller features and/or user stories (user stories must be small enough to reasonably be completed within a sprint):

    Epic to be decomposed:

    As a ____ I want _____ so that ______

    User Story 1: User Story 2: User Story 3:
    As A I Want So That. As A I Want So That. As A I Want So That.

    Output

    • A real epic from your project backlog which has been decomposed into smaller features and user stories

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Backlog Management Module

    Manage your backlog effectively

    Activities

    Backlog 2.1 Identify enablers and blockers

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Backlog PBI filters.
    • A better understanding of backlog types and levels.

    Effective backlog management and refinement

    Working with a tiered backlog

    an image showing the backlog tiers: New Idea; Ideas; Qualified; Ready - sprint.

    Use a tiered approach to managing your backlog, and always work on the highest priority items first.

    Distinguish your specific goals for refining in the product backlog vs. planning for a sprint itself

    Often backlog refinement is used interchangeably or considered a part of sprint planning. The reality is they are very similar, as the required participants and objectives are the same however, there are some key differences.

    An image of a Venn diagram comparing Backlog Refinement to sprint Planning.

    A better way to view them is "pre-planning" and "planning."

    A backlog stores and organizes PBIs at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    • Detailed Appropriately: Product backlog items (PBIs) are broken down and refined as necessary.
    • Emergent: The backlog grows and evolves over time as PBIs are added and removed.
    • Estimated: The effort a PBI requires is estimated at each tier.
    • Prioritized: The PBIs value and priority are determined at each tier.

    (Perforce, 2018)

    An image showing the Ideas; Qualified; Ready; funnel leading to the sprint approach.

    Backlog tiers facilitate product planning steps

    An image of the product planning steps facilitated by Backlog Tiers

    Each activity is a variation of measuring value and estimating effort to validate and prioritize a PBI.

    A PBI meets our definition of done and passes through to the next backlog tier when it meets the appropriate criteria. Quality filters should exist between each tier.

    Backlog Exercise 2.1 Build a starting checklist of quality filters

    60 minutes

    1. Quality filters provide a checklist to ensure each Product Backlog Item (PBI) meets our definition of Done and is ready to move to the next backlog group (status).
    2. Create a checklist of basic descriptors that must be completed between each backlog level.
    3. If you completed this exercise in a different Module, review and update it here.
    4. Use this information to start your product strategy playbook in Deliver on Your Digital Product Vision.

    An image of the backlog tiers, identifying where product backlog and sprint backlog are

    Output

    • List of enablers and blockers to establishing product owners

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Outline the criteria to proceed to the next tier via quality filters

    Expand the concepts of defining "ready" and "done" to include the other stages of a PBIs journey through product planning.

    An image showing the approach you will use to Outline the criteria to proceed to the next tier via quality filters

    Info-Tech Insight: A quality filter ensures quality is met and teams are armed with the right information to work more efficiently and improve throughput.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Facilitator slides: Explaining MVP

    Notes and Instructions

    The primary intent of this exercise is to explain the complex notion of MVP (it is one of the most misunderstood and contentious issues in Agile delivery). The exercise is intended to explain it in a simple and digestible way that will fundamentally change participants' understanding of MVP.

    Note that the slide contains animations.

    Imagine that your stakeholder tells you they want a blue 4-door sedan (consider this our "MVP" at this point), and you decide to build it the traditional way. As you build it (tires, then frame, then body, then joint body with frame and install engine), the stakeholder doesn't have anything they can use, and so they are only happy (and able to get value) at the end when the entire car is finished (point out the stakeholder "faces" go from unhappy to happy in the end).
    Animation 1:
    When we use Agile methods, we don't want to wait until the end before we have something the stakeholders can use. So instead of waiting until the entire car is completed, we decide our first iteration will be to give the stakeholder "a simple (blue) wheeled transportation device"…namely a skateboard that they can use for a little while (it's not a car, but it is something the stakeholder can use to get places).
    Animation 2:
    After the stakeholder has tried out the skateboard, we ask for feedback. They tell us the skateboard helped them to get around faster than walking, but they don't like the fact that it is so hard to maintain your balance on it. So, we add a handle to the skateboard to turn it into a scooter. The stakeholder then uses the scooter for a while. Stakeholder feedback says staying balanced on the scooter is much easier, but they don't have a place to put groceries when they go shopping, so can we do something about that?
    (Continued on next slide…)

    Facilitator slides: Explaining MVP

    Notes and Instructions
    Animation 3:
    Next, we build the stakeholder a bicycle and let them use it for a while before asking for feedback. The stakeholder tells us they love the bicycle, but they admit they get tired on long trips, so is there something we can do about that?
    Animation 4:
    So next we add a motor to the bicycle to turn it into a motorcycle, and again we give it to the stakeholder to use for a while. When we ask the stakeholder for feedback, they tell us that they love the motorcycle so much because they love the feeling of the wind in their hair, they've decided that they no longer want a 4-door sedan, but instead would prefer a blue 2-door convertible.
    Animation 5:
    And so, for our last iteration, we build the stakeholder what they actually wanted (a blue 2-door convertible) instead of what they asked for (a blue 4-door sedan), and we see that they are happier than they would have been if we had delivered the traditional way.

    INSIGHTS:

    • An MVP cannot be fully known at the beginning of a project (it is the "journey" of creating the MVP with stakeholders that defines what it looks like in the end).
    • Sometimes, stakeholders don't (or can't) know what they want until they see it.
    • There is no "straight path" to your MVP, you determine the path forward based on what you learned in the previous iterations.
    • This approach is part of the "power of Agile" and demonstrates why Agile can produce better outcomes and happier stakeholders.

    Understanding minimum viable product

    NOT Like This:

    This is a series of images. The top half of the image, shows building a car by starting with the wheels. The bottom Image shows the progression from skateboard, to scooter, to bike, to motorcycle, to car.

    It's Like This:

    Use iterations to maximize value delivery

    An image showing how to use iterations to maximize value delivery.

    Use iterations to reduce accumulated risk

    An image showing how to use iterations to reduce accumulated risk.

    Understanding MVP
    (always be ready to go live)

    A great and wise pharaoh hires two architects to build his memorial pyramids.

    An image shows two architects contribution to pyramid construction.

    Understanding MVP
    (always be ready to go live)

    Several years go by, and then…

    The pharaoh is on his death bed.

    Backlog Management Module

    Manage your backlog effectively

    Activities

    Backlog 3.1 Identify key insights and takeaways
    Backlog 3.2 Perform exit survey and capture results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways.

    Backlog Exercise 3.1 Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the Intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:

    What key insights have you gained?

    What takeaways have you identified?

    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Backlog Exercise 3.2 Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:
    Each module provides guidance and supporting activities related to a specific Agile challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.
    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Scrum Simulation Module

    Scrum sprint planning and retrospective simulation

    Activities

    1.1 Identify your scrum pains
    1.2 Review scrum simulation intro
    1.3 Create a mock backlog
    1.4 Review sprint 0
    1.5 Determine a budget and timeline
    1.6 Understand minimum viable product
    1.7 Plan your first sprint
    1.8 Do a sprint retrospective
    1.9 "What if" exercise (understanding what a fluid backlog really means)
    1.10 A sprint 1 example
    1.11 Simulate more sprints

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of Scrum (particularly backlog management and user story decomposition).

    Facilitator slides: Scrum Simulation Introduction

    Introduction Tab

    Talk to the nature of the Scrum team:

    • Collective ownership/responsibility for delivery.
    • The organization has given you great power. With great power comes great responsibility.
    • You may each be specialists in some way, but you need to be prepared to do anything the project requires (no one goes home until everyone can go home).
    • Product owner: Special role, empowered by the organization to act as a single, authoritative voice for stakeholders (again great power/responsibility), determines requirements and priorities, three ears (business/stakeholders/team), holds the vision for the project, answer questions from the team (or finds someone who can answer questions), must balance autonomy with stakeholder needs, is first among equals on the Scrum team, is laser-focused on getting the best possible outcome with the resources, money, and circumstances ← PO acts as the "pathfinder" for the project.
    • Talk about the criticality and qualities of the PO: well-respected, highly collaborative, wise decision maker, a "get it done" type (healthy bias toward immediacy), has a vision for product, understands stakeholders, can get stakeholders' attention when needed, is dedicated full-time to the project, can access help when needed, etc.
    • The rest of you are the delivery team (have avoided singling out an SM for this – not needed for the exercise – but SM is the servant leader/orchestra conductor for the delivery team. The facilitator should act as a pseudo-SM for this exercise).

    Speak about the "bank realizes that the precise scope of the first release can only be fully known at the end of the project" statement and what it means.

    Discuss exercise and everyone's roles (make sure everyone clear), make it as realistic as possible. Your level of participation will determine how much value you get.

    Discuss any questions the participants might have about the background section on the introduction tab. The exercise has been defined in a way that minimizes the scope and complexity of the work to be done by assuming there are existing web-capable services exposed to the bank's legacy system(s) and that the project is mostly about putting a deployable web front end in place.

    Speak about "definition of done": Why was it defined this way? What are the boundaries? What happens if we define it to be only up to unit testing?

    Facilitator slides: Scrum Simulation, Create a Mock Backlog

    Create a Mock Backlog Tab

    This exercise is intended to help participants understand the steps involved in creating an initial backlog and deciding on their MVP.

    Note: The output from this exercise will not be used in the remainder of the simulation (a backlog for the simulation already exists on tab Sprint 0) so don't overdo it on this exercise. Do enough to help the participants understand the basic steps involved (brainstorm features and functions for the app, group them into epics, and decide which will be in- and out-of-scope for MVP). Examples have been provided for all steps of this exercise and are shown in grey to indicate they should be replaced by the participants.

    Step 1: Have all participants brainstorm "features and functions" that they think should be available in the online banking app (stop once you have what feels like a "good enough" list to move on to the next step) – these do not need to be captured as user stories just yet.

    Step 2: Review the list of features and functions with participants and decide on several epics to capture groups of related features and functions (bill payments, etc.). Think of these as forming the high-level structure of your requirements. Now, organize all the features and functions from Step 1, into their appropriate epic (you can identify as many epics as you like, but try to keep them to a minimum).

    Step 3: Point out that on the Introduction tab, you were told the bank wants the first release to go live as soon as possible. So have participants go over the list of features and functions and identify those that they feel are most important (and should therefore go into the first release – that is, the MVP), and which they would leave for future releases. Help participants think critically and in a structured way about how to make these very hard decisions. Point out that the product owner is the ultimate decision maker here, but that the entire team should have input into the decision. Point out that all the features and functions that make up the MVP will be referred to as the "project backlog," and all the rest will be known as the "product backlog" (these are of course, just logical separations, there is only one physical backlog).

    Step 4: This step is optional and involves asking the participants to create user stories (e.g. "As a __, I want ___ so that ___") for all the epics and features and functions that make up their chosen MVP. This step is to get them used to creating user stories, because they will need to get used to doing this. Note that many who are new to Agile often have difficulty writing user stories and end up overdoing it (e.g. providing a long-winded list of things in the "I want ___" part of the user story for an epic) or struggling to come up with something for the "so that ____" part). Help them to get good at quickly capturing the gist of what should be in the user story (the details come later).

    Facilitator slides: Scrum Simulation, Budget and Timeline

    Project Budget and Timeline

    Total Number of Sprints = 305/20 = 15.25 → ROUND UP TO 16 (Why? You can't do a "partial sprint" – plus, give yourself a little breathing room.)

    Cost Per Sprint = 6 x $75 x 8 x 10 = $36,000

    Total Timeline = 16 * 2 = 32 Weeks

    Total Cost of First Release = $36,000 x 16 = $572,000

    Talk about the "commitment" a Scrum delivery team makes to the organization ("We can't tell you exactly what we will deliver, but based on what we know, if you give the team 32 weeks, we will deliver something like what is in the project backlog – subject to any changes our stakeholder tell us are needed"). Most importantly, the team commits to doing the most important backlog items first, so if we run out of time, the unfinished work will be the least valuable user stories. Lastly, to keep to the schedule/timeline, items may move in and out of the project backlog – this is part of the normal and important "horse trading" that takes place on health Agile projects.

    Speak to the fact that this approach allows you to provide a "deterministic" answer about how long a project will take and how much it will cost while keeping the project requirements flexible.

    Facilitator slides: Scrum Simulation, Sprint 0

    Sprint 0 Tab

    This is an unprioritized list, organized to make sense, and includes a user story (plus some stuff), and "good enough estimates" – How good?... Eh! (shoulder shrug)
    Point out the limited ("lazy") investment → Agile principle: simplicity, the art of maximizing the work not done.
    Point out that only way to really understand a requirement is to see a working example (requirements often change once the stakeholders see a working example – the "that's not what I meant" factor).

    Estimates are a balancing act (good enough that we understand the overall approximate size of this, and still acknowledges that more details will have to wait until we decide to put that requirement into a Sprint – remember, no one knows how long this project is going to take (or even what the final deliverable will look like) so don't over invest in estimates here.)

    Sprint velocity calculation is just a best guess → be prepared to find that your initial guess was off (but you will know this early rather than at the end of the project). This should lead to a healthy discussion about why the discrepancy is happening (sprint retrospectives can help here). Note: Sprint velocity doesn't assume working evenings and weekends!

    Speak to the importance of Sprint velocity being based on a "sustainable pace" by the delivery team. Calculations that implicitly expect sustained overtime in order to meet the delivery date must be avoided. Part of the power of Agile comes from this critical insight. Critical → Your project's execution will need to be adjusted to accommodate the actual sprint velocity of the team!

    Point out the "project backlog" and separation from the "product backlog" (and no sprint backlog yet!).

    Point out the function/benefits of the backlog:

    • A single holding place for all the work that needs to be done (so you don't forget/ignore anything).
    • Can calculate how much work is left to do.
    • A mechanism for prioritizing deliverables.
    • A list of placeholders for further discussion.
    • An evolving list that will grow and shrink over time.
    • A "living document" that must be maintained over the course of the project.

    Talk about large items in backlog (>20 pts) and how to deal with them (do we need to break them up now?).

    Give participants time to review the backlog: Questions/What would you be doing if this were real/We're going to collectively work through this backlog.
    Sprint 0 is your opportunity to: get organized as a team, do high level design, strategize on approach, think about test data, environments, etc. – it is the "Ready-Set" in "Ready-Set-Go."
    Think about doing a High/Med/Low value determination for each user story.

    Simulation Exercise 1.1 Identify your Scrum pains

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      • What specific challenges are you facing with your Scrum practices?
    2. Capture your findings in the table below:

    What are your specific Scrum challenges?

    • (e.g. We don't know how to decide on our minimum viable product (MVP), or what to start working on first)
    • (e.g. We don't have a product owner assigned to the project)
    • (e.g. Our daily standups often take 30-60 minutes to complete)
    • (e.g. We heard Scrum was supposed to reduce the number of meetings we have, but instead, meetings have increased)
    • (e.g. We don't know how to determine the budget for an Agile project)

    Output

    • Your specific Scrum related challenges

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.2 Review Scrum Simulation intro

    30 minutes

    1. Ask participants to read the Introduction tab in the Scrum Simulation Exercise(5 minutes)
    2. Discuss and answer any questions the participants may have about the introduction (5 minutes)
    3. Discuss the approach your org would use to deliver this using their traditional approach (5 minutes)

    This is an image of the Introduction tab in the Scrum Simulation Exercise

    How would your organization deliver this using their traditional approach?

    1. Capture all requirements in a document and get signoff from stakeholders
    2. Create a detailed design for the entire system
    3. Build and test the system
    4. Deploy it into production

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Simulation Exercise 1.3 Create a mock backlog

    30-60 minutes

    Step 1: Brainstorm "Features and Functions" that the group feels would be needed for this app

    Capture anything that you feel might be needed in the Online Banking Application:

    • See account balances
    • Pay a bill online
    • Set up payees for online bill payments
    • Make a deposit online
    • See a history of account transactions
    • Logon and logoff
    • Make an e-transfer
    • Schedule a bill payment for the future
    • Search for a transaction by payee/date/amount/etc.
    • Register for app
    • Reset password

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Create a mock initial backlog for the simulated project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.3 Create a mock backlog

    30-60 minutes

    Step 2: Identify your epics

    1. Categorize your "Features and Functions" list into several epics for the application:

    Epics

    "Features and Functions" in This Epic

    Administration

    - Logon and logoff
    - Register for app
    - Reset password

    Accounts

    - See account balances
    - See a history of account transactions
    - Search for a transaction by payee/date/amount

    Bill payments

    - Set up payees for online bill payments
    - Pay a bill online
    - Schedule a bill payment for the future

    Deposits

    - Make a deposit online

    E-transfers

    - Make an e-transfer

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Create a mock initial backlog for the simulated project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.3 Create a mock backlog

    30-60 minutes

    Step 3: Identify your MVP

    1. Decide which "Features and Functions" will be in your MVP and which will be delivered in future releases:

    YOUR MVP (Project Backlog)

    Epics

    "Features and Functions" in This Epic

    Administration

    - Logon and logoff
    - Register for app

    Accounts

    - See account balances
    - See a history of account transactions

    Bill payments

    - Set up payees for online bill payments
    - Pay a bill online

    FOR FUTURE RELEASES (Product Backlog)

    Epics

    In Scope

    Deposits- Make a deposit online
    Accounts- Search for a transaction by payee/date/amount/etc.
    Bill payments- Schedule a bill payment for the future

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Create a mock initial backlog for the simulated project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.3 Create a mock backlog

    30-60 minutes

    Step 3: Identify your MVP

    1. Decide which "Features and Functions" will be in your MVP and which will be delivered in future releases:

    YOUR MVP EPICS

    Epics

    "Features and Functions" in This Epic

    Administration

    - Logon and logoff
    - Register for app

    Accounts

    - See account balances
    - See a history of account transactions

    Bill payments

    - Set up payees for online bill payments
    - Pay a bill online

    YOUR MVP USER STORIES

    Epics

    In Scope

    Logon and LogoffAs a user, I want to logon/logoff the app so I can do my banking securely
    Register for AppAs a user, I want to register to use the app so I can bank online
    See Account BalancesAs a user, I want to see my account balances so that I know my current financial status
    See a History of Account TransactionsAs a user, I want to see a history of my account transactions, so I am aware of where my money goes
    Set up Payees for Online Bill PaymentsAs a user, I want to set up payees so that I can easily pay my bills
    Pay a Bill OnlineAs a user, I want to pay bills online, so they get paid on time

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Create a mock initial backlog for the simulated project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.4 Review
    Sprint 0

    The Online Banking Application of the spreadsheet for Sprint 0.

    Step 1: Set aside the Mock Backlog just created (you will be using the Backlog on Sprint 0 for remainder of exercise).
    Step 2: Introduce and walk through the Backlog on the Sprint 0 tab in the Scrum Simulation Exercise.
    Step 3: Discuss and answer any questions the participants may have about the Sprint 0 tab.
    Step 4: Capture any important issues or clarifications from this discussion in the table below.

    Important issues or clarifications from the Sprint 0 tab:

    • (e.g. What is the difference between the project backlog and the product backlog?)
    • (e.g. What do we do with user stories that are bigger than our sprint velocity?)
    • (e.g. Has the project backlog been prioritized?)
    • (e.g. How do we decide what to work on first?)

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Understand Sprint 0 for Scrum Simulation Exercise

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.4 Review
    Sprint 0

    30-60 minutes

    1. Using the information found on the Sprint 0 tab, determine the projected timeline and cost for this project's first release:

    GIVEN

    Total Story Points in Project Backlog (First Release): 307 Story Points
    Expected Sprint Velocity: 20 Story Points/Sprint
    Total Team Size (PO, SM and 4-person Delivery Team): 6 People
    Blended Hourly Rate Per Team Member (assume 8hr day): $75/Hour
    Sprint Duration: 2 Weeks

    DETERMINE

    Expected Number of Sprints to Complete Project Backlog:
    Cost Per Sprint ($):
    Total Expected Timeline (weeks):
    Total Cost of First Release:

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • How to determine expected cost and timeline for an Agile project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    The Estimation Cone of Uncertainty

    The Estimation Cone of Uncertainty

    Simulation Exercise 1.6 Understanding minimum viable products (MVP)

    30 minutes

    1. Discuss your current understanding of MVP.

    How do you describe/define MVP?

    • (Discuss/capture your understanding of minimum viable product)

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Capture your current understanding of Minimum Viable Product

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Facilitator slides: Explaining MVP

    Notes and Instructions

    The primary intent of this exercise is to explain the complex notion of MVP (it is one of the most misunderstood and contentious issues in Agile delivery). The exercise is intended to explain it in a simple and digestible way that will fundamentally change participants' understanding of MVP.
    Note that the slide contains animations.

    Imagine that your stakeholder tells you they want a blue 4-door sedan (consider this our "MVP" at this point), and you decide to build it the traditional way. As you build it (tires, then frame, then body, then joint body with frame and install engine), the stakeholder doesn't have anything they can use, and so they are only happy (and able to get value) at the end when the entire car is finished (point out the stakeholder "faces" go from unhappy to happy in the end).

    Animation 1:
    When we use Agile methods, we don't want to wait until the end before we have something the stakeholders can use. So instead of waiting until the entire car is completed, we decide our first iteration will be to give the stakeholder "a simple (blue) wheeled transportation device"…namely a skateboard that they can use for a little while (it's not a car, but it is something the stakeholder can use to get places).

    Animation 2:
    After the stakeholder has tried out the skateboard, we ask for feedback. They tell us the skateboard helped them to get around faster than walking, but they don't like the fact that it is so hard to maintain your balance on it. So, we add a handle to the skateboard to turn it into a scooter. The stakeholder then uses the scooter for a while. stakeholder feedback says staying balanced on the scooter is much easier, but they don't have a place to put groceries when they go shopping, so can we do something about that?

    (Continued on next slide…)

    Facilitator slides: Explaining MVP

    Notes and Instructions

    Animation 3:
    So next we build the stakeholder a bicycle and let them use it for a while before asking for feedback. The stakeholder tells us they love the bicycle, but they admit they get tired on long trips, so is there something we can do about that?

    Animation 4:
    So next we add a motor to the bicycle to turn it into a motorcycle, and again we give it to the stakeholder to use for a while. When we ask the stakeholder for feedback, they tell us that they LOVE the motorcycle so much, and that because they love the feeling of the wind in their hair, they've decided that they no longer want a 4-door sedan, but instead would prefer a blue 2-door convertible.

    Animation 5:
    And so, for our last iteration, we build the stakeholder what they wanted (a blue 2-door convertible) instead of what they asked for (a blue 4-door sedan), and we see that they are happier than they would have been if we had delivered the traditional way.

    INSIGHTS:
    An MVP cannot be fully known at the beginning of a project (it is the "journey" of creating the MVP with stakeholders that defines what it looks like in the end).
    Sometimes, stakeholders don't (or can't) know what they want until they see it.
    There is no "straight path" to your MVP, you determine the path forward based on what you learned in the previous iterations.
    This approach is part of the "power of Agile" and demonstrates why Agile can produce better outcomes and happier stakeholders.

    Understanding minimum viable product

    NOT Like This:

    This is a series of images. The top half of the image, shows building a car by starting with the wheels. The bottom Image shows the progression from skateboard, to scooter, to bike, to motorcycle, to car.

    It's Like This:

    Use iterations to maximize value delivery

    An image showing how to use iterations to maximize value delivery

    Use iterations to reduce accumulated risk

    An image showing how to use iterations to reduce accumulated risk.

    Understanding MVP
    (always be ready to go live)

    A great and wise pharaoh hires two architects to build his memorial pyramids.

    An image shows two architects contribution to pyramid construction.

    Understanding MVP
    (always be ready to go live)

    Several years go by, and then…

    The pharaoh is on his death bed.

    Simulation Exercise 1.7 Plan your first sprint

    30-60 minutes

    Step 1: Divide participants into independent Scrum delivery teams (max 7-8 people per team) and assign a PO (5 minutes)
    Step 2: Instruct each team to work together to decide on their "MVP strategy" for delivering this project (10-15 minutes)
    Step 3: Have each team decide on which user stories they would put in their first sprint backlog (5-10 minutes)
    Step 4: Have each team report on their findings. (10 minutes)

    Describe your team's "MVP strategy" for this project (Explain why you chose this strategy):

    Identify your first sprint backlog (Explain how this aligns with your MVP strategy):

    What, if anything, did you find interesting, insightful or valuable by having completed this exercise:

    Output

    • Experience deciding on an MVP strategy and creating your first sprint backlog

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.8 Do a sprint retrospective

    30-60 minutes

    Step 1: Thinking about the work you did in Exercise 3.2.7, identify what worked well and what didn't
    Step 2: Create a list of "Start/Stop/Continue" items using the table below
    Step 3: Present your list and discuss with other teams

    1. Capture findings in the table below:

    Start:
    (What could you start doing that would make Sprint Planning work better?)

    Stop:
    (What didn't work well for the team, and so you should stop doing it?)

    Continue:
    (What worked well for the team, and so you should continue doing?)

    Output

    • Experience performing a sprint retrospective

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.9 "What if" exercise (understanding what a fluid backlog really means)

    30-60 minutes

    1. As a team, consider what you would do in each of the following scenarios (treat each one as an independent scenario rather than cumulative):

    Scenario:

    How would you deal with this:

    After playing with and testing the Sprint 1 deliverable, your stakeholders find several small bugs that need to be fixed, along with some minor changes they would like made to the system. The total amount of effort to address all of these is estimated to be 4 story points in total.

    (e.g. First and foremost, put these requests into the Project Backlog, then…)

    Despite your best efforts, your stakeholders tell you that your Sprint 1 deliverable missed the mark by a wide margin, and they have major changes they want to see made to it.

    Several stakeholders have come forward and stated that they feel strongly that the "DEPOSIT – Deposit a cheque by taking a photo" User Story should be part of the first release, and they would like to see it moved from the Product Backlog to the project backlog (Important Note: they don't want this to change the delivery date for the first release)

    Output

    • A better understanding of how to handle change using a fluid project backlog

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.10 A Sprint 1 example

    30-60 minutes

    1. Consider the following example of what your Sprint 1 deliverable could be:

    An example of what your Sprint 1 deliverable could be.

    Output

    • Better understanding of an MVP strategy

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.10 A Sprint 1 example

    30-60 minutes

    1. As a group, discuss this approach, including:
      1. The pros and cons of the approach.
      2. Is this a shippable increment?
      3. What more would you need to do to make it a shippable increment?
    2. Capture your findings in the table below:

    Discussion

    Output

    • Better understanding of an MVP strategy

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.11 Simulate more sprints

    30-60 minutes

    1. As a group, continue to simulate more sprints for the online banking app:
      1. Simulate the planning, execution, demo, and retro stages for additional sprints
      2. Stop when you have had enough
    2. Capture your learnings in the table below:

    Discussion and learnings

    Output

    • Better understanding of an MVP strategy

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Scrum Simulation Module

    Simulate effective scrum practices

    Activities

    2.1 Execute the ball passing sprints

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Model and understand behavioral blockers and patterns affecting Agile teams and organizational culture.

    Pass the balls – sprint velocity game

    Goal 1. Pass as many balls as possible (Story Points) through the system during each sprint.
    Goal 2. Improve your estimation and velocity after each retrospective.

    Backlog

    An image of Sprint, passing balls from one individual to another until you reach the completion point.

    Points Completed

    Rules:

    1. Two people cannot touch the ball at the same time.
    2. Only the first and last person can hold more than one ball at a time.
    3. Every person on the Delivery Team must touch the ball at least once per sprint.
    4. Each team must record its results during the retrospective.

    Scoring:

    1. One point for every ball that completes the system.
    2. Minus one point for every dropped ball.

    Epic 1: 3 sprints

    1. 1-minute Planning
    2. 2-minute Sprints
    3. 1-minute Retrospective

    Group Retrospective
    Epic 2: 3 sprints (repeat)

    1. 1-minute Planning
    2. 2-minute Sprints
    3. 1-minute Retrospective

    Simulation Exercise 1.11 Simulate more sprints

    30-60 minutes

    Goal 1: Pass as many balls (Story Points) through the system during each sprint.
    Goal 2: Improve your estimation and velocity after each retrospective.

    1. Epic 1: 3 sprints
      1. 1-minute Planning
      2. 2-minute Sprints
      3. 1-minute Retrospective
    2. Group Retrospective
    3. Epic 2: 3 sprints
      1. 1-minute Planning
      2. 2-minute Sprints
      3. 1-minute Retrospective
    4. Group Retrospective
    5. Optionally repeat for additional sprints with team configurations or scenarios

    Rules:

    1. Two people cannot touch the ball at the same time.
    2. Only the first and last person can hold more than one ball at a time.
    3. Every person on the delivery team must touch the ball at least once per sprint.
    4. Each team must record its results during the retrospective.

    Scoring:

    1. One point for every ball that completes the system.
    2. Minus one point for every dropped ball.

    Output

    • Understand basic estimation, sprint, and retrospective techniques.
    • Experience common Agile behavior challenges.

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Facilitator slides: Sprint velocity game

    Goal:

    Pass as many balls as possible through the system during each cycle.

    Game Setup

    • Divide into teams of 8-16 people. If you have a smaller group, form one team rather than two smaller teams to start. The idea is to cause chaos with too many people in the delivery flow. See alternate versions for adding additional Epics with smaller teams.
    • Read out the instructions and ensure teams understand each one. Note that no assistance will be given during the sprints.

    Use your phone's timer to create 2-minute cycles:

    • 1-minute sprint planning
    • 2-minute delivery sprint
    • 1-minute retrospective and results recording
    • Run 3-4 cycles, then stop for a facilitated discussion of their observations and challenges.
    • Begin epic 2 and run for 3-4 more cycles.

    Facilitator slides: Sprint velocity game

    • Game Cycles
      • Epic 1: 3 complete cycles
      • 1-minute Planning
      • 2-minute Sprints
      • 1-minute Sprint retrospective
    • Group Retrospective
      • Discuss each sprint, challenges, and changes made to optimize throughput.
    • Epic 2: 3 complete cycles
      • 1-minute Planning
      • 2-minute Sprints
      • 1-minute Sprint retrospective
    • Group Retrospective
      • Discuss each sprint, challenges, and changes made to optimize throughput.
    • Game Rules
      • Each ball must have airtime. No ball cannot touch two people at the same time.
      • No person can hold more than one ball at a time.
      • Ball must be passed by every person on a team.
      • You may not pass a ball to a person directly to the person on your left or right.
      • Each team must keep score and record their results during the Retrospective.
    • Scoring
      • 1 point for every ball that completes the system.
      • Minus 1 point for every dropped ball.

    Facilitator slides: Sprint velocity game

    Facilitator Tips

    • Create a feeling of competition to get the teams to rush and work against each other. The goal is to show how this culture must be broken in Agile and DevOps. Then challenge the teams against natural silos and not focus on enterprise goals.
    • Create false urgency to increase stress, errors, and breakdowns in communication.
    • Look for patterns of traditional delivery and top-down management that limit delivery. These will emerge naturally, and teams will fall back into familiar patterns under stress.
    • Look for key lessons you want to reinforce and bring out ball game examples to help teams relate to something that is easier to understand.

    Alternate Versions

    • Run Epic 1 as one team, then have them break into typical Agile teams of 4-9 people. Compare results.
    • Run Epics with different goals: How would their approach change?
      • Fastest delivery
      • Highest production
      • Lowest defect rate
    • Have teams assign a scrum master to coordinate delivery. A scrum master and product owner are part of the overall team, but not part of the delivery team. They would not need to pass balls during each sprint.
    • Increase sprint time. Discuss right sizing sprint to complete work.
    • Give each team different numbers of balls, but don't tell them. Alternately, start each team with half as many balls, then double for Epic 2. Discuss how the sprint backlog affected their throughput.

    Facilitator slides: Sprint velocity game

    Trends to Look For and Discuss

    • False constraints - patterns where teams unnecessarily limited themselves.
    • Larger teams could have divided into smaller working teams, passing the balls between working groups.
    • Instructions did not limit that "team" meant everyone in the group. They could have formed smaller groups to process more work. LEAN
    • Using the first sprint for planning only. More time to create a POC.
    • Teams will start communicating but will grow silent, especially in later sprints. Stress interactions over the process.
    • Borrowing best practices from other teams.
    • Using retrospectives to share ideas with other teams. Stress needs to align with the company's goals, not just the team's goals.
    • How did they treat dropped balls? Rejected as errors, started over (false constraint), or picked up and continued?

    Trends to Look For and Discuss

    • Did individuals dominate the planning and execution, or did everyone feel like an equal member of the team?
    • Did they consider assigning a scrum master? The scrum master and product owner are part of the overall team, but not part of the Delivery Team. They would not need to pass balls during each Sprint.
    • What impacted their expected number of balls completed? Did it help improve quality or was it a distraction?
    • What caused their improvement in velocity? Draw the connection between how teams must work together and the need for stability.
    • Discuss the overall goal and constraints. Did they understand what the desired outcome was? Where did they make assumptions? Add talking points:
      • What if the goal was overall completed balls?
      • What if it was zero defect? No dropped balls.
      • What if it was the fastest delivery? Each ball through the system in the shortest time? Were they timing each ball?

    Scrum Simulation Module

    Simulate effective scrum practices

    Activities

    3.1 Identify key insights and takeaways

    3.2 Perform exit survey and capture results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways

    Simulation Exercise 3.1
    Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the Intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:

    What key insights have you gained?

    What takeaways have you identified?

    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 3.2
    Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:

    Each module provides guidance and supporting activities related to a specific Agile Challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Estimation Module

    Improve product backlog item estimation

    Activities

    1.1 Identify your estimation pains

    1.2 (Optional) Why do we estimate?

    1.3 How do you estimate now?

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of Agile estimation practices and how to apply them.

    Establish consistent Agile estimation fundamentals

    an image of a hierarchy answering the question What is an estimate.

    Know the truth about estimates and their potential pitfalls.

    Then, understand how Agile estimation works to avoid these pitfalls.

    Estimation Exercise 1.1 Identify your estimation pains

    30-60 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What specific challenges are you facing with your estimation practices today
      2. Capture your findings in the table below:

    What are your specific Estimation challenges?

    • (e.g. We don't estimate consistently)
    • (e.g. Our estimates are usually off by a large margin)
    • (e.g. We're not sure what approach to use when estimating)

    Output

    • Your specific estimation related challenges

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 1.2 (Optional) Why do we estimate?

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. Why do we do estimates?
      2. What value/merit do estimates have?
    2. Capture your findings in the table below:

    Why would/should you do estimates?

    • (e.g. Our stakeholders need to know how long it will take to deliver a given feature/function)

    Output

    • Better understanding of the need for estimates

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 1.2 (Optional) Why do we estimate?

    30 minutes

    1. Estimation has its merits
    2. Here are some sample reasons for estimates:
      • "Estimates allow us to predict when a sprint goal will be met, and therefore when a substantial increment of value will be delivered."
      • "Our estimates help our stakeholders plan ahead. They are part of the value we provide."
      • "Estimates help us to de-risk scope of uncertain size and complexity."
      • "Estimated work can be traded in and out of scope for other work of similar size. Without estimates, you can't trade."
      • "The very process of estimation adds value. When we estimate we discuss requirements in more detail and gain a better understanding of what is needed."
      • "Demonstrates IT's commitment to delivering valuable products and changes."
      • "Supports business ambitions with customers and stakeholders."
      • "Helps to build a sustainable value-delivery cadence."

    Source: DZone, 2013.

    Output

    • Better understanding of the need for estimates

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 1.3 How do you estimate now?

    30 minutes

    1. As a group, speak about now you currently estimate in your organization.
    2. Capture your findings in the table below:

    Why would/should you do estimates?

    • (e.g. We don't do estimates)
    • (e.g. We ask the person assigned to each task in the project plan to estimate how long it will take)

    Output

    • Your current estimation approach

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Module

    Improve product backlog item estimation

    Activities

    2.1 (Optional) Estimate a real PBI

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of Agile estimation practices and how to apply them.

    Don't expect your estimates to be accurate!

    The average rough order of magnitude estimates for software are off by is up to 400%.
    Source: Boehm, 1981

    Estimate inaccuracy has many serious repercussions on the project and organization

    66%

    Average cost overrun(1)

    33%

    Average schedule overrun (1)

    17%

    Average benefits shortfall)1)

    (1) % of software projects with given issue

    Source: McKinsey & Company, 2012

    The Estimation Cone of Uncertainty

    The Estimation Cone of Uncertainty

    What is Agile estimation?

    There is no single Agile estimation technique. When selecting an approach, adopt an Agile estimation technique that works for your organization, and don't be afraid to adapt it to your circumstances. Remember: all estimates are wrong, so use them with care and skepticism.

    • Understands and accepts the limitations of any estimation process.
    • Leverages good practices to counteract these limitations (e.g. wisdom of crowds, quality-first thinking).
    • Doesn't over-invest in individual estimate accuracy (but sees their value "in aggregate").
    • Approach can change from project to project or team to team and evolves/matures over the project lifespan.
    • Uses the estimation process as an effective tool to:
      • Make commitments about what can be accomplished in a sprint (to establish capacity).
      • Convey a measure of progress and rough expected completion dates to stakeholders (including management).

    Info-Tech Insight

    All estimates are wrong, but some can be useful (leverage the "wisdom of crowds" to improve your estimation practices).

    There are many Agile estimation techniques to choose from…

    Consensus-Building Techniques
    Planning Poker

    Most popular by far (stick with one of these unless there is a good reason to consider others)

    This approach uses the Delphi method, where a group collectively estimates the size of a PBI, or user stories, with cards numbered by story points. See our Estimate Software Delivery With Confidence blueprint.

    T-Shirt Sizing

    This approach involves collaboratively estimating PBIs against a non-numerical system (e.g. small, medium, large). See DZone and C# Corner for more information.

    Dot Voting

    This approach involves giving participants a set number of dot stickers or marks and voting on the PBIs (and options) to deliver. See Dotmocracy and Wikipedia for more information.

    Bucket System

    This approach categorizes PBIs by placing them into defined buckets, which can then be further broken down through dividing and conquering. See Agile Advice and Crisp's Blog for more information.

    Affinity Mapping

    This approach involves the individual sizing and sorting of PBIs, and then the order of these PBIs are collaboratively edited. The grouping is then associated with numerical estimates or buckets if desired. See Getting Agile for more information.

    Ordering Method

    This approach involves randomly ordering items on a scale ranging from low to high. Each member will take turns moving an item one spot lower or higher where it seems appropriate. See Apiumhub, Sheidaei Blog (variant), and SitePoint (Relative Mass Valuation) for more information.

    Ensure your teams have the right information

    Estimate accuracy and consistency improve when it is clear what you are estimating (definition of ready) and what it means to complete the PBI (definition of done).
    Be sure to establish and enforce your definition of ready/done throughout the project.

    Ready

    Done
    • The value of the story to the user is indicated.
    • The acceptance criteria for the story have been clearly described.
    • Person who will accept the user story is identified.
    • The team knows how to demo the story…
    • Design complete, code compiles, static code analysis has been performed and passed.
    • Peer reviewed with coding standards passed.
    • Unit test and smoke test are done/functional (preferably automated).
    • Passes functionality testing including security testing…

    What are story points?

    Many organizations use story point sizing to estimate their PBIs
    (e.g. epics, features, user stories, and tasks)

    • A story point is a (unitless) measure of the relative size, complexity, risk, and uncertainty, of a PBI.
    • Story points do not correspond to the exact number of hours it will take to complete the PBI.
    • When using story points, think about them in terms of their size relative to one another.
    • The delivery team's sprint velocity and capacity should also be tracked in story points.

    How do you assign a point value to a user story? There is no easy answer outside of leveraging the experience of the team. Sizes are based on relative comparisons to other PBIs or previously developed items. Example: "This user story is 3 points because it is expected to take 3 times more effort than that 1-point user story."Therefore, the measurement of a story point is only defined through the team's experience, as the team matures.

    Can you equate a point to a unit of time? First and foremost, for the purposes of backlog prioritization, you don't need to know the time, just its size relative to other PBIs. For sprint planning, release planning, or any scenario where timing is a factor, you will need to have a reasonably accurate sprint capacity determined. Again, this comes down to experience.

    "Planning poker" estimation technique

    Leverage the wisdom of crowds to improve your estimates

    an image of the user story points and the Fibonacci sequence

    Planning poker: This approach uses the Delphi method, where a group collectively estimates the size of a PBI or user story, using cards with story points on them.

    Materials: Each participant has deck of cards, containing the numbers of the Fibonacci sequence.

    Typical Participants: Product owner, scrum master (usually acts as facilitator), delivery team.

    Steps:

    1. The facilitator will select a user story.
    2. The product owner answers any questions about the user story from the group.
    3. The group makes their first round of estimates, where each participant individually selects a card without showing it to anyone, and then all selections are revealed at once.
    4. If there is consensus, the facilitator records the estimate and moves onto step 1 for another user story.
    5. If there are discrepancies, the participants should state their case for their selection (especially high or low outliers) and engage in constructive debate.
    6. The group makes an additional round of estimates, where step 3-6 are completed until there is a reasonable consensus.
    7. If the consensus is the user story is too large to fit into a sprint or too poorly defined, then the user story should be decomposed or rewritten.

    Estimation Exercise 2.1 (Optional) Estimate a real PBI

    30-60 minutes

    Step 1: As a group, select a real epic, feature, or user story from one of your project backlogs which needs to be estimated:

    PBI to be Estimated:

    As a ____ I want _____ so that ______

    Step 2: Select one person in your group to act as the product owner and discuss/question the details of the selected PBI to improve your collective understanding of the requirement (the PO will do their best to explain the PBI and answer any questions).
    Step 3: Make your first round of estimates using either T-shirt sizing or the Fibonacci sequence. Be sure to agree on the boundaries for these estimates (e.g. "extra-small" (XS) is any work that can be completed in less than an hour, while "extra-large" (XL) is anything that would take a single person a full sprint to deliver – a similar approach could be used for Fibonacci where a "1" is less than an hour's work, and "21" might be a single person for a full sprint). Don't share your answer until everyone has had a chance to decide on their Estimate value for the PBI.
    Step 4: Have everyone share their chosen estimate value and briefly explain their reasoning for the estimate. If most estimate values are the same/similar, allow the group to decide whether they have reached a "collective agreement" on the estimate. If not, repeat step 3 now that everyone has had a chance to explain their initial Estimate.
    Step 5: Capture the "collective" estimate for the PBI here:

    Our collective estimate for this PBI:

    e.g. 8 story points

    Output

    • A real PBI from your project backlog which has estimated using planning poker

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Module

    Improve product backlog item estimation

    Activities

    3.1 Guess the number of jelly beans (Round 1) (15 minutes)
    3.2 Compare the average of your guesses (15 minutes)
    3.3 Guess the number of gumballs (Round 2) (15 minutes)
    3.4 Compare your guesses against the actual number

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of why Agile estimation and reconciliation provides reliable estimates for planning.

    Facilitator Slides: Agile Estimation (Wisdom of Crowds Exercise – Rounds 1 and 2)

    Notes and Instructions

    The exercise is intended to mimic the way Planning Poker is performed in Agile Estimation. Use the exercise to demonstrate the power of the Wisdom of Crowds and how, in circumstances where the exact answer to a question is not known, asking several people for their opinion often produces more accurate results than most/any individual opinion.

    Some participants will tend to "shout out an answer" right away, so be sure to tell participants not to share their answers until everyone has had an opportunity to register their guess (this is particularly important in Round 1, where we are trying to get unvarnished guesses from the participants).

    In Round 1:

    • Be sure to emphasize that participants are guessing the total number of jelly beans in the jar (sometimes people think it is just the number visible)
    • Once all guesses are gathered and you've calculated the error for them (and the average guess), review the results with participants (Note: the actual number of jelly beans in the jar is 1600 (it is "greyed out" on the bottom line of the table – you can make it visible by turning off the grey highlight on that cell in the table)
    • Most of the time, the average guess will be closer to the actual than most (if not all) individual guesses (but be prepared for the fact that this doesn't always happen – this is especially true when the number of participants is small)
    • When discussing the results, ask participants to share the "method" they used to make their guess (particularly those who were closest to the actual). This part of the exercise can help them to make more accurate guesses in Round 2

    In Round 2:

    • Note that this time, participants are guessing the total number of visible gumballs in the image (both whole and partial gumballs are counted)
    • Once all guesses are gathered and you've calculated the error for them (and the average guess), review the results with participants (Note: the actual number of visible gumballs is 1600 (it is "greyed out" on the bottom line of the table – you can make it visible by turning off the grey highlight on that cell in the table)
    • Most of the time, the average guess will be closer to the actual in Round 2 than it was in Round 1
    • Talk to participants about the outcomes and how the results varied from Round 1 to Round 2, along with any interesting insights they may have gained from the exercise

    Estimation Exercise 3.1 Guess the number of jelly beans (Round 1)

    15 minutes

    1. Option 1: Microsoft Forms
      1. Create your own local survey by copying the template using the link below.
      2. Add the local Survey link to the exercise instructions or send the link to the participants.
      3. Give the participants 2-3 minutes to complete their guesses.
      4. Collect the consolidated Survey responses and calculate the results on the next slide.
      5. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst or Workshop Specialist can set up the survey for you.
    2. Option 2: Embedded Excel table
      1. On the results slide, double-click the table to open the embedded Excel worksheet.
      2. Record each participant's guess in the table.
    3. Alternatively, this survey can be done with sticky notes, a pen, paper, and a calculator to determine the outcomes.

    Download Survey Template:

    Info-Tech Wisdom of the Crowd 1 (Jelly Bean Guess

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 3.1 Guess the number of jelly beans (Round 1)

    15 minutes

    1. Guess the total number of jelly beans in the entire container (not just the ones you can see).
    2. Be sure not to share your guess with anyone else.
    3. It doesn't matter how you settle on your guess ("gut feel" is fine, so is being "scientific" about it, as well as everything in between).
    4. Again, please don't share your guess (or even how you settled on your guess) with anyone else (this exercise relies on independent guesses).

    See slide notes for instructions.

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 3.2 Compare the average of your guesses

    15 minutes

    A blank table for you to compare the average of your guesses at the number of Jellybeans in the Jar.

    See slide notes for instructions.

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Guess the number of gumballs

    • Option 1: Microsoft Forms
      • Create your own local survey by copying the template using the link below.
      • Add the local Survey link to the exercise instructions or send the link to the participants.
      • Give the participants 2-3 minutes to complete their guesses.
      • Collect the consolidated Survey responses and calculate the results on the next slide.
      • NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst or Workshop Specialist can set up the survey for you.
    • Option 2: Embedded Excel table
      • On the results slide, double-click the table to open the embedded Excel worksheet.
      • Record each participant's guess in the table.
    • Alternatively, this survey can be done with sticky notes, a pen, paper, and a calculator to determine the outcomes.

    Download Survey Template:

    Info-Tech Wisdom of the Crowd 2 (Gumball Guess)

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • PM's, PO's and SM's
    • Delivery Managers
    • Delivery Teams
    • Business Stakeholders
    • Senior Leaders
    • Other Interested Parties

    Estimation Exercise 3.3 Guess the number of gumballs (Round 2)

    15 minutes

    1. Guess the total number of gumballs visible in the photo shown on the right.
    2. Again, please don't share your guess with anyone.

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • PM's, PO's and SM's
    • Delivery Managers
    • Delivery Teams
    • Business Stakeholders
    • Senior Leaders
    • Other Interested Parties

    Estimation Exercise 3.2 Compare the average of your guesses

    15 minutes

    A blank table for you to compare the average of your guesses at the number of Jellybeans in the Jar.

    See slide notes for instructions.

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • PM's, PO's and SM's
    • Delivery Managers
    • Delivery Teams
    • Business Stakeholders
    • Senior Leaders
    • Other Interested Parties

    Estimation Module

    Improve product backlog item estimation

    Activities

    4.1 Identify key insights and takeaways
    4.2 Perform exit survey and capture results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways.

    Estimation Exercise 4.2
    Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the Intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:

    What key insights have you gained?

    What takeaways have you identified?

    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 4.2
    Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:

    Each module provides guidance and supporting activities related to a specific Agile Challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Product Owner Module

    Establish an effective product owner role

    Activities

    1.1 Identify your product owner pains
    1.2 What is a "product"? Who are your "consumers"?
    1.3 Define your role terminology

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand product management fundamentals.
    • Define your product management roles and terms.

    Product owners ensure we delivery the right changes, for the right people, at the right time.

    The importance of assigning an effective and empowered product owner to your Agile projects cannot be overstated.

    What is a product?

    A tangible solution, tool, or service (physical or digital), which enables the long-term and evolving delivery of value to customers, and stakeholders based on business and user requirements.

    Info-Tech Insight

    A proper definition of a product recognizes three key facts.

    1. A clear recognition that products are long-term endeavors that don't end after the project finishes.
    2. Products are not just 'apps', but can be software or services that drive value.
    3. There is more than one stakeholder group that derives value from the product or service.

    Estimation Exercise 4.2
    Perform an exit survey

    30-60 minutes

    1. As a group, discuss and capture your thoughts on:
      • What specific challenges are you facing with your product owner practices today?
    2. Capture your findings in the table below:

    What are your specific Product Owner challenges?

    • (e.g. We don't have product owners)
    • (e.g. Our product owners have "day jobs" as well, so they don't have enough time to devote to the project)
    • (e.g. Our product owners are unsure about the role and its associated responsibilities)

    Output

    • Your specific product owner challenges

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Product Owner Exercise 1.2 What is a "product"? Who are your "consumers"?

    30-60 minutes

    1. Discussion:
      1. How do you define a product, service, or application?
      2. Who are the consumers that receive value from the product?

    Input

    • Organizational knowledge
    • Internal terms and definitions

    Output

    • Our definition of products and services
    • Our definition of product and service consumers/customers

    Products and services share the same foundation and best practices

    The term "product" is used for consistency but would apply to services as well.

    Product=Service

    "Product" and "Service" are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Recognize the different product owner perspectives

    • Business
      • Customer facing, revenue generating
    • Operations
      • Keep the lights on processes
    • Technical
      • IT systems and tools

    "A product owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The product owner is someone who really 'owns' the product."

    – – Robbin Schuurman,
    "Tips for Starting Technical Product Managers"

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Implement Info-Tech's product owner capability model

    An image of Info-Tech’s product owner capability model

    Unfortunately, most product owners operate with an incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization.

    Scale products into families to improve alignment

    Operationally align product delivery to enterprise goals

    A hierarchy showing how to break enterprise goals and strategy down into product families.

    The Info-Tech difference:

    Start by piloting product families to determine which approaches work best for your organization.

    Create a common definition of what a product is and identify products in your inventory.

    Use scaling patterns to build operationally aligned product families.

    Develop a roadmap strategy to align families and products to enterprise goals and priorities.

    Use products and families to evaluate the delivery and organizational design improvements.

    Deliver Digital Products at Scale via Enterprise Product Families

    Select the right models for scaling product management

    • Pyramid
      • Logical hierarchy of products rolling into a single service area.
      • Lower levels of the pyramid focus on more discrete services.
      • Example: Human resources mapping down to supporting applications.
    • Service Grouping
      • Organization of related services into service family.
      • Direct hierarchy does not necessarily exist within the family.
      • Example: End user support and ticketing.
    • Technical Grouping
      • Logical grouping of IT infrastructure, platforms, or applications.
      • Provides full lifecycle management when hierarchies do not exist.
      • Example: Workflow and collaboration tools.
    • Market Alignment
      • Grouping of products by customer segments or market strategy.
      • Aligns product to end users and consumers.
      • Example: Customer banking products and services.
    • Organizational Alignment
      • Used at higher levels of the organization where products are aligned under divisions.
      • Separation of product management from organizational structure no longer distinct.

    Match your product management role definitions to your product family levels

    Product Ownership exists at the different operational tiers or levels in your product hierarchy. This does not imply or require a management relationship.

    Product Portfolio
    Groups of product families within an overall value stream or capability grouping.
    Product Portfolio Manager

    Product Family
    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.
    Product Family Manager

    Product
    Single product composed of one or more applications and services.
    Product Owner

    Info-Tech Insight

    The primary role conflict occurs when the product owner is a proxy for stakeholders or responsible for the delivery team. The product owner owns the product backlog. The delivery team owns the sprint backlog and delivery.

    Examine the differences between product managers and product owners

    Product management terminology is inconsistent, creating confusion in organizations introducing these roles. Understand the roles, then define terms that work best for you.

    A Table comparing the different roles of product managers to those of product owners.

    Define who manages key milestone

    Key milestones must be proactively managed. If a project manager is not available, those responsibilities need to be managed by the Product Owner or Scrum Master. Start with responsibility mapping to decide which role will be responsible.

    An image of a table with the following column headings: Example Milestones; Project Manager; Product Owner; Scrum Master*

    Product Owner Exercise 1.3 Define your role terminology

    30-60 minutes

    1. Using consistent terms is important for any organizational change and evergreen process. Capture your preferred terms to help align teams and expectations.
    Term

    Definition

    Product Owner

    • Owns and manages the product or service providing continuous delivery of value.
    • Owns the product roadmap and backlog for the product or service.
    • Works with stakeholders, end users, the delivery team, and market research to identify the product features and their estimated return on investment when implemented.
    • Responsible for refining and reprioritizing the product backlog ensuring items are "Ready" for the sprint backlog.
    • Defines KPIs to measure the value and impact of each PBI to help refine the backlog and guide the roadmap.
    • Responsible for refining and reprioritizing the sprint backlog that identifies which features will be delivered in the next sprint based on business importance.
    • Works with the product owner, stakeholders, end users, and SMEs to help define PBIs to ensure they are "Ready" for the Sprint backlog.

    Product Manager

    • Owns and manages a product or service family consisting of multiple products or services.
    • Owns the product family roadmap. Note: Product families do not have a backlog, only products do.
    • Works with stakeholders, end users, product owners, enterprise architecture, and market research to identify the product capabilities needed to accomplish goals.
    • Validates the product PBIs delivered realized the expected value and capability. Feedback is used to refine the product family roadmap and guide product owners.

    Output

    • Product management role definitions

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Product Owner Module

    Establish an effective product owner role

    Activities

    2.1 Identify enablers and blockers

    2.2 (Optional) Dissect this definition of the product owner role

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify cultural enablers and blockers for product owners.
    • Develop a deeper understanding of the product owner role.

    The importance of establishing an effective product owner role

    The critical importance of establishing an effective product owner role (PO) for your Agile projects cannot be overstated.

    Many new-to-Agile organizations do not fully appreciate the critical role played by the PO in Scrum, nor the fundamental changes the organization will need to make in support of the PO role. Both mistakes will reduce an organization's chances of successfully adopting Agile and achieving its promised benefits.

    The PO role is critical to the proper prioritization of requirements and efficient decision-making during the project.

    The PO role helps the organization to avoid "analysis paralysis" challenges often experienced in large command-and-control-style organizations.

    A poorly chosen or disengaged product owner will almost certainly stifle your Agile project.

    Note that for many organizations, "product owner" is not a formally recognized role, which can create HR issues. Some organizational education on Agile may be needed (especially if your organization is unionized).

    Info-Tech Insight

    Failing to establish effective product owners in your organization can be a "species-killing event" for your Agile transformation.

    The three A's of a product owner

    To ensure the effectiveness of a product owner, your organization should select one that meets the three A's:

    Available: Assign a PO that can focus full-time on the project. Make sure your PO can dedicate the time needed to fulfill this critical role.
    Appropriate: It's best for the PO to have strong subject matter expertise (so-called "super users" are often selected to be POs) as well as strong communication, collaboration, facilitation, and arbitration skills. A good PO will understand how to negotiate the best outcomes for the project, considering all project constraints.
    Authoritative: The PO must be empowered by your organization to speak authoritatively about priorities and goals and be able to answer questions from the project team quickly and efficiently. The PO must know when decisions can be made immediately and when they must be made in collaboration with other stakeholders – choosing a PO that is well-known and respected by stakeholders will help to make this more efficient.

    Info-Tech Insight

    It's critical to assign a PO that meets the three A's:

    • Available
    • Appropriate
    • Authoritative

    The three ears of a product owner*

    An effective product owner listens to (and effectively balances) the needs and constraints of three different groups:

    Organizational needs/constraints represent what is most important to the organization overall, and typically revolve around things like cost, schedule, return on investment, time to market, risk mitigation, conforming to policies and regulations, etc.

    Stakeholder needs/constraints represent what is most important to those who will be using the system and typically revolve around the delivery of value, ease of use, better outcomes, making their jobs easier and more efficient, getting what they ask for, etc.

    Delivery Team needs/constraints represent what is most important to those who are tasked with delivering the project and cover a broad range that includes tools, skills, capabilities, technology limitations, capacity limits, adequate testing, architectural considerations, sustainable workload, clear direction and requirements, opportunities to innovate, getting sufficient input and feedback, support for clearing roadblocks, dependencies on other teams, etc.

    Info-Tech Insight

    An effective PO will expertly balance the needs of:

    • The organization
    • Project stakeholders
    • The delivery team

    * For more, see Understanding Scrum: Why do Product Owners Have Three Ears

    A product owner doesn't act alone

    Although the PO plays a unique and central role in the success of an Agile project, it doesn't mean they "act alone."

    The PO is ultimately responsible for managing and maintaining an effective backlog over the project lifecycle, but many people contribute to maintaining this backlog (on large projects, BA's are often the primary contributors to the backlog).

    The PO role also relies heavily on stakeholders (to help define and elaborate user stories, provide input and feedback, answer questions, participate in sprint demos, participate in testing of sprint deliverables, etc.).

    The PO role also relies heavily on the delivery team. Some backlog management and story elaboration is done by delivery team members instead of the PO (think: elaborating user story details, creating acceptance criteria, writing test plans for user stories, etc.).

    The PO both contributes to these efforts and leads/oversees the efforts of others. The exact mix of "doing" and "leading" can be different on a case-by-case basis and is part of establishing the delivery team's norms.

    Given the importance of the role, care must be taken to not overburden the product owner, especially on large projects.

    Info-Tech Insight

    While being ultimately responsible for the product backlog, a PO often relies on others to aid in backlog management and maintenance.

    This is particularly true on large projects.

    The use of a proxy PO

    Sometimes, a proxy product owner is needed.

    It is always best to assign a product owner "from the business," who will bring subject matter expertise and have established relationships with stakeholders.

    When a PO from the business does not have enough time to fulfill the needs of the role completely (e.g. can only be a part-time PO, because they have a day job), assigning a proxy product owner can help to compensate for this.

    The proxy PO acts on behalf of the PO in order to reduce the PO's workload or to otherwise support them.

    Project participants (e.g. delivery team, stakeholders) should treat the PO and proxy PO as roughly equivalent.

    Project managers (PMs) and business analysts (BAs) are often good candidates for the proxy PO role.

    NOTE: It's highly advisable for the PO to attend all/most sprint demos in order to observe progress for themselves, and to identify any misalignment with expectations as early as possible (remember that the PO still has ultimate responsibility for the project outcomes).

    Info-Tech Insight

    Although not ideal, assigning a proxy PO can help to compensate for a PO who doesn't meet all three A's of Product Ownership.

    It is up to the PO and proxy to decide how they will work together (e.g. establish their norms).

    The use of a proxy PO

    The PO and proxy must work together closely and in a highly coordinated way.

    The PO and proxy must:

    • Work closely at the start of the project to agree on the overall approach they will follow, as well as any needs and constraints for the project.
    • Communicate frequently and effectively throughout the project, to ensure progress is being made and to address any challenges.
    • Have a "meeting of the minds" about how the different "parts" of the PO role will be divided between them (including when the proxy must defer to the PO on matters).
    • Focus on ensuring that all the responsibilities of the PO role are fulfilled effectively by the pair (how this is accomplished is up to the two of them to decide).
    • Ensure all project participants clearly understand the POs' and proxies' relative responsibilities to minimize confusion and mistakes.

    The use of multiple POs

    Sometimes, having multiple product owners makes sense.

    It is always best to assign a single product owner to a project. However, under certain circumstances, it can make sense to use multiple POs.

    For example, when implementing a large ERP system with many distinct modules (e.g. Finance, HR) it can be difficult to find a single PO who has sufficient subject matter expertise across all modules.

    When assigning Multiple POs to a project, be sure to identify a "Lead PO" (who is given ultimate responsibility for the entire project) and have the remaining POs act like Proxy POs.

    NOTE: Not surprisingly, it's highly advisable for the Lead PO to attend as many Sprint Demos as possible to observe progress for themselves, and to identify any misalignment with expectations as early as possible (remember that the Lead PO has ultimate responsibility for the project outcomes).

    Info-Tech Best Practice

    Although not ideal, assigning multiple POs to a project sometimes makes sense.

    When needed, be sure to identify a "Lead PO" and have the other PO's act like Proxies.

    Product Owner Exercise 2.1 Identify enablers and blockers

    30-60 minutes

    1. Brainstorm and discuss the key enablers that can help promote and ease your implementation of Product Ownership.
    2. Brainstorm and discuss the key blockers (or risks) that may interrupt or derail your efforts.
    3. Brainstorm mitigation activities for each blocker.
    Enablers Blockers Mitigation
    High business engagement and buy-in Significant time is required to implement and train resources Limit the scope for pilot project to allow time to learn
    Organizational acceptance for change Geographically distributed resources Temporarily collocate all resources and acquire virtual communication technology
    Existing tools can be customized for BRM Difficulty injecting customers in demos Educate customer groups on the importance of attendance and 'what's in it for them'

    Output

    • List of enablers and blockers to establishing product owners

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Establish an effective product owner role

    • The nature of a PO role can be somewhat foreign to many organizations, so candidates for the role will benefit from training along with coaching/mentoring support when starting out.
    • The PO must be able to make decisions quickly around project priorities, goals, and requirements.
    • A PO who is simply a conduit to a slow-moving steering committee will stifle an Agile project.
    • Establish clear boundaries and rules regarding which project decisions can be made directly by the PO and which must be escalated to stakeholders. Lean toward approaches that support the quickest decision-making (e.g. give the PO as much freedom as they need to be effective).
    • An effective PO has a good instinct for what is "good enough for now."
    • The organization can support the PO by focusing attention on goals and accomplishments rather than pushing processes and documentation.
    • Understand the difference between a project sponsor and a PO (the PO role is much more involved in the details, with a higher workload).
    • Agree on and clearly define the roles and responsibilities of PO, PM, dev manager, SM, etc. at the start of the project for clarity and efficiency.

    Characteristics to look for when selecting a product owner

    Here are some "ideal characteristics" for your POs (the more of these that are true for a given PO, the better):

    • Knows how to get things done in your organization
    • Has strong working relationships with project stakeholders (has established trust with them and is well respected by stakeholders as well as others)
    • Comes from the stakeholder community and is invested in the success of the project (ideally, will be an end user of the system)
    • Has proven communication, facilitation, mediation, and negotiation skills
    • Can effectively balance multiple competing priorities and constraints
    • Sees the big picture and strives to achieve the best outcomes possible (grounded in realistic expectations)
    • Works with a sense of urgency and welcomes ongoing feedback and collaboration with stakeholders
    • Understands how to act as an effective "funnel and filter" for stakeholder requests
    • Acts as an informal (but inspirational) leader whom others will follow
    • Has a strong sense of what is "good enough for now"
    • Protects the delivery team from distractions and keeps them focused on goals
    • Thinks strategically and incrementally

    Product Owner Exercise 2.2 (Optional) Dissect this definition of the product owner role

    30-60 minutes

    1. Take a minute or two to review the bullet points below, which describe the product owner's role.
    2. As a group, discuss the "message" for each bullet point in the description, and then identify which aspects would be "easy" and "hard" to achieve in your organization.
      • The product owner is a project team member who has been empowered by both the organization and stakeholders to act on their behalf and to guide the project directly with a single voice (supported by appropriate consultations with the organization and stakeholders).
      • The product owner must be someone with a good understanding of the project deliverable (they are often considered to be a subject matter expert in an area related to the project deliverable) and ideally is both well-known and respected by both the organization and stakeholders.
      • During the project, requirements clarification, prioritization, and scope changes are ultimately decided by the product owner, who must perform the important balancing act required by the project to adequately reflect the needs and constraints of the organization, its stakeholders, and the project team.
      • The product owner role can only be successful in an organization that has established a trusting and supportive culture. Great trust must be placed in the product owner to adequately balance competing needs in a way that leads to good outcomes for the organization. This trust must come with some authority to make important project decisions, and the organization must also support the product owner in addressing risks and roadblocks outside the control of the project team.
      • The product owner is first among equals when it comes to ultimate ownership of success for the project (along with the project delivery team itself). Because of this, any project of any significance will require the full-time effort of the product owner (don't shortchange yourself by under-investing in a willing, able, and available product owner)

    Output

    • Better understanding of the product owner role.

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Product Owner Exercise 2.2 (Optional) Dissect this definition of the product owner role

    Which aspects of the product owner are "easy" in your organization?

    Which aspects of the product owner are "hard" in your organization?

    Product Owner Module

    Establish an effective product owner role

    Activities

    3.1 Build a starting checklist of quality filters

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand the levels in a product backlog and how to create quality filters for PBIs moving through the backlog.
    • Define your product roadmap approach for key audiences.

    Product Owner Step 3: Managing effective product backlogs and roadmaps

    The primary role of the product owner is to manage the backlog effectively.

    When managed properly, the product backlog is a powerful project management tool that directly contributes to project success.

    The product owner's primary responsibility is to ensure this backlog is managed effectively.

    A backlog stores and organizes PBIs at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    • Detailed Appropriately: Product backlog items (PBIs) are broken down and refined as necessary.
    • Emergent: The backlog grows and evolves over time as PBIs are added and removed.
    • Estimated: The effort a PBI requires is estimated at each tier.
    • Prioritized: The PBIs value and priority are determined at each tier.

    (Perforce, 2018)

    An image showing the Ideas; Qualified; Ready; funnel leading to the sprint approach.

    Backlog tiers facilitate product planning steps

    An image of the product planning steps facilitated by Backlog Tiers

    Each activity is a variation of measuring value and estimating effort to validate and prioritize a PBI.

    A PBI meets our definition of done and passes through to the next backlog tier when it meets the appropriate criteria. Quality filters should exist between each tier.

    Backlog Exercise 2.1 Build a starting checklist of quality filters

    60 minutes

    1. Quality filters provide a checklist to ensure each Product Backlog Item (PBI) meets our definition of Done and is ready to move to the next backlog group (status).
    2. Create a checklist of basic descriptors that must be completed between each backlog level.
    3. If you completed this exercise in a different Module, review and update it here.
    4. Use this information to start your product strategy playbook in Deliver on Your Digital Product Vision.

    An image of the backlog tiers, identifying where product backlog and sprint backlog are

    Output

    • List of enablers and blockers to establishing product owners

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Outline the criteria to proceed to the next tier via quality filters

    Expand the concepts of defining "ready" and "done" to include the other stages of a PBIs journey through product planning.

    An image showing the approach you will use to Outline the criteria to proceed to the next tier via quality filters

    Info-Tech Insight: A quality filter ensures quality is met and teams are armed with the right information to work more efficiently and improve throughput.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver.

    Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    This is an image Adapted from: Pichler, What Is Product Management?

    Adapted from: Pichler, "What Is Product Management?"

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    An example of performing planning and analysis at the family level.

    Leverage the product family roadmap for alignment

    It's more than a set of colorful boxes. It's the map to align everyone to where you are going.

    • Your product family roadmap:
      • Lays out a strategy for your product family.
      • Is a statement of intent for your family of products.
      • Communicates direction for the entire product family and product teams.
      • Directly connects to the organization's goals.
    • However, it is not:
      • Representative of a hard commitment.
      • A simple combination of your current product roadmaps.

    Your ideal roadmap approach is a spectrum, not a choice!

    Match your roadmap and backlog to the needs of the product.

    Tactical vs strategic roadmaps.

    Product Managers do not have to choose between being tactical or strategic.
    – Aha!, 2015

    Multiple roadmap views can communicate differently yet tell the same truth

    Audience

    Business/
    IT Leaders

    Users/Customers

    Delivery Teams

    Roadmap

    View

    Portfolio

    Product Family

    Technology

    Objectives

    To provide a snapshot
    of the portfolio and
    priority products

    To visualize and validate product strategy

    To coordinate broad technology and architecture decisions

    Artifacts

    Line items or sections of the roadmap are made up of individual products, and an artifact represents a disposition at its highest level.

    Artifacts are generally grouped by product teams and consist of strategic goals and the features that realize
    those goals.

    Artifacts are grouped by
    the teams who deliver
    that work and consist of technical capabilities that support the broader delivery of value for the product family.

    Product Owner Exercise 3.1 Build a starting checklist of quality filters

    60 minutes

    1. Views provide roadmap information to different audiences in the format and level of detail that is fit to their purpose.
    2. Consider the three primary audiences for roadmap alignment.
    3. Define the roles or people who the view best fits.
    4. Define the level of detail or artifacts shared in the view for each audience.
    5. Use this information to start your product strategy playbook in Deliver on Your Digital Product Vision.

    Business/
    IT Leaders

    Users/Customers

    Delivery Teams

    Audience:

    Audience:

    Audience:

    Level of Detail/Artifacts:

    Level of Detail/Artifacts:

    Level of Detail/Artifacts:

    Output

    • List of enablers and blockers to establishing product owners

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Connecting your product family roadmaps to product roadmaps

    Your product and product family roadmaps should be connected at an artifact level that is common between both. Typically, this is done with capabilities, but it can be done at a more granular level if an understanding of capabilities isn't available.

    A comparison between product family roadmaps and product roadmaps.

    Use product roadmaps to align cross-team dependencies

    Regardless of how other teams operate, teams need to align to common milestones.

    An image showing how you may Use product roadmaps to align cross-team dependencies

    Product Owner Module

    Establish an effective product owner role

    Activities

    4.1 Identify key insights and takeaways

    4.2 Perform exit survey and capture results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways.

    Product Owner Exercise 4.1
    Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the Intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:
    What key insights have you gained? What takeaways have you identified?
    (e.g. better understanding of Agile mindset, principles, and practices) (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Product Owner Exercise 4.2
    Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:

    Each module provides guidance and supporting activities related to a specific Agile challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Product Roadmapping

    Create effective product roadmaps

    Activities

    Roadmapping 1.1 Identify your product roadmapping pains
    Roadmapping 1.2 The six "tools" of product roadmapping
    Roadmapping 1.3 Product roadmapping exercise

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand product management fundamentals
    • Understand the six "tools" of roadmapping and how to use them

    Roadmapping Exercise 1.1: Tell us what product management means to you and how it differs from a project orientation

    10-15 minutes

    1. Share your current understanding of product management.
    What is product management, and how does it differ from a project orientation?

    Output

    • Your current understanding of product management and its benefits

    Participants

    • PMs, Pos, and SMs
    • Delivery managers
    • Delivery teams
    • Business stakeholders
    • Senior leaders
    • Other interested parties

    Definition of terms

    Project

    "A temporary endeavor undertaken to create a unique product, service, or result. The temporary nature of projects indicates a beginning and an end to the project work or a phase of the project work. Projects can stand alone or be part of a program or portfolio."

    – PMBOK, PMI

    Product

    "A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements."
    Deliver on Your Digital Product Vision,
    Info-Tech Research Group

    Info-Tech Insight

    Any proper definition of product recognizes that they are long-term endeavors that don't end after the project finishes. Because of this, products need well thought out roadmaps.

    Deliver Digital Products at Scale via Enterprise Product Families

    Match your product management role definitions to your product family levels

    Product ownership exists at the different operational tiers or levels in your product hierarchy. This does not imply or require a management relationship.

    Product Portfolio
    Groups of product families within an overall value stream or capability grouping.
    Product Portfolio Manager

    Product Family
    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.
    Product Family Manager

    Product
    Single product composed of one or more applications and services.
    Product Owner

    Info-Tech Insight

    The primary role conflict occurs when the product owner is a proxy for stakeholders or responsible for the delivery team. The product owner owns the product backlog. The delivery team owns the sprint backlog and delivery.

    Roadmapping Exercise 1.2 (Optional): Define "product" in your context*

    15-30 minutes

    1. Discuss what "product" means in your organization.
    2. Create a common, enterprise definition for "product."

    For example,

    • An application, platform, or application family.
    • Discrete items that deliver value to a user/customer.

    Capture your organization's definition of product:

    * For more on Product Management see Deliver on Your Digital Product Vision

    Output

    • Your enterprise/ organizational definition of products and services.

    Participants

    • PMs, Pos, and SMs
    • Delivery managers
    • Delivery teams
    • Business stakeholders
    • Senior leaders
    • Other interested parties

    Product Roadmapping

    Create effective product roadmaps

    Activities

    The six "tools" of product roadmapping

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand product management fundamentals
    • Understand the six "tools" of roadmapping and how to use them

    The six "tools" of product roadmapping

    the 6 tools of product roadmapping: Vision; Goals; Strategy; Roadmap; Backlog; Release Plan.

    Product Roadmapping

    Create effective product roadmaps

    Activities

    Roadmapping 3.1 Product roadmapping exercise
    Roadmapping 3.2 Identify key insights and takeaways
    Roadmapping 3.3 Perform an exit survey

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand product management fundamentals
    • Understand the six "tools" of roadmapping and how to use them

    Roadmapping Exercise 1.2 (Optional): Define "product" in your context*

    30 minutes

    1. As a team, read through the exercise back story below:

    The city of Binbetter is a picturesque place that is sadly in decline because local industry jobs are slowly relocating elsewhere. So, the local government has decided to do something to reinvigorate the city. Binbetter City Council has set aside money and a parcel of land they would like to develop into a venue that will attract visitors and generate revenue for the city.

    Your team was hired to develop the site, and you have already spent time with city representatives to create a vision, goals and strategy for building out this venue (captured on the following slides). The city doesn't want to wait until the entire venue is completed before it opens to visitors, and so you have been instructed to build it incrementally in order to bring in much needed revenue as soon as possible.

    Using the vision, goals, and strategy you have created, your team will need to plan out the build (i.e. create a roadmap and release plan for which parts of the venue to build and in which order). You can assume that visitors will come to the venue after your "Release 1", even while the rest is still under construction. Select one member of your team to be designated as the product owner. The entire team will work together to consider options and agree on a roadmap/release plan, but the product owner will be the ultimate decision-maker.

    * Adapted from Rautiainen et al, Toward Agile Product and Portfolio Management, 2015

    Output

    • Practical understanding of how to apply the six tools of product roadmapping.

    Participants

    • PMs, Pos, and SMs
    • Delivery managers
    • Delivery teams
    • Business stakeholders
    • Senior leaders
    • Other interested parties

    Roadmapping Exercise 3.1: Continued

    1. As a team, review vision, goal, and strategy:
      • Is this a "good" vision statement, and if so, why?
      • Does it live up to its definition of being: "notional and inspirational, while also calling out key guidance and constraints"?
      • Does it help you to rule in/out options for the Product?
      • e.g. Would a parking lot fit the vision?
      • What about a bunch of condominiums?
      • What about a theme park?

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    Roadmapping Exercise 3.1: Continued

    1. As a team, review vision, goal, and strategy:

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    An image of a Château-style Hotel (left) and a Gothic-style Cathedral (right)

    Goals: The venue will include a Château-style Hotel, Gothic-style Cathedral, and a Monument dedicated to the city's founder, Ivy Binbetter.

    Strategy: Develop the venue incrementally, focusing on the highest value elements first (prioritizing both usages by visitors and revenue generation).

    Roadmapping Exercise 3.1: Continued

    1. As a team, review the following exercise rules:
    • Your construction team has told you that they can divide the structures into 17 "equal" components (see below)
    • Each component will require about the same amount of time and resources to complete
    • You can ask the team to build these components in any order and temporary roofs can be built for components that are not at the top of a "stack" (e.g. you can build C3 without having to build C4 and C5 at the same time)
    • However, you cannot build the tops of any buildings first (e.g. don't build M3 until M2 and M1 are in place)

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.1: Continued

    1. As a team, review vision, goal, and strategy:
      • The city has asked you to decide on your "Release 1 MVP" and has limited you to selecting between 4 and 8 components for this MVP (fewer components = earlier opening date).
      • As a team, work together to decide which components will be in your MVP (remember, the PO makes the ultimate decision).
      • Drag your (4-8) selected MVP components over from the right and assemble them below (and explain your reasoning for your MVP selections):

    Release 1 (MVP)

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    Goals: The venue will include a Château-style Hotel, Gothic-style Cathedral, and a Monument dedicated to the city's founder, Ivy Binbetter.

    Strategy: Develop the venue incrementally, focusing on the highest value elements first (prioritizing both usages by visitors and revenue generation).

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.1: Continued
    (magnified venue)

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.1: Continued

    1. As a team, decide the rest of your roadmap:
      • The city has asked you to decide on the remainder of your roadmap
      • They have limited you to selecting between 2 and 4 components for each additional release (drag your selected component into each release below):
    Release 2 Release 3 Release 4 Release 5

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    Goals: The venue will include a Château-style Hotel, Gothic-style Cathedral, and a Monument dedicated to the city's founder, Ivy Binbetter.

    Strategy: Develop the venue incrementally, focusing on the highest value elements first (prioritizing both usages by visitors and revenue generation).

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.1: Continued

    Roadmap, Release Plan and Backlog

    an example roadmap plan; INCREASING: Priority; Requirements detail; Estimate accuracy; Level of commitment.

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    Goals: The venue will include a Château-style Hotel, Gothic-style Cathedral, and a Monument dedicated to the city's founder, Ivy Binbetter.

    Strategy: Develop the venue incrementally, focusing on the highest value elements first (prioritizing both usages by visitors and revenue generation).

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.2:
    Identify key insights and takeaways

    15 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the product roadmapping module?
      2. What if any takeaways do participants feel are needed as a result of the module?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:
    What key insights have you gained?What takeaways have you identified?
    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Roadmapping Exercise 3.3
    Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Appendix

    Additional research to start your journey

    Related Info-Tech Research

    Mentoring for Agile Teams

    • Get practical help and guidance on your Agile transformation journey.

    Implement DevOps Practices That Work

    • Streamline business value delivery through the strategic adoption of DevOps practices.

    Deliver on Your Digital Product Vision

    • Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale

    • Deliver value at the scale of your organization through defining enterprise product families.

    Bibliography

    "Agile Estimation Practice." DZone.com, 13 May 2013. Web.
    "Announcing DORA 2021 Accelerate State of DevOps Report." Google Cloud Blog. Accessed 8 Nov. 2022.
    "Are Your IT Strategy and Business Strategy Aligned?" 5Q Partners, 8 Jan. 2015. Accessed Oct. 2016.
    A, Karen. "20 Mental Models for Product Managers." Medium, Product Management Insider, 2 Aug. 2018 . Web.
    ADAMS, PAUL. "Product Teams: How to Build & Structure Product Teams for Growth." Inside Intercom, 30 Oct. 2019. Web.
    Agile Alliance. "Product Owner." Agile Alliance. n.d. Web.
    Ambysoft. "2018 IT Project Success Rates Survey Results." Ambysoft. 2018. Web.
    Banfield, Richard, et al. "On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team." Pluralsight, 31 Jan. 2018. Web.
    Bloch, Michael, Sven Blumberg, and Jurgen Laartz. "Delivering Large-Scale IT Projects on Time, on Budget, and on Value." McKinsey & Company, October 2012.
    Blueprint. "10 Ways Requirements Can Sabotage Your Projects Right From the Start." Blueprint. 2012. Web.
    Boehm, Barry W. Software Engineering Economics. New Jersey: Prentice Hall, 1981.
    Breddels, Dajo, and Paul Kuijten. "Product Owner Value Game." Agile2015 Conference. 2015. Web.
    Cagan, Martin. "Behind Every Great Product." Silicon Valley Product Group. 2005. Web.
    "Chaos Report 2015." The Standish Group, 2015. Accessed 29 July 2022.
    Cohn, Mike. Succeeding With Agile: Software Development Using Scrum. Addison-Wesley. 2010. Web.
    Connellan, Thomas K. Inside the Magic Kingdom, Bard Press, 1997. Print.
    Dyba, Tore, and Torgeir Dingsøyr. "Empirical Studies of Agile Software Development: A Systematic Review." Elsevier, ScienceDirect. 24 Jan. 2008. Web.
    "How do you define a product?" Scrum.org. 4 Apr 2017, Web
    EDUCAUSE. "Aligning IT Funding Models to the Pace of Technology Change." EDUCAUSE. 14 Dec. 2015. Web.
    Eick, Stephen. "Does Code Decay? Assessing the Evidence from Change Management Data." IEEE Transactions on Software Engineering, vol. 27, no. 1, Jan. 2001, pp. 1-12. Web.
    "Enablers." Scaled Agile. n.d. Web.
    "Epic." Scaled Agile. n.d. Web.
    Eringa, Ron. "Evolution of the Product Owner." RonEringa.com. 12 June 2016. Web.
    Fernandes, Thaisa. "Spotify Squad Framework - Part I." Medium.com. 6 Mar. 2017. Web.
    Fowler, Martin. "Application Boundary." MartinFowler.com. 11 Sept. 2003. Web. 20 Nov. 2017.
    Galen, Robert. "Measuring Technical Product Managership – What Does 'Good' Look Like ...." RGalen Consulting. 5 Aug. 2015. Web.
    Hackshall, Robin. "Product Backlog Refinement." Scrum Alliance. 9 Oct. 2014. Web. Feb. 2019.
    Halisky, Merland, and Luke Lackrone. "The Product Owner's Universe." Agile Alliance, Agile2016. 2016. Web.
    Kamer, Jurriaan. "How to Build Your Own 'Spotify Model'." Medium.com. 9 Feb. 2018. Web.
    Karlsson, Johan. "Backlog Grooming: Must-Know Tips for High-Value Products." Perforce. 18 May 2018. Web. Feb. 2019.
    Lindstrom, Lowell. "7 Skills You Need to Be a Great Product Owner." Scrum Alliance. n.d. Web.
    Lawrence, Richard, and Peter Green. "The Humanizing Work Guide to Splitting User Stories." Humanizing Work, 22 Oct. 2020. Web.
    Leffingwell, Dean. "SAFe 5.0." Scaled Agile Inc. 2021. Web. Feb. 2021.
    Lucero, Mario. "Product Backlog – Deep Model." Agilelucero. 8 Oct. 2014. Web.
    Lukassen, Chris. "The Five Belts Of The Product Owner." Xebia.com. 20 Sept. 2016. Web.
    Management 3.0. "Delegation Poker Product Image." Management 3.0. n.d. Web.
    McCloskey, Heather. "Scaling Product Management: Secrets to Defeating Common Challenges." Scaling Product Management: Secrets to Defeating Common Challenges, ProductPlan, 12 July 2019 . Web.
    McCloskey, Heather. "When and How to Scale Your Product Team." UserVoice Blog, UserVoice, 21 Feb. 2017 . Web.
    Medium.com. "Exploring Key Elements of Spotify's Agile Scaling Model." Medium.com. 23 July 2018. Web.
    Mironov, Rich. "Scaling Up Product Manager/Owner Teams: - Rich Mironov's Product Bytes." Rich Mironov's Product Bytes, Mironov Consulting, 12 Apr. 2014 . Web.
    "Most Agile Transformations Will Fail." Vitality Chicago Inc., 24 Jan. 2019.
    Overeem, Barry. "A Product Owner Self-Assessment." Barry Overeem. 6 Mar. 2017. Web.
    Overeem, Barry. "Retrospective: Using the Team Radar." Barry Overeem. 27 Feb. 2017. Web.
    "PI Planning." Scaled Agile. n.d. Web.
    "PI Planning."SAFe. 2020.
    Pichler, Roman. "How to Scale the Scrum Product Owner." Roman Pichler, 28 June 2016 . Web.
    Pichler, Roman. "Product Management Framework." Pichler Consulting Limited. 2014. Web.
    Pichler, Roman. "Sprint Planning Tips for Technical Product Managers." LinkedIn. 4 Sept. 2018. Web.
    Pichler, Roman. "What Is Product Management?" Pichler Consulting Limited. 26 Nov. 2014. Web.
    Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK Guide). 7th ed., Project Management Institute, 2021.
    Radigan, Dan. "Putting the 'Flow' Back in Workflow With WIP Limits." Atlassian. n.d. Web.
    Royce, Dr. Winston W. "Managing the Development of Large Software Systems." Scf.usc.edu. 1970. Web.
    Schuurman, Robbin. "10 Tips for Technical Product Managers on Agile Product Management." Scrum.org. 28 Nov. 2017. Web.
    Schuurman, Robbin. "10 Tips for Technical Product Managers on (Business) Value." Scrum.org. 30 Nov. 2017. Web.
    Schuurman, Robbin. "10 Tips for Technical Product Managers on Product Backlog Management." Scrum.org. 5 Dec. 2017. Web.
    Schuurman, Robbin. "10 Tips for Technical Product Managers on the Product Vision." Scrum.org. 29 Nov. 2017. Web.
    Schuurman, Robbin. "Tips for Starting Technical Product Managers." Scrum.org. 27 Nov. 2017. Web.
    Sharma, Rohit. "Scaling Product Teams the Structured Way." Monetary Musings, Monetary Musings, 28 Nov. 2016 . Web.
    STEINER, ANNE. "Start to Scale Your Product Management: Multiple Teams Working on Single Product." Cprime, Cprime, 6 Aug. 2019 . Web.
    Shirazi, Reza. "Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong." Austin VOP #50. 2 Oct. 2018. Web.
    Standish Group, The. "The Standish Group 2015 Chaos Report." The Standish Group. 2015. Web.
    Theus, Andre. "When Should You Scale the Product Management Team?" When Should You Scale the Product Management Team?, ProductPlan, 7 May 2019 . Web.
    Todaro, Dave. "Splitting Epics and User Stories." Ascendle. n.d. Web. Feb. 2019.
    Tolonen, Arto. "Scaling Product Management in a Single Product Company." Smartly.io - Digital Advertising Made Easy, Effective, and Enjoyable, Smartly.io, 26 Apr. 2018 . Web.
    Ulrich, Catherine. "The 6 Types of Product Managers. Which One Do You Need?" Medium.com. 19 Dec. 2017. Web.
    Vähäniitty, J. et al. "Chapter 7: Agile Product Management" in Towards Agile Product and Portfolio Management. Aalto University Software Process Research Group, 2010.
    VersionOne. "12th Annual State of Agile Report." VersionOne. 9 April 2018. Web.
    Verwijs, Christiaan. "Retrospective: Do The Team Radar." Medium.com. 10 Feb. 2017. Web.
    "Why Agile Fails Because of Corporate Culture - DZone Agile." Dzone.Com. Accessed 31 Aug. 2021.

    page 1 of the appendix
    page 2 of the appendix
    page 3 of the appendix
    page 4 of the appendix

    Cultural advantages of Agile

    Collaboration

    Team members leverage all their experience working towards a common goal.

    Iterations

    Cycles provide opportunities for more product feedback.

    Prioritization

    The most important needs are addressed in the current iteration.

    Continual Improvement

    Self-managing teams continually improve their approach for next iteration.

    A backlog stores and organizes PBIs at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    • Detailed Appropriately: Product backlog items (PBIs) are broken down and refined as necessary.
    • Emergent: The backlog grows and evolves over time as PBIs are added and removed.
    • Estimated: The effort a PBI requires is estimated at each tier.
    • Prioritized: The PBIs value and priority are determined at each tier.

    (Perforce, 2018)

    Info-Tech Best Practice

    Don't fully elaborate all of your PBIs at the beginning of the project instead, make sure they are elaborated "just in time." (Keep no more than 2 or 3 sprints worth of user stories in the Ready state.)

    An image showing the Ideas; Qualified; Ready; funnel leading to the sprint aproach.

    Scrum versus Kanban: Key differences

    page 6 of the appendix

    Scrum versus Kanban: When to use each

    Scrum: Delivering related or grouped changes in fixed time intervals.

    • Coordinating the development or release of related items
    • Maturing a product or service
    • Interdependencies between work items

    Kanban: Delivering independent items as soon as each is ready.

    • Work items from ticketing or individual requests
    • Completing independent changes
    • Releasing changes as soon as possible

    Develop an adaptive governance process

    page 7 of the appendix

    Five key principles for building an adaptive governance framework

    Delegate and Empower

    Decision making must be delegated down within the organization, and all resources must be empowered and supported to make effective decisions.

    Define Outcomes

    Outcomes and goals must be clearly articulated and understood across the organization to ensure decisions are in line and stay within reasonable boundaries.

    Make Risk informed decisions

    Integrated risk information must be available with sufficient data to support decision making and design approaches at all levels of the organization.

    Embed / Automate

    Governance standards and activities need to be embedded in processes and practices. Optimal governance reduces its manual footprint while remaining viable. This also allows for more dynamic adaptation.

    Establish standards and behavior

    Standards and policies need to be defined as the foundation for embedding governance practices organizationally. These guardrails will create boundaries to reinforce delegated decision making.

    Maturing governance is a journey

    Organizations should look to progress in their governance stages. Ad-Hoc, and controlled governance tends to be slow, expensive, and a poor fit for modern practices.

    The goal as you progress in your stages is to delegate governance and empower teams to make optimal decisions in real-time, knowing that they are aligned with the understood best interests of the organization.

    Automate governance for optimal velocity, while mitigating risks and driving value.

    This puts your organization in the best position to be adaptive and able to react effectively to volatility and uncertainty.

    page 8 of the appendix

    Business value is a key component to driving better decision making

    Better Decisions

    • Team Engagement
    • Frequent Delivery
    • Stakeholder Input
    • Market Analysis
    • Articulating Business Value
    • Focus on Business Needs

    Facilitation Planning Tool

    • Double-click the embedded Excel workbook to select and plan your exercises and timing.
    • Place or remove the "X" in the "Add to Agenda" column to add it to the workshop agenda and duration estimate.
    • Verify the exercise and step timing estimates from the blueprint provided on the "Detailed Workshop Planner" in columns C-F and adjust based on your facilitation and intended audience.

    an image of the Facilitation Planning Tool

    Appendix:
    SDLC transformation steps

    Waterfall SDLC: Valuable product delivered at the end of an extended project lifecycle, frequently in years

    Page 1 of the SDLC Appendix.

    • Business separated from delivery of technology it needs, only one third of product is actually valuable (Info-Tech, N=40,000).
    • In Waterfall, a team of experts in specific disciplines hand off different aspects of the lifecycle.
    • Document signoffs are required to ensure integration between silos (Business, Dev, and Ops) and individuals.
    • A separate change request process lays over the entire lifecycle to prevent changes from disrupting delivery.
    • Tools are deployed to support a specific role (e.g. BA) and seldom integrated (usually requirements <-> test).

    Wagile/Agifall/WaterScrumFall SDLC: Valuable product delivered in multiple releases

    Page 2 of the SDLC Appendix.

    • Business is more closely integrated by a business product owner accountable for day-to-day delivery of value for users.
    • The team collaborates and develops cross-functional skills as they define, design, build, and test code over time.
    • Signoffs are reduced but documentation is still focused on satisfying project delivery and operations policy requirements.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Tools start to be integrated to streamline delivery (usually requirements and Agile work management tools).

    Agile SDLC: Valuable product delivered iteratively; frequency depends on Ops' capacity

    Page 3 of the SDLC Appendix.

    • Business users are closely integrated through regularly scheduled demos (e.g. every two weeks).
    • Team is fully cross-functional and collaboratesto plan, define, design, build, and test the code supported by specialists.
    • Documentation is focused on future development and operations needs.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Explore automation for application development (e.g. automated regression testing).

    Agile with DevOps SDLC: High frequency iterative delivery of valuable product (e.g. every two weeks)

    Page 4 of the SDLC Appendix.

    • Business users are closely integrated through regularly scheduled demos.
    • Dev and ops teams collaborate to plan, define, design, build, test, and deploy code supported by automation.
    • Documentation is focused on supporting users, future changes, and operational support.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Build, test, deploy is fully automated (service desk is still separated).

    DevOps SDLC: Continuous integration and delivery

    Page 5 of the SDLC Appendix.

    • Business users are closely integrated through regularly scheduled demos.
    • Fully integrated DevOps team collaborates to plan, define, design, build, test, deploy, and maintain code.
    • Documentation Is focused on future development and use adoption.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Fully integrated development and operations toolchain.

    Fully integrated product SDLC: Agile + DevOps + continuous delivery of valuable product on demand

    Page 6 of the SDLC Appendix.

    • Business users are fully integrated with the teams through dedicated business product owner.
    • Cross-functional teams collaborate across the business and technical life of the product.
    • Documentation supports internal and external needs (business, users, Ops).
    • Change is built into the process to allow the team to respond to change dynamically.
    • Fully integrated toolchain (including service desk).

    Master M&A Cybersecurity Due Diligence

    • Buy Link or Shortcode: {j2store}261|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,399 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance

    This research is designed to help organizations who are preparing for a merger or acquisition and need help with:

    • Understanding the information security risks associated with the acquisition or merger.
    • Avoiding the unwanted possibility of acquiring or merging with an organization that is already compromised by cyberattackers.
    • Identifying best practices for information security integration post merger.

    Our Advice

    Critical Insight

    The goal of M&A cybersecurity due diligence is to assess security risks and the potential for compromise. To succeed, you need to look deeper.

    Impact and Result

    • A repeatable methodology to systematically conduct cybersecurity due diligence.
    • A structured framework to rapidly assess risks, conduct risk valuation, and identify red flags.
    • Look deeper by leveraging compromise diagnostics to increase confidence that you are not acquiring a compromised entity.

    Master M&A Cybersecurity Due Diligence Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to master M&A cyber security due diligence, review Info-Tech’s methodology, and understand how we can support you in completing this project.

    [infographic]

    Create an Effective SEO Keyword Strategy

    • Buy Link or Shortcode: {j2store}568|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Digital Marketers working with an outdated or bad SEO strategy often see:

    • Declining keyword ranking and traffic
    • Poor keyword strategy
    • On-page errors

    Our Advice

    Critical Insight

    Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

    Impact and Result

    Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

    • Competitive keyword research and identification of opportunities
    • On-page keyword strategy

    Create an Effective SEO Keyword Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an Effective SEO Keyword Strategy

    Update your on-page SEO strategy with competitively relevant keywords.

    • Create an Effective SEO Keyword Strategy Storyboard
    [infographic]

    Further reading

    Create an Effective SEO Keyword Strategy
    Update your on-page SEO strategy with competitively relevant keywords.

    Analyst Perspective

    Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

    Leading search engine optimization methods focus on creating and posting relevant keyword-rich content, not just increasing page rank. Content and keywords should move a buyer along their journey, close a sale, and develop long-term relationships. Unfortunately, many SEO specialists focus on computers, not the buyer. What's even more concerning is that up to 70% of SaaS businesses have already been impacted by outdated and inefficient SEO techniques. Poor strategies often focus on ballooning SEO metrics in the short-term instead of building the company's long-term PageRank.

    Best-in-class digital marketers stop chasing the short-term highs and focus on long-term growth. This starts with developing a competitive keyword strategy and updating website content with the new keywords.

    SEO is a large topic, so we have broken the strategy into small, easy-to-implement steps, taking the guesswork out of how to use the data from SEO tools and giving CMOs a solid path to increase their SEO results.

    This is a picture of Terra Higginson

    Terra Higginson
    Marketing Research Director
    SoftwareReviews

    Executive Summary

    Your Challenge

    Digital marketers working with an outdated or bad SEO strategy often see:

    • Declining keyword ranking and traffic
    • Poor keyword strategy
    • On-page errors

    Search algorithms change all the time, which means that the strategy is often sitting on the sifting sands of technology, making SEO strategies quickly outdated.

    Common Obstacles

    Digital marketers are responsible for developing and implementing a competitive SEO strategy but increasingly encounter the following obstacles:

    • SEO practitioners that focus on gaming the system
    • Ever-changing SEO technology
    • Lack of understanding of the best SEO techniques
    • SEO techniques focus on the needs of computers, not people
    • Lack of continued investment

    SoftwareReviews' Approach

    Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

    • Competitive keyword research and identification of opportunities
    • On-page keyword strategy

    Our methodology will take a focused step-by-step strategy in a series of phases that will increase PageRank and competitive positioning.

    SoftwareReviews' SEO Methodology

    In this blueprint, we will cover:

    Good SEO vs. Poor SEO Techniques

    The difference between good and bad SEO techniques.

    Common Good
    SEO Techniques

    Common Poor
    SEO Techniques

    • Writing content for people, not machines.
    • Using SEO tools to regularly adjust and update SEO content, keywords, and backlinks.
    • Pillar and content cluster strategy in addition to a basic on- and off-page strategy.
    • Keyword stuffing and content duplication.
    • A strategy that focuses on computers first and people second.
    • Low-quality or purchased backlinks.

    Companies With Great SEO…

    Keyword Strategy

    • Have identified a keyword strategy that carves out targets within the white space available between themselves and the competition.

    Error-Free Site

    • Have error-free sites without duplicate content. Their URLs and redirects are all updated. Their site is responsive, and every page loads in under two seconds.

    Pillar & Content Clusters

    • Employ a pillar and content cluster strategy to help move the buyer through their journey.

    Authentic Off-Page Strategy

    • Build an authentic backlink strategy that incorporates the right information on the right sites to move the buyer through their journey.

    SEO Terms Defined

    A glossary to define common Phase 1 SEO terms.

    Search Volume: this measures the number of times a keyword is searched for in a certain time period. Target keywords with a volume of between 100-100,000. A search volume greater than 100,000 will be increasingly difficult to rank (A Beginner's Guide to Keyword Search Volume, 2022, Semrush).

    Keyword Difficulty: the metric that quantifies how difficult it will be to rank for a certain keyword. The keyword difficulty percentage includes the number of competitors attempting to rank for the same keyword, the quality of their content, the search intent, backlinks, and domain authority (Keyword Difficulty: What Is It and Why Is It Important? 2022, Semrush).

    Intent: this metric focuses on the intent of the user's search. All search intent is categorized into Informational, Commercial, Navigational, and Transactional (What Is Search Intent? A Complete Guide, 2022, Semrush).

    On-Page SEO: refers to the practice of search engine optimizing elements of your site such as title tags, internal links, HTML code, URL optimization, on-page content, images, and user experience.

    Off-Page SEO: refers to the practice of optimizing brand awareness (What Is Off-Page SEO? A Comprehensive Guide, 2022, Semrush).

    H1: HTML code that tells a search engine the title of the page (neilpatel.com).

    SEO Tool: A subscription-based all-in-one search engine optimization MarTech tool.

    Google's mission is to organize the world's information and make it universally accessible and useful… We believe Search should deliver the most relevant and reliable information available.
    – An excerpt from Google's mission statement

    Your Challenge

    Google makes over 4.5k algorithm changes per year1, directly impacting digital marketing search engine optimization efforts.

    Digital marketers with SEO problems will often see the following issues:

    • Keyword ranking – A decline in keyword ranking is alarming and results in decreased PageRank.
    • Bounce rate – Attracting the wrong audience to your site will increase the bounce rate because the H1 doesn't resonate with your audience.
    • Outdated keywords – Many companies are operating on a poor keyword strategy, or even worse, no keyword strategy. In addition, many marketers haven't updated their strategy to include pillar and cluster content.
    • Errors – Neglected sites often have a large number of errors.
    • Bad backlinks – Neglected sites often have a large number of toxic backlinks.

    The best place to hide a dead body is on page two of the search results.
    – Huffington Post

    Common Obstacles

    Digital marketers are responsible for developing and executing a competitive SEO strategy but increasingly encounter the following obstacles:

    • Inefficient and ineffective SEO practitioners.
    • Changing SEO technology and search engine algorithms.
    • Lack of understanding of the best-in-class SEO techniques.
    • Lack of a sustainable plan to manage the strategy and invest in SEO.

    SEO is a helpful activity when it's applied to people-first content. However, content created primarily for search engine traffic is strongly correlated with content that searchers find unsatisfying.
    – Google Search Central Blog

    Benefits of Proper SEO

    A good SEO keyword strategy will create long-term, sustainable SEO growth:

    • Write content for people, not algorithms – Good SEO prioritizes the needs of humans over the needs of computers, being ever thoughtful of the meaning of content and keywords.
    • Content that aligns with intent – Content and keyword intent will align with the buyer journey to help move prospects through the funnel.
    • Competitive keyword strategy – Find keyword white space for your brand. Keywords will be selected to optimize your ranking among competition with reasonable and sustainable targets.
    • Actionable and impactful fixes – By following the SoftwareReviews phases of SEO, you will be able to take a very large task and divide it into conquerable actions. Small improvements everyday lead to very large improvements over time.

    Digital Marketing SEO Stats

    61%
    61% of marketers believe that SEO is the key to online success.
    Source: Safari Digital

    437%
    Updating an existing title tag with an SEO optimised one can increase page clicks by more than 437%.
    Source: Safari Digital

    Good SEO Aligns With Search Intent

    What type of content is the user searching for? Align your keyword to the logical search objective.

    Informational

    This term categorizes search intent for when a user wants to inform or educate themselves on a specific topic.

    Commercial

    This term categorizes search intent for when a user wants to do research before making a purchase.

    Transactional

    This term categorizes search intent for when a user wants to purchase something.

    Navigational

    This term categorizes search intent for when a user wants to find a specific page.

    SoftwareReviews' Methodology toCreate an Effective SEO Strategy

    1. Competitive Analysis & Keyword Discovery 2. On-Page Keyword Optimization
    Phase Steps
    1. Make a list of keywords in your current SEO strategy – including search volume, keyword difficulty percentage, intent.
    2. Research the keywords of top competitors.
    3. Make a list of target keywords you would like to own – including the search volume, keyword difficulty percentage, and intent. Make sure that these keywords align with your buyer persona.
    1. List product and service pages, along with the URL and current ranking(s) for the keyword(s) for that URL.
    2. Create a new individual page strategy for each URL. Record the current keyword, rank, title tag, H1 tag, and meta description. Then, with keyword optimization in mind, develop the new title tag, new H1 tag, and new meta description. Build the target keywords into the pages and tags.
    3. Record the current ranking for the pages' keywords then reassess after three to six months.
    Phase Outcomes
    • Understanding of competitive landscape for SEO
    • A list of target new keywords
    • Keyword optimized product and service pages

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify your current SEO keyword strategy.

    Call #2: Discuss how to start a competitive keyword analysis.

    Call #4: Discuss how to build the list of target keywords.

    Call #6: Discuss keyword optimization of the product & services pages.

    Call #8: (optional)

    Schedule a call to update every three to six months.

    Call #3: Discuss the results of the competitive keyword analysis.

    Call #5: Discuss which pages to update with new target keywords.

    Call #7: Review final page content and tags.

    Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify your current SEO keyword strategy.

    Call #2: Discuss how to start a competitive keyword analysis.

    Call #4: Discuss how to build the list of target keywords.

    Call #6: Discuss keyword optimization of the product & services pages.

    Call #8: (optional)

    Schedule a call to update every three to six months.

    Call #3: Discuss the results of the competitive keyword analysis.

    Call #5: Discuss which pages to update with new target keywords.

    Call #7: Review final page content and tags.

    Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

    SoftwareReviews offers various levels of support to best suit your needs

    Included Within an Advisory Membership Optional Add-Ons
    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Insight Summary

    People-First Content

    Best-in-class SEO practitioners focus on people-first content, not computer-first content. Search engine algorithms continue to focus on how to rank better content first, and a strategy that moves your buyers through the funnel in a logical and cohesive way will beat any SEO trick over the long run.

    Find White Space

    A good SEO strategy uses competitive research to carve out white space and give them a competitive edge in an increasingly difficult ranking algorithm. An understanding of the ideal client profile and the needs of their buyer persona(s) sit as a pre-step to any good SEO strategy.

    Optimize On-Page Keywords

    By optimizing the on-page strategy with competitively relevant keywords that target your ideal client profile, marketers are able to take an easy first step at improving the SEO content strategy.

    Understand the Strategy

    If you don't understand the strategy of your SEO practitioner, you are in trouble. Marketers need to work hand in hand with their SEO specialists to quickly uncover gaps, create a strategy that aligns with the buyer persona(s), and execute the changes.

    Quality Trumps Quantity

    The quality of the prospect that your SEO efforts bring to your site is more important than the number of people brought to your site.

    Stop Here and Ask Yourself:

    • Do I have an updated (completed within the last two years) buyer persona and journey?
    • Do I know who the ICP (ideal client profile) is for my product or company?

    If not, stop here, and we can help you define your buyer persona and journey, as well as your ideal client profile before moving forward with SEO Phase 1.

    The Steps to SEO Phase 1

    The Keyword Strategy

    1. Current Keywords
      • Identify the keywords your SEO strategy is currently targeting.
    2. Competitive Analysis
      • Research the keywords of competitor(s). Identify keyword whitespace.
    3. New Target Keywords
      • Identify and rank keywords that will result in more quality leads and less competition.
    4. Product & Service Pages
      • Identify your current product and service pages. These pages represent the easiest content to update on your site.
    5. Individual Page Update
      • Develop an SEO strategy for each of your product and service pages, include primary target keyword, H1, and title tags, as well as keyword-rich description.

    Resources Needed for Search Engine Optimization

    Consider the working skills required for search engine optimization.

    Required Skills/Knowledge

    • SEO
    • Web development
    • Competitive analysis
    • Content creation
    • Understanding of buyer persona and journey
    • Digital marketing

    Suggested Titles

    • SEO Analyst
    • Competitive Intelligence Analyst
    • Content Marketing Manager
    • Website Developer
    • Digital Marketing Manager

    Digital Marketing Software

    • CMS that allows you to easily access and update your content

    SEO Software

    • SEO tool

    Step 1: Current Keywords

    Use this sheet to record your current keyword research.

    Use your SEO tool to research keywords and find the following:
    Use a quality tool like SEMRush to obtain SEO data.

    1. Keyword difficulty
    2. Search volume
    3. Search intent

    This is a screenshot of the SEO tool SEMRush, which can be used to identify current keywords.

    Step 2: Competitive Analysis

    Use this sheet to guide the research on your competitors' keywords.

    Use your SEO tool to find the following:

    1. Top organic keywords
    2. Ranking of keywords
    3. Domain authority and trust
    4. Position changes

    This is a screenshot of the SEO tool SEMRush, which can be used to perform an competitive analysis

    Step 3: New Target Keywords

    Use this sheet to record target keywords that have a good volume but are less competitive. The new target keywords should align with your buyer persona and their journey.

    Use your SEO tool to research keywords and find the following:
    Use a quality tool like SEMRush to obtain SEO data.

    1. Keyword difficulty
    2. Search volume
    3. Search intent

    This is a screenshot of the SEO tool SEMRush, which can be used to identify new target keywords.

    Step 4: Product & Service Pages

    Duplicate this page so that you have a separate page for each URL from Step 4

    Use this sheet to identify your current product and service pages.

    Use your SEO tool to find the following:

    1. Current rank
    2. Current keywords

    This is a screenshot of the SEO tool SEMRush, showing where you can display product and service pages.

    Step 5: Individual Page Strategy

    Develop a keyword strategy for each of your product and service pages. Use a fresh page for each URL.

    Date last optimized:
    mm/dd/yyyy

    This is a screenshot of the SEO tool SEMRush, with an example of how you can use an individual page strategy to develop a keyword strategy.

    Bibliography

    Council, Y. "Council Post: The Rundown On Black Hat SEO Techniques And Why You Should Avoid Them." Forbes, 2022. Accessed September 2022.

    "Our approach – How Google Search works." Google Search. Accessed September 2022.

    "The Best Place to Hide a Dead Body is Page Two of Google." HuffPost, 2022. Accessed September 2022.

    Patel, Neil. "How to Create the Perfect H1 Tag for SEO." neilpatel.com. Accessed September 2022.

    Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

    Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

    Develop Necessary Documentation for GDPR Compliance

    • Buy Link or Shortcode: {j2store}258|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • It can be an overwhelming challenge to understand what documentation is required under the GDPR.

    Our Advice

    Critical Insight

    • Hiring the right data protection officer (DPO) isn’t always easy. The person you think might be best may result in a conflict of interest. Be aware of all requirements and be objective when hiring for this role.
    • Keep retention to the bare minimum. Limiting the amount of data you are responsible for limits your liability for protecting it.
    • Under the GDPR, cookies constitute personal data. They require a standalone policy, separate from the privacy policy. Ensure pop-up cookie notification banners require active consent and give users the clear opportunity to reject them.

    Impact and Result

    • Save time developing documents by leveraging ready-to-go templates for the DPO job description, retention documents, privacy notice, and cookie policy.
    • Establishing GDPR-compliance documentation will set the foundation for an overall compliant program.

    Develop Necessary Documentation for GDPR Compliance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Hire a data protection officer

    Understand the need for a DPO and what qualities to look for in a strong candidate.

    • Develop Necessary Documentation for GDPR Compliance Storyboard
    • Data Protection Officer Job Description Template

    2. Define retention requirements

    Understand your data retention requirements under the GDPR. Develop the necessary documentation.

    • Data Retention Policy Template
    • Data Retention Schedule Tool – GDPR

    3. Develop privacy and cookie policies

    Understand your website or application’s GDPR requirements to inform users on how you process their personal data and how cookies are used. Develop the necessary documentation.

    • Privacy Notice Template – External Facing
    • Cookie Policy Template – External Facing
    [infographic]

    Explore the Secrets of Workday Licensing

    • Buy Link or Shortcode: {j2store}144|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Organizations examining a move to Workday or renewing a contract struggle to gain information and leverage in the negotiation process on commercial components such as pricing transparency, contractual flexibility, terms, and license use rights.
    • Implementations and customization can become difficult if adequate planning steps and communication are not taken beforehand.
    • The FSE Worker Calculation formula is used in the pricing process and can be negotiable.
    • Information and training documentation must be searched in online handbooks, making it difficult to find and time consuming
    • Workday’s partner ecosystem, while closely managed, isn’t flowing with resources. Finding the right partner, at the right cost to support an implementation can be challenging.

    Our Advice

    Critical Insight

    1. Know which defined areas of the agreement can be negotiated and which can't.
    2. Workday closely manages the Partner ecosystem and requests feedback on how to better support and implement its technologies. However, resource availability and talent management can be difficult as not many have the necessary skills.
    3. Recognize and accept that you’ve chosen the premium priced product in the market, so be prepared to pay up for best-in-class capabilities on a cloud-native ERP platform.

    Impact and Result

    • Focus on needs first. Conduct a thorough needs assessment and document the results. Well-documented worker counts by category and licenses required will be your best asset in navigating Workday licensing and negotiating your agreement.
    • Ensure the chosen implementation partner isn’t simply an integrator but provides consultative help and service.
    • Leverage executive relationships, downstream increased spending opportunities, and effective communication to drive and manage the relationship and attain necessary information to make effective decisions.

    Explore the Secrets of Workday Licensing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should explore the secrets of Workday licensing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand Workday

    Understand Workday’s business model, competitive options, and what to know when conducting due diligence and requirements gathering.

    • Explore the Secrets of Workday Licensing – Phase 1: Understand Workday

    2. Understand licensing, negotiate commercial terms, and purchase

    Review product options and licensing rules. Determine negotiation points. Evaluate and finalize the contract.

    • Explore the Secrets of Workday Licensing – Phase 2: Understand Licensing, Negotiate Commercial Terms, and Purchase
    • Workday Terms and Conditions Evaluation Tool
    [infographic]

    The Small Enterprise Guide to People and Resource Management

    • Buy Link or Shortcode: {j2store}602|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • 52% of small business owners agree that labor quality is their most important problem, and 76% of executives expect the talent market to get even more challenging.
    • The problem? You can't compete on salary, training budgets are slim, you need people skilled in all areas, and even one resignation represents a large part of your workforce.

    Our Advice

    Critical Insight

    • The usual, reactive approach to workforce management is risky:
      • Optimizing tactics helps you hire faster, train more, and negotiate better contracts.
      • But fulfilling needs as they arise costs more, has greater risk of failure, and leaves you unprepared for future needs.
    • In a small enterprise where every resource counts, in which one hire represents 10% of your workforce, it is essential to get it right.

    Impact and Result

    • Workforce planning helps you anticipate future needs.
    • More lead time means better decisions at lower cost.
    • Small Enterprises benefit most, since every resource counts.

    The Small Enterprise Guide to People and Resource Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. The Small Enterprise Guide to People and Resource Management Deck – Find out why workforce planning is critical for small enterprises.

    Use this storyboard to lay the foundation of people and resources management practices in your small enterprise IT department.

    • The Small Enterprise Guide to People and Resource Management – Phases 1-3

    2. Workforce Planning Workbook – Use the tool to successfully complete all of the activities required to define and estimate your workforce needs for the future.

    Use these concise exercises to analyze your department’s talent current and future needs and create a skill sourcing strategy to fill the gaps.

    • Workforce Planning Workbook for Small Enterprises

    3. Knowledge Transfer Tools – Use these templates to identify knowledge to be transferred.

    Work through an activity to discover key knowledge held by an employee and create a plan to transfer that knowledge to a successor.

    • IT Knowledge Identification Interview Guide Template
    • IT Knowledge Transfer Plan Template

    4. Development Planning Tools – Use these tools to determine priority development competencies.

    Assess employees’ development needs and draft a development plan that fits with key organizational priorities.

    • IT Competency Library
    • Leadership Competencies Workbook
    • IT Employee Career Development Workbook
    • Individual Competency Development Plan
    • Learning Methods Catalog for IT Employees

    Infographic

    Workshop: The Small Enterprise Guide to People and Resource Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Your Foundations

    The Purpose

    Set project direction and analyze workforce needs.

    Key Benefits Achieved

    Planful needs analysis ensures future workforce supports organizational goals.

    Activities

    1.1 Set workforce planning goals and success metrics.

    1.2 Identify key roles and competency gaps.

    1.3 Conduct a risk analysis to identify future needs.

    1.4 Determine readiness of internal successors.

    Outputs

    Work with the leadership team to:

    Extract key business priorities.

    Set your goals.

    Assess workforce needs.

    2 Create Your Workforce Plan

    The Purpose

    Conduct a skill sourcing analysis, and determine competencies to develop internally.

    Key Benefits Achieved

    A careful analysis ensures skills are being sourced in the most efficient way, and internal development is highly aligned with organizational objectives.

    Activities

    2.1 Determine your skill sourcing route.

    2.2 Determine priority competencies for development.

    Outputs

    Create a workforce plan.

    2.Determine guidelines for employee development.

    3 Plan Knowledge Transfer

    The Purpose

    Discover knowledge to be transferred, and build a transfer plan.

    Key Benefits Achieved

    Ensure key knowledge is not lost in the event of a departure.

    Activities

    3.1 Discover knowledge to be transferred.

    3.2 Identify the optimal knowledge transfer methods.

    3.3 Create a knowledge transfer plan.

    Outputs

    Discover tacit and explicit knowledge.

    Create a knowledge transfer roadmap.

    4 Plan Employee Development

    The Purpose

    Create a development plan for all staff.

    Key Benefits Achieved

    A well-structured development plan helps engage and retain employees while driving organizational objectives.

    Activities

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins.

    4.3 Build manager coaching skills.

    Outputs

    Assess employees.

    Prioritize development objectives.

    Plan development activities.

    Build management skills.

    Further reading

    The Small Enterprise Guide to People and Resource Management

    Quickly start getting the right people, with the right skills, at the right time

    Is this research right for you?

    Research Navigation

    Managing the people in your department is essential, whether you have three employees or 300. Depending on your available time, resources, and current workforce management maturity, you may choose to focus on the overall essentials, or dive deep into particular areas of talent management. Use the questions below to help guide you to the right Info-Tech resources that best align with your current needs.

    Question If you answered "no" If you answered "yes"

    Does your IT department have fewer than 15 employees, and is your organization's revenue less than $25 million (USD)?

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Follow the guidance in this blueprint.

    Does your organization require a more rigorous and customizable approach to workforce management?

    Follow the guidance in this blueprint.

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Analyst Perspective

    Workforce planning is even more important for small enterprises than large organizations.

    It can be tempting to think of workforce planning as a bureaucratic exercise reserved for the largest and most formal of organizations. But workforce planning is never more important than in small enterprises, where every individual accounts for a significant portion of your overall productivity.

    Without workforce planning, organizations find themselves in reactive mode, hiring new staff as the need arises. They often pay a premium for having to fill a position quickly or suffer productivity losses when a critical role goes unexpectedly vacant.

    A workforce plan helps you anticipate these challenges, come up with solutions to mitigate them, and allocate resources for the most impact, which means a greater return on your workforce investment in the long run.

    This blueprint will help you accomplish this quickly and efficiently. It will also provide you with the essential development and knowledge transfer tools to put your plan into action.

    This is a picture of Jane Kouptsova

    Jane Kouptsova
    Senior Research Analyst, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    52% of small business owners agree that labor quality is their most important problem.1

    Almost half of all small businesses face difficulty due to staff turnover.

    76% of executives expect the talent market to get even more challenging.2

    Common Obstacles

    76% of executives expect workforce planning to become a top strategic priority for their organization.2

    But…

    30% of small businesses do not have a formal HR function.3

    Small business leaders are often left at a disadvantage for hiring and retaining the best talent, and they face even more difficulty due to a lack of support from HR.

    Small enterprises must solve the strategic workforce planning problem, but they cannot invest the same time or resources that large enterprises have at their disposal.

    Info-Tech's Approach

    A modular, lightweight approach to workforce planning and talent management, tailored to small enterprises

    Clear activities that guide your team to decisive action

    Founded on your IT strategy, ensuring you have not just good people, but the right people

    Concise yet comprehensive, covering the entire workforce lifecycle from competency planning to development to succession planning and reskilling

    Info-Tech Insight

    Every resource counts. When one hire represents 10% of your workforce, it is essential to get it right.

    1CNBC & SurveyMonkey. 2ADP. 3Clutch.

    Labor quality is small enterprise's biggest challenge

    The key to solving it is strategic workforce planning

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in today's workforce, including pinpointing the human capital needs of the future.

    Linking workforce planning with strategic planning ensures that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    52%

    of small business owners agree that labor quality is their most important problem.1

    30%

    30% of small businesses have no formal HR function.2

    76%

    of senior leaders expect workforce planning to become the top strategic challenge for their organization.3

    1CNBC & SurveyMonkey. 2Clutch. 3ADP.

    Workforce planning matters more for small enterprises

    You know that staffing mistakes can cost your department dearly. But did you know the costs are greater for small enterprises?

    The price of losing an individual goes beyond the cost of hiring a replacement, which can range from 0.5 to 2 times that employee's salary (Gallup, 2019). Additional costs include loss of productivity, business knowledge, and team morale.

    This is a major challenge for large organizations, but the threat is even greater for small enterprises, where a single individual accounts for a large proportion of IT's productivity. Losing one of a team of 10 means 10% of your total output. If that individual was solely responsible for a critical function, your department now faces a significant gap in its capabilities. And the effect on morale is much greater when everyone is on the same close-knit team.

    And the threat continues when the staffing error causes you not to lose a valuable employee, but to hire the wrong one instead. When a single individual makes up a large percentage of your workforce, as happens on small teams, the effects of talent management errors are magnified.

    A group of 100 triangles is shown above a group of 10 triangles. In each group, one triangle is colored orange, and the rest are colored blue.

    Info-Tech Insight

    One bad hire on a team of 100 is a problem. One bad hire on a team of 10 is a disaster.

    This is an image of Info-Tech's small enterprise guide o people and resource management.

    Blueprint pre-step: Determine your starting point

    People and Resource management is essential for any organization. But depending on your needs, you may want to start at different stages of the process. Use this slide as a quick reference for how the activities in this blueprint fit together, how they relate to other workforce management resources, and the best starting point for you.

    Your IT strategy is an essential input to your workforce plan. It defines your destination, while your workforce is the vessel that carries you there. Ensure you have at least an informal strategy for your department before making major workforce changes, or review Info-Tech's guidance on IT strategy.

    This blueprint covers the parts of workforce management that occur to some extent in every organization:

    • Workforce planning
    • Knowledge transfer
    • Development planning

    You may additionally want to seek guidance on contract and vendor management, if you outsource some part of your workload outside your core IT staff.

    Track metrics

    Consider these example metrics for tracking people and resource management success

    Project Outcome Metric Baseline Target
    Reduced training costs Average cost of training (including facilitation, materials, facilities, equipment, etc.) per IT employee
    Reduced number of overtime hours worked Average hours billed at overtime rate per IT employee
    Reduced length of hiring period Average number of days between job ad posting and new hire start date
    Reduced number of project cancellations due to lack of capacity Total of number of projects cancelled per year
    Increased number of projects completed per year (project throughput) Total number of project completions per year
    Greater net recruitment rate Number of new recruits/Number of terminations and departures
    Reduced turnover and replacement costs Total costs associated with replacing an employee, including position coverage cost, training costs, and productivity loss
    Reduced voluntary turnover rate Number of voluntary departures/Total number of employees
    Reduced productivity loss following a departure or termination Team or role performance metrics (varies by role) vs. one year ago

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1:

    Scope requirements, objectives, and your specific challenges.

    Call #2: Assess current workforce needs.

    Call #4: Determine skill sourcing route.

    Call #6:

    Identify knowledge to be transferred.

    Call #8: Draft development goals and select activities.

    Call #3: Explore internal successor readiness.

    Call #5:Set priority development competencies.

    Call #7: Create a knowledge transfer plan.

    Call #9: Build managers' coaching & feedback skills.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 4 to 6 calls over the course of 3 to 4 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    1.Lay Your Foundations 2. Create Your Workforce Plan 3. Plan Knowledge Transfer 3. Plan Employee Development Next Steps and Wrap-Up (offsite)
    Activities

    1.1 Set workforce planning goals and success metrics

    1.2 Identify key roles and competency gaps

    1.3 Conduct a risk analysis to identify future needs

    1.4 Determine readiness of internal successors

    1.5 Determine your skill sourcing route

    1.6 Determine priority competencies for development

    3.1 Discover knowledge to be transferred

    3.2 Identify the optimal knowledge transfer methods

    3.3 Create a knowledge transfer plan

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins

    4.3 Build manager coaching skills

    Outcomes

    Work with the leadership team to:

    1. Extract key business priorities
    2. Set your goals
    3. Assess workforce needs

    Work with the leadership team to:

    1. Create a workforce plan
    2. Determine guidelines for employee development

    Work with staff and managers to:

    1. Discover tacit and explicit knowledge
    2. Create a knowledge transfer roadmap

    Work with staff and managers to:

    1. Assess employees
    2. Prioritize development objectives
    3. Plan development activities
    4. Build management skills

    Info-Tech analysts complete:

    1. Workshop report
    2. Workforce plan record
    3. Action plan

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Each onsite day is structured with group working sessions from 9-11 a.m. and 1:30-3:30 p.m. and includes Open Analyst Timeslots, where our facilitators are available to expand on scheduled activities, capture and compile workshop results, or review additional components from our comprehensive approach.

    This is a calendar showing days 1-4, and times from 8am-5pm

    Phase 1

    Workforce Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Human resource partner (if applicable)

    Additional Resources

    Workforce Planning Workbook for Small Enterprises

    Phase pre-step: Gather resources and participants

    1. Ensure you have an up-to-date IT strategy. If you don't have a formal strategy in place, ensure you are aware of the main organizational objectives for the next 3-5 years. Connect with executive stakeholders if necessary to confirm this information.
      If you are not sure of the organizational direction for this time frame, we recommend you consult Info-Tech's material on IT strategy first, to ensure your workforce plan is fully positioned to deliver value to the organization.
    2. Consult with your IT team and gather any documentation pertaining to current roles and skills. Examples include an org chart, job descriptions, a list of current tasks performed/required, a list of company competencies, and a list of outsourced projects.
    3. Gather the right participants. Most of the decisions in this section will be made by senior leadership, but you will also need input from front-line managers. Ensure they are available on an as-needed basis. If your organization has an HR partner, it can also be helpful to involve them in your workforce planning process.

    Formal workforce planning benefits even small teams

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in your workforce today and plan for the human capital needs of the future.

    Your workforce plan is an extension of your IT strategy, ensuring that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    The smaller the business, the more impact each individual's performance has on the overall success of the organization. When a given role is occupied by a single individual, the organization's performance in that function is determined wholly by one employee. Creating a workforce plan for a small team may seem excessive, but it ensures your organization is not unexpectedly hit with a critical competency gap.

    Right-size your workforce planning process to the size of your enterprise

    Small organizations are 2.2 times more likely to have effective workforce planning processes.1 Be mindful of the opportunities and risks for organizations of your size as you execute the project. How you build your workforce plan will not change drastically based on the size of your organization; however, the scope of your initiative, the size of your team, and the tactics you employ may vary.

    Small Organization

    Medium Organization

    Large Organization

    Project Opportunities

    • Project scope is much more manageable.
    • Communication and planning can be more manageable.
    • Fewer roles can clarify prioritization needs and promotability.
    • Project scope is more manageable.
    • Moderate budget for workforce planning initiatives is needed.
    • Communication and enforcement is easier.
    • Larger candidate pool to pull from.
    • Greater career path options for staff.
    • In-house expertise may be available

    Project Risks

    • Limited resources and time to execute the project.
    • In-house expertise is unlikely.
    • Competencies may be informal and not documented.
    • Limited overlap in responsibilities, resulting in fewer redundancies.
    • Limited staff with experience for the project.
    • Workforce planning may be a lower priority and difficult to generate buy-in for.
    • Requires more staff to manage workforce plan and execute initiatives.
    • Less collective knowledge on staff strengths may make career planning difficult.
    • Geographically dispersed business units make collaboration and communication difficult.

    1 McLean & Company Trends Report 2014

    1.1 Set project outcomes and success metrics

    1-3 hours

    1. As a group, brainstorm key pain points that the IT department experiences due to the lack of a workforce plan. Ask them to consider turnover, retention, training, and talent acquisition.
    2. Discuss any key themes that arise and brainstorm your desired project outcomes. Keep a record of these for future reference and to aid in stakeholder communication.
    3. Break into smaller groups (or if too small, continue as a single group):
      1. For each desired outcome, consider what metrics you could use to track progress. Keep your initial list of pain points in mind as you brainstorm metrics.
      2. Write each of the metric suggestions on a whiteboard and agree to track 3-5 metrics. Set targets for each metric. Consider the effort required to obtain and track the metric, as well as its reliability.
      3. Assign one individual for tracking the selected metrics. Following the meeting, that individual will be responsible for identifying the baseline and targets, and reporting on metrics progress.

    Input

    Output

    • List of workforce data available
    • List of workforce metrics to track the workforce plan's impact

    Materials

    Participants

    • Whiteboard/flip charts
    • Leadership team
    • Human resource partner (if applicable)

    1.2 Identify key roles and competency gaps

    1-3 hours

    1. As a group, identify all strategic, core, and supporting roles by reviewing the organizational chart:
      1. Strategic: What are the roles that must be filled by top performers and cannot be left vacant in order to meet strategic objectives?
      2. Core: What roles are important to drive operational excellence?
      3. Supporting: What roles are required for day-to-day work, but are low risk if the role is vacant for a period of time?
    2. Working individually or in small groups, have managers for each identified role define the level of competence required for the job. Consider factors such as:
      1. The difficulty or criticality of the tasks being performed
      2. The impact on job outcomes
      3. The impact on the performance of other employees
      4. The consequence of errors if the competency is not present
      5. How frequently the competency is used on the job
      6. Whether the competency is required when the job starts or can be learned or acquired on the job within the first six months
    3. Continue working individually and rate the level of proficiency of the current incumbent.
    4. As a group, review the assessment and make any adjustments.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Download the Workforce Planning Workbook for Small Enterprises

    1.2 Identify key roles and competency gaps

    Input Output
    • Org chart, job descriptions, list of current tasks performed/required, list of company competencies
    • List of competency gaps for key roles
    Materials Participants
    • Leadership team
    • Managers

    Conduct a risk-of-departure analysis

    A risk-of-departure analysis helps you plan for future talent needs by identifying which employees are most likely to leave the organization (or their current role).

    A risk analysis takes into account two factors: an employee's risk for departure and the impact of departure:

    Employees are high risk for departure if they:

    • Have specialized or in-demand skills (tenured employees are more likely to have this than recent hires)
    • Are nearing retirement
    • Have expressed career aspirations that extend outside your organization
    • Have hit a career development ceiling at your organization
    • Are disengaged
    • Are actively job searching
    • Are facing performance issues or dismissal OR promotion into a new role

    Employees are low risk for departure if they:

    • Are a new hire or new to their role
    • Are highly engaged
    • Have high potential
    • Are 5-10 years out from retirement

    If you are not sure where an employee stands with respect to leaving the organization, consider having a development conversation with them. In the meantime, consider them at medium risk for departure.

    To estimate the impact of departure, consider:

    • The effect of losing the employee in the near- and medium-term, including:
      • Impact on the organization, department, unit/team and projects
      • The cost (in time, resources, and productivity loss) to replace the individual
      • The readiness of internal successors for the role

    1.3 Conduct a risk analysis to identify future needs

    1-3 hours

    Preparation: Your estimation of whether key employees are at risk of leaving the organization will depend on what you know of them objectively (skills, age), as well as what you learn from development conversations. Ensure you collect all relevant information prior to conducting this activity. You may need to speak with employees' direct managers beforehand or include them in the discussion.

    • As a group, list all your current employees, and using the previous slide for guidance, rank them on two parameters: risk of departure and impact of departure, on a scale of low to high. Record your conclusions in a chart like the one on the right. (For a more in-depth risk assessment, use the "Risk Assessment Results" tab of the Key Roles Succession Planning Tool.)
    • Employees that fall in the "Mitigate" quadrant represent key at-risk roles with at least moderate risk and moderate impact. These are your succession planning priorities. Add these roles to your list of key roles and competency gaps, and include them in your workforce planning analysis.
    • Employees that fall in the "Manage" quadrants represent secondary priorities, which should be looked at if there is capacity after considering the "Mitigate" roles.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    This is an image of the Risk analysis for risk of departure to importance of departure.

    Info-Tech Insight

    Don't be afraid to rank most or all your staff as "high impact of departure." In a small enterprise, every player counts, and you must plan accordingly.

    1.3 Conduct a risk analysis to identify future needs

    Input Output
    • Employee data on competencies, skills, certifications, and performance. Input from managers from informal development conversations.
    • A list of first- and second-priority at-risk roles to carry forward into a succession planning analysis
    Materials Participants
    • Leadership team
    • Managers

    Determine your skill sourcing route

    The characteristics of need steer hiring managers to a preferred choice, while the marketplace analysis will tell you the feasibility of each option.

    Sourcing Options

    Preferred Options

    Final Choice

    four blue circles

    A right facing arrow

    Two blue circles A right facing arrow One blue circle
    State of the Marketplace

    State of the Marketplace

    Urgency: How soon do we need this skill? What is the required time-to-value?

    Criticality: How critical, i.e. core to business goals, are the services or systems that this skill will support?

    Novelty: Is this skill brand new to our workforce?

    Availability: How often, and at what hours, will the skill be needed?

    Durability: For how long will this skill be needed? Just once, or indefinitely for regular operations?

    Scarcity: How popular or desirable is this skill? Do we have a large enough talent pool to draw from? What competition are we facing for top talent?

    Cost: How much will it cost to hire vs. contract vs. outsource vs. train this skill?

    Preparedness: Do we have internal resources available to cultivate this skill in house?

    1.4 Determine your skill sourcing route

    1-3 hours

    1. Identify the preferred sourcing method as a group, starting with the most critical or urgent skill need on your list. Use the characteristics of need to guide your discussion. If more than one option seems adequate, carry several over to the next step.
    2. Consider the marketplace factors applicable to the skill in question and use these to narrow down to one final sourcing decision.
      1. If it is not clear whether a suitable internal candidate is available or ready, refer to the next activity for a readiness assessment.
    3. Be sure to document the rationale supporting your decision. This will ensure the decision can be clearly communicated to any stakeholders, and that you can review on your decision-making process down the line.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Info-Tech Insight

    Consider developing a pool of successors instead of pinning your hopes on just one person. A single pool of successors can be developed for either one key role that has specialized requirements or even multiple key roles that have generic requirements.

    Input

    Output

    • List of current and upcoming skill gaps
    • A sourcing decision for each skill

    Materials

    Participants

    • Leadership team
    • Human resource partner (if applicable)

    1.5 Determine readiness of internal successors

    1-3 hours

    1. As a group, and ensuring you include the candidates' direct managers, identify potential successors for the first role on your list.
    2. Ask how effectively the potential successor would serve in the role today. Review the competencies for the key role in terms of:
      1. Relationship-building skills
      2. Business skills
      3. Technical skills
      4. Industry-specific skills or knowledge
    3. Determine what competencies the succession candidate currently has and what must be learned. Be sure you know whether the candidate is open to a career change. Don't assume – if this is not clear, have a development conversation to ensure everyone is on the same page.
    4. Finally, determine how difficult it will be for the successor to acquire missing skills or knowledge, whether the resources are available to provide the required development, and how long it will take to provide it.
    5. As a group, decide whether training an internal successor is a viable option for the role in question, considering the successor's readiness and the characteristics of need for the role. If a clear successor is not readily apparent, consider:
      1. If the development of the successor can be fast-tracked, or if some requirements can be deprioritized and the successor provided with temporary support from other employees.
      2. If the role in question is being discussed because the current incumbent is preparing to leave, consider negotiating an arrangement that extends the incumbent's employment tenure.
    6. Record the decision and repeat for the next role on your list.

    Info-Tech Insight

    A readiness assessment helps to define not just development needs, but also any risks around the organization's ability to fill a key role.

    Input

    Output

    • List of roles for which you are considering training internally
    • Job descriptions and competency requirements for the roles
    • List of roles for which internal successors are a viable option

    Materials

    Participants

    • Leadership team
    • Candidates' direct managers, if applicable

    Use alternative work arrangements to gain time to prepare successors

    Alternative work arrangements are critical tools that employers can use to achieve a mutually beneficial solution that mitigates the risk of loss associated with key roles.

    Alternative work arrangements not only support employees who want to keep working, but more importantly, they allow the business to retain employees that are needed in key roles who are departure risks due to retirement.

    Viewing retirement as a gradual process can help you slow down skill loss in your organization and ensure you have sufficient time to train successors. Retiring workers are becoming increasingly open to alternative work arrangements. Among employed workers aged 50-75, more than half planned to continue working part-time after retirement.
    Source: Statistics Canada.

    Flexible work options are the most used form of alternative work arrangement

    A bar graph showing the percent of organizations who implemented alternate work arrangement, for Flexible work options; Contract based work; Part time roles; Graduated retirement programs; Part year jobs or job sharing; Increased PTO for employees over a certain age.

    Source: McLean & Company, N=44

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Flexible work options Employees work the same number of hours but have flexibility in when and where they work (e.g. from home, evenings). Employees who work fairly independently with no or few direct reports. Employee may become isolated or disconnected, impeding knowledge transfer methods that require interaction or one-on-one time.
    Contract-based work Working for a defined period of time on a specific project on a non-salaried or non-wage basis. Project-oriented work that requires specialized knowledge or skills. Available work may be sporadic or specific projects more intensive than the employee wants. Knowledge transfer must be built into the contractual arrangement.
    Part-time roles Half days or a certain number of days per week; indefinite with no end date in mind. Employees whose roles can be readily narrowed and upon whom people and critical processes are not dependent. It may be difficult to break a traditionally full-time job down into a part-time role given the size and nature of associated tasks.
    Graduated retirement Retiring employee has a set retirement date, gradually reducing hours worked per week over time. Roles where a successor has been identified and is available to work alongside the incumbent in an overlapping capacity while he or she learns. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Part-year jobs or job sharing Working part of the year and having the rest of the year off, unpaid. Project-oriented work where ongoing external relationships do not need to be maintained. The employee is unavailable for knowledge transfer activities for a large portion of the year. Another risk is that the employee may opt not to return at the end of the extended time off with little notice.
    Increased paid time off Additional vacation days upon reaching a certain age. Best used as recognition or reward for long-term service. This may be a particularly useful retention incentive in organizations that do not offer pension plans. The company may not be able to financially afford to pay for such extensive time off. If the role incumbent is the only one in the role, this may mean crucial work is not being done.
    Altered roles Concentration of a job description on fewer tasks that allows the employee to focus on his or her specific expertise. Roles where a successor has been identified and is available to work alongside the incumbent, with the incumbent's new role highly focused on mentoring. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Phase 2

    Knowledge Transfer

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership/management team
    • Incumbent & successor

    Additional Resources

    IT Knowledge Identification Interview Guide Template

    Knowledge Transfer Plan Template

    Determine your skill sourcing route

    Knowledge transfer plans have three key components that you need to complete for each knowledge source:

    Define what knowledge needs to be transferred

    Each knowledge source has unique information which needs to be transferred. Chances are you don't know what you don't know. The first step is therefore to interview knowledge sources to find out.

    Identify the knowledge receiver

    Depending on who the information is going to, the knowledge transfer tactic you employ will differ. Before deciding on the knowledge receiver and tactic, consider three key factors:

    • How will this knowledge be used in the future?
    • What is the next career step for the knowledge receiver?
    • Are the receiver and the source going to be in the same location?

    Identify which knowledge transfer tactics you will use for each knowledge asset

    Not all tactics are good in every situation. Always keep the "knowledge type" (information, process, skills, and expertise), knowledge sources' engagement level, and the knowledge receiver in mind as you select tactics.

    Don't miss tacit knowledge

    There are two basic types of knowledge: "explicit" and "tacit." Ensure you capture both to get a well-rounded overview of the role.

    Explicit Tacit
    • "What knowledge" – knowledge can be articulated, codified, and easily communicated.
    • Easily explained and captured – documents, memos, speeches, books, manuals, process diagrams, facts, etc.
    • Learn through reading or being told.
    • "How knowledge" – intangible knowledge from an individual's experience that is more from the process of learning, understanding, and applying information (insights, judgments, and intuition).
    • Hard to verbalize, and difficult to capture and quantify.
    • Learn through observation, imitation, and practice.

    Types of explicit knowledge

    Types of tacit knowledge

    Information Process Skills Expertise

    Specialized technical knowledge.

    Unique design capabilities/methods/models.

    Legacy systems, details, passwords.

    Special formulas/algorithms/ techniques/contacts.

    • Specialized research & development processes.
    • Proprietary production processes.
    • Decision-making processes.
    • Legacy systems.
    • Variations from documented processes.
    • Techniques for executing on processes.
    • Relationship management.
    • Competencies built through deliberate practice enabling someone to act effectively.
    • Company history and values.
    • Relationships with key stakeholders.
    • Tips and tricks.
    • Competitor history and differentiators.

    e.g. Knowing the lyrics to a song, building a bike, knowing the alphabet, watching a YouTube video on karate.

    e.g. Playing the piano, riding a bike, reading or speaking a language, earning a black belt in karate.

    Embed your knowledge transfer methods into day-to-day practice

    Multiple methods should be used to transfer as much of a person's knowledge as possible, and mentoring should always be one of them. Select your method according to the following criteria:

    Info-Tech Insight

    The more integrated knowledge transfer is in day-to-day activities, the more likely it is to be successful, and the lower the time cost. This is because real learning is happening at the same time real work is being accomplished.

    Type of Knowledge

    • Tacit knowledge transfer methods are often informal and interactive:
      • Mentoring
      • Multi-generational work teams
      • Networks and communities
      • Job shadowing
    • Explicit knowledge transfer methods tend to be more formal and one way:
      • Formal documentation of processes and best practices
      • Self-published knowledge bases
      • Formal training sessions
      • Formal interviews

    Incumbent's Preference/Successor's Preference

    Ensure you consult the employees, and their direct manager, on the way they are best prepared to teach and learn. Some examples of preferences include:

    1. Prefer traditional classroom learning, augmented with participation, critical reflection, and feedback.
    2. May get bored during formal training sessions and retain more during job shadowing.
    3. Prefer to be self-directed or self-paced, and highly receptive to e-learning and media.
    4. Prefer informal, incidental learning, tend to go immediately to technology or direct access to people. May have a short attention span and be motivated by instant results.
    5. May be uncomfortable with blogs and wikis, but comfortable with SharePoint.

    Cost

    Consider costs beyond the monetary. Some methods require an investment in time (e.g. mentoring), while others require an investment in technology (e.g. knowledge bases).

    The good news is that many supporting technologies may already exist in your organization or can be acquired for free.

    Methods that cost time may be difficult to get underway since employees may feel they don't have the time or must change the way they work.

    2.1 Create a knowledge transfer plan

    1-3 hours

    1. Working together with the current incumbent, brainstorm the key information pertaining to the role that you want to pass on to the successor. Use the IT Knowledge Identification Interview Guide Template to ensure you don't miss anything.
      • Consider key knowledge areas, including:
        • Specialized technical knowledge.
        • Specialized research and development processes.
        • Unique design capabilities/methods/models.
        • Special formulas/algorithms/techniques.
        • Proprietary production processes.
        • Decision-making criteria.
        • Innovative sales methods.
        • Knowledge about key customers.
        • Relationships with key stakeholders.
        • Company history and values.
      • Ask questions of both sources and receivers of knowledge to help determine the best knowledge transfer methods to use.
        • What is the nature of the knowledge? Explicit or tacit?
        • Why is it important to transfer?
        • How will the knowledge be used?
        • What knowledge is critical for success?
        • How will the users find and access it?
        • How will it be maintained and remain relevant and usable?
        • What are the existing knowledge pathways or networks connecting sources to recipients?
    2. Once the knowledge has been identified, use the information on the following slides to decide on the most appropriate methods. Be sure to consult the incumbent and successor on their preferences.
    3. Prioritize your list of knowledge transfer activities. It's important not to try to do too much too quickly. Focus on some quick wins and leverage the success of these initiatives to drive the project forward. Follow these steps as a guide:
      1. Take an inventory of all the tactics and techniques which you plan to employ. Eliminate redundancies where possible.
      2. Start your implementation with your highest risk role or knowledge item, using explicit knowledge transfer tactics. Interviews, use cases, and process mapping will give you some quick wins and will help gain momentum for the project.
      3. Then move forward to other tactics, the majority of which will require training and process design. Pick 1-2 other key tactics you would like to employ and build those out. For tactics that require resources or monetary investment, start with those that can be reused for multiple roles.

    Record your plan in the IT Knowledge Transfer Plan Template.

    Download the IT Knowledge Identification Interview Guide Template

    Download the Knowledge Transfer Plan Template

    Info-Tech Insight

    Wherever possible, ask employees about their personal learning styles. It's likely that a collaborative compromise will have to be struck for knowledge transfer to work well.

    2.1 Create a knowledge transfer plan

    Input

    Output

    • List of roles for which you need to transfer knowledge
    • Prioritized list of knowledge items and chosen transfer method

    Materials

    Participants

    • Leadership team
    • Incumbent
    • Successor

    Not every transfer method is effective for every type of knowledge

    Knowledge Type
    Tactic Explicit Tacit
    Information Process Skills Expertise
    Interviews Very Strong Strong Strong Strong
    Process Mapping Medium Very Strong Very Weak Very Weak
    Use Cases Medium Very Strong Very Weak Very Weak
    Job Shadow Very Weak Medium Very Strong Very Strong
    Peer Assist Strong Medium Very Strong Very Strong
    Action Review Medium Medium Strong Strong
    Mentoring Weak Weak Strong Very Strong
    Transition Workshop Strong Strong Strong Weak
    Storytelling Weak Weak Strong Very Strong
    Job Share Weak Weak Very Strong Very Strong
    Communities of Practice Strong Weak Very Strong Very Strong

    This table shows the relative strengths and weaknesses of each knowledge transfer tactic compared against four different knowledge types.

    Not all techniques are effective for all types of knowledge; it is important to use a healthy mixture of techniques to optimize effectiveness.

    Employees' engagement can impact knowledge transfer effectiveness

    Level of Engagement
    Tactic Disengaged/ Indifferent Almost Engaged - Engaged
    Interviews Yes Yes
    Process Mapping Yes Yes
    Use Cases Yes Yes
    Job Shadow No Yes
    Peer Assist Yes Yes
    Action Review Yes Yes
    Mentoring No Yes
    Transition Workshop Yes Yes
    Storytelling No Yes
    Job Share Maybe Yes
    Communities of Practice Maybe Yes

    When considering which tactics to employ, it's important to consider the knowledge holder's level of engagement. Employees who you would identify as being disengaged may not make good candidates for job shadowing, mentoring, or other tactics where they are required to do additional work or are asked to influence others.

    Knowledge transfer can be controversial for all employees as it can cause feelings of job insecurity. It's essential that motivations for knowledge transfer are communicated effectively.

    Pay particular attention to your communication style with disengaged and indifferent employees, communicate frequently, and tie communication back to what's in it for them.

    Putting disengaged employees in a position where they are mentoring others can be a risk, as their negativity could influence others not to participate, or it could negate the work you're doing to create a positive knowledge sharing culture.

    Employees' engagement can impact knowledge transfer effectiveness

    Effort by Stakeholder

    Tactic

    Business Analyst

    IT Manager

    Knowledge Holder

    Knowledge Receiver

    Interviews

    These tactics require the least amount of effort, especially for organizations that are already using these tactics for a traditional requirements gathering process.

    Medium

    N/A

    Low

    Low

    Process Mapping

    Medium

    N/A

    Low

    Low

    Use Cases

    Medium

    N/A

    Low

    Low

    Job Shadow

    Medium

    Medium

    Medium

    Medium

    Peer Assist

    Medium

    Medium

    Medium

    Medium

    Action Review

    These tactics generally require more involvement from IT management and the BA in tandem for preparation. They will also require ongoing effort for all stakeholders. It's important to gain stakeholder buy-in as it is key for success.

    Low

    Medium

    Medium

    Low

    Mentoring

    Medium

    High

    High

    Medium

    Transition Workshop

    Medium

    Low

    Medium

    Low

    Storytelling

    Medium

    Medium

    Low

    Low

    Job Share

    Medium

    High

    Medium

    Medium

    Communities of Practice

    High

    Medium

    Medium

    Medium

    Phase 3

    Development Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Employees

    Additional Resources

    Effective development planning hinges on robust performance management

    Your performance management framework is rooted in organizational goals and defines what it means to do any given role well.

    Your organization's priority competencies are the knowledge, skills and attributes that enable an employee to do the job well.

    Each individual's development goals are then aimed at building these priority competencies.

    Mission Statement

    To be the world's leading manufacturer and distributor of widgets.

    Business Goal

    To increase annual revenue by 10%.

    IT Department Objective

    To ensure reliable communications infrastructure and efficient support for our sales and development teams.

    Individual Role Objective

    To decrease time to resolution of support requests by 10% while maintaining quality.

    Info-Tech Insight

    Without a performance management framework, your employees cannot align their development with the organization's goals. For detailed guidance, see Info-Tech's blueprint Setting Meaningful Employee Performance Measures.

    What is a competency?

    The term "competency" refers to the collection of knowledge, skills, and attributes an employee requires to do a job well.

    Often organizations have competency frameworks that consist of core, leadership, and functional competencies.

    Core competencies apply to every role in the organization. Typically, they are tied to organizational values and business mission and/or vision.

    Functional competencies are at the department, work group, or job role levels. They are a direct reflection of the function or type of work carried out.

    Leadership competencies generally apply only to people managers in the organization. Typically, they are tied to strategic goals in the short to medium term

    Generic Functional
    • Core
    • Leadership
    • IT
    • Finance
    • Sales
    • HR

    Use the SMART model to make sure goals are reasonable and attainable

    S

    Specific: Be specific about what you want to accomplish. Think about who needs to be involved, what you're trying to accomplish, and when the goal should be met.

    M

    Measurable: Set metrics that will help to determine whether the goal has been reached.

    A

    Achievable: Ensure that you have both the organizational resources and employee capability to accomplish the goal.

    R

    Relevant: Goals must align with broader business, department, and development goals in order to be meaningful.

    T

    Time-bound: Provide a target date to ensure the goal is achievable and provide motivation.

    Example goal:

    "Learn Excel this summer."

    Problems:

    Not specific enough, not measurable enough, nor time bound.

    Alternate SMART goal:

    "Consult with our Excel expert and take the lead on creating an Excel tool in August."

    3.2 Identify target competencies & draft development goals

    1 hour

    Pre-work: Employees should come to the career conversation having done some self-reflection. Use Info-Tech's IT Employee Career Development Workbook to help employees identify their career goals.

    1. Pre-work: Managers should gather any data they have on the employee's current proficiency at key competencies. Potential sources include task-based assessments, performance ratings, supervisor or peer feedback, and informal conversation.

      Prioritize competencies. Using your list of priority organizational competencies, work with your employees to help them identify two to four competencies to focus on developing now and in the future. Use the Individual Competency Development Plan template to document your assessment and prioritize competencies for development. Consider the following questions for guidance:
      1. Which competencies are needed in my current role that I do not have full proficiency in?
      2. Which competencies are related to both my career interests and the organization's priorities?
      3. Which competencies are related to each other and could be developed together or simultaneously?
    2. Draft goals. Ask your employee to create a list of multiple simple goals to develop the competencies they have selected to work on developing over the next year. Identifying multiple goals helps to break development down into manageable chunks. Ensure goals are concrete, for example, if the competency is "communication skills," your development goals could be "presentation skills" and "business writing."
    3. Review goals:
      1. Ask why these areas are important to the employee.
      2. Share your ideas and why it is important that the employee develop in the areas identified.
      3. Ensure that the goals are realistic. They should be stretch goals, but they must be achievable. Use the SMART framework on the previous slide for guidance.

    Info-Tech Insight

    Lack of career development is the top reason employees leave organizations. Development activities need to work for both the organization and the employee's own development, and clearly link to advancing employees' careers either at the organization or beyond.

    Download the IT Employee Career Development Workbook

    Download the Individual Competency Development Plan

    3.2 Identify target competencies & draft development goals

    Input

    Output

    • Employee's career aspirations
    • List of priority organizational competencies
    • Assessment of employee's current proficiency
    • A list of concrete development goals

    Materials

    Participants

    • Employee
    • Direct manager

    Apply a blend of learning methods

    • Info-Tech recommends the 70-20-10 principle for learning and development, which places the greatest emphasis on learning by doing. This experiential learning is then supported by feedback from mentoring, training, and self-reflection.
    • Use the 70-20-10 principle as a guideline – the actual breakdown of your learning methods will need to be tailored to best suit your organization and the employee's goals.

    Spend development time and effort wisely:

    70%

    On providing challenging on-the-job opportunities

    20%

    On establishing opportunities for people to develop learning relationships with others, such as coaching and mentoring

    10%

    On formal learning and training programs

    Internal initiatives are a cost-effective development aid

    Internal Initiative

    What Is It?

    When to Use It

    Special Project

    Assignment outside of the scope of the day-to-day job (e.g. work with another team on a short-term initiative).

    As an opportunity to increase exposure and to expand skills beyond those required for the current job.

    Stretch Assignment

    The same projects that would normally be assigned, but in a shorter time frame or with a more challenging component.

    Employee is consistently meeting targets and you need to see what they're capable of.

    Training Others

    Training new or more junior employees on their position or a specific process.

    Employee wants to expand their role and responsibility and is proficient and positive.

    Team Lead On an Assignment

    Team lead for part of a project or new initiative.

    To prepare an employee for future leadership roles by increasing responsibility and developing basic managerial skills.

    Job Rotation

    A planned placement of employees across various roles in a department or organization for a set period of time.

    Employee is successfully meeting and/or exceeding job expectations in their current role.

    Incorporating a development objective into daily tasks

    What do we mean by incorporating into daily tasks?

    The next time you assign a project to an employee, you should also ask the employee to think about a development goal for the project. Try to link it back to their existing goals or have them document a new goal in their development plan.

    For example: A team of employees always divides their work in the same way. Their goal for their next project could be to change up the division of responsibility so they can learn each other's roles.

    Another example:

    "I'd like you to develop your ability to explain technical terms to a non-technical audience. I'd like you to sit down with the new employee who starts tomorrow and explain how to use all our software, getting them up and running."

    Info-Tech Insight

    Employees often don't realize that they are being developed. They either think they are being recognized for good work or they are resentful of the additional workload.

    You need to tell your employees that the activity you are asking them to do is intended to further their development.

    However, be careful not to sell mundane tasks as development opportunities – this is offensive and detrimental to engagement.

    Establish manager and employee accountability for following up

    Ensure that the employee makes progress in developing prioritized competencies by defining accountabilities:

    Tracking Progress

    Checking In

    Development Meetings

    Coaching & Feedback

    Employee accountability:

    • Employees need to keep track of what they learn.
    • Employees should take the time to reflect on their progress.

    Manager accountability:

    • Managers need to make the time for employees to reflect.

    Employee accountability:

    • Employees need to provide managers with updates and ask for help.

    Manager accountability:

    • Managers need to check in with employees to see if they need additional resources.

    Employee accountability:

    • Employees need to complete assessments again to determine whether they have made progress.

    Manager accountability:

    • Managers should schedule monthly meetings to discuss progress and identify next steps.

    Employee accountability:

    • Employees should ask their manager and colleagues for feedback after development activities.

    Manager accountability:

    • Managers can use both scheduled meetings and informal conversations to provide coaching and feedback to employees.

    3.3 Select development activities and schedule check-ins

    1-3 hours

    Pre-work: Employees should research potential development activities and come prepared with a range of suggestions.

    Pre-work: Managers should investigate options for employee development, such as internal training/practice opportunities for the employee's selected competencies and availability of training budget.

    1. Communicate your findings about internal opportunities and external training allowance to the employee. This can also be done prior to the meeting, to help guide the employee's own research. Address any questions or concerns.
    2. Review the employee's proposed list of activities, and identify priority ones based on:
      1. How effectively they support the development of priority competencies.
      2. How closely they match the employee's original goals.
      3. The learning methods they employ, and whether the chosen activities support a mix of different methods.
      4. The degree to which the employee will have a chance to practice new skills hands-on.
      5. The amount of time the activities require, balanced against the employee's work obligations.
    3. Guide the employee in selecting activities for the short and medium term. Establish an understanding that this list is tentative and subject to ongoing revision during future check-ins.
      1. If in doubt about whether the employee is over-committing, err on the side of fewer activities to start.
    4. Schedule a check-in for one month out to review progress and roadblocks, and to reaffirm priorities.
    5. Check-ins should be repeated regularly, typically once a month.

    Download the Learning Methods Catalog

    Info-Tech Insight

    Adopt a blended learning approach using a variety of techniques to effectively develop competencies. This will reinforce learning and accommodate different learning styles. See Info-Tech's Learning Methods Catalog for a description of popular experiential, relational, and formal learning methods.

    3.3 Select development activities and schedule check-ins

    Input

    Output

    • List of potential development activities (from employee)
    • List of organizational resources (from manager)
    • A selection of feasible development activities
    • Next check-in scheduled

    Materials

    Participants

    • Employee
    • Direct manager

    Tips for tricky conversations about development

    What to do if…

    Employees aren't interested in development:

    • They may have low aspiration for advancement.
    • Remind them about the importance of staying current in their role given increasing job requirements.
    • Explain that skill development will make their job easier and make them more successful at it; sell development as a quick and effective way to learn the skill.
    • Indicate your support and respond to concerns.

    Employees have greater aspiration than capability:

    • Explain that there are a number of skills and capabilities that they need to improve in order to move to the next level. If the specific skills were not discussed during the performance appraisal, do not hesitate to explain the improvements that you require.
    • Inform the employee that you want them to succeed and that by pushing too far and too fast they risk failure, which would not be beneficial to anyone.
    • Reinforce that they need to do their current job well before they can be considered for promotion.

    Employees are offended by your suggestions:

    • Try to understand why they are offended. Before moving forward, clarify whether they disagree with the need for development or the method by which you are recommending they be developed.
    • If it is because you told them they had development needs, then reiterate that this is about helping them to become better and that everyone has areas to develop.
    • If it is about the development method, discuss the different options, including the pros and cons of each.

    Coaching and feedback skills help managers guide employee development

    Coaching and providing feedback are often confused. Managers often believe they are coaching when they are just giving feedback. Learn the difference and apply the right approach for the right situation.

    What is coaching?

    A conversation in which a manager asks questions to guide employees to solve problems themselves.

    Coaching is:

    • Future-focused
    • Collaborative
    • Geared toward growth and development

    What is feedback?

    Information conveyed from the manager to the employee about their performance.

    Feedback is:

    • Past-focused
    • Prescriptive
    • Geared toward behavior and performance

    Info-Tech Insight

    Don't forget to develop your managers! Ensure coaching, feedback, and management skills are part of your management team's development plan.

    Understand the foundations of coaching to provide effective development coaching:

    Knowledge Mindset Relationship
    • Understand what coaching is and how to apply it:
    • Identify when to use coaching, feedback, or other people management practices, and how to switch between them.
    • Know what coaching can and cannot accomplish.
    • When focusing on performance, guide an employee to solve problems related to their work. When focusing on development, guide an employee to reach their own development goals.
    • Adopt a coaching mindset by subscribing to the following beliefs:
    • Employees want to achieve higher performance and have the potential to do so.
    • Employees have a unique and valuable perspective to share of the challenges they face as well as the possible solutions.
    • Employees should be empowered to realize solutions themselves to motivate them in achieving goals.
    • Develop a relationship of trust between managers and employees:
    • Create an environment of psychological safety where employees feel safe to be open and honest.
    • Involve employees in decision making and inform employees often.
    • Invest in employees' success.
    • Give and expect candor.
    • Embrace failure.

    Apply the "4A" behavior-focused coaching model

    Using a model allows every manager, even those with little experience, to apply coaching best practices effectively.

    Actively Listen

    Ask

    Action Plan

    Adapt

    Engage with employees and their message, rather than just hearing their message.

    Key active listening behaviors:

    • Provide your undivided attention.
    • Observe both spoken words and body language.
    • Genuinely try to understand what the employee is saying.
    • Listen to what is being said, then paraphrase back what you heard.

    Ask thoughtful, powerful questions to learn more information and guide employees to uncover opportunities and/or solutions.

    Key asking behaviors:

    • Ask open-ended questions.
    • Ask questions to learn something you didn't already know.
    • Ask for reasoning (the why).
    • Ask "what else?"

    Hold employees and managers accountable for progress and results.

    During check-ins, review each development goal to ensure employees are meeting their targets.

    Key action planning behaviors:

    Adapt to individual employees and situations.

    Key adapting behaviors:

    • Recognize employees' unique characteristics.
    • Appreciate the situation at hand and change your behavior and communication in order to best support the individual employee.

    Use the following questions to have meaningful coaching conversations

    Opening Questions

    • What's on your mind?
    • Do you feel you've had a good week/month?
    • What is the ideal situation?
    • What else?

    Problem-Identifying Questions

    • What is most important here?
    • What is the challenge here for you?
    • What is the real challenge here for you?
    • What is getting in the way of you achieving your goal?

    Problem-Solving Questions

    • What are some of the options available?
    • What have you already tried to solve this problem? What worked? What didn't work?
    • Have you considered all the possibilities?
    • How can I help?

    Next-Steps Questions

    • What do you need to do, and when, to achieve your goal?
    • What resources are there to help you achieve your goal? This includes people, tools, or even resources outside our organization.
    • How will you know when you have achieved your goal? What does success look like?

    The purpose of asking questions is to guide the conversation and learn something you didn't already know. Choose the questions you ask based on the flow of the conversation and on what information you would like to uncover. Approach the answers you get with an open mind.

    Info-Tech Insight

    Avoid the trap of "hidden agenda" questions, whose real purpose is to offer your own advice.

    Use the following approach to give effective feedback

    Provide the feedback in a timely manner

    • Plan the message you want to convey.
    • Provide feedback "just-in-time."
    • Ensure recipient is not preoccupied.
    • Try to balance the feedback; refer to successful as well as unsuccessful behavior.

    Communicate clearly, using specific examples and alternative behaviors

    • Feedback must be honest and helpful.
    • Be specific and give a recent example.
    • Be descriptive, not evaluative.
    • Relate feedback to behaviors that can be changed.
    • Give an alternative positive behavior.

    Confirm their agreement and understanding

    • Solicit their thoughts on the feedback.
    • Clarify if not understood; try another example.
    • Confirm recipient understands and accepts the feedback.

    Manager skill is crucial to employee development

    Development is a two-way street. This means that while employees are responsible for putting in the work, managers must enable their development with support and guidance. The latter is a skill, which managers must consciously cultivate.

    For more in-depth management skills development, see the Info-Tech "Build a Better Manager" training resources:

    Bibliography

    Anderson, Kelsie. "Is Your IT Department Prepared for the 4 Biggest Challenges of 2017?" 14 June 2017.
    Atkinson, Carol, and Peter Sandiford. "An Exploration of Older Worker Flexible Working Arrangements in Smaller Firms." Human Resource Management Journal, vol. 26, no. 1, 2016, pp. 12–28. Wiley Online Library.
    BasuMallick, Chiradeep. "Top 8 Best Practices for Employee Cross-Training." Spiceworks, 15 June 2020.
    Birol, Andy. "4 Ways You Can Succeed With a Staff That 'Wears Multiple Hats.'" The Business Journals, 26 Nov. 2013.
    Bleich, Corey. "6 Major Benefits To Cross-Training Employees." EdgePoint Learning, 5 Dec. 2018.
    Cancialosi, Chris. "Cross-Training: Your Best Defense Against Indispensable Employees." Forbes, 15 Sept. 2014.
    Cappelli, Peter, and Anna Tavis. "HR Goes Agile." Harvard Business Review, Mar. 2018.
    Chung, Kai Li, and Norma D'Annunzio-Green. "Talent Management Practices of SMEs in the Hospitality Sector: An Entrepreneurial Owner-Manager Perspective." Worldwide Hospitality and Tourism Themes, vol. 10, no. 4, Jan. 2018.
    Clarkson, Mary. Developing IT Staff: A Practical Approach. Springer Science & Business Media, 2012.
    "CNBC and SurveyMonkey Release Latest Small Business Survey Results." Momentive, 2019. Press Release. Accessed 6 Aug. 2020.
    Cselényi, Noémi. "Why Is It Important for Small Business Owners to Focus on Talent Management?" Jumpstart:HR | HR Outsourcing and Consulting for Small Businesses and Startups, 25 Mar. 2013.
    dsparks. "Top 10 IT Concerns for Small Businesses." Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support, 16 May 2017.
    Duff, Jimi. "Why Small to Mid-Sized Businesses Need a System for Talent Management | Talent Management Blog | Saba Software." Saba, 17 Dec. 2018.
    Employment and Social Development Canada. "Age-Friendly Workplaces: Promoting Older Worker Participation." Government of Canada, 3 Oct. 2016.
    Exploring Workforce Planning. Accenture, 23 May 2017.
    "Five Major IT Challenges Facing Small and Medium-Sized Businesses." Advanced Network Systems. Accessed 25 June 2020.
    Harris, Evan. "IT Problems That Small Businesses Face." InhouseIT, 17 Aug. 2016.
    Heathfield, Susan. "What Every Manager Needs to Know About Succession Planning." Liveabout, 8 June 2020.
    ---. "Why Talent Management Is an Important Business Strategy." Liveabout, 29 Dec. 2019.
    Herbert, Chris. "The Top 5 Challenges Facing IT Departments in Mid-Sized Companies." ExpertIP, 25 June 2012.
    How Smaller Organizations Can Use Talent Management to Accelerate Growth. Avilar. Accessed 25 June 2020.
    Krishnan, TN, and Hugh Scullion. "Talent Management and Dynamic View of Talent in Small and Medium Enterprises." Human Resource Management Review, vol. 27, no. 3, Sept. 2017, pp. 431–41.
    Mann Jackson, Nancy. "Strategic Workforce Planning for Midsized Businesses." ADP, 6 Feb. 2017.
    McCandless, Karen. "A Beginner's Guide to Strategic Talent Management (2020)." The Blueprint, 26 Feb. 2020.
    McFeely, Shane, and Ben Wigert. "This Fixable Problem Costs U.S. Businesses $1 Trillion." Gallup.com, 13 Mar. 2019.
    Mihelič, Katarina Katja. Global Talent Management Best Practices for SMEs. Jan. 2020.
    Mohsin, Maryam. 10 Small Business Statistics You Need to Know in 2020 [May 2020]. 4 May 2020.
    Ramadan, Wael H., and B. Eng. The Influence of Talent Management on Sustainable Competitive Advantage of Small and Medium Sized Establishments. 2012, p. 15.
    Ready, Douglas A., et al. "Building a Game-Changing Talent Strategy." Harvard Business Review, no. January–February 2014, Jan. 2014.
    Reh, John. "Cross-Training Employees Strengthens Engagement and Performance." Liveabout, May 2019.
    Rennie, Michael, et al. McKinsey on Organization: Agility and Organization Design. McKinsey, May 2016.
    Roddy, Seamus. "The State of Small Business Employee Benefits in 2019." Clutch, 18 Apr. 2019.
    SHRM. "Developing Employee Career Paths and Ladders." SHRM, 28 Feb. 2020.
    Strandberg, Coro. Sustainability Talent Management: The New Business Imperative. Strandberg Consulting, Apr. 2015.
    Talent Management for Small & Medium-Size Businesses. Success Factors. Accessed 25 June 2020.
    "Top 10 IT Challenges Facing Small Business in 2019." Your IT Department, 8 Jan. 2019.
    "Why You Need Workforce Planning." Workforce.com, 24 Oct. 2022.

    Deliver Digital Products at Scale

    • Buy Link or Shortcode: {j2store}156|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $86,499 Average $ Saved
    • member rating average days saved: 53 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Products are the lifeblood of an organization. They provide the capabilities the business needs to deliver value to both internal and external customers and stakeholders.
    • Product organizations are expected to continually deliver evolving value to the overall organization as they grow.
    • You need to clearly convey the direction and strategy of a broad product portfolio to gain alignment, support, and funding from your organization.

    Our Advice

    Critical Insight

    • Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that improve end-user value and enterprise alignment.
    • Your organizational goals and strategy are achieved through capabilities that deliver value. Your product hierarchy is the mechanism to translate enterprise goals, priorities, and constraints down to the product level where changes can be made.
    • Recognize that each product owner represents one of three primary perspectives: business, technical, and operational. Although all share the same capabilities, how they approach their responsibilities is influenced by their perspective.
    • The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.
    • Your product family roadmap and product roadmap tell different stories. The product family roadmap represents the overall connection of products to the enterprise strategy, while the product roadmap focuses on the fulfillment of the product’s vision.
    • Although products can be delivered with any software development lifecycle, methodology, delivery team structure, or organizational design, high-performing product teams optimize their structure to fit the needs of product and product family delivery.

    Impact and Result

    • Understand the importance of product families for scaling product delivery.
    • Define products in your context and organize products into operational families.
    • Use product family roadmaps to align product roadmaps to enterprise goals and priorities.
    • Evaluate the different approaches to improve your product family delivery pipelines and milestones.

    Deliver Digital Products at Scale Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should define enterprise product families to scale your product delivery capability, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Become a product-centric organization

    Define products in your organization’s context and explore product families as a way to organize products at scale.

    • Deliver Digital Products at Scale – Phase 1: Become a Product-Centric Organization
    • Deliver Digital Products at Scale Workbook
    • Digital Product Family Strategy Playbook

    2. Organize products into product families

    Identify an approach to group the inventory of products into one or more product families.

    • Deliver Digital Products at Scale – Phase 2: Organize Products Into Product Families

    3. Ensure alignment between products and families

    Confirm alignment between your products and product families via the product family roadmap and a shared definition of delivered value.

    • Deliver Digital Products at Scale – Phase 3: Ensure Alignment Between Products and Families

    4. Bridge the gap between product families and delivery

    Agree on a delivery approach that best aligns with your product families.

    • Deliver Digital Products at Scale – Phase 4: Bridge the Gap Between Product Families and Delivery
    • Deliver Digital Products at Scale Readiness Assessment

    5. Build your transformation roadmap and communication plan

    Define your communication plan and transformation roadmap for transitioning to delivering products at the scale of your organization.

    • Deliver Digital Products at Scale – Phase 5: Transformation Roadmap and Communication

    Infographic

    Workshop: Deliver Digital Products at Scale

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Become a Product-Centric Organization

    The Purpose

    Define products in your organization’s context and explore product families as a way to organize products at scale.

    Key Benefits Achieved

    An understanding of the case for product practices

    A concise definition of products and product families

    Activities

    1.1 Understand your organizational factors driving product-centric delivery.

    1.2 Establish your organization’s product inventory.

    1.3 Determine your approach to scale product families.

    Outputs

    Organizational drivers and goals for a product-centric delivery

    Definition of product

    Product scaling principles

    Scaling approach and direction

    Pilot list of products to scale

    2 Organize Products Into Product Families

    The Purpose

    Identify a suitable approach to group the inventory of products into one or more product families.

    Key Benefits Achieved

    A scaling approach for products that fits your organization

    Activities

    2.1 Define your product families.

    Outputs

    Product family mapping

    Enabling applications

    Dependent applications

    Product family canvas

    3 Ensure Alignment Between Products and Families

    The Purpose

    Confirm alignment between your products and product families via the product family roadmap and a shared definition of delivered value.

    Key Benefits Achieved

    Recognition of the product family roadmap and a shared definition of value as key concepts to maintain alignment between your products and product families

    Activities

    3.1 Leverage product family roadmaps.

    3.2 Use stakeholder management to improve roadmap communication.

    3.3 Configure your product family roadmaps.

    3.4 Confirm product family to product alignment.

    Outputs

    Current approach for communication of product family strategy

    List of product family stakeholders and a prioritization plan for communication

    Defined key pieces of a product family roadmap

    An approach to confirming alignment between products and product families through a shared definition of business value

    4 Bridge the Gap Between Product Families and Delivery

    The Purpose

    Agree on the delivery approach that best aligns with your product families.

    Key Benefits Achieved

    An understanding of the team configuration and operating model required to deliver value through your product families

    Activities

    4.1 Assess your organization’s delivery readiness.

    4.2 Understand your delivery options.

    4.3 Determine your operating model.

    4.4 Identify how to fund product delivery.

    4.5 Learn how to introduce your digital product family strategy.

    4.6 Communicate changes on updates to your strategy.

    4.7 Determine your next steps.

    Outputs

    Assessment results on your organization’s delivery maturity

    A preferred approach to structuring product delivery

    Your preferred operating model for delivering product families

    Understanding of your preferred approach for product family funding

    Product family transformation roadmap

    Your plan for communicating your roadmap

    List of actionable next steps to start on your journey

    5 Advisory: Next Steps and Wrap-Up (offsite)

    The Purpose

    Implement your communication plan and transformation roadmap for transitioning to delivering products at the scale of your organization.

    Key Benefits Achieved

    New product family organization and supporting product delivery approach

    Activities

    5.1 Execute communication plan and product family changes.

    5.2 Review the pilot family implementation and update the transformation roadmap.

    5.3 Begin advisory calls for related blueprints.

    Outputs

    Organizational communication of product families and product family roadmaps

    Product family implementation and updated transformation roadmap

    Support for product owners, backlog and roadmap management, and other topics

    Further reading

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    Analyst Perspective

    Product families align enterprise goals to product changes and value realization.

    A picture of Info-Tech analyst Banu Raghuraman. A picture of Info-Tech analyst Ari Glaizel. A picture of Info-Tech analyst Hans Eckman

    Our world is changing faster than ever, and the need for business agility continues to grow. Organizations are shifting from long-term project delivery to smaller, iterative product delivery models to be able to embrace change and respond to challenges and opportunities faster.

    Unfortunately, many organizations focus on product delivery at the tactical level. Product teams may be individually successful, but how well are their changes aligned to division and enterprise goals and priorities?

    Grouping products into operationally aligned families is key to delivering the right value to the right stakeholders at the right time.

    Product families translate enterprise goals, constraints, and priorities down to the individual product level so product owners can make better decisions and more effectively manage their roadmaps and backlogs. By scaling products into families and using product family roadmaps to align product roadmaps, product owners can deliver the capabilities that allow organizations to reach their goals.

    In this blueprint, we’ll provide the tools and guidance to help you define what “product” means to your organization, use scaling patterns to build product families, align product and product family roadmaps, and identify impacts to your delivery and organizational design models.

    Banu Raghuraman, Ari Glaizel, and Hans Eckman

    Applications Practice

    Info-Tech Research Group

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    • Products are the lifeblood of an organization. They deliver the capabilities needed to deliver value to customers, internal users, and stakeholders.
    • The shift to becoming a product organization is intended to continually increase the value you provide to the broader organization as you grow and evolve.
    • You need to clearly convey the direction and strategy of your product portfolio to gain alignment, support, and funding from your organization.

    Common Obstacles

    • IT organizations are traditionally organized to deliver initiatives in specific periods of time. This conflicts with product delivery, which continuously delivers value over the lifetime of a product.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
    • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.

    Info-Tech’s Approach

    Info-Tech’s approach will guide you through:

    • Understanding the importance of product families in scaling product delivery.
    • Defining products in your context and organizing products into operational families.
    • Using product family roadmaps to align product roadmaps to enterprise goals and priorities.
    • Evaluating the different approaches to improve your product family delivery pipelines and milestones.

    Info-Tech Insight

    Changes can only be made at the individual product or service level. To achieve enterprise goals and priorities, organizations needed to organize and scale products into operational families. This structure allows product managers to translate goals and constraints to the product level and allows product owners to deliver changes that support enabling capabilities. In this blueprint, we’ll help you define your products, scale them using the best patterns, and align your roadmaps and delivery models to improve throughput and value delivery.

    Info-Tech’s approach

    Operationally align product delivery to enterprise goals

    A flowchart is shown on how to operationally align product delivery to enterprise goals.

    The Info-Tech difference:

    1. Start by piloting product families to determine which approaches work best for your organization.
    2. Create a common definition of what a product is and identify products in your inventory.
    3. Use scaling patterns to build operationally aligned product families.
    4. Develop a roadmap strategy to align families and products to enterprise goals and priorities.
    5. Use products and families to evaluate delivery and organizational design improvements.

    Deliver Digital Products at Scale via Enterprise Product Families

    An infographic on the Enterprise Product Families is shown.

    Product does not mean the same thing to everyone

    Do not expect a universal definition of products.

    Every organization and industry has a different definition of what a product is. Organizations structure their people, processes, and technologies according to their definition of the products they manage. Conflicting product definitions between teams increase confusion and misalignment of product roadmaps.

    “A product [is] something (physical or not) that is created through a process and that provides benefits to a market.”

    - Mike Cohn, Founding Member of Agile Alliance and Scrum Alliance

    “A product is something ... that is created and then made available to customers, usually with a distinct name or order number.”

    - TechTarget

    “A product is the physical object ... , software or service from which customer gets direct utility plus a number of other factors, services, and perceptions that make the product useful, desirable [and] convenient.”

    - Mark Curphey

    Organizations need a common understanding of what a product is and how it pertains to the business. This understanding needs to be accepted across the organization.

    “There is not a lot of guidance in the industry on how to define [products]. This is dangerous because what will happen is that product backlogs will be formed in too many areas. All that does is create dependencies and coordination across teams … and backlogs.”

    – Chad Beier, "How Do You Define a Product?” Scrum.org

    What is a product?

    “A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.”

    Info-Tech Insight

    A proper definition of product recognizes three key facts:

    1. Products are long-term endeavors that don’t end after the project finishes.
    2. Products are not just “apps” but can be software or services that drive the delivery of value.
    3. There is more than one stakeholder group that derives value from the product or service.

    Products and services share the same foundation and best practices

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. Product is used for consistency but would apply to services as well.

    Product = Service

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Recognize the different product owner perspectives

    Business:

    • Customer facing, revenue generating

    Technical:

    • IT systems and tools

    Operations:

    • Keep the lights on processes

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Info-Tech Insight

    Recognize that product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their perspective.

    “A Product Owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The Product Owner is someone who really 'owns' the product.”

    – Robbin Schuurman, “Tips for Starting Product Owners”

    Identify the differences between a project-centric and a product-centric organization

    Project

    Product

    Fund projects

    Funding

    Fund products or teams

    Line of business sponsor

    Prioritization

    Product owner

    Makes specific changes to a product

    Product management

    Improve product maturity and support

    Assign people to work

    Work allocation

    Assign work to product teams

    Project manager manages

    Capacity management

    Team manages capacity

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    Projects can be a mechanism for delivering product changes and improvements

    A flowchart is shown to demonstrate the difference between project lifecycle, hybrid lifecycle and product lifecycle.

    Projects within products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply. The purpose of projects is to deliver the scope of a product release. The shift to product delivery leverages a product roadmap and backlog as the mechanism for defining and managing the scope of the release. Eventually, teams progress to continuous integration/continuous delivery (CI/CD) where they can release on demand or as scheduled, requiring org change management.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    An image is shown to demonstrate the relationship between the product backlog and the product roadmap.

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    An example of a product roadmap is shown to demonstrate how it is the core to value realization.

    Adapted from: Pichler, "What Is Product Management?""

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    Use Agile DevOps principles to expedite product-centric delivery and management

    Delivering products does not necessarily require an Agile DevOps mindset. However, Agile methods facilitate the journey because product thinking is baked into them.

    A flowchart is shown to demonstrate the product deliery maturity and the Agile DevOps used.
    Based on: Ambysoft, 2018

    Organizations start with Waterfall to improve the predictable delivery of product features.

    Iterative development shifts the focus from delivery of features to delivery of user value.

    Agile further shifts delivery to consider ROI. Often, the highest-value backlog items aren’t the ones with the highest ROI.

    Lean and DevOps improve your delivery pipeline by providing full integration between product owners, development teams, and operations.

    CI/CD reduces time in process by allowing release on demand and simplifying release and support activities.

    Although teams will adopt parts of all these stages during their journey, it isn’t until you’ve adopted a fully integrated delivery chain that you’ve become product centric.

    Scale products into related families to improve value delivery and alignment

    Defining product families builds a network of related products into coordinated value delivery streams.

    A flowchart is shown to demonstrate the relations between product family and the delivery streams.

    “As with basic product management, scaling an organization is all about articulating the vision and communicating it effectively. Using a well-defined framework helps you align the growth of your organization with that of the company. In fact, how the product organization is structured is very helpful in driving the vision of what you as a product company are going to do.”

    – Rich Mironov, Mironov Consulting

    Product families translate enterprise goals into value-enabling capabilities

    A flowchart is shown to demonstrate the relationship between enterprise strategy and enabling capabilities.

    Info-Tech Insight

    Your organizational goals and strategy are achieved through capabilities that deliver value. Your product hierarchy is the mechanism to translate enterprise goals, priorities, and constraints down to the product level where changes can be made.

    Arrange product families by operational groups, not solely by your org chart

    A flowchart is shown to demonstrate how to arrange product families by operational groups.

    1. To align product changes with enterprise goals and priorities, you need to organize your products into operational groups based on the capabilities or business functions the product and family support.

    2. Product managers translate these goals, priorities, and constraints into their product families, so they are actionable at the next level, whether that level is another product family or products implementing enhancements to meet these goals.

    3. The product family manager ensures that the product changes enhance the capabilities that allow you to realize your product family, division, and enterprise goals.

    4. Enabling capabilities realize value and help reach your goals, which then drives your next set of enterprise goals and strategy.

    Approach alignment from both directions, validating by the opposite way

    Defining your product families is not a one-way street. Often, we start from either the top or the bottom depending on our scaling principles. We use multiple patterns to find the best arrangement and grouping of our products and families.

    It may be helpful to work partway, then approach your scaling from the opposite direction, meeting in the middle. This way you are taking advantage of the strengths in both approaches.

    Once you have your proposed structure, validate the grouping by applying the principles from the opposite direction to ensure each product and family is in the best starting group.

    As the needs of your organization change, you may need to realign your product families into your new business architecture and operational structure.

    A top-down alignment example is shown.

    When to use: You have a business architecture defined or clear market/functional grouping of value streams.

    A bottom-up alignment example is shown.

    When to use: You are starting from an Application Portfolio Management application inventory to build or validate application families.

    Leverage patterns for scaling products

    Organizing your products and families is easier when leveraging these grouping patterns. Each is explained in greater detail on the following slides

    Value Stream Alignment

    Enterprise Applications

    Shared Services

    Technical

    Organizational Alignment

    • Business architecture
      • Value stream
      • Capability
      • Function
    • Market/customer segment
    • Line of business (LoB)
    • Example: Customer group > value stream > products
    • Enabling capabilities
    • Enterprise platforms
    • Supporting apps
    • Example: HR > Workday/Peoplesoft > ModulesSupporting: Job board, healthcare administrator
    • Organization of related services into service family
    • Direct hierarchy does not necessarily exist within the family
    • Examples: End-user support and ticketing, workflow and collaboration tools
    • Domain grouping of IT infrastructure, platforms, apps, skills, or languages
    • Often used in combination with Shared Services grouping or LoB-specific apps
    • Examples: Java, .NET, low-code, database, network
    • Used at higher levels of the organization where products are aligned under divisions
    • Separation of product managers from organizational structure no longer needed because the management team owns product management role

    Leverage the product family roadmap for alignment

    It’s more than a set of colorful boxes. It’s the map to align everyone to where you are going.

    Your product family roadmap

      ✓ Lays out a strategy for your product family.

      ✓ Is a statement of intent for your family of products.

      ✓ Communicates direction for the entire product family and product teams.

      ✓ Directly connects to the organization’s goals.

    However, it is not:

      x Representative of a hard commitment.

      x A simple combination of your current product roadmaps.

    Before connecting your family roadmap to products, think about what each roadmap typically presents

    An example of a product family roadmap is shown and how it can be connected to the products.

    Info-Tech Insight

    Your product family roadmap and product roadmap tell different stories. The product family roadmap represents the overall connection of products to the enterprise strategy, while the product roadmap focuses on the fulfillment of the product’s vision.

    Product family roadmaps are more strategic by nature

    While individual product roadmaps can be different levels of tactical or strategic depending on a variety of market factors, your options are more limited when defining roadmaps for product families.

    Product

    TACTICAL

    A roadmap that is technical, committed, and detailed.

    Product Family

    STRATEGIC

    A roadmap that is strategic, goal based, high level, and flexible.

    Info-Tech Insight

    Roadmaps for your product family are, by design, less detailed. This does not mean they aren’t actionable! Your product family roadmap should be able to communicate clear intentions around the future delivery of value in both the near and long term.

    Consider volatility when structuring product family roadmaps

    A roadmap is shown without any changes.

    There is no such thing as a roadmap that never changes.

    Your product family roadmap represents a broad statement of intent and high-level tactics to get closer to the organization’s goals.

    A roadmap is shown with changes.

    All good product family roadmaps embrace change!

    Your strategic intentions are subject to volatility, especially those planned further in the future. The more costs you incur in planning, the more you leave yourself exposed to inefficiency and waste if those plans change.

    Info-Tech Insight

    A good product family roadmap is intended to manage and communicate the inevitable changes as a result of market volatility and changes in strategy.

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    PRODUCT STRATEGY

    What are the artifacts?

    What are you saying?

    Defined at the family level?

    Defined at the product level?

    Vision

    I want to...

    Strategic focus

    Delivery focus

    Goals

    To get there we need to...

    Roadmap

    To achieve our goals, we’ll deliver...

    Backlog

    The work will be done in this order...

    Release Plan

    We will deliver in the following ways...

    Typical elements of a product family roadmap

    While there are others, these represent what will commonly appear across most family-based roadmaps.

    An example is shown to highlight the typical elements of a product family roadmap.

    GROUP/CATEGORY: Groups are collections of artifacts. In a product family context, these are usually product family goals, value streams, or products.

    ARTIFACT: An artifact is one of many kinds of tangible by-products produced during the delivery of products. For a product family, the artifacts represented are capabilities or value streams.

    MILESTONE: Points in the timeline when established sets of artifacts are complete. This is a critical tool in the alignment of products in a given family.

    TIME HORIZON: Separated periods within the projected timeline covered by the roadmap.

    Connecting your product family roadmaps to product roadmaps

    Your product and product family roadmaps should be connected at an artifact level that is common between both. Typically, this is done with capabilities, but it can be done at a more granular level if an understanding of capabilities isn’t available.

    An example is shown on how the product family roadmpas can be connected to the product roadmaps.

    Multiple roadmap views can communicate differently, yet tell the same truth

    Audience

    Business/ IT Leaders

    Users/Customers

    Delivery Teams

    Roadmap View

    Portfolio

    Product Family

    Technology

    Objectives

    To provide a snapshot of the portfolio and priority products

    To visualize and validate product strategy

    To coordinate broad technology and architecture decisions

    Artifacts

    Line items or sections of the roadmap are made up of individual products, and an artifact represents a disposition at its highest level.

    Artifacts are generally grouped by product teams and consist of strategic goals and the features that realize those goals.

    Artifacts are grouped by the teams who deliver that work and consist of technical capabilities that support the broader delivery of value for the product family.

    Your communication objectives are linked to your audience; ensure you know your audience and speak their language

    I want to...

    I need to talk to...

    Because they are focused on...

    ALIGN PRODUCT TEAMS

    Get my delivery teams on the same page.

    Architects

    Products Owners

    PRODUCTS

    A product that delivers value against a common set of goals and objectives.

    SHOWCASE CHANGES

    Inform users and customers of product strategy.

    Bus. Process Owners

    End Users

    FUNCTIONALITY

    A group of functionality that business customers see as a single unit.

    ARTICULATE RESOURCE REQUIREMENTS

    Inform the business of product development requirements.

    IT Management

    Business Stakeholders

    FUNDING

    An initiative that those with the money see as a single budget.

    Assess the impacts of product-centric delivery on your teams and org design

    Product delivery can exist within any org structure or delivery model. However, when making the shift toward product management, consider optimizing your org design and product team structure to match your capacity and throughput needs.

    A flowchart is shown to see how the impacts of product-centric delivery can impact team and org designs.

    Determine which delivery team structure best fits your product pipeline

    Four delivery team structures are shown. The four are: functional roles, shared service and resource pools, product or system, and skills and competencies.

    Weigh the pros and cons of IT operating models to find the best fit

    There are many different operating models. LoB/Product Aligned and Hybrid Functional align themselves most closely with how products and product families are typically delivered.

    1. LoB/Product Aligned – Decentralized Model: Line of Business, Geographically, Product, or Functionally Aligned
    2. A decentralized IT operating model that embeds specific functions within LoBs/product teams and provides cross-organizational support for their initiatives.

    3. Hybrid Functional: Functional/Product Aligned
    4. A best-of-both-worlds model that balances the benefits of centralized and decentralized approaches to achieve both customer responsiveness and economies of scale.

    5. Hybrid Service Model: Product-Aligned Operating Model
    6. A model that supports what is commonly referred to as a matrix organization, organizing by highly related service categories and introducing the role of the service owner.

    7. Centralized: Plan-Build-Run
    8. A highly typical IT operating model that focuses on centralized strategic control and oversight in delivering cost-optimized and effective solutions.

    9. Centralized: Demand-Develop-Service
    10. A centralized IT operating model that lends well to more mature operating environments. Aimed at leveraging economies of scale in an end-to-end services delivery model.

    Consider how investment spending will differ in a product environment

    Reward for delivering outcomes, not features

    Autonomy

    Flexibility

    Accountability

    Fund what delivers value

    Allocate iteratively

    Measure and adjust

    Fund long-lived delivery of value through products (not projects).

    Give autonomy to the team to decide exactly what to build.

    Allocate to a pool based on higher-level business case.

    Provide funds in smaller amounts to different product teams and initiatives based on need.

    Product teams define metrics that contribute to given outcomes.

    Track progress and allocate more (or less) funds as appropriate.

    Adapted from Bain, 2019

    Info-Tech Insight

    Changes to funding require changes to product and Agile practices to ensure product ownership and accountability.

    Why is having a common value measure important?

    CIO-CEO Alignment Diagnostic

    A stacked bar graph is shown to demonstrate CIO-CEO Alignment Diagnostic. A bar titled: Business Value Metrics is highlighted. 51% had some improvement necessary and 32% had significant improvement necessary.

    Over 700 Info-Tech members have implemented the Balanced Value Measurement Framework.

    “The cynic knows the price of everything and the value of nothing.”

    – Oscar Wilde

    “Price is what you pay. Value is what you get.”

    – Warren Buffett

    Understanding where you derive value is critical to building solid roadmaps.

    Measure delivery and success

    Metrics and measurements are powerful tools to drive behavior change and decision making in your organization. However, metrics are highly prone to creating unexpected outcomes, so use them with great care. Use metrics judiciously to uncover insights but avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    Build good practices in your selection and use of metrics:

    • Choose the metrics that are as close to measuring the desired outcome as possible.
    • Select the fewest metrics possible and ensure they are of the highest value to your team, the safest from gaming behaviors and unintended consequences, and the easiest to gather and report.
    • Never use metrics for reward or punishment; use them to develop your team.
    • Automate as much metrics gathering and reporting as possible.
    • Focus on trends rather than precise metrics values.
    • Review and change your metrics periodically.

    Executive Brief Case Study

    INDUSTRY: Public Sector & Financial Services

    SOURCE: Info-Tech Interviews

    A tale of two product transformations

    Two of the organizations we interviewed shared the challenges they experienced defining product families and the impact these challenges had on their digital transformations.

    A major financial services organization (2,000+ people in IT) had employed a top-down line of business–focused approach and found itself caught in a vicious circle of moving applications between families to resolve cross-LoB dependencies.

    A similarly sized public sector organization suffered from a similar challenge as grouping from the bottom up based on technology areas led to teams fragmented across multiple business units employing different applications built on similar technology foundations.

    Results

    Both organizations struggled for over a year to structure their product families. This materially delayed key aspects of their product-centric transformation, resulting in additional effort and expenditure delivering solutions piecemeal as opposed to as a part of a holistic product family. It took embracing a hybrid top-down and bottom-up approach and beginning with pilot product families to make progress on their transformation.

    A picture of Cole Cioran is shown.

    Cole Cioran

    Practice Lead,

    Applications Practice

    Info-Tech Research Group

    There is no such thing as a perfect product-family structure. There will always be trade-offs when you need to manage shifting demand from stakeholder groups spanning customers, business units, process owners, and technology owners.

    Focusing on a single approach to structure your product families inevitably leads to decisions that are readily challenged or are brittle in the face of changing demand.

    The key to accelerating a product-centric transformation is to build a hybrid model that embraces top-down and bottom-up perspectives to structure and evolve product families over time. Add a robust pilot to evaluate the structure and you have the key to unlocking the potential of product delivery in your organization.

    Info-Tech’s methodology for Deliver Digital Products at Scale

    1. Become a Product-Centric Organization

    2. Organize Products Into Product Families

    3. Ensure Alignment Between Products and Families

    4. Bridge the Gap Between Product Families and Delivery

    5. Build Your Transformation Roadmap and Communication Plan

    Phase Steps

    1.1 Understand the organizational factors driving product-centric delivery

    1.2 Establish your organization’s product inventory

    2.1 Determine your approach to scale product families

    2.2 Define your product families

    3.1 Leverage product family roadmaps

    3.2 Use stakeholder management to improve roadmap communication

    3.3 Configure your product family roadmaps

    3.4 Confirm goal and value alignment of products and their product families

    4.1 Assess your organization’s delivery readiness

    4.2 Understand your delivery options

    4.3 Determine your operating model

    4.4 Identify how to fund product family delivery

    5.1 Introduce your digital product family strategy

    5.2 Communicate changes on updates to your strategy

    5.3 Determine your next steps

    Phase Outcomes
    • Organizational drivers and goals for a product-centric delivery
    • Definition of product
    • Pilot list of products to scale
    • Product scaling principles
    • Scaling approach and direction
    • Product family mapping
    • Enabling applications
    • Dependent applications
    • Product family canvas
    • Approach for communication of product family strategy
    • Stakeholder management plan
    • Defined key pieces of a product family roadmap
    • An approach to confirming alignment between products and product families
    • Assessment of delivery maturity
    • Approach to structuring product delivery
    • Operating model for product delivery
    • Approach for product family funding
    • Product family transformation roadmap
    • Your plan for communicating your roadmap
    • List of actionable next steps to start on your journey

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Deliver Digital Products at Scale Workbook

    Use this supporting workbook to document interim results from a number of exercises that will contribute to your overall strategy.

    A screenshot of the Scale Workbook is shown.

    Deliver Digital Products at Scale Readiness Assessment

    Your strategy needs to encompass your approaches to delivery. Understand where you need to focus using this simple assessment.

    A screenshot of the Scale Readiness Assessment is shown.

    Key deliverable:

    Digital Product Family Strategy Playbook

    Record the results from the exercises to help you define, detail, and deliver digital products at scale.

    A screenshot of the Digital Product Family Strategy Playbook is shown.

    Blueprint benefits

    IT Benefits

    • Improved product delivery ROI.
    • Improved IT satisfaction and business support.
    • Greater alignment between product delivery and product family goals.
    • Improved alignment between product delivery and organizational models.
    • Better support for Agile/DevOps adoption.

    Business Benefits

    • Increased value realization across product families.
    • Faster delivery of enterprise capabilities.
    • Improved IT satisfaction and business support.
    • Greater alignment between product delivery and product family goals.
    • Uniform understanding of product and product family roadmaps and key milestones.

    Measure the value of this blueprint

    Align product family metrics to product delivery and value realization.

    Member Outcome Suggested Metric Estimated Impact

    Increase business application satisfaction

    Satisfaction with business applications (CIO Business Vision diagnostic)

    20% increase within one year after implementation

    Increase effectiveness of application portfolio management

    Effectiveness of application portfolio management (Management & Governance diagnostic)

    20% increase within one year after implementation

    Increase importance and effectiveness of application portfolio

    Importance and effectiveness to business ( Application Portfolio Assessment diagnostic)

    20% increase within one year after implementation

    Increase satisfaction of support of business operations

    Support to business (CIO Business Vision diagnostic.

    20% increase within one year after implementation

    Successfully deliver committed work (productivity)

    Number of successful deliveries; burndown

    20% increase within one year after implementation

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keeps us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1: Become a Product-Centric Organization

    Phase 2: Organize Products Into Product Families

    Phase 3: Ensure Alignment Between Products and Families

    Phase 4: Bridge the Gap Between Product Families and Delivery

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Define products and product families in your context.

    Call #3: Understand the list of products in your context.

    Call #4: Define your scaling principles and goals.

    Call #5: Select a pilot and define your product families.

    Call #6: Understand the product family roadmap as a method to align products to families.

    Call #7: Define components of your product family roadmap and confirm alignment.

    Call #8: Assess your delivery readiness.

    Call #9: Discuss delivery, operating, and funding models relevant to delivering product families.

    Call #10: Wrap up.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1

    Become a Product-Centric Organization

    Day 2

    Organize Products Into Product Families

    Day 3

    Ensure Alignment Between Products and Families

    Day 4

    Bridge the Gap Between Product Families and Delivery

    Advisory

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Understand your organizational factors driving product-centric delivery.

    1.2 Establish your organization’s product inventory.

    2.1 Determine your approach to scale product families.

    2.2 Define your product families.

    3.1 Leverage product family roadmaps.

    3.2 Use stakeholder management to improve roadmap communication.

    3.3 Configure your product family roadmaps.

    3.4 Confirm product family to product alignment.

    4.1 Assess your organization’s delivery readiness.

    4.2 Understand your delivery options.

    4.3 Determine your operating model.

    4.4 Identify how to fund product family delivery.

    5.1 Learn how to introduce your digital product family strategy.

    5.2 Communicate changes on updates to your strategy.

    5.3 Determine your next steps.

    1. Execute communication plan and product family changes.
    2. Review the pilot family implementation and update the transformation roadmap.
    3. Begin advisory calls for related blueprints.

    Key Deliverables

    1. Organizational drivers and goals for a product-centric delivery
    2. Definition of product
    3. Product scaling principles
    4. Scaling approach and direction
    5. Pilot list of products to scale
    1. Product family mapping
    2. Enabling applications
    3. Dependent applications
    4. Product family canvas
    1. Current approach for communication of product family strategy
    2. List of product family stakeholders and a prioritization plan for communication
    3. Defined key pieces of a product family roadmap
    4. An approach to confirming alignment between products and product families through a shared definition of business value
    1. Assessment results on your organization’s delivery maturity
    2. A preferred approach to structuring product delivery
    3. Your preferred operating model for delivering product families
    4. Understanding your preferred approach for product family funding
    5. Product family transformation roadmap
    6. Your plan for communicating your roadmap
    7. List of actionable next steps to start on your journey
    1. Organizational communication of product families and product family roadmaps
    2. Product family implementation and updated transformation roadmap
    3. Support for product owners, backlog and roadmap management, and other topics

    Phase 1

    Become a Product-Centric Organization

    Phase 1Phase 2Phase 3Phase 4Phase 5

    1.1 Understand the organizational factors driving product-centric delivery

    1.2 Establish your organization’s product inventory

    2.1 Determine your approach to scale product families

    2.2 Define your product families

    3.1 Leverage product family roadmaps

    3.2 Use stakeholder management to improve roadmap communication

    3.3 Configure your product family roadmaps

    3.4 Confirm product family to product alignment

    4.1 Assess your organization’s delivery readiness

    4.2 Understand your delivery options

    4.3 Determine your operating model

    4.4 Identify how to fund product family delivery

    5.1 Learn how to introduce your digital product family strategy

    5.2 Communicate changes on updates to your strategy

    5.3 Determine your next steps

    This phase will walk you through the following activities:

    1.1.1 Understand your drivers for product-centric delivery

    1.1.2 Identify the differences between project and product delivery

    1.1.3 Define the goals for your product-centric organization

    1.2.1 Define “product” in your context

    1.2.2 Identify and establish a pilot list of products

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Step 1.1

    Understand the organizational factors driving product-centric delivery

    Activities

    1.1.1 Understand your drivers for product-centric delivery

    1.1.2 Identify the differences between project and product delivery

    1.1.3 Define the goals for your product-centric organization

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Outcomes of this step

    • Organizational drivers to move to product-centric delivery
    • List of differences between project and product delivery
    • Goals for product-centric delivery

    1.1.1 Understand your drivers for product-centric delivery

    30-60 minutes

    1. Identify your pain points in the current delivery model.
    2. What is the root cause of these pain points?
    3. How will a product-centric delivery model fix the root cause?
    4. Record the results in the Deliver Digital Products at Scale Workbook.
    Pain Points Root Causes Drivers
    • Lack of ownership
    • Siloed departments
    • Accountability

    Output

    • Organizational drivers to move to product-centric delivery.

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    1.1.2 Identify the differences between project and product delivery

    30-60 minutes

    1. Consider project delivery and product delivery.
    2. Discuss what some differences are between the two.
    3. Note: This exercise is not about identifying the advantages and disadvantages of each style of delivery. This is to identify the variation between the two.

    4. Record the results in the Deliver Digital Products at Scale Workbook.
    Project Delivery Product Delivery
    Point in time What is changed
    Method of funding changes Needs an owner

    Output

    • List of differences between project and product delivery

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    Identify the differences between a project-centric and a product-centric organization

    Project Product
    Fund projects Funding Fund products or teams
    Line of business sponsor Prioritization Product owner
    Makes specific changes to a product Product management Improves product maturity and support
    Assignment of people to work Work allocation Assignment of work to product teams
    Project manager manages Capacity management Team manages capacity

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    Projects can be a mechanism for funding product changes and improvements

    A flowchart is shown to demonstrate the difference between project lifecycle, hybrid lifecycle, and product lifecycle.

    Projects within products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    The purpose of projects is to deliver the scope of a product release. The shift to product delivery leverages a product roadmap and backlog as the mechanism for defining and managing the scope of the release.

    Eventually, teams progress to continuous integration/continuous delivery (CI/CD) where they can release on demand or as scheduled, requiring org change management.

    Use Agile DevOps principles to expedite product-centric delivery and management

    Delivering products does not necessarily require an Agile DevOps mindset. However, Agile methods facilitate the journey because product thinking is baked into them.

    A flowchart is shown to demonstrate the product delivery maturity and the Agile DevOps used.

    Based on: Ambysoft, 2018

    Organizations start with Waterfall to improve the predictable delivery of product features.

    Iterative development shifts the focus from delivery of features to delivery of user value.

    Agile further shifts delivery to consider ROI. Often, the highest-value backlog items aren’t the ones with the highest ROI.

    Lean and DevOps improve your delivery pipeline by providing full integration between product owners, development teams, and operations.

    CI/CD reduces time in process by allowing release on demand and simplifying release and support activities.

    Although teams will adopt parts of all these stages during their journey, it isn’t until you’ve adopted a fully integrated delivery chain that you’ve become product centric.

    1.1.3 Define the goals for your product-centric organization

    30 minutes

    1. Review your list of drivers from exercise 1.1.1 and the differences between project and product delivery from exercise 1.1.2.
    2. Define your goals for achieving a product-centric organization.
    3. Note: Your drivers may have already covered the goals. If so, review if you would like to change the drivers based on your renewed understanding of the differences between project and product delivery.

    Pain PointsRoot CausesDriversGoals
    • Lack of ownership
    • Siloed departments
    • Accountability
    • End-to-end ownership

    Output

    • Goals for product-centric delivery

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    Step 1.2

    Establish your organization’s product inventory

    Activities

    1.2.1 Define “product” in your context

    1.2.2 Identify and establish a pilot list of products

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Outcomes of this step

    • Your organizational definition of products and services
    • A pilot list of active products

    Product does not mean the same thing to everyone

    Do not expect a universal definition of products.

    Every organization and industry has a different definition of what a product is. Organizations structure their people, processes, and technologies according to their definition of the products they manage. Conflicting product definitions between teams increase confusion and misalignment of product roadmaps.

    “A product [is] something (physical or not) that is created through a process and that provides benefits to a market.”

    - Mike Cohn, Founding Member of Agile Alliance and Scrum Alliance

    “A product is something ... that is created and then made available to customers, usually with a distinct name or order number.”

    - TechTarget

    “A product is the physical object ... , software or service from which customer gets direct utility plus a number of other factors, services, and perceptions that make the product useful, desirable [and] convenient.”

    - Mark Curphey

    Organizations need a common understanding of what a product is and how it pertains to the business. This understanding needs to be accepted across the organization.

    “There is not a lot of guidance in the industry on how to define [products]. This is dangerous because what will happen is that product backlogs will be formed in too many areas. All that does is create dependencies and coordination across teams … and backlogs.”

    – Chad Beier, "How Do You Define a Product?” Scrum.org

    Products and services share the same foundation and best practices

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. Product is used for consistency but would apply to services as well.

    Product = Service

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Recognize the different product owner perspectives

    Business:

    • Customer facing, revenue generating

    Technical:

    • IT systems and tools

    Operations

    • Keep the lights on processes

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Info-Tech Insight

    Recognize that product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their perspective.

    “A Product Owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The Product Owner is someone who really 'owns' the product.”

    – Robbin Schuurman, “Tips for Starting Product Owners”

    Your product definition should include everything required to support it, not just what users see.

    A picture of an iceburg is shown, showing the ice both above and below the water to demonstrate that the product definition should include everything, not just what users see. On top of the picture are various words to go with the product definition. They inlude: funding, external relationships, adoption, product strategy, stakeholder managment. The product defitions that may not be seen include: Product governance, business functionality, user support, managing and governing data, maintenance and enhancement, R-and-D, requirements analysis and design, code, and knowledge management.

    Establish where product management would be beneficial in the organization

    What does not need product ownership?

    • Individual features
    • Transactions
    • Unstructured data
    • One-time solutions
    • Non-repeatable processes
    • Solutions that have no users or consumers
    • People or teams

    Characteristics of a discrete product

    • Has end users or consumers
    • Delivers quantifiable value
    • Evolves or changes over time
    • Has predictable delivery
    • Has definable boundaries
    • Has a cost to produce and operate

    Product capabilities deliver value!

    These are the various facets of a product. As a product owner, you are responsible for managing these facets through your capabilities and activities.

    A flowchart is shown that demonstrates the various facets of a product.

    It is easy to lose sight of what matters when we look at a product from a single point of view. Despite what The Agile Manifesto says, working software is not valuable without the knowledge and support that people need in order to adopt, use, and maintain it. If you build it, they will not come. Product leaders must consider the needs of all stakeholders when designing and building products.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    An image is shown to demonstrate the relationship between the product backlog and the product roadmap.

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    An example of a product roadmap is shown to demonstrate how it is the core to value realization.

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    What is a product?

    Not all organizations will define products in the same way. Take this as a general example:

    “A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.”

    Info-Tech Insight

    A proper definition of product recognizes three key facts:

    1. Products are long-term endeavors that don’t end after the project finishes.
    2. Products are not just “apps” but can be software or services that drive the delivery of value.
    3. There is more than one stakeholder group that derives value from the product or service.

    1.2.1 Define “product” in your context

    30-60 minutes

    1. Discuss what “product” means in your organization.
    2. Create a common, enterprise-wide definition for “product.”
    3. Record the results in the Deliver Digital Products at Scale Workbook.

    For example:

    • An application, platform, or application family.
    • Discrete items that deliver value to a user/customer.

    Output

    • Your enterprise/organizational definition of products and services

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    1.2.2 Identify and establish a pilot list of products

    1-2 hours

    1. Review any current documented application inventory. If you have these details in an existing document, share it with the team. Select the group of applications for your family scaling pilot.
    2. List your initial application inventory on the Product List tab of the Deliver Digital Products at Scale Workbook.
  • For each of the products listed, add the vision and goals of the product. Refer to Deliver on Your Digital Product Vision to learn more about identifying vision and goals or to complete the product vision canvas.
  • You’ll add business capabilities and vision in Phase 2, but you can add these now if they are available in your existing inventory.
  • Output

    • A pilot list of active products

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    Phase 2

    Organize Products Into Product Families

    Phase 1Phase 2Phase 3Phase 4Phase 5

    1.1 Understand the organizational factors driving product-centric delivery

    1.2 Establish your organization’s product inventory

    2.1 Determine your approach to scale product families

    2.2 Define your product families

    3.1 Leverage product family roadmaps

    3.2 Use stakeholder management to improve roadmap communication

    3.3 Configure your product family roadmaps

    3.4 Confirm product family to product alignment

    4.1 Assess your organization’s delivery readiness

    4.2 Understand your delivery options

    4.3 Determine your operating model

    4.4 Identify how to fund product family delivery

    5.1 Learn how to introduce your digital product family strategy

    5.2 Communicate changes on updates to your strategy

    5.3 Determine your next steps

    This phase will walk you through the following activities:

    2.1.1 Define your scaling principles and goals

    2.1.2 Define your pilot product family areas and direction

    2.2.1 Arrange your applications and services into product families

    2.2.2 Define enabling and supporting applications

    2.2.3 Build your product family canvas

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Step 2.1

    Determine your approach to scale product families

    Activities

    2.1.1 Define your scaling principles and goals

    2.1.2 Define your pilot product family areas and direction

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Outcomes of this step

    • List of product scaling principles
    • Scope of product scaling pilot and target areas
    • Scaling approach and direction

    Use consistent terminology for product and service families

    In this blueprint, we refer to any grouping of products or services as a “family.” Your organization may prefer other terms, such as product/service line, portfolio, group, etc. The underlying principles for grouping and managing product families are the same, so define the terminology that fits best with your culture. The same is true for “products” and “services,” which may also be referred to in different terms.

    An example flowchart is displayed to demonstrate the terminology for product and service families.

    A product family is a logical and operational grouping of related products or services. The grouping provides a scaled hierarchy to translate goals, priorities, strategy, and constraints down the grouping while aligning value realization upwards.

    Group product families by related purpose to improve business value

    Families should be scaled by how the products operationally relate to each other, with clear boundaries and common purpose.

    A product family contains...

    • Vision
    • Goals
    • Cumulative roadmap of the products within the family

    A product family can be grouped by...

    • Function
    • Value stream and capability
    • Customer segments or end-user group
    • Strategic purpose
    • Underlying architecture
    • Common technology or support structures
    • And many more
    A flowchart is shown to demonstrate the product family and product relations.

    Scale products into related families to improve value delivery and alignment

    Defining product families builds a network of related products into coordinated value delivery streams.

    A flowchart is shown to demonstrate the relations between product family and the delivery streams.

    “As with basic product management, scaling an organization is all about articulating the vision and communicating it effectively. Using a well-defined framework helps you align the growth of your organization with that of the company. In fact, how the product organization is structured is very helpful in driving the vision of what you as a product company are going to do.”

    – Rich Mironov, Mironov Consulting

    Product families translate enterprise goals into value-enabling capabilities

    A flowchart is shown to demonstrate the relationship between enterprise strategy and enabling capabilities.

    Info-Tech Insight

    Your organizational goals and strategy are achieved through capabilities that deliver value. Your product hierarchy is the mechanism to translate enterprise goals, priorities, and constraints down to the product level where changes can be made.

    Arrange product families by operational groups, not solely by your org chart

    A flowchart is shown to demonstrate how to arrange product families by operational groups.

    1. To align product changes with enterprise goals and priorities, you need to organize your products into operational groups based on the capabilities or business functions the product and family support.

    2. Product managers translate these goals, priorities, and constraints into their product families, so they are actionable at the next level, whether that level is another product family or products implementing enhancements to meet these goals.

    3. The product family manager ensures that the product changes enhance the capabilities that allow you to realize your product family, division, and enterprise goals.

    4. Enabling capabilities realize value and help reach your goals, which then drives your next set of enterprise goals and strategy.

    Product families need owners with a more strategic focus

    Product Owner

    (More tactical product delivery focus)

    • Backlog management and prioritization
    • Product vision and product roadmap
    • Epic/story definition, refinement in conjunction with business stakeholders
    • Sprint planning with Scrum Master and delivery team
    • Working with Scrum Master to minimize disruption to team velocity
    • Ensuring alignment between business and Scrum teams during sprints
    • Profit and loss (P&L) product analysis and monitoring

    Product Manager

    (More strategic product family focus)

    • Product strategy, positioning, and messaging
    • Product family vision and product roadmap
    • Competitive analysis and positioning
    • New product innovation/definition
    • Release timing and focus (release themes)
    • Ongoing optimization of product-related marketing and sales activities
    • P&L product analysis and monitoring

    Info-Tech Insight

    “Product owner” and “product manager” are terms that should be adapted to fit your culture and product hierarchy. These are not management relationships but rather a way to structure related products and services that touch the same end users. Use the terms that work best in your culture.

    Download Build a Better Product Owner for role support.

    2.1.1 Define your scaling principles and goals

    30-60 minutes

    1. Discuss the guiding principles for your product scaling model. Your guiding principles should consider key business priorities, organizational culture, and division/team objectives, such as improving:
    • Business agility and ability to respond to changes and needs.
    • Alignment of product roadmaps to enterprise goals and priorities.
    • Collaboration between stakeholders and product delivery teams.
    • Resource utilization and productivity.
    • The quality and value of products.
    • Coordination between related products and services.

    Output

    • List of product scaling principles

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    Start scaling with a pilot

    You will likely use a combination of patterns that work best for each product area. Pilot your product scaling with a domain, team, or functional area before organizing your entire portfolio.

    Learn more about each pattern.

    Discuss the pros and cons of each.

    Select a pilot product area.

    Select a pattern.

    Approach alignment from both directions, validating by the opposite way

    Defining your product families is not a one-way street. Often, we start from either the top or the bottom depending on our scaling principles. We use multiple patterns to find the best arrangement and grouping of our products and families.

    It may be helpful to work partway, then approach your scaling from the opposite direction, meeting in the middle. This way you are taking advantage of the strengths in both approaches.

    Once you have your proposed structure, validate the grouping by applying the principles from the opposite direction to ensure each product and family is in the best starting group.

    As the needs of your organization change, you may need to realign your product families into your new business architecture and operational structure.

    A top-down alignment example is shown.

    When to use: You have a business architecture defined or clear market/functional grouping of value streams.

    A bottom-up alignment example is shown.

    When to use: You are starting from an Application Portfolio Management application inventory to build or validate application families.

    Top-down examples: Start with your enterprise structure or market grouping

    A top-down example flowchart is shown.

    Examples:

    Market Alignment
    • Consumer Banking
      • DDA: Checking, Savings, Money Market
      • Revolving Credit: Credit Cards, Line of Credit
      • Term Credit: Mortgage, Auto, Boat, Installment
    Enterprise Applications
    • Human Resources
      • Benefits: Health, Dental, Life, Retirement
      • Human Capital: Hiring, Performance, Training
      • Hiring: Posting, Interviews, Onboarding
    Shared Service
    • End-User Support
      • Desktop: New Systems, Software, Errors
      • Security: Access Requests, Password Reset, Attestations
    Business Architecture
    • Value Stream
      • Capability
        • Applications
        • Services

    Bottom-up examples: Start with your inventory

    Based on your current inventory, start organizing products and services into related groups using one of the five scaling models discussed in the next step.

    A bottom-up example flowchart is shown.

    Examples:

    Technical Grouping
    • Custom Apps: Java, .NET, Python
    • Cloud: Azure, AWS, Virtual Environments
    • Low Code: ServiceNow, Appian
    Functional/Capability Grouping
    • CRM: Salesforce, Microsoft CRM
    • Security Platforms: IAM, SSO, Scanning
    • Workflow: Remedy, ServiceNow
    Shared Services Grouping
    • Workflow: Appian, Pega, ServiceNow
    • Collaboration: SharePoint, Teams
    • Data: Dictionary, Lake, BI/Reporting

    2.1.2 Define your pilot product family areas and direction

    30-60 minutes

    1. Using your inventory of products for your pilot, consider the top-down and bottom-up approaches.
    2. Identify areas where you will begin arranging your product into families.
    3. Prioritize these pilot areas into waves:
      1. First pilot areas
      2. Second pilot areas
      3. Third pilot areas
    4. Discuss and decide whether a top-down or bottom-up approach is the best place to start for each pilot group.
    5. Prioritize your pilot families in the order in which you want to organize them. This is a guide to help you get started, and you may change the order during the scaling pattern exercise.

    Output

    • Scope of product scaling pilot and target areas

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    Step 2.2

    Define your product families

    Activities

    2.2.1 Arrange your applications and services into product families

    2.2.2 Define enabling and supporting applications

    2.2.3 Build your product family canvas

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Outcomes of this step

    • Product family mapping
    • Product families
    • Enabling applications
    • Dependent applications
    • Product family canvas

    Use three perspectives to guide scaling pattern selection

    • One size does not fit all. There is no single or static product model that fits all product teams.
    • Structure relationships based on your organizational needs and capabilities.
    • Be flexible. Product ownership is designed to enable value delivery.
    • Avoid structures that promote proxy product ownership.
    • Make decisions based on products and services, not people. Then assign people to the roles.
    Alignment perspectives:

    Value Stream

    Align products based on the defined sources of value for a collection of products or services.

    For example: Wholesale channel for products that may also be sold directly to consumers, such as wireless network service.

    Users/Consumers

    Align products based on a common group of users or product consumers.

    For example: Consumer vs. small business vs. enterprise customers in banking, insurance, and healthcare.

    Common Domain

    Align products based on a common domain knowledge or skill set needed to deliver and support the products.

    For example: Applications in a shared service framework supporting other products.

    Leverage patterns for scaling products

    Organizing your products and families is easier when leveraging these grouping patterns. Each is explained in greater detail on the following slides

    Value Stream AlignmentEnterprise ApplicationsShared ServicesTechnicalOrganizational Alignment
    • Business architecture
      • Value stream
      • Capability
      • Function
    • Market/customer segment
    • Line of business (LoB)
    • Example: Customer group > value stream > products
    • Enabling capabilities
    • Enterprise platforms
    • Supporting apps
    • Example: HR > Workday/Peoplesoft > ModulesSupporting: Job board, healthcare administrator
    • Organization of related services into service family
    • Direct hierarchy does not necessarily exist within the family
    • Examples: End-user support and ticketing, workflow and collaboration tools
    • Domain grouping of IT infrastructure, platforms, apps, skills, or languages
    • Often used in combination with Shared Services grouping or LoB-specific apps
    • Examples: Java, .NET, low-code, database, network
    • Used at higher levels of the organization where products are aligned under divisions
    • Separation of product managers from organizational structure no longer needed because the management team owns product management role

    Select the best family pattern to improve alignment

    A flowchart is shown on how to select the best family pattern to improve alignment.

    Use scenarios to help select patterns

    Top-Down

    Bottom-Up

    We have a business architecture defined.

    (See Document Your Business Architecture and industry reference architectures for help.)

    Start with your business architecture

    Start with market segments

    We want to be more customer first or customer centric.

    Start with market segments

    Our organization has rigid lines of business and organizational boundaries.

    Start with LoB structure

    Most products are specific to a business unit or division. Start with LoB structure

    Products are aligned to people, not how we are operationally organized.

    Start with market or LoB structure

    We are focusing on enterprise or enabling applications.

    1. Start with enterprise app and service team

    2. Align supporting apps

    We already have applications and services grouped into teams but want to evaluate if they are grouped in the best families.

    Validate using multiple patterns

    Validate using multiple patterns

    Our applications and services are shared across the enterprise or support multiple products, value streams, or shared capabilities.

    Our applications or services are domain, knowledge, or technology specific.

    Start by grouping inventory

    We are starting from an application inventory. (See the APM Research Center for help.)

    Start by grouping inventory

    Pattern: Value Stream – Capability

    Grouping products into capabilities defined in your business architecture is recommended because it aligns people/processes (services) and products (tools) into their value stream and delivery grouping. This requires an accurate capability map to implement.

    Example:

    • Healthcare is delivered through a series of distinct value streams (top chevrons) and shared services supporting all streams.
    • Diagnosing Health Needs is executed through the Admissions, Testing, Imaging, and Triage capabilities.
    • Products and services are needed to deliver each capability.
    • Shared capabilities can also be grouped into families to better align capability delivery and maturity to ensure that the enterprise goals and needs are being met in each value stream the capabilities support.
    An example is shown to demonstrate how to group products into capabilities.

    Sample business architecture/ capability map for healthcare

    A sample business architecture/capability map for healthcare is shown.

    Your business architecture maps your value streams (value delivered to your customer or user personas) to the capabilities that deliver that value. A capability is the people, processes, and/or tools needed to deliver each value function.

    Defining capabilities are specific to a value stream. Shared capabilities support multiple value streams. Enabling capabilities are core “keep the lights on” capabilities and enterprise functions needed to run your organization.

    See Info-Tech’s industry coverage and reference architectures.

    Download Document Your Business Architecture

    Pattern: Value Stream – Market

    Market/Customer Segment Alignment focuses products into the channels, verticals, or market segments in the same way customers and users view the organization.

    An example is shown to demonstrate how products can be placed into channels, verticals, or market segments.

    Example:

    • Customers want one stop to solve all their issues, needs, and transactions.
    • Banking includes consumer, small business, and enterprise.
    • Consumer banking can be grouped by type of financial service: deposit accounts (checking, savings, money market), revolving credit (credit cards, lines of credit), term lending (mortgage, auto, installment).
    • Each group of services has a unique set of applications and services that support the consumer product, with some core systems supporting the entire relationship.

    Pattern: Value Stream – Line of Business (LoB)

    Line of Business Alignment uses the operational structure as the basis for organizing products and services into families that support each area.

    An example of the operational structure as the basis is shown.

    Example:

    • LoB alignment favors continuity of services, tools, and skills based on internal operations over unified customer services.
    • A hospital requires care and services from many different operational teams.
    • Emergency services may be internally organized by the type of care and emergency to allow specialized equipment and resources to diagnose and treat the patients, relying on support teams for imaging and diagnostics to support care.
    • This model may be efficient and logical from an internal viewpoint but can cause gaps in customer services without careful coordination between product teams.

    Pattern: Enterprise Applications

    A division or group delivers enabling capabilities, and the team’s operational alignment maps directly to the modules/components of an enterprise application and other applications that support the specific business function.

    An example flowchart is shown with enterprise applications.

    Example:

    • Human resources is one corporate function. Within HR, however, there are subfunctions that operate independently.
    • Each operational team is supported by one or more applications or modules within a primary HR system.
    • Even though the teams work independently, the information they manage is shared with or ties into processes used by other teams. Coordination of efforts helps provide a higher level of service and consistency.

    For additional information about HRMS, please download Get the Most Out of Your HRMS.

    Pattern: Shared Services

    Grouping by service type, knowledge area, or technology allows for specialization while families align service delivery to shared business capabilities.

    An example is shown with the shared services.

    Example:

    • Recommended for governance, risk, and compliance; infrastructure; security; end-user support; and shared platforms (workflow, collaboration, imaging/record retention). Direct hierarchies do not necessarily exist within the shared service family.
    • Service groupings are common for service owners (also known as support managers, operations managers, etc.).
    • End-user ticketing comes through a common request system, is routed to the team responsible for triage, and then is routed to a team for resolution.
    • Collaboration tools and workflow tools are enablers of other applications, and product families might support multiple apps or platforms delivering that shared capability.

    Pattern: Technical

    Technical grouping is used in Shared Services or as a family grouping method within a Value Stream Alignment (Capability, Market, LoB) product family.

    An example of technical grouping is shown.

    Example:

    • Within Shared Services, Technical product grouping focuses on domains requiring specific experience and knowledge not common to typical product teams. This can also support insourcing so other product teams do not have to build their own capacity.
    • Within a Market or LoB team, these same technical groups support specific tools and services within that product family only while also specializing in the business domain.
    • Alignment into tool, platform, or skill areas improves delivery capabilities and resource scalability.

    Pattern: Organizational Alignment

    Eventually in your product hierarchy, the management structure functions as the product management team.

    • When planning your product families, be careful determining when to merge product families into the management team structure.
    • Since the goal of scaling products into families is to align product delivery roadmaps to enterprise goals and enable value realization, the primary focus of scaling must be operational.
    • Alignment to the organizational chart should only occur when the product families report into an HR manager who has ownership for the delivery and value realization for all product and services within that family.
    Am example of organizational alignment is shown.

    Download Build a Better Product Owner for role support.

    2.2.1 Arrange your applications and services into product families

    1-4 hours

    1. (Optional but recommended) Define your value streams and capabilities on the App Capability List tab in the Deliver Digital Products at Scale Workbook.
    2. On the Product Families tab, build your product family hierarchy using the following structure:
    • Value Stream > Capability > Family 3 > Family 2 > Family 1 > Product/Service.
    • If you are not using a Value Stream > Capability grouping, you can leave these blank for now.
    A screenshot of the App Capability List in the Deliver Disital Products at Scale Workbook is shown.
  • If you previously completed an application inventory using one of our application portfolio management (APM) resources, you can paste values here. Do not paste cells, as Excel may create a cell reference or replace the current conditional formatting.
  • Output

    • Product family mapping

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    2.2.2 Define enabling and supporting applications

    1-4 hours

    1. Review your grouping from the reverse direction or with different patterns to validate the grouping. Consider each grouping.
    • Does it operationally align the products and families to best cascade enterprise goals and priorities while validating enabling capabilities?
    • In the next phase, when defining your roadmap strategy, you may wish to revisit this phase and adjust as needed.
  • Select and enter enabling or dependent applications to the right of each product.
  • A screenshot from the Deliver Digitial Products at Scale Workbook is shown.

    Output

    • Product families
    • Enabling applications
    • Dependent applications

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    Use a product canvas to define key elements of your product family

    A product canvas is an excellent tool for quickly providing important information about a product family.

    Product owners/managers

    Provide target state to align child product and product family roadmaps.

    Stakeholders

    Communicate high-level concepts and key metrics with leadership teams and stakeholders.

    Strategy teams

    Use the canvas as a tool for brainstorming, scoping, and ideation.

    Operations teams

    Share background overview to align operational team with end-user value.

    Impacted users

    Refine communication strategy and support based on user impacts and value realization.

    Download Deliver on Your Digital Product Vision.

    Product Family Canvas: Define your core information

    A screenshot of the product family canvas is shown.

    Problem Statement: The problem or need the product family is addressing

    Business Goals: List of business objectives or goals for the product

    Personas/Customers/Users: List of groups who consume the product/service

    Vision: Vision, unique value proposition, elevator pitch, or positioning statement

    Child Product Families or Products: List of product families or products within this family

    Stakeholders: List of key resources, stakeholders, and teams needed to support the product or service

    Download Deliver on Your Digital Product Vision.

    2.2.3 Build your product family canvas

    30-60 minutes

    1. Complete the following fields to build your product family canvas in your Digital Product Family Strategy Playbook:
      1. Product family name
      2. Product family owner
      3. Parent product family name
      4. Problem that the family is intending to solve (For additional help articulating your problem statement, refer to Deliver on Your Digital Product Vision.)
      5. Product family vision/goals (For additional help writing your vision, refer to Deliver on Your Digital Product Vision..)
      6. Child product or product family name(s)
      7. Primary customers/users (For additional help with your product personas, download and complete Deliver on Your Digital Product Vision..)
      8. Stakeholders (If you aren’t sure who your stakeholders are, fill this in after completing the stakeholder management exercises in phase 3.)

    Output

    • Product family canvas

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Record the results in the Digital Product Family Strategy Playbook.

    A screenshot of the Product Family Canvas is shown.

    Phase 3

    Ensure Alignment Between Products and Families

    Phase 1Phase 2Phase 3Phase 4Phase 5

    1.1 Understand the organizational factors driving product-centric delivery

    1.2 Establish your organization’s product inventory

    2.1 Determine your approach to scale product families

    2.2 Define your product families

    3.1 Leverage product family roadmaps

    3.2 Use stakeholder management to improve roadmap communication

    3.3 Configure your product family roadmaps

    3.4 Confirm product family to product alignment

    4.1 Assess your organization’s delivery readiness

    4.2 Understand your delivery options

    4.3 Determine your operating model

    4.4 Identify how to fund product family delivery

    5.1 Learn how to introduce your digital product family strategy

    5.2 Communicate changes on updates to your strategy

    5.3 Determine your next steps

    This phase will walk you through the following activities:

    • 3.1.1 Evaluate your current approach to product family communication
    • 3.2.1 Visualize interrelationships among stakeholders to identify key influencers
    • 3.2.2 Group stakeholders into categories
    • 3.2.3 Prioritize your stakeholders
    • 3.3.1 Define the communication objectives and audience of your product family roadmaps
    • 3.3.2 Identify the level of detail that you want your product family roadmap artifacts to represent
    • 3.4.1 Validate business value alignment between products and their product families

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Business analysts

    Step 3.1

    Leverage product family roadmaps

    Activities

    3.1.1 Evaluate your current approach to product family communication

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • Understanding of what a product family roadmap is
    • Comparison of Info-Tech’s position on product families to how you currently communicate about product families

    Aligning products’ goals with families

    Without alignment between product family goals and their underlying products, you aren’t seeing the full picture.

    An example of a product roadmap is shown to demonstrate how it is the core to value realization.

    Adapted from: Pichler," What Is Product Management?"

    • Aligning product strategy to enterprise goals needs to happen through the product family.
    • A product roadmap has traditionally been used to express the overall intent and visualization of the product strategy.
    • Connecting the strategy of your products with your enterprise goals can be done through the product family roadmap.

    Leveraging product family roadmaps

    It’s more than a set of colorful boxes.

      ✓ Lays out a strategy for your product family.

      ✓ Is a statement of intent for your family of products.

      ✓ Communicates direction for the entire product family and product teams.

      ✓ Directly connects to the organization’s goals.

    However, it is not:

      x Representative of a hard commitment.

      x A simple combination of your current product roadmaps.

      x A technical implementation plan.

    Product family roadmaps

    A roadmap is shown without any changes.

    There is no such thing as a roadmap that never changes.

    Your product family roadmap represents a broad statement of intent and high-level tactics to get closer to the organization’s goals.

    A roadmap is shown with changes.

    All good product family roadmaps embrace change!

    Your strategic intentions are subject to volatility, especially those planned further in the future. The more costs you incur in planning, the more you leave yourself exposed to inefficiency and waste if those plans change.

    Info-Tech Insight

    A good product family roadmap is intended to manage and communicate the inevitable changes as a result of market volatility and changes in strategy.

    Product family roadmaps are more strategic by nature

    While individual product roadmaps can be different levels of tactical or strategic depending on a variety of market factors, your options are more limited when defining roadmaps for product families.

    An image is displayed to show the relationships between product and product family, and how the roadmaps could be tactical or strategic.

    Info-Tech Insight

    Roadmaps for your product family are, by design, less detailed. This does not mean they aren’t actionable! Your product family roadmap should be able to communicate clear intentions around the future delivery of value in both the near and long term.

    Reminder: Your enterprise vision provides alignment for your product family roadmaps

    Not knowing the difference between enterprise vision and goals will prevent you from both dreaming big and achieving your dream.

    Your enterprise vision represents your “north star” – where you want to go. It represents what you want to do.

    • Your enterprise goals represent what you need to achieve in order to reach your enterprise vision.
    • A key element of operationalizing your vision.
    • Your strategy, initiatives, and features will align with one or more goals.

    Download Deliver on Your Digital Product Vision for support.

    Multiple roadmap views can communicate differently, yet tell the same truth

    Audience

    Business/ IT Leaders

    Users/Customers

    Delivery Teams

    Roadmap View

    Portfolio

    Product Family

    Technology

    Objectives

    To provide a snapshot of the portfolio and priority products

    To visualize and validate product strategy

    To coordinate broad technology and architecture decisions

    Artifacts

    Line items or sections of the roadmap are made up of individual products, and an artifact represents a disposition at its highest level.

    Artifacts are generally grouped by product teams and consist of strategic goals and the features that realize those goals.

    Artifacts are grouped by the teams who deliver that work and consist of technical capabilities that support the broader delivery of value for the product family.

    Typical elements of a product family roadmap

    While there are others, these represent what will commonly appear across most family-based roadmaps.

    An example is shown to highlight the typical elements of a product family roadmap.

    GROUP/CATEGORY: Groups are collections of artifacts. In a product family context, these are usually product family goals, value streams, or products.

    ARTIFACT: An artifact is one of many kinds of tangible by-products produced during the delivery of products. For a product family, the artifacts represented are capabilities or value streams.

    MILESTONE: Points in the timeline when established sets of artifacts are complete. This is a critical tool in the alignment of products in a given family.

    TIME HORIZON: Separated periods within the projected timeline covered by the roadmap.

    3.1.1 Evaluate your current approach to product family communication

    1-2 hours

    1. Write down how you currently communicate your intentions for your products and family of products.
    2. Compare and contrast this to how this blueprint defines product families and product family roadmaps.
    3. Consider the similarities and the key gaps between your current approach and Info-Tech’s definition of product family roadmaps.

    Output

    • Your documented approach to product family communication

    Participants

    • Product owners
    • Stakeholders

    Record the results in the Deliver Digital Products at Scale Workbook.

    Step 3.2

    Use stakeholder management to improve roadmap communication

    Activities

    3.2.1 Visualize interrelationships among stakeholders to identify key influencers

    3.2.2 Group stakeholders into categories

    3.2.3 Prioritize your stakeholders

    Info-Tech Note

    If you have done the stakeholder exercises in Deliver on Your Digital Product Vision or Build a Better Product Owner u don’t need to repeat the exercises from scratch.

    You can bring the results forward and update them based on your prior work.

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • Relationships among stakeholders and influencers
    • Categorization of stakeholders and influencers
    • Stakeholder and influencer prioritization

    Reminder: Not everyone is a user!

    USERS

    Individuals who directly obtain value from usage of the product.

    STAKEHOLDERS

    Represent individuals who provide the context, alignment, and constraints that influence or control what you will be able to accomplish.

    FUNDERS

    Individuals both external and internal that fund the product initiative. Sometimes they are lumped in as stakeholders. However, motivations can be different.

    For more information, see Deliver on Your Digital Product Vision.

    A stakeholder strategy is a key part of product family attainment

    A roadmap is only “good” when it effectively communicates to stakeholders. Understanding your stakeholders is the first step in delivering great product family roadmaps.

    A picture is shown that has 4 characters with puzzle pieces, each repersenting a key to product family attainment. The four keys are: Stakeholder management, product lifecycle, project delivery, and operational support.

    Create a stakeholder network map for product roadmaps and prioritization

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    An example stakeholder network map is displayed.

    Legend

    Black arrows: indicate the direction of professional influence

    Dashed green arrows: indicate bidirectional, informal influence relationships

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your product family operates in. It is every bit as important as the teams who enhance, support, and operate your product directly.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.

    3.2.1 Visualize interrelationships among stakeholders to identify key influencers

    60 minutes

    1. List direct stakeholders for your product.
    2. Determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
    • Use black arrows to indicate the direction of professional influence.
    • Use dashed green arrows to indicate bidirectional, informal influence relationships.

    Output

    • Relationships among stakeholders and influencers

    Participants

    • Product owners
    • Stakeholders

    Record the results in the Deliver Digital Products at Scale Workbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps product leaders categorize their stakeholders by their level of influence and ownership in the product and/or teams.

    An example stakeholder prioritization map is shown.

    There are four areas in the map, and the stakeholders within each area should be treated differently.

    Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

    Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

    Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

    Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    3.2.2 Group stakeholders into categories

    30-60 minutes

    1. Identify your stakeholders’ interest in and influence on your product as high, medium, or low by rating the attributes below.
    2. Map your results to the model below to determine each stakeholder’s category.
    Level of Influence
    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.
    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    The example stakeholder prioritization map is shown with the stakeholders grouped into the categories.

    Output

    • Categorization of stakeholders and influencers

    Participants

    • Product owners
    • Stakeholders

    Record the results in the Deliver Digital Products at Scale Workbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Level of Support

    Stakeholder Category

    Supporter

    Evangelist

    Neutral Blocker

    Player

    Critical

    High

    High

    Critical

    Mediator

    Medium

    Low

    Low

    Medium

    Noisemaker

    High

    Medium

    Medium

    High

    Spectator

    Low

    Irrelevant

    Irrelevant

    Low

    Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How likely is it that this stakeholder would recommend your product?

    These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.

    3.2.3 Prioritize your stakeholders

    30 minutes

    1. Identify the level of support of each stakeholder by answering the following question: How likely is it that this stakeholder would endorse your product?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.

    Stakeholder

    Category

    Level of Support

    Prioritization

    CMO

    Spectator

    Neutral

    Irrelevant

    CIO

    Player

    Supporter

    Critical

    Output

    • Stakeholder and influencer prioritization

    Participants

    • Product owners
    • Stakeholders

    Record the results in the Deliver Digital Products at Scale Workbook.

    Define strategies for engaging stakeholders by type

    An example is shown to demonstrate how to define strategies to engage staeholders by type.

    Type

    Quadrant

    Actions

    Players

    High influence, high interest – actively engage

    Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.

    Mediators

    High influence, low interest – keep satisfied

    They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.

    Noisemakers

    Low influence, high interest – keep informed

    Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.

    Spectators

    Low influence, low interest – monitor

    They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying your stakeholder groups, the product owner can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers, while ensuring the needs of Mediators and Players are met.

    Step 3.3

    Configure your product family roadmaps

    Activities

    3.3.1 Define the communication objectives and audience of your product family roadmaps

    3.3.2 Identify the level of detail that you want your product family roadmap artifacts to represent

    Info-Tech Note

    If you are unfamiliar with product roadmaps, Deliver on Your Digital Product Vision contains more detailed exercises we recommend you review before focusing on product family roadmaps.

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • An understanding of the key communication objectives and target stakeholder audience for your product family roadmaps
    • A position on the level of detail you want your product family roadmap to operate at

    Your communication objectives are linked to your audience; ensure you know your audience and speak their language

    I want to... I need to talk to... Because they are focused on...
    ALIGN PRODUCT TEAMS Get my delivery teams on the same page. Architects Products Owners PRODUCTS A product that delivers value against a common set of goals and objectives.
    SHOWCASE CHANGES Inform users and customers of product strategy. Bus. Process Owners End Users FUNCTIONALITY A group of functionality that business customers see as a single unit.
    ARTICULATE RESOURCE REQUIREMENTS Inform the business of product development requirements. IT Management Business Stakeholders FUNDING An initiative that those with the money see as a single budget.

    3.3.1 Define the communication objectives and audience of your product family roadmaps

    30-60 minutes

    1. Explicitly state the communication objectives and audience of your roadmap.
    • Think of finishing this sentence: This roadmap is designed for … in order to …
  • You may want to consider including more than a single audience or objective.
  • Example:
  • Roadmap

    Audience

    Statement

    Internal Strategic Roadmap

    Internal Stakeholders

    This roadmap is designed to detail the strategy for delivery. It tends to use language that represents internal initiatives and names.

    Customer Strategic Roadmap

    External Customers

    This roadmap is designed to showcase and validate future strategic plans and internal teams to coordinate the development of features and enablers.

    Output

    • Roadmap list with communication objectives and audience

    Participants

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Record the results in the Deliver Digital Products at Scale Workbook.

    The length of time horizons on your roadmap depend on the needs of the underlying products or families

    Info-Tech InsightAn example timeline is shown.

    Given the relationship between product and product family roadmaps, the product family roadmap needs to serve the time horizons of its respective products.

    This translates into product family roadmaps with timelines that, at a minimum, cover the full scope of the respective product roadmaps.

    Based on your communication objectives, consider different ways to visualize your product family roadmap

    Swimline/Stream-Based roadmap example.

    Swimlane/Stream-Based – Understanding when groups of items intend to be delivered.

    An example is shown that has an overall plan with rough intentions around delivery.

    Now, Next, Later – Communicate an overall plan with rough intentions around delivery without specific date ranges.

    An example of a sunrise roadmap is shown.

    Sunrise Roadmap – Articulate the journey toward a given target state across multiple streams.

    Before connecting your family roadmap to products, think about what each roadmap typically presents

    An example of a product family roadmap is shown and how it can be connected to the products.

    Info-Tech Insight

    Your product family roadmap and product roadmap tell different stories. The product family roadmap represents the overall connection of products to the enterprise strategy, while the product roadmap focuses on the fulfillment of the product’s vision.

    Example: Connecting your product family roadmaps to product roadmaps

    Your roadmaps should be connected at an artifact level that is common between both. Typically, this is done with capabilities, but you can do it at a more granular level if an understanding of capabilities isn’t available.

    Example is shown connecting product family roadmaps to product roadmaps.

    3.3.2 Identify the level of detail that you want your product family roadmap artifacts to represent

    30-60 minutes

    1. Consider the different available artifacts for a product family (goals, value stream, capabilities).
    2. List the roadmaps that you wish to represent.
    3. Based on how you currently articulate details on your product families, consider:
    • What do you want to use as the level of granularity for the artifact? Consider selecting something that has a direct connection to the product roadmap itself (for example, capabilities).
    • For some roadmaps you will want to categorize your artifacts – what would work best in those cases?

    Examples

    Level of Hierarchy

    Artifact Type

    Roadmap 1

    Goals

    Capability

    Roadmap 2

    Roadmap 3

    Output

    • Details on your roadmap granularity

    Participants

    • Product owners
    • Product managers
    • Portfolio managers

    Record the results in the Deliver Digital Products at Scale Workbook.

    Step 3.4

    Confirm goal and value alignment of products and their product families

    Activities

    3.4.1 Validate business value alignment between products and their product families

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • Validation of the alignment between your product families and products

    Confirming product to family value alignment

    It isn’t always obvious whether you have the right value delivery alignment between products and product families.

    An example is shown to demonstrate product-to-family-alignment.

    Product-to-family alignment can be validated in two different ways:

    1. Initial value alignment
    2. Confirm the perceived business value at a family level is aligned with what is being delivered at a product level.

    3. Value measurement during the lifetime of the product
    4. Validate family roadmap attainment through progression toward the specified product goals.

    For more detail on calculating business value, see Build a Value Measurement Framework.

    To evaluate a product family’s contribution, you need a common definition of value

    Why is having a common value measure important?

    CIO-CEO Alignment Diagnostic

    A stacked bar graph is shown to demonstrate CIO-CEO Alignment Diagnostic. A bar titled Business Value Metrics is highlighted. 51% had some improvement necessary and 32% had significant improvement necessary.

    Over 700 Info-Tech members have implemented the Balanced Value Measurement Framework.

    “The cynic knows the price of everything and the value of nothing.”

    – Oscar Wilde

    “Price is what you pay. Value is what you get.”

    – Warren Buffett

    Understanding where you derive value is critical to building solid roadmaps.

    All value in your product family is not created equal

    Business value is the value of the business outcome the application produces and how effective the product is at producing that outcome. Dissecting value by the benefit type and the value source allows you to see the many ways in which a product or service brings value to your organization. Capture the value of your products in short, concise statements, like an elevator pitch.

    A business value matrix is shown.

    Increase Revenue

    Product or service functions that are specifically related to the impact on your organization’s ability to generate revenue.

    Reduce Costs

    Reduction of overhead. The ways in which your product limits the operational costs of business functions.

    Enhance Services

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Reach Customers

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    Financial Benefits vs. Improved Capabilities

    • Financial Benefit refers to the degree to which the value source can be measured through monetary metrics and is often quite tangible.
    • Human Benefit refers to how a product or service can deliver value through a user’s experience.

    Inward vs. Outward Orientation

    • Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    3.4.1 Validate business value alignment between products and their product families

    30-60 minutes

    1. Draw the 2x2 Business Value Matrix on a flip chart or open the Business Value Matrix tab in the Deliver Digital Products at Scale Workbook to use in this exercise.
    2. Brainstorm and record the different types of business value that your product and product family produce on the sticky notes (one item per sticky note).
    3. As a team, evaluate how the product value delivered contributes to the product family value delivered. Note any gaps or differences between the two.

    Download and complete Build a Value Measurement Framework for full support in focusing product delivery on business value–driven outcomes.

    A business value matrix is shown.

    Output

    • Confirmation of value alignment between product families and their respective products

    Participants

    • Product owners
    • Product managers

    Record the results in the Deliver Digital Products at Scale Workbook.

    Example: Validate business value alignment between products and their product families

    An example of a business value matrix is shown.

    Measure product value with metrics tied to your business value sources and objectives

    Assign metrics to your business value sources

    Business Value Category

    Source Examples

    Metric Examples

    Profit Generation

    Revenue

    Customer Lifetime Value (LTV)

    Data Monetization

    Average Revenue per User (ARPU)

    Cost Reduction

    Reduce Labor Costs

    Contract Labor Cost

    Reduce Overhead

    Effective Cost per Install (eCPI)

    Service Enablement

    Limit Failure Risk

    Mean Time to Mitigate Fixes

    Collaboration

    Completion Time Relative to Deadline

    Customer and Market Reach

    Customer Satisfaction

    Net Promoter Score

    Customer Trends

    Number of Customer Profiles

    The importance of measuring business value through metrics

    The better an organization is at using business value metrics to evaluate IT’s performance, the more satisfied the organization is with IT’s performance as a business partner. In fact, those that say they’re effective at business value metrics have satisfaction scores that are 30% higher than those that believe significant improvements are necessary (Info-Tech’s IT diagnostics).

    Assigning metrics to your prioritized values source will allow you to more accurately measure a product’s value to the organization and identify optimization opportunities. See Info-Tech’s Related Research: Value, Delivery Metrics, Estimation blueprint for more information.

    Your product delivery pipeline connects your roadmap with business value realization

    The effectiveness of your product roadmap needs to be evaluated based on delivery capacity and throughput.

    A product roadmap is shown with additional details to demonstrate delivery capacity and throughput.

    When thinking about product delivery metrics, be careful what you ask for…

    As the saying goes “Be careful what you ask for, because you will probably get it.”

    Metrics are powerful because they drive behavior.

    • Metrics are also dangerous because they often lead to unintended negative outcomes.
    • Choose your metrics carefully to avoid getting what you asked for instead of what you intended.

    It’s a cautionary tale that also offers a low-risk path through the complexities of metrics use.

    For more information on the use (and abuse) of metrics, see Select and Use SDLC Metrics Effectively.

    Measure delivery and success

    Metrics and measurements are powerful tools to drive behavior change and decision making in your organization. However, metrics are highly prone to creating unexpected outcomes, so use them with great care. Use metrics judiciously to uncover insights but avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    Build good practices in your selection and use of metrics:

    • Choose the metrics that are as close to measuring the desired outcome as possible.
    • Select the fewest metrics possible and ensure they are of the highest value to your team, the safest from gaming behaviors and unintended consequences, and the easiest to gather and report.
    • Never use metrics for reward or punishment; use them to develop your team.
    • Automate as much metrics gathering and reporting as possible.
    • Focus on trends rather than precise metrics values.
    • Review and change your metrics periodically.

    Phase 4

    Bridge the Gap Between Product Families and Delivery

    Phase 1Phase 2Phase 3Phase 4Phase 5

    1.1 Understand the organizational factors driving product-centric delivery

    1.2 Establish your organization’s product inventory

    2.1 Determine your approach to scale product families

    2.2 Define your product families

    3.1 Leverage product family roadmaps

    3.2 Use stakeholder management to improve roadmap communication

    3.3 Configure your product family roadmaps

    3.4 Confirm product family to product alignment

    4.1 Assess your organization’s delivery readiness

    4.2 Understand your delivery options

    4.3 Determine your operating model

    4.4 Identify how to fund product family delivery

    5.1 Learn how to introduce your digital product family strategy

    5.2 Communicate changes on updates to your strategy

    5.3 Determine your next steps

    This phase will walk you through the following activities:

    4.1.1 Assess your organization’s readiness to deliver digital product families

    4.2.1 Consider pros and cons for each delivery model relative to how you wish to deliver

    4.3.1 Understand the relationships between product management, delivery teams, and stakeholders

    4.4.1 Discuss traditional vs. product-centric funding methods

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Delivery managers

    Assess the impacts of product-centric delivery on your teams and org design

    Product delivery can exist within any org structure or delivery model. However, when making the shift toward product management, consider optimizing your org design and product team structure to match your capacity and throughput needs.

    A flowchart is shown to see how the impacts of product-centric delivery can impact team and org designs.

    Info-Tech Note

    Realigning your delivery pipeline and org design takes significant effort and time. Although we won’t solve these questions here, it’s important to identify factors in your current or future models that improve value delivery.

    Step 4.1

    Assess your organization’s delivery readiness

    Activities

    4.1.1 Assess your organization’s readiness to deliver digital product families

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Delivery managers

    Outcomes of this step

    • An understanding of the group’s maturity level when it comes to product delivery

    Maturing product practices enables delivery of product families, not just products or projects

    A flowchart is shown to demonstrate the differences between project lifecycle, hybrid lifecycle, and product lifecycle.

    Just like product owners, product family owners are needed to develop long-term product value, strategy, and delivery. Projects can still be used as the source of funding and change management; however, the product family owner must manage product releases and operational support. The focus of this section will be on aligning product families to one or more releases.

    4.1.1 Assess your organization’s readiness to deliver digital product families

    30-60 minutes

    1. For each question in the Deliver Digital Products at Scale Readiness Assessment, ask yourself which of the five associated maturity statements most closely describes your organization.
    2. As a group, agree on your organization’s current readiness score for each of the six categories.

    A screenshot of the Deliver Digital Products at Scale Readiness Assessment is shown.

    Output

    • Product delivery readiness score

    Participants

    • Product managers
    • Product owners

    Download the Deliver Digital Products at Scale Readiness Assessment.

    Value realization is constrained by your product delivery pipeline

    Value is realized through changes made at the product level. Your pipeline dictates the rate, quality, and prioritization of your backlog delivery. This pipeline connects your roadmap goals to the value the goals are intended to provide.

    An example of a product roadmap is shown with the additional details of the product delivery pipeline being highlighted.

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    PRODUCT STRATEGY

    What are the artifacts?

    What are you saying?

    Defined at the family level?

    Defined at the product level?

    Vision

    I want to...

    Strategic focus

    Delivery focus

    Goals

    To get there we need to...

    Roadmap

    To achieve our goals, we’ll deliver...

    Backlog

    The work will be done in this order...

    Release Plan

    We will deliver in the following ways...

    Step 4.2

    Understand your delivery options

    Activities

    4.2.1 Consider pros and cons for each delivery model relative to how you wish to deliver

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Delivery managers

    Outcomes of this step

    • An understanding of the different team configuration options when it comes to delivery and their relevance to how you currently work

    Define the scope of your product delivery strategy

    The goal of your product delivery strategy is to establish streamlined, enforceable, and standardized product management and delivery capabilities that follow industry best practices. You will need to be strategic in how and where you implement your changes because this will set the stage for future adoption. Strategically select the most appropriate products, roles, and areas of your organization to implement your new or enhanced capabilities and establish a foundation for scaling.

    Successful product delivery requires people who are knowledgeable about the products they manage and have a broad perspective of the entire delivery process, from intake to delivery, and of the product portfolio. The right people also have influence with other teams and stakeholders who are directly or indirectly impacted by product decisions. Involve team members who have expertise in the development, maintenance, and management of your selected products and stakeholders who can facilitate and promote change.

    Learn about different patterns to structure and resource your product delivery teams

    The primary goal of any product delivery team is to improve the delivery of value for customers and the business based on your product definition and each product’s demand. Each organization will have different priorities and constraints, so your team structure may take on a combination of patterns or may take on one pattern and then transform into another.

    Delivery Team Structure Patterns

    How Are Resources and Work Allocated?

    Functional Roles

    Teams are divided by functional responsibilities (e.g. developers, testers, business analysts, operations, help desk) and arranged according to their placement in the software development lifecycle (SDLC).

    Completed work is handed off from team to team sequentially as outlined in the organization’s SDLC.

    Shared Service and Resource Pools

    Teams are created by pulling the necessary resources from pools (e.g. developers, testers, business analysts, operations, help desk).

    Resources are pulled whenever the work requires specific skills or pushed to areas where product demand is high.

    Product or System

    Teams are dedicated to the development, support, and management of specific products or systems.

    Work is directly sent to the teams who are directly managing the product or directly supporting the requester.

    Skills and Competencies

    Teams are grouped based on skills and competencies related to technology (e.g. Java, mobile, web) or familiarity with business capabilities (e.g. HR, finance).

    Work is directly sent to the teams who have the IT and business skills and competencies to complete the work.

    See the flow of work through each delivery team structure pattern

    Four delivery team structures are shown. The four are: functional roles, shared service and resource pools, product or system, and skills and competencies.

    Staffing models for product teams

    Functional Roles Shared Service and Resource Pools Product or System Skills and Competencies
    A screenshot of the functional roles from the flow of work example is shown. A screenshot of the shared service and resource pools from the flow of work example is shown. A screenshot of the product or system from the flow of work example is shown. A screenshot of skills and competencies from the flow of work example is shown.
    Pros
      ✓ Specialized resources are easier to staff

      ✓ Product knowledge is maintained

      ✓ Flexible demand/capacity management

      ✓ Supports full utilization of resources

      ✓ Teams are invested in the full life of the product

      ✓ Standing teams enable continuous improvement

      ✓ Teams are invested in the technology

      ✓ Standing teams enable continuous improvement

    Cons
      x Demand on specialists can create bottlenecks

      x Creates barriers to collaboration

      x Unavailability of resources can lead to delays

      x Product knowledge can be lost as resources move

      x Changes in demand can lead to downtime

      x Cross-functional skills make staffing a challenge

      x Technology bias can lead to the wrong solution

      x Resource contention when team supports multiple solutions

    Considerations
      ! Product owners must break requests down into very small components to support Agile delivery as mini-Waterfalls
      ! Product owners must identify specialist requirements in the roadmap to ensure resources are available
      ! Product owners must ensure that there is a sufficient backlog of valuable work ready to keep the team utilized
      ! Product owners must remain independent of technology to ensure the right solution is built
    Use Case
    • When you lack people with cross-functional skills
    • When you have specialists such as those skilled in security and operations who will not have full-time work on the product
    • When you have people with cross-functional skills who can self-organize around the request
    • When you have a significant investment in a specific technology stack

    4.2.1 Consider pros and cons for each delivery model relative to how you wish to deliver

    1. Document your current staffing model for your product delivery teams.
    2. Evaluate the pros and cons of each model, as specified on the previous slide, relative to how you currently work.
    3. What would be the ideal target state for your team? If one model does not completely fit, is there a hybrid option worth considering? For example: Product-Based combined with Shared Service/Resource Pools for specific roles.

    Functional Roles

    Teams are divided by functional responsibilities (e.g. developers, testers, business analysts, operations, help desk) and arranged according to their placement in the software development lifecycle (SDLC).

    Shared Service and Resource Pools

    Teams are created by pulling the necessary resources from pools (e.g. developers, testers, business analysts, operations, help desk).

    Product or System

    Teams are dedicated to the development, support, and management of specific products or systems.

    Skills and Competencies

    Teams are grouped based on skills and competencies related to technology (e.g. Java, mobile, web) or familiarity with business capabilities (e.g. HR, finance).

    Output

    • An understanding of pros and cons for each delivery model and the ideal target state for your team

    Participants

    • Product managers
    • Product owners

    Record the results in the Digital Product Family Strategy Playbook.

    Step 4.3

    Determine your operating model

    Activities

    4.3.1 Understand the relationships between product management, delivery teams, and stakeholders

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Delivery managers

    Outcomes of this step

    • An understanding of the potential operating models and what will work best for your organization

    Reminder: Patterns for scaling products

    The alignment of your product families should be considered in your operating model.

    Value Stream Alignment

    Enterprise Applications

    Shared Services

    Technical

    Organizational Alignment

    • Business architecture
      • Value stream
      • Capability
      • Function
    • Market/customer segment
    • Line of business (LoB)
    • Example: Customer group > value stream > products
    • Enabling capabilities
    • Enterprise platforms
    • Supporting apps
    • Example: HR > Workday/Peoplesoft > ModulesSupporting: Job board, healthcare administrator
    • Organization of related services into service family
    • Direct hierarchy does not necessarily exist within the family
    • Examples: End-user support and ticketing, workflow and collaboration tools
    • Domain grouping of IT infrastructure, platforms, apps, skills, or languages
    • Often used in combination with Shared Services grouping or LoB-specific apps
    • Examples: Java, .NET, low-code, database, network
    • Used at higher levels of the organization where products are aligned under divisions
    • Separation of product managers from organizational structure no longer needed because the management team owns product management role

    Ensure consistency in the application of your design principles with a coherent operating model

    What is an operating model?

    An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy. It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design

    The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.

    An example of an operating model is shown.

    For more information, see Redesign Your IT Organizational Structure.

    Weigh the pros and cons of IT operating models to find the best fit

    1. LoB/Product Aligned – Decentralized Model: Line of Business, Geographically, Product, or Functionally Aligned
    2. A decentralized IT operating model that embeds specific functions within LoBs/product teams and provides cross-organizational support for their initiatives.

    3. Hybrid Functional: Functional/Product Aligned
    4. A best-of-both-worlds model that balances the benefits of centralized and decentralized approaches to achieve both customer responsiveness and economies of scale.

    5. Hybrid Service Model: Product-Aligned Operating Model
    6. A model that supports what is commonly referred to as a matrix organization, organizing by highly related service categories and introducing the role of the service owner.

    7. Centralized: Plan-Build-Run
    8. A highly typical IT operating model that focuses on centralized strategic control and oversight in delivering cost-optimized and effective solutions.

    9. Centralized: Demand-Develop-Service
    10. A centralized IT operating model that lends well to more mature operating environments. Aimed at leveraging economies of scale in an end-to-end services delivery model.

    There are many different operating models. LoB/Product Aligned and Hybrid Functional align themselves most closely with how products and product families are typically delivered.

    Decentralized Model: Line of Business, Geographically, Product, or Functionally Aligned

    An example of a decentralized model is shown.

    BENEFITS

    DRAWBACKS

    • Organization around functions (FXN) allows for diversity in approach in how areas are run to best serve specific business units needs.
    • Each functional line exists largely independently, with full capacity and control to deliver service at the committed service level agreements.
    • Highly responsive to shifting needs and demands with direct connection to customers and all stages of the solution development lifecycle.
    • Accelerates decision making by delegating authority lower into the FXN.
    • Promotes a flatter organization with less hierarchy and more direct communication with the CIO.
    • Less synergy and integration across what different lines of business are doing can result in redundancies and unnecessary complexity.
    • Higher overall cost to the IT group due to role and technology duplication across different FXN.
    • Inexperience becomes an issue; requires more competent people to be distributed across the FXN.
    • Loss of sight of the big picture – difficult to enforce standards around people/process/technology with solution ownership within the FXN.

    For more information, see Redesign your IT Organizational Structure.

    Hybrid Model: Functional/Product Aligned

    An example of a hybrid model: functional/product aligned is shown.

    BENEFITS

    DRAWBACKS

    • Best of both worlds of centralization and decentralization; attempts to channel benefits from both centralized and decentralized models.
    • Embeds key IT functions that require business knowledge within functional areas, allowing for critical feedback.
    • Balances a holistic IT strategy and architecture with responsiveness to needs of the organization.
    • Achieves economies of scale where necessary through the delivery of shared services that can be requested by the function.
    • May result in excessive cost through role and system redundancies across different functions
    • Business units can have variable levels of IT competence; may result in different levels of effectiveness.
    • No guaranteed synergy and integration across functions; requires strong communication, collaboration, and steering.
    • Cannot meet every business unit’s needs – can cause tension from varying effectiveness of the IT functions placed within the functional areas.

    For more information, see Redesign your IT Organizational Structure.

    Hybrid Model: Product-Aligned Operating Model

    An example of a hybrid model: product-aligned operating model.

    BENEFITS

    DRAWBACKS

    • Focus is on the full lifecycle of a product – takes a strategic view of how technology enables the organization.
    • Promotes centralized backlog around a specific value creator, rather than traditional project focus, which is more transactional.
    • Dedicated teams around the product family ensure that you have all of the resources required to deliver on your product roadmap.
    • Reduces barriers between IT and business stakeholders, focuses on technology as a key strategic enabler.
    • Delivery is largely done through a DevOps methodology.
    • Significant business involvement is required for success within this model, with business stakeholders taking an active role in product governance and potentially product management as well.
    • Strong architecture standards and practices are required to make this successful because you need to ensure that product families are building in a consistent manner and limiting application sprawl.
    • Introduced the need for practice standards to drive consistency in quality of delivered services.
    • May result in increased cost through role redundancies across different squads.

    For more information, see Redesign your IT Organizational Structure.

    Centralized: Plan-Build-Run

    An example of a centralized: Plan-Build-Run is shown.

    BENEFITS

    DRAWBACKS

    • Effective at implementing long-term plans efficiently, separates maintenance and projects to allow each to have the appropriate focus.
    • More oversight over financials; better suited for fixed budgets.
    • Works across centralized technology domains to better align with the business's strategic objectives – allows for a top-down approach to decision making.
    • Allows for economies of scale and expertise pooling to improve IT’s efficiency.
    • Well suited for a project-driven environment that employs Waterfall or a hybrid project management methodology that is less iterative.
    • Not optimized for unpredictable/shifting project demands, as decision making is centralized in the plan function.
    • Less agility to deliver new features or solutions to the customer in comparison to decentralized models.
    • Build (developers) and run (operations staff) are far removed from the business, resulting in lower understanding of business needs (as well as “passing the buck” – from development to operations).
    • Requires strong hand-off processes to be defined and strong knowledge transfer from build to run functions in order to be successful.

    For more information, see Redesign your IT Organizational Structure.

    Centralized: Demand-Develop-Service

    An example of a centralized: Demand-Develop-Service model is shown.

    BENEFITS

    DRAWBACKS

    • Aligns well with an end-to-end services model; constant attention to customer demand and service supply.
    • Centralizes service operations under one functional area to serve shared needs across lines of business.
    • Allows for economies of scale and expertise pooling to improve IT’s efficiency.
    • Elevates sourcing and vendor management as its own strategic function; lends well to managed service and digital initiatives.
    • Development and operations housed together; lends well to DevOps-related initiatives.
    • Can be less responsive to business needs than decentralized models due to the need for portfolio steering to prioritize initiatives and solutions.
    • Requires a higher level of operational maturity to succeed; stable supply functions (service mgmt., operations mgmt., service desk, security, data) are critical to maintaining business satisfaction.
    • Requires highly effective governance around project portfolio, services, and integration capabilities.
    • Effective feedback loop highly dependent on accurate performance measures.

    For more information, see Redesign your IT Organizational Structure.

    Assess how your product scaling pattern impacts your resource delivery model

    Value Stream Alignment

    Enterprise Applications

    Shared Services

    Technical

    Plan-Build-Run:
    Centralized

    Pro: Supports established and stable families.

    Con: Command-and-control nature inhibits Agile DevOps and business agility.

    Pro: Supports established and stable families.

    Con: Command-and-control nature inhibits Agile DevOps and business agility.

    Pro: Can be used to align high-level families.

    Con: Lacks flexibility at the product level to address shifting priorities in product demand.

    Pro: Supports a factory model.

    Con: Lacks flexibility at the product level to address shifting priorities in product demand.

    Centralized Model 2:
    Demand-Develop-
    Service

    Pro: Supports established and stable families.

    Con: Command-and-control nature inhibits Agile DevOps and business agility.

    Pro: Supports established and stable families.

    Con: Command-and-control nature inhibits Agile DevOps and business agility.

    Pro: Recommended for aligning high-level service families based on user needs.

    Con: Reduces product empowerment, prioritizing demand. Slow.

    Pro: Supports factory models.

    Con: Reduces product empowerment, prioritizing demand. Slow.

    Decentralized Model:
    Line of Business, Product, Geographically, or

    Functionally Aligned

    Pro: Aligns product families to value streams, capabilities, and organizational structure.

    Con: Reduces shared solutions and may create duplicate apps and services.

    Pro: Enterprise apps treated as distinct LoB groups.

    Con: Reduces shared solutions and may create duplicate apps and services.

    Pro: Complements value stream alignment by consolidating shared apps and services.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Fits within other groupings where technical expertise is needed.

    Con: Creates redundancy between localized and shared technical teams.

    Hybrid Model:
    Functional/Product

    Aligned

    Pro: Supports multiple patterns of product grouping.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Supports multiple patterns of product grouping.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Supports multiple patterns of product grouping.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Supports multiple patterns of product grouping.

    Con: Creates redundancy between localized and shared technical teams.

    Hybrid Model:

    Product-Aligned Operating Model

    Pro: Supports multiple patterns of product grouping.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Supports multiple patterns of product grouping.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Supports multiple patterns of product grouping.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Supports multiple patterns of product grouping.

    Con: Creates redundancy between localized and shared technical teams.

    4.3.1 Understand the relationships between product management, delivery teams, and stakeholders

    30-60 minutes

    1. Discuss the intake sources of product work.
    2. Trace the flow of requests down to the functional roles of your delivery team (e.g., developer, QA, operations).
    3. Indicate where key deliverables are produced, particularly those that are built in collaboration.
    4. Discuss the five operating models relative to your current operating model choice. How aligned are you?
    5. Review Info-Tech’s recommendation on the best-aligned operating models for product family delivery. Do you agree or disagree?
    6. Evaluate recommendations against how you operate/work.

    Output

    • Understanding of the relationships between key groups
    • A preferred operating model

    Participants

    • Product owners
    • Product managers
    • Delivery managers

    Record the results in the Digital Product Family Strategy Playbook.

    4.3.1 Understand the relationships between product management, delivery teams, and stakeholders

    An example of activity 4.3.1 to understand the relationships between product management, delivery teams, and stakeholders is shown.

    Output

    • Understanding of the relationships between key groups
    • A preferred operating model

    Participants

    • Product owners
    • Product managers
    • Delivery managers

    Step 4.4

    Identify how to fund product family delivery

    Activities

    4.4.1 Discuss traditional vs. product-centric funding methods

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Delivery managers

    Outcomes of this step

    • An understanding of the differences between product-based and traditional funding methods

    Why is funding so problematic?

    We often still think about funding products like construction projects.

    Three models are shown on the various options to fund projects.

    These models require increasing accuracy throughout the project lifecycle to manage actuals vs. estimates.

    "Most IT funding depends on one-time expenditures or capital-funding mechanisms that are based on building-construction funding models predicated on a life expectancy of 20 years or more. Such models don’t provide the stability or flexibility needed for modern IT investments." – EDUCAUSE

    Reminder: Projects don’t go away. The center of the conversation changes.

    A flowchart is shown to demonstrate the difference between project lifecycle, hybrid lifecycle, and product lifecycle.

    Projects within products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    The purpose of projects is to deliver the scope of a product release. The shift to product delivery leverages a product roadmap and backlog as the mechanism for defining and managing the scope of the release.

    Eventually, teams progress to continuous integration/continuous delivery (CI/CD) where they can release on demand or as scheduled, requiring org change management.

    Planning and budgeting for products and families

    Reward for delivering outcomes, not features

    AutonomyFlexibilityAccountability
    Fund what delivers valueAllocate iterativelyMeasure and adjust

    Fund long-lived delivery of value through products (not projects).

    Give autonomy to the team to decide exactly what to build.

    Allocate to a pool based on higher-level business case.

    Provide funds in smaller amounts to different product teams and initiatives based on need.

    Product teams define metrics that contribute to given outcomes.

    Track progress and allocate more (or less) funds as appropriate.

    Info-Tech Insight

    Changes to funding require changes to product and Agile practices to ensure product ownership and accountability.

    The Lean Enterprise Funding Model is an example of a different approach

    An example of the lean enterprise funding model is shown.
    From: Implement Agile Practices That Work

    A flexible funding pool akin to venture capital models is maintained to support innovative ideas and fund proofs of concept for product and process improvements.

    Proofs of concept (POCs) are run by standing innovation teams or a reserve of resources not committed to existing products, projects, or services.

    Every product line has funding for all changes and ongoing operations and support.

    Teams are funded continuously so that they can learn and improve their practices as much as possible.

    Budgeting approaches must evolve as you mature your product operating environment

    TRADITIONAL PROJECTS WITH WATERFALL DELIVERY

    TRADITIONAL PROJECTS WITH AGILE DELIVERY

    PRODUCTS WITH AGILE PROJECT DELIVERY

    PRODUCTS WITH AGILE DELIVERY

    WHEN IS THE BUDGET TRACKED?

    Budget tracked by major phases

    Budget tracked by sprint and project

    Budget tracked by sprint and project

    Budget tracked by sprint and release

    HOW ARE CHANGES HANDLED?

    All change is by exception

    Scope change is routine, budget change is by exception

    Scope change is routine, budget change is by exception

    Budget change is expected on roadmap cadence

    WHEN ARE BENEFITS REALIZED?

    Benefits realization after project completion

    Benefits realization is ongoing throughout the life of the project

    Benefits realization is ongoing throughout the life of the product

    Benefits realization is ongoing throughout life of the product

    WHO “DRIVES”?

    Project Manager

    • Project team delivery role
    • Refines project scope, advocates for changes in the budget
    • Advocates for additional funding in the forecast

    Product Owner

    • Project team delivery role
    • Refines project scope, advocates for changes in the budget
    • Advocates for additional funding in the forecast

    Product Manager

    • Product portfolio team role
    • Forecasting new initiatives during delivery to continue to drive value throughout the life of the product

    Product Manager

  • Product family team role
  • Forecasting new initiatives during delivery to continue to drive value throughout the life of the product
  • Info-Tech Insight

    As you evolve your approach to product delivery, you will be decoupling the expected benefits, forecast, and budget. Managing them independently will improve your ability to adapt to change and drive the right outcomes!

    Your strategy must include the cost to build and operate

    Most investment happens after go-live, not in the initial build!

    An example strategy is displayed that incorporates the concepts of cost to build and operate.

    Adapted from: LookFar

    Info-Tech Insight

    While the exact balance point between development or implementation costs varies from application to application, over 80% of the cost is accrued after go-live.

    Traditional accounting leaves software development CapEx on the table

    Software development costs have traditionally been capitalized, while research and operations are operational expenditures.

    The challenge has always been the myth that operations are only bug fixes, upgrades, and other operational expenditures. Research shows that most post-release work on developed solutions is the development of new features and changes to support material changes in the business. While projects could bundle some of these changes into capital expenditure, much of the business-as-usual work that goes on leaves capital expenses on the table because the work is lumped together as maintenance-related OpEx.

    From “How to Stop Leaving Software CapEx on the Table With Agile and DevOps”

    4.4.1 Discuss traditional vs. product-centric funding methods

    30-60 minutes

    1. Discuss how products and product families are currently funded.
    2. Review how the Agile/product funding models differ from how you currently operate.
    3. What changes do you need to consider in order to support a product delivery model?
    4. For each change, identify the key stakeholders and list at least one action to take.
    5. Record the results in the Digital Product Family Strategy Playbook.

    Output

    • Understanding of funding principles and challenges

    Participants

    • Product owners
    • Product managers
    • Delivery managers

    Record the results in the Digital Product Family Strategy Playbook.

    Phase 5

    Build Your Transformation Roadmap and Communication Plan

    Phase 1Phase 2Phase 3Phase 4Phase 5

    1.1 Understand the organizational factors driving product-centric delivery

    1.2 Establish your organization’s product inventory

    2.1 Determine your approach to scale product families

    2.2 Define your product families

    3.1 Leverage product family roadmaps

    3.2 Use stakeholder management to improve roadmap communication

    3.3 Configure your product family roadmaps

    3.4 Confirm product family to product alignment

    4.1 Assess your organization’s delivery readiness

    4.2 Understand your delivery options

    4.3 Determine your operating model

    4.4 Identify how to fund product family delivery

    5.1 Learn how to introduce your digital product family strategy

    5.2 Communicate changes on updates to your strategy

    5.3 Determine your next steps

    This phase will walk you through the following activities:

    5.1.1 Introduce your digital product family strategy

    5.2.1 Define your communication cadence for your strategy updates

    5.2.2 Define your messaging for each stakeholder

    5.3.1 How do we get started?

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Application leaders
    • Stakeholders

    Step 5.1

    Introduce your digital product family strategy

    Activities

    5.1.1 Introduce your digital product family strategy

    This step involves the following participants:

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Outcomes of this step

    • A completed executive summary presenting your digital product strategy

    Product decisions are traditionally made in silos with little to no cross-functional communication and strategic oversight

    Software delivery teams and stakeholders traditionally make plans, strategies, and releases within their silos and tailor their decisions based on their own priorities. Interactions are typically limited to hand-offs (such as feature requests) and routing of issues and defects back up the delivery pipeline. These silos likely came about through well-intentioned training, mandates, and processes, but they do not sufficiently support today’s need to rapidly release and change platforms.

    Siloed departments often have poor visibility into the activities of other silos, and they may not be aware of the ramifications their decisions have on teams and stakeholders outside of their silo.

    • Silos may make choices that are optimal largely for themselves without thinking of the holistic impact on a platform’s structure, strategy, use cases, and delivery.
    • The business may approve platform improvements without the consideration of the delivery team’s current capacity or the system’s complexity, resulting in unrealistic commitments.
    • Quality standards may be misinterpreted and inconsistently enforced across the entire delivery pipeline.

    In some cases, the only way to achieve greater visibility and communication for all roles across a platform’s lifecycle is implementing an overarching role or team.

    “The majority of our candid conversations with practitioners and project management offices indicate that the platform ownership role is poorly defined and poorly executed.”

    – Barry Cousins

    Practice Lead, Applications – Project & Portfolio Management

    Info-Tech Research Group

    Use stakeholder management and roadmap views to improve communication

    Proactive, clear communication with stakeholders, SMEs, and your product delivery team can significantly improve alignment and agreement with your roadmap, strategy, and vision.

    When building your communication strategy, revisit the work you completed in phase 3 developing your:

    • Roadmap types
    • Stakeholder strategy

    Type

    Quadrant

    Actions

    Players

    High influence, high interest – actively engage

    Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.

    Mediators

    High influence, low interest – keep satisfied

    They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.

    Noisemakers

    Low influence, high interest – keep informed

    Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.

    Spectators

    Low influence, low interest – monitor

    They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    5.1.1 Introduce your digital product family strategy

    30-60 minutes

    This exercise is intended to help you lay out the framing of your strategy and the justification for the effort. A lot of these items can be pulled directly from the product canvas you created in phase 2. This is intended to be a single slide to frame your upcoming discussions.

    1. Update your vision, goals, and values on your product canvas. Determine which stakeholders may be impacted and what their concerns are. If you have many stakeholders, limit to Players and Influencers.
    2. Identify what you need from the stakeholders as a result of this communication.
    3. Keeping in mind the information gathered in steps 1 and 2, describe your product family strategy by answering three questions:
    1. Why do we need product families?
    2. What is in our way?
    3. Our first step will be... ?

    Output

    • An executive summary that introduces your product strategy

    Participants

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Record the results in the Digital Product Family Strategy Playbook.

    Example: Scaling delivery through product families

    Why do we need product families?

    • The growth of our product offerings and our company’s movement into new areas of growth mean we need to do a better job scaling our offerings to meet the needs of the organization.

    What is in our way?

    • Our existing applications and services are so dramatically different we are unsure how to bring them together.

    Our first step will be...

    • Taking a full inventory of our applications and services.

    Step 5.2

    Communicate changes on updates to your strategy

    Activities

    5.2.1 Define your communication cadence for your strategy updates

    5.2.2 Define your messaging for each stakeholder

    This step involves the following participants:

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Outcomes of this step

    • A communication plan for when strategy updates need to be given

    5.2.1 Define your communication cadence for your strategy updates

    30 minutes

    Remember the role of different artifacts when it comes to your strategy. The canvas contributes to the What, and the roadmap addresses the How. Any updates to the strategy are articulated and communicated through your roadmap.

    1. Review your currently defined roadmaps, their communication objectives, update frequency, and updates.
    2. Consider the impacted stakeholders and the strategies required to communicate with them.
    3. Fill in your communication cadence and communication method.

    EXAMPLE:

    Roadmap Name

    Audience/Stakeholders

    Communication Cadence

    External Customer Roadmap

    Customers and External Users

    Quarterly (Website)

    Product Delivery Roadmap

    Development Teams, Infrastructure, Architects

    Monthly (By Email)

    Technology Roadmap

    Development Teams, Infrastructure, Architects

    Biweekly (Website)

    Output

    • Clear communication cadence for your roadmaps

    Participants

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Record the results in the Digital Product Family Strategy Playbook.

    The “what” behind the communication

    Leaders of successful change spend considerable time developing a powerful change message, i.e. a compelling narrative that articulates the desired end state and makes the change concrete and meaningful to staff.

    The change message should:

    • Explain why the change is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed.
    • Explain how change will be implemented.
    • Address how change will affect various roles in the organization.
    • Discuss the staff’s role in making the change successful.

    Five elements of communicating change

    1. What is the change?
    2. Why are we doing it?
    3. How are we going to go about it?
    4. How long will it take us to do it?
    5. What is the role for each department and individual?

    Source: Cornelius & Associates

    How we engage with the message is just as important as the message itself

    Why are we here?

    Speak to what matters to them

    Sell the improvement

    Show real value

    Discuss potential fears

    Ask for their support

    Be gracious

    5.2.2 (Optional) Define your messaging for each stakeholder

    30 minutes

    It’s one thing to communicate the strategy, it’s another thing to send the right message to your stakeholders. Some of this will depend on the kind of news given, but the majority of this is dependent on the stakeholder and the cadence of communication.

    1. From exercise 5.2.1, take the information on the specific roadmaps, target audience, and communication cadence.
    2. Based on your understanding of the audience’s needs, what would the specific update try to get across?
    3. Pick a specific typical example of a change in strategy that you have gone through. (e.g. Product will be delayed by a quarter; key feature is being substituted for another.)

    EXAMPLE:

    Roadmap Name

    Audience/ Stakeholder

    Communication Cadence

    Messaging

    External Customer Roadmap

    Customers and External Users

    Quarterly (Website)

    Output

    • Messaging plan for each roadmap type

    Participants

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Record the results in the Digital Product Family Strategy Playbook.

    Step 5.3

    Determine your next steps

    Activities

    5.3.1 How do we get started?

    This step involves the following participants:

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Outcomes of this step

    • Understanding the steps to get started in your transformation

    Make a plan in order to make a plan!

    Consider some of the techniques you can use to validate your strategy.

    Learning Milestones

    Sprint Zero (AKA Project-before-the-project)

    The completion of a set of artifacts dedicated to validating business opportunities and hypotheses.

    Possible areas of focus:

    Align teams on product strategy prior to build

    Market research and analysis

    Dedicated feedback sessions

    Provide information on feature requirements

    The completion of a set of key planning activities, typically the first sprint.

    Possible areas of focus:

    Focus on technical verification to enable product development alignment

    Sign off on architectural questions or concerns

    An image showing the flowchart of continuous delivery of value is shown.

    Go to your backlog and prioritize the elements that need to be answered sooner rather than later.

    Possible areas of focus:

    Regulatory requirements or questions to answer around accessibility, security, privacy.

    Stress testing any new processes against situations that may occur.

    The “Now, Next, Later” roadmap

    Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

    Now: What are you going to do now?

    Next: What are you going to do very soon?

    Later: What are you going to do in the future?

    An example of a now, next, later roadmap is shown.

    Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017

    5.3.1 How do we get started?

    30-60 minutes

    1. Identify what the critical steps are for the organization to embrace product-centric delivery.
    2. Group each critical step by how soon you need to address it:
    • Now: Let’s do this ASAP.
    • Next: Sometime very soon, let’s do these things.
    • Later: Much further off in the distance, let’s consider these things.
  • Record the group results in the Deliver Digital Products at Scale Workbook.
  • Record changes for your product and product family in the Digital Product Family Strategy Playbook.
  • An example of a now, next, later roadmap is shown.

    Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017

    Output

    • Product family transformation critical steps and basic roadmap

    Participants

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Record the results in the Digital Product Family Strategy Playbook.

    Record the results in the Deliver Digital Products at Scale Workbook.

    Summary of Accomplishment

    Problem Solved

    The journey to become a product-centric organization is not short or easy. Like with any improvement or innovation, teams need to continue to evolve and mature with changes in their operations, teams, tools, and user needs.You’ve taken a big step completing your product family alignment. This provides a backbone for aligning all aspects of your organization to your enterprise goals and strategy while empowering product teams to find solutions closer to the problem. Continue to refine your model and operations to improve value realization and your product delivery pipelines to embrace business agility. Organizations that are most responsive to change will continue to outperform command-and-control leadership.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Research Contributors and Experts

    Photo of Emily Archer.

    Emily Archer

    Lead Business Analyst,

    Enterprise Consulting, authentic digital agency

    Emily Archer is a consultant currently working with Fortune 500 clients to ensure the delivery of successful projects, products, and processes. She helps increase the business value returned for organizations’ investments in designing and implementing enterprise content hubs and content operations, custom web applications, digital marketing, and e-commerce platforms.

    Photo of David Berg

    Founder & CTO

    Strainprint Technologies Inc.

    David Berg is a product commercialization expert that has spent the last 20 years of his career delivering product management and business development services across a broad range of industries. Early in his career, David worked with product management and engineering teams to build core network infrastructure products that secure and power the internet we benefit from today. David’s experience also includes working with clean technologies in the area of clean power generation, agritech, and Internet of Things infrastructure. Over the last five years, David has been focused on his latest venture, Strainprint Technologies, a data and analytics company focused on the medical cannabis industry. Strainprint has built the largest longitudinal medical cannabis dataset in the world with the goal to develop an understanding of treatment behavior, interactions, and chemical drivers to guide future product development.

    Kathy Borneman

    Digital Product Owner, SunTrust Bank

    Kathy Borneman is a senior product owner who helps people enjoy their jobs again by engaging others in end-to-end decision making to deliver software and operational solutions that enhance the client experience and allow people to think and act strategically.

    Photro of Charlie Campbell

    Charlie Campbell

    Product Owner, Merchant e-Solutions

    Charlie Campbell is an experienced problem solver with the ability to quickly dissect situations and recommend immediate actions to achieve resolution, liaise between technical and functional personnel to bridge the technology and communication gap, and work with diverse teams and resources to reach a common goal.

    Photo of Yarrow Diamond

    Yarrow Diamond

    Sr. Director, Business Architecture

    Financial Services

    Yarrow Diamond is an experienced professional with expertise in enterprise strategy development, project portfolio management, and business process reengineering across financial services, healthcare and insurance, hospitality, and real estate environments. She has a master’s in Enterprise Architecture from Penn State University, LSSMBB, PMP, CSM, ITILv3.

    Photo of Cari J. Faanes-Blakey

    Cari J. Faanes-Blakey, CBAP, PMI-PBA

    Enterprise Business Systems Analyst,

    Vertex, Inc.

    Cari J. Faanes-Blakey has a history in software development and implementation as a Business Analyst and Project Manager for financial and taxation software vendors. Active in the International Institute of Business Analysis (IIBA), Cari participated on the writing team for the BA Body of Knowledge 3.0 and the certification exam.

    Photo of Kieran Gobey

    Kieran Gobey

    Senior Consultant Professional Services

    Blueprint Software Systems

    Kieran Gobey is an IT professional with 24 years of experience, focused on business, technology, and systems analysis. He has split his career between external and internal customer-facing roles, and this has resulted in a true understanding of what is required to be a Professional Services Consultant. His problem-solving skills and ability to mentor others have resulted in successful software implementations. Kieran’s specialties include deep system troubleshooting and analysis skills, facilitating communications to bring together participants effectively, mentoring, leadership, and organizational skills.

    Photo of Rupert Kainzbauer

    Rupert Kainzbauer

    VP Product, Digital Wallets

    Paysafe Group

    Rupert Kainzbauer is an experienced senior leader with a passion for defining and delivering products that deliver real customer and commercial benefit. Together with a team of highly experienced and motivated product managers, he has successfully led highly complex, multi-stakeholder payments initiatives, from proposition development and solution design through to market delivery. Their domain experience is in building online payment products in high-risk and emerging markets, remittance, prepaid cards, and mobile applications.

    Photo of Saeed Khan

    Saeed Khan

    Founder,

    Transformation Labs

    Saeed Khan has been working in high tech for 30 years in both Canada and the US and has held a number of leadership roles in Product Management over that time. He speaks regularly at conferences and has been writing publicly about technology product management since 2005. Through Transformation Labs, Saeed helps companies accelerate product success by working with product teams to improve their skills, practices, and processes. He is a cofounder of ProductCamp Toronto and currently runs a Meetup group and global Slack community called Product Leaders; the only global community of senior level product executives.

    Photo of Hoi Kun Lo

    Hoi Kun Lo

    Product Owner

    Nielsen

    Hoi Kun Lo is an experienced change agent who can be found actively participating within the IIBA and WITI groups in Tampa, FL and a champion for Agile, architecture, diversity, and inclusion programs at Nielsen. She is currently a Product Owner in the Digital Strategy team within Nielsen Global Watch Technology.

    Photo of Abhishek Mathur

    Abhishek Mathur

    Sr Director, Product Management

    Kasisto, Inc.

    Abhishek Mathur is a product management leader, an artificial intelligence practitioner, and an educator. He has led product management and engineering teams at Clarifai, IBM, and Kasisto to build a variety of artificial intelligence applications within the space of computer vision, natural language processing, and recommendation systems. Abhishek enjoys having deep conversations about the future of technology and helping aspiring product managers enter and accelerate their careers.

    Photo of Jeff Meister

    Jeff Meister

    Technology Advisor and Product Leader

    Jeff Meister is a technology advisor and product leader. He has more than 20 years of experience building and operating software products and the teams that build them. He has built products across a wide range of industries and has built and led large engineering, design, and product organizations. Jeff most recently served as Senior Director of Product Management at Avanade, where he built and led the product management practice. This involved hiring and leading product managers, defining product management processes, solution shaping and engagement execution, and evangelizing the discipline through pitches, presentations, and speaking engagements. Jeff holds a Bachelor’s of Applied Science (Electrical Engineering) and a Bachelor’s of Arts from the University of Waterloo, an MBA from INSEAD (Strategy), and certifications in product management, project management, and design thinking.

    Photo of Vincent Mirabelli

    Vincent Mirabelli

    Principal,

    Global Project Synergy Group

    With over 10 years of experience in both the private and public sectors, Vincent Mirabelli possesses an impressive track record of improving, informing, and transforming business strategy and operations through process improvement, design and re-engineering, and the application of quality to business analysis, project management, and process improvement standards.

    Photo of Oz Nazili

    Oz Nazili

    VP, Product & Growth

    TWG

    Oz Nazili is a product leader with a decade of experience in both building products and product teams. Having spent time at funded startups and large enterprises, he thinks often about the most effective way to deliver value to users. His core areas of interest include Lean MVP development and data-driven product growth.

    Photo of Mark Pearson

    Mark Pearson

    Principal IT Architect, First Data Corporation

    Mark Pearson is an executive business leader grounded in the process, data, technology, and operations of software-driven business. He knows the enterprise software landscape and is skilled in product, technology, and operations design and delivery within information technology organizations, outsourcing firms, and software product companies.

    Photo of Brenda Peshak

    Brenda Peshak

    Product Owner,

    Widget Industries, LLC

    Brenda Peshak is skilled in business process, analytical skills, Microsoft Office Suite, communication, and customer relationship management (CRM). She is a strong product management professional with a Master’s focused in Business Leadership (MBL) from William Penn University.

    Photo of Mike Starkey

    Mike Starkey

    Director of Engineering

    W.W. Grainger

    Mike Starkey is a Director of Engineering at W.W. Grainger, currently focusing on operating model development, digital architecture, and building enterprise software. Prior to joining W.W. Grainger, Mike held a variety of technology consulting roles throughout the system delivery lifecycle spanning multiple industries such as healthcare, retail, manufacturing, and utilities with Fortune 500 companies.

    Photo of Anant Tailor

    Anant Tailor

    Cofounder & Head of Product

    Dream Payments Corp.

    Anant Tailor is a cofounder at Dream Payments where he currently serves as the COO and Head of Product, having responsibility for Product Strategy & Development, Client Delivery, Compliance, and Operations. He has 20+ years of experience building and operating organizations that deliver software products and solutions for consumers and businesses of varying sizes. Prior to founding Dream Payments, Anant was the COO and Director of Client Services at DonRiver Inc, a technology strategy and software consultancy that he helped to build and scale into a global company with 100+ employees operating in seven countries. Anant is a Professional Engineer with a Bachelor’s degree in Electrical Engineering from McMaster University and a certificate in Product Strategy & Management from the Kellogg School of Management at Northwestern University.

    Photo of Angela Weller

    Angela Weller

    Scrum Master, Businessolver

    Angela Weller is an experienced Agile business analyst who collaborates with key stakeholders to attain their goals and contributes to the achievement of the company’s strategic objectives to ensure a competitive advantage. She excels when mediating or facilitating teams.

    Related Info-Tech Research

    Product Delivery

    Deliver on Your Digital Product Vision

    • Build a product vision your organization can take from strategy through execution.

    Build a Better Product Owner

    • Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

    Build Your Agile Acceleration Roadmap

    • Quickly assess the state of your Agile readiness and plan your path forward to higher value realization.

    Implement Agile Practices That Work

    • Improve collaboration and transparency with the business to minimize project failure.

    Implement DevOps Practices That Work

    • Streamline business value delivery through the strategic adoption of DevOps practices.

    Extend Agile Practices Beyond IT

    • Further the benefits of Agile by extending a scaled Agile framework to the business.

    Build Your BizDevOps Playbook

    • Embrace a team sport culture built around continuous business-IT collaboration to deliver great products.

    Embed Security Into the DevOps Pipeline

    • Shift security left to get into DevSecOps.

    Spread Best Practices With an Agile Center of Excellence

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Enable Organization-Wide Collaboration by Scaling Agile

    • Execute a disciplined approach to rolling out Agile methods in the organization.

    Application Portfolio Management

    APM Research Center

    • See an overview of the APM journey and how we can support the pieces in this journey.

    Application Portfolio Management for Small Enterprises

    • There is no one-size-fits-all rationalization. Tailor your framework to meet your goals.

    Streamline Application Maintenance

    • Effective maintenance ensures the long-term value of your applications.

    Build an Application Rationalization Framework

    • Manage your application portfolio to minimize risk and maximize value.

    Modernize Your Applications

    • Justify modernizing your application portfolio from both business and technical perspectives.

    Review Your Application Strategy

    • Ensure your applications enable your business strategy.

    Discover Your Applications

    • Most application strategies fail. Arm yourself with the necessary information and team structure for a successful application portfolio strategy.

    Streamline Application Management

    • Move beyond maintenance to ensuring exceptional value from your apps.

    Optimize Applications Release Management

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Embrace Business-Managed Applications

    • Empower the business to implement their own applications with a trusted business-IT relationship.

    Value, Delivery Metrics, Estimation

    Build a Value Measurement Framework

    • Focus product delivery on business value–driven outcomes.

    Select and Use SDLC Metrics Effectively

    • Be careful what you ask for, because you will probably get it.

    Application Portfolio Assessment: End User Feedback

    • Develop data-driven insights to help you decide which applications to retire, upgrade, re-train on, or maintain to meet the demands of the business.

    Create a Holistic IT Dashboard

    • Mature your IT department by measuring what matters.

    Refine Your Estimation Practices With Top-Down Allocations

    • Don’t let bad estimates ruin good work.

    Estimate Software Delivery With Confidence

    • Commit to achievable software releases by grounding realistic expectations.

    Reduce Time to Consensus With an Accelerated Business Case

    • Expand on the financial model to give your initiative momentum.

    Optimize Project Intake, Approval, and Prioritization

    • Deliver more projects by giving yourself the voice to say “no” or “not yet” to new projects.

    Enhance PPM Dashboards and Reports

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Org Design and Performance

    Redesign Your IT Organizational Structure

    • Focus product delivery on business value–driven outcomes.

    Build a Strategic Workforce Plan

    • Have the right people, in the right place, at the right time.

    Implement a New Organizational Structure

    • Reorganizations are inherently disruptive. Implement your new structure with minimal pain for staff while maintaining IT performance throughout the change.

    Improve Employee Engagement to Drive IT Performance

    • Don’t just measure engagement, act on it.

    Set Meaningful Employee Performance Measures

    • Set holistic measures to inspire employee performance.

    Master Organizational Change Management Practices

    • PMOs, if you don't know who is responsible for org change, it's you.

    Bibliography (Product Management)

    “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

    A, Karen. “20 Mental Models for Product Managers.” Product Management Insider, Medium, 2 Aug. 2018. Web.

    Adams, Paul. “Product Teams: How to Build & Structure Product Teams for Growth.” Inside Intercom, 30 Oct. 2019. Web.

    Agile Alliance. “Product Owner.” Agile Alliance. n.d. Web.

    Ambysoft. “2018 IT Project Success Rates Survey Results.” Ambysoft. 2018. Web.

    Banfield, Richard, et al. “On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team.” Pluralsight, 31 Jan. 2018. Web.

    Berez, Steve, et al. “How to Plan and budget for Agile at Scale.” Bain & Company, 08 Oct 2019. Web

    Blueprint. “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint. 2012. Web.

    Breddels, Dajo, and Paul Kuijten. “Product Owner Value Game.” Agile2015 Conference, Agile Alliance 2015. Web.

    Cagan, Martin. “Behind Every Great Product.” Silicon Valley Product Group. 2005. Web.

    Cohn, Mike. “What Is a Product?” Mountain Goat Software. 6 Sept. 2016. Web.

    Connellan, Thomas K. Inside the Magic Kingdom, Bard Press, 1997.

    Curphey, Mark. “Product Definition.” SlideShare, 25 Feb. 2007. Web.

    “Delegation Poker Product Image.” Management 3.0, n.d. Web.

    Distel, Dominic, et al. “Finding the sweet spot in product-portfolio management.’ McKinsey, 4 Dec. 2020. Web

    Eringa, Ron. “Evolution of the Product Owner.” RonEringa.com, 12 June 2016. Web.

    Fernandes, Thaisa. “Spotify Squad Framework - Part I.” PM101, Medium, 6 Mar. 2017. Web.

    Galen, Robert. “Measuring Product Ownership – What Does ‘Good’ Look Like?” RGalen Consulting, 5 Aug. 2015. Web.

    Halisky, Merland, and Luke Lackrone. “The Product Owner’s Universe.” Agile2016 Conference, Agile Alliance, 2016. Web.

    Kamer, Jurriaan. “How to Build Your Own ‘Spotify Model’.” The Ready, Medium, 9 Feb. 2018. Web.

    Kendis Team. “Exploring Key Elements of Spotify’s Agile Scaling Model.” Scaled Agile Framework, Medium, 23 Jul. 2018. Web.

    Lindstrom, Lowell. “7 Skills You Need to Be a Great Product Owner.” Scrum Alliance, n.d. Web.

    Lukassen, Chris. “The Five Belts Of The Product Owner.” Xebia.com, 20 Sept. 2016. Web.

    McCloskey, Heather. “Scaling Product Management: Secrets to Defeating Common Challenges.” ProductPlan, 12 July 2019. Web.

    McCloskey, Heather. “When and How to Scale Your Product Team.” UserVoice, 21 Feb. 2017. Web.

    Mironov, Rich. “Scaling Up Product Manager/Owner Teams.” Rich Mironov's Product Bytes, Mironov Consulting, 12 Apr. 2014 . Web.

    Overeem, Barry. “A Product Owner Self-Assessment.” Barry Overeem, 6 Mar. 2017. Web.

    Overeem, Barry. “Retrospective: Using the Team Radar.” Barry Overeem, 27 Feb. 2017. Web.

    Pichler, Roman. “How to Scale the Scrum Product Owner.” Roman Pichler, 28 June 2016 . Web.

    Pichler, Roman. “Product Management Framework.” Pichler Consulting Limited, 2014. Web.

    Pichler, Roman. “Sprint Planning Tips for Product Owners.” LinkedIn, 4 Sept. 2018. Web.

    Pichler, Roman. “What Is Product Management?” Pichler Consulting Limited, 26 Nov. 2014. Web.

    Radigan, Dan. “Putting the ‘Flow' Back in Workflow With WIP Limits.” Atlassian, n.d. Web.

    Rouse, Margaret. “Definition: product.” TechTarget, Sept. 2005. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on (Business) Value.” Scrum.org, 30 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Agile Product Management.” Scrum.org, 28 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Scrum.org, 5 Dec. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on the Product Vision.” Scrum.org, 29 Nov. 2017. Web.

    Schuurman, Robbin. “Tips for Starting Product Owners.” Scrum.org, 27 Nov. 2017. Web.

    Sharma, Rohit. “Scaling Product Teams the Structured Way.” Monetary Musings, 28 Nov. 2016. Web.

    Shirazi, Reza. “Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong.” Austin Voice of Product, 2 Oct. 2018. Web.

    Steiner, Anne. “Start to Scale Your Product Management: Multiple Teams Working on Single Product.” Cprime, 6 Aug. 2019. Web.

    “The Qualities of Leadership: Leading Change.” Cornelius & Associates, 2016. Web.

    “The Standish Group 2015 Chaos Report.” The Standish Group. 2015. Web.

    Theus, Andre. “When Should You Scale the Product Management Team?” ProductPlan, 7 May 2019. Web.

    Tolonen, Arto. “Scaling Product Management in a Single Product Company.” Smartly.io, 26 Apr. 2018. Web.

    Ulrich, Catherine. “The 6 Types of Product Managers. Which One Do You Need?” Medium, 19 Dec. 2017. Web.

    Verwijs, Christiaan. “Retrospective: Do The Team Radar.” The Liberators, Medium, 10 Feb. 2017. Web.

    Vlaanderen, Kevin. “Towards Agile Product and Portfolio Management”. Academia.edu. 2010. Web.

    Bibliography (Roadmap)

    Bastow, Janna. “Creating Agile Product roadmaps Everyone Understands.” ProdPad, 22 Mar. 2017. Accessed Sept. 2018.

    Bastow, Janna. “The Product Tree Game: Our Favorite Way To Prioritize Features.” ProdPad, 21 Feb. 2016. Accessed Sept. 2018.

    Chernak, Yuri. “Requirements Reuse: The State of the Practice.” 2012 IEEE International Conference, 12 June 2012, Herzliya, Israel. Web.

    Fowler, Martin. “Application Boundary.” MartinFowler.com, 11 Sept. 2003. Accessed 20 Nov. 2017.

    Harrin, Elizabeth. “Learn What a Project Milestone Is.” The Balance Careers, 10 May 2018. Accessed Sept. 2018.

    “How to create a product roadmap.” Roadmunk, n.d. Accessed Sept. 2018.

    Johnson, Steve. “How to Master the 3 Horizons of Product Strategy.” Aha!, 24 Sept. 2015. Accessed Sept. 2018.

    Johnson, Steve. “The Product Roadmap vs. the Technology Roadmap.” Aha!, 23 June 2016. Accessed Sept. 2018

    Juncal, Shaun. “How Should You Set Your Product Roadmap Timeframes?” ProductPlan, Web. Sept. 2018.

    Leffingwell, Dean. “SAFe 4.0.” Scaled Agile, 2017. Web.

    Maurya, Ash. “What is a Minimum Viable Product (MVP).” Leanstack, 12 June 2017. Accessed Sept. 2018.

    Pichler, Roman. “10 Tips for Creating an Agile Product Roadmap.” Roman Pichler, 20 July 2016. Accessed Sept. 2018.

    Pichler, Roman. Strategize: Product Strategy and Product Roadmap Practices for the Digital Age. Pichler Consulting, 2016.

    “Product Roadmap Contents: What Should You Include?” ProductPlan, n.d. Accessed 20 Nov. 2017.

    Saez, Andrea. “Why Your Roadmap Is Not a Release Plan.” ProdPad, 23 October 2015. Accessed Sept. 2018.

    Schuurman, Robbin. “Tips for Agile product roadmaps & product roadmap examples.” Scrum.org, 7 Dec. 2017. Accessed Sept. 2018.

    Bibliography (Vision and Canvas)

    Adams, Paul. “The Future Product Canvas.” Inside Intercom, 10 Jan. 2014. Web.

    “Aligning IT Funding Models to the Pace of Technology Change.” EDUCAUSE, 14 Dec. 2015. Web.

    Altman, Igor. “Metrics: Gone Bad.” OpenView, 10 Nov. 2009. Web.

    Barry, Richard. “The Product Vision Canvas – a Strategic Tool in Developing a Successful Business.” Polymorph, 2019. Web.

    “Business Canvas – Business Models & Value Propositions.” Strategyzer, 2019. Web.

    “Business Model Canvas.” Wikipedia: The Free Encyclopedia, 4 Aug. 2019. Web.

    Charak, Dinker. “Idea to Product: The Working Model.” ThoughtWorks, 13 July 2017. Web.

    Charak, Dinker. “Product Management Canvas - Product in a Snapshot.” Dinker Charak, 29 May 2017. Web.

    Chudley, James. “Practical Steps in Determining Your Product Vision (Product Tank Bristol, Oct. 2018).” LinkedIn SlideShare. Uploaded by cxpartners, 2 Nov. 2018. Web.

    Cowan, Alex. “The 20 Minute Business Plan: Business Model Canvas Made Easy.” COWAN+, 2019. Web.

    Craig, Desiree. “So You've Decided To Become A Product Manager.” Start it up, Medium, 2 June 2019. Web.

    Create an Aha! Business Model Canvas Strategic Model.” Aha! Support, 2019. Web.

    Eick, Stephen. “Does Code Decay? Assessing the Evidence from Change Management Data.” IEEE Transactions on Software Engineering, vol. 27, no. 1, Jan. 2001, pp. 1-12. Web.

    Eriksson, Martin. “The next Product Canvas.” Mind the Product, 22 Nov. 2013. Web.

    “Experience Canvas: a Lean Approach: Atlassian Team Playbook.” Atlassian, 2019. Web.

    Freeman, James. “How to Make a Product Canvas – Visualize Your Product Plan.” Edraw, 23 Dec. 2019. Web.

    Fuchs, Danny. “Measure What Matters: 5 Best Practices from Performance Management Leaders.” OpenGov, 8 Aug. 2018. Web.

    Gorisse, Willem. “A Practical Guide to the Product Canvas.” Mendix, 28 Mar. 2017. Web.

    Gothelf, Jeff. “The Lean UX Canvas.” Jeff Gothelf, 15 Dec. 2016. Web.

    Gottesdiener, Ellen. “Using the Product Canvas to Define Your Product: Getting Started.” EBG Consulting, 15 Jan. 2019. Web.

    Gottesdiener, Ellen. “Using the Product Canvas to Define Your Product's Core Requirements.” EBG Consulting, 4 Feb. 2019. Web.

    Gray, Mark Krishan. “Should I Use the Business Model Canvas or the Lean Canvas?” Emergn, 2019. Web.

    Hanby, Jeff. "Software Maintenance: Understanding and Estimating Costs." LookFar, 21 Oct. 2016. Web.

    “How do you define a product?” Scrum.org, 4 Apr 2017, Web

    Juncal, Shaun. “How to Build a Product Roadmap Based on a Business Model Canvas.” ProductPlan, 19 June 2019. Web.

    “Lean Canvas Intro - Uber Example.” YouTube, uploaded by Railsware Product Academy, 12 Oct. 2018. Web.

    “Lesson 6: Product Canvas.” ProdPad Help Center, 2019. Web.

    Lucero, Mario. “The Product Canvas.” Agilelucero.com, 22 June 2015. Web.

    Maurya, Ash. “Create a New Lean Canvas.” Canvanizer, 2019. Web.

    Maurya, Ash. “Don't Write a Business Plan. Create a Lean Canvas Instead.” LEANSTACK, 2019. Web.

    Maurya, Ash. “Why Lean Canvas vs Business Model Canvas?” Medium, 27 Feb. 2012. Web.

    Mirabelli, Vincent. “The Project Value Canvas.” Vincent Mirabelli, 2019. Web.

    Mishra, LN. “Business Analysis Canvas – The Ultimate Enterprise Architecture.” BA Times, 19 June 2019. Web.

    Muller. Jerry Z. “Why performance metrics isn’t always the best way to judge performance.” Fast Company, 3 April 2019. Web.

    Perri, Melissa. “What Is Good Product Strategy?” Melissa Perri, 14 July 2016. Web.

    Pichler, Roman. “A Product Canvas for Agile Product Management, Lean UX, Lean Startup.” Roman Pichler, 16 July 2012. Web.

    Pichler, Roman. “Introducing the Product Canvas.” JAXenter, 15 Jan. 2013. Web.

    Pichler, Roman. “Roman's Product Canvas: Introduction.” YouTube, uploaded by Roman Pichler, 3 Mar. 2017. Web.

    Pichler, Roman. “The Agile Vision Board: Vision and Product Strategy.” Roman Pichler, 10 May 2011. Web.

    Pichler, Roman. “The Product Canvas – Template.” Roman Pichler, 11 Oct. 2016. Web.

    Pichler, Roman. “The Product Canvas Tutorial V1.0.” LinkedIn SlideShare. Uploaded by Roman Pichler, 14 Feb. 2013. Web.

    Pichler, Roman. “The Product Vision Board: Introduction.” YouTube uploaded by Roman Pichler, 3 Mar. 2017. Web.

    “Product Canvas PowerPoint Template.” SlideModel, 2019. Web.

    Product Canvas.” SketchBubble, 2019, Web.

    “Product Canvas.” YouTube, uploaded by Wojciech Szramowski, 18 May 2016. Web.

    “Product Roadmap Software to Help You Plan, Visualize, and Share Your Product Roadmap.” Productboard, 2019. Web.

    Roggero, Giulio. “Product Canvas Step-by-Step.” LinkedIn SlideShare, uploaded by Giulio Roggero, 18 May 2013. Web.

    Royce, Dr. Winston W. “Managing the Development of Large Software Systems.” Scf.usc.edu, 1970. Web.

    Ryan, Dustin. “The Product Canvas.” Qdivision, Medium, 20 June 2017. Web.

    Snow, Darryl. “Product Vision Board.” Medium, 6 May 2017. Web.

    Stanislav, Shymansky. “Lean Canvas – a Tool Your Startup Needs Instead of a Business Plan.” Railsware, 12 Oct. 2018. Web.

    Stanislav, Shymansky. “Lean Canvas Examples of Multi-Billion Startups.” Railsware, 20 Feb. 2019. Web.

    “The Product Vision Canvas.” YouTube, Uploaded by Tom Miskin, 20 May 2019. Web.

    Tranter, Leon. “Agile Metrics: the Ultimate Guide.” Extreme Uncertainty, n.d. Web.

    “Using Business Model Canvas to Launch a Technology Startup or Improve Established Operating Model.” AltexSoft, 27 July 2018. Web.

    Veyrat, Pierre. “Lean Business Model Canvas: Examples + 3 Pillars + MVP + Agile.” HEFLO BPM, 10 Mar. 2017. Web.

    “What Are Software Metrics and How Can You Track Them?” Stackify, 16 Sept. 2017. Web

    “What Is a Product Vision?” Aha!, 2019. Web.

    Implement Hardware Asset Management

    • Buy Link or Shortcode: {j2store}312|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $29,447 Average $ Saved
    • member rating average days saved: 25 Average Days Saved
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Executives are often aware of the benefits asset management offers, but many organizations lack a defined program to manage their hardware.
    • Efforts to implement hardware asset management (HAM) are stalled because organizations feel overwhelmed navigating the process or under use the data, failing to deliver value.

    Our Advice

    Critical Insight

    • Organizations often implement an asset management program as a one-off project and let it stagnate.
    • Organizations often fail to dedicate adequate resources to the HAM process, leading to unfinished processes and inconsistent standards.
    • Hardware asset management programs yield a large amount of useful data. Unfortunately, this data is often underutilized. Departments within IT become data siloes, preventing effective use of the data.

    Impact and Result

    • As the IT environment continues to change, it is important to establish consistency in the standards around IT asset management.
    • A current state assessment of your HAM program will shed light on the steps needed to safeguard your processes.
    • Define the assets that will need to be managed to inform the scope of the ITAM program before defining processes.
    • Build and involve an ITAM team in the process from the beginning to help embed the change.
    • Define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.

    Implement Hardware Asset Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should Implement Hardware Asset Management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Lay foundations

    Build the foundations for the program to succeed.

    • Implement Hardware Asset Management – Phase 1: Lay Foundations
    • HAM Standard Operating Procedures
    • HAM Maturity Assessment Tool
    • IT Asset Manager
    • IT Asset Administrator

    2. Procure & receive

    Define processes for requesting, procuring, receiving, and deploying hardware.

    • Implement Hardware Asset Management – Phase 2: Procure and Receive
    • HAM Process Workflows (Visio)
    • HAM Process Workflows (PDF)
    • Non-Standard Hardware Request Form
    • Purchasing Policy

    3. Maintain & dispose

    Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.

    • Implement Hardware Asset Management – Phase 3: Maintain and Dispose
    • Asset Security Policy
    • Hardware Asset Disposition Policy

    4. Plan implementation

    Plan the hardware budget, then build a communication plan and roadmap to implement the project.

    • Implement Hardware Asset Management – Phase 4: Plan Implementation 
    • HAM Budgeting Tool
    • HAM Communication Plan
    • HAM Implementation Roadmap
    [infographic]

    Workshop: Implement Hardware Asset Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Foundations

    The Purpose

    Build the foundations for the program to succeed.

    Key Benefits Achieved

    Evaluation of current challenges and maturity level

    Defined scope for HAM program

    Defined roles and responsibilities

    Identified metrics and reporting requirements

    Activities

    1.1 Outline hardware asset management challenges.

    1.2 Conduct HAM maturity assessment.

    1.3 Classify hardware assets to define scope of the program.

    1.4 Define responsibilities.

    1.5 Use a RACI chart to determine roles.

    1.6 Identify HAM metrics and reporting requirements.

    Outputs

    HAM Maturity Assessment

    Classified hardware assets

    Job description templates

    RACI Chart

    2 Procure & Receive

    The Purpose

    Define processes for requesting, procuring, receiving, and deploying hardware.

    Key Benefits Achieved

    Defined standard and non-standard requests for hardware

    Documented procurement, receiving, and deployment processes

    Standardized asset tagging method

    Activities

    2.1 Identify IT asset procurement challenges.

    2.2 Define standard hardware requests.

    2.3 Document standard hardware request procedure.

    2.4 Build a non-standard hardware request form.

    2.5 Make lease vs. buy decisions for hardware assets.

    2.6 Document procurement workflow.

    2.7 Select appropriate asset tagging method.

    2.8 Design workflow for receiving and inventorying equipment.

    2.9 Document the deployment workflow(s).

    Outputs

    Non-standard hardware request form

    Procurement workflow

    Receiving and tagging workflow

    Deployment workflow

    3 Maintain & Dispose

    The Purpose

    Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.

    Key Benefits Achieved

    Policies and processes for hardware maintenance and asset security

    Documented workflows for hardware disposal and recovery/redeployment

    Activities

    3.1 Build a MAC policy, request form, and workflow.

    3.2 Design process and policies for hardware maintenance, warranty, and support documentation handling.

    3.3 Revise or create an asset security policy.

    3.4 Identify challenges with IT asset recovery and disposal and design hardware asset recovery and disposal workflows.

    Outputs

    User move workflow

    Asset security policy

    Asset disposition policy, recovery and disposal workflows

    4 Plan Implementation

    The Purpose

    Select tools, plan the hardware budget, then build a communication plan and roadmap to implement the project.

    Key Benefits Achieved

    Shortlist of ITAM tools

    Hardware asset budget plan

    Communication plan and HAM implementation roadmap

    Activities

    4.1 Generate a shortlist of ITAM tools that will meet requirements.

    4.2 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget.

    4.3 Build HAM policies.

    4.4 Develop a communication plan.

    4.5 Develop a HAM implementation roadmap.

    Outputs

    HAM budget

    Additional HAM policies

    HAM communication plan

    HAM roadmap tool

    Further reading

    Implement Hardware Asset Management

    Build IT services value on the foundation of a proactive asset management program.

    ANALYST PERSPECTIVE

    IT asset data impacts the entire organization. It’s time to harness that potential.

    "Asset management is like exercise: everyone is aware of the benefits, but many struggle to get started because the process seems daunting. Others fail to recognize the integrative potential that asset management offers once an effective program has been implemented.

    A proper hardware asset management (HAM) program will allow your organization to cut spending, eliminate wasteful hardware, and improve your organizational security. More data will lead to better business decision-making across the organization.

    As your program matures and your data gathering and utility improves, other areas of your organization will experience similar improvements. The true value of asset management comes from improved IT services built upon the foundation of a proactive asset management program." - Sandi Conrad, Practice Lead, Infrastructure & Operations Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • Asset Managers and Service Delivery Managers tasked with developing an asset management program who need a quick start.
    • CIOs and CFOs who want to reduce or improve budgeting of hardware lifecycle costs.
    • Information Security Officers who need to mitigate the risk of sensitive data loss due to insecure assets.

    This Research Will Help You:

    • Develop a hardware asset management (HAM) standard operating procedure (SOP) that documents:
      • Process roles and responsibilities.
      • Data classification scheme.
      • Procurement standards, processes, and workflows for hardware assets.
      • Hardware deployment policies, processes, and workflows.
      • Processes and workflows for hardware asset security and disposal.
    • Identify requirements for an IT asset management (ITAM) solution to help generate a shortlist.
    • Develop a hardware asset management implementation roadmap.
    • Draft a communication plan for the initiative.

    Executive summary

    Situation

    • Executives are aware of the numerous benefits asset management offers, but many organizations lack a defined ITAM program and especially a HAM program.
    • Efforts to implement HAM are stalled because organizations cannot establish and maintain defined processes and policies.

    Complication

    • Organizations often implement an asset management program as a one- off project and let it stagnate, but asset management needs to be a dynamic, continually involving process to succeed.
    • Organizations often fail to dedicate adequate resources to the HAM process, leading to unfinished processes and inconsistent standards.
    • Hardware asset management programs yield a large amount of useful data. Unfortunately, this data is often underused. Departments within IT become data siloes, preventing effective use of the data.

    Resolution

    • As the IT environment continues to change, it is important to establish consistency in the standards around IT asset management.
    • A current state assessment of your HAM program will shed light on the steps needed to safeguard your processes.
    • Define the assets that will need to be managed to inform the scope of the ITAM program before defining processes.
    • Build and involve an ITAM team in the process from the beginning to help embed the change.
    • Define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.
    • Pace yourself; a staged implementation will make your ITAM program a success.

    Info-Tech Insight

    1. HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.
    2. ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.
    3. Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.

    Implement HAM to reduce and manage costs, gain efficiencies, and ensure regulatory compliance

    Save & Manage Money

    • Companies with effective HAM practices achieve cost savings through redeployment, reduction of lost or stolen equipment, power management, and on-time lease returns.
    • The right HAM system will enable more accurate planning and budgeting by business units.

    Improve Contract Management

    • Real-time asset tracking to vendor terms and conditions allows for more effective negotiation.

    Inform Technology Refresh

    • HAM provides accurate information on hardware capacity and compatibility to inform upgrade and capacity planning

    Gain Service Efficiencies

    • Integrating the hardware lifecycle with the service desk will enable efficiencies through Install/Moves/Adds/Changes (IMAC) processes, for larger organizations.

    Meet Regulatory Requirements

    • You can’t secure organizational assets if you don’t know where they are! Meet governance and privacy laws by knowing asset location and that data is secure.

    Prevent Risk

    • Ensure data is properly destroyed through disposal processes, track lost and stolen hardware, and monitor hardware to quickly identify and isolate vulnerabilities.

    HAM is more than just inventory; 92% of organizations say that it helps them provide better customer support

    Hardware asset management (HAM) provides a framework for managing equipment throughout its entire lifecycle. HAM is more than just keeping an inventory; it focuses on knowing where the product is, what costs are associated with it, and how to ensure auditable disposition according to best options and local environmental laws.

    Implementing a HAM practice enables integration of data and enhancement of many other IT services such as financial reporting, service management, green IT, and data and asset security.

    Cost savings and efficiency gains will vary based on the organization’s starting state and what measures are implemented, but most organizations who implement HAM benefit from it. As organizations increase in size, they will find the greatest gains operationally by becoming more efficient at handling assets and identifying costs associated with them.

    A 2015 survey by HDI of 342 technical support professionals found that 92% say that HAM has helped their teams provide better support to customers on hardware-related issues. Seventy-seven percent have improved customer satisfaction through managing hardware assets. (HDI, 2015)

    HAM delivers cost savings beyond only the procurementstage

    HAM cost savings aren’t necessarily realized through the procurement process or reduced purchase price of assets, but rather through the cost of managing the assets.

    HAM delivers cost savings in several ways:

    • Use a discovery tool to identify assets that may be retired, redeployed, or reused to cut or reallocate their costs.
    • Enforce power management policies to reduce energy consumption as well as costs associated with wasted energy.
    • Enforce policies to lock down unauthorized devices and ensure that confidential information isn’t lost (and you don’t have to waste money recovering lost data).
    • Know the location of all your assets and which are connected to the network to ensure patches are up to date and avoid costly security risks and unplanned downtime.
    • Scan assets to identify and remediate vulnerabilities that can cause expensive security attacks.
    • Improve vendor and contract management to identify areas of hardware savings.

    The ROI for HAM is significant and measurable

    Benefit Calculation Sample Annual Savings

    Reduced help desk support

    • The length of support calls should be reduced by making it easier for technicians to identify PC configuration.
    # of hardware-related support tickets per year * cost per ticket * % reduction in average call length 2,000 * $40 * 20% = $16,000

    Greater inventory efficiency

    • An ITAM solution can automate and accelerate inventory preparation and tasks.
    Hours required to complete inventory * staff required * hourly pay rate for staff * number of times a year inventory required 8 hours * 5 staff * $33 per hour * 2 times a year = $2,640

    Improved employee productivity

    • Organizations can monitor and detect unapproved programs that result in lost productivity.
    # of employees * percentage of employees who encounter productivity loss through unauthorized software * number of hours per year spent using unauthorized software * average hourly pay rate 500 employees * 10% * 156 hours * $18 = $140,400

    Improved security

    • Improved asset tracking and stronger policy enforcement will reduce lost and stolen devices and data.
    # of devices lost or stolen last year * average replacement value of device + # of devices stolen * value of data lost from device (50 * $1,000) + (50 * $5,000) = $300,000
    Total Savings: $459,040
    1. Weigh the return against the annual cost of investing in an ITAM solution to calculate the ROI.
    2. Don’t forget about the intangible benefits that are more difficult to quantify but still significant, such as increased visibility into hardware, more accurate IT planning and budgeting, improved service delivery, and streamlined operations.

    Avoid these common barriers to ITAM success

    Organizations that struggle to implement ITAM successfully usually fall victim to these barriers:

    Organizational resistance to change

    Senior-level sponsorship, engagement, and communication is necessary to achieve the desired outcomes of ITAM; without it, ITAM implementations stall and fail or lack the necessary resources to deliver the value.

    Lack of dedicated resources

    ITAM often becomes an added responsibility for resources who already have other full-time responsibilities, which can quickly cause the program to lose focus. Increase the chance of success through dedicated resources.

    Focus on tool over process

    Many organizations buy a tool thinking it will do most of the work for them, but without supporting processes to define ITAM, the data within the tool can become unreliable.

    Choosing a tool or process that doesn’t scale

    Some organizations are able to track assets through manual discovery, but as their network and user base grows, this quickly becomes impossible. Choose a tool and build processes that will support the organization as it grows.

    Using data only to respond to an audit without understanding root causes

    Often, organizations implement ITAM only to the extent necessary to achieve compliance for audits, but without investigating the underlying causes of non-compliance and thus not solving the real problems.

    To help you make quick progress, Info-Tech Research Group parses hardware asset management into essential processes

    Focus on hardware asset lifecycle management essentials:

    IT Asset Procurement:

    • Define procurement standards for new hardware along with related warranties and support options.
    • Develop processes and workflows for purchasing and work out financial implications to inform budgeting later.

    IT Asset Intake and Deployment:

    • Define policies, processes, and workflows for hardware and receiving, inventory, and tracking practices.
    • Develop processes and workflows for managing imaging, change and moves, and large-scale rollouts.

    IT Asset Security and Maintenance:

    • Develop processes, policies, and workflows for asset tracking and security.
    • Maintain contracts and agreements.

    IT Asset Disposal or Recovery:

    • Manage the employee termination and equipment recovery cycle.
    • Securely wipe and dispose of assets that have reached retirement stage.

    The image is a circular graphic, with Implement HAM written in the middle. Around the centre circle are four phrases: Recover or Dispose; Plan & Procure; Receive & Deploy; Secure & Maintain. Around that circle are six words: Retire; Plan; Request; Procure; Receive; Manage.

    Follow Info-Tech’s methodology to build a plan to implement hardware asset management

    Phase 1: Assess & Plan Phase 2: Procure & Receive Phase 3: Maintain & Dispose Phase 4: Plan Budget & Build Roadmap
    1.1 Assess current state & plan scope 2.1 Request & procure 3.1 Manage & maintain 4.1 Plan budget
    1.2 Build team & define metrics 2.2 Receive & deploy 3.2 Redeploy or dispose 4.2 Communicate & build roadmap
    Deliverables
    Standard Operating Procedure (SOP)
    HAM Maturity Assessment Procurement workflow User move workflow HAM Budgeting Tool
    Classified hardware assets Non-standard hardware request form Asset security policy HAM Communication Plan
    RACI Chart Receiving & tagging workflow Asset disposition policy HAM Roadmap Tool
    Job Descriptions Deployment workflow Asset recovery & disposal workflows Additional HAM policies

    Asset management is a key piece of Info-Tech's COBIT- inspired IT Management and Governance Framework

    The image shows a graphic which is a large grid, showing Info-Tech's research, sorted into categories.

    Cisco IT reduced costs by upwards of $50 million through implementing ITAM

    CASE STUDY

    Industry IT

    Source Cisco Systems, Inc.

    Cisco Systems, Inc.

    Cisco Systems, Inc. is the largest networking company in the world. Headquartered in San Jose, California, the company employees over 70,000 people.

    Asset Management

    As is typical with technology companies, Cisco boasted a proactive work environment that encouraged individualism amongst employees. Unfortunately, this high degree of freedom combined with the rapid mobilization of PCs and other devices created numerous headaches for asset tracking. At its peak, spending on hardware alone exceeded $100 million per year.

    Results

    Through a comprehensive ITAM implementation, the new asset management program at Cisco has been a resounding success. While employees did have to adjust to new rules, the process as a whole has been streamlined and user-satisfaction levels have risen. Centralized purchasing and a smaller number of hardware platforms have allowed Cisco to cut its hardware spend in half, according to Mark Edmondson, manager of IT services expenses for Cisco Finance.

    This case study continues in phase 1

    The image shows four bars, from bottom to top: 1. Asset Gathering; 2. Asset Distribution; 3. Asset Protection; 4. Asset Data. On the right, there is an arrow pointing upwards labelled ITAM Program Maturity.

    Info-Tech delivers: Use our tools and templates to accelerate your project to completion

    HAM Standard Operating Procedures (SOP)

    HAM Maturity Assessment

    Non-Standard Hardware Request Form

    HAM Visio Process Workflows

    HAM Policy Templates

    HAM Budgeting Tool

    HAM Communication Plan

    HAM Implementation Roadmap Tool

    Measured value for Guided Implementations (GIs)

    Engaging in GIs doesn’t just offer valuable project advice, it also results in significant cost savings.

    GI Measured Value
    Phase 1: Lay Foundations
    • Time, value, and resources saved by using Info-Tech’s tools and templates to assess current state and maturity, plan scope of HAM program, and define roles and metrics.
    • For example, 2 FTEs * 14 days * $80,000/year = $8,615
    Phase 2: Procure & Receive
    • Time, value, and resources saved by using Info-Tech’s tools and templates to build processes for hardware request, procurement, receiving, and deployment.
    • For example, 2 FTEs * 14 days * $80,000/year = $8,615
    Phase 3: Maintain & Dispose
    • Time, value, and resources saved by following Info-Tech’s tools and methodology to build processes and policies for managing and maintaining hardware and disposing or redeploying of equipment.
    • For example, 2 FTE * 14 days * $80,000/year = $8,615
    Phase 4: Plan Implementation
    • Time, value, and resources saved by following Info-Tech’s tools and methodology to select tools, plan the hardware budget, and build a roadmap.
    • For example, 2 FTE * 14 days * $80,000/year = $8,615
    Total savings $25,845

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation overview

    1. Lay Foundations 2. Procure & Receive 3. Maintain & Dispose 4. Budget & Implementation
    Best-Practice Toolkit

    1.1 Assess current state & plan scope

    1.2 Build team & define metrics

    2.1 Request & procure

    2.2 Receive & deploy

    3.1 Manage & maintain

    3.2 Redeploy or dispose

    4.1 Plan budget

    4.2 Communicate & build roadmap

    Guided Implementation
    • Assess current state.
    • Define scope of HAM program.
    • Define roles and metrics.
    • Define standard and non-standard hardware.
    • Build procurement process.
    • Determine asset tagging method and build equipment receiving and deployment processing.
    • Define processes for managing and maintaining equipment.
    • Define policies for maintaining asset security.
    • Build process for redeploying or disposing of assets.
    • Discuss best practices for effectively managing a hardware budget.
    • Build communications plan and roadmap.
    Results & Outcomes
    • Evaluation of current maturity level of HAM
    • Defined scope for the HAM program including list of hardware to track as assets
    • Defined roles and responsibilities
    • Defined and documented KPIs and metrics to meet HAM reporting requirements
    • Defined standard and non- standard requests and processes
    • Defined and documented procurement workflow and purchasing policy
    • Asset tagging method and process
    • Documented equipment receiving and deployment processes
    • MAC policies and workflows
    • Policies and processes for hardware maintenance and asset security
    • Documented workflows for hardware disposal and recovery/redeployment
    • Shortlist of ITAM tools
    • Hardware asset budget plan
    • Communication plan and HAM implementation roadmap

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.comfor more information.

    Phases: Teams, Scope & Hardware Procurement Hardware Procurement and Receiving Hardware Maintenance & Disposal Budgets, Roadmap & Communications
    Duration* 1 day 1 day 1 day 1 day
    * Activities across phases may overlap to ensure a timely completion of the engagement
    Projected Activities
    • Outline hardware asset management goals
    • Review HAM maturity and anticipated milestones
    • Define scope and classify hardware assets
    • Define roles and responsibilities
    • Define metrics and reporting requirements
    • Define standard and non-standard hardware requests
    • Review and document procurement workflow
    • Discuss appropriate asset tagging method
    • Design and document workflow for receiving and inventorying equipment
    • Review/create policy for hardware procurement and receiving
    • Identify data sources and methodology for inventory and data collection
    • Define install/moves/adds/changes (MAC) policy
    • Build workflows to document user MAC processes and design request form
    • Design process and policies for hardware maintenance, warranty, and support documentation handling
    • Design hardware asset recovery and disposal workflows
    • Define budgeting process and review Info-Tech’s HAM Budgeting Tool
    • Develop a communication plan
    • Develop a HAM implementation plan
    Projected Deliverables
    • Standard operating procedures for hardware
    • Visio diagrams for all workflows
    • Workshop summary with milestones and task list
    • Budget template
    • Policy draft

    Phase 1

    Lay Foundations

    Implement Hardware Asset Management

    A centralized procurement process helped cut Cisco’s hardware spend in half

    CASE STUDY

    Industry IT

    Source Cisco Systems, Inc.

    Challenge

    Cisco Systems’ hardware spend was out of control. Peaking at $100 million per year, the technology giant needed to standardize procurement processes in its highly individualized work environment.

    Users had a variety of demands related to hardware and network availability. As a result, data was spread out amongst multiple databases and was managed by different teams.

    Solution

    The IT team at Cisco set out to solve their hardware-spend problem using a phased project approach.

    The first major step was to identify and use the data available within various departments and databases. The heavily siloed nature of these databases was a major roadblock for the asset management program.

    This information had to be centralized, then consolidated and correlated into a meaningful format.

    Results

    The centralized tracking system allowed a single point of contact (POC) for the entire lifecycle of a PC. This also created a centralized source of information about all the PC assets at the company.

    This reduced the number of PCs that were unaccounted for, reducing the chance that Cisco IT would overspend based on its hardware needs.

    There were still a few limitations to address following the first step in the project, which will be described in more detail further on in this blueprint.

    This case study continues in phase 2

    Step 1.1: Assess current state and plan scope

    Phase 1: Assess & Plan

    1.1 Assess current state & plan scope

    1.2 Build team & define metrics

    This step will walk you through the following activities:

    1.1.1 Complete MGD (optional)

    1.1.2 Outline hardware asset management challenges

    1.1.3 Conduct HAM maturity assessment

    1.1.4 Classify hardware assets to define scope of the program

    This step involves the following participants:

    • CIO/CFO
    • IT Director
    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security (optional)
    • Operations (optional)

    Step Outcomes

    • Understand key challenges related to hardware asset management within your organization to inform program development.
    • Evaluate current maturity level of hardware asset management components and overall program to determine starting point.
    • Define scope for the ITAM program including list of hardware to track as assets.

    Complete the Management & Governance Diagnostic (MGD) to weigh the effectiveness of ITAM against other services

    1.1.1 Optional Diagnostic

    The MGD helps you get the data you need to confirm the importance of improving the effectiveness of your asset management program.

    The MGD allows you to understand the landscape of all IT processes, including asset management. Evaluate all team members’ perceptions of each process’ importance and effectiveness.

    Use the results to understand the urgency to change asset management and its relevant impact on the organization.

    Establish process owners and hold team members accountable for process improvement initiatives to ensure successful implementation and realize the benefits from more effective processes.

    To book a diagnostic, or get a copy of our questions to inform your own survey, visit Info-Tech’s Benchmarking Tools, contact your account manager, or call toll-free 1-888-670-8889 (US) or 1-844-618-3192 (CAN).

    Sketch out challenges related to hardware asset management to shape the direction of the project

    Common HAM Challenges

    Processes and Policies:

    • Existing asset management practices are labor intensive and time consuming
    • Manual spreadsheets are used, making collaboration and automation difficult
    • Lack of HAM policies and standard operating procedures
    • Asset management data is not centralized
    • Lack of clarity on roles and responsibilities for ITAM functions
    • End users don’t understand the value of asset management

    Tracking:

    • Assets move across multiple locations and are difficult to track
    • Hardware asset data comes from multiple sources, creating fragmented datasets
    • No location data is available for hardware
    • No data on ownership of assets

    Security and Risk:

    • No insight into which assets contain sensitive data
    • There is no information on risks by asset type
    • Rogue systems need to be identified as part of risk management best practices
    • No data exists for assets that contain critical/sensitive data

    Procurement:

    • No centralized procurement department
    • Multiple quotes from vendors are not currently part of the procurement process
    • A lack of formal process can create issues surrounding employee onboarding such as long lead times
    • Not all procurement standards are currently defined
    • Rogue purchases create financial risk

    Receiving:

    • No formal process exists, resulting in no assigned receiving location and no assigned receiving role
    • No automatic asset tracking system exists

    Disposal:

    • No insight into where disposed assets go
    • Formal refresh and disposal system is needed

    Contracts:

    • No central repository exists for contracts
    • No insight into contract lifecycle, hindering negotiation effectiveness and pricing optimization

    Outline hardware asset management challenges

    1.1.1 Brainstorm HAM challenges

    Participants

    • CIO/CFO
    • IT Director
    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security
    • Operations (optional)

    A. As a group, outline the hardware asset management challenges facing the organization.

    Use the previous slide to help you get started. You can use the following headings as a guide or think of your own:

    • Processes and Policies
    • Tracking
    • Procurement
    • Receiving
    • Security and Risk
    • Disposal
    • Contracts

    B. If you get stuck, use the Hardware Asset Management Maturity Assessment Tool to get a quick view of your challenges and maturity targets and kick-start the conversation.

    To be effective with hardware asset management, understand the drivers and potential impact to the organization

    Drivers of effective HAM Results of effective HAM
    Contracts and vendor licensing programs are complex and challenging to administer without data related to assets and their environment. Improved access to accurate data on contracts, licensing, warranties, installed hardware and software for new contracts, renewals, and audit requests.
    Increased need to meet compliance requires a formal approach to tracking and managing assets, regardless of device type. Encryption, hardware tracking and discovery, software application controls, and change notifications all contribute to better asset controls and data security.
    Cost cutting is on the agenda, and management is looking to reduce overall IT spend in the organization in any possible way. Reduction of hardware spend by as much as 5% of the total budget through data for better forecasting and planning.
    Assets with sensitive data are not properly secured, go missing, or are not safely disposed of when retired. Document and enforce security policies for end users and IT staff to ensure sensitive data is properly secured, preventing costs much larger than the cost of only the device.

    Each level of HAM maturity comes with its own unique challenges

    Maturity People & Policies Processes Technology
    Chaos
    • No dedicated staff
    • No policies published
    • Procedures not documented or standardized
    • Hardware not safely secured or tagged
    • Hardware purchasing decisions not based on data
    • Minimal tracking tools in place
    Reactive
    • Semi-focused HAM manager
    • No policies published
    • Reliance on suppliers to provide reports for hardware purchases
    • Hardware standards are enforced
    • Discovery tools and spreadsheets used to manage hardware
    Controlled
    • Full-time HAM manager
    • End-user policies published
    • HAM manager involved in budgeting and planning sessions
    • Inventory tracking is in place
    • Hardware is secured and tagged
    • Discovery and inventory tools used to manage hardware
    • Compliance reports run as needed
    Proactive
    • Extended HAM team, including Help Desk, HR, Purchasing
    • Corporate hardware use policies in place and enforced
    • HAM process integrated with help desk and HR processes
    • More complex reporting and integrated financial information and contracts with asset data
    • Hardware requests are automated where possible
    • Product usage reports and alerts in place to harvest and reuse licenses
    • Compliance and usage reports used to negotiate software contracts
    Optimized
    • HAM manager trained and certified
    • Working with HR, Legal, Finance, and IT to enforce policies
    • Quarterly meetings with ITAM team to review policies, procedures, upcoming contracts, and rollouts; data is reviewed before any financial decisions made
    • Full transparency into hardware lifecycle
    • Aligned with business objectives
    • Detailed savings reports provided to executive team annually
    • Automated policy enforcement and process workflows

    Conduct a hardware maturity assessment to understand your starting point and challenges

    1.1.3 Complete HAM Maturity Assessment Tool

    Complete the Hardware Asset Management Maturity Assessment Tool to understand your organization’s overall maturity level in HAM, as well as the starting maturity level aligned with each step of the blueprint, in order to identify areas of strength and weakness to plan the project. Use this to track progress on the project.

    An effective asset management project has four essential components, with varying levels of management required

    The hardware present in your organization can be classified into four categories of ascending strategic complexity: commodity, inventory, asset, and configuration.

    Commodity items are devices that are low-cost, low-risk items, where tracking is difficult and of low value.

    Inventory is tracked primarily to identify location and original expense, which may be depreciated by Finance. Typically there will not be data on these devices and they’ll be replaced as they lose functionality.

    Assets will need the full lifecycle managed. They are identified by cost and risk. Often there is data on these devices and they are typically replaced proactively before they become unstable.

    Configuration items will generally be tracked in a configuration management database (CMDB) for the purpose of enabling the support teams to make decisions involving dependencies, configurations, and impact analysis. Some data will be duplicated between systems, but should be synchronized to improve accuracy between systems.

    See Harness Configuration Management Superpowers to learn more about building a CMDB.

    Classify your hardware assets to determine the scope and strategy of the program

    Asset: A unique device or configuration of devices that enables a user to perform productive work tasks and has a defined location and ownership attributes.

    • Hardware asset management involves tracking and managing physical components from procurement through to retirement. It provides the base for software asset management and is an important process that can lead to improved lifecycle management, service request fulfillment, security, and cost savings through harvesting and redeployment.
    • When choosing your strategy, focus on those devices that are high cost and high risk/function such as desktops, laptops, servers, and mobile devices.

    ASSET - Items of high importance and may contain data, such as PCs, mobile devices, and servers.

    INVENTORY - Items that require significant financial investment but no tracking beyond its existence, such as a projector.

    COMMODITY - Items that are often in use but are of relatively low cost, such as keyboards or mice.

    Classify your hardware assets to define the scope of the program

    1.1.4 Define the assets to be tracked within your organization

    Participants

    • Participants
    • CIO/CFO
    • IT Director
    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security (optional)
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 1 – Overview & Scope

    1. Determine value/risk threshold at which items should be tracked (e.g. over $1,000 and holding data).
    2. Divide a whiteboard or flip chart into three columns: commodity, asset, and inventory.
    3. Divide participants into groups by functional role to brainstorm devices in use within the organization. Write them down on sticky notes.
    4. Place the sticky notes in the column that best describes the role of the product in your organization.

    Align the scope of the program with business requirements

    CASE STUDY

    Industry Public Administration

    Source Client Case Study

    Situation

    A state government designed a process to track hardware worth more than $1,000. Initially, most assets consisted of end-user computing devices.

    The manual tracking process, which relied on a series of Excel documents, worked well enough to track the lifecycle of desktop and laptop assets.

    However, two changes upended the organization’s program: the cost of end-user computing devices dropped dramatically and the demand for network services led to the proliferation of expensive equipment all over the state.

    Complication

    The existing program was no longer robust enough to meet business requirements. Networking equipment was not only more expensive than end-user computing devices, but also more critical to IT services.

    What was needed was a streamlined process for procuring high-cost, high-utility equipment, tracking their location, and managing their lifecycle costs without compromising services.

    Resolution

    The organization decided to formalize, document, and automate hardware asset management processes to meet the new challenges and focus efforts on high-cost, high-utility end-user computing devices only.

    Step 1.2: Build team and define metrics

    Phase 1: Assess & Plan

    1.1 Assess current state & plan scope

    1.2 Build team and define metrics

    This step will walk you through the following activities:

    1.2.1 Define responsibilities for Asset Manager and Asset Administrator

    1.2.2 Use a RACI chart to determine roles within HAM team

    1.2.3 Further clarify HAM responsibilities for each role

    1.2.4 Identify HAM reporting requirements

    This step involves the following participants:

    • CIO/CFO
    • IT Director
    • IT Managers
    • Asset Manager
    • Asset Coordinators
    • ITAM Team
    • Service Desk
    • End-User Device Support Team

    Step Outcomes:

    • Defined responsibilities for Asset Manager and Asset Administrator
    • Documented RACI chart assigning responsibility and accountability for core HAM processes
    • Documented responsibilities for ITAM/HAM team
    • Defined and documented KPIs and metrics to meet HAM reporting requirements

    Form an asset management team to lead the project

    Asset management is an organizational change. To gain buy-in for the new processes and workflows that will be put in place, a dedicated, passionate team needs to jump-start the project.

    Delegate the following roles to team members and grow your team accordingly.

    Asset Manager

    • Responsible for setting policy and governance of process and data accuracy
    • Support budget process
    • Support asset tracking processes in the field
    • Train employees in asset tracking processes

    Asset Administrator

    • The front-lines of asset management
    • Communicates with and supports asset process implementation teams
    • Updates and contributes information to asset databases
    Service Desk, IT Operations, Applications
    • Responsible for advising asset team of changes to the IT environment, which may impact pricing or ability to locate devices
    • Works with Asset Coordinator/Manager to set standards for lifecycle stages
    • The ITAM team should visit and consult with each component of the business as well as IT.
    • Engage with leaders in each department to determine what their pain points are.
    • The needs of each department are different and their responses will assist the ITAM team when designing goals for asset management.
    • Consultations within each department also communicates the change early, which will help with the transition to the new ITAM program.

    Info-Tech Insight

    Ensure that there is diversity within the ITAM team. Assets for many organizations are diverse and the composition of your team should reflect that. Have multiple departments and experience levels represented to ensure a balanced view of the current situation.

    Define the responsibilities for core ITAM/HAM roles of Asset Manager and Asset Administrator

    1.2.1 Use Info-Tech’s job description templates to define roles

    The role of the IT Asset Manager is to oversee the daily and long-term strategic management of software and technology- related hardware within the organization. This includes:

    • Planning, monitoring, and recording software licenses and/or hardware assets to ensure compliance with vendor contracts.
    • Forming procurement strategies to optimize technology spend across the organization.
    • Developing and implementing procedures for tracking company assets to oversee quality control throughout their lifecycles.

    The role of the IT Asset Administrator is to actively manage hardware and software assets within the organization. This includes:

    • Updating and maintaining accurate asset records.
    • Planning, monitoring, and recording software licenses and/or hardware assets to ensure compliance with vendor contracts.
    • Administrative duties within procurement and inventory management.
    • Maintaining records and databases regarding warranties, service agreements, and lifecycle management.
    • Product standardization and tracking.

    Use Info-Tech’s job description templates to assist in defining the responsibilities for these roles.

    Organize your HAM team based on where they fit within the strategic, tactical, and operational components

    Typically the asset manager will answer to either the CFO or CIO. Occasionally they answer to a vendor manager executive. The hierarchy may vary based on experience and how strategic a role the asset manager will play.

    The image shows a flowchart for organizing the HAM team, structured by three components: Strategic (at the top); Tactical (in the middle); and Operational (at the bottom). The chart shows how the job roles flow together within the hierarchy.

    Determine the roles and responsibilities of the team who will support your HAM program

    1.2.2 Complete a RACI

    A RACI chart will identify who should be responsible, accountable, consulted, and informed for each key activity during the consolidation.

    Participants

    • Project Sponsor
    • IT Director, CIO
    • Project Manager
    • IT Managers and Asset Manager(s)
    • ITAM Team

    Document

    Document in the Standard Operating Procedure.

    Instructions:

    1. Write out the list of all stakeholders along the top of a whiteboard. Write out the key initiative steps for the consolidation project along the left side (use this list as a starting point).
    2. For each initiative, identify each team member’s role. Are they:
      • Responsible? The one responsible for getting the job done.
      • Accountable? Only one person can be accountable for each task.
      • Consulted? Involved through input of knowledge and information.
      • Informed? Receive information about process execution and quality.
    3. As you proceed through the initiative, continue to add tasks and assign responsibility to this RACI chart.

    A sample RACI chart is provided on the next slide

    Start with a RACI chart to determine the responsibilities

    1.2.2 Complete a RACI chart for your organization

    HAM Tasks CIO CFO HAM Manager HAM Administrator Service Desk (T1,T2, T3) IT Operations Security Procurement HR Business Unit Leaders Compliance /Legal Project Manager
    Policies and governance A I R I I C I C C I I
    Strategy A R R R R
    Data entry and quality management C I A I C C I I C C
    Risk management and asset security A R C C R C C
    Process compliance auditing A R I I I I I
    Awareness, education, and training I A I I C
    Printer contracts C A C C C R C C
    Hardware contract management A I R R I I R R I I
    Workflow review and revisions I A C C C C
    Budgeting A R C I C
    Asset acquisition A R C C C C I C C
    Asset receiving (inspection/acceptance) I A R R I
    Asset deployment A R R I I
    Asset recovery/harvesting A R R I I
    Asset disposal C A R R I I
    Asset inventory (input/validate/maintain) I I A/R R R R I I I

    Further clarify HAM responsibilities for each role

    1.2.3 Define roles and responsibilities for the HAM team

    Participants

    • Participants IT Asset Managers and Coordinators
    • ITAM Team
    • IT Managers and IT Director

    Document

    1. Discuss and finalize positions to be established within the ITAM/HAM office as well as additional roles that will be involved in HAM.
    2. Review the sample responsibilities below and revise or create responsibilities for each key position within the HAM team.
    3. Document in the HAM Standard Operating Procedures.
    Role Responsibility
    IT Manager
    • Responsible for writing policies regarding asset management and approving final documents
    • Build and revise budget, tracking actual spend vs. budget, seeking final approvals from the business
    • Process definition, communication, reporting and ensuring people are following process
    • Awareness campaign for new policy and process
    Asset Managers
    • Approval of purchases up to $10,000
    • Inventory and contract management including contract review and recommendations based on business and IT requirements
    • Liaison between business and IT regarding software and hardware
    • Monitor and improve workflows and asset related processes
    • Monitor controls, audit and recommend policies and procedures as needed
    • Validate, manage and analyze data as related to asset management
    • Provide reports as needed for decision making and reporting on risk, process effectiveness and other purposes as required
    • Asset acquisition and disposal
    Service Desk
    Desktop team
    Security
    Infrastructure teams

    Determine criteria for success: establish metrics to quantify and demonstrate the results and value of the HAM function

    HAM metrics fall in the following categories:

    HAM Metrics

    • Quantity e.g. inventory levels and need
    • Cost e.g. value of assets, budget for hardware
    • Compliance e.g. contracts, policies
    • Quality e.g. accuracy of data
    • Duration e.g. time to procure or deploy hardware

    Follow a process for establishing metrics:

    1. Identify and obtain consensus on the organization’s ITAM objectives, prioritized if possible.
    2. For each ITAM objective, select two or three metrics in the applicable categories (not all categories will apply to all objectives); be sure to select metrics that are achievable with reasonable effort.
    3. Establish a baseline measurement for each metric.
    4. Establish a method and accountability for ongoing measurement and analysis/reporting.
    5. Establish accountability for taking action on reported results.
    6. As ITAM expands and matures, change or expand the metrics as appropriate.

    Define KPIs and associated metrics

    • Identify the critical success factors (CSFs) for your hardware asset management program based on strategic goals.
    • For each success factor, identify the key performance indicators (KPIs) to measure success and specific metrics that will be tracked and reported on.
    • Sample metrics are below:
    CSF KPI Metrics
    Improve accuracy of IT budget and forecasting
    • Asset costs and value
    • Average cost of workstation
    • Total asset spending
    • Total value of assets
    • Budget vs. spend
    Identify discrepancies in IT environment
    • Unauthorized or failing assets
    • Number of unauthorized assets
    • Assets identified as cause of service failure
    Avoid over purchasing equipment
    • Number of unused and underused computers
    • Number of unaccounted-for computers
    • Money saved from harvesting equipment instead of purchasing new
    Make more-effective purchasing decisions
    • Predicted replacement time and cost of assets
    • Deprecation rate of assets
    • Average cost of maintaining an asset
    • Number of workstations in repair
    Improve accuracy of data
    • Accuracy of asset data
    • Accuracy rate of inventory data
    • Percentage improvement in accuracy of audit of assets
    Improved service delivery
    • Time to deploy new hardware
    • Mean time to purchase new hardware
    • Mean time to deploy new hardware

    Identify hardware asset reporting requirements and the data you need to collect to meet them

    1.2.4 Identify asset reporting requirements

    Participants

    • CIO/CFO
    • IT Director
    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 13: Reporting

    1. Discuss the goals and objectives of implementing or improving hardware asset management, based on challenges identified in Step 1.2.
    2. From the goals, identify the critical success factors for the HAM program
    3. For each CSF, identify one to three key performance indicators to evaluate achievement of the success factor.
    4. For each KPI, identify one to three metrics that can be tracked and reported on to measure success. Ensure that the metrics are tangible and measurable and will be useful for decision making or to take action.
    5. Determine who needs this information and the frequency of reporting.
    6. If you have existing ITAM data, record the baseline metric.
    CSF KPI Metrics Stakeholder/frequency

    Phase 1 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Lay Foundations

    Proposed Time to Completion: 4 weeks

    Step 1.1: Assess current state and plan scope

    Start with an analyst kick-off call:

    • Review challenges.
    • Assess current HAM maturity level.
    • Define scope of HAM program.

    Then complete these activities…

    • Complete MGD (optional).
    • Outline hardware asset management challenges.
    • Conduct HAM maturity assessment.
    • Classify hardware assets to define scope of the program.

    With these tools & templates:

    HAM Maturity Assessment

    Standard Operating Procedures

    Step 1.2: Build team and define metrics

    Review findings with analyst:

    • Define roles and responsibilities.
    • Assess reporting requirements.
    • Document metrics to track.

    Then complete these activities…

    • Define responsibilities for Asset Manager and Asset Administrator.
    • Use a RACI chart to determine roles within HAM team.
    • Document responsibilities for HAM roles.
    • Identify HAM reporting requirements.

    With these tools & templates:

    RACI Chart

    Asset Manager and Asset Administrator Job Descriptions

    Standard Operating Procedures

    Phase 1 Results & Insights:

    For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.4 Classify hardware assets to define scope of the program

    Determine value/risk threshold at which assets should be tracked, then divide a whiteboard into four quadrants representing four categories of assets. Participants write assets down on sticky notes and place them in the appropriate quadrant to classify assets.

    1.2.2 Build a RACI chart to determine responsibilities

    Identify all roles within the organization that will play a part in hardware asset management, then document all core HAM processes and tasks. For each task, assign each role to be responsible, accountable, consulted, or informed.

    Phase 2

    Procure and Receive

    Implement Hardware Asset Management

    Step 2.1: Request and Procure Hardware

    Phase 2: Procure & Receive

    2.1 Request & Procure

    2.2 Receive & Deploy

    This step will walk you through the following activities:

    2.1.1 Identify IT asset procurement challenges

    2.1.2 Define standard hardware requests

    2.1.3 Document standard hardware request procedure

    2.1.4 Build a non-standard hardware request form

    2.1.5 Make lease vs. buy decisions for hardware assets

    2.1.6 Document procurement workflow

    2.1.7 Build a purchasing policy

    This step involves the following participants:

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Step Outcomes:

    • Definition of standard hardware requests for roles, including core vs. optional assets
    • End-user request process for standard hardware
    • Non-standard hardware request form
    • Lease vs. buy decisions for major hardware assets
    • Defined and documented procurement workflow
    • Documented purchasing policy

    California saved $40 million per year using a green procurement strategy

    CASE STUDY

    Industry Government

    Source Itassetmanagement.net

    Challenge

    Signed July 27, 2004, Executive order S-20-04, the “Green Building Initiative,” placed strict regulations on energy consumption, greenhouse gas emissions, and raw material usage and waste.

    In compliance with S-20-04, the State of California needed to adopt a new procurement strategy. Its IT department was one of the worst offenders given the intensive energy usage by the variety of assets managed under the IT umbrella.

    Solution

    A green IT initiative was enacted, which involved an extensive hardware refresh based on a combination of agent-less discovery data and market data (device age, expiry dates, power consumption, etc.).

    A hardware refresh of almost a quarter-million PCs, 9,500 servers, and 100 email systems was rolled out as a result.

    Other changes, including improved software license compliance and data center consolidation, were also enacted.

    Results

    Because of the scale of this hardware refresh, the small changes meant big savings.

    A reduction in power consumption equated to savings of over $40 million per year in electricity costs. Additionally, annual carbon emissions were trimmed by 200,000 tons.

    Improve your hardware asset procurement process to…

    Asset Procurement

    • Standardization
    • Aligned procurement processes
    • SLAs
    • TCO reduction
    • Use of centralized/ single POC

    Standardize processes: Using standard products throughout the enterprise lowers support costs by reducing the variety of parts that must be stocked for onsite repairs or for provisioning and supporting equipment.

    Align procurement processes: Procurement processes must be aligned with customers’ business requirements, which can have unique needs.

    Define SLAs: Providing accurate and timely performance metrics for all service activities allows infrastructure management based on fact rather than supposition.

    Reduce TCO: Management recognizes service infrastructure activities as actual cost drivers.

    Implement a single POC: A consolidated service desk is used where the contact understands both standards (products, processes, and practices) and the user’s business and technical environment.

    Identify procurement challenges to identify process improvement needs

    2.1.1 Identify IT asset procurement challenges

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    1. As a group, brainstorm existing challenges related to IT hardware requests and procurement.
    2. If you get stuck, consider the common challenges listed below.
    3. Use the results of the discussion to focus on which problems can be resolved and integrated into your organization as operational standards.

    Document hardware standards to speed time to procure and improve communications to users regarding options

    The first step in your procurement workflow will be to determine what is in scope for a standard request, and how non-standard requests will be handled. Questions that should be answered by this procedure include:

    • What constitutes a non-standard request?
    • Who is responsible for evaluating each type of request? Will there be one individual or will each division in IT elect a representative to handle requests specific to their scope of work?
    • What additional security measures need to be taken?
    • Are there exceptions made for specific departments or high-ranking individuals?

    If your end-user device strategy requires an overhaul, schedule time with an Info-Tech analyst to review our blueprint Build an End-User Computing Strategy.

    Once you’ve answered questions like these, you can outline your hardware standards as in the example below:

    Use Case Mobile Standard Mac Standard Mobile Power User
    Asset Lenovo ThinkPad T570 iMac Pro Lenovo ThinkPad P71
    Operating system Windows 10 Pro Mac OSX Windows 10 Pro, 64 bit
    Display 15.6" 21.5" 17.3”

    Memory

    32GB 8GB 64GB
    Processor Intel i7 – 7600U Processor 2.3GHz Xeon E3 v6 Processor
    Drive 500GB 1TB 1TB
    Warranty 3 year 1 year + 2 extended 3 year

    Info-Tech Insight

    Approach hardware standards from a continual improvement frame of mind. Asset management is a dynamic process. Hardware standards will need to adapt over time to match the needs of the business. Plan assessments at routine intervals to ensure your current hardware standards align with business needs.

    Document specifications to meet environmental, security, and manageability requirements

    Determine environmental requirements and constraints.

    Power management

    Compare equipment for power consumption and ability to remotely power down machines when not in use.

    Heat and noise

    Test equipment run to see how hot the device gets, where the heat is expelled, and how much noise is generated. This may be particularly important for users who are working in close quarters.

    Carbon footprint

    Ask what the manufacturer is doing to reduce post-consumer waste and eliminate hazardous materials and chemicals from their products.

    Ensure security requirements can be met.

    • Determine if network/wireless cards meet security requirements and if USB ports can be turned off to prevent removal of data.
    • Understand the level of security needed for mobile devices including encryption, remote shut down or wipe of hard drives, recovery software, or GPS tracking.
    • Decide if fingerprint scanners with password managers would be appropriate to enable tighter security and reduce the forgotten-password support calls.

    Review features available to enhance manageability.

    • Discuss manageability goals with your IT team to see if any can be solved with added features, for example:
      • Remote control for troubleshooting and remote management of data security settings.
      • Asset management software or tags for bar coding, radio frequency identification (RFID), or GPS, which could be used in combination with strong asset management practices to inventory, track, and manage equipment.

    If choosing refurbished equipment, avoid headaches by asking the right questions and choosing the right vendor

    • Is the equipment functional and for how long is it expected to last?
    • How long will the vendor stand behind the product and what support can be expected?
      • This is typically two to five years, but will vary from vendor to vendor.
      • Will they repair or replace machines? Many will just replace the machine.
    • How big is the inventory supply?
      • What kind of inventory does the vendor keep and for how long can you expect the vendor to keep it?
      • How does the vendor source the equipment and do they have large quantities of the same make and model for easier imaging and support?
    • How complete is the refurbishment process?
      • Do they test all components, replace as appropriate, and securely wipe or replace hard drives?
      • Are they authorized to reload MS Windows OEM?
    • Is the product Open Box or used?
      • Open Box is a new product returned back to the vendor. Even if it is not used, the product cannot be resold as a new product. Open Box comes with a manufacturer’s warranty and the latest operating system.
      • If used, how old is the product?

    "If you are looking for a product for two or three years, you can get it for less than half the price of new. I bought refurbished equipment for my call center for years and never had a problem". – Glen Collins, President, Applied Sales Group

    Info-Tech Insight

    Price differences are minimal between large and small vendors when dealing with refurbished machines. The decision to purchase should be based on ability to provide and service equipment.

    Define standard hardware requests, including core and optional assets

    2.1.2 Identify standards for hardware procurement by role

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • Representatives from all other areas of the business

    Document

    Document in the Standard Operating Procedures, Section 7: Procurement.

    1. Divide a whiteboard into columns representing all major areas of the business.
    2. List the approximate number of end users present at each tier and record these totals on the board.
    3. Distribute sticky notes. Use two different sizes: large sizes represent critically important hardware and small sizes represent optional hardware.
    4. Define core hardware assets for each division as well as optional hardware assets.
    5. Focus on the small sticky notes to determine if these optional purchases are necessary.
    6. Finalize the group decision to determine the standard hardware procurement for each role in the organization. Record results in a table similar to the example below:
    Department Core Hardware Assets Optional Hardware Assets
    IT PC, tablet, monitor Second monitor
    Sales PC, monitor Laptop
    HR PC, monitor Laptop
    Marketing PC (iMac) Tablet, laptop

    Document procedures for users to make standard hardware requests

    2.1.3 Document standard hardware request procedure

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • Representatives from all other areas of the business

    Document

    Document in the Standard Operating Procedures, Section 6: End-User Request Process.

    Discuss and document the end-user request process:

    1. In which cases can users request a primary device?
    2. In which cases can users request a secondary (optional device)?
    3. What justification is needed to approve of a secondary device?
      1. E.g. The request for a secondary device should be via email to the IS Projects and Procurements Officer. This email should outline the business case for why multiple devices are required.
    4. Will a service catalog be available and integrated with an ITAM solution for users to make standard requests? If so, can users also configure their options?
    5. Document the process in the standard operating procedure. Example:

    End-User Request Process

    • Hardware and software will be purchased through the user-facing catalog.
    • Peripherals will be ordered as needed.
    • End-user devices will be routed to business managers for approval prior to fulfillment by IT.
    • Requests for secondary devices must be accompanied by a business case.
    • Equipment replacements due to age will be managed through IT replacement processes.

    Improve the process for ordering non-standard hardware by formalizing the request process, including business needs

    2.1.4 Build a non-standard hardware request form

    • Although the goal should be to standardize as much as possible, this isn’t always possible. Ensure users who are requesting non-standard hardware have a streamlined process to follow that satisfies the justifications for increased costs to deliver.
    • Use Info-Tech’s template to build a non-standard hardware request form that may be used by departments/users requesting non-standard hardware in order to collect all necessary information for the request to be evaluated, approved, and sent to procurement.
    • Ensure that the requestor provides detailed information around the equipment requested and the reason standard equipment does not suffice and includes all required approvals.
    • Include instructions for completing and submitting the form as well as expected turnaround time for the approval process.

    Info-Tech Insight

    Include non-standard requests in continual improvement assessment. If a large portion of requests are for non-standard equipment, it’s possible the hardware doesn’t meet the recommended requirements for specialized software in use with many of your business users. Determine if new standards need to be set for all users or just “power users.”

    Identify the information you need to collect to ensure a smooth purchasing process

    Categories Peripherals Desktops/Laptops Servers
    Financial
    • Operational expenses
    • Ordered for inventory with the exceptions of monitors that will be ordered as needed
    • Equipment will be purchased through IT budget
    • Capital expenses
    • Ordered as needed…
    • Inventory kept for…
    • End-user devices will be purchased through departmental budgets
    • Capital expenses
    • Ordered as needed to meet capacity or stability requirements
    • Devices will be purchased through IT budgets
    Request authorization
    • Any user can request
    • Users who are traveling can purchase and expense peripherals as needed, with manager approvals
    • Tier 3 technicians
    Required approvals
    • Manager approvals required for monitors
    • Infrastructure and applications manager up to [$]
    • CIO over [$]
    Warranty requirements
    • None
    • Three years
    • Will be approved with project plan
    Inventory requirements
    • Minimum inventory at each location of 5 of each: mice, keyboards, cables
    • Docking stations will be ordered as needed
    • Laptops (standard): 5
    • Laptops (ultra light): 1
    • Desktops: 5
    • Inventory kept in stock as per DR plan
    Tracking requirements
    • None
    • Added to ITAM database, CMDB
    • Asset tag to be added to all equipment
    • Added to ITAM database, CMDB

    Info-Tech Best Practice

    Take into account the possibility of encountering taxation issues based on where the equipment is being delivered as well as taxes imposed or incurred in the location from which the asset was shipped or sent. This may impact purchasing decisions and shipping instructions.

    Develop a procurement plan to get everyone in the business on the same page

    • Without an efficient and structured process around how IT purchases are budgeted and authorized, maverick spending and dark procurement can result, limiting IT’s control and visibility into purchases.
    • The challenge many IT departments face is that there is a disconnect between meeting the needs of the business and bringing in equipment according to existing policies and procedures.
    • The asset manager should demonstrate how they can bridge the gaps and improve tracking mechanisms at the same time.

    Improve procurement decisions:

    • Demonstrate how technology is a value-add.
    • Make a clear case for the budget by using the same language as the rest of the business.
    • Quantify the output of technology investments in tangible business terms to justify the cost.
    • Include the refresh cycle in the procurement plan to ensure mission- critical systems will include support and appropriate warranty.
    • Plan technology needs for the future and ensure IT technology will continue to meet changing needs.
    • Synchronize redundant organizational procurement chains in order to lower cost.

    Document the following in your procurement procedure:

    • Process for purchase requests
    • Roles and responsibilities, including requestors and approvers
    • Hardware assets to purchase and why they are needed
    • Timelines for purchase
    • Process for vendors

    Info-Tech Insight

    IT procurement teams are often heavily siloed from ITAM teams. The procurement team is typically found in the finance department. One way to bridge the gap is to implement routine, reliable reporting between departments.

    Determine if it makes sense to lease or buy your equipment; weigh the pros and cons of leasing hardware

    Pros

    • Keeps operational costs low in the short term by containing immediate cost.
    • Easy, predictable payments makes it easier to budget for equipment over long term.
    • Get the equipment you need to start doing business right away if you’re just starting out.
    • After the leasing term is up, you can continue the lease and update your hardware to the latest version.
    • Typical leases last 2 or 3 years, meaning your hardware can get upgrades when it needs it and your business is in a better position to keep up with technology.
    • Leasing directly from the vendor provides operational flexibility.
    • Focus on the business and let the vendor focus on equipment service and updates as you don’t have to pay for maintenance.
    • Costs structured as OPEX.

    Cons

    • In the long term, leasing is almost always more expensive than buying because there’s no equity in leased equipment and there may be additional fees and interest.
    • Commitment to payment through the entire lease period even if you’re not using the equipment anymore.
    • Early termination fees if you need to get out of the lease.
    • No option to sell equipment once you’re finished with it to make money back.
    • Maintenance is up to leasing company’s specifications.
    • Product availability may be limited.

    Recommended for:

    • Companies just starting out
    • Business owners with limited capital or budget
    • Organizations with equipment that needs to be upgraded relatively often

    Weigh the pros and cons of purchasing hardware

    Pros

    • Complete control over assets.
    • More flexible and straightforward procurement process.
    • Tax incentives: May be able to fully deduct the cost of some newly purchased assets or write off depreciation for computers and peripherals on taxes.
    • Preferable if your equipment will not be obsolete in the next two or three years.
    • You can resell the asset once you don’t need it anymore to recover some of the cost.
    • Customization and management of equipment is easier when not bound by terms of leasing agreement.
    • No waiting on vendor when maintenance is needed; no permission needed to make changes.

    Cons

    • High initial cost of investment with CAPEX expense model.
    • More paperwork.
    • You (as opposed to vendor) are responsible for equipment disposal in accordance with environmental regulations.
    • You are responsible for keeping up with upgrades, updates, and patches.
    • You risk ending up with out-of-date or obsolete equipment.
    • Hardware may break after terms of warranty are up.

    Recommended for:

    • Established businesses
    • Organizations needing equipment with long-term lifecycles

    Make a lease vs. buy decision for equipment purchases

    2.1.4 Decide whether to purchase or lease

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • Representatives from all other areas of the business

    Document

    Document policy decisions in the Standard Operating Procedures – Section 7: Procurement

    1. Identify hardware equipment that requires a purchase vs. lease decision.
    2. Discuss with Finance whether it makes sense to purchase or lease each major asset, considering the following:
    • Costs of equipment through each method
    • Tax deductions
    • Potential resale value
    • Potential revenue from using the equipment
    • How quickly the equipment will be outdated or require refresh
    • Size of equipment
    • Maintenance and support requirements
    • Overall costs
  • The leasing vs. buying decision should take considerable thought and evaluation to make the decision that best fits your organizational needs and situation.
  • Determine appropriate warranty and service-level agreements for your organization

    Determine acceptable response time, and weigh the cost of warranty against the value of service.

    • Standard warranties vary by manufacturer, but are typically one or three years.
    • Next-day, onsite service may be part of the standard offering or may be available as an uplift.
    • Four-hour, same-day service can also be added for high availability needs.
    • Extended warranties can be purchased beyond three years, although not many organizations take advantage of this offering.
    • Other organizations lower or remove the warranty and have reported savings of as much as $150 per machine.

    Speak to your partner to see how they can help the process of distributing machines.

    • Internal components change frequently with laptops and desktops. If purchasing product over time rather than buying in bulk, ensure the model will be available for a reasonable term to reduce imaging and support challenges.
    • Determine which services are important to your organization and request these services as part of the initial quote. If sending out a formal RFQ or RFP, document required services and use as the basis for negotiating SLAs.
    • Document details of SLA, including expectations of services for manufacturer, vendor, and internal team.
    • If partner will be providing services, request they stock an appropriate number of hot spares for frequently replaced parts.
    • If self-certifying, review resource capabilities, understand skill and certification requirements; for example, A+ certification may be a pre-requisite.
    • Understand DOA policy and negotiate a “lemon policy,” meaning if product dies within 15 or 30 days it can be classified as DOA. Seek clarity on return processes.

    Consider negotiation strategies, including how and when to engage with different partners during acquisition

    Direct Model

    • Dell’s primary sales model is direct either through a sales associate or through its e-commerce site. Promotions are regularly listed on the website, or if customization is required, desktops and laptops have some flexibility in configuration. Discounts can be negotiated with a sales rep on quantity purchases, but the discount level changes based on the model and configuration.
    • Other tier-one manufacturers typically sell direct only from their e-commerce sites, providing promotions based on stock they wish to move, and providing some configuration flexibility. They rely heavily on the channel for the majority of their business.

    Channel Model

    • Most tier one manufacturers have processes in place to manage a smaller number of partners rather than billing and shipping out to individual customers. Deviating from this process and dealing direct with end customers can create order processing issues.
    • Resellers have the ability to negotiate discounts based on quantities. Discounts will vary based on model, timing (quarter or year end), and quantity commitment.
    • Negotiations on large quantities should involve a manufacturer rep as well as the reseller to clearly designate roles and services, ensure processes are in place to fulfill your needs, and agree on pricing scheme. This will prevent misunderstandings and bring clarity to any commitments.
    • Often the channel partners are authorized to provide repair services under warranty for the manufacturer.
    • Dell also uses the channel model for distribution where customers demand additional services.

    Expect discounts to reflect quantity and method of purchase

    Transaction-based purchases will receive the smallest discounting.

    • Understand requirements to find the most appropriate make and model of equipment.
    • Prepare a forecast of expected purchases for the year and discuss discounting.
    • Typically initial discounts will be 3-5% off suggested retail price.
    • Once a history is in place, and the vendor is receiving regular orders, it may extend deeper discounts.

    Bulk purchases will receive more aggressive discounting of 5-15% off suggested retail price, depending on quantities.

    • Examine shipping options and costs to take advantage of bulk deliveries; in some cases vendors may waive shipping fees as an extension of the discounting.
    • If choosing end-of-line product, ensure appropriate quantity of a single model is available to efficiently roll out equipment.
    • Various pricing models can be used to obtain best price.

    Larger quantities rolled out over time will require commitments to the manufacturer to obtain deepest discounts.

    • Discuss all required services as part of negotiation to ensure there are no surprise charges.
    • Several pricing models can be used to obtain the best price.
      • Suggested retail price minus as much as 20%.
      • Cost plus 3% up to 10% or more.
      • Fixed price based on negotiating equipment availability with budget requirements.

    If sending out to bid, determine requirements and scoring criteria

    It’s nearly impossible to find two manufacturers with the exact same specifications, so comparisons between vendors is more art than science.

    New or upgraded components will be introduced into configurations when it makes the most sense in a production cycle. This creates a challenge in comparing products, especially in an RFP. The best way to handle this is to:

    • Define and document minimum technology requirements.
    • Define and document service needs.
    • Compare vendors to see if they’ve met the criteria or not; if yes, compare prices.
    • If the vendors have included additional offerings, see if they make sense for your organization. If they do, include that in the scoring. If not, exclude and score based on price.
    • Recognize that the complexity of the purchase will dictate the complexity of scoring.

    "The hardware is the least important part of the equation. What is important is the warranty, delivery, imaging, asset tagging, and if they cannot deliver all these aspects the hardware doesn’t matter." – Doug Stevens, Assistant Manager Contract Services, Toronto District School Board

    Document and analyze the hardware procurement workflow to streamline process

    The procurement process should balance the need to negotiate appropriate pricing with the need to quickly approve and fulfill requests. The process should include steps to follow for approving, ordering, and tracking equipment until it is ready for receipt.

    Within the process, it is particularly important to decide if this is where equipment is added into the database or if it will happen upon receipt.

    A poorly designed procurement workflow:

    • Includes many bottlenecks, stopping and starting points.
    • May impact project and service requests and requires unrealistic lead times.
    • May lead to lost productivity for users and lost credibility for the IT department.

    A well-designed hardware procurement workflow:

    • Provides reasonable lead times for project managers and service or hardware request fulfillment.
    • Provides predictability for technical resources to plan deployments.
    • Reduces bureaucracy and workload for following up on missing shipments.
    • Enables improved documentation of assets to start lifecycle management.

    Info-Tech Insight

    Where the Hardware Asset Manager is unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand. Projects, replacements, and new-user requests cannot be delayed in a service-focused IT organization due to bureaucratic processes.

    Document and analyze your procurement workflow to identify opportunities for improvement and communicate process

    Determine if you need one workflow for all equipment or multiples for small vs. large purchases.

    Occasionally large rollouts require significant changes from lower dollar purchases.

    Watch for:

    • Back and forth communications
    • Delays in approvals
    • Inability to get ETAs from vendors
    • Too many requests for quotes for small purchases
    • Entry into asset database

    This sample can be found in the HAM Process Workflows.

    The image shows a workflow, titled Procurement-Equipment-Small Quantity. On the left, the chart is separated into categories: IT Procurment; Tier 2 or Tier 3; IT Director; CIO.

    Design the process workflow for hardware procurement

    2.1.6 Illustrate procurement workflow with a tabletop exercise

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Document

    Document in the Standard Operating Procedures, Section 7: Procurement

    1. In a group, distribute sticky notes or cue cards.
    2. Designate a space on the table/whiteboard to plot the workflow.
    3. Determine which individuals are responsible for handling non-standard requests. Establish any exceptions that may apply to your defined hardware standard.
    4. Gather input from Finance on what the threshold will be for hardware purchases that will require further approval.
    5. Map the procurement process for a standard hardware purchase.
    6. If applicable, map the procurement process for a non-standard request separately.
    7. Evaluate the workflow to identify any areas of inefficiency and make any changes necessary to improve the process.
    8. Be sure to discuss and include:
      • All necessary approvals
      • Time required for standard equipment process
      • Time required for non-standard equipment process
      • How information will be transferred to ITAM database

    Document and share an organizational purchasing policy

    2.1.7 Build a purchasing policy

    A purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

    The policy will ensure that all purchasing processes are consistent and in alignment with company strategy. The purchasing policy is key to ensuring that corporate purchases are effective and the best value for money is obtained.

    Implement a purchasing policy to prevent or reduce:

    • Costly corporate conflict of interest cases.
    • Unauthorized purchases of non-standard, difficult to support equipment.
    • Unauthorized purchases resulting in non-traceable equipment.
    • Budget overruns due to decentralized, equipment acquisition.

    Download Info-Tech’s Purchasing Policytemplate to build your own purchasing policy.

    Step 2.2: Receive and Deploy Hardware

    Phase 2: Procure & Receive

    2.1 Request & Procure

    2.2 Receive & Deploy

    This step will walk you through the following activities:

    2.2.1 Select appropriate asset tagging method

    2.2.2 Design workflow for receiving and inventorying equipment

    2.2.3 Document the deployment workflow(s)

    This step involves the following participants:

    • Asset Manager
    • Purchasing
    • Receiver (optional)
    • Service Desk Manager
    • Operations (optional)

    Step Outcomes:

    • Understanding of the pros and cons of various asset tagging methods
    • Defined asset tagging method, process, and location by equipment type
    • Identified equipment acceptance, testing, and return procedures
    • Documented equipment receiving and inventorying workflow
    • Documented deployment workflows for desktop hardware and large-scale deployments

    Cisco implemented automation to improve its inventory and deployment system

    CASE STUDY

    Industry Networking

    Source Cisco IT

    Challenge

    Although Cisco Systems had implemented a centralized procurement location for all PCs used in the company, inventory tracking had yet to be addressed.

    Inventory tracking was still a manual process. Given the volume of PCs that are purchased each year, this is an incredibly labor-intensive process.

    Sharing information with management and end users also required the generation of reports – another manual task.

    Solution

    The team at Cisco recognized that automation was the key component holding back the success of the inventory management program.

    Rolling out an automated process across multiple offices and groups, both nationally and internationally, was deemed too difficult to accomplish in the short amount of time needed, so Cisco elected to outsource its PC management needs to an experienced vendor.

    Results

    As a result of the PC management vendor’s industry experience, the implementation of automated tracking and management functions drastically improved the inventory management situation at Cisco.

    The vendor helped determine an ideal leasing set life of 30 months for PCs, while also managing installations, maintenance, and returns.

    Even though automation helped improve inventory and deployment practices, Cisco still needed to address another key facet of asset management: security.

    This case study continues in phase 3.

    An effective equipment intake process is critical to ensure product is correct, documented, and secured

    Examine your current process for receiving assets. Typical problems include:

    Receiving inventory at multiple locations can lead to inconsistent processes. This can make invoice reconciliation challenging and result in untracked or lost equipment and delays in deployment.

    Equipment not received and secured quickly. Idle equipment tends to go missing if left unsupervised for too long. Missed opportunities to manage returns where equipment is incorrect or defective.

    Disconnect between procurement and receiving where ETAs are unknown or incorrect. This can create an issue where no one is prepared for equipment arrival and is especially problematic on large orders.

    How do you solve these problems? Create a standardized workflow that outlines clear steps for asset receiving.

    A workflow will help to answer questions such as:

    • How do you deal with damaged shipments? Incorrect shipments?
    • Did you reach an agreement with the vendor to replace damaged/incorrect shipments within a certain timeframe?
    • When does the product get tagged and entered into the system as received?
    • What information needs to get captured on the asset tag?

    Standardize the process for receiving your hardware assets

    The first step in effective hardware asset intake is establishing proper procedures for receiving and handling of assets.

    Process: Start with information from the procurement process to determine what steps need to follow to receive into appropriate systems and what processes will enable tagging to happen as soon as possible.

    People: Ensure anyone who may impact this process is aware of the importance of documenting before deployment. Having everyone who may be handling equipment on board is key to success.

    Security: Equipment will be secured at the loading dock or reception. It will need to be secured as inventory and be secured if delivering directly to the bench for imaging. Ensure all receiving activities are done before equipment is deployed.

    Tools: A centralized ERP system may already provide a place to receive and reconcile with purchasing and invoicing, but there may still be a need to receive directly into the ITAM and/or CMDB database rather than importing directly from the ERP system.

    Tagging: A variety of methods can be used to tag equipment to assist with inventory. Consider the overall lifecycle management when determining which tagging methods are best.

    Info-Tech Insight

    Decentralized receiving doesn’t have to mean multiple processes. Take advantage of enterprise solutions that will centralize the data and ensure everyone follows the same processes unless there is an uncompromising and compelling logistical reason to deviate.

    Evaluate the pros and cons of different asset tagging methods

    Method Cost Strengths Weaknesses Recommendation
    RFID with barcoding – asset tag with both a barcode and RFID solution $$$$
    • Secure, fast, and robust
    • Track assets in real time
    • Quick and efficient
    • Most expensive option, requiring purchase of barcode scanner with RFID reader and software)
    • Does not work as well in an environment with less control over assets
    • Requires management of asset database
    • Best in a controlled environment with mature processes and requirement for secure assets
    RFID only – small chip with significant data capacity $$$
    • Track assets from remote locations
    • RFID can be read through boxes so you don’t have to unpack equipment
    • Scan multiple RFID-tagged hardware simultaneously
    • Large data capacity on small chip
    • Expensive, requiring purchase of RFID reading equipment and software
    • Ideal if your environment is spread over multiple locations
    Barcoding only – adding tags with unique barcodes $$
    • Reasonable security
    • Report inventory directly to database
    • Relatively low cost
    • Only read one at a time
    • Need to purchase barcode scanners and software
    • Can be labor intensive to deploy with manual scanning of individual assets
    • Less secure
    • Can’t hold as much data
    • Not as secure as barcodes with RFID but works for environments that are more widely distributed and less controlled

    Evaluate the pros and cons of different asset tagging methods

    Method Cost Strengths Weaknesses Recommendation
    QR codes – two-dimensional codes that can store text, binary, image, or URL data $$
    • Easily scannable from many angles
    • Save and print on labels
    • Can be read by barcode scanning apps or mobile phones
    • Can encode more data than barcodes
    • QR codes need to be large enough to be usable, which can be difficult with smaller IT assets
    • Scanning on mobile devices takes longer than scanning barcodes
    • Ideal if you need to include additional data and information in labels and want workers to use smartphones to scan labels
    Manual tags – tag each asset with your own internal labels and naming system $
    • Most affordable
    • Manual
    • Tags are not durable
    • Labor intensive and time consuming
    • Leaves room for error, misunderstanding, and process variances between locations
    • As this is the most time consuming and resource intensive with a low payoff, it is ideal for low maturity organizations looking for a low-cost option for tagging assets
    Asset serial numbers – tag assets using their serial number $
    • Less expensive
    • Unique serial numbers identified by vendor
    • Serial numbers have to be added to database manually, which is labor intensive and leaves room for error
    • Serial numbers can rub off over time
    • Hard to track down already existing assets
    • Doesn’t help track location of assets after deployment
    • Potential for duplicates
    • Inconsistent formats of serial numbers by manufacturers makes this method prone to error and not ideal for asset management

    Select the appropriate method for tagging and tracking your hardware assets

    2.2.1 Select asset tagging method

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 8

    1. Define your asset tagging method. For most organizations, asset tracking is done via barcoding or QR codes, either by using one method or a combination of the two. Other methods, including RFID, may be applicable based on cost or tracking complexity. Overall, barcodes embedded with RFID are the most robust and efficient method for asset tagging, but also the most expensive. Choose the best method for your organization, taking into account affordability, labor-intensiveness, data complexity needs, and ease of deployment.
    2. Define the process for tagging assets, including how soon they should receive the tag, whose responsibility it is, and whether the tag type varies depending on the asset type.
    3. Define the location of asset tags according to equipment type. Example:
    Asset Type Asset Tag Location
    PC desktop Right upper front corner
    Laptop Right corner closest to user when laptop is closed
    Server Right upper front corner
    Printer Right upper front corner
    Modems Top side, right corner

    Inspect and test equipment before accepting it into inventory to ensure it’s working according to specifications

    Upon receipt of procured hardware, validate the equipment before accepting it into inventory.

    1. Receive - Upon taking possession of the equipment, stage them for inspection before placing them into inventory or deploying for immediate use.
    2. Inspect - The inspection process should involve at minimum examining the products that have been delivered to determine conformance to purchase specifications.
    3. Test -Depending on the type and cost of hardware, some assets may benefit from additional testing to determine if they perform at a satisfactory level before being accepted.
    4. Accept - If the products conform to the requirements of the purchase order, acknowledge receipt so the supplier may be paid. Most shipments are automatically considered as accepted and approved for payment within a specific timeframe.

    Assign responsibility and accountability for inspection and acceptance of equipment, verifying the following:

    • The products conform to purchase order requirements.
    • The quantity ordered is the same as the quantity delivered.
    • There is no damage to equipment.
    • Delivery documentation is acceptable.
    • Products are operable and perform according to specifications.
    • If required, document an acceptance testing process as a separate procedure.

    Build the RMA procedure into the receiving process to handle receipt of defective equipment

    The return merchandise authorization (RMA) process should be a standard part of the receiving process to handle the return of defective materials to the vendor for either repair or replacement.

    If there is a standard process in place for all returns in the organization, you can follow the same process for returning hardware equipment:

    • Call the vendor to receive a unique RMA number that will be attached to the equipment to be returned, then follow manufacturer specifications for returning equipment within allowable timelines according to the contract where applicable.
    • Establish a lemon policy with vendors, allowing for full returns up to 30 days after equipment is deployed if the product proves defective after initial acceptance.

    Info-Tech Insight

    Make sure you’re well aware of the stipulations in your contract or purchase order. Sometimes acceptance is assumed after 60 days or less, and oftentimes the clock starts as soon as the equipment is shipped out rather than when it is received.

    Info-Tech Best Practice

    Keep in mind that the serial number on the received assed may not be the asset that ultimately ends up on the user’s desk if the RMA process is initiated. Record the serial number after the RMA process or add a correction process to the workflow to ensure the asset is properly accounted for.

    Determine what equipment should be stocked for quick deployment where demand is high or speed is crucial

    The most important feature of your receiving and inventory process should be categorization. A well-designed inventory system should reflect not only the type of asset, but also the usage level.

    A common technique employed by asset managers is to categorize your assets using an ABC analysis. Assets are classified as either A, B, or C items. The ratings are based on the following criteria:

    A

    A items have the highest usage. Typically, 10-20% of total assets in your inventory account for upwards of 70-80% of the total asset requests.

    A items should be tightly controlled with secure storage areas and policies. Avoiding stock depletion is a top priority.

    B

    B items are assets that have a moderate usage level, with around 30% of total assets accounting for 15-25% of total requests.

    B items must be monitored; B items can transition to A or C items, especially during cycles of heavier business activity.

    C

    C items are assets that have the lowest usage, with upwards of 50% of your total inventory accounting for just 5% of total asset requests.

    C items are reordered the least frequently, and present a low demand and high risk for excessive inventory (especially if they have a short lifecycle). Many organizations look to move towards an on-demand policy to mitigate risk.

    Info-Tech Insight

    Get your vendor to keep stock of your assets. If large quantities of a certain asset are required but you lack the space to securely store them onsite, ask your vendor to keep stock for you and release as you issue purchase orders. This speeds up delivery and delays warranty activation until the item is shipped. This does require an adherence to equipment standards and understanding of demand to be effective.

    Define the process for receiving equipment into inventory

    Define the following in your receiving process:

    • When will equipment be opened once delivered?
    • Who will open and validate equipment upon receipt?
    • How will discrepancies be resolved?
    • When will equipment be tagged and identified in the tracking tool?
    • When will equipment be locked in secure storage?
    • Where will equipment go if it needs to be immediately deployed?

    The image shows a workflow chart titled Receiving and Tagging. The process is split into two sections, labelled on the left as: Desktop Support Team and Procurement.

    Design the workflow for receiving and inventorying equipment

    2.2.2 Illustrate receiving workflow with a tabletop exercise

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Document

    Document in the Standard Operating Procedures, Section 8: Receiving and Equipment Inventory

    Option 1: Whiteboard

    1. Discuss the workflow and draw it on the whiteboard.
    2. Assess whether you are using the best workflow. Modify it if necessary.
    3. Use the sample workflow from this step as a guide if starting from scratch.
    4. Engage the team in refining the process workflow.
    5. Transfer data to Visio and add to the SOP.

    Option 2: Tabletop Exercise

    1. Distribute index cards to each member of the team.
    2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
    3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
    4. Arrange the index cards in order, removing duplicates.
    5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
    6. Transfer data to Visio and add to the SOP.

    Improve device deployment by documenting software personas for each role

    • Improve the deployment process for new users by having a comprehensive list of software used by common roles within the organization. With large variations in roles, it may be impossible to build a complete list, but as you start to see patterns in requirements, you may find less distinct personas than anticipated.
    • Consider a survey to business units to determine what they need if this will solve some immediate problems. If this portion of the project will be deferred, use the data uncovered in the discovery process to identify which software is used by which roles.
    • Replacement equipment can have the software footprint created by what was actually utilized by the user, not necessarily what software was installed on the previous device.

    The image shows 4 bubbles, representing software usage. The ARC-GIS bubble is the largest, Auto CAD the second largest, and MS Office and Adobe CS equal in size.

    A software usage snapshot for an urban planner/engineer.

    • Once software needs are determined, use this information to review the appropriate device for each persona.
      • Ensure hardware is appropriate for the type of work the user does and supports required software.
      • If it is more appropriate for a user to have a tablet, ensure the software they use can be used on any device.
    • Review deployment methods to determine if there is any opportunity to improve the imaging or software deployment process with better tools or methodologies.
    • Document the device’s location if it will be static, or if the user may be more mobile, add location information for their primary location.
    • Think about the best place to document – if this information can be stored in Active Directory and imported to the ITAM database, you can update once and use in multiple applications. But this process is built into your add/move/change workflows.

    Maintain a lean library to simplify image management

    Simplify, simplify, simplify. Use a minimal number of desktop images and automate as much as you can.

    • Embrace minimalism. When it comes to managing your desktop image library, your ultimate goal should be to minimize the manual effort involved in provisioning new desktops.
    • Less is more. Try to maintain as few standard desktop images as possible and consider a thin gold image, which can be patched and updated on a regular basis. A thin image with efficient application deployment will improve the provisioning process.
    • Standardize and repeat. System provisioning should be a repeatable process. This means it is ripe for standardization and automation. Look at balancing the imaging process with software provisioning, using group policy and deployment tools to reduce time to provision and deliver equipment.
    • Outsource where appropriate. Imaging is one of the most employed services, where the image is built in-house and deployed by the hardware vendor. As a minimum, quarterly updates should still be provided to integrate the latest patches into the operating system.

    Document the process workflow for hardware deployment

    Define the process for deploying hardware to users.

    Include the following in your workflow:

    • How will equipment be configured and imaged before deployment?
    • Which images will be used for specific roles?
    • Which assets are assigned to specific roles?
    • How will the device status be changed in the ITAM tool once deployed?

    The image shows a workflow chart titled Hardware Deployment. It is divided into two categories, listed on the left: Desktop Support Team and Procurement.

    Large-scale deployments should be run as projects, benefitting from economies of scale in each step

    Large-scale desktop deployments or data center upgrades will likely be managed as projects.

    These projects should include project plans, including resources, timelines, and detailed procedures.

    Define the process for large-scale deployment if it will differ from the regular deployment process.

    The image is a graphic of a flowchart titled Deployment-Equipment-Large Quantity Rollout. It is divided into three categories, listed on the left: IT Procurement; Desktop Rollout Team; Asset Manager.

    Document the deployment workflow(s)

    2.2.3 Document deployment workflows for desktop and large-scale deployment

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Document

    Document in the Standard Operating Procedures, Section 9: Deployment

    Document each step in the system deployment process with notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

    1. Outline each step in the process of desktop deployment. Be as granular as possible. On each card, describe the step as well as the individual responsible for it.
    2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    3. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If yes, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
    4. Document separately the process for large-scale deployment if required.

    Look for opportunities to improve the request and deployment process with better communication and tools

    The biggest challenge in deploying equipment is meeting expectations of the business, and without cooperation from multiple departments, this becomes significantly more difficult.

    • Work with the procurement and the services team to ensure inventory is accessible, and regularly validate that inventory levels in the ITAM database are accurate.
    • Work with the HR department to predict (where possible) anticipated new hires. Plan for inventory ebbs and flows to match the hiring timelines where there are large variations.
    • If service catalogs will be made available for communicating options and SLAs for equipment purchases, work with the service catalog administrators to automate inventory checks and notifications. Work with the end-user device managers to set standards and reduce equipment variations to a manageable amount.
    • Where deployments are part of equipment refresh, ensure data is up to date for the services team to plan the project rollouts and know which software should be redeployed with the devices.
    • Infrastructure and security teams may have specific hardware assets relating to networking, data centers, and security, which may bypass the end-user device workflows but need to be tagged and entered into inventory early in the process. Work with these teams to have their equipment follow the same receiving and inventory processes. Deployment will vary based on equipment type and location.

    Automate hardware deployment where users are dispersed and deployment volume is high

    Self-serve kiosks (vending machines) can provide cost reductions in delivery of up to 25%. Organizations that have a high distribution rate are seeing reductions in cost of peripherals averaging 30-35% and a few extreme cases of closer to 85%.

    Benefits of using vending machines:

    • Secure equipment until deployed.
    • Equipment can be either purchased by credit card or linked to employee ID cards, enabling secure transactions and reporting.
    • Access rights can be controlled in real time, preventing terminated employees from accessing equipment or managing how many devices can be deployed to each user.
    • Vending machines can be managed through a cellular or wireless network.
    • Technology partners can be tasked with monitoring and refilling vending machines.
    • Employees are able to access technology wherever a vending machine can be located rather than needing to travel to the help desk.
    • Equipment loans and new employee packages can be managed through vending machines.

    Phase 2 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Request, Procure, Receive, and Deploy

    Proposed Time to Completion: 4 weeks

    Step 2.1: Request & Procure

    Start with an analyst kick-off call:

    • Define standard and non-standard hardware.
    • Weigh the pros and cons of leasing vs. buying.
    • Build the procurement process.

    Then complete these activities…

    • Define standard hardware requests.
    • Document standard hardware request procedure.
    • Document procurement workflow.
    • Build a purchasing policy.

    With these tools & templates:

    • Standard Operating Procedures
    • Non-Standard Hardware Request Form
    • Hardware Procurement Workflow
    • Purchasing Policy

    Step 2.2: Receive & Deploy

    Review findings with analyst:

    • Determine appropriate asset tagging method.
    • Define equipment receiving process.
    • Define equipment deployment process.

    Then complete these activities…

    • Select appropriate asset tagging method.
    • Design workflow for receiving and inventorying equipment.
    • Document the deployment workflow(s).

    With these tools & templates:

    • Standard Operating Procedures
    • Equipment Receiving & Tagging Workflow
    • Deployment Workflow

    Phase 2 Insight: Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.2 Define standard hardware requests

    Divide whiteboard into columns representing core business areas. Define core hardware assets for end users in each division along with optional hardware assets. Discuss optional assets to narrow and define standard equipment requests.

    2.2.1 Select appropriate method for tagging and tracking assets

    Discuss the various asset tagging methods and choose the tagging method that is most appropriate for your organization. Define the process for tagging assets and document the standard asset tag location according to equipment type.

    Phase 3

    Maintain and Dispose

    Implement Hardware Asset Management

    Cisco overcame organizational resistance to change to improve asset security

    CASE STUDY

    Industry Networking

    Source Cisco IT

    Challenge

    Cisco Systems had created a dynamic work environment that prized individuality. This environment created high employee satisfaction, but it also created a great deal of risk surrounding device security.

    Cisco lacked an asset security policy; there were no standards for employees to follow. This created a surplus of not only hardware, but software to support the variety of needs amongst various teams at Cisco.

    Solution

    The ITAM team at Cisco recognized that their largest problem was the lack of standardization with respect to PCs. Variance in cost, lifecycle, and software needs/compatibility were primary issues.

    Cisco introduced a PC leasing program with the help of a PC asset management vendor to correct these issues. The primary goal was to increase on-time returns of PCs. A set life of 30 months was defined by the vendor.

    Results

    Cisco engaged employees to help contribute to improving its asset management protocols, and the approach worked.

    On-time returns increased from 60% to 80%. Costs were reduced due to active tracking and disposal of any owned assets still present.

    A reduction in hardware and software platforms has cut costs and increased security thanks to improved tracking capabilities.

    This case study continues in phase 4

    Step 3.1: Manage, Maintain, and Secure Hardware Assets

    Phase 3: Maintain & Dispose

    3.1 Manage & Maintain

    3.2 Dispose or Redeploy

    This step will walk you through the following activities:

    3.1.1 Build a MAC policy and request form

    3.1.2 Build workflows to document user MAC processes

    3.1.3 Design process and policies for hardware maintenance, warranty, and support documentation handling

    3.1.4 Revise or create an asset security policy

    This step involves the following participants:

    • Asset Manager
    • Service Desk Manager
    • Operations (optional)
    • Security Department

    Step Outcomes

    • Understanding of inventory management process best practices
    • Templates for move/add/change request policy and form
    • Documented process workflows for the user move/add/change process
    • Process and policies for hardware maintenance, warranty, and support documentation handling
    • Defined policies for maintaining asset security

    Determine methods for performing inventory audits on equipment

    Auto-discovery

    • Auto-discovery tools will be crucial to the process of understanding what equipment is connected to the network and in use.
    • The core functionality of discovery tools is to scan the environment and collect configuration data from all connected assets, but most tools can also be used to collect usage data, network monitoring, and software asset management data including software distribution, compliance, and license information.
    • These tools may not connect to peripheral devices such as monitors and external drives, will not scan devices that are turned off or disconnected from the network, may not inventory remote users, and will rarely provide location information. This often results in a need to complete physical audits as well.

    Info-Tech Insight

    One of the most common mistakes we see when it comes to asset management is to assume that the discovery tool will discovery most or all of your inventory and do all the work. It is better to assume only 80-90% coverage by the discovery tool and build ownership records to uncover the unreportable assets that are not tied into the network.

    Physical audit

    • The physical audit can be greatly improved with barcode, RFID, or QR codes, allowing items to be scanned, records opened, then updated.
    • If not everything is tagged or entered into the ITAM database, then searching closets, cabinets, and desk drawers may be required to tag and enter those devices into the database.
    • Provide the inventory team with exact instructions on what needs to be collected, verified, and recorded. Depending on the experience and thoroughness of the team, spot checks early in the process may alleviate quality issues often discovered at the end of the inventory cycle.

    Determine requirements for performing inventory audits on equipment

    Conduct an annual hardware audit to ensure hardware is still assigned to the person and location identified in your ITAM system, and assess its condition.

    Perform a quarterly review of hardware stock levels in order to ensure all equipment is relevant and usable. The table below is an example of how to organize this information.

    Item Target Stock Levels Estimated $ Value
    Desktop computers
    Standard issue laptops
    Mice
    Keyboards
    Network cables
    Phones

    Info-Tech Insight

    Don’t forget about your remotely deployed assets. Think about how you plan to inventory remotely deployed equipment. Some tools will allow data collection through an agent that will talk to the server over the internet, and some will completely ignore those assets or provide a way to manually collect the data and email back to the asset manager. Mobile device management tools may also help with this inventory process. Determine what is most appropriate based on the volume of remote workers and devices.

    Build an inventory management process to maintain an accurate view of owned hardware assets

    • Your inventory should capture which assets are on hand, where they are located, and who owns them, at minimum. Maintaining an accurate, up-to-date view of owned hardware assets allows you to see at any time the actual state of the components that make up your infrastructure across the enterprise.
    • Automated inventory practices save time and effort from doing physical inventories and also reduce the interruption to business users while improving accuracy of data.
    • If you are just starting out, define the process for conducting an inventory of deployed assets, and then define the process for regular upkeep and audit of inventory data.

    Inventory Methods

    • Electronic – captures networked asset information only and can be deployed over the network with no deskside service interaction.
    • Physical – captures environmental detail and must be performed manually by a service technician with possible disruption to users.
    • Full inventory – both physical and electronic inventory of assets.

    Internal asset information to collect electronically

    • Hardware configuration
    • Installed software
    • Operating system
    • System BIOS
    • Network configuration
    • Network drive mappings
    • Printer setups
    • System variables

    External asset information that cannot be detected electronically

    • Assigned user
    • Associated assets
    • Asset/user location
    • Usage of asset
    • Asset tag number

    IMAC (Install, Move, Add, Change) services will form the bulk of asset management work while assets are deployed

    IMAC services are usually performed at a user’s deskside by a services technician and can include:

    • Installing new desktops or peripherals
    • Installing or modifying software
    • Physically moving an end user’s equipment
    • Upgrading or adding components to a desktop

    Specific activities may include:

    Changes

    • Add new user IDs
    • Manage IDs
    • Network changes
    • Run auto-discovery scan

    Moves

    • Perform new location site survey
    • Coordinate with facilities
    • Disconnect old equipment
    • Move to new location
    • Reconnect at new location
    • Test installed asset
    • Obtain customer acceptance
    • Close request

    Installs and Adds

    • Perform site survey
    • Perform final configuration
    • Coordinate with Facilities
    • Asset tagging
    • Transfer data from old desktop
    • Wipe old desktop hard drive
    • Test installed asset
    • Initiate auto-discovery scan
    • Obtain customer acceptance
    • Close request

    A strong IMAC request process will lessen the burden on IT asset managers

    • When assets are actively in use, Asset Managers must also participate in the IMAC (Install-Move-Add-Change) process and ensure that any changes to asset characteristics or locations are updated and tracked in the asset management tool and that the value and usefulness of the asset is monitored.
    • The IMAC process should not only be reactive in response to requests, but proactive to plan for moves and relocations during any organizational change events.

    Recommendations:

    Automate. Wherever possible, use tools to automate the IMAC process.

    E-forms, help desk, ticketing, or change management software can automate the request workflow by allowing the requestor to submit a request ticket that can then be automatically assigned to a designated team member according to the established chain of command. As work is completed, the ticket can be updated, and the requestor will be able to check the status of the work at any time.

    Communicate the length of any downtime associated with execution of the IMAC request to lessen the frustration and impatience among users.

    Involve HR. When it comes to adding or removing user accounts, HR can be a valuable resource. As most new employees should be hired through HR, work with them to improve the onboarding process with enough advanced notice to set up accounts and equipment. Role changes with access rights and software modifications can benefit from improved communications. Review the termination process as well, to secure data and equipment.

    Build a MAC request policy and form for end users

    A consistent Move, Add, Change (MAC) request process is essential for lessening the burden on the IT department. MAC requests are used to address any number of tasks, including:

    • Relocation of PCs and/or peripherals.
    • New account setup.
    • Hardware or software upgrades.
    • Equipment swaps or replacements.
    • User account/access changes.
    • Document generation.
    • User acceptance testing.
    • Vendor coordination.

    Create a request form.

    If you are not using help desk or other ticketing software, create a request template that must be submitted for each MAC. The request should include:

    • The name and department of the requester.
    • The date of the request.
    • Severity of the request. For example, severity can be graded on a score of high, medium, or low where high represents a mission-critical change that could compromise business continuity if not addressed immediately, and low represents a more cosmetic change that will not negatively affect operations. The severity of the request can be determined by the service-level agreement (SLA) associated with the service.
    • Date the request must be completed by. Or at least, what would be the ideal date for completion. This will vary greatly depending on the severity of the request. For example, deleting the access of a terminated employee would be very time sensitive.
    • Item or service to be moved, added, or changed. Include location, serial number, or other designated identifier where possible.
    • If the item or service is to be moved, indicated where it is being moved.
    • It is a good idea to include a comments section where the requester can add any additional questions or details.

    Use Info-Tech’s templates to build your MAC policy and request form

    3.1.1 Build a MAC policy and request form

    Desktop Move/Add/Change Policy

    This desktop move/add/change policy should be put in place to mitigate the risk associated with unauthorized changes, minimize disruption to the business, IT department, and end users, and maintain consistent expectations.

    Move, Add, Change Request Form

    Help end users navigate the move/add/change process. Use the Move/Add/Change Request Form to increase efficiency and organization for MAC requests.

    Document the process for user equipment moves

    Include the following in your process documentation:

    • How and when will any changes to user or location information be made in the ITAM tool?
    • Will any changes in AD automatically update in the ITAM tool?
    • How should requests for equipment moves or changes be made?
    • How will resources be scheduled?

    The image shows a flowchart titled SErvice Request - User Moves. The chart of processes is split into three categories, listed on the left side of the chart: User Manager; IT Coordinator; and Tier 2 & Facilities.

    Build workflows to document user MAC processes

    3.1.2 Build MAC process workflows

    Participants

    • Asset Manager
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 10: Equipment Install, Adds, Moves, and Changes

    Document each step in the system deployment process using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

    1. Outline each step in the process of desktop deployment. Be as granular as possible. On each card, describe the step as well as the individual responsible for each step.
    2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    3. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
    4. Document separately the process for large-scale deployment if required.

    Define a policy to ensure effective maintenance of hardware assets

    Effective maintenance and support of assets provides longer life, higher employee productivity, and increased user satisfaction.

    • Your asset management documentation and database should store equipment maintenance contract information so that it can be consulted whenever hardware service is required.
    • Record who to contact as well as how, warranty information, and any SLAs that are associated with the maintenance agreement.
    • Record all maintenance that hardware equipment receives, which will be valuable for evaluating asset and supplier performance.
    • In most cases, the Service Desk should be the central point of contact for maintenance calls to all suppliers.

    Sample equipment maintenance policy terms:

    • Maintenance and support arrangements are required for all standard and non-standard hardware.
    • All onsite hardware should be covered by onsite warranty agreements with appropriate response times to meet business continuity needs.
    • Defective items under warranty should be repaired in a timely fashion.
    • Service, maintenance, and support shall be managed through the help desk ticketing system.

    Design process and policies for hardware maintenance, warranty, and support documentation handling

    3.1.3 Design process for hardware maintenance

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 10

    1. Discuss and document the policy for hardware maintenance, warranty, and support.
    2. Key outcomes should include:
    • Who signs off on policies?
    • What is the timeline for documentation review?
    • Where are warranty and maintenance documents stored?
    • How will equipment be assessed for condition during audits?
    • How often will deployed equipment be reimaged?
    • How will equipment repair needs be requested?
    • How will repairs for equipment outside warranty be handled?
  • Document in the Standard Operating Procedure.
  • Use your HAM program to improve security and meet regulatory requirements

    ITAM complements and strengthens security tools and processes, improving the company’s ability to protect its data and systems and reduce operational risk.

    It’s estimated that businesses worldwide lose more than $221 billion per year as a result of security breaches. HAM is one important factor in securing data, equipment investment, and meeting certain regulatory requirements.

    How does HAM help keep your organization secure?

    • Educating users on best practices for securing their devices, and providing physical security such as cable locks and tracking mechanisms.
    • Best practices for reporting lost or stolen equipment for quickly removing access and remotely wiping devices.
    • Accurate location and disposal records will enable accurate reporting for HIPAA and PCI DSS audits where movement of media or hardware containing data is a requirement. Best practices for disposal will include properly wiping drives, recording information, and ensuring equipment is disposed of according to environmental regulations.
    • Secure access to data through end-user mobile devices. Use accurate records and MDM tools to securely track, remove access, and wipe mobile devices if compromised.
    • Encrypt devices that may be difficult to track such as USB drives or secure ports to prevent data from being copied to external drives.
    • Managed hardware allows software to be managed and patched on a regular basis.

    Best Practices

    1. Educate end users about traveling with equipment. Phones and laptops are regularly stolen from cars; tablets and phones are left on planes. Encourage users to consider how they store equipment on the way home from work.
    2. Cable locks used at unsecured offsite or onsite work areas should be supplied to employees.
    3. Equipment stored in IT must be secured at all times.

    Implement mobile device management (MDM) solutions

    Organizations with a formal mobile management strategy have fewer problems with their mobile devices.

    Develop a secure MDM to:

    • Provide connection and device support when the device is fully subsidized by the organization to increase device control.
    • Have loaner devices for when traveling to limit device theft or data loss.
    • Personal devices not managed by MDM should be limited to internet access on a guest network.
    • Limit personal device access to only internet access or a limited zone for data access and a subset of applications.
    • Advanced MDM platforms provide additional capabilities including containerization.

    The benefits of a deployed MDM solution:

    • Central management of a variety of devices and platforms is the most important advantage of MDM. Administrators can gain visibility into device status and health, set policies to groups of users, and control who has access to what.
    • Security features such as enforcing passcodes and remote wipe are also essential, given the increased risk of mobile devices.
      • Remote wipe should be able to wipe either the whole device or just selected areas.
    • Separation of personal data is becoming increasingly important as BYOD becomes the norm. This is a feature that vendors are approaching radically differently.
    • Device lock: Be able to lock the device itself, its container, or its SIM. Even if the SIM is replaced, the device should still remain locked. Consider remote locking a device if retrieval is possible.

    Mobile device management is constantly evolving to incorporate new features and expand to new control areas. This is a high-growth area that warrants constant up-to-date knowledge on the latest developments.

    What can be packed into an MDM can vary and be customized in many forms for what your organization needs.

    Secure endpoint devices to protect the data you cannot control

    Endpoint Encryption

    Endpoints Average None
    Desktop 73% 4%
    Laptops 65% 9%
    Smartphones 27% 28%
    Netbooks 26% 48%
    Tablets 16% 59%
    Grand average 41%

    Benefits from endpoint encryption:

    • Reduced risk associated with mobile workers.
    • Enabled sharing of data in secured workspace.
    • Enhanced end-user accountability.
    • Reduced number of data breach incidents.
    • Reduced number of regulatory violations.

    Ways to reduce endpoint encryption costs:

    • Use multiple vendors (multiple platforms): 33%
    • Use a single vendor (one platform): 40%
    • Use a single management console: 22%
    • Outsource to managed service provider: 26%
    • Permit user self-recovery: 26%

    Remote Wiping

    • If all else fails, a device can always be erased of all its data, protecting sensitive data that may have been on it.
    • Selective wipe takes it a step further by erasing only sensitive data.

    Selective wipe is not perfect.

    It is nearly impossible to keep the types of data separate, even with a sandbox approach. Selective wipe will miss some corporate data, and even a full remote wipe can only catch some of users’ increasingly widely distributed data.

    Selective wipe can erase:

    • Corporate profiles, email, and network settings.
    • Data within a corporate container or other sandbox.
    • Apps deployed across the enterprise.

    Know when to perform a remote wipe.

    Not every violation of policy warrants a wipe. Playing Candy Crush during work hours probably does not warrant a wipe, but jail breaking or removing a master data management client can open up security holes that do warrant a wipe.

    Design an effective asset security policy to protect the business

    Data security is not simply restricted to compromised software. In fact, 70% of all data breaches in the healthcare industry since 2010 are due to device theft or loss, not hacking. (California Data Breach Report – October, 2014) ITAM is not just about tracking a device, it is also about tracking the data on the device.

    Organizations often struggle with the following with respect to IT asset security:

    • IT hardware asset removal control.
    • Personal IT hardware assets (BYOD).
    • Data removal from IT hardware assets.
    • Inventory control with respect to leased hardware and software.
    • Unused software.
    • Repetitive versions of software.
    • Unauthorized software.

    Your security policy should seek to protect IT hardware and software that:

    • Have value to the business.
    • Require ongoing maintenance and support.
    • Create potential risk in terms of financial loss, data loss, or exposure.

    These assets should be documented and controlled in order to meet security requirements.

    The asset security policy should encompass the following:

    • Involved parties.
    • Hardware removal policy/documentation procedure.
    • End-user asset security responsibilities.
    • Theft/loss reporting procedure.
    • BYOD standards, procedures, and documentation requirements.
    • Data removal.
    • Software usage.
    • Software installation.

    Info-Tech Insight

    Hardware can be pricey; data is priceless. The cost of losing a device is minimal compared to the cost of losing data contained on a device.

    Revise or create an asset security policy

    3.1.4 Develop IT asset security policy

    Participants

    • CIO or IT Director
    • Asset Manager
    • Service Desk Manager
    • Security
    • Operations (optional)

    Document

    Document in the Asset Security Policy.

    1. Identify asset security challenges within your organization. Record them in a table like the one below.
    Challenge Current Security Risk Target Policy
    Hardware removal Secure access and storage, data loss Designated and secure storage area
    BYOD No BYOD policy in place N/A → phasing out BYOD as an option
    Hardware data removal Secure data disposal Data disposal, disposal vendor
    Unused software Lack of support/patching makes software vulnerable Discovery and retirement of unused software
    Unauthorized software Harder to track, less secure Stricter stance on pirated software
    1. Brainstorm the reasons for why these challenges exist.
    2. Identify target policy details that pertain to each challenge. Record the outcomes in section(s) 5.1, 5.2, or 5.3 of the Asset Security Policy.

    Poor asset security and data protection had costly consequences for UK Ministry of Justice

    CASE STUDY

    Industry Legal

    Source ICO

    Challenge

    The Ministry of Justice (MoJ) in the UK had a security problem: hard drives that contained sensitive prisoner data were unencrypted and largely unprotected for theft.

    These hard drives contained information related to health, history of drug use, and past links to organized crime.

    After two separate incidents of hard drive theft that resulted in data breaches, the Information Commissioner’s Office (ICO), stepped in.

    Solution

    It was determined that after the first hard drive theft in October 2011, replacement hard drives with encryption software were provisioned to prisons managed by the MoJ.

    Unfortunately, the IT security personnel employed by the MoJ were unaware that the encryption software required manual activation.

    When the second hard drive theft occurred, the digital encryption could not act as a backup to poor physical security (the hard drive was not secured in a locker as per protocol).

    Results

    The perpetrators were never found and the stolen hard drives were never recovered.

    As a result of the two data breaches, the MoJ had to implement costly security upgrades to its data protection system.

    The ICO fined the MoJ £180,000 for its repeated security breaches. This costly fine could have been avoided if more diligence was present in the MoJ’s asset management program.

    Step 3.2: Dispose or Redeploy Assets

    3.1 Manage & Maintain

    3.2 Dispose or Redeploy

    This step will walk you through the following activities:

    3.2.1 Identify challenges with IT asset recovery and disposal

    3.2.2 Design hardware asset recovery and disposal workflows

    3.2.3 Build a hardware asset disposition policy

    This step involves the following participants:

    • Infrastructure Director/Manager
    • Asset Manager
    • Service Desk Manager
    • Operations (optional)

    Step Outcomes:

    • Defined process to determine when to redeploy vs. dispose of hardware assets
    • Process for recovering and redeploying hardware equipment
    • Process for safely disposing of assets that cannot be redeployed
    • Comprehensive asset disposition policy

    Balance the effort to roll out new equipment against the cost to maintain equipment when building your lifecycle strategy

    The image shows two line graphs. The graph on the left is titled: Desktop Refresh Rate by Company Size (based on Revenue). The graph on the right is titled: Laptop Refresh Rate by Company Size (based on Revenue). Each graph has four lines, defined by a legend in the centre of the image: yellow is small ($25mm); dark blue is Mid ($25-500MM); light blue is large ( data-verified=$500MM); and orange is Overall.">

    (Info-Tech Research Group; N=96)

    Determining the optimal length of time to continue to use equipment will depend on use case and equipment type

    Budget profiles Refresh methods

    Stretched

    Average equipment age: 7+ years

    To save money, some organizations will take a cascading approach, using the most powerful machines for engineers or scientists to ensure processing power, video requirements and drives will meet the needs of their applications and storage needs; then passing systems down to departments who will require standard-use machines. The oldest and least powerful machines are either used as terminals or disposed.

    Generous

    Average equipment age: 3 years

    Organizations that do not want to risk user dissatisfaction or potential compatibility or reliability issues will take a more aggressive replacement approach. These organizations often have less people assigned to end-user device maintenance and will not repair equipment outside of warranty. There is little variation in processing power among devices, with major differences determined by mobility and operating system.

    Cautious

    Average equipment age: 4 to 5 years

    Organizations that fit between the other two profiles will look to stretch the budget beyond warranty years, but will keep a close eye on maintenance requirements. Repairs needed outside of warranty will require an eye to costs, efforts, and subsequent administrative work of loaning equipment to keep the end user productive while waiting on service.

    Recommendations to keep users happy and equipment in prime form is to check condition at the 2-3 year mark, reimage at least once to improve performance, and have backup machines, if equipment starts to become problematic.

    Build a process to determine when and how to redeploy or dispose of hardware assets at end of use

    • When equipment is no longer needed for the function or individual to whom it was assigned, the Hardware Asset Manager needs to use data to ensure the right decision is made as to what to do with the asset.
    • End of use involves evaluating options for either continuing to use the equipment in another capacity or by another individual or determining that the asset has no remaining value to the organization in any capacity and it is time to retire it.
    • If the asset is retired, it may still have capacity for continued use outside of the organization or it may be disposed.

    Redeployment

    • Deliver the asset to a new user if it is no longer needed by the original user but still has value and usability.
    • Redeployment saves money and prevents unnecessary purchases.
    • Common when employees leave the company or a merge or acquisition changes the asset pool.

    VS.

    Disposal

    • When an asset is no longer of use to the organization, it may be disposed of.
    • Need to consider potential financial and public relations considerations if disposal is not done according to environmental legislation.
    • Need to ensure proper documentation and data removal is built into disposition policy.

    Use persistent documentation and communication to improve hardware disposal and recovery

    Warning! Poor hardware disposal and recovery practices can be caused by the following:

    1. Your IT team is too busy and stretched thin. Data disposal is one of many services your IT team is likely to have to deal with, but this service requires undivided attention. By standardizing hardware refreshes, you can instill more predictability with your hardware life cycles and better manage disposal.
    2. Poor inventory management. Outdated data and poor tracking practices can result in lost assets during the disposal phase. It only takes a single lost asset to cause a disastrous data breach in your supply chain.
    3. Obliviousness to disposal regulations. Electronic disposal and electronically stored data are governed by strict regulation.

    How do you improve your hardware disposal and recovery process?

    • A specific, controlled process needs to be in place to wipe all equipment and verify that it’s been wiped properly. Otherwise, companies will continue to spend money to protect data while equipment is in use, but overlook the dangerous implications of careless IT asset disposal. Create a detailed documentation process to track your assets every step of the way to ensure that data and applications are properly disposed of. Detailed documentation can also help bolster sustainability reporting for organizations wishing to track such data.
    • Better communication should be required. Most decommissioning or refresh processes use multiple partners for manufacturing, warehousing, data destruction, product resale, and logistics. Setting up and vetting these networks can take years, and even then, managing them can be like playing a game of telephone; transparency is key.

    Address three core challenges of asset disposal and recovery

    Asset Disposal

    Data Security

    Sixty-five percent of organizations cite data security as their top concern. Many data breaches are a result of hardware theft or poor data destruction practices.

    Choosing a reputable IT disposal company or data removal software is crucial to ensuring data security with asset disposal.

    Environmental

    Electronics contain harmful heavy metals such as mercury, arsenic, and cadmium.

    Disposal of e-waste is heavily regulated, and improper disposal can result in hefty fines and bad publicity for organizations.

    Residual value

    Many obsolete IT assets are simply confined to storage at their end of life.

    This often imposes additional costs with maintenance or storage fees and leaves a lot of value on the table through assets that could be sold or re-purposed within the organization.

    Identify challenges with IT asset recovery and disposal with a triple bottom line scorecard

    3.2.1 Identify challenges with IT asset recovery and disposal

    Participants

    • Infrastructure Director/Manager
    • Asset Manager
    • Service Desk Manager
    • Operations (optional)
    1. Divide the whiteboard into three boxes: Social, Economic, and Environmental.
    2. Divide each box into columns like the one shown below:
    Economic
    Challenge Objectives Targets Initiatives
    No data capture during disposal Develop reporting standards 80% disposed assets recorded Work with Finance to develop reporting procedure
    Idle assets Find resale market/dispose of idle assets 50% of idle assets disposed of within the year Locate resale vendor and disposal service
    1. Ask participants to list challenges associated with each area.
    2. Once challenges facing recovery and disposal have been exhausted from the group, assign a significance of 1-5 (1 being the lowest and 5 being the highest) to each challenge.
    3. Discuss the most significant challenges and how they might be addressed through the next steps of building recovery & disposal processes.

    Build a process for recovery and redeployment of hardware

    • Having hardware standards in place makes redeploying easier by creating a larger pool of possible users for a standardized asset.
    • Most redeployment activities will be carried out by the Help Desk as a service request ticket, so it is important to have clear communication and guidelines with the Help Desk as to which tasks need to be carried out as part of the request.

    Ensure the following are addressed:

    • Where will equipment be stored before being redeployed?
    • Will shipping be required and are shipping costs factored into analysis?
    • Ensure equipment is cleaned before it is redeployed.
    • Do repairs and reconfigurations need to be made?
    • How will software be removed and licenses harvested and reported to Software Asset Manager?
    • How will data be securely wiped and protected?

    The image shows a work process in flowchart format titled Equipment Recovery. The chart is divided into two sections, listed on the left: Business Manager/HR and Desktop Support Team.

    Define the process for safely disposing of assets that cannot be redeployed

    Asset Disposal Checklist

    1. Review the data stored on the device.
    2. Determine if there has been any sensitive or confidential information stored.
    3. Remove all sensitive/confidential information.
    4. Determine if software licenses are transferable.
    5. Remove any non- transferable software prior to reassignment.
    6. Update the department’s inventory record to indicate new individual assigned custody.
    7. In the event of a transfer to another department, remove data and licensed software.
    8. If sensitive data has been stored, physically destroy the storage device.
    • Define the process for retiring and disposing of equipment that has reached replacement age or no longer meets minimum conditions or standards.
    • Clearly define the steps that need to be taken both before and after the involvement of an ITAD partner.

    The image shows a flowchart titled Equipment Disposal. It is divided into two sections, labelled on the left as: Desktop Support Team and Asset Manager.

    Design hardware asset recovery and disposal workflows

    3.2.2 Design hardware asset recovery and disposal policies and workflows

    Participants

    • Infrastructure Director/Manager
    • Asset Manager
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Sections 11 and 12

    Document each step in the recovery and disposal process in two separate workflows using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

    1. Keeping in mind current challenges around hardware asset recovery and disposal, design the target state for both the asset recovery and disposal processes.
    2. Outline each step of the process and be as granular as possible.
    3. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    4. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
    5. Review the checklists on the previous slides to ensure all critical tasks are accounted for in your process workflows.

    Add equipment disposition to asset lifecycle decisions to meet environmental regulations and mitigate risk

    Although traditionally an afterthought in asset management, IT asset disposition (ITAD) needs to be front and center. Increase focus on data security and concern surrounding environmental sustainability and develop an awareness of the cost efficiencies possible through best-practices disposition.

    Optimized ITAD solutions:

    1. Protect sensitive or valuable data
    2. Support sustainability
    3. Focus on asset value recovery

    Info-Tech Insight

    A well-thought-out asset management program mitigates risk and is typically less costly than dealing with a large-scale data loss incident or an inappropriate disposal suit. Also, it protects your company’s reputation – which is difficult to put a price on.

    Partner with an ITAD vendor to support your disposition strategy

    Maximizing returns on assets requires knowledge and skills in asset valuation, upgrading to optimize market return, supply chain management, and packaging and shipping. It’s unlikely that the return will be adequate to justify that level of investment, so partnering with a full-service ITAD vendor is a no-brainer.

    • An ITAD vendor knows the repurpose and resale space better than your organization. They know the industry and have access to more potential buyers.
    • ITAD vendors can help your organization navigate costly environmental regulations for improper disposal of IT assets.

    Disposal doesn’t mean your equipment has to go to waste.

    Additionally, your ITAD vendor can assist with a large donation of hardware to a charitable organization or a school.

    Donating equipment to schools or non-profits may provide charitable receipts that can be used as taxable benefits.

    Before donating:

    • Ensure equipment is needed and useful to the organization.
    • Be prepared for an appraisal requirement. Receipts can only be issued for fair market value.
    • Prevent compromised data by thoroughly wiping or completely replacing drives.
    • Ensure official transfer of ownership to prevent liability if improper disposal practices follow.

    Info-Tech Insight

    Government assistance grants may be available to help keep your organization’s hardware up to date, thereby providing incentives to upgrade equipment while older equipment still has a useful life.

    Protect the organization by sufficiently researching potential ITAD partners

    Research ITAD vendors as diligently as you would primary hardware vendors.

    Failure to thoroughly investigate a vendor could result in a massive data breach, fines for disposal standards violations, or a poor resale price for your disposed assets. Evaluate vendors using questions such as the following:

    • Are you a full-service vendor or are you connected to a wholesaler?
    • Who are your collectors and processors?
    • How do you handle data wiping? If you erase the data, how many passes do you perform?
    • What do you do with the e-waste? How much is reused? How much is recycled?
    • Do you have errors and omissions insurance in case data is compromised?
    • How much will it cost to recycle or dispose of worthless equipment?
    • How much will I receive for assets that still have useful life?

    ITAD vendors that focus on recycling will bundle assets to ship to an e-waste plant – leaving money on the table.

    ITAD vendors with a focus on reuse will individually package salable assets for resale – which will yield top dollars.

    Info-Tech Insight

    To judge the success of a HAM overhaul, you need to establish a baseline with which to compare final results. Be sure to take HAM “snapshots” before ITAD partnering so it’s easy to illustrate the savings later.

    Work with ITAD partner or equipment supplier to determine most cost-effective method and appropriate time for disposal

    2-4 Two-to-four year hardware refresh cycle

    • Consider selling equipment to an ITAD partner who specializes in sales of refurbished equipment.
    • Consider donating equipment to schools or non-profits, possibly using an ITAD partner who specializes in refurbishing equipment and managing the donation process.

    5-7 Five-to-seven year hardware refresh cycle

    • At this stage equipment may still have a viable life, but would not be appropriate for school or non-profit donations, due to a potentially shorter lifespan. Consider selling equipment to an ITAD partner who has customers interested in older, refurbished equipment.

    7+ Seven or more years hardware refresh cycle

    • If keeping computers until they reach end of life, harvest parts for replacement on existing machines and budget for disposal fees.
    • Ask new computer supplier about disposal services or seek out ITAD partner who will disassemble and dispose of equipment in an environmentally responsible manner.

    Info-Tech Insight

    • In all cases, ensure hard drives are cleansed of data with no option for data recovery. Many ITAD partners will provide a drive erasure at DoD levels as part of their disposal service.
    • Many ITAD partners will provide analysts to help determine the most advantageous time to refresh.

    Ensure data security and compliance by engaging in reliable data wiping before disposition

    Failure to properly dispose of data can not only result in costly data breaches, but also fines and other regulatory repercussions. Choosing an ITAD vendor or a vendor that specializes in data erasure is crucial. Depending on your needs, there are a variety of data wiping methods available.

    Certified data erasure is the only method that leaves the asset’s hard drive intact for resale or donation. Three swipes is the bare minimum, but seven is recommended for more sensitive data (and required by the US Department of Defense). Data erasure applications may be destructive or non-destructive – both methods overwrite data to make it irretrievable.

    Physical destruction must be done thoroughly, and rigorous testing must be done to verify data irretrievability. Methods such as hand drilling are proven to be unreliable.

    Degaussing uses high-powered magnets to erase hard drives and makes them unusable. This is the most expensive option; degaussing devices can be purchased or rented.

    Info-Tech Best Practice

    Data wiping can be done onsite or can be contracted to an ITAD partner. Using an ITAD partner can ensure greater security at a more affordable price.

    Make data security a primary driver of asset disposition practices

    It is estimated that 10-15% of data loss cases result from insecure asset disposal. Protect yourself by following some simple disposition rules.

    1. Reconcile your data onsite
    • Verify that bills of landing and inventory records match before assets leave. Otherwise, you must take the receiver’s word on shipment contents.
  • Wipe data at least once onsite
    • Do at least one in-house data wipe before the assets leave the site for greater data security.
  • Transport promptly after data wiping
    • Prompt shipment will minimize involvement with the assets, and therefore, cost. Also, the chance of missing assets will drop dramatically.
  • Avoid third-party transport services
    • Reputable ITAD companies maintain strict chain of custody control over assets. Using a third party introduces unnecessary risk.
  • Keep detailed disposition records
    • Records will protect you in the event of an audit, a data loss incident, or an environmental degradation claim. They could save you millions.
  • Wipe all data-carrying items
    • Don’t forget cell phones, fax machines, USB drives, scanners, and printers – they can carry sensitive information that can put the organization at risk.
  • Only partner with insured ITAD vendors
    • You are never completely out of danger with regards to liability, but partnering with an insured vendor is potent risk mitigation.
  • Work these rules into your disposition policy to mitigate data loss risk.

    Support your HAM efforts with a comprehensive disposition policy

    3.2.3 Build a Hardware Asset Disposition Policy

    Implementation of a HAM program is a waste of time if you aren’t going to maintain it. Maintenance requires the implementation of detailed policies, training, and an ongoing commitment to proper management.

    Use Info-Tech’s Hardware Asset Disposition Policy to:

    1. Establish and define clear standards, procedures, and restrictions surrounding disposition.
    2. Ensure continual compliance with applicable data security and environmental legislation.
    3. Assign specific responsibilities to individuals or groups to ensure ongoing adherence to policy standards and that costs or benefits are in line with expectations.

    Phase 3 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Maintain & Dispose

    Proposed Time to Completion: 4 weeks

    Start with an analyst kick-off call:

    • Discuss inventory management best practices.
    • Build process for moves, adds, and changes.
    • Build process for hardware maintenance.
    • Define policies for maintaining asset security.

    Then complete these activities…

    • Build a MAC policy and request form.
    • Build workflows to document user MAC processes.
    • Design processes and policies for hardware maintenance, warranty, and support documentation handling.
    • Build an asset security policy.

    With these tools & templates:

    • Standard Operating Procedures
    • Asset Security Policy

    Step 3.2: Dispose or Redeploy Assets

    Review findings with analyst:

    • Discuss when to dispose vs. redeploy assets.
    • Build process for redeploying vs. disposing of assets.
    • Review ITAD vendors.

    Then complete these activities…

    • Identify challenges with IT asset recovery and disposal.
    • Design hardware asset recovery and disposal workflows.
    • Build a hardware asset disposition policy.

    With these tools & templates:

    • Standard Operating Procedures
    • Asset Recovery Workflow
    • Asset Disposal Workflow
    • Hardware Asset Disposition Policy

    Phase 3 Insight: Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.4 Revise or create an asset security policy

    Discuss asset security challenges within the organization; brainstorm reasons the challenges exist and process changes to address them. Document a new asset security policy.

    3.2.2 Design hardware asset recovery and disposal workflows

    Document each step in the hardware asset recovery and disposal process, including all decision points. Examine challenges and amend the workflow to address them.

    Phase 4

    Plan Budget Process and Build Roadmap

    Implement Hardware Asset Management

    Cisco deployed an enterprise-wide re-education program to implement asset management

    CASE STUDY

    Industry Networking

    Source Cisco IT

    Challenge

    Even though Cisco Systems had designed a comprehensive asset management program, implementing it across the enterprise was another story.

    An effective solution, complete with a process that could be adopted by everyone within the organization, would require extensive internal promotion of cost savings, efficiencies, and other benefits to the enterprise and end users.

    Cisco’s asset management problem was as much a cultural challenge as it was a process challenge.

    Solution

    The ITAM team at Cisco began discussions with departments that had been tracking and managing their own assets.

    These sessions were used as an educational tool, but also as opportunities to gather internal best practices to deploy across the enterprise.

    Eventually, Cisco introduced weekly meetings with global representation to encourage company-wide communication and collaboration.

    Results

    By establishing a process for managing PC assets, we have cut our hardware costs in half.” – Mark Edmonson, Manager – IT Services Expenses

    Cisco reports that although change was difficult to adopt, end-user satisfaction has never been higher. The centralized asset management approach has resulted in better contract negotiations through better data access.

    A reduced number of hardware and software platforms has streamlined tracking and support, and will only drive down costs as time goes on.

    Step 4.1: Plan Hardware Asset Budget

    Phase 4: Plan Budget & Build Roadmap

    4.1 Plan Budget

    4.2 Communicate & Build Roadmap

    This step will walk you through the following activities:

    4.1 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

    This step involves the following participants:

    • IT Director
    • Asset Manager
    • Finance Department

    Step Outcomes

    • Know where to find data to budget for hardware needs accurately
    • Learn how to manage a hardware budget
    • Plan hardware asset budget with a budgeting tool

    Gain control of the budget to increase the success of HAM

    A sophisticated hardware asset management program will be able to uncover hidden costs, identify targets for downsizing, save money through redistributing equipment, and improve forecasting of equipment to help control IT spending.

    While some asset managers may not have experience managing budgets, there are several advantages to ITAM owning the hardware budget:

    • Be more involved in negotiating pricing with suppliers.
    • Build better relationships with stakeholders across the business.
    • Forecast requirements more accurately.
    • Inform benchmarks for hardware performance.
    • Gain more responsibility and have a greater influence on purchasing decisions.
    • Directly impact the reduction in IT spend.
    • Manage the asset database more easily and have a greater understanding of hardware needs.
    • Build a continuous rolling refresh.

    Use ITAM data to forecast hardware needs accurately and realistically

    Your IT budget should be realistic, accounting for business needs, routine maintenance, hardware replacement costs, unexpected equipment failures, and associated support and warranty costs. Know where to find the data you need and who to work with to forecast hardware needs as accurately as possible.

    What type of data should I take into account?

    Plan for:

    • New hardware purchases required
      • Planned refreshes based on equipment lifecycle
      • Inventory for break and fix
      • Standard equipment for new hires
      • Non-standard equipment required
      • Hardware for planned projects
      • Implementation and setup costs
      • Routine hardware implementation
      • Large hardware implementation for projects
      • Support and warranty costs

    Take into account:

    • Standard refresh cycle for each hardware asset
    • Amount of inventory to keep on hand
    • Length of time from procurement to inventory
    • Current equipment costs and equipment price increases
    • Equipment depreciation rates and resale profits

    Where do I find the information I need to budget accurately?

    • Work with HR to forecast equipment needs for new hires.
    • Work with the Infrastructure Manager to forecast devices and equipment needed for approved and planned projects.
    • Use the asset management database to forecast hardware refresh and replacement needs based on age and lifecycle.
    • Work with business stakeholders to ensure all new equipment needs are accounted for in the budget.

    Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

    4.1.1 Build HAM budget

    This tool is designed to assist in developing and justifying the budget for hardware assets for the upcoming year. The tool will allow you to budget for projects requiring hardware asset purchases as well as equipment requiring refresh and to adjust the budget as needed to accommodate both projects and refreshes. Follow the instructions on each tab to complete the tool.

    The hardware budget should serve as a planning and communications tool for the organization

    The most successful relationships have a common vocabulary. Thus, it is important to translate “tech speak” into everyday language and business goals and initiatives as you plan your budget.

    One of the biggest barriers that infrastructure and operations team face with regards to equipment budgeting is the lack of understanding of IT infrastructure and how it impacts the rest of the organization. The biggest challenge is to help the rest of the organization overcome this barrier.

    There are several things you can do to overcome this barrier:

    • Avoid using technical terms or jargon. Terms many would consider common knowledge, such as “WLAN,” are foreign to many.
    • Don’t assume the business knows how the technology you’re referring to will impact their day-to-day work. You will need to demonstrate it to them.
    • Help the audience understand the business impact of not implementing each initiative. What does this mean for them?
    • Discuss the options on the table in terms of the business value that the hardware can enable. Review how deferring refresh projects can impact user-facing applications, systems, and business unit operations.
    • Present options. If you can’t implement everything on the project list, present what you can do at different levels of funding.

    Info-Tech Insight

    Err on the side of inviting more discussion. Your budgeting process relies on business decision makers and receiving actionable feedback requires an ongoing exchange of information.

    Help users understand the importance of regular infrastructure refreshes

    Getting business users to support regular investments in maintenance relies on understanding and trust. Present the facts in plain language. Provide options, and clearly state the impact of each option.

    Example: Your storage environment is nearing capacity.

    Don’t:

    Explain the project exclusively in technical terms or slang.

    We’re exploring deduping technology as well as cheap solid state, SATA, and tape storage to address capacity.”

    Do:

    • Explain impact in terms that the business can understand.

    Deduplication technology can reduce our storage needs by up to 50%, allowing us to defer a new storage purchase.”

    • Be ready to present project alternatives and impacts.

    Without implementing deduplication technology, we will need to purchase additional storage by the end of the year at an estimated cost of $25,000.”

    • Connect the project to business initiatives and strategic priorities.

    This is a cost-effective technique to increase storage capacity to manage annual average data growth at around 20% per year.

    Step 4.2: Build Communication Plan and Roadmap

    Phase 4: Plan Budget & Build Roadmap

    4.1 Plan Budget

    4.2 Communicate & Build Roadmap

    This step will walk you through the following activities:

    4.2 Develop a HAM implementation roadmap

    This step involves the following participants:

    • CIO
    • IT Director
    • Asset Manager
    • Service Desk Manager

    Step Outcomes

    • Documented end-user hardware asset management policies
    • Communications plan to achieve support from end users and other business units
    • HAM implementation roadmap

    Educate end users through ITAM training to increase program success

    As part of your communication plan and overall HAM implementation, training should be provided to end users within the organization.

    All facets of the business, from management to new hires, should be provided with ITAM training to help them understand their role in the project’s success.

    ITAM solutions are complex by nature with both business process and technical knowledge required to use them correctly. Keep the message appropriate to the audience – end users don’t need to know the complete process, but will need to know policy and how to request.

    Management may have priorities that appear to clash with new processes. Engage management by making them aware of the benefits and importance of ITAM. Include the benefits and consequences of not implementing ITAM in your education approach. Encourage them to support efforts by reinforcing your messages to end users.

    New hires should have ITAM training bundled into their onboarding process. Fresh minds are easier to train and the ITAM program will be seen as an organizational standard, not merely a change.

    Policy documents can help summarize end users’ obligations and clarify processes. Consider an IT Resources Acceptable UsePolicy.

    "The lowest user is the most important user in your asset management program. New employees are your most important resource. The life cycle of the assets will go much smoother if new employees are brought on board." – Tyrell Hall, ITAM Program Coordinator

    Info-Tech Insight

    During training, you should present the material through the lens of “what’s in it for me?” Otherwise, you risk alienating end users through implementing organizational change viewed as low value.

    Include policy design and enforcement in your communication plan

    • Hardware asset management policies should define the actions to be taken to protect and preserve technology assets from failure, loss, destruction, theft, or damage.
    • Implementing asset management policies enforces the notion that the organization takes its IT assets and the management of them seriously, and will help ensure the benefits of ITAM are achieved.
    • Designing, approving, documenting, and adopting one set of standard ITAM policies for each department to follow will ensure the processes are enforced equally across the organization.
    • Good ITAM policies answer the “what, how, and why” of IT asset management, provide the means for ITAM governance, and provide a basis for strategy and decision making.

    Info-Tech Insight

    Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but be sure to modify and adapt policies to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation and involvement from the committees and departments to whom it will pertain.

    Use Info-Tech’s policy templates to build HAM policies

    4.2.1 Build HAM policies

    Use these HAM policy templates to get started:

    Information Technology Standards Policy

    This policy establishes standards and guidelines for a company’s information technology environment to ensure the confidentiality, integrity, and availability of company computing resources.

    Desktop Move/Add/Change Policy

    This desktop move/add/change policy is put in place for users to request to change their desktop computing environments. This policy applies configuration changes within a company.

    Purchasing Policy

    The purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

    Hardware Asset Disposition Policy

    This policy assists in creating guidelines around disposition in the last stage of the asset lifecycle.

    Additional policy templates

    Info-Tech Insight

    Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but modify and adapt them to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation from the committees and departments to whom it will pertain.

    Create a communication plan to achieve end-user support and adherence to policies

    Communication is crucial to the integration and overall implementation of your ITAM program. An effective communication plan will:

    • Gain support from management at the project proposal phase.
    • Create end-user buy-in once the program is set to launch.
    • Maintain the presence of the program throughout the business.
    • Instill ownership throughout the business from top-level management to new hires.

    Use the variety of components as part of your communication plan in order to reach the organization.

    1. Advertise successes.
    • Regularly demonstrate the value of the ITAM program with descriptive statistics focused on key financial benefits.
    • Share data with the appropriate personnel; promote success to obtain further support from senior management.
  • Report and share asset data.
    • Sharing detailed asset-related reports frequently gives decision makers useful data to aid in their strategy.
    • These reports can help your organization prepare for audits, adjust asset budgeting, and detect unauthorized assets.
  • Communicate the value of ITAM.
    • Educate management and end users about how they fit into the bigger picture.
    • Individuals need to know that their behaviors can adversely affect data quality and, ultimately, lead to better decision making.
  • Develop a communication plan to convey the right messages

    4.2.2 Develop a communication plan to convey the right messages

    Participants

    • CIO
    • IT Director
    • Asset Manager
    • Service Desk Manager

    Document

    Document in the HAM Communication Plan

    1. Identify the groups that will be affected by the HAM program as those who will require communication.
    2. For each group requiring a communication plan, identify the following:
    • Benefits of HAM for that group of individuals (e.g. better data, security).
    • The impact the change will have on them (e.g. change in the way a certain process will work).
    • Communication method (i.e. how you will communicate).
    • Timeframe (i.e. when and how often you will communicate the changes).
  • Complete this information in a table like the one below and document in the Communication Plan.
  • Group Benefits Impact Method Timeline
    Service Desk Improve end-user device support Follow new processes Email campaign 3 months
    Executives Mitigate risks, better security, more data for reporting Review and sign off on policies
    End Users Smoother request process Adhere to device security and use policies
    Infrastructure Faster access to data and one source of truth Modified processes for centralized procurement and inventory

    Implement ITAM in a phased, constructive approach

    • One of the most difficult decisions to make when implementing ITAM is: “where do we start?”
    • The pyramid to the right mirrors Maslow’s hierarchy of needs. The base is the absolute bare minimum that should be in place, and each level builds upon the previous one.
    • As you track up the pyramid, your ITAM program will become more and more mature.

    Now that your asset lifecycle environment has been constructed in full, it’s time to study it. Gather data about your assets and use the results to create reports and new solutions to continually improve the business.

    • Asset Data
    • Asset Protection: safely protect and dispose of assets once they are mass distributed throughout your organization.
    • Asset Distribution: determine standards for asset provisioning and asset inventory strategy.
    • Asset Gathering: define what assets you will procure, distribute, and track. Classifying your assets by tier will allow you to make decisions as you progress up the pyramid.

    ↑ ITAM Program Maturity

    Integrate your HAM program into the organization to assist its implementation

    The HAM program cannot perform on its own – it must be integrated with other functional areas of the organization in order to maintain its stability and support.

    • Effective IT asset management is supported by a comprehensive set of processes as part of its implementation.
    • For example, integration with the purchasing/procurement team is required to gather hardware and software purchase data to control asset costs and mitigate software license compliance risk.
    • Integration with Finance is required to support internal cost allocations and charge backs.

    To integrate your ITAM program into your organization effectively, a clear implementation roadmap needs to be designed. Prioritize “quick wins” in order to demonstrate success to the business early and gain buy-in from your team. Long-term goals should be designed that will be supported by the outcomes of the short-term gains of your ITAM program.

    Short-term goal Long-term goal
    Identify inventory classification and tool (hardware first) Hardware contract data integration (warranty, maintenance, lease)
    Create basic ITAM policies and processes Continual improvement through policy impact review and revision
    Implement ITAM auto-discovery tools Software compliance reports, internal audits

    Info-Tech Insight

    Installing an ITAM tool does not mean you have an effective asset management program. A complete solution needs to be built around your tool, but the strength of ITAM comes from processes embedded in the organization that are shaped and supported by your ITAM data.

    Develop an IT hardware asset management implementation roadmap

    4.2.3 Develop a HAM implementation roadmap

    Participants

    • CIO
    • IT Director
    • Asset Manager
    • Service Desk Manager

    Document

    Document in the IT Hardware Asset Management Implementation Roadmap

    1. Identify up to five streams to work on initiatives for the hardware asset management project.
    2. Fill out key tasks and objectives for each process. Assign responsibility for each task.
    3. Select a start date and end date for each task. See tab 1 of the tool for instructions on which letters to input for each stage of the process.
    4. Once your list is complete, open tab 3 of the tool to see your completed sunshine diagram.
    5. Keep this diagram visible for your team and use it as a guide to task completion as you work towards your future-state value stream.

    Focus on continual improvement to sustain your ITAM program

    Periodically review the ITAM program in order to achieve defined goals, objectives, and benefits.

    Act → Plan → Do → Check

    Once ITAM is in place in your organization, a focus on continual improvement creates the following benefits:

    • Remain in sync with the business: your asset management program reflects the current and desired future states of your organization at the time of its creation. But the needs of the business change. As mentioned previously, asset management is a dynamic process, so in order for your program to keep pace, a focus on continual improvement is needed.
      • For example, imagine if your organization had designed your ITAM program before cloud-based solutions were an option. What if your asset classification scheme did not include personal devices or tablets or your asset security policy lacked a section on BYOD?
    • Create funding for new projects through ITAM continual improvement: one of the goals is to save money through more efficient use of your assets by “sweating” out underused hardware and software.
      • It may be tempting to simply present the results to Finance as savings, but instead, describe the results as “available funds for other projects.” Otherwise, Finance may view the savings as a nod to restrict IT’s budget and allocate funds elsewhere. Make it clear that any saved funds are still required, albeit in a different capacity.

    Info-Tech Best Practice

    Look for new uses for ITAM data. Ask management what their goals are for the next 12-18 months. Analyze the data you are gathering and determine how your ITAM data can assist with achieving these goals.

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Step 4.1: Plan Budget

    Start with an analyst kick-off call:

    • Know where to find data to budget for hardware needs accurately.
    • Learn how to manage a hardware budget.

    Then complete these activities…

    • Plan hardware asset budget.

    With these tools & templates:

    HAM Budgeting Tool

    Step 4.2: Communicate & Roadmap

    Review findings with analyst:

    • Develop policies for end users.
    • Build communications plan.
    • Build an implementation roadmap.

    Then complete these activities…

    • Build HAM policies.
    • Develop a communication plan.
    • Develop a HAM implementation roadmap.

    With these tools & templates:

    HAM policy templates

    HAM Communication Plan

    HAM Implementation Roadmap

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1.1 Build a hardware asset budget

    Review upcoming hardware refresh needs and projects requiring hardware purchases. Use this data to forecast and budget equipment for the upcoming year.

    4.2.2 Develop a communication plan

    Identify groups that will be affected by the new HAM program and for each group, document a communications plan.

    Insight breakdown

    Overarching Insights

    HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.

    ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.

    Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.

    Phase 1 Insight

    For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.

    Phase 2 Insight

    Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.

    Phase 3 Insight

    Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.

    Phase 4 Insight

    Deploying a fancy ITAM tool will not make hardware asset management implementation easier. Implementation is a project that requires you focus on people and process first – the technology comes after.

    Related Info-Tech research

    Implement Software Asset Management

    Build an End-User Computing Strategy

    Find the Value – and Remain Valuable – With Cloud Asset Management

    Consolidate IT Asset Management

    Harness Configuration Management Superpowers

    IT Asset Management Market Overview

    Bibliography

    Chalkley, Martin. “Should ITAM Own Budget?” The ITAM Review. 19 May 2011. Web.

    “CHAMP: Certified Hardware Asset Management Professional Manual.” International Association of Information Technology Asset Managers, Inc. 2008. Web.

    Foxen, David. “The Importance of Effective HAM (Hardware Asset Management).” The ITAM Review. 19 Feb. 2015. Web.

    Foxen, David. “Quick Guide to Hardware Asset Tagging.” The ITAM Review. 5 Sep. 2014. Web.

    Galecki, Daniel. “ITAM Lifecycle and Savings Opportunities – Mapping out the Journey.” International Association of IT Asset Managers, Inc. 16 Nov. 2014. Web.

    “How Cisco IT Reduced Costs Through PC Asset Management.” Cisco IT Case Study. 2007. Web.

    Irwin, Sherry. “ITAM Metrics.” The ITAM Review. 14 Dec. 2009. Web.

    “IT Asset and Software Management.” ECP Media LLC, 2006. Web.

    Rains, Jenny. “IT Hardware Asset Management.” HDI Research Brief. May 2015. Web.

    Riley, Nathan. “IT Asset Management and Tagging Hardware: Best Practices.” Samanage Blog. 5 March 2015. Web.

    “The IAITAM Practitioner Survey Results for 2016 – Lean Toward Ongoing Value.” International Association of IT Asset Managers, Inc. 24 May 2016. Web.

    Architect Your Big Data Environment

    • Buy Link or Shortcode: {j2store}202|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Organizations may understand the transformative potential of a big data initiative, but they struggle to make the transition from the awareness of its importance to identifying a concrete use case for a pilot project.
    • The big data ecosystem is crowded and confusing, and a lack of understanding of it may cause paralysis for organizations.

    Our Advice

    Critical Insight

    • Don’t panic, and make use of the resources you already have. The skills, tools, and infrastructure for big data can break any budget quickly, but before making rash decisions, start with the resources you have in-house.
    • Big data as a service (BDaaS) is making big waves. BDaaS removes many of the hurdles associated with implementing a big data strategy and vastly lowers the barrier of entry.

    Impact and Result

    • Follow Info-Tech’s methodology for understanding the types of modern approaches to big data tools, and then determining which approach style makes the most sense for your organization.
    • Based on your big data use case, create a plan for getting started with big data tools that takes into account the backing of the use case, the organization’s priorities, and resourcing available.
    • Put a repeatable framework in place for creating a comprehensive big data tool environment that will help you decide on the necessary tools to help you realize the value from your big data use case and scale for the future.

    Architect Your Big Data Environment Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should find your optimal approach to big data tools, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plant the foundations of your big data tool architecture

    Identify your big data use case and your current data-related capabilities.

    • Architect Your Big Data Environment – Phase 1: Plant the Foundations of Your Big Data Tool Architecture
    • Big Data Execution Plan Presentation
    • Big Data Architecture Planning Tool

    2. Weigh your big data architecture decision criteria

    Determine your capacity for big data tools, as well as the level of customizability and security needed for your solution to help justify your implementation style decision.

    • Architect Your Big Data Environment – Phase 2: Weigh Your Big Data Architecture Decision Criteria

    3. Determine your approach to implementing big data tools

    Analyze the three big data implementation styles, select your approach, and complete the execution plan for your big data initiative.

    • Architect Your Big Data Environment – Phase 3: Determine Your Approach To Implementing Big Data Tools
    [infographic]

    Establish Effective Security Governance & Management

    • Buy Link or Shortcode: {j2store}380|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $63,532 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • The security team is unsure of governance needs and how to manage them.
    • There is a lack of alignment between key stakeholder groups
    • There are misunderstandings related to the role of policy and process.

    Our Advice

    Critical Insight

    Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad–hoc decision making that undermines governance.

    Impact and Result

    • The first phase of this project will help you establish or refine your security governance and management by determining the accountabilities, responsibilities, and key interactions of your stake holder groups.
    • In phase two, the project will guide you through the implementation of essential governance processes: setting up a steering committee, determining risk appetite, and developing a policy exception-handling process.

    Establish Effective Security Governance & Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish Effective Security Governance and Management Deck – A step-by-step guide to help you establish or refine the governance model for your security program.

    This storyboard will take you through the steps to develop a security governance and management model and implement essential governance processes.

    • Establish Effective Security Governance & Management – Phases 1-2

    2. Design Your Governance Model – A security governance and management model to track accountabilities, responsibilities, stakeholder interactions, and the implementation of key governance processes.

    This tool will help you determine governance and management accountabilities and responsibilities and use them to build a visual governance and management model.

    • Security Governance Model Templates (Visio)
    • Security Governance Model Templates (PDF)
    • Security Governance Model Tool

    3. Organizational Structure Template – A tool to address structural issues that may affect your new governance and management model.

    This template will help you to implement or revise your organizational structure.

    • Security Governance Organizational Structure Template

    4. Information Security Steering Committee Charter & RACI – Templates to formalize the role of your steering committee and the oversight it will provide.

    These templates will help you determine the role a steering committee will play in your governance and management model.

    • Information Security Steering Committee Charter
    • Information Security Steering Committee RACI Chart

    5. Security Policy Lifecycle Template – A template to help you model your policy lifecycle.

    Once this governing document is customized, ensure the appropriate security policies are developed as well.

    • Security Policy Lifecycle Template

    6. Security Policy Exception Approval Process Templates – Templates to establish an approval process for policy exceptions and bolster policy governance and risk management.

    These templates will serve as the foundation of your security policy exception approval processes.

    • Security Policy Exception Approval Workflow (Visio)
    • Security Policy Exception Approval Workflow (PDF)
    • Policy Exception Tracker
    • Information Security Policy Exception Request Form

    Infographic

    Further reading

    Establish Effective Security Governance & Management

    The key is in stakeholder interactions, not policy and process.

    Analyst Perspective

    It's about stakeholder interactions, not policy and process.

    Many security leaders complain about a lack of governance and management in their organizations. They have policies and processes but find neither have had the expected impact and that the organization is teetering on the edge of lawlessness, with stakeholder groups operating in ways that interfere with each other (usually due to poorly defined accountabilities).

    Among the most common examples is security's relationship to the business. When these groups don't align, they tend to see each other as adversaries and make decisions in line with their respective positions: security endorses one standard, the business adopts another.

    The consequences of this are vast. Such an organization is effectively opposed to itself. No wonder policy and process have not resolved the issue.

    At a practical level, good governance stems from understanding how different stakeholder groups interact, providing inputs and outputs to each other and modeling who is accountable for what. But this implied accountability model needs to be formalized (perhaps even modified) before governance can help all stakeholder groups operate as strategic partners with clearly defined roles, responsibilities, and decision-making power. Only when policies and processes reflect this will they serve as effective tools to support governance.

    Logan Rohde, Senior Research Analyst, Security & Privacy

    Logan Rohde
    Senior Research Analyst, Security & Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    Ineffective governance and management processes, if they are adopted at all, can lead to:
    • An organization unsure of governance needs and how to manage them.
    • A lack of alignment between key stakeholder groups.
    • Misunderstandings related to the role of policy and process.
    Most governance and management initiatives stumble because they do not address governance as a set of interactions and influences that stakeholders have with and over each other, seeing it instead as policy, process, and risk management. Challenges include:
    • Senior management disinterest
    • Stakeholders operating in silos
    • Separating governance from management
    You will be able to establish a robust governance model to support the current and future state of your organization by accounting for these three essential parts:
    1. Determine governance accountabilities.
    2. Define management responsibilities.
    3. Model stakeholders' interactions, inputs, and outputs as part of business and security operations.

    Info-Tech Insight
    Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad hoc decision making that undermines governance.

    Your challenge

    This research is designed to help organizations who need to:

    • Establish security governance from scratch.
    • Improve security governance despite a lack of cooperation from the business.
    • Determine the accountabilities and responsibilities of each stakeholder group.

    This blueprint will solve the above challenges by helping you model your organization's governance structure and implement processes to support the essential governance areas: policy, risk, and performance metrics.

    Percentage of organizations that have yet to fully advance to a maturity-based approach to security

    70%

    Source: McKinsey, 2021

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • The business does not wish to be governed and does not seek to align with security on the basis of risk.
    • Various stakeholder groups essentially govern themselves, causing business functions to interfere with each other.
    • Security teams struggle to differentiate between governance and management and the purpose of each.

    Early adopter infrastructure

    63%
    Security leaders not reporting to the board about risk or incident detection and prevention.
    Source: LogRhythm, 2021

    46%
    Those who report that senior leadership is confident cybersecurity leaders understand business goals.
    Source: LogRhythm, 2021

    Governance isn't just policy and process

    Governance is often mistaken for an organization's formalized policies and processes. While both are important governance supports, they do not provide governance in and of themselves.

    For governance to work well, an organization needs to understand how stakeholder groups interact with each other. What inputs and outputs do they provide? Who is accountable? Who is responsible? These are the questions one needs to ask before designing a governance structure. Failing to account for any of these three elements tends to result in overlap, inefficiency, and a lack of accountability, creating flawed governance.

    Separate governance from management

    Oversight versus operations

    • COBIT emphasizes the importance of separating governance from management. These are complementary functions, but they refer to different parts of organizational operation.
    • Governance provides a decision-making apparatus based on predetermined requirements to ensure smooth operations. It is used to provide oversight and direction and hinges on established accountabilities
    • Simply put, governance refers to what an organization is and is not willing to permit in day-to-day operations, and it tends to make its presence known via the key areas of risk appetite, formal policy and process, and exception handling.
      • Note: These key areas do not provide governance in and of themselves. Rather, governance emerges in accordance with the decisions an organization has made regarding these areas. Sometimes, however, these "decisions" have not been formally or consciously made and the current state of the organization's operations becomes the default - even when it is not working well.
    • Management, by contrast, is concerned with executing business processes in accordance with the governance model, essentially, governance provides guidance for how to make decisions during daily management.

    "Information security governance is the guiding hand that organizes and directs risk mitigation efforts into a business-aligned strategy for the entire organization."

    Steve Durbin,
    Chief Executive,
    Information Security Forum, Forbes, 2023

    Models for governance and management

    Info-Tech's Governance and Management research uses the logic of COBIT's governance and management framework but distills this guidance into a practical, easy-to-implement series of steps, moving beyond the rudimentary logic of COBIT to provide an actionable and personalized governance model.

    Governance Cycle

    Management Cycle

    Clear accountabilities and responsibilities

    Complementary frameworks to simplify governance and management

    The distinction that COBIT draws between governance and management is roughly equivalent to that of accountability and responsibility, as seen in the RACI* model.

    There can be several stakeholders responsible for something, but only one party can be accountable.

    Use this guidance to help determine the accountabilities and responsibilities of your governance and management model.

    *Responsible, Accountable, Consulted, Informed

    COBIT RACI chart

    Security governance framework

    A security governance framework is a system that will design structures, processes, accountability definitions, and membership assignments that lead the security department toward optimal results for the business.

    Governance is performed in three ways:

    1 Evaluate 2 Direct 3 Monitor
    For governance to be effective it must account for stakeholder interests and business needs. Determining what these are is the vital first step. Governance is used to determine how things should be done within an organization. It sets standards and provides oversight so decisions can be made during day-to-day management. Governance needs change and inefficiencies need to be revised. Therefore, monitoring key performance indicators is an essential step to course correct as organizational needs evolve.

    "Governance specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks. Management recommends security strategies. Governance ensures that security strategies are aligned with business objectives and consistent with regulations."
    - EDUCAUSE

    Establish Effective Security Governance & Management

    SMART metrics

    Suggested targets to measure success

    Specific

    Measurable

    Achievable

    Relevant

    Time-Bound

    Examples
    Security's risk analyses will be included as part of the business decision-making process within three months after completing the governance initiative.
    Increase rate of security risk analysis using risk appetite within three months of project completion.
    Have stakeholder engagement supply input into security risk-management decisions within three months of completing phase one of blueprint.
    Reduce time to approve policy exceptions by 25%.
    Reduce security risk related to policy non-compliance by 50% within one year.
    Develop five KPIs to measure progress of governance and management within three months of completing blueprint.

    Info-Tech's methodology for security governance and management

    1. Design Your Governance Model 2. Implement Essential Governance Processes
    Phase Steps
    1. Evaluate
    2. Direct
    3. Monitor
    1. Implement Oversight
    2. Set Risk Appetite
    3. Implement Policy Lifecycle
    Phase Outcomes
    • Defined governance accountabilities
    • Defined management responsibilities
    • Record of key stakeholder interactions
    • Visual governance model
    • Key performance indicators (KPIs)
    • Established steering committee
    • Qualitative risk-appetite statements
    • Policy lifecycle
    • Policy exceptions-handling process

    Governance starts with mapping stakeholder inputs, outputs, and throughputs

    The key is in stakeholder interactions, not policy and process
    Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad hoc decision making that undermines governance.

    Policy, process, and org. charts support governance but do not produce it on their own
    To be effective, these things need to be developed with the accountabilities and influence of the organizational functions that produce them.

    A lack of business alignment does not mean you're doomed to fail
    While the highest levels of governance maturity depend on strong security-business alignment, there are still tactics one can use to improve governance.

    All organizations have governance
    Sometimes it is poorly defined, ineffective, and occurs in the same place as management, but it exists at some level, acting as the decision-making apparatus for an organization (i.e. what can and cannot occur).

    Risk tolerances are variable across lines of business
    This can lead to misalignments between security and the business, as each may have their own tolerance for particular risks. The remedy is to understand the risk appetite of the business and allow this to inform security risk management decisions.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Security Governance Model Tool

    Security Governance Organizational Structure Template

    Information Security Steering Committee Charter & RACI

    Policy Exceptions-Handling Workflow

    Policy Exception Tracker and Request Form

    Key deliverable:

    Security Governance Model

    By the end of this blueprint, you will have created a personalized governance model to map your stakeholders' accountabilities, responsibilities, and key interactions.

    Blueprint benefits

    IT Benefits Business Benefits
    • Correct any overlapping and mismanaged security processes by assigning accountabilities and responsibilities to each stakeholder group.
    • Improve efficiency and effectiveness of the security program by separating governance from management.
    • Determine necessary inputs and outputs from stakeholder interactions to ensure the governance model functions as intended.
    • Improved support of business goals through security-business alignment.
    • Better risk management by defining risk appetite with security.
    • Increased stakeholder satisfaction via a governance model designed to meet their needs.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2
    Call #1: Scope requirements, objectives, and your specific challenges. Call #2: Determine governance requirements.
    Call #3: Review governance model.
    Call #4: Determine KPIs.
    Call #5: Stand up steering committee.
    Call #6: Set risk appetite.
    Call #7: Establish policy lifecycle.
    Call #8: Revise exception-handing process.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 4 to 8 calls over the course of 2 to 3 months.

    Workshop Overview

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities Evaluate Direct Monitor Implement Essential Governance Processes Next Steps and Wrap-Up (offsite)
    1.1 Prioritize governance accountabilities
    1.2 Prioritize management responsibilities
    1.3 Evaluate organizational structure
    2.1 Align with business
    2.2 Build security governance and management model
    2.3 Visualize security governance and management model
    3.1 Develop governance and management KPIs 4.1 Draft steering committee charter
    4.2 Complete steering committee RACI
    4.3 Draft qualitative risk statements
    4.4 Define policy management lifecycle
    4.5 Establish policy exception approval process
    5.1 Complete in-progress deliverables from previous four days
    5.2 Set up review time for workshop deliverables and to discuss next steps
    Deliverables
    1. Prioritized list of accountabilities and responsibilities
    2. Revised organizational structure
    1. Security governance and management model
    1. Security Metrics Determination and Tracking Tool
    2. KPI Development Worksheet
    1. Steering committee charter and RACI
    2. Risk-appetite statements
    3. Policy management lifecycle
    4. Policy exception approval process

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Customize your journey

    The security governance and management blueprint pairs well with security design and security strategy.

    • The governance and management model you create in this blueprint will inform efforts to improve security, like revisiting security program design and your security strategy.
    • Work with your member services director, executive advisor, or technical counselor to scope the journey you need. They will work with you to align the subject matter experts to support your roadmap and workshops.

    Workshop Day 1 and Day 2
    Security Governance and Management

    Workshop Day 3 and Day 4
    Security Strategy Gap Analysis or Security Program Design Factors

    Phase 1

    Design Your Governance Model

    Phase 1
    1.1 Evaluate
    1.2 Direct
    1.3 Monitor

    Phase 2
    2.1 Implement Oversight
    2.2 Set Risk Appetite
    2.3 Implement Policy lifecycle

    Establish Security Governance & Management

    This phase will walk you through the following activities:

    • Prioritize governance accountabilities
    • Prioritize management responsibilities
    • Evaluate current organizational structure
    • Align with the business
    • Build security governance and management model
    • Finalize governance and management model
    • Develop governance and management KPIs

    This phase involves the following participants:

    • CISO
    • CIO
    • Business representative

    Step 1.1

    Evaluate

    Activities
    1.1.1 Prioritize governance accountabilities
    1.1.2 Prioritize management responsibilities
    1.1.3 Evaluate current organizational structure

    This step involves the following participants:

    • CISO
    • CIO
    • Business representative

    Outcomes of this step

    • Defined governance accountabilities
    • Defined management responsibilities

    Design Your Governance Model

    Step 1.1 > Step 1.2 > Step 1.3

    Evaluate: Getting started

    Element Questions
    Compliance What voluntary or mandatory standards must be represented in my governance model?
    Legal What laws are the organization accountable to? Who is the accountable party?
    Business needs What does the business need to operate? What sort of informational or operational flows need to be accounted for?
    Culture How does the business operate? Are departments siloed or cooperative? Where does security fit in?
    Decision-making process How are decisions made? Who is involved? What information needs to be available to do so?
    Willingness to be governed Is the organization adverse to formal governance mechanisms? Are there any opportunities to improve alignment with the business?
    Relevant trends Are there recent developments (e.g. new privacy laws) that are likely to affect the organization in the future? Will this complicate or simplify governance modeling efforts?
    Stakeholder interests Who are the internal and external stakeholders that need to be represented in the governance model?

    The above is a summary of COBIT 2019 EDM01.01 Evaluate the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

    1.1.1 Prioritize governance accountabilities

    1-2 hours

    Using the example on the next slide, complete the following steps.

    1. Download Info-Tech's Security Governance Model Tool using the link below and customize the stakeholder groups on tab 1 to reflect the makeup of your organization.
    2. Using the previous slide as a guide, evaluate your organization's internal and external pressures and discuss their possible impacts your governance and management model.
    3. Complete tab 2, Governance Prioritization, indicating your response to each prompt using the drop-down menus. The tool will score your responses and provide you with a prioritized list of governance accountabilities based on greatest need on tab 4, Governance Model Builder.
    4. Review the list and make any desired modifications to the prompts on tab 2 and then move on to Activity 1.1.2. (We will return to tab 4 in Step 2.1.) Remember to evaluate the results against the internal/external pressure analysis to ensure these details are reflected.

    Download the Security Governance Model Tool

    Input Output
    • List of governance pressures
  • Prioritized list of governance accountabilities
  • Materials Participants
    • Security Governance Model Tool
    • CISO
    • CIO
    • Security Operations
    • Business representative (optional)

    Security Governance and Management Model Tool

    Tabs 2 and 3

    Security Governance and Management Model Tool

    1.1.2 Prioritize management responsibilities

    1 hours

    Using the examples on the previous slide, complete the following steps.

    1. Complete tab 3, Management Prioritization, indicating your response to each prompt using the drop-down menus. The tool will score your responses and provide you with a prioritized list of governance accountabilities based on greatest need on tab 4, Governance Model Builder.
    2. Review the list and make any desired modifications to the prompts on tab 3 and then move on to Activity 1.1.3. (We will return to tab 4 in Step 2.1.) Remember to evaluate the results against the internal/external pressure analysis to ensure these details are reflected.

    Download Security Governance Model Tool

    InputOutput
    • Pressure analysis
    • Prioritized list of management responsibilities
    MaterialsParticipants
    • Security Governance Model Tool
    • CISO
    • CIO
    • Business representative (optional)

    Security Governance and Management Model Tool

    Tab 4

    Security Governance and Management Model Tool Tab 4

    1.1.3 Evaluate current organizational structure

    1-3 hours

    1. Download and modify Info-Tech's Security Governance Organizational Structure Template to reflect the reporting structure at your organization. If such a document already exists, simply review it and move on to the next step below.
    2. Determine if the current organizational structure will negatively affect your ability to pursue the items in your prioritized lists from governance accountabilities and management responsibilities (e.g. conflicts of interest related to oversight or reporting), and discuss the feasibility of changing the current governance structure.
    3. Record these recommended changes and any other key points you'd like the business or other stakeholders to be aware of. We'll use this information in the business alignment exercise in Step 2.1

    Download the Security Governance Organizational Structure Template

    Input Output
    • Prioritized lists of governance accountabilities and management responsibilities
    • Updated organizational structure
    Materials Participants
    • Security Governance Organizational Structure Template
    • CISO

    Info-Tech resources

    Locate structural problems in advance

    • If you do not already have a diagram of your organization's reporting structure, use this template to create one. Examples are provided for high, medium, and low maturity.
    • The existing reporting structure will likely affect the governance model you create, as it may not be feasible to assign certain governance accountabilities and management responsibilities to certain stakeholders.
      • For example, it may make sense for the head of security to approve the security budget, but if they report to a CIO with greater authority that accountability will likely have to sit with the CIO instead.

    Download the Security Governance Organizational Structure Template

    Security Governance Organizational Structure

    Step 1.2

    Direct

    Activities
    1.2.1 Align with the business
    1.2.2 Build security governance and management model
    1.2.3 Finalize governance and management model

    This step involves the following participants:

    CISO

    CIO

    Business representative

    Outcomes of this step

    • Record of key stakeholder interactions
    • Visual governance model

    Design Your Governance Model

    Step 1.1 > Step 1.2 > Step 1.3

    Direct: Getting started

    Element Questions
    Business alignment Do we have a full understanding of the business's approach to risk and security's role to support business objectives?
    Organizational security process How well do our current processes work? Are we missing any key processes?
    Steering committee Will we use a dedicated steering committee to oversee security governance, or will another stakeholder assume this role?
    Security awareness Does the organization have a strong security culture? Does an effort need to be made to educate stakeholder groups on the role of security in the organization?
    Roles and responsibilities Does the organization use RACI charts or another system to define roles and document duties?
    Communication flows Do we have a good understanding of how information flows between stakeholder groups? Are there any gaps that need to be addressed (e.g. regular board reporting)?

    The above is a summary of COBIT 2019 EDM01.02 Direct the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

    Embed security governance within enterprise governance

    Design structures, processes, authority definitions, and steering committee assignments to drive optimal business results.

    Embed security governance within enterprise governance

    1.2.1 Align with the business

    1-3 hours

    1. Request a meeting with the business to present your findings from the previous activities in Step 1.1. As you prepare for the meeting, remember to following points:
    • The goal here is to align, not to command. You want the business to see the security team as a strategic ally that supports the pursuit of business goals.
    • Make recommendations and explain any security risks associated with the direction the business wants to take, but the goal is not to strongarm the business into adopting your perspective.
    • Above all, listen to the business to learn more about how they relate to governance and what their priorities are. This will help you adapt your governance model to better support business needs.

    Info-Tech Insight
    A lack of business participation does not mean your governance initiative is doomed. From this lack, we can still infer their attitudes toward security governance, and we can account for this in our governance model. This may limit the maturity your program can reach, but it doesn't prevent improvements from being made to your current security governance.

    InputOutput
    • Prioritized lists of governance accountabilities and management responsibilities
    • Current organizational structure
    • List of recommendations or proposed changes
    • Security governance and management target state definition
    MaterialsParticipants
    • Means to capture key points of the conversation (e.g. notebook, recorded meeting)
    • CISO
    • CIO
    • Business representative

    1.2.2 Build security governance and management model

    1-2 hours

    Using the example on the next slide, complete the following steps:

    1. On tab 4, review the prioritized lists for governance accountabilities and management responsibilities and begin assigning them to the appropriate stakeholder groups.
    • Remember: Responsibilities can be assigned to up to four stakeholders, but there can be only one party listed as accountable.
  • Use the drop-down menus to record any interactions that occur between the groups (e.g. repots to, appoints, approves, oversees).
    • Documenting these interactions will help you ensure your governance program accounts for inputs and outputs that are required by, or that otherwise affect, your various stakeholder groups.

    Note: You may wish to review Info-Tech's governance model templates before completing this activity to get an idea of what you'll be working toward in this step. See slides 37-38.

    Download Security Governance Model Tool

    InputOutput
    • Prioritized lists of governance accountabilities and management responsibilities
    • Target state from business alignment exercise
    • Summary of governance model
    MaterialsParticipants
    • Security Governance Model Tool
    • CISO
    • CIO
    • Business representative (optional)

    Security Governance and Management Model Tool

    Tab 5

    Security Governance and Management Model Tool Tab 5

    Security Governance and Management Model Tool continued

    Tab 6

    Security Governance and Management Model Tool Tab 6

    1.2.3 Visualize your security governance and management model

    1-2 hours

    1. Download the Security Governance Model Templates using the link below and determine which of the three example models most closely resembles your own.
    2. Once you have chosen an example to work from, begin customizing it to reflect the governance model completed in Activity 1.2.2. See next slide for example.

    Note: You do not have to use these templates. If you prefer, you can use them as inspiration and design your own model.

    Download Security Governance Model Templates

    InputOutput
    • Results of Activity 2.1.2
    • Security governance and management model diagram
    MaterialsParticipants
    • Security Governance Model Templates
    • CISO

    Customize the template

    Customize the template

    Step 1.3

    Monitor

    Activities
    1.3.1 Develop governance and management KPIs

    This step involves the following participants:

    • CISO
    • CIO
    • Security team
    • Business representative

    Outcomes of this step

    Key performance indicators

    Design Your Governance Model

    Step 1.1 > Step 1.2 > Step 1.3

    Monitor: Getting started

    Element Questions
    Metrics Does the organization have a well-developed metrics program or will this need to be taken up as a separate effort? Have we considered what outcomes we are hoping to see as a result of implementing a new governance and management model?
    Existing and emerging threats What has changed or is likely to change in the future that may destabilize our governance program? What do we need to do to mitigate any security risks to our organizational governance and management?

    The above is a summary of COBIT 2019 EDM01.03 Monitor the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

    1.3.1 Develop governance and management KPIs

    1-2 hours

    This activity is meant to provide a starting point for key governance metrics. To develop a comprehensive metrics program, see Info-Tech's Build a Security Metrics Program to Drive Maturity blueprint.

    1. Create a list of four to six outcomes you'd like to see as the result of your new governance model. Be as specific as you can; the better defied the outcome, the easier it will be to determine suitable KPI.
    2. For each desired outcome, determine what would best indicate that progress is being made toward that state.
    • Desired outcome: security team is consulted before critical business decisions are made.
    • Success criteria: the business evaluates Security's recommendations before starting new projects
    • Possible KPI: % of critical business decisions made with security consultation
    • See next slide for additional examples

    Note: Try to phrase each KPI using percents, which helps to add context to the metric and will make it easier to explain when reporting metrics in the future.

    Input Output
    • List of desired outcomes after new governance model implemented
    • Set of key performance indicators
    Materials Participants
    • Whiteboard
    • CISO
    • CIO
    • Security team
    • Business representative (optional)

    Example KPIs

    Desired Outcome Success Criteria Possible KPI
    Security team is consulted before critical business decisions are made The business evaluates Security's recommendations before starting new projects % of critical business decisions with Security consultation
    Greater alignment over risk appetite The business does not take on initiatives with excessive security risks % of incidents stemming from not following Security's risk management recommendations
    Reduced number of policy exceptions Policy exceptions are only granted when a clear need is present and a formal process is followed % of incidents stemming from policy exceptions
    Improved policy adherence Policies are understood and followed throughout the organization % of incidents stemming from policy violations

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    1. Improved business alignment
    2. Developing formal process to manage security risks
    3. Separating governance from management
    Metric Current Goal
    % of critical business decisions with Security consultation 20% 100%
    % of incidents stemming from not following Security's risk management recommendations 65% 0%
    % of incidents stemming from policy exceptions 35% 5%
    % of incidents stemming from policy violations 40% 5%
    % of ad hoc decisions made (i.e. not accounted for by governance model 85% 5%
    % of accepted security risks evaluated against risk appetite 50% 100%
    % of deferred steering committee decisions (i.e. decisions not made ASAP after issue arises) 50% 5%
    % of policies approved within target window (e.g. 1 month) 20% 100%

    Phase 2

    Implement Essential Governance Processes

    Phase 1
    1.1 Evaluate
    1.2 Direct
    1.3 Monitor

    Phase 2
    2.1 Implement Oversight
    2.2 Set Risk Appetite
    2.3 Implement Policy Lifecycle

    This phase will walk you through the following activities:

    • Draft Steering Committee Charter
    • Complete Steering Committee RACI
    • Draft qualitative risk statements
    • Model policy lifecycle
    • Establish exceptions-handling process

    This phase involves the following participants:

    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Establish Security Governance & Management

    Step 2.1

    Implement Oversight

    Activities
    2.1.1 Draft steering committee charter
    2.1.2 Complete steering committee RACI

    This step involves the following participants:

    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Outcomes of this step

    Steering Committee Charter and RACI

    Implement Essential Governance Processes

    Step 2.1 > Step 2.2 > Step 2.3

    2.1.1 Draft steering committee charter

    1-3 hours

    This activity is meant to provide a starting point for your steering committee. If a more comprehensive approach is desired, see Info-Tech's Improve Security Governance With a Security Steering Committee blueprint.

    1. Download the template using the link below and review the various sections of the document
    2. Review slides 50-51 to help determine the scope of your steering committee's role. Discuss with other stakeholder groups, as necessary, to determine the steering committee's duties, how often the group will meet, and what the regular meeting agenda will be.
    3. Customize the template to suit your organization's needs.

    Download Information Security Steering Committee Charter

    Input Output
    • N/A
    • Steering Committee
    Materials Participants
    • Information Security Steering Committee Charter Template
    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Steering committee membership

    Representation is key, but don't try to please everyone

    • For your steering committee to be effective, it should include representatives from across the organization. However, it is important not to overextend committee membership, which can interfere with decision making.
    • Participants should be selected based on the identified responsibilities of the security steering committee, and the number of people should be appropriate to the size and complexity of the organization.

    Example steering committee

    CISO
    CRO
    Internal Audit
    CIO
    Business Leaders
    HR
    Legal

    Download Information Security Steering Committee Charter

    Typical steering committee duties

    Strategic Oversight Policy Governance
    • Provide oversight and ensure alignment between information security governance and company objectives.
    • Assess the adequacy of resources and funding to sustain and advance successful security programs and practices for identifying, assessing, and mitigating cybersecurity risks across all business functions.
    • Review control audit reports and resulting remediation plans to ensure business alignment
    • Review the company's cyber insurance policies to ensure appropriate coverage.
    • Provide recommendations, based on security best practices, for significant technology investments.
    • Review policy-exception requests to determine if potential security risks can be accepted or if a workaround exists.
    • Assess the ramifications of updates to policies and standards.
    • Establish standards and procedures for escalating significant security incidents to the board, other steering committees, government agencies, and law enforcement, as appropriate.

    Typical steering committee duties

    Risk Governance Monitoring and Reporting
    • Review and approve the company's information risk governance structure.
    • Assess the company's high-risk information assets and coordinate planning to address information privacy and security needs.
    • Provide input to executive management regarding the enterprise's information security risk tolerance.
    • Review the company's cyber-response preparedness, incident response plans, and disaster recovery capabilities as applicable to the organization's information security strategy.
    • Promote an open discussion regarding information risk and integrate information risk management into the enterprise's objectives.
    • Receive periodic reports and coordinate with management on the metrics used to measure, monitor, and manage cyber risks posed to the company and to review periodic reports on selected security risk topics as the committee deems appropriate.
    • Monitor and evaluate the quality and effectiveness of the company's technology security, capabilities for disaster recovery, data protection, cyber threat detection, and cyber incident response, and management of technology-related compliance risks.

    2.1.2 Complete steering committee RACI

    1-3 hours

    1. Download the RACI template and review the membership roles. Customize the template to match the makeup of your steering committee.
    2. Read through each task in the left-hand column and determine who will be involved:
    • R - responsible: the person doing the action (can be multiple)
    • A - accountable: the owner of the task, usually a department head who delegates the execution of the task (only assigned to one stakeholder)
    • C - consulted: stakeholders that offer some kind of guidance, advice, or recommendation (can be multiple)
    • I - Informed: stakeholders that receive status updates about the task (can be multiple)

    Note: All tasks must have accountability and responsibility assigned (sometimes a single stakeholder is accountable and responsible). However, not all tasks will have someone consulted or informed.

    Download Information Security Steering Committee RACI Chart

    InputOutput
    • N/A
    • Defined roles and responsibilities
    MaterialsParticipants
    • RACI Chart
    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Step 2.2

    Set Risk Appetite

    Activities
    2.2.1 Draft qualitative risk statements

    This step involves the following participants:

    • CISO
    • CIO
    • Business representative

    Outcomes of this step

    Qualitative risk appetite

    Implement Essential Governance Processes

    Step 2.1 > Step 2.2 > Step 2.3

    Know your appetite for risk

    What is an organizational risk appetite?

    Setting risk appetite is a key governance function, as it structures how your organization will deal with the risks it will inevitably face - when they can be accepted, when they need to be mitigated, and when they must be rejected entirely.

    It is important to note that risk appetite and risk tolerance are not the same. Risk appetite refers to the amount of risk the organization is willing to accept as part of doing business, whereas risk tolerance has more to do with individual risks affecting one or more lines of business that exceed that appetite. Such risks are often tolerated as individual cases that can be mitigated to an acceptable level of risk even though it exceeds the risk-appetite threshold.

    Chart Risk Appetite

    2.1.2 Draft qualitative risk-appetite statements

    1-3 hours

    This activity is meant to provide a starting point for risk governance. To develop a comprehensive risk-management program, see Info-Tech's Combine Security Risk Management Components Into One Program blueprint.

    1. Draft statements that express your attitudes toward the kinds of risks your organization faces. The point is to set boundaries to better understand when risk mitigation may be necessary.
    2. Examples:
    • We will not accept risks that may cause us to violate SLAs.
    • We will avoid risks that may prevent the organization from operating normally.
    • We will not accept risks that may result in exposure of confidential information.
    • We will not accept risks that may cause significant brand damage.
    • We will not accept risks that pose undue risk to human life or safety.
    InputOutput
    • Definitions for high, medium, low impact and frequency
    • Set of qualitative risk-appetite statements
    MaterialsParticipants
    • Whiteboard
    • CISO
    • CIO
    • Business representative

    Step 2.3

    Implement Policy Lifecycle

    Activities
    2.3.1 Model your policy lifecycle
    2.3.2 Establish exception-approval process

    This step involves the following participants:

    • CISO
    • CIO

    Outcomes of this step

    Policy lifecycle

    Exceptions-handling process

    Implement Essential Governance Processes

    Step 2.1 > Step 2.2 > Step 2.3

    2.3.1 Model your policy lifecycle

    1-3 hours

    This activity is meant to provide a starting point for policy governance. To develop a comprehensive policy-management program, see Info-Tech's Develop and Deploy Security Policies blueprint.

    1. Review the sections within the Security Policy Lifecycle Template and delete any sections or subsections that do not apply to your organization.
    2. As necessary, modify the lifecycle and receive approved sign-off by your organization's leadership.
    3. Solicit feedback from stakeholders, specifically, IT department management and business stakeholders.

    Download the Security Policy Lifecycle Template

    InputOutput
    • N/A
    • Policy lifecycle
    MaterialsParticipants
    • Security Policy Lifecycle Template
    • CISO
    • CIO

    Develop the security policy lifecycle

    The security policy lifecycle is an integral component of the security policy program and adds value by:

    • Setting out a roadmap to define needs, develop required documentation, and implement, communicate, and measure your policy program.
    • Defining roles and responsibilities for the security policy suite.
    • Aligning the business goals, security program goals, and policy objectives.

    Security Policy Lifecycle

    Diagram inspired by: ComplianceBridge, 2021

    2.3.2 Establish exception-approval process

    1-3 hours

    1. Download the Security Policy Exception Approval Template and customize it to match your exception-handling process. Be sure to account for the recommendations on the next slide.
    2. Use the Policy Exception Tracker to record and monitor granted exceptions.

    Download the Security Policy Exception Approval Workflow

    Download the Security Policy Exception Tracker

    Input Output
    • Answers to questions provided
    • Exception-handling process
    Materials Participants
    • Security Policy Exception Approval Workflow
    • Security Policy Exception Tracker
    • CISO
    • CIO

    Determine criteria to grant policy exception

    A key part of security risk and policy governance

    • Not all policies can be complied with all the time. As technology and business needs change, sometimes exceptions must be granted for operations to continue smoothly.
    • Exceptions can be either short or long term.
      • Short-term exceptions are often granted until a particular security gap can be closed, such as allowing staff to temporarily use new laptops that have yet to receive a required VPN for remote access.
      • Long-term exceptions usually occur when closing the gap entirely is not feasible. For example, a legacy system may be unable to meet evolving security standards, but there is no room in the budget to replace it.
    • Having a formal approval process for exceptions and a record of granted exceptions will help you to stay on top of security risk governance.

    Before granting an exception:

    1. Assess security risks associated with doing so: are they acceptable?
    2. Look for another way to resolve the issue: is a suitable workaround possible?
    3. Evaluate mitigating controls: is it possible to provide an equivalent level of security via other means?
    4. Assign risk ownership: who will be accountable if an incident arises from the exception?
    5. Determine appeals process: when disagreements arise, how will the final decision be made?

    Sources: University of Virginia; CIS

    Summary of Accomplishment

    Problem Solved

    You have now established a formal governance model for your organization - congratulations! Building this model and determining stakeholders' accountabilities and responsibilities is a big step.

    Remember to continue to use the evaluate-direct-monitor framework to make sure your governance model evolves as organizational governance matures and priorities shift.

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Build Governance Model
    Build a customized security governance model for your organization.

    Develop policy lifecycle
    Develop a policy lifecycle and exceptions-handling process.

    Related Info-Tech Research

    Build an Information Security Strategy

    Design a Business-Focused Security Program

    Combine Security Risk Management Components Into One Program

    Research contributors and experts

    Michelle Tran, Consulting Industry

    Michelle Tran
    Consulting Industry

    One anonymous contributor

    Bibliography

    Durbin, Steve. "Achieving The Five Levels Of Information Security Governance." Forbes, 4 Apr. 2023. Accessed 4 Apr. 2023.

    Eiden, Kevin, et al. "Organizational Cyber Maturity: A Survey of Industries." McKinsey & Company, 4 Aug. 2021. Accessed 25 Apr. 2023.

    "Information Security Exception Policy." Center for Internet Security, 2020. Accessed 14 Apr. 2023.

    "Information Security Governance." EDUCAUSE, n.d. Accessed 27 Apr. 2023.

    ISACA. COBIT 2019 Framework: Governance and Management Objectives. GF Books, 2018.

    Policies & Procedures Team. "Your Policy for Policies: Creating a Policy Management Framework." ComplianceBridge, 30 Apr. 2021. Accessed 27 Apr. 2023.

    "Security and the C-Suite: Making Security Priorities Business Priorities." LogRhythm, Feb. 2021. Accessed 25 Apr 2023.

    University of Virginia. "Policy, Standards, and Procedures Exceptions Process." Information Security at UVA, 1 Jun. 2022. Accessed 14 Apr. 2023

    Operations management

    • Buy Link or Shortcode: {j2store}12|cart{/j2store}
    • Related Products: {j2store}12|crosssells{/j2store}
    • Up-Sell: {j2store}12|upsells{/j2store}
    • member rating overall impact: 10.0/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    IT Operations is all about effectiveness. We make sure that you deliver reliable services to the clients and users within the company.

    Improve your core processes

    Improve your core processes


    We have over 45 fully detailed
    and interconnected process guides
    for you to improve your operations

    Managing and improving your processes is key to attaining commercial success

    Our practical guides help you to improve your operations

    We have hundreds of practical guides, grouped in many processes in our model. You may not need all of them. I suggest you browse within the belo top-level categories below and choose where to focus your attention. And with Tymans Group's help, you can go one process area at a time.

    If you want help deciding, please use the contact options below or click here.

    Check out our guides

    Our research and guides are priced from €299,00

    • Gert Taeymans Guidance

      Tymans Group Guidance & Consulting

      Tymans Group guidance and (online) consulting using both established and forward-looking research and field experience in our management domains.

      Contact

    • Tymans Group
      & Info-Tech
      Combo

      Get both inputs, all of the Info-tech research (with cashback rebate), and Tymans Group's guidance.

      Contact

    • Info-Tech Research

      Info-Tech offers a vast knowledge body, workshops, and guided implementations. You can buy Info-Tech memberships here at Tymans Group with cashback, reducing your actual outlay.

      Contact

    Register to read more …

    The MVP Major Incident Manager

    The time has come to hire a new major incident manager. How do you go about that? How do you choose the right candidate? Major incident managers must have several typically conflicting traits, so how do you pick the right person? Let's dive into that.

    Register to read more …

    The First 100 Days as CISO

    • Buy Link or Shortcode: {j2store}248|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 50 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Make a good first impression at your new job.
    • Obtain guidance on how you should approach the first 100 days.
    • Assess the current state of the security program and recommend areas of improvement and possible solutions.
    • Develop a high-level security strategy in three months.

    Our Advice

    Critical Insight

    • Every CISO needs to follow Info-Tech’s five-step approach to truly succeed in their new position. The meaning and expectations of a CISO role will differ from organization to organization and person to person, however, the approach to the new position will be relatively the same.
    • Eighty percent of your time will be spent listening. The first 100 days of the CISO role is an information gathering exercise that will involve several conversations with different stakeholders and business divisions. Leverage this collaborative time to understand the business, its internal and external operations, and its people. Unequivocally, active listening will build company trust and help you to build an information security vision that reflects that of the business strategy.
    • Start “working” before you actually start the job. This involves finding out as much information about the company before officially being an employee. Investigate the company website and leverage available organizational documents and initial discussions to better understand your employer’s leadership, company culture ,and business model.

    Impact and Result

    • Hit the ground running with Info-Tech’s ready-made agenda vetted by CISO professionals to impress your colleagues and superiors.
    • Gather details needed to understand the organization (i.e. people, process, technology) and determine the current state of the security program.
    • Track and assess high-level security gaps using Info-Tech’s diagnostic tools and compare yourself to your industry’s vertical using benchmarking data.
    • Deliver an executive presentation that shows key findings obtained from your security evaluation.

    The First 100 Days as CISO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why the first 100 days of being a CISO is a crucial time to be strategic. Review Info-Tech’s methodology and discover our five-step approach to CISO success.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare

    Review previous communications to prepare for your first day.

    • CISO Diary
    • Introduction Sheet

    2. Build relationships

    Understand how the business operates and develop meaningful relationships with your sphere of influence.

    3. Inventory components of the business

    Inventory company assets to know what to protect.

    4. Assess security posture

    Evaluate the security posture of the organization by leveraging Info-Tech’s IT Security diagnostic program.

    • Diagnostic Benchmarks: Security Governance & Management Scorecard
    • Diagnostic Benchmarks: Security Business Satisfaction Report

    5. Deliver plan

    Communicate your security vision to business stakeholders.

    • The First 100 Days as CISO Executive Presentation Template
    • The First 100 Days as CISO Executive Presentation Example
    [infographic]

    Infrastructure and Operations Priorities 2023

    • Buy Link or Shortcode: {j2store}54|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Disruptive & Emerging Technologies
    • Parent Category Link: /disruptive-emerging-technologies
    • Get out of your I&O silo. I&O teams must be expected to work alongside and integrate with cyber security operations.
    • Being unprepared for new ESG reporting mandates without a clear and validated ESG reporting process puts your organization at risk.
    • Get ahead of inflationary pressures with early budgetary planning and identify the gap between the catchup projects and required critical net new investments.

    Our Advice

    Critical Insight

    • Establish I&O within an AI governance program to build trust in AI results, behaviors, and limit legal exposure.
    • Develop data governance program that includes an I&O data steward for oversight.
    • Ready or not, the metaverse is coming to an infrastructure near you. Start expanding I&O technologies and processes to support a metaverse infrastructure.

    Impact and Result

    • Provide a framework that highlight the impacts the threats of an economic slowdown, growing regulatory reporting requirements, cyber security attacks and opportunity that smart governance over AI, data stewardship and the looming explosion of augmented reality and Web 3.0 technologies.
    • Info-Tech can help communicate your I&O priorities into compelling cases for your stakeholders.

    Infrastructure and Operations Priorities 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Infrastructure & Operations Priorities 2023 – A framework to dive deeper into the trends most relevant to you and your organization

    Discover Info-Tech's six priorities for Infrastructure & Operations leaders.

    Infographic

    Further reading

    Infrastructure &Operations Priorities 2023

    Navigate the liminal space between threats and opportunities.

    2023: A liminal space between threats and opportunities

    Over the last several years, successful CEOs turned to their Infrastructure and Operations (I&O) departments to survive the effects of the pandemic. It was I&O leaders who were able to reconfigure critical infrastructure on the fly to support remote work, adapt to critical supply chain shortages, and work with lines of business managers to innovate operational workflows.

    2023 promises to bring a new set of challenges. Building on the credibility established during the pandemic, I&O is in a unique position to influence the direction a business will take to be successful in a time of austerity.

    I&O members are going to be asked to mitigate the threats of volatility from recession pressures, new cybersecurity attacks, and operational process and litigation from regulatory mandates. At the same time, I&O members are being asked for fundamental digital transformation items to realize long-term opportunities to their organizations in 2023.

    Seemingly counter-intuitive in a time of economic slowdown, organizations in 2023 will want to start the groundwork to realizing the I&O opportunities that unstructured data and artificial intelligence have promised, while prepping for what has been mislabeled as the Metaverse.

    If you are in a traditionally risk adverse industry, you’re more likely to be impacted by the threat mitigation.

    Opportunistic I&O members will use 2023 to proactively jumpstart digital transformation.

    Introduction

    Welcome to the Info-Tech 2023 I&O Priorities Report

    If I&O members learned anything from the last few years, it’s how to tactically respond to the disruptive waves often arising from sources external to the organization. The good news is that Info-Tech’s I&O priorities report provides forward-looking insights to help members become more proactive to the tsunami of change predicted in our Trends Report to happen over the next three to five years.

    Info-Tech I&O priorities are generated through a phased approach. The first phase senses and identifies mega and macro tends in the digital landscape to formulate hypotheses about the trends for the next three to five years. These hypotheses are validated by sending out a survey to Info-Tech members. The responses from 813 members was used to produce an Info-Tech Trends Report focused on major long-term trends.

    The I&O Priorities were determined by combining the I&O member responses within the Info-tech Trends Survey with insightful signals from secondary research, economic markets, regulatory bodies, industry organizations, and vendors. The six I&O priorities identified in this report are presented in a framework that highlight the impacts of an economic slowdown, growing regulatory reporting requirements, cybersecurity threats, smart governance of AI, embracing stewardship of data, and the looming explosion of augmented reality and Web 3.0 technologies.

    We also have a challenge exercise to help you communicate which priorities to focus your I&O organization on. Additionally, we linked some Info-tech research and tools related to the priorities that help your I&O organization formulate actionable plans for each area.

    Priorities

    Six forward-looking priorities for the next year.

    Focus

    Activity to help select which priorities are relevant for you.

    Actions

    Actionable Info-tech research and tools to help you deliver.

    Infrastructure & Operations priorities

    The I&O priorities were determined by combining I&O member responses from the Tech Trends and Priorities 2023 survey with insightful signals from secondary research, economic markets, regulatory bodies, industry organizations, and vendors.

    The image contains a screenshot of the Infrastructure & Operations priorities.

    I&O Priorities 2023

    The image contains a screenshot of the I&O Priorities.

    I&O priorities framework

    Threats signals

    Enhance I&O Cybersecurity

    Produce ESG Reporting

    Recession Readiness

    Get out of your silo. Forget your job description and start doing what needs to be done.

    Infrastructure rarely has authority in these areas, but somehow it ends up with many of the responsibilities. You can't afford to be reactive. Forget about your traditional silo and get out in front of these topics. Not in your job description? Find out whose job it is and make them aware. Better yet – take charge! If you're going to be responsible you might as well be in control.

    Opportunities signals

    AI Governance: Watching the Watchers

    Prep for A Brave New Metaverse

    Data Governance: Cornerstone of Value

    Proper stewardship of data is an I&O must. If thought you had problems with your unstructured data, wait until you see the data sprawl coming from the metaverse.

    I&O needs to be so much more than just an order taker for the dev teams and lines of business. The sprawl of unstructured data in Word, Excel, PDF and PowerPoint was bad historically; imagine those same problems at metaverse scale! Simple storage and connectivity is no longer enough – I&O must move upstream with more sophisticated service and product offerings generated through proper governance and stewardship.

    Challenge: Expand the I&O border

    The hidden message in this report is that I&O priorities extend beyond the traditional scope of I&O functions. I&O members need to collaborate across functional areas to successfully address the priorities presented in this report.

    Info-Tech can help! Align your priorities with our material on how to Build a Business-Aligned IT Strategy. Use a modified version of the Strategy Initiative Template (next slide) to convey your strong opinion on the priorities you need your stakeholders to know about. And do so in a way that is familiar so they will easily understand.

    The image contains a screenshot of Info-Tech's Maturity Ladder.
    Info-Tech 2023 Trends Survey Results

    Call your Executive Advisor or Counselor to help identify the one or two key messages you want to bring forward for success in 2023!

    Info-Tech IT Strategy Initiative Template, from the IT Strategy Presentation Template & Priorities Report Initiative Template

    .
    The image contains a screenshot of a template for your priorities.

    Protect from threats

    Get out of your silo. Forget your job description and just start doing what needs to be done.

    Enhance I&O Cybersecurity

    Produce ESG Reporting

    Recession Readiness

    Enhance cybersecurity response

    SIGNALS

    Cybersecurity incidents are
    a clear and present danger
    to I&O members.

    Cybersecurity incidents have
    a large financial impact
    on organizations.

    Related Info-Tech Research

    Of the surveyed I&O members, 53% identified cybersecurity incidents as the number one threat disrupting their operations in 2023. It’s understandable, as over 18% of surveyed I&O members experienced a cybersecurity incident in 2022. Alarmingly, 10% of surveyed I&O members didn’t know if they had a cybersecurity incident. The impact to the organization was with 14% of those incidents directly impacting their organizations for anywhere from 6 to 60 days.

    The 2022 report “Cost of a Data Breach” was conducted by IBM and the Ponemon Institute using data from 550 companies (across 17 countries) that experienced a security incident during a 12-month period ending in March 2022. It highlighted that the average total organizational cost of a security breach globally was USD 4.35M (locally these numbers expand to USA at USD 9.44M, Canada at USD 5.64, UK at USD 5.05M, Germany at USD 4.85M).

    (Source: IBM, 2022)

    Enhance cybersecurity response

    SIGNALS

    Organizations' exposure comes from internal and external sources.

    The right tools and process can reduce the impact of a cybersecurity incident.

    Related Info-Tech Research

    The IBM/Ponemon Institute report highlighted the following:

    • 59% of organizations didn’t deploy a zero-trust architecture on critical infrastructure to reduce exposure.
    • 19% of the breaches originated from within their business partner eco-system.
    • 45% were cloud-based.

    (Source: IBM, 2022)

    The IBM/Ponemon Institute report also identified technologies and procedures to reduce the fiscal impacts of cybersecurity breaches. Having a dedicated security incident response team with a regularly tested plan reduced the incident cost by an average of USD 2.66M. A fully implemented AI security deduction and response automation system can provide average incident savings of 27.6%.

    Enhance cybersecurity response

    SIGNALS

    Cybersecurity spending is a major and expanding expenditure for our members.

    Cybersecurity is going
    to include brand misinformation.

    For 36% of surveyed I&O members, cybersecurity consumed between 10-20% of their total budget in 2022. Moreover, cybersecurity defense funding is expected to increase for 57% of I&O members.

    A third of surveyed I&O members viewed misinformation as a major risk to their organization for 2023 and 2024. Only 38% of the I&O members reported that they will have software in place to monitor and manage social media posts.

    Increasing environment and regulatory complexity demands more sophisticated cybersecurity operations.

    Infrastructure teams must be expected to work alongside and integrate with cybersecurity operations.

    Enhance cybersecurity response

    CALL TO ACTION

    Get out of your I&O silo and form cross-functional cybersecurity teams.

    I&O priority actions

    Establish a cross-functional security steering committee to coordinate security processes and technologies. The complexity of managing security across modern applications, cloud, IoT, and network infrastructure that members operate is greater than ever before and requires coordinated teamwork.

    Contain the cyber threat with zero trust (ZT) architecture. Extend ZT to network and critical infrastructure to limit exposure.

    Leverage AI to build vigilant security intelligence. Smart I&O operators will make use of AI automation to augment their security technologies to help detect threats and contain security incidents on critical infrastructure.

    Enhance cybersecurity response

    I&O priority actions

    Build specialized cybersecurity incident management protocols with your service desk. Build integrated security focused teams within service desk operations that continually test and improve security incident response protocols internally and with specialized security vendors. In some organizations, security incident response teams extend beyond traditional infrastructure into social media. Work cross-functionally to determine the risk exposure to misinformation and incident response procedures.

    Treat lost or stolen equipment as a security incident. Develop hardware asset management protocols for tracking and reporting on these incidents and keep a record of equipment disposal. Implement tools that allow for remote deletion of data and report on lost or stolen equipment.

    Produce ESG reporting

    SIGNALS

    Government mandates present an operational risk to I&O members.

    ESG reporting is
    often incomplete.

    Related Info-Tech Research

    Surveyed members identified government-enacted policy changes to be a top risk to disrupting to their business operations in 2023. One of the trends identified by Info-Tech is that the impact of regulations on environmental, social, and governance (ESG) reporting are being rolled out by governments worldwide.

    Alarmingly, only 7% of surveyed members responded that they could very accurately report on their carbon footprint and 23% said they were not able to report accurately at all.

    Produce ESG reporting

    SIGNALS

    ESG mandates are being rolled out globally.

    ESG reporting has greatly expanded since a 2017 report by Task Force on Climate-Related Financial Disclosures (TCFD, 2017) which recommended that organizations disclose climate-related financial metrics for investors to appropriately price climate-related risks to share price. In 2021, the Swiss Finance Institute research paper (Sautner, 2021) identified 29 countries that require ESG reporting, primarily for larger public companies, financial institutions, and state-owned corporations.

    Global ESG mandates

    The image contains a screenshot of a world map that demonstrates the Global ESG Mandates.

    29 nations with ESG mandates identified by the Swiss Finance Institute

    Produce ESG reporting

    SIGNALS

    ESG mandates are being rolled out globally.

    The EU has mandated ESG reporting for approximately 11,700 large public companies with more than 500 employees under the Non-Financial Reporting Directive (NFRD), since 2014. The EU is going to replace the NFRD with the Corporate Sustainability Reporting Directive (European Council, 2022), which has set a 3-year timetable for escalating the ESG reporting level to what is estimated to be about 75% of EU total turnover (WorldFavor, 2022).

    • 2024: Companies with 500 or more employees.
    • 2025: Companies with 250 or more employee or 40M EU in revenue/20M in total assets.
    • 2026: SMEs, smaller credit financial, and captive insurance institutions.

    It's been a long time since most enterprises had to report on things like power efficiency factors.

    But don't think that being in the cloud will insulate you from a renewed interest in ESG reporting.

    Produce ESG reporting

    CALL TO ACTION

    Being unprepared for new ESG reporting mandates without a clear and validated ESG reporting process puts your organization at risk.

    I&O priority actions

    Understand ESG risk exposure. Define the gap between what ESG reporting is required in your jurisdiction and current reporting capabilities to meet them. Build the I&O role with responsibility for ESG reporting.

    Include vendors in ESG reporting. Review infrastructure facilities with landlords, utilities, and hosting providers to see if they can provide ESG reporting on sustainable power generation, then map it to I&O power consumption as part of their contractual obligations. Ask equipment vendors to provide ESG reporting on manufacturing materials and energy consumption to boot-strap data collection.

    Implement a HAM process to track asset disposal and other types of e-waste. Update agreements with disposal vendors to get reporting on waste and recycle volumes.

    Produce ESG reporting

    I&O priority actions

    Implement an ESG reporting framework. There are five major ESG reporting frameworks being used globally. Select one of the frameworks below that makes sense for your organization, and implement it.

    ISO 14001 Environmental Management: Part of the ISO Technical Committee family of standards that allows your organization to understand its legal requirements to become certified in ESG.

    Global Reporting Initiative (GRI) Sustainability Reporting Standards: GRI has been developing ESG reporting standards since 1997. GRI provides a modular ESG framework applicable to all sizes and sectors of organizations worldwide.

    Principles for Responsible Investment: UN-developed framework for ESG reporting framework for disclosure in responsible investments.

    Sustainability Accounting Standards Board (SASB): ESG report framework to be used by investors.

    UN Global Compact: ESG reporting framework based on 10 principles that organizations can voluntarily contribute data to.

    Implement a HAM process to track asset disposal and other types of e-waste. Update agreements with disposal vendors to get reports on waste and recycle volumes.

    Recession readiness

    SIGNALS

    Managing accelerated technical debt.

    Recessionary pressures.

    Related Info-Tech Research

    I&O members experienced a spike in technical debt following the global pandemic economic shutdown, workforce displacement, and highly disrupted supply chains. 2023 presents a clear opportunity to work on these projects.

    The shortages in workforce and supply chain have accelerated inflation post pandemic. Central banks have started to slow down inflation in 2022 by raising interest rates. However, the World Bank has forecast a potential 2% rise in interest rates as the battle with inflation continues into 2023 and beyond, which could set off a global slowdown in GDP growth to 0.5%, qualifying as a recession. If interest rates continue to climb, I&O members may struggle with the higher cost of capital for their investments.

    (Source: World Bank Organization, 2022)

    Recession readiness

    SIGNALS

    I&O budgets expected to increase.

    Focused budgetary increases.

    Despite economists’ prediction of a looming recession and inflationary pressures, only 11% of I&O members surveyed indicated that they anticipated any reduction in IT budgets for 2023. In fact, 44% of I&O members expected an increase of IT budgets of between 6% and 30%.

    These increases in budget are not uniform across all investments. Surveyed I&O members indicated that the largest anticipated budget increases (compared to 2022) were in the areas of:

    • AI/machine learning ( +7.5%)
    • 5G (+7%)
    • Data Mesh/Fabric and Data Lake infrastructure (+5.7% and +4.4%, respectively)
    • Mixed reality technologies (augmented or virtual reality) (+3.3%)
    • Next generation cybersecurity (+1.7%)

    "2022 has been the first true opportunity to start getting caught up on technical debt stemming from the post pandemic supply chain and resource shortages. That catch-up is going to continue for some time.

    Unfortunately, the world isn't sitting still while doing that. In fact, we see new challenges around inflationary pressures. 2023 planning is going to be a balancing act between old and new projects."

    Paul Sparks,
    CTO at Brookshire Grocery Company

    Recession readiness

    SIGNALS

    Tough choices on budgetary spends.

    The responses indicated that I&O members expect decreased reinvestment for 2023 for the following:

    • API programming (-21.7%)
    • Cloud computing (-19.4%)
    • 44% of I&O members indicated if 2023 requires costs cutting, 5-20% of their cloud computing investment will be at risk of the chopping block!
    • Workforce management (-9.4%)
    • No-code /low-code infrastructure (-5.3%)

    Make sure you can clearly measure the value of all budgeted I&O activities.

    Anything that can't demonstrate clear value to leadership is potentially on the chopping block.

    Recession readiness

    CALL TO ACTION

    Get ahead of inflationary pressures with early budgetary planning, and identify the gap between the catch-up projects and required critical net new investments.

    II&O priority actions

    Hedge against inflation on infrastructure projects. Develop and communicate value-based strategies to lock in pricing and mitigate inflationary risk with vendors.

    Communicate value-add on all I&O budgeted items. Define an infrastructure roadmap to highlight which projects are technical debt and which are new strategic investments, and note their value to the organization.

    Look for cost saving technologies. Focus on I&O projects that automate services to increase productivity and optimize head count.

    Realize opportunities

    Build on a record of COVID-related innovation success and position the enterprise to take advantage of 2023.

    AI governance: Watching the watchers

    Data stewardship: Cornerstone of value

    Prep for a brave new metaverse

    AI governance: Watching the watchers

    SIGNALS

    Continued investment
    in AI technologies

    AI technology is permeating diverse I&O functional areas.

    Related Info-Tech Research

    About 32% of survey respondents who work in I&O said that they already invest in AI, and 40% intend to invest in 2023.

    I&O members have identified the following areas as the top five focal points for AI uses within their organizations.

    • Automated repetitive, low-level tasks
    • Business analytics or intelligence
    • Identification of risks and improvement of security response
    • Monitoring and governance
    • Sensor data analysis

    AI governance: Watching the watchers

    SIGNALS

    Consequences for misbehaving AI.

    I&O leaders can expect to have silos of AI in pockets scattered across the enterprise. Without oversight on the learning model and the data used for training and analytics there is a risk of overprovisioning, which could reduce the efficiency and effectiveness of AI models and results.

    This scale advantage of AI could result in operational inefficiencies without oversight. For example, bad governance means garbage in / garbage out. Which is worse: getting 100 outputs from a system with a 1% error rate, or getting 10,000 outputs from a system with an 1% error rate?

    These are just the operational issues; legally you can be on the hook, as well. The EU Parliament has issued a civil liability regime for AI (European Parliament, n.d.) which imposes liability to operators of AI systems, regardless of whether they acted with operational due diligence. Additionally, the IEEE (IEEE, 2019) is advocating for legal frameworks and accountability for AI that violates human rights and privacy laws and causes legal harm.

    Who is going to instill standards for AI Operations? Who is going to put in the mechanisms to validate and explain the output of AI black boxes?

    If you said it’s going to end up
    being Infrastructure and Operations – you were right!

    AI governance: Watching the watchers

    CALL TO ACTION

    Establish I&O within an AI governance program to build trust in AI results and behaviors and limit legal exposure.

    I&O priority actions

    Define who has overall AI accountability for AI governance within I&O. This role is responsible for establishing strategic governance metrics over AI use and results, and identifying liability risks.

    Maintain an inventory of AI use. Conduct an audit of where AI is used within I&O, and identify gaps in documentation and alignment with I&O processes and organizational values.

    Define an I&O success map. Provide transparency of AI use by generating pseudo code of AI models, and scorecard AI decision making with expected predictions and behavioral actions taken.

    AI governance: Watching the watchers

    Manage bias in AI decision making. Work with AI technology vendors to identify how unethical bias can enter the results, using operational data sets for validation prior to rollout.

    Protect AI data sets from manipulation. Generate new secure storage for AI technology audit trails on AI design making and results. Work with your security team to ensure data sets used by AI for training can’t be corrupted.

    Data governance: Cornerstone of value

    SIGNALS

    Data volumes grow
    with time.

    Data is seen as a source for generating new value.

    Related Info-Tech Research

    Of surveyed I&O members, 63% expected to see the data storage grow by at least 10% in 2023, and 15% expected a 30% or more growth in data storage volumes.

    I&O members identified the top three ways data brings value to the organization:

    • Helping reduce operational costs.
    • Presenting value-added to existing products and services.
    • Acquiring new customers.

    Data governance: Cornerstone of value

    SIGNALS

    Approach to data analysis is primarily done in-house.

    85% of surveyed I&O members are doing data analysis with custom-made or external tools. Interestingly, 10% of I&O members do not conduct any data analysis.

    Members are missing a formal data governance process.

    81% of surveyed I&O members do not have a formal or automated process for data governance. Ironically, 24% of members responded that they aim to have publicly accessible data-as-a-service or information repositories.

    Despite investment in data initiatives, organizations carry high levels of data debt.

    Info-Tech research, Establish Data Governance, points out that data debt, the accumulated cost associated with sub-optimal governance of data assets, is a problem for 78% of organizations.

    What the enterprise expects out of enterprise storage is much more complicated in 2023.

    Data protection and governance are non-negotiable aspects of enterprise storage, even when it’s unstructured.

    Data governance: Cornerstone of value

    SIGNALS

    Data quality is the primary driver for data governance.

    The data governance market
    is booming.

    Related Info-Tech Research

    In the 2022 Zaloni survey of data governance professionals, 71% indicated that consistent data quality was the top metric for data governance, followed by reduced time to insight and regulatory compliance.

    (Source: Zaloni DATAVERSITY, 2022)

    The Business Research Company determined that the global data governance market is expected to grow from $3.28 billion in 2022 to $7.42 billion in 2026 at a CAGR of 22.7% in response to 74 zettabytes of data in 2021, with a growth rate of 1.145 trillion MB of new data being created every day.

    (Source: Business Research Company, 2022)

    Data governance: Cornerstone of value

    CALL TO ACTION

    Develop a data governance program that includes an I&O data steward for oversight.

    I&O priority actions

    Establish an I&O data steward. Make data governance by establishing a data steward role with accountability for governance. The steward works collaboratively with DataOPs to control access to I&O data, enforce policies, and reduce the time to make use of the data.

    Define a comprehensive storage architecture. If you thought you had a data sprawl problem before, wait until you see the volume of data generated from IoT and Web 3.0 applications. Get ahead of the problem by creating an infrastructure roadmap for structured and unstructured data storage.

    Build a solid backbone for AI Operations using data quality best practices. Data quality is the foundation for generation of operational value from the data and artificial intelligence efforts. Focus on using a methodology to build a culture of data quality within I&O systems and applications that generate data rather than reactive fixes.

    Look to partner with third-party vendors for your master data management (MDM) efforts. Modern MDM vendors can work with your existing data fabrics/lake and help leverage your data governance policies into the cloud.

    Prep for a brave new metaverse

    SIGNALS

    From science fiction to science fact.

    The term metaverse was coined in 1992 by Neal Stephenson and is a common theme in science fiction. For most I&O surveyed professionals, the term metaverse conjures up more confusion than clarity, as it’s not one place, but multiple metaverse worlds. The primordial metaverse was focused on multiplayer gaming and some educational experiences. It wasn’t until recently that it gained a critical mass in the fashion and entertainment industries with the use of non-fungible tokens (NFT). The pandemic created a unique opportunity for metaverse-related technologies to expand Web 3.0.

    Related Info-Tech Research

    Prep for a brave new metaverse

    SIGNALS

    Collaboration and beyond.

    On one hand, metaverse technologies virtual reality(VR)/augmented reality (AR) headsets can be a method of collaborating internally within a single organization. About 10% of our surveyed I&O members engaged this type of collaborative metaverse in 2022, with another 24% looking to run proof of concept projects in 2023. However, there is a much larger terrain for metaverse projects outside of workforce collaboration, which 17% of surveyed I&O members are planning to engage with in 2023.

    These are sophisticated new metaverse worlds, and digital twins of production environments are being created for B2B collaboration, operations, engineering, healthcare, architecture, and education that include the use of block chain, NFTs, smart contracts, and other Web 3.0 technologies

    “They are the audiovisual bodies that people use to communicate with each other in the Metaverse.”

    Neal Stephenson,
    Snow Crash 1992

    Prep for a brave new metaverse

    SIGNALS

    Metaverse requires multidimensional security.

    Security in the context of the metaverse presents new challenges to I&O. The infrastructure that runs the metaverse is still vulnerable to “traditional” security threats. New attack vectors include financial and identity fraud, privacy and data loss, along with new cyber-physical threats which are predicted to occur as the metaverse begins to integrate with IoT and other 3D objects in the physical world.

    The ultimate in "not a product" – the metaverse promises to be a hodgepodge of badly standardized technologies for the near future.

    Be prepared to take care of pets and not cattle for the foreseeable future, but keep putting the fencing around the ranch.

    Prep for a brave new metaverse

    SIGNALS

    Generating new wave of sophisticated engineering coming.

    Economics boom around metaverse set to explode.

    Related Info-Tech Research

    Beyond the current online educational resources, there are reputable universities around the world, including Stanford University, that are offering courses on metaverse and Web 3.0 concepts.

    (Source: Arti, 2022)

    So, what’s providing the impetus for all this activity and investment? Economics. In their 2022 report, Metaverse and Money, Citi estimated that the economic value of the metaverse(s) will have 900M to 1B VR/AR users and 5 billion Web 3.0 users with market sizes of $1-2T and $8-$13T, respectively. Yes, that’s a “T” for Trillions.

    (Source: Ghose, 2022)

    Prep for a brave new metaverse

    CALL TO ACTION

    Ready or not, the metaverse is coming to an infrastructure near you. Start expanding I&O technologies and processes to support a metaverse infrastructure.

    I&O priority actions

    Develop a plan for network upgrades.

    A truly immersive VR/AR experience requires very low latency. Identify gaps and develop a plan to enhance your network infrastructure surrounding your metaverse space(s) and end users.

    Extend security posture into the metaverse.

    Securing the infrastructure that runs your metaverse is going to extend the end-user equipment used to navigate it. More importantly, security policies need to encompass the avatars that navigate it and the spatial web that they interact with, which can include physical world items like IoT.

    Prep for a brave new metaverse

    I&O priority actions

    Metaverse theft prevention

    Leverage existing strategies to identify management in the metaverse. Privacy policies need to extend their focus to data loss prevention within the metaverse.

    Collaborate

    The skill set required to build, deploy, manage, and support the metaverse is complex. Develop a metaverse support organization that extends beyond I&O functions into security, DevOps, and end-user experiences.

    Educate

    Web 3.0 technologies and business models are complex. Education of I&O technical- and commerce-focused team members is going to help prevent you from getting blindsided. Seek out specialized training programs for technical staff and strategic education for executives, like the Wharton School of Business certification program.

    Authors

    John Annand

    Theo Antoniadis

    John Annand

    Principal Research Director

    Theo Antoniadis

    Principal Research Director

    Contributors

    Paul Sparks,
    CTO at Brookshire Grocery Company

    2 Anonymous Contributors

    Figuring out the true nature of the “Turbo” button of his 486DX100 launched John on a 20-year career in managed services and solution architecture, exploring the secrets of HPC, virtualization, and DIY WANs built with banks of USR TotalControl modems. Today he focuses his research and advisory on software-defined infrastructure technologies, strategy, organization, and service design in an increasingly Agile and DevOps world.

    Theo has decades of operational and project management experience with start-ups and multinationals across North America and Europe. He has held various consulting, IT management and operations leadership positions within telecommunications, SaaS, and software companies.

    Bibliography

    “3 Cybersecurity Trends that are Changing Financial Data Management." FIMA US. Accessed August 2022.
    Arti. “While much of the world is just discovering the Metaverse, a number of universities have already established centers for studying Web 3." Analytics Insight. 10 July 2022.
    “Artificial intelligence (AI) for cybersecurity." IBM. Accessed September 2022
    “Business in the Metaverse Economy." Wharton School of University of Pennsylvania. Accessed October 2022.
    “Cost of a data breach 2022: A million-dollar race to detect and respond." IBM. Accessed September 2022.
    “Countries affected by mandatory ESG reporting – here’s the list." New Zealand Ministry of Business, Innovation & Employment. Accessed September 2022.
    “Countries affected by mandatory ESG reporting – here’s the list.” WorldFavor. Accessed September 2022.
    Crenshaw, Caroline A. “SEC Proposes to Enhance Disclosures by Certain Investment Advisers and Investment Companies About ESG Investment Practices." U.S. Securities and Exchange Commission. May 2022.
    “Cutting through the metaverse hype: Practical guidance and use cases for business." Avanade. Accessed October 2022.
    “Data Governance Global Market Sees Growth Rate Of 25% Through 2022." The Business Research Company. August 2022.
    “DIRECTIVE 2014/95/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 22 October 2014 amending Directive 2013/34/EU as regards disclosure of non-financial and diversity information by certain large undertakings and groups." UER-Lex. Accessed September 2022.
    "Ethically Aligned Design: A Vision for Prioritizing Human Well-being with Autonomous and Intelligent Systems." IEEE. March 2019.
    “European Parliament resolution of 20 October 2020 with recommendations to the Commission on a civil liability regime for artificial intelligence." European Parliament. Accessed October 2022.
    Ghose, Ronit et al. "Metaverse and Money." Citi GPS. March 2022.
    Hernandez, Roberto, et al. “Demystifying the metaverse." PWC. Accessed August 2022.
    Info-Tech Trends Report Survey, 2023; N=813.
    “ISO 14000 Family: Environmental Management." ISO. Accessed October 2022.
    Knight, Michelle & Bishop, Annie, ”The 2022 State of Cloud Data Governance.“ Zaloni DATAVERSITY. 2022.

    Bibliography

    Kompella, Kashyap, “What is AI governance and why do you need it?“ TechTarget. March 2022.
    “Management of electronic waste worldwide in 2019, by method." Statista. 2022.
    “Model Artificial Intelligence Governance Framework and Assessment Guide.“ World Economic Forum. Accessed September 2022.
    “Model Artificial Intelligence Governance Framework." PDPC Singapore. Accessed October 2022.
    “New rules on corporate sustainability reporting: provisional political agreement between the Council and the European Parliament.“ European Council. June 2022.
    "OECD Economic Outlook Volume 2022." OECD iLibrary. June 2022.
    "Recommendations of the Task Force on Climate-related Financial Disclosures." TCFD. Accessed August 2022.
    “Risk of Global Recession in 2023 Rises Amid Simultaneous Rate Hikes.” World Bank Organization. September 2022.
    Sautner, Zacharias, et al. “The Effects of Mandatory ESG Disclosure around the World.” SSRN. November 2021.
    Sondergaard, Peter. “AI GOVERNANCE – WHAT ARE THE KPIS? AND WHO IS ACCOUNTABLE?“ The Sondergaard Group. November 2019.
    Srivastavam Sudeep, “How can your business enter the Metaverse?." Appinventiv.
    September 2022.
    “Standards Overview." SASB. Accessed October 2022.
    Stephenson, Neal. Snow Crash. Bantam Books, 1992.
    “Sustainability Reporting Standards." Global Reporting Initiative. Accessed October 2022.
    “The Ten Principles of the UN Global Compact." UN Global Compact. Accessed October 2022.
    Tian Tong Lee, Sheryl. "China Unveils ESG Reporting Guidelines to Catch Peers.” Bloomberg. May 2022.
    “What are the Principles for Responsible Investment?" UNPRI. Accessed October 2022.
    "What is the EU's Corporate Sustainability Reporting Directive (CSRD)?" WorldFavor.
    June 2022.
    West, Darrell M. “Six Steps to Responsible AI in the Federal Government.“ Brookings Institution. March 2022. Web.

    Become a Transformational CIO

    • Buy Link or Shortcode: {j2store}86|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Business transformations are happening, but CIOs are often involved only when it comes time to implement change. This makes it difficult for the CIO to be perceived as an organizational leader.
    • CIOs find it difficult to juggle operational activities, strategic initiatives, and involvement in business transformation.
    • CIOs don’t always have the IT organization structured and mobilized in a manner that facilitates the identification of transformation opportunities, and the planning for and the implementation of organization-wide change.

    Our Advice

    Critical Insight

    • Don’t take an ad hoc approach to transformation.
    • You’re not in it alone.
    • Your legacy matters

    Impact and Result

    • Elevate your stature as a business leader.
    • Empower the IT organization to act with a business mind first, and technology second.
    • Create a high-powered IT organization that is focused on driving lasting change, improving client experiences, and encouraging collaboration across the entire enterprise.
    • Generate opportunities for organizational growth, as manifested through revenue growth, profit growth, new market entry, new product development, etc.

    Become a Transformational CIO Research & Tools

    Start here – read the Executive Brief

    Read our Executive Brief to find out why you should undergo an evolution in your role as a business leader, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Are you ready to lead transformation?

    Determine whether you are ready to focus your attention on evolving your role.

    • Become a Transformational CIO – Phase 1: Are You Ready to Lead Transformation?

    2. Build business partnerships

    Create a plan to establish key business partnerships and position IT as a co-leader of transformation.

    • Become a Transformational CIO – Phase 2: Build Business Partnerships
    • Partnership Strategy Template

    3. Develop the capability to transform

    Mobilize the IT organization and prepare for the new mandate.

    • Become a Transformational CIO – Phase 3: Develop the Capability to Transform
    • Transformation Capability Assessment

    4. Shift IT’s focus to the customer

    Align IT with the business through a direct, concentrated focus on the customer.

    • Become a Transformational CIO – Phase 4: Shift IT’s Focus to the Customer
    • Transformational CIO Value Stream Map Template
    • Transformational CIO Business Capability Map Template

    5. Adopt a transformational approach to leadership

    Determine the key behaviors necessary for transformation success and delegate effectively to make room for new responsibilities.

    • Become a Transformational CIO – Phase 5: Adopt a Transformational Approach to Leadership
    • Office of the CIO Template

    6. Sustain the transformational capability

    Track the key success metrics that will help you manage transformation effectively.

    • Become a Transformational CIO – Phase 6: Sustain the Transformational Capability
    • Transformation Dashboard
    [infographic]

    Workshop: Become a Transformational CIO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Determine Readiness to Become a Transformational CIO

    The Purpose

    Understand stakeholder and executive perception of the CIO’s performance and leadership.

    Determine whether the CIO is ready to lead transformation.

    Key Benefits Achieved

    Decision to evolve role or address areas of improvement as a pre-requisite to becoming a transformational CIO.

    Activities

    1.1 Select data collection techniques.

    1.2 Conduct diagnostic programs.

    1.3 Review results and define readiness.

    Outputs

    Select stakeholder and executive perception of the CIO

    Decision as to whether to proceed with the role evolution

    2 Build Business Partnerships

    The Purpose

    Identify potential business partners and create a plan to establish key partnerships.

    Key Benefits Achieved

    An actionable set of initiatives that will help the CIO create valuable partnerships with internal or external business stakeholders.

    Activities

    2.1 Identify potential business partners.

    2.2 Evaluate and prioritize list of potential partners.

    2.3 Create a plan to establish the target partnerships.

    Outputs

    Partnership strategy

    3 Establish IT’s Ability to Transform

    The Purpose

    Make the case and plan for the development of key capabilities that will enable the IT organization to handle transformation.

    Key Benefits Achieved

    A maturity assessment of critical capabilities.

    A plan to address maturity gaps in preparation for a transformational mandate.

    Activities

    3.1 Define transformation as a capability.

    3.2 Assess the current and target transformation capability maturity.

    3.3 Develop a roadmap to address gaps.

    Outputs

    Transformation capability assessment

    Roadmap to develop the transformation capability

    4 Shift IT’s Focus to the Customer

    The Purpose

    Gain an understanding of the end customer of the organization.

    Key Benefits Achieved

    A change in IT mindset away from a focus on operational activities or internal customers to external customers.

    A clear understanding of how the organization creates and delivers value to customers.

    Opportunities for business transformation.

    Activities

    4.1 Analyze value streams that impact the customer.

    4.2 Map business capabilities to value streams.

    Outputs

    Value stream maps

    Business capability map

    5 Establish Transformation Leadership and Sustain the Capability

    The Purpose

    Establish a formal process for empowering employees and developing new leaders.

    Create a culture of continuous improvement and a long-term focus.

    Key Benefits Achieved

    Increased ability to sustain momentum that is inherent to business transformations.

    Better strategic workforce planning and a clearer career path for individuals in IT.

    A system to measure IT’s contribution to business transformation.

    Activities

    5.1 Set the structure for the office of the CIO.

    5.2 Assess current leadership skills and needs.

    5.3 Spread a culture of self-discovery.

    5.4 Maintain the transformation capability.

    Outputs

    OCIO structure document

    Transformational leadership dashboard

    Mergers & Acquisitions: The Buy Blueprint

    • Buy Link or Shortcode: {j2store}325|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 5 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    There are four key scenarios or entry points for IT as the acquiring organization in M&As:

    • IT can suggest an acquisition to meet the business objectives of the organization.
    • IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and valuates the organization potentially being acquired.
    • IT needs to reactively prepare its environment to enable the integration.

    Consider the ideal scenario for your IT organization.

    Our Advice

    Critical Insight

    Acquisitions are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    • The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    • A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    • Transactions that are driven by digital motivations, requiring IT’s expertise.
    • There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.

    Impact and Result

    Prepare for a growth/integration transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Mergers & Acquisitions: The Buy Blueprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how your organization can excel its growth strategy by engaging in M&A transactions. Review Info-Tech’s methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Proactive Phase

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    • One-Pager: M&A Proactive
    • Case Study: M&A Proactive
    • Information Asset Audit Tool
    • Data Valuation Tool
    • Enterprise Integration Process Mapping Tool
    • Risk Register Tool
    • Security M&A Due Diligence Tool

    2. Discovery & Strategy

    Create a standardized approach for how your IT organization should address acquisitions.

    • One-Pager: M&A Discovery & Strategy – Buy
    • Case Study: M&A Discovery & Strategy – Buy

    3. Due Diligence & Preparation

    Evaluate the target organizations to minimize risk and have an established integration project plan.

    • One-Pager: M&A Due Diligence & Preparation – Buy
    • Case Study: M&A Due Diligence & Preparation – Buy
    • IT Due Diligence Charter
    • Technical Debt Business Impact Analysis Tool
    • IT Culture Diagnostic
    • M&A Integration Project Management Tool (SharePoint)
    • SharePoint Template: Step-by-Step Deployment Guide
    • M&A Integration Project Management Tool (Excel)
    • Resource Management Supply-Demand Calculator

    4. Execution & Value Realization

    Deliver on the integration project plan successfully and communicate IT’s transaction value to the business.

    • One-Pager: M&A Execution & Value Realization – Buy
    • Case Study: M&A Execution & Value Realization – Buy

    Infographic

    Workshop: Mergers & Acquisitions: The Buy Blueprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Pre-Transaction Discovery & Strategy

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for acquiring.

    Formalize the program plan.

    Create the valuation framework.

    Strategize the transaction and finalize the M&A strategy and approach.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Set up crucial elements to facilitate the success of the transaction.

    Have a repeatable transaction strategy that can be reused for multiple organizations.

    Activities

    1.1 Conduct the CIO Business Vision and CEO-CIO Alignment Diagnostics.

    1.2 Identify key stakeholders and outline their relationship to the M&A process.

    1.3 Identify the rationale for the company's decision to pursue an acquisition.

    1.4 Assess the IT/digital strategy.

    1.5 Identify pain points and opportunities tied to the acquisition.

    1.6 Create the IT vision and mission statements and identify IT guiding principles and the transition team.

    1.7 Document the M&A governance.

    1.8 Establish program metrics.

    1.9 Create the valuation framework.

    1.10 Establish the integration strategy.

    1.11 Conduct a RACI.

    1.12 Create the communication plan.

    1.13 Prepare to assess target organization(s).

    Outputs

    Business perspectives of IT

    Stakeholder network map for M&A transactions

    Business context implications for IT

    IT’s acquiring strategic direction

    Governance structure

    M&A program metrics

    IT valuation framework

    Integration strategy

    RACI

    Communication plan

    Prepared to assess target organization(s)

    2 Mid-Transaction Due Diligence & Preparation

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for integration.

    Assess the target organization(s).

    Create the valuation framework.

    Plan the integration roadmap.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Methodology identified to assess organizations during due diligence.

    Methodology can be reused for multiple organizations.

    Integration activities are planned and assigned.

    Activities

    2.1 Gather and evaluate the stakeholders involved, M&A strategy, future-state operating model, and governance.

    2.2 Review the business rationale for the acquisition.

    2.3 Establish the integration strategy.

    2.4 Create the due diligence charter.

    2.5 Create a list of IT artifacts to be reviewed in the data room.

    2.6 Conduct a technical debt assessment.

    2.7 Assess the current culture and identify the goal culture.

    2.8 Identify the needed workforce supply.

    2.9 Create the valuation framework.

    2.10 Establish the integration roadmap.

    2.11 Establish and align project metrics with identified tasks.

    2.12 Estimate integration costs.

    Outputs

    Stakeholder map

    IT strategy assessment

    IT operating model and IT governance structure defined

    Business context implications for IT

    Integration strategy

    Due diligence charter

    Data room artifacts

    Technical debt assessment

    Culture assessment

    Workforce supply identified

    IT valuation framework

    Integration roadmap and associated resourcing

    3 Post-Transaction Execution & Value Realization

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for integration.

    Plan the integration roadmap.

    Prepare employees for the transition.

    Engage in integration.

    Assess the transaction outcomes.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Integration activities are planned and assigned.

    Employees are set up for a smooth and successful transition.

    Integration strategy and roadmap executed to benefit the organization.

    Review what went well and identify improvements to be made in future transactions.

    Activities

    3.1 Identify key stakeholders and determine IT transaction team.

    3.2 Gather and evaluate the M&A strategy, future-state operating model, and governance.

    3.3 Review the business rationale for the acquisition.

    3.4 Establish the integration strategy.

    3.5 Prioritize integration tasks.

    3.6 Establish the integration roadmap.

    3.7 Establish and align project metrics with identified tasks.

    3.8 Estimate integration costs.

    3.9 Assess the current culture and identify the goal culture.

    3.10 Identify the needed workforce supply.

    3.11 Create an employee transition plan.

    3.12 Create functional workplans for employees.

    3.13 Complete the integration by regularly updating the project plan.

    3.14 Begin to rationalize the IT environment where possible and necessary.

    3.15 Confirm integration costs.

    3.16 Review IT’s transaction value.

    3.17 Conduct a transaction and integration SWOT.

    3.18 Review the playbook and prepare for future transactions.

    Outputs

    M&A transaction team

    Stakeholder map

    IT strategy assessed

    IT operating model and IT governance structure defined

    Business context implications for IT

    Integration strategy

    Integration roadmap and associated resourcing

    Culture assessment

    Workforce supply identified

    Employee transition plan

    Employee functional workplans

    Updated integration project plan

    Rationalized IT environment

    SWOT of transaction

    M&A Buy Playbook refined for future transactions

    Further reading

    Mergers & Acquisitions: The Buy Blueprint

    For IT leaders who want to have a role in the transaction process when their business is engaging in an M&A purchase.

    EXECUTIVE BRIEF

    Analyst Perspective

    Don’t wait to be invited to the M&A table, make it.

    Photo of Brittany Lutes, Research Analyst, CIO Practice, Info-Tech Research Group.
    Brittany Lutes
    Research Analyst,
    CIO Practice
    Info-Tech Research Group
    Photo of Ibrahim Abdel-Kader, Research Analyst, CIO Practice, Info-Tech Research Group.
    Ibrahim Abdel-Kader
    Research Analyst,
    CIO Practice
    Info-Tech Research Group

    IT has always been an afterthought in the M&A process, often brought in last minute once the deal is nearly, if not completely, solidified. This is a mistake. When IT is brought into the process late, the business misses opportunities to generate value related to the transaction and has less awareness of critical risks or inaccuracies.

    To prevent this mistake, IT leadership needs to develop strong business relationships and gain respect for their innovative suggestions. In fact, when it comes to modern M&A activity, IT should be the ones suggesting potential transactions to meet business needs, specifically when it comes to modernizing the business or adopting digital capabilities.

    IT needs to stop waiting to be invited to the acquisition or divestiture table. IT needs to suggest that the table be constructed and actively work toward achieving the strategic objectives of the business.

    Executive Summary

    Your Challenge

    There are four key scenarios or entry points for IT as the acquiring organization in M&As:

    • IT can suggest an acquisition to meet the business objectives of the organization.
    • IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and valuates the organization potentially being acquired.
    • IT needs to reactively prepare its environment to enable the integration.

    Consider the ideal scenario for your IT organization.

    Common Obstacles

    Some of the obstacles IT faces include:

    • IT is often told about the transaction once the deal has already been solidified and is now forced to meet unrealistic business demands.
    • The business does not trust IT and therefore does not approach IT to define value or reduce risks to the transaction process.
    • The people and culture element are forgotten or not given adequate priority.

    These obstacles often arise when IT waits to be invited into the transaction process and misses critical opportunities.

    Info-Tech's Approach

    Prepare for a growth/integration transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Info-Tech Insight

    As the number of merger, acquisition, and divestiture transactions continues to increase, so too does IT’s opportunity to leverage the growing digital nature of these transactions and get involved at the onset.

    The changing M&A landscape

    Businesses will embrace more digital M&A transactions in the post-pandemic world

    • When the pandemic occurred, businesses reacted by either pausing (61%) or completely cancelling (46%) deals that were in the mid-transaction state (Deloitte, 2020). The uncertainty made many organizations consider whether the risks would be worth the potential benefits.
    • However, many organizations quickly realized the pandemic is not a hindrance to M&A transactions but an opportunity. Over 16,000 American companies were involved in M&A transactions in the first six months of 2021 (The Economist). For reference, this had been averaging around 10,000 per six months from 2016 to 2020.
    • In addition to this transaction growth, organizations have increasingly been embracing digital. These trends increase the likelihood that, as an IT leader, you will engage in an M&A transaction. However, it is up to you when you get involved in the transactions.

    The total value of transactions in the year after the pandemic started was $1.3 billion – a 93% increase in value compared to before the pandemic. (Nasdaq)

    Virtual deal-making will be the preferred method of 55% of organizations in the post-pandemic world. (Wall Street Journal, 2020)

    Your challenge

    IT is often not involved in the M&A transaction process. When it is, it’s often too late.

    • The most important driver of an acquisition is the ability to access new technology (DLA Piper), and yet 50% of the time, IT isn’t involved in the M&A transaction at all (IMAA Institute, 2017).
    • Additionally, IT’s lack of involvement in the process negatively impacts the business:
      • Most organizations (60%) do not have a standardized approach to integration (Steeves and Associates).
      • Weak integration teams contribute to the failure of 70% of M&A integrations (The Wall Street Journal, 2019).
      • Less than half (47%) of organizations actually experience the positive results sought by the M&A transaction (Steeves and Associates).
    • Organizations pursuing M&A and not involving IT are setting themselves up for failure.

    Only half of M&A deals involve IT (Source: IMAA Institute, 2017)

    Common Obstacles

    These barriers make this challenge difficult to address for many organizations:

    • IT is rarely afforded the opportunity to participate in the transaction deal. When IT is invited, this often happens later in the process where integration will be critical to business continuity.
    • IT has not had the opportunity to demonstrate that it is a valuable business partner in other business initiatives.
    • One of the most critical elements that IT often doesn’t take the time or doesn’t have the time to focus on is the people and leadership component.
    • IT waits to be invited to the process rather then actively involving themselves and suggesting how value can be added to the process.

    In hindsight, it’s clear to see: Involving IT is just good business.

    47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion. (Source: IMAA Institute, 2017)

    40% of acquiring businesses discovered a cybersecurity problem at an acquisition.” (Source: Okta)

    Info-Tech's approach

    Acquisitions & Divestitures Framework

    Acquisitions and divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    1. The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    2. Transactions that are driven by digital motivations, requiring IT’s expertise.
    3. A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    4. There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.
    A diagram highlighting the 'IT Executives' Role in Acquisitions and Divestitures' when they are integrated at different points in the 'Core Business Timeline'. There are four main entry points 'Proactive', 'Discovery and Strategy', 'Due Diligence and Preparation', and 'Execution and Value Realized'. It is highlighted that IT can and should start at 'Proactive', but most organizations start at 'Execution and Value Realized'. 'Proactive': suggest opportunities to evolve the organization; prove IT's value and engage in growth opportunities early. Innovators start here. Steps of the business timeline in 'Proactive' are 'Organization strategies are defined' and 'M and A is considered to enable strategy'. After a buy or sell transaction is initiated is 'Discovery and Strategy': pre-transaction state. If it is a Buy transaction, 'Establish IT's involvement and approach'. If it is a Sell transaction, 'Prepare to engage in negotiations'. Business Partners start here. Steps of the business timeline in 'Discovery and Strategy' are 'Searching criteria is set', 'Potential candidates are considered', and 'LOI is sent/received'. 'Due Diligence and Preparation': mid-transaction state. If it is a Buy transaction, 'Identify potential transaction benefits and risks'. If it is a Sell transaction, 'Comply, communicate, and collaborate in transaction'. Trusted Operators start here. Steps of the business timeline in 'Due Diligence and Preparation' are 'Due diligence engagement occurs', 'Final agreement is reached', and 'Preparation for transaction execution occurs'. 'Execution and Value Realization': post-transaction state. If it is a Buy transaction, 'Integrate the IT environments and achieve business value'. If it is a Sell transaction, 'Separate the IT environment and deliver on transaction terms'. Firefighters start here. Steps of the business timeline in 'Execution and Value Realization' are 'Staff and operations are addressed appropriately', 'Day 1 of implementation and integration activities occurs', '1st 100 days of new entity state occur' and 'Ongoing risk mitigating and value creating activities occur'.

    The business’ view of IT will impact how soon IT can get involved

    There are four key entry points for IT

    A colorful visualization of the four key entry points for IT and a fifth not-so-key entry point. Starting from the top: 'Innovator', Information and Technology as a Competitive Advantage, 90% Satisfaction; 'Business Partner', Effective Delivery of Strategic Business Projects, 80% Satisfaction; 'Trusted Operator', Enablement of Business Through Application and Work Orders, 70% Satisfaction; 'Firefighter', Reliable Infrastructure and IT Service Desk, 60% Satisfaction; and then 'Unstable', Inability to Consistently Deliver Basic Services, <60% Satisfaction.
    1. Innovator: IT suggests an acquisition to meet the business objectives of the organization.
    2. Business Partner: IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspective.
    3. Trusted Operator: IT participates in due diligence activities and valuates the organization potentially being acquired.
    4. Firefighter: IT reactively engages in the integration with little time to prepare.

    Merger, acquisition, and divestiture defined

    Merger

    A merger looks at the equal combination of two entities or organizations. Mergers are rare in the M&A space, as the organizations will combine assets and services in a completely equal 50/50 split. Two organizations may also choose to divest business entities and merge as a new company.

    Acquisition

    The most common transaction in the M&A space, where an organization will acquire or purchase another organization or entities of another organization. This type of transaction has a clear owner who will be able to make legal decisions regarding the acquired organization.

    Divestiture

    An organization may decide to sell partial elements of a business to an acquiring organization. They will separate this business entity from the rest of the organization and continue to operate the other components of the business.

    Info-Tech Insight

    A true merger does not exist, as there is always someone initiating the discussion. As a result, most M&A activity falls into acquisition or divestiture categories.

    Buying vs. selling

    The M&A process approach differs depending on whether you are the executive IT leader on the buy side or sell side

    This blueprint is only focused on the buy side:

    • More than two organizations could be involved in a transaction.
    • Examples of buy-related scenarios include:
      • Your organization is buying another organization with the intent of having the purchased organization keep its regular staff, operations, and location. This could mean minimal integration is required.
      • Your organization is buying another organization in its entirety with the intent of integrating it into your original company.
      • Your organization is buying components of another organization with the intent of integrating them into your original company.
    • As the purchasing organization, you will probably be initiating the purchase and thus will be valuating the selling organization during due diligence and leading the execution plan.

    The sell side is focused on:

    • Examples of sell-related scenarios include:
      • Your organization is selling to another organization with the intent of keeping its regular staff, operations, and location. This could mean minimal separation is required.
      • Your organization is selling to another organization with the intent of separating to be a part of the purchasing organization.
      • Your organization is engaging in a divestiture with the intent of:
        • Separating components to be part of the purchasing organization permanently.
        • Separating components to be part of a spinoff and establish a unit as a standalone new company.
    • As the selling organization, you could proactively seek out suitors to purchase all or components of your organization, or you could be approached by an organization.

    For more information on divestitures or selling your entire organization, check out Info-Tech’s Mergers & Acquisitions: The Sell Blueprint.

    Core business timeline

    For IT to be valuable in M&As, you need to align your deliverables and your support to the key activities the business and investors are working on.

    Info-Tech’s methodology for Buying Organizations in Mergers, Acquisitions, or Divestitures

    1. Proactive

    2. Discovery & Strategy

    3. Due Diligence & Preparation

    4. Execution & Value Realization

    Phase Steps

    1. Identify Stakeholders and Their Perspective of IT
    2. Assess IT’s Current Value and Future State
    3. Drive Innovation and Suggest Growth Opportunities
    1. Establish the M&A Program Plan
    2. Prepare IT to Engage in the Acquisition
    1. Assess the Target Organization
    2. Prepare to Integrate
    1. Execute the Transaction
    2. Reflection and Value Realization

    Phase Outcomes

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    Create a standardized approach for how your IT organization should address acquisitions.

    Evaluate the target organizations successfully and establish an integration project plan.

    Deliver on the integration project plan successfully and communicate IT’s transaction value to the business.

    Potential metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Due Diligence & Preparation

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT integration
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    The IT executive’s role in the buying transaction is critical

    And IT leaders have a greater likelihood than ever of needing to support a merger, acquisition, or divestiture.

    1. Reduced Risk

      IT can identify risks that may go unnoticed when IT is not involved.
    2. Increased Accuracy

      The business can make accurate predictions around the costs, timelines, and needs of IT.
    3. Faster Integration

      Faster integration means faster value realization for the business.
    4. Informed Decision Making

      IT leaders hold critical information that can support the business in moving the transaction forward.
    5. Innovation

      IT can suggest new opportunities to generate revenue, optimize processes, or reduce inefficiencies.

    The IT executive’s critical role is demonstrated by:

    • Reduced Risk

      47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion (IMAA Institute, 2017).
    • Increased Accuracy

      87% of respondents to a Deloitte survey effectively conducted a virtual deal, with a focus on cybersecurity and integration (Deloitte, 2020).
    • Faster Integration

      Integration costs range from as low as $4 million to as high as $3.8 billion, making the process an investment for the organization (CIO Dive).
    • Informed Decision Making

      Only 38% of corporate and 22% of private equity firms include IT as a significant aspect in their transaction approach (IMAA Institute, 2017).
    • Innovation

      Successful CIOs involved in M&As can spend 70% of their time on aspects outside of IT and 30% of their time on technology and delivery (CIO).

    Playbook benefits

    IT Benefits

    • IT will be seen as an innovative partner to the business, and its suggestions and involvement in the organization will lead to benefits, not hindrances.
    • Develop a streamlined method to valuate the potential organization being purchased and ensure risk management concerns are brought to the business’ attention immediately.
    • Create a comprehensive list of items that IT needs to do during the integration that can be prioritized and actioned.

    Business Benefits

    • The business will get accurate and relevant information about the organization being acquired, ensuring that the anticipated value of the transaction is correctly planned for.
    • Fewer business interruptions will happen, because IT can accurately plan for and execute the high-priority integration tasks.
    • The business can make a fair offer to the purchased organization, having properly valuated all aspects being bought, including the IT environment.

    Insight summary

    Overarching Insight

    As an IT executive, take control of when you get involved in a growth transaction. Do this by proactively identifying acquisition targets, demonstrating the value of IT, and ensuring that integration of IT environments does not lead to unnecessary and costly decisions.

    Proactive Insight

    CIOs on the forefront of digital transformation need to actively look for and suggest opportunities to acquire or partner on new digital capabilities to respond to rapidly changing business needs.

    Discovery & Strategy Insight

    IT organizations that have an effective M&A program plan are more prepared for the buying transaction, enabling a successful outcome. A structured strategy is particularly necessary for organizations expected to deliver M&As rapidly and frequently.

    Due Diligence & Preparation Insight

    Most IT synergies can be realized in due diligence. It is more impactful to consider IT processes and practices (e.g. contracts and culture) in due diligence rather than later in the integration.

    Execution & Value Realization Insight

    IT needs to realize synergies within the first 100 days of integration. The most successful transactions are when IT continuously realizes synergies a year after the transaction and beyond.

    Blueprint deliverables

    Key Deliverable: M&A Buy Playbook

    The M&A Buy Playbook should be a reusable document that enables your IT organization to successfully deliver on any acquisition transaction.

    Screenshots of the 'M and A Buy Playbook' deliverable.

    M&A Buy One-Pager

    See a one-page overview of each phase of the transaction.

    Screenshots of the 'M and A Buy One-Pagers' deliverable.

    M&A Buy Case Studies

    Read a one-page case study for each phase of the transaction.

    Screenshots of the 'M and A Buy Case Studies' deliverable.

    M&A Integration Project Management Tool (SharePoint)

    Manage the integration process of the acquisition using this SharePoint template.

    Screenshots of the 'M and A Integration Project Management Tool (SharePoint)' deliverable.

    M&A Integration Project Management Tool (Excel)

    Manage the integration process of the acquisition using this Excel tool if you can’t or don’t want to use SharePoint.

    Screenshots of the 'M and A Integration Project Management Tool (Excel)' deliverable.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 10 calls over the course of 2 to 4 months.

      Proactive Phase

    • Call #1: Scope requirements, objectives, and your specific challenges.
    • Discovery & Strategy Phase

    • Call #2: Determine stakeholders and their perspectives of IT.
    • Call #3: Identify how M&A could support business strategy and how to communicate.
    • Due Diligence & Preparation Phase

    • Call #4: Establish a transaction team and acquisition strategic direction.
    • Call #5: Create program metrics and identify a standard integration strategy.
    • Call #6: Assess the potential organization(s).
    • Call #7: Identify the integration program plan.
    • Execution & Value Realization Phase

    • Call #8: Establish employee transitions to retain key staff.
    • Call #9: Assess IT’s ability to deliver on the acquisition transaction.

    The Buy Blueprint

    Phase 1

    Proactive

    Phase 1

    Phase 2 Phase 3 Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Growth Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Acquisition
    • 3.1 Assess the Target Organization
    • 3.2 Prepare to Integrate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Conduct the CEO-CIO Alignment diagnostic
    • Conduct the CIO Business Vision diagnostic
    • Visualize relationships among stakeholders to identify key influencers
    • Group stakeholders into categories
    • Prioritize your stakeholders
    • Plan to communicate
    • Valuate IT
    • Assess the IT/digital strategy
    • Determine pain points and opportunities
    • Align goals to opportunities
    • Recommend growth opportunities

    This phase involves the following participants:

    • IT and business leadership

    What is the Proactive phase?

    Embracing the digital drivers

    As the number of merger, acquisition, or divestiture transactions driven by digital means continues to increase, IT has an opportunity to not just be involved in a transaction but actively seek out potential deals.

    In the Proactive phase, the business is not currently considering a transaction. However, the business could consider one to reach its strategic goals. IT organizations that have developed respected relationships with the business leaders can suggest these potential transactions.

    Understand the business’ perspective of IT, determine who the critical M&A stakeholders are, valuate the IT environment, and examine how it supports the business goals in order to suggest an M&A transaction.

    In doing so, IT isn’t waiting to be invited to the transaction table – it’s creating it.

    Goal: To support the organization in reaching its strategic goals by suggesting M&A activities that will enable the organization to reach its objectives faster and with greater-value outcomes.

    Proactive Prerequisite Checklist

    Before coming into the Proactive phase, you should have addressed the following:

    • Understand what mergers, acquisitions, and divestitures are.
    • Understand what mergers, acquisitions, and divestitures mean for the business.
    • Understand what mergers, acquisitions, and divestitures mean for IT.

    Review the Executive Brief for more information on mergers, acquisitions, and divestitures for purchasing organizations.

    Proactive

    Step 1.1

    Identify M&A Stakeholders and Their Perspective of IT

    Activities

    • 1.1.1 Conduct the CEO-CIO Alignment diagnostic
    • 1.1.2 Conduct the CIO Business Vision diagnostic
    • 1.1.3 Visualize relationships among stakeholders to identify key influencers
    • 1.1.4 Group stakeholders into categories
    • 1.1.5 Prioritize your stakeholders
    • 1.16 Plan to communicate

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Understand how the business perceives IT and establish strong relationships with critical M&A stakeholders.

    Business executives' perspectives of IT

    Leverage diagnostics and gain alignment on IT’s role in the organization

    • To suggest or get involved with a merger, acquisition, or divestiture, the IT executive leader needs to be well respected by other members of the executive leadership team and the business.
    • Specifically, the Proactive phase relies on the IT organization being viewed as an Innovator within the business.
    • Identify how the CEO/business executive currently views IT and where they would like IT to move within the Maturity Ladder.
    • Additionally, understand how other critical department leaders view IT and how they view the partnership with IT.
    A colorful visualization titled 'Maturity Ladder' detailing levels of IT function that a business may choose from based on the business executives' perspectives of IT. Starting from the bottom: 'Struggle', Does not embarrass, Does not crash; 'Support', Keeps business happy, Keeps costs low; 'Optimize', Increases efficiency, Decreases costs; 'Expand', Extends into new business, Generates revenue; 'Transform', Creates new industry.

    Misalignment in target state requires further communication between the CIO and CEO to ensure IT is striving toward an agreed-upon direction.

    Info-Tech’s CIO Business Vision (CIO BV) diagnostic measures a variety of high-value metrics to provide a well-rounded understanding of stakeholder satisfaction with IT.

    Sample of Info-Tech's CIO Business Vision diagnostic measuring percentages of high-value metrics like 'IT Satisfaction' and 'IT Value' regarding business leader satisfaction. A note for these two reads 'Evaluate business leader satisfaction with IT this year and last year'. A section titled 'Relationship' has metrics such as 'Understands Needs' and 'Trains Effectively'. A note for this section reads 'Examine indicators of the relationship between IT and the business'. A section titled 'Security Friction' has metrics such as 'Regulatory Compliance-Driven' and 'Office/Desktop Security'.

    Business Satisfaction and Importance for Core Services

    The core services of IT are important when determining what IT should focus on. The most important services with the lowest satisfaction offer the largest area of improvement for IT to drive business value.

    Sample of Info-Tech's CIO Business Vision diagnostic specifically comparing the business satisfaction of 12 core services with their importance. Services listed include 'Service Desk', 'IT Security', 'Requirements Gathering', 'Business Apps', 'Data Quality', and more. There is a short description of the services, a percentage for the business satisfaction with the service, a percentage comparing it to last year, and a numbered ranking of importance for each service. A note reads 'Assess satisfaction and importance across 12 core IT capabilities'.

    1.1.1 Conduct the CEO-CIO Alignment diagnostic

    2 weeks

    Input: IT organization expertise and the CEO-CIO Alignment diagnostic

    Output: An understanding of an executive business stakeholder’s perception of IT

    Materials: CEO-CIO Alignment diagnostic, M&A Buy Playbook

    Participants: IT executive/CIO, Business executive/CEO

    1. The CEO-CIO Alignment diagnostic can be a powerful input. Speak with your Info-Tech account representative to conduct the diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret and draw conclusions from the results.
    3. Examine the results of the survey and note where there might be specific capabilities that could be improved.
    4. Determine whether there are any areas of significant disagreement between the you and the CEO. Mark down those areas for further conversations. Additionally, take note of areas that could be leveraged to support growth transactions or support your rationale in recommending growth transactions.

    Download the sample report.

    Record the results in the M&A Buy Playbook.

    1.1.2 Conduct the CIO Business Vision diagnostic

    2 weeks

    Input: IT organization expertise, CIO BV diagnostic

    Output: An understanding of business stakeholder perception of certain IT capabilities and services

    Materials: CIO Business Vision diagnostic, Computer, Whiteboard and markers, M&A Buy Playbook

    Participants: IT executive/CIO, Senior business leaders

    1. The CIO Business Vision (CIO BV) diagnostic can be a powerful tool for identifying IT capability focus areas. Speak with your account representative to conduct the CIO BV diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret the results and draw conclusions from the diagnostic.
    3. Examine the results of the survey and take note of any IT services that have low scores.
    4. Read through the diagnostic comments and note any common themes. Especially note which stakeholders identified they have a favorable relationship with IT and which stakeholders identified they have an unfavorable relationship. For those who have an unfavorable relationship, identify if they will have a critical role in a growth transaction.

    Download the sample report.

    Record the results in the M&A Buy Playbook.

    Create a stakeholder network map for M&A transactions

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Example:

    Diagram of stakeholders and their relationships with other stakeholders, such as 'Board Members', 'CFO/Finance', 'Compliance', etc. with 'CIO/IT Leader' highlighted in the middle. There are unidirectional black arrows and bi-directional green arrows indicating each connection.

      Legend
    • Black arrows indicate the direction of professional influence
    • Dashed green arrows indicate bidirectional, informal influence relationships

    Info-Tech Insight

    Your stakeholder map defines the influence landscape that the M&A transaction will occur within. This will identify who holds various levels of accountability and decision-making authority when a transaction does take place.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.

    1.1.3 Visualize relationships among stakeholders to identify key influencers

    1-3 hours

    Input: List of M&A stakeholders

    Output: Relationships among M&A stakeholders and influencers

    Materials: M&A Buy Playbook

    Participants: IT executive leadership

    1. The purpose of this activity is to list all the stakeholders within your organization that will have a direct or indirect impact on the M&A transaction.
    2. Determine the critical stakeholders, and then determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      • Use black arrows to indicate the direction of professional influence.
      • Use dashed green arrows to indicate bidirectional, informal influence relationships.

    Record the results in the M&A Buy Playbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps IT leaders categorize their stakeholders by their level of influence and ownership in the merger, acquisition, or divestiture process.

    A prioritization map of stakeholder categories split into four quadrants. The vertical axis is 'Influence', from low on the bottom to high on top. The horizontal axis is 'Ownership/Interest', from low on the left to high on the right. 'Spectators' are low influence, low ownership/interest. 'Mediators' are high influence, low ownership/interest. 'Noisemakers' are low influence, high ownership/interest. 'Players' are high influence, high ownership/interest.

    There are four areas in the map, and the stakeholders within each area should be treated differently.

    Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

    Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

    Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

    Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    1.1.4 Group stakeholders into categories

    30 minutes

    Input: Stakeholder map, Stakeholder list

    Output: Categorization of stakeholders and influencers

    Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

    Participants: IT executive leadership, Stakeholders

    1. Identify your stakeholders’ interest in and influence on the M&A process as high, medium, or low by rating the attributes below.
    2. Map your results to the model to the right to determine each stakeholder’s category.

    Same prioritization map of stakeholder categories as before. This one has specific stakeholders mapped onto it. 'CFO' is mapped as low interest and middling influence, between 'Mediator' and 'Spectator'. 'CIO' is mapped as higher than average interest and high influence, a 'Player'. 'Board Member' is mapped as high interest and high influence, a 'Player'.

    Level of Influence
    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.
    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Record the results in the M&A Buy Playbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Level of Support

    Supporter

    Evangelist

    Neutral

    Blocker

    Stakeholder Category Player Critical High High Critical
    Mediator Medium Low Low Medium
    Noisemaker High Medium Medium High
    Spectator Low Irrelevant Irrelevant Low

    Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How significant is that stakeholder to the M&A or divestiture process?

    These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.

    1.1.5 Prioritize your stakeholders

    30 minutes

    Input: Stakeholder matrix

    Output: Stakeholder and influencer prioritization

    Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    1. Identify the level of support of each stakeholder by answering the following question: How significant is that stakeholder to the M&A transaction process?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.

    Stakeholder

    Category

    Level of Support

    Prioritization

    CMO Spectator Neutral Irrelevant
    CIO Player Supporter Critical

    Record the results in the M&A Buy Playbook.

    Define strategies for engaging stakeholders by type

    A revisit to the map of stakeholder categories, but with strategies listed for each one, and arrows on the side instead of an axis. The vertical arrow is 'Authority', which increases upward, and the horizontal axis is Ownership/Interest which increases as it moves to the right. The strategy for 'Players' is 'Engage', for 'Mediators' is 'Satisfy', for 'Noisemakers' is 'Inform', and for 'Spectators' is 'Monitor'.

    Type

    Quadrant

    Actions

    Players High influence, high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.
    Mediators High influence, low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence, high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence, low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying stakeholder groups, the IT executive leader can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of Mediators and Players are met.

    1.1.6 Plan to communicate

    30 minutes

    Input: Stakeholder priority, Stakeholder categorization, Stakeholder influence

    Output: Stakeholder communication plan

    Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    The purpose of this activity is to make a communication plan for each of the stakeholders identified in the previous activities, especially those who will have a critical role in the M&A transaction process.

    1. In the M&A Buy Playbook, input the type of influence each stakeholder has on IT, how they would be categorized in the M&A process, and their level of priority. Use this information to create a communication plan.
    2. Determine the methods and frequency of communication to keep the necessary stakeholder satisfied and maintain or enhance IT’s profile within the organization.

    Record the results in the M&A Buy Playbook.

    Proactive

    Step 1.2

    Assess IT’s Current Value and Method to Achieve a Future State

    Activities

    • 1.2.1 Valuate IT
    • 1.2.2 Assess the IT/digital strategy

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical stakeholders to M&A

    Outcomes of Step

    Identify critical opportunities to optimize IT and meet strategic business goals through a merger, acquisition, or divestiture.

    How to valuate your IT environment

    And why it matters so much

    • Valuating your current organization’s IT environment is a critical step that all IT organizations should take, whether involved in an M&A or not, to fully understand what it might be worth.
    • The business investments in IT can be directly translated into a value amount. For every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
    • Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT is so critical.
    • There are three ways a business or asset can be valuated:
      • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
      • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
      • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.
    • (Source: “Valuation Methods,” Corporate Finance Institute)

    Four ways to create value through digital

    1. Reduced costs
    2. Improved customer experience
    3. New revenue sources
    4. Better decision making
    5. (Source: McKinsey & Company)

    1.2.1 Valuate IT

    1 day

    Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

    Output: Valuation of IT

    Materials: Relevant templates/tools listed on the following slides, Capital budget, Operating budget, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership

    The purpose of this activity is to demonstrate that IT is not simply an operational functional area that diminishes business resources. Rather, IT contributes significant value to the business.

    1. Review each of the following slides to valuate IT’s data, applications, infrastructure and operations, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount.
    2. Input the financial amounts identified for each critical area into a summary slide. Use this information to determine where IT is delivering value to the organization.

    Info-Tech Insight

    Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

    Record the results in the M&A Buy Playbook.

    Data valuation

    Data valuation identifies how you monetize the information that your organization owns.

    Create a data value chain for your organization

    When valuating the information and data that exists in an organization, there are many things to consider.

    Info-Tech has two tools that can support this process:

    1. Information Asset Audit Tool: Use this tool first to take inventory of the different information assets that exist in your organization.
    2. Data Valuation Tool: Once information assets have been accounted for, valuate the data that exists within those information assets.

    Data Collection

    Insight Creation

    Value Creation

    Data Valuation

    01 Data Source
    02 Data Collection Method
    03 Data
    04 Data Analysis
    05 Insight
    06 Insight Delivery
    07 Consumer
    08 Value in Data
    09 Value Dimension
    10 Value Metrics Group
    11 Value Metrics
    Screenshots of Tab 2 of Info-Tech's Data Valuation Tool.

    Instructions

    1. Using the Data Valuation Tool, start gathering information based on the eight steps above to understand your organization’s journey from data to value.
    2. Identify the data value spectrum. (For example: customer sales service, citizen licensing service, etc.)
    3. Fill out the columns for data sources, data collection, and data first.
    4. Capture data analysis and related information.
    5. Then capture the value in data.
    6. Add value dimensions such as usage, quality, and economic dimensions.
      • Remember that economic value is not the only dimension, and usage/quality has a significant impact on economic value.
    7. Collect evidence to justify your data valuation calculator (market research, internal metrics, etc.).
    8. Finally, calculate the value that has a direct correlation with underlying value metrics.

    Application valuation

    Calculate the value of your IT applications

    When valuating the applications and their users in an organization, consider using a business process map. This shows how business is transacted in the company by identifying which IT applications support these processes and which business groups have access to them. Info-Tech has a business process mapping tool that can support this process:

    • Enterprise Integration Process Mapping Tool: Complete this tool first to map the different business processes to the supporting applications in your organization.

    Instructions

    1. Start by calculating user costs. This is the product of the (# of users) × (% of time spent using IT) × (fully burdened salary).
    2. Identify the revenue per employee and divide that by the average cost per employee to calculate the derived productivity ratio (DPR).
    3. Once you have calculated the user costs and DPR, multiply those total values together to get the application value.
    4. User Costs

      Total User Costs

      Derived Productivity Ratio (DPR)

      Total DPR

      Application Value

      # of users % time spent using IT Fully burdened salary Multiply values from the 3 user costs columns Revenue per employee Average cost per employee (Revenue P.E) ÷ (Average cost P.E) (User costs) X (DPR)

    5. Once the total application value is established, calculate the combined IT and business costs of delivering that value. IT and business costs include inflexibility (application maintenance), unavailability (downtime costs, including disaster exposure), IT costs (common costs statistically allocated to applications), and fully loaded cost of active (full-time equivalent [FTE]) users.
    6. Calculate the net value of applications by subtracting the total IT and business costs from the total application value calculated in step 3.
    7. IT and Business Costs

      Total IT and Business Costs

      Net Value of Applications

      Application maintenance Downtime costs (include disaster exposure) Common costs allocated to applications Fully loaded costs of active (FTE) users Sum of values from the four IT and business costs columns (Application value) – (IT and business costs)

    (Source: CSO)

    Infrastructure valuation

    Assess the foundational elements of the business’ information technology

    The purpose of this exercise is to provide a high-level infrastructure valuation that will contribute to valuating your IT environment.

    Calculating the value of the infrastructure will require different methods depending on the environment. For example, a fully cloud-hosted organization will have different costs than a fully on-premises IT environment.

    Instructions:

    1. Start by listing all of the infrastructure-related items that are relevant to your organization.
    2. Once you have finalized your items column, identify the total costs/value of each item.
      • For example, total software costs would include servers and storage.
    3. Calculate the total cost/value of your IT infrastructure by adding all of values in the right column.

    Item

    Costs/Value

    Hardware Assets Total Value +$3.2 million
    Hardware Leased/Service Agreement -$
    Software Purchased +$
    Software Leased/Service Agreement -$
    Operational Tools
    Network
    Disaster Recovery
    Antivirus
    Data Centers
    Service Desk
    Other Licenses
    Total:

    For additional support, download the M&A Runbook for Infrastructure and Operations.

    Risk and security

    Assess risk responses and calculate residual risk

    The purpose of this exercise is to provide a high-level risk assessment that will contribute to valuating your IT environment. For a more in-depth risk assessment, please refer to the Info-Tech tools below:

    1. Risk Register Tool
    2. Security M&A Due Diligence Tool

    Instructions

    1. Review the probability and impact scales below and ensure you have the appropriate criteria that align to your organization before you conduct a risk assessment.
    2. Identify the probability of occurrence and estimated financial impact for each risk category detail and fill out the table on the right. Customize the table as needed so it aligns to your organization.
    3. Probability of Risk Occurrence

      Occurrence Criteria
      (Classification; Probability of Risk Event Within One Year)

      Negligible Very Unlikely; ‹20%
      Very Low Unlikely; 20 to 40%
      Low Possible; 40 to 60%
      Moderately Low Likely; 60 to 80%
      Moderate Almost Certain; ›80%

    Note: If needed, you can customize this scale with the severity designations that you prefer. However, make sure you are always consistent with it when conducting a risk assessment.

    Financial & Reputational Impact

    Budgetary and Reputational Implications
    (Financial Impact; Reputational Impact)

    Negligible (‹$10,000; Internal IT stakeholders aware of risk event occurrence)
    Very Low ($10,000 to $25,000; Business customers aware of risk event occurrence)
    Low ($25,000 to $50,000; Board of directors aware of risk event occurrence)
    Moderately Low ($50,000 to $100,000; External customers aware of risk event occurrence)
    Moderate (›$100,000; Media coverage or regulatory body aware of risk event occurrence)

    Risk Category Details

    Probability of Occurrence

    Estimated Financial Impact

    Estimated Severity (Probability X Impact)

    Capacity Planning
    Enterprise Architecture
    Externally Originated Attack
    Hardware Configuration Errors
    Hardware Performance
    Internally Originated Attack
    IT Staffing
    Project Scoping
    Software Implementation Errors
    Technology Evaluation and Selection
    Physical Threats
    Resource Threats
    Personnel Threats
    Technical Threats
    Total:

    1.2.2 Assess the IT/digital strategy

    4 hours

    Input: IT strategy, Digital strategy, Business strategy

    Output: An understanding of an executive business stakeholder’s perception of IT, Alignment of IT/digital strategy and overall organization strategy

    Materials: Computer, Whiteboard and markers, M&A Buy Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to review the business and IT strategies that exist to determine if there are critical capabilities that are not being supported.

    Ideally, the IT and digital strategies would have been created following development of the business strategy. However, sometimes the business strategy does not directly call out the capabilities it requires IT to support.

    1. On the left half of the corresponding slide in the M&A Buy Playbook, document the business goals, initiatives, and capabilities. Input this information from the business or digital strategies. (If more space for goals, initiatives, or capabilities is needed, duplicate the slide).
    2. On the other half of the slide, document the IT goals, initiatives, and capabilities. Input this information from the IT strategy and digital strategy.

    For additional support, see Build a Business-Aligned IT Strategy.

    Record the results in the M&A Buy Playbook.

    Proactive

    Step 1.3

    Drive Innovation and Suggest Growth Opportunities

    Activities

    • 1.3.1 Determine pain points and opportunities
    • 1.3.2 Align goals with opportunities
    • 1.3.3 Recommend growth opportunities

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Establish strong relationships with critical M&A stakeholders and position IT as an innovative business partner that can suggest growth opportunities.

    1.3.1 Determine pain points and opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade

    Output: List of pain points or opportunities that IT can address

    Materials: Computer, Whiteboard and markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine the pain points and opportunities that exist for the organization. These can be external or internal to the organization.

    1. Identify what opportunities exist for your organization. Opportunities are the potential positives that the organization would want to leverage.
    2. Next, identify pain points, which are the potential negatives that the organization would want to alleviate.
    3. Spend time considering all the options that might exist, and keep in mind what has been identified previously.

    Opportunities and pain points can be trends, other departments’ initiatives, business perspectives of IT, etc.

    Record the results in the M&A Buy Playbook.

    1.3.2 Align goals with opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade, List of pain points and opportunities

    Output: An understanding of an executive business stakeholder’s perception of IT, Foundations for growth strategy

    Materials: Computer, Whiteboard and markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine whether a growth or separation strategy might be a good suggestion to the business in order to meet its business objectives.

    1. For the top three to five business goals, consider:
      1. Underlying drivers
      2. Digital opportunities
      3. Whether a growth or reduction strategy is the solution
    2. Just because a growth or reduction strategy is a solution for a business goal does not necessarily indicate M&A is the way to go. However, it is important to consider before you pursue suggesting M&A.

    Record the results in the M&A Buy Playbook.

    1.3.3 Recommend growth opportunities

    1-2 hours

    Input: Growth or separation strategy opportunities to support business goals, Stakeholder communication plan, Rationale for the suggestion

    Output: M&A transaction opportunities suggested

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to recommend a merger, acquisition, or divestiture to the business.

    1. Identify which of the business goals the transaction would help solve and why IT is the one to suggest such a goal.
    2. Leverage the stakeholder communication plan identified previously to give insight into stakeholders who would have a significant level of interest, influence, or support in the process.

    Info-Tech Insight

    With technology and digital driving many transactions, leverage this opening and begin the discussions with your business on how and why an acquisition would be a great opportunity.

    Record the results in the M&A Buy Playbook.

    By the end of this Proactive phase, you should:

    Be prepared to suggest M&A opportunities to support your company’s goals through growth or acquisition transactions

    Key outcome from the Proactive phase

    Develop progressive relationships and strong communication with key stakeholders to suggest or be aware of transformational opportunities that can be achieved through growth or reduction strategies such as mergers, acquisitions, or divestitures.

    Key deliverables from the Proactive phase
    • Business perspective of IT examined
    • Key stakeholders identified and relationship to the M&A process outlined
    • Ability to valuate the IT environment and communicate IT’s value to the business
    • Assessment of the business, digital, and IT strategies and how M&As could support those strategies
    • Pain points and opportunities that could be alleviated or supported through an M&A transaction
    • Acquisition or buying recommendations

    The Buy Blueprint

    Phase 2

    Discovery & Strategy

    Phase 1

    Phase 2

    Phase 3Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Growth Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Acquisition
    • 3.1 Assess the Target Organization
    • 3.2 Prepare to Integrate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Create the mission and vision
    • Identify the guiding principles
    • Create the future-state operating model
    • Determine the transition team
    • Document the M&A governance
    • Create program metrics
    • Establish the integration strategy
    • Conduct a RACI
    • Create the communication plan
    • Assess the potential organization(s)

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for AcquiringFormalize the Program PlanCreate the Valuation FrameworkStrategize the TransactionNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics
    • 0.2 Identify key stakeholders and outline their relationship to the M&A process
    • 0.3 Identify the rationale for the company's decisions to pursue an acquisition
    • 1.1 Review the business rationale for the acquisition
    • 1.2 Assess the IT/digital strategy
    • 1.3 Identify pain points and opportunities tied to the acquisition
    • 1.4 Create the IT vision statement, create the IT mission statement, and identify IT guiding principles
    • 2.1 Create the future-state operating model
    • 2.2 Determine the transition team
    • 2.3 Document the M&A governance
    • 2.4 Establish program metrics
    • 3.1 Valuate your data
    • 3.2 Valuate your applications
    • 3.3 Valuate your infrastructure
    • 3.4 Valuate your risk and security
    • 3.5 Combine individual valuations to make a single framework
    • 4.1 Establish the integration strategy
    • 4.2 Conduct a RACI
    • 4.3 Review best practices for assessing target organizations
    • 4.4 Create the communication plan
    • 5.1 Complete in-progress deliverables from previous four days
    • 5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Business perspectives of IT
    2. Stakeholder network map for M&A transactions
    1. Business context implications for IT
    2. IT’s acquisition strategic direction
    1. Operating model for future state
    2. Transition team
    3. Governance structure
    4. M&A program metrics
    1. IT valuation framework
    1. Integration strategy
    2. RACI
    3. Communication plan
    1. Completed M&A program plan and strategy
    2. Prepared to assess target organization(s)

    What is the Discovery & Strategy phase?

    Pre-transaction state

    The Discovery & Strategy phase during an acquisition is a unique opportunity for many IT organizations. IT organizations that can participate in the acquisition transaction at this stage are likely considered a strategic partner of the business.

    For one-off acquisitions, IT being invited during this stage of the process is rare. However, for organizations that are preparing to engage in many acquisitions over the coming years, this type of strategy will greatly benefit from IT involvement. Again, the likelihood of participating in an M&A transaction is increasing, making it a smart IT leadership decision to, at the very least, loosely prepare a program plan that can act as a strategic pillar throughout the transaction.

    During this phase of the pre-transaction state, IT will also be asked to participate in ensuring that the potential organization being sought will be able to meet any IT-specific search criteria that was set when the transaction was put into motion.

    Goal: To identify a repeatable program plan that IT can leverage when acquiring all or parts of another organization’s IT environment, ensuring customer satisfaction and business continuity

    Discovery & Strategy Prerequisite Checklist

    Before coming into the Discovery & Strategy phase, you should have addressed the following:

    • Understand the business perspective of IT.
    • Know the key stakeholders and have outlined their relationships to the M&A process.
    • Be able to valuate the IT environment and communicate IT's value to the business.
    • Understand the rationale for the company's decisions to pursue an acquisition and the opportunities or pain points the acquisition should address.

    Discovery & Strategy

    Step 2.1

    Establish the M&A Program Plan

    Activities

    • 2.1.1 Create the mission and vision
    • 2.1.2 Identify the guiding principles
    • 2.1.3 Create the future-state operating model
    • 2.1.4 Determine the transition team
    • 2.1.5 Document the M&A governance
    • 2.1.6 Create program metrics

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Establish an M&A program plan that can be repeated across acquisitions.

    The vision and mission statements clearly articulate IT’s aspirations and purpose

    The IT vision statement communicates a desired future state of the IT organization, whereas the IT mission statement portrays the organization’s reason for being. While each serves its own purpose, they should both be derived from the business context implications for IT.

    Vision Statements

    Mission Statements

    Characteristics

    • Describe a desired future
    • Focus on ends, not means
    • Concise
    • Aspirational
    • Memorable
    • Articulate a reason for existence
    • Focus on how to achieve the vision
    • Concise
    • Easy to grasp
    • Sharply focused
    • Inspirational

    Samples

    To be a trusted advisor and partner in enabling business innovation and growth through an engaged IT workforce. (Source: Business News Daily) IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset. (Source: Forbes, 2013)

    2.1.1 Create the mission and vision statements

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction

    Output: IT’s mission and vision statements for growth strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create mission and vision statements that reflect IT’s intent and method to support the organization as it pursues a growth strategy.

    1. Review the definitions and characteristics of mission and vision statements.
    2. Brainstorm different versions of the mission and vision statements.
    3. Edit the statements until you get to a single version of each that accurately reflects IT’s role in the growth process.

    Record the results in the M&A Buy Playbook.

    Guiding principles provide a sense of direction

    IT guiding principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting IT investment portfolio management, solution development, and procurement decisions.

    A diagram illustrating the place of 'IT guiding principles' in the process of making 'Decisions on the use of IT'. There are four main items, connecting lines naming the type of process in getting from one step to the next, and a line underneath clarifying the questions asked at each step. On the far left, over the question 'What decisions should be made?', is 'Business context and IT implications'. This flows forward to 'IT guiding principles', and they are connected by 'Influence'. Next, over the question 'How should decisions be made?', is the main highlighted section. 'IT guiding principles' flows forward to 'Decisions on the use of IT', and they are connected by 'Guide and inform'. On the far right, over the question 'Who has the accountability and authority to make decisions?', is 'IT policies'. This flows back to 'Decisions on the use of IT', and they are connected by 'Direct and control'.

    IT principles must be carefully constructed to make sure they are adhered to and relevant

    Info-Tech has identified a set of characteristics that IT principles should possess. These characteristics ensure the IT principles are relevant and followed in the organization.

    Approach focused. IT principles should be focused on the approach – how the organization is built, transformed, and operated – as opposed to what needs to be built, which is defined by both functional and non-functional requirements.

    Business relevant. Create IT principles that are specific to the organization. Tie IT principles to the organization’s priorities and strategic aspirations.

    Long lasting. Build IT principles that will withstand the test of time.

    Prescriptive. Inform and direct decision making with actionable IT principles. Avoid truisms, general statements, and observations.

    Verifiable. If compliance can’t be verified, people are less likely to follow the principle.

    Easily Digestible. IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren’t a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.

    Followed. Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously communicated to all stakeholders to achieve and maintain buy-in.

    In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.

    Consider the example principles below

    IT Principle Name

    IT Principle Statement

    1. Risk Management We will ensure that the organization’s IT Risk Management Register is properly updated to reflect all potential risks and that a plan of action against those risks has been identified.
    2. Transparent Communication We will ensure employees are spoken to with respect and transparency throughout the transaction process.
    3. Integration for Success We will create an integration strategy that enables the organization and clearly communicates the resources required to succeed.
    4. Managed Data We will handle data creation, modification, integration, and use across the enterprise in compliance with our data governance policy.
    5. Establish a single IT Environment We will identify, prioritize, and manage the applications and services that IT provides in order to eliminate redundant technology and maximize the value that users and customers experience.
    6. Compliance With Laws and Regulations We will operate in compliance with all applicable laws and regulations for both our organization and the potentially purchased organization.
    7. Defined Value We will create a plan of action that aligns with the organization’s defined value expectations.
    8. Network Readiness We will ensure that employees and customers have immediate access to the network with minimal or no outages.
    9. Operating to Succeed We will bring all of IT into a central operating model within two years of the transaction.

    2.1.2 Identify the guiding principles

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction, Mission and vision statements

    Output: IT’s guiding principles for growth strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create the guiding principles that will direct the IT organization throughout the growth strategy process.

    1. Review the role of guiding principles and the examples of guiding principles that organizations have used.
    2. Brainstorm different versions of the guiding principles. Each guiding principle should start with the phrase “We will…”
    3. Edit and consolidate the statements until you have a list of approximately eight to ten statements that accurately reflect IT’s role in the growth process.
    4. Review the guiding principles every six months to ensure they continue to support the delivery of the business’ growth strategy goals.

    Record the results in the M&A Buy Playbook.

    Create two IT teams to support the transaction

    IT M&A Transaction Team

    • The IT M&A Transaction Team should consist of the strongest members of the IT team who can be expected to deliver on unusual or additional tasks not asked of them in normal day-to-day operations.
    • The roles selected for this team will have very specific skills sets or deliver on critical integration capabilities, making their involvement in the combination of two or more IT environments paramount.
    • These individuals need to have a history of proving themselves very trustworthy, as they will likely be required to sign an NDA as well.
    • Expect to have to certain duplicate capabilities or roles across the M&A transaction team and operational team.

    IT Operational Team

    • This group is responsible for ensuring the business operations continue.
    • These employees might be those who are newer to the organization but can be counted on to deliver consistent IT services and products.
    • The roles of this team should ensure that end users or external customers remain satisfied.

    Key capabilities to support M&A

    Consider the following capabilities when looking at who should be a part of the M&A transaction team.

    Employees who have a significant role in ensuring that these capabilities are being delivered will be a top priority.

    Infrastructure

    • Systems Integration
    • Data Management

    Business Focus

    • Service-Level Management
    • Enterprise Architecture
    • Stakeholder Management
    • Project Management

    Risk & Security

    • Privacy Management
    • Security Management
    • Risk & Compliance Management

    Build a lasting and scalable operating model

    An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy.

    It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design.

    The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.

    As you assess the current operating model, consider the following:

    • Does the operating model contain all the necessary capabilities your IT organization requires to be successful?
    • What capabilities should be duplicated?
    • Are there individuals with the skill set to support those roles? If not, is there a plan to acquire or develop those skills?
    • A dedicated project team strictly focused on M&A is great. However, is it feasible for your organization? If not, what blockers exist?
    A diagram with 'Initiatives' and 'Solutions' on the left and right of an area chart, 'Customer' at the top, the area between them labelled 'Functional Area n', and six horizontal bars labelled 'IT Capability' stacked on top of each other. The 'IT Capability' bars are slightly skewed to the 'Solutions' side of the chart.

    Info-Tech Insight

    Investing time up-front getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and allowing your model to change as the business changes.

    2.1.3 Create the future-state operating model

    4 hours

    Input: Current operating model, IT strategy, IT capabilities, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Future-state operating model

    Materials: Operating model, Capability overlay, Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to establish what the future-state operating model will be if your organization needs to adjust to support a growth transaction.

    1. Ensuring that all the IT capabilities are identified by the business and IT strategy, document your organization’s current operating model.
    2. Identify what core capabilities would be critical to the buying transaction process and integration. Highlight and make copies of those capabilities in the M&A Buy Playbook.
    3. Arrange the capabilities to clearly show the flow of inputs and outputs. Identify critical stakeholders of the process (such as customers or end users) if that will help the flow.
    4. Ensure the capabilities that will be decentralized are clearly identified. Decentralized capabilities do not exist within the central IT organization but rather in specific lines of businesses or products to better understand needs and deliver on the capability.

    An example operating model is included in the M&A Buy Playbook. This process benefits from strong reference architecture and capability mapping ahead of time.

    Record the results in the M&A Buy Playbook.

    2.1.4 Determine the transition team

    3 hours

    Input: IT capabilities, Future-state operating model, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a team that will support your IT organization throughout the transaction. Determining which capabilities and therefore which roles will be required ensures that the business will continue to get the operational support it needs.

    1. Based on the outcome of activity 2.1.3, review the capabilities that your organization will require on the transition team. Group capabilities into functional groups containing capabilities that are aligned well with one another because they have similar responsibilities and functionalities.
    2. Replace the capabilities with roles. For example, stakeholder management, requirements gathering, and project management might be one functional group. Project management and stakeholder management might combine to create a project manager role.
    3. Review the examples in the M&A Buy Playbook and identify which roles will be a part of the transition team.

    For more information, see Redesign Your Organizational Structure

    What is governance?

    And why does it matter so much to IT and the M&A process?

    • Governance is the method in which decisions get made, specifically as they impact various resources (time, money, and people).
    • Because M&A is such a highly governed transaction, it is important to document the governance bodies that exist in your organization.
    • This will give insight into what types of governing bodies there are, what decisions they make, and how that will impact IT.
    • For example, funds to support integration need to be discussed, approved, and supplied to IT from a governing body overseeing the acquisition.
    • A highly mature IT organization will have automated governance, while a seemingly non-existent governance process will be considered ad hoc.
    A pyramid with four levels representing the types of governing bodies that are available with differing levels of IT maturity. An arrow beside the pyramid points upward. The bottom of the arrow is labelled 'Traditional (People and document centric)' and the top is labelled 'Adaptive (Data centric)'. Starting at the bottom of the pyramid is level 1 'Ad Hoc Governance', 'Governance that is not well defined or understood within the organization. It occurs out of necessity but often not by the right people'. Level 2 is 'Controlled Governance', 'Governance focused on compliance and decisions driven by hierarchical authority. Levels of authority are defined and often driven by regulatory'. Level 3 is 'Agile Governance', 'Governance that is flexible to support different needs and quick response in the organization. Driven by principles and delegated throughout the company'. At the top of the pyramid is level 4 'Automated Governance', 'Governance that is entrenched and automated into organizational processes and product/service design. Empowered and fully delegated governance to maintain fit and drive organizational success and survival'.

    2.1.5 Document M&A governance

    1-2 hours

    Input: List of governing bodies, Governing body committee profiles, Governance structure

    Output: Documented method on how decisions are made as it relates to the M&A transaction

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine the method in which decisions are made throughout the M&A transaction as it relates to IT. This will require understanding both governing bodies internal to IT and those external to IT.

    1. First, determine the other governance structures within the organization that will impact the decisions made about M&A. List out these bodies or committees.
    2. Create a profile for each committee that looks at the membership, purpose of the committee, decision areas (authority), and the process of inputs and outputs. Ensure IT committees that will have a role in this process are also documented. Consider the benefits realized, risks, and resources required for each.
    3. Organize the committees into a structure, identifying the committees that have a role in defining the strategy, designing and building, and running.

    Record the results in the M&A Buy Playbook.

    Current-state structure map – definitions of tiers

    Strategy: These groups will focus on decisions that directly connect to the strategic direction of the organization.

    Design & Build: The second tier of groups will oversee prioritization of a certain area of governance as well as design and build decisions that feed into strategic decisions.

    Run: The lowest level of governance will be oversight of more-specific initiatives and capabilities within IT.

    Expect tier overlap. Some committees will operate in areas that cover two or three of these governance tiers.

    Measure the IT program’s success in terms of its ability to support the business’ M&A goals

    Upper management will measure IT’s success based on your ability to support the underlying reasons for the M&A. Using business metrics will help assure business stakeholders that IT understands their needs and is working with the business to achieve them.

    Business-Specific Metrics

    • Revenue Growth: Increase in the top line as seen by market expansion, product expansion, etc. by percentage/time.
    • Synergy Extraction: Reduction in costs as determined by the ability to identify and eliminate redundancies over time.
    • Profit Margin Growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs over time.

    IT-Specific Metrics

    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure over time.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT integration on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-integration estimates: Delivering successful IT integration on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Business capability support: Delivering the end state of IT that supports the expected business capabilities and growth.

    Establish your own metrics to gauge the success of IT

    Establish SMART M&A Success Metrics

    S pecific Make sure the objective is clear and detailed.
    M easurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    A ctionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    R ealistic Objectives must be achievable given your current resources or known available resources.
    T ime-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
    • What should IT consider when looking to identify potential additions, deletions, or modifications that will either add value to the organization or reduce costs/risks?
    • Provide a definition of synergies.
    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT integration on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-integration estimates: Delivering successful IT integration on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Revenue growth: Increase in the top line as a result, as seen by market expansion, product expansion, etc.
    • Synergy extraction: Reduction in costs, as determined by the ability to identify and eliminate redundancies.
    • Profit margin growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs.

    Metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Valuation & Due Diligence

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT integration
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    2.1.6 Create program metrics

    1-2 hours

    Input: IT capabilities, Mission, vision, and guiding principles, Rationale for the acquisition

    Output: Program metrics to support IT throughout the M&A process

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine how IT’s success throughout a growth transaction will be measured and determined.

    1. Document a list of appropriate metrics on the whiteboard. Remember to include metrics that demonstrate the business impact. You can use the sample metrics listed on the previous slide as a starting point.
    2. Set a target and deadline for each metric. This will help the group determine when it is time to evaluate progression.
    3. Establish a baseline for each metric based on information collected within your organization.
    4. Assign an owner for tracking each metric as well as someone to be accountable for performance.

    Record the results in the M&A Buy Playbook.

    Discovery & Strategy

    Step 2.2

    Prepare IT to Engage in the Acquisition

    Activities

    • 2.2.1 Establish the integration strategy
    • 2.2.2 Conduct a RACI
    • 2.2.3 Create the communication plan
    • 2.2.4 Assess the potential organization(s)

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Identify IT’s plan of action when it comes to the acquisition and align IT’s integration strategy with the business’ M&A strategy.

    Integration strategies

    There are several IT integration strategies that will help you achieve your target technology environment.

    IT Integration Strategies
    • Absorption. Convert the target organization’s strategy, structure, processes, and/or systems to that of the acquiring organization.
    • Best-of-Breed. Pick and choose the most effective people, processes, and technologies to form an efficient operating model.
    • Transformation Retire systems from both organizations and use collective capabilities, data, and processes to create something entirely new.
    • Preservation Retain individual business units that will operate within their own capability. People, processes, and technologies are unchanged.

    The approach IT takes will depend on the business objectives for the M&A.

    • Generally speaking, the integration strategy is well understood and influenced by the frequency of and rationale for acquiring.
    • Based on the initiatives generated by each business process owner, you need to determine the IT integration strategy that will best support the desired target technology environment.

    Key considerations when choosing an IT integration strategy include:

    • What are the main business objectives of the M&A?
    • What are the key synergies expected from the transaction?
    • What IT integration best helps obtain these benefits?
    • What opportunities exist to position the business for sustainable growth?

    Absorption and best-of-breed

    Review highlights and drawbacks of absorption and best-of-breed integration strategies

    Absorption
      Highlights
    • Recommended for businesses striving to reduce costs and drive efficiency gains.
    • Economies of scale realized through consolidation and elimination of redundant applications.
    • Quickest path to a single company operation and systems as well as lower overall IT cost.
      Drawbacks
    • Potential for disruption of the target company’s business operations.
    • Requires significant business process changes.
    • Disregarding the target offerings altogether may lead to inferior system decisions that do not yield sustainable results.
    Best-of-Breed
      Highlights
    • Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
    • Each side has a unique offering but complementing capabilities.
    • Potential for better buy-in from the target because some of their systems are kept, resulting in willingness to
      Drawbacks
    • May take longer to integrate because it tends to present increased complexity that results in higher costs and risks.
    • Requires major integration efforts from both sides of the company. If the target organization is uncooperative, creating the desired technology environment will be difficult.

    Transformation and preservation

    Review highlights and drawbacks of transformation and preservation integration strategies

    Transformation
      Highlights
    • This is the most customized approach, although it is rarely used.
    • It is essential to have an established long-term vision of business capabilities when choosing this path.
    • When executed correctly, this approach presents potential for significant upside and creation of sustainable competitive advantages.
      Drawbacks
    • This approach requires extensive time to implement, and the cost of integration work may be significant.
    • If a new system is created without strategic capabilities, the organizations will not realize long-term benefits.
    • The cost of correcting complexities at later stages in the integration effort may be drastic.
    Preservation
      Highlights
    • This approach is appropriate if the merging organizations will remain fairly independent, if there will be limited or no communication between companies, and if the companies’ market strategies, products, and channels are entirely distinct.
    • Environment can be accomplished quickly and at a low cost.
      Drawbacks
    • Impact to each business is minimal, but there is potential for lost synergies and higher operational costs. This may be uncontrollable if the natures of the two businesses are too different to integrate.
    • Reduced benefits and limited opportunities for IT integration.

    2.2.1 Establish the integration strategy

    1-2 hours

    Input: Business integration strategy, Guiding principles, M&A governance

    Output: IT’s integration strategy

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine IT’s approach to integration. The approach might differ slightly from transaction to transaction. However, the business’ approach to transactions should give insight into the general integration strategy IT should adopt.

    1. Make sure you have clearly articulated the business objectives for the M&A, the technology end state for IT, and the magnitude of the overall integration.
    2. Review and discuss the highlights and drawbacks of each type of integration.
    3. Use Info-Tech’s Integration Posture Selection Framework on the next slide to select the integration posture that will appropriately enable the business. Consider these questions during your discussion:
      1. What are the main business objectives of the M&A? What key IT capabilities will need to support business objectives?
      2. What key synergies are expected from the transaction? What opportunities exist to position the business for sustainable growth?
      3. What IT integration best helps obtain these benefits?

    Record the results in the M&A Buy Playbook.

    Integration Posture Selection Framework

    Business M&A Strategy

    Resultant Technology Strategy

    M&A Magnitude (% of Acquirer Assets, Income, or Market Value)

    IT Integration Posture

    A. Horizontal Adopt One Model ‹10% Absorption
    10 to 75% Absorption or Best-of-Breed
    ›75% Best-of-Breed
    B. Vertical Create Links Between Critical Systems Any
    • Preservation (Differentiated Functions)
    • Absorption or Best-of-Breed (Non-Differentiated Functions)
    C. Conglomerate Independent Model Any Preservation
    D. Hybrid: Horizontal & Conglomerate Independent Model Any Preservation

    2.2.2 Conduct a RACI

    1-2 hours

    Input: IT capabilities, Transition team, Integration strategy

    Output: Completed RACI for transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to identify the core accountabilities and responsibilities for the roles identified as critical to your transition team. While there might be slight variation from transaction to transaction, ideally each role should be performing certain tasks.

    1. First, identify a list of critical tasks that need to be completed to support the purchase or acquisition. For example:
      • Communicate with the company M&A team.
      • Identify critical IT risks that could impact the organization after the transaction.
      • Identify key artifacts to collect and review during due diligence.
    2. Next, identify at the activity level which role is accountable or responsible for each activity. Enter an A for accountable, R for responsible, or A/R for both.

    Record the results in the M&A Buy Playbook.

    Communication and change

    Prepare key stakeholders for the potential changes

    • Anytime you are starting a project or program that will depend on users and stakeholders to give up their old way of doing things, change will force people to become novices again, leading to lost productivity and added stress.
    • Change management can improve outcomes for any project where you need people to adopt new tools and procedures, comply with new policies, learn new skills and behaviors, or understand and support new processes.
    • M&As move very quickly, and it can be very difficult to keep track of which stakeholders you need to be communicating with and what you should be communicating.
    • Not all organizations embrace or resist change in the same ways. Base your change communications on your organization’s cultural appetite for change in general.
      • Organizations with a low appetite for change will require more direct, assertive communications.
      • Organizations with a high appetite for change are more suited to more open, participatory approaches.

    Three key dimensions determine the appetite for cultural change:

    • Power Distance. Refers to the acceptance that power is distributed unequally throughout the organization.
      In organizations with a high power distance, the unequal power distribution is accepted by the less powerful employees.
    • Individualism. Organizations that score high in individualism have employees who are more independent. Those who score low in individualism fall into the collectivism side, where employees are strongly tied to one another or their groups.
    • Uncertainty Avoidance. Describes the level of acceptance that an organization has toward uncertainty. Those who score high in this area find that their employees do not favor uncertain situations, while those that score low in this area find that their employees are comfortable with change and uncertainty.

    2.2.3 Create the communication plan

    1-2 hours

    Input: IT’s M&A mission, vision, and guiding principles, M&A transition team, IT integration strategy, RACI

    Output: IT’s M&A communication plan

    Materials: Flip charts/whiteboard, Markers, RACI, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a communication plan that IT can leverage throughout the initiative.

    1. Create a structured communication plan that allows for continuous communication with the integration management office, senior management, and the business functional heads.
    2. Outline key topics of communication, with stakeholders, inputs, and outputs for each topic.
    3. Review Info-Tech’s example communication plan in the M&A Buy Playbook and update it with relevant information.
    4. Does this communication plan make sense for your organization? What doesn’t make sense? Adjust the communication guide to suit your organization.

    Record the results in the M&A Buy Playbook.

    Assessing potential organizations

    As soon as you have identified organizations to consider, it’s imperative to assess critical risks. Most IT leaders can attest that they will receive little to no notice when they have to assess the IT organization of a potential purchase. As a result, having a standardized template to quickly gauge the value of the business can be critical.

    Ways to Assess

    1. News: Assess what sort of news has been announced in relation to the organization. Have they had any risk incidents? Has a critical vendor announced working with them?
    2. LinkedIn: Scan through the LinkedIn profiles of employees. This will give you a sense of what platforms they have based on their employees.
    3. Trends: Some industries will have specific solutions that are relevant and popular. Assess what the key players are (if you don’t already know) to determine the solution.
    4. Business Architecture: While this assessment won’t perfect, try to understand the business’ value streams and the critical business and IT capabilities that would be needed to support them.

    2.2.4 Assess the potential organization(s)

    1-2 hours

    Input: Publicized historical risk events, Solutions and vendor contracts likely in the works, Trends

    Output: IT’s valuation of the potential organization(s) for acquisition

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to assess the organization(s) that your organization is considering purchasing.

    1. Complete the Historical Valuation Worksheet in the M&A Buy Playbook to understand the type of IT organization that your company may inherit and need to integrate with.
      • The business likely isn’t looking for in-depth details at this time. However, as the IT leader, it is your responsibility to ensure critical risks are identified and communicated to the business.
    2. Use the information identified to help the business narrow down which organizations should be targeted for the acquisition.

    Record the results in the M&A Buy Playbook.

    By the end of this pre-transaction phase you should:

    Have a program plan for M&As and a repeatable M&A strategy for IT when engaging in growth transactions

    Key outcomes from the Discovery & Strategy phase
    • Be prepared to analyze and recommend potential organizations that the business can acquire or merge with, using a strong program plan that can be repeated across transactions.
    • Create a M&A strategy that accounts for all the necessary elements of a transaction and ensures sufficient governance, capabilities, and metrics exist.
    Key deliverables from the Discovery & Strategy phase
    • Create vision and mission statements
    • Establish guiding principles
    • Create a future-state operating model
    • Identify the key roles for the transaction team
    • Identify and communicate the M&A governance
    • Determine target metrics
    • Identify the M&A operating model
    • Select the integration strategy framework
    • Conduct a RACI for key transaction tasks for the transaction team
    • Document the communication plan

    M&A Buy Blueprint

    Phase 3

    Due Diligence & Preparation

    Phase 1Phase 2

    Phase 3

    Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Growth Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Acquisition
    • 3.1 Assess the Target Organization
    • 3.2 Prepare to Integrate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Drive value with a due diligence charter
    • Identify data room artifacts
    • Assess technical debt
    • Valuate the target IT organization
    • Assess culture
    • Prioritize integration tasks
    • Establish the integration roadmap
    • Identify the needed workforce supply
    • Estimate integration costs
    • Create an employee transition plan
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Prospective IT organization
    • Transition team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for IntegrationAssess the Target Organization(s)Create the Valuation FrameworkPlan the Integration RoadmapNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Identify the rationale for the company's decisions to pursue an acquisition.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the acquisition.
    • 1.2 Identify pain points and opportunities tied to the acquisition.
    • 1.3 Establish the integration strategy.
    • 1.4 Create the due diligence charter.
    • 2.1 Create a list of IT artifacts to be reviewed in the data room.
    • 2.2 Conduct a technical debt assessment.
    • 2.3 Assess the current culture and identify the goal culture.
    • 2.4 Identify the needed workforce supply.
    • 3.1 Valuate the target organization’s data.
    • 3.2 Valuate the target organization’s applications.
    • 3.3 Valuate the target organization’s infrastructure.
    • 3.4 Valuate the target organization’s risk and security.
    • 3.5 Combine individual valuations to make a single framework.
    • 4.1 Prioritize integration tasks.
    • 4.2 Establish the integration roadmap.
    • 4.3 Establish and align project metrics with identified tasks.
    • 4.4 Estimate integration costs.
    • 5.1 Complete in-progress deliverables from previous four days.
    • 5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Integration strategy
    3. Due diligence charter
    1. Data room artifacts
    2. Technical debt assessment
    3. Culture assessment
    4. Workforce supply identified
    1. IT valuation framework to assess target organization(s)
    1. Integration roadmap and associated resourcing
    1. Acquisition integration strategy for IT

    What is the Due Diligence & Preparation phase?

    Mid-transaction state

    The Due Diligence & Preparation phase during an acquisition is a critical time for IT. If IT fails to proactively participate in this phase, IT will have to merely react to integration expectations set by the business.

    While not all IT organizations are able to participate in this phase, the evolving nature of M&As to be driven by digital and technological capabilities increases the rationale for IT being at the table. Identifying critical IT risks, which will inevitably be business risks, begins during the due diligence phase.

    This is also the opportunity for IT to plan how it will execute the planned integration strategy. Having access to critical information only available in data rooms will further enable IT to successfully plan and execute the acquisition to deliver the value the business is seeking through a growth transaction.

    Goal: To thoroughly evaluate all potential risks associated with the organization(s) being pursued and create a detailed plan for integrating the IT environments

    Due Diligence Prerequisite Checklist

    Before coming into the Due Diligence & Preparation phase, you must have addressed the following:

    • Understand the rationale for the company's decisions to pursue an acquisition and what opportunities or pain points the acquisition should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics.
    • Select an integration strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.

    Before coming into the Due Diligence & Preparation phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT’s value to the business.

    The Technology Value Trinity

    Delivery of Business Value & Strategic Needs

    • Digital & Technology Strategy
      The identification of objectives and initiatives necessary to achieve business goals.
    • IT Operating Model
      The model for how IT is organized to deliver on business needs and strategies.
    • Information & Technology Governance
      The governance to ensure the organization and its customers get maximum value from the use of information and technology.

    All three elements of the Technology Value Trinity work in harmony to deliver business value and achieve strategic needs. As one changes, the others need to change as well.

    • Digital and IT Strategy tells you what you need to achieve to be successful.
    • IT Operating Model and Organizational Design is the alignment of resources to deliver on your strategy and priorities.
    • Information & Technology Governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy. It’s the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy. This oversight evaluates, directs, and monitors the delivery of outcomes to ensure that the use of resources results in the achieving the organization’s goals.

    Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest – not based on what is in the best interest of the organization.

    Due Diligence & Preparation

    Step 3.1

    Assess the Target Organization

    Activities

    • 3.1.1 Drive value with a due diligence charter
    • 3.1.2 Identify data room artifacts
    • 3.1.3 Assess technical debt
    • 3.1.4 Valuate the target IT organization
    • 3.1.5 Assess culture

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Prospective IT organization
    • Transition team

    Outcomes of Step

    This step of the process is when IT should actively evaluate the target organization being pursued for acquisition.

    3.1.1 Drive value with a due diligence charter

    1-2 hours

    Input: Key roles for the transaction team, M&A governance, Target metrics, Selected integration strategy framework, RACI of key transaction tasks for the transaction team

    Output: IT Due Diligence Charter

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a charter leveraging the items completed in the previous phase, as listed on the Due Diligence Prerequisite Checklist slide, to gain executive sign-off.

    1. In the IT Due Diligence Charter in the M&A Buy Playbook, complete the aspects of the charter that are relevant for you and your organization.
    2. We recommend including these items in the charter:
      • Communication plan
      • Transition team roles
      • Goals and metrics for the transaction
      • Integration strategy
      • Acquisition RACI
    3. Once the charter has been completed, ensure that business executives agree to the charter and sign off on the plan of action.

    Record the results in the M&A Buy Playbook.

    3.1.2 Identify data room artifacts

    4 hours

    Input: Future-state operating model, M&A governance, Target metrics, Selected integration strategy framework, RACI of key transaction tasks for the transaction team

    Output: List of items to acquire and review in the data room

    Materials: Critical domain lists on following slides, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to create a list of the key artifacts that should be asked for and reviewed during the due diligence process.

    1. Review the lists on the following pages as a starting point. Identify which domains, stakeholders, artifacts, and information should be requested for the data room. This information should be directed to the target organization.
    2. IT leadership may or may not be asked to enter the data room directly. Therefore, it’s important that you clearly identify these artifacts.
    3. List each question or concern, select the associated workstream in the M&A Buy Playbook, and update the status of the information retrieval.
    4. Use the comments section to document your discoveries or concerns.

    Record the results in the M&A Buy Playbook.

    Critical domains

    Understand the key stakeholders and outputs for each domain

    Each critical domain will likely have different stakeholders who know that domain best. Communicate with these stakeholders throughout the M&A process to make sure you are getting accurate information and interpreting it correctly.

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request

    Business
    • Enterprise Architecture
    • Business Relationship Manager
    • Business Process Owners
    • Business capability map
    • Capability map (the M&A team should be taking care of this, but make sure it exists)
    • Business satisfaction with various IT systems and services
    Leadership/IT Executive
    • CIO
    • CTO
    • CISO
    • IT budgets
    • IT capital and operating budgets (from current year and previous year)
    Data & Analytics
    • Chief Data Officer
    • Data Architect
    • Enterprise Architect
    • Master data domains, system of record for each
    • Unstructured data retention requirements
    • Data architecture
    • Master data domains, sources, and storage
    • Data retention requirements
    Applications
    • Applications Manager
    • Application Portfolio Manager
    • Application Architect
    • Applications map
    • Applications inventory
    • Applications architecture
    • Copy of all software license agreements
    • Copy of all software maintenance agreements
    Infrastructure
    • Head of Infrastructure
    • Enterprise Architect
    • Infrastructure Architect
    • Infrastructure Manager
    • Infrastructure map
    • Infrastructure inventory
    • Network architecture (including which data centers host which infrastructure and applications)
    • Inventory (including integration capabilities of vendors, versions, switches, and routers)
    • Copy of all hardware lease or purchase agreements
    • Copy of all hardware maintenance agreements
    • Copy of all outsourcing/external service provider agreements
    • Copy of all service-level agreements for centrally provided, shared services and systems
    Products and Services
    • Product Manager
    • Head of Customer Interactions
    • Product lifecycle
    • Product inventory
    • Customer market strategy

    Critical domains (continued)

    Understand the key stakeholders and outputs for each domain

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request

    Operations
    • Head of Operations
    • Service catalog
    • Service overview
    • Service owners
    • Access policies and procedures
    • Availability and service levels
    • Support policies and procedures
    • Costs and approvals (internal and customer costs)
    IT Processes
    • CIO
    • IT Management
    • VP of IT Governance
    • VP of IT Strategy
    • IT process flow diagram
    • Processes in place and productivity levels (capacity)
    • Critical processes/processes the organization feels they do particularly well
    IT People
    • CIO
    • VP of Human Resources
    • IT organizational chart
    • Competency & capacity assessment
    • IT organizational structure (including resources from external service providers such as contractors) with appropriate job descriptions or roles and responsibilities
    • IT headcount and location
    Security
    • CISO
    • Security Architect
    • Security posture
    • Information security staff
    • Information security service providers
    • Information security tools
    • In-flight information security projects
    Projects
    • Head of Projects
    • Project portfolio
    • List of all future, ongoing, and recently completed projects
    Vendors
    • Head of Vendor Management
    • License inventory
    • Inventory (including what will and will not be transitioning, vendors, versions, number of licenses)

    Assess the target organization’s technical debt

    The other organization could be costly to purchase if not yet modernizing.

    • Consider the potential costs that your business will have to spend to get the other IT organization modernized or even digital.
    • This will be highly affected by your planned integration strategy.
    • A best-of-breed strategy might simply mean there's little to bring over from the other organization’s environment.
    • It’s often challenging to identify a direct financial cost for technical debt. Consider direct costs but also assess categories of impact that can have a long-term effect on your business: lost customer, staff, or business partner goodwill; limited flexibility and resilience; and health, safety, and compliance impacts.
    • Use more objective measures to track subjective impact. For example, consider the number of customers who could be significantly affected by each tech debt in the next quarter.

    Focus on solving the problems you need to address.

    Analyzing technical debt has value in that the analysis can help your organization make better risk management and resource allocation decisions.

    Review these examples of technical debt

    Do you have any of these challenges?

    Applications
    • Inefficient or incomplete code
    • Fragile or obsolete systems of record that limit the implementation of new functionality
    • Out-of-date IDEs or compilers
    • Unsupported applications
    Data & Analytics
    • Data presented via API that does not conform to chosen standards (EDI, NRF-ARTS, etc.)
    • Poor data governance
    • No transformation between OLTP and the data warehouse
    • Heavy use of OLTP for reporting
    • Lack of AI model and decision governance, maintenance
    End-User Computing
    • Aging and slow equipment
    • No configuration management
    • No MDM/UEM
    Security
    • Unpatched/unpatchable systems
    • Legacy firewalls
    • No data classification system
    • “Perimeter” security architecture
    • No documented security incident response
    • No policies, or unenforced policies
    Operations
    • Incomplete, ineffective, or undocumented business continuity and disaster recovery plans
    • Insufficient backups or archiving
    • Inefficient MACD processes
    • Application sprawl with no record of installed applications or licenses
    • No ticketing or ITSM system
    • No change management process
    • No problem management process
    • No event/alert management
    Infrastructure
    • End-of-life/unsupported equipment
    • Aging power or cooling systems
    • Water- or halon-based data center fire suppression systems
    • Out-of-date firmware
    • No DR site
    • Damaged or messy cabling
    • Lack of system redundancy
    • Integrated computers on business equipment (e.g. shop floor equipment, medical equipment) running out-of-date OS/software
    Project & Portfolio Management
    • No project closure process
    • Ineffective project intake process
    • No resource management practices

    “This isn’t a philosophical exercise. Knowing what you want to get out of this analysis informs the type of technical debt you will calculate and the approach you will take.” (Scott Buchholz, CTO, Deloitte Government & Public Services Practice, The Wall Street Journal, 2015)

    3.1.3 Assess technical debt

    1-2 hours

    Input: Participant views on organizational tech debt, Five to ten key technical debts, Business impact scoring scales, Reasonable next-quarter scenarios for each technical debt, Technical debt business impact analysis

    Output: Initial list of tech debt for the target organization

    Materials: Whiteboard, Sticky notes, Technical Debt Business Impact Analysis Tool, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Business leaders, Transition team

    The purpose of this activity is to assess the technical debt of the other IT organization. Taking on unnecessary technical debt is one of the biggest risks to the IT environment

    1. This activity can be completed by leveraging the blueprint Manage Your Technical Debt, specifically the Technical Debt Business Impact Analysis Tool. Complete the following activities in the blueprint:
      • 1.2.1 Identify your technical debt
      • 1.2.2 Select tech debt for your impact analysis
      • 2.2.2 Estimate tech debt impact
      • 2.2.3 Identify the most-critical technical debts
    2. Review examples of technical debt in the previous slide to assist you with this activity.
    3. Document the results from tab 3, Impact Analysis, in the M&A Buy Playbook if you are trying to record all artifacts related to the transaction in one place.

    Record the results in the M&A Buy Playbook.

    How to valuate an IT environment

    And why it matters so much

    • Valuating the target organization’s IT environment is a critical step to fully understand what it might be worth. Business partners are often not in the position to valuate the IT aspects to the degree that you would be.
    • The business investments in IT can be directly translated to a value amount. Meaning for every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
    • Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT can be so critical.
    • There are three ways a business or asset can be valuated:
      • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
      • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
      • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.

    The IT valuation conducted during due diligence can have a significant impact on the final financials of the transaction for the business.

    3.1.4 Valuate the target IT organization

    1 day

    Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

    Output: Valuation of target organization’s IT

    Materials: Relevant templates/tools, Capital budget, Operating budget, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Prospective IT organization

    The purpose of this activity is to valuate the other IT organization.

    1. Review each of slides 42 to 45 to generate a valuation of IT’s data, applications, infrastructure, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount. For more information on this activity, review Activity 1.2.1 from the Proactive phase.
    2. Identify financial amounts for each critical area and add the financial output to the summary slide in the M&A Buy Playbook.
    3. Compare this information against your own IT organization’s valuation.
      1. Does it add value to your IT organization?
      2. Is there too much risk to accept if this transaction goes through?

    Info-Tech Insight

    Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

    Record the results in the M&A Buy Playbook.

    Culture should not be overlooked, especially as it relates to the integration of IT environments

    • There are three types of culture that need to be considered.
    • Most importantly, this transition is an opportunity to change the culture that might exist in your organization’s IT environment.
    • Make a decision on which type of culture you’d like IT to have post-transition.

    Target Organization’s Culture

    The culture that the target organization is currently embracing. Their established and undefined governance practices will lend insight into this.

    Your Organization’s Culture

    The culture that your organization is currently embracing. Examine people’s attitudes and behaviors within IT toward their jobs and the organization.

    Ideal Culture

    What will the future culture of the IT organization be once integration is complete? Are there aspects that your current organization and the target organization embrace that are worth considering?

    Culture categories

    Map the results of the IT Culture Diagnostic to an existing framework

    Competitive
    • Autonomy
    • Confront conflict directly
    • Decisive
    • Competitive
    • Achievement oriented
    • Results oriented
    • High performance expectations
    • Aggressive
    • High pay for good performance
    • Working long hours
    • Having a good reputation
    • Being distinctive/different
    Innovative
    • Adaptable
    • Innovative
    • Quick to take advantage of opportunities
    • Risk taking
    • Opportunities for professional growth
    • Not constrained by rules
    • Tolerant
    • Informal
    • Enthusiastic
    Traditional
    • Stability
    • Reflective
    • Rule oriented
    • Analytical
    • High attention to detail
    • Organized
    • Clear guiding philosophy
    • Security of employment
    • Emphasis on quality
    • Focus on safety
    Cooperative
    • Team oriented
    • Fair
    • Praise for good performance
    • Supportive
    • Calm
    • Developing friends at work
    • Socially responsible

    Culture Considerations

    • What culture category was dominant for each IT organization?
    • Do you share the same dominant category?
    • Is your current dominant culture category the most ideal to have post-integration?

    3.1.5 Assess Culture

    3-4 hours

    Input: Cultural assessments for current IT organization, Cultural assessment for target IT organization

    Output: Goal for IT culture

    Materials: IT Culture Diagnostic, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, IT employees of current organization, IT employees of target organization, Company M&A team

    The purpose of this activity is to assess the different cultures that might exist within the IT environments of both organizations. More importantly, your IT organization can select its desired IT culture for the long term if it does not already exist.

    1. Complete this activity by leveraging the blueprint Fix Your IT Culture, specifically the IT Culture Diagnostic. Fill out the diagnostic for the IT department in your organization:
      1. Answer the 16 questions in tab 2, Diagnostic.
      2. Find out your dominant culture and review recommendations in tab 3, Results.
    2. Document the results from tab 3, Results, in the M&A Buy Playbook if you are trying to record all artifacts related to the transaction in one place.
    3. Repeat the activity for the target organization.
    4. Leverage the information to determine what the goal for the culture of IT will be post-integration if it will differ from the current culture.

    Record the results in the M&A Buy Playbook.

    Due Diligence & Preparation

    Step 3.2

    Prepare to Integrate

    Activities

    • 3.2.1 Prioritize integration tasks
    • 3.2.2 Establish the integration roadmap
    • 3.2.3 Identify the needed workforce supply
    • 3.2.4 Estimate integration costs
    • 3.2.5 Create an employee transition plan
    • 3.2.6 Create functional workplans for employees
    • 3.2.7 Align project metrics with identified tasks

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team

    Outcomes of Step

    Have an established plan of action toward integration across all domains and a strategy toward resources.

    Don’t underestimate the importance of integration preparation

    Integration is the process of combining the various components of one or more organizations into a single organization.

    80% of integration should happen within the first two years. (Source: CIO Dive)

    70% of M&A IT integrations fail due to components that could and should be addressed at the beginning. (Source: The Wall Street Journal, 2019)

    Info-Tech Insight

    Integration is not rationalization. Once the organization has integrated, it can prepare to rationalize the IT environment.

    Integration needs

    Identify your domain needs to support the target technology environment

    Set up a meeting with your IT due diligence team to:

    • Address data, applications, infrastructure, and other domain gaps.
    • Discuss the people and processes necessary to achieve the target technology environment and support M&A business objectives.

    Use this opportunity to:

    • Identify data and application complexities between your organization and the target organization.
    • Identify the IT people and process gaps, redundancies, and initiatives.
    • Determine your infrastructure needs and identify redundancies.
      • Does IT have the infrastructure to support the applications and business capabilities of the resultant enterprise?
      • Identify any gaps between the current infrastructure in both organizations and the infrastructure required in the resultant enterprise.
      • Identify any redundancies.
      • Determine the appropriate IT integration strategies.
    • Document your gaps, redundancies, initiatives, and assumptions to help you track and justify the initiatives that must be undertaken and help estimate the cost of integration.

    Integration implications

    Understand the implications for integration with respect to each target technology environment

    Domain

    Independent Models

    Create Links Between Critical Systems

    Move Key Capabilities to Common Systems

    Adopt One Model

    Data & Analytics

    • Consider data sources that might need to be combined (e.g. financials, email lists, internet).
    • Understand where each organization will warehouse its data and how it will be managed in a cost-effective manner.
    • Consider your reporting and transactional needs. Initially systems may remain separate, but eventually they will need to be merged.
    • Analyze whether or not the data types are compatible between companies.
    • Understand the critical data needs and the complexity of integration activities.
    • Consider your reporting and transactional needs. Initially systems may remain separate, but eventually they will need to be merged.
    • Focus on the master data domains that represent the core of your business.
    • Assess the value, size, location, and cleanliness of the target organization’s data sets.
    • Determine the data sets that will be migrated to capture expected synergies and drive core capabilities while addressing how other data sets will be maintained and managed.
    • Decide which applications to keep and which to terminate. This includes setting timelines for application retirement.
    • Establish interim linkages and common interfaces for applications while major migrations occur.

    Applications

    • Establish whether or not there are certain critical applications that still need to be linked (e.g. email, financials).
    • Leverage the unique strengths and functionalities provided by the applications used by each organization.
    • Confirm that adequate documentation and licensing exists.
    • Decide which critical applications need to be linked versus which need to be kept separate to drive synergies. For example, financial, email, and CRM may need to be linked, while certain applications may remain distinct.
    • Pay particular attention to the extent to which systems relating to customers, products, orders, and shipments need to be integrated.
    • Determine the key capabilities that require support from the applications identified by business process owners.
    • Assess which major applications need to be adopted by both organizations, based on the M&A goals.
    • Establish interim linkages and common interfaces for applications while major migrations occur.
    • Decide which applications to keep and which to terminate. This includes setting timelines for application retirement.
    • Establish interim linkages and common interfaces for applications while major migrations occur.

    Integration implications (continued)

    Understand the implications for integration with respect to each target technology environment

    Domain

    Independent Models

    Create Links Between Critical Systems

    Move Key Capabilities to Common Systems

    Adopt One Model

    Infrastructure

    • Assess the infrastructure demands created by retaining separate models (e.g. separate domains, voice, network integration).
    • Evaluate whether or not there are redundant data centers that could be consolidated to reduce costs.
    • Assess the infrastructure demands created by retaining separate models (e.g. separate domains, voice, network integration).
    • Evaluate whether or not there are redundant data centers that could be consolidated to reduce costs.
    • Evaluate whether certain infrastructure components, such as data centers, can be consolidated to support the new model while also eliminating redundancies. This will help reduce costs.
    • Assess which infrastructure components need to be kept versus which need to be terminated to support the new application portfolio. Keep in mind that increasing the transaction volume on a particular application increases the infrastructure capacity that is required for that application.
    • Extend the network to integrate additional locations.

    IT People & Processes

    • Retain workers from each IT department who possess knowledge of key products, services, and legacy systems.
    • Consider whether there are redundancies in staffing that could be eliminated.
    • The IT processes of each organization will most likely remain separate.
    • Consider the impact of the target organization on your IT processes.
    • Retain workers from each IT department who possess knowledge of key products, services, and legacy systems.
    • Consider whether there are redundancies in staffing that could be eliminated.
    • Consider how critical IT processes of the target organization fit with your current IT processes.
    • Identify which redundant staff members should be terminated by focusing on the key skills that will be necessary to support the common systems.
    • If there is overlap with the IT processes in both organizations, you may wish to map out both processes to get a sense for how they might work together.
    • Assess what processes will be prioritized to support IT strategies.
    • Identify which redundant staff members should be terminated by focusing on the key skills that will be necessary to support the prioritized IT processes.

    Integration implications (continued)

    Understand the implications for integration with respect to each target technology environment

    Domain

    Independent Models

    Create Links Between Critical Systems

    Move Key Capabilities to Common Systems

    Adopt One Model

    Leadership/IT Executive

    • Have insight into the goals and direction of the organization’s leadership. Make sure that a communication path has been established to receive information and provide feedback.
    • The decentralized model will require some form of centralization and strong governance processes to enable informed decisions.
    • Ensure that each area can deliver on its needs while not overstepping the goals and direction of the organization.
    • This will help with integration in the sense that front-line employees can see a single organization beginning to form.
    • In this model, there is the opportunity to select elements of each leadership style and strategy that will work for the larger organization.
    • Leadership can provide a single and unified approach to how the strategic goals will be executed.
    • More often than not, this would be the acquiring organization’s strategic direction.

    Vendors

    • Determine which contracts the target organization currently has in place.
    • Having different vendors in place will not be a bad model if it makes sense.
    • Spend time reviewing the contracts and ensuring that each organization has the right contracts to succeed.
    • Identify what redundancies might exist (ERPs, for example) and determine if the vendor would be willing to terminate one contract or another.
    • Through integration, it might be possible to engage in one set of contract negotiations for a single application or technology.
    • Identify whether there are opportunities to combine contracts or if they must remain completely separated until the end of the term.
    • In an effort to capitalize on the contracts working well, reduce the contracts that might be hindering the organization.
    • Speak to the vendor offering the contract.
    • Going forward, ensure the contracts are negotiated to include clauses to allow for easier and more cost-effective integration.

    Integration implications (continued)

    Understand the implications for integration with respect to each target technology environment

    Domain

    Independent Models

    Create Links Between Critical Systems

    Move Key Capabilities to Common Systems

    Adopt One Model

    Security

    • Both organizations would need to have a process for securing their organization.
    • Sharing and accessing information might be more difficult, as each organization would need to keep the other organization separate to ensure the organization remains secure.
    • Creating standard policies and procedures that each organization must adhere to would be critical here (for example, multifactor authentication).
    • Establish a single path of communication between the two organizations, ensuring reliable and secure data and information sharing.
    • Leverage the same solutions to protect the business as a whole from internal and external threats.
    • Identify opportunities where there might be user points of failure that could be addressed early in the process.
    • Determine what method of threat detection and response will best support the business and select that method to apply to the entire organization, both original and newly acquired.

    Projects

    • Projects remain ongoing as they were prior to the integration.
    • Some projects might be made redundant after the initial integration is over.
    • Re-evaluate the projects after integration to ensure they continue to deliver on the business’ strategic direction.
    • Determine which projects are similar to one another and identify opportunities to leverage business needs and solutions for each organization where possible.
    • Review project histories to determine the rationale for and success of projects that could be reused in either organization going forward.
    • Determine which projects should remain ongoing and which projects could wait to be implemented or could be completely stopped.
    • There might be certain modernization projects ongoing that cannot be stopped.
    • However, for all other projects, embrace a single portfolio.
    • Completely reduce or remove all ongoing projects from the one organization and continue with only the projects of the other organization.
    • Add in new projects when they arise as needed.

    3.2.1 Prioritize integration tasks

    2 hours

    Input: Integration tasks, Transition team, M&A RACI

    Output: Prioritized integration list

    Materials: Integration task checklist, Integration roadmap

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to prioritize the different integration tasks that your organization has identified as necessary to this transaction. Some tasks might not be relevant for this particular transaction, and others might be critical.

    1. Download the SharePoint or Excel version of the M&A Integration Project Management Tool. Identify which integration tasks you want as part of your project plan. Alter or remove any tasks that are irrelevant to your organization. Add in tasks you think are missing.
    2. When deciding criticality of the task, consider the effect on stakeholders, those who are impacted or influenced in the process of the task, and dependencies (e.g. data strategy needs to be addressed first before you can tackle its dependencies, like data quality).
    3. Feel free to edit the way you measure criticality. The standard tool leverages a three-point scale. At the end, you should have a list of tasks in priority order based on criticality.

    Record the updates in the M&A Integration Project Management Tool (SharePoint).

    Record the updates in the M&A Integration Project Management Tool (Excel).

    Integration checklists

    Prerequisite Checklist
    • Build the project plan for integration and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the acquisition or purchase
    • Develop IT's purchasing strategy
    • Determine goal opportunities
    • Create the mission and vision statements
    • Create the guiding principles
    • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Assess workforce demand and supply
    • Plan and communicate potential layoffs
    • Create an employee transition plan
    • Identify the IT investment
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Identify and assess all of IT's risks
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the needed workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Data architecture
    • Data sources
    • Data storage (on-premises vs. cloud)
    • Enterprise content management
    • Compatibility of data types between organizations
    • Cleanliness/usability of target organization data sets
    • Identify data sets that need to be combined to capture synergies/drive core capabilities
    • Reporting and analytics capabilities
    Applications
    • Prioritize and address critical applications
      • ERP
      • CRM
      • Email
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
    • Leverage application rationalization framework to determine applications to keep, terminate, or create
    • Develop method of integrating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    Operations
    • Communicate helpdesk/service desk information
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Consolidate phone lists and extensions
    • Synchronize email address books

    Integration checklists (continued)

    Infrastructure
    • Determine single network access
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Rationalize vendor services and solutions
    • Identify opportunities to mature the security architecture
    People
    • Design an IT operating model
    • Redesign your IT organizational structure
    • Conduct a RACI
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Create a list of employees to be terminated
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Stop duplicate or unnecessary target organization projects
    • Communicate project intake process
    • Prioritize projects
    Products & Services
    • Ensure customer services requirements are met
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    Security
    • Conduct a security assessment of target organization
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be terminated
    • Identify process expectations from target organization
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies

    3.2.2 Establish the integration roadmap

    2 hours

    Input: Prioritized integration tasks, Employee transition plan, Integration RACI, Costs for activities, Activity owners

    Output: Integration roadmap

    Materials: M&A Integration Project Plan Tool (SharePoint), M&A Integration Project Plan Tool (Excel)

    Participants: IT executive/CIO, IT senior leadership, Transition team, Company M&A team

    The purpose of this activity is to create a roadmap to support IT throughout the integration process. Using the information gathered in previous activities, you can create a roadmap that will ensure a smooth integration.

    1. Leverage our M&A Integration Project Management Tool to track critical elements of the integration project. There are a few options available:
      1. Follow the instructions on the next slide if you are looking to upload our SharePoint project template.
      2. If you cannot or do not want to use SharePoint as your project management solution, download our Excel version of the tool.
        **Remember that this your tool, so customize to your liking.
    2. Identify who will own or be accountable for each of the integration tasks and establish the time frame for when each project should begin and end. This will confirm which tasks should be prioritized.

    Record the updates in the M&A Integration Project Management Tool (SharePoint).

    Record the updates in the M&A Integration Project Management Tool (Excel).

    Integration Project Management Tool (SharePoint Template)

    Follow these instructions to upload our template to your SharePoint environment

    1. Create or use an existing SP site.
    2. Download the M&A Integration Project Plan Tool (SharePoint) .wsp file from the Mergers & Acquisitions: The Buy Blueprint landing page.
    3. To import a template into your SharePoint environment, do the following:
      1. Open PowerShell.
      2. Connect-SPO Service (need to install PowerShell module).
      3. Enter in your tenant admin URL.
      4. Enter in your admin credentials.
      5. Set-SPO Site https://YourDomain.sharepoint.com/sites/YourSiteHe... -DenyAddAndCustomizePages 0
      OR
      1. Turn on both custom script features to allow users to run custom
    4. Screenshot of the 'Custom Script' option for importing a template into your SharePoint environment. Feature description reads 'Control whether users can run custom script on personal sites and self-service created sites. Note: changes to this setting might take up to 24 hours to take effect. For more information, see http://go.microsoft.com/fwlink/?LinkIn=397546'. There are options to prevent or allow users from running custom script on personal/self-service created sites.
    5. Enable the SharePoint Server Standard Site Collection features.
    6. Upload the .wsp file in Solutions Gallery.
    7. Deploy by creating a subsite and select from custom options.
      • Allow or prevent custom script
      • Security considerations of allowing custom script
      • Save, download, and upload a SharePoint site as a template
    8. Refer to Microsoft documentation to understand security considerations and what is and isn’t supported:

    For more information, check out the SharePoint Template: Step-by-Step Deployment Guide.

    Participate in active workforce planning to transition employees

    The chosen IT operating model, primary M&A goals, and any planned changes to business strategy will dramatically impact IT staffing and workforce planning efforts.

    Visualization of the three aspects of 'IT workforce planning', as listed below.

    IT workforce planning

    • Primary M&A goals
      If the goal of the M&A is cost cutting, then workforce planning will be necessary to identify labor redundancies.
    • Changes to business strategy
      If business strategy will change after the merger, then workforce planning will typically be more involved than if business strategy will not change.
    • Integration strategy
      For independent models, workforce planning will typically be unnecessary.
      For connection of essential systems or absorption, workforce planning will likely be an involved, time-consuming process.
    1. Estimate the headcount you will need through the end of the M&A transition period.
    2. Outline the process you will use to assess staff for roles that have more than one candidate.
    3. Review employees in each department to determine the best fit for each role.
    4. Determine whether terminations will happen all together or in waves.

    Info-Tech Insight

    Don’t be a short-term thinker when it comes to workforce planning! IT teams that only consider the headcount needed on day one of the new entity will end up scrambling to find skilled resources to fill workforce gaps later in the transition period.

    3.2.3 Identify the needed workforce supply

    3-4 hours

    Input: IT strategy, Prioritized integration tasks

    Output: A clear indication of how many resources are required for each role and the number of resources that the organization actually has

    Materials: Resource Management Supply-Demand Calculator

    Participants: IT executive/CIO, IT senior leadership, Target organization employees, Company M&A team, Transition team

    The purpose of this activity is to determine the anticipated amount of work that will be required to support projects (like integration), administrative, and keep-the-lights-on activities.

    1. Download the Resource Management Supply-Demand Calculator.
    2. The calculator requires minimal up-front staff participation: You can obtain meaningful results with participation from as few as one person with insight on the distribution of your resources and their average work week or month.
    3. The calculator will yield a report that shows a breakdown of your annual resource supply and demand, as well as the gap between the supply and demand. Further insight on project and non-project supply and demand are provided.
    4. Repeat the tool several times to identify the needs of your IT environment for day one, day 30/100, and year one. Anticipate that these will change over time. Also, do not forget to obtain this information from the target organization. Given that you will be integrating, it’s important to know how many staff they have in which roles.
    5. **For additional information, please review slides starting from slide 44 in Establish Realistic IT Resource Management Practices to see how to use the tool.

    Record the results in the Resource Management Supply-Demand Calculator.

    Resource Supply-Demand Calculator Output Example

    Example of a 'Resource Management Supply-Demand Analysis Report' with charts and tables measuring Annualized Resource Supply and Demand, Resource Capacity Confidence, Project Capacity, and combinations of those metrics.

    Resource Capacity Confidence. This figure is based on your confidence in supply confidence, demand stability, and the supply-demand ratio.

    Importance of estimating integration costs

    Change is the key driver of integration costs

    Integration costs are dependent on the following:
    • Meeting synergy targets – whether that be cost saving or growth related.
      • Employee-related costs, licensing, and reconfiguration fees play a huge part in meeting synergy targets.
    • Adjustments related to compliance or regulations – especially if there are changes to legal entities, reporting requirements, or risk-mitigation standards.
    • Governance or third party–related support required to ensure timelines are met and the integration is a success.
    Integration costs vary by industry type.
    • Certain industries may have integration costs made up of mostly one type, differing from other industries, due to the complexity and different demands of the transaction. For example:
      • Healthcare integration costs are mostly driven by regulatory, safety, and quality standards, as well as consolidation of the research and development function.
      • Energy and Utilities tend to have the lowest integration costs due to most transactions occurring within the same sector rather than as a cross-sector investment. For example, oil and gas acquisitions tend to be for oil fields and rigs (strategic fixed assets), which can easily be added to the buyer’s portfolio.

    Integration costs are more related to the degree of change required than the size of the transaction.

    3.2.4 Estimate integration costs

    3-4 hours

    Input: Integration tasks, Transition team, Valuation of current IT environment, Valuation of target IT environment, Outputs from data room, Technical debt, Employees

    Output: List of anticipated costs required to support IT integration

    Materials: Integration task checklist, Integration roadmap, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to estimate the costs that will be associated with the integration. It’s important to ensure a realistic figure is identified and communicated to the larger M&A team within your company as early in the process as possible. This ensures that the funding required for the transaction is secured and budgeted for in the overarching transaction.

    1. On the associated slide in the M&A Buy Playbook, input:
      • Task
      • Domain
      • Cost type
      • Total cost amount
      • Level of certainty around the cost
    2. Provide a copy of the estimated costs to the company’s M&A team. Also provide any additional information identified earlier to help them understand the importance of those costs.

    Record the results in the M&A Buy Playbook.

    Employee transition planning

    Considering employee impact will be a huge component to ensure successful integration

    • Meet With Leadership
    • Plan Individual and Department Redeployment
    • Plan Individual and Department Layoffs
    • Monitor and Manage Departmental Effectiveness
    • For employees, the transition could mean:
      • Changing from their current role to a new role to meet requirements and expectations throughout the transition.
      • Being laid off because the role they are currently occupying has been made redundant.
    • It is important to plan for what the M&A integration needs will be and what the IT operational needs will be.
    • A lack of foresight into this long-term plan could lead to undue costs and headaches trying to retain critical staff, rehiring positions that were already let go, and keeping redundant employees longer then necessary.

    Info-Tech Insight

    Being transparent throughout the process is critical. Do not hesitate to tell employees the likelihood that their job may be made redundant. This will ensure a high level of trust and credibility for those who remain with the organization after the transaction.

    3.2.5 Create an employee transition plan

    3-4 hours

    Input: IT strategy, IT organizational design, Resource Supply-Demand Calculator output

    Output: Employee transition plans

    Materials: M&A Buy Playbook, Whiteboard, Sticky notes, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to create a transition plan for employees.

    1. Transition planning can be done at specific individual levels or more broadly to reflect a single role. Consider these four items in the transition plan:
      • Understand the direction of the employee transitions.
      • Identify employees that will be involved in the transition (moved or laid off).
      • Prepare to meet with employees.
      • Meet with employees.
    2. For each employee that will be facing some sort of change in their regular role, permanent or temporary, create a transition plan.
    3. For additional information on transitioning employees, review the blueprint Streamline Your Workforce During a Pandemic.

    **Note that if someone’s future role is a layoff, then there is no need to record anything for skills needed or method for skill development.

    Record the results in the M&A Buy Playbook.

    3.2.6 Create functional workplans for employees

    3-4 hours

    Input: Prioritized integration tasks, Employee transition plan, Integration RACI, Costs for activities, Activity owners

    Output: Employee functional workplans

    Materials: M&A Buy Playbook, Learning and development tools

    Participants: IT executive/CIO, IT senior leadership, IT management team, Company M&A team, Transition team

    The purpose of this activity is to create a functional workplan for the different employees so that they know what their key role and responsibilities are once the transaction occurs.

    1. First complete the transition plan from the previous activity (3.2.5) and the separation roadmap. Have these documents ready to review throughout this process.
    2. Identify the employees who will be transitioning to a new role permanently or temporarily. Creating a functional workplan is especially important for these employees.
    3. Identify the skills these employees need to have to support the separation. Record this in the corresponding slide in the M&A Buy Playbook.
    4. For each employee, identify someone who will be a point of contact for them throughout the transition.

    It is recommended that each employee have a functional workplan. Leverage the IT managers to support this task.

    Record the results in the M&A Buy Playbook.

    Metrics for integration

    Valuation & Due Diligence

    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target

    Execution & Value Realization

    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT integration
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    3.2.7 Align project metrics with identified tasks

    3-4 hours

    Input: Prioritized integration tasks, Employee transition plan, Integration RACI, Costs for activities, Activity owners, M&A goals

    Output: Integration-specific metrics to measure success

    Materials: Roadmap template, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Transition team

    The purpose of this activity is to understand how to measure the success of the integration project by aligning metrics to each identified task.

    1. Review the M&A goals identified by the business. Your metrics will need to tie back to those business goals.
    2. Identify metrics that align to identified tasks and measure achievement of those goals. For each metric you consider, ask the following questions:
      • What is the main goal or objective that this metric is trying to solve?
      • What does success look like?
      • Does the metric promote the right behavior?
      • Is the metric actionable? What is the story you are trying to tell with this metric?
      • How often will this get measured?
      • Are there any metrics it supports or is supported by?

    Record the results in the M&A Buy Playbook.

    By the end of this mid-transaction phase you should:

    Have successfully evaluated the target organization’s IT environment, escalated the acquisition risks and benefits, and prepared IT for integration.

    Key outcomes from the Due Diligence & Preparation phase
    • Participate in due diligence activities to accurately valuate the target organization(s) and determine if there are critical risks or benefits the current organization should be aware of.
    • Create an integration roadmap that considers the tasks that will need to be completed and the resources required to support integration.
    Key deliverables from the Due Diligence & Preparation phase
    • Establish a due diligence charter
    • Create a list of data room artifacts and engage in due diligence
    • Assess the target organization’s technical debt
    • Valuate the target IT organization
    • Assess and plan for culture
    • Prioritize integration tasks
    • Establish the integration roadmap
    • Identify the needed workforce supply
    • Estimate integration costs
    • Create employee transition plans
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    M&A Buy Blueprint

    Phase 4

    Execution & Value Realization

    Phase 1Phase 2Phase 3

    Phase 4

    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Growth Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Acquisition
    • 3.1 Assess the Target Organization
    • 3.2 Prepare to Integrate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Rationalize the IT environment
    • Continually update the project plan
    • Confirm integration costs
    • Review IT’s transaction value
    • Conduct a transaction and integration SWOT
    • Review the playbook and prepare for future transactions

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Engage in Integration

    Day 4

    Establish the Transaction FoundationDiscover the Motivation for IntegrationPlan the Integration RoadmapPrepare Employees for the TransitionEngage in IntegrationAssess the Transaction Outcomes (Must be within 30 days of transaction date)

    Activities

    • 0.1 Understand the rationale for the company's decisions to pursue an acquisition.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the acquisition.
    • 1.2 Identify pain points and opportunities tied to the acquisition.
    • 1.3 Establish the integration strategy.
    • 1.4 Prioritize Integration tasks.
    • 2.1 Establish the integration roadmap.
    • 2.2 Establish and align project metrics with identified tasks.
    • 2.3 Estimate integration costs.
    • 3.1 Assess the current culture and identify the goal culture.
    • 3.2 Identify the needed workforce supply.
    • 3.3 Create an employee transition plan.
    • 3.4 Create functional workplans for employees.
    • I.1 Complete the integration by regularly updating the project plan.
    • I.2 Begin to rationalize the IT environment where possible and necessary.
    • 4.1 Confirm integration costs.
    • 4.2 Review IT’s transaction value.
    • 4.3 Conduct a transaction and integration SWOT.
    • 4.4 Review the playbook and prepare for future transactions.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Integration strategy
    1. Integration roadmap and associated resourcing
    1. Culture assessment
    2. Workforce supply identified
    3. Employee transition plan
    1. Rationalized IT environment
    2. Updated integration project plan
    1. SWOT of transaction
    2. M&A Buy Playbook refined for future transactions

    What is the Execution & Value Realization phase?

    Post-transaction state

    Once the transaction comes to a close, it’s time for IT to deliver on the critical integration tasks. Set the organization up for success by having an integration roadmap. Retaining critical IT staff throughout this process will also be imperative to the overall transaction success.

    Throughout the integration process, roadblocks will arise and need to be addressed. However, by ensuring that employees, technology, and processes are planned for ahead of the transaction, you as IT will be able to weather those unexpected concerns with greater ease.

    Now that you as an IT leader have engaged in an acquisition, demonstrating the value IT was able to provide to the process is critical to establishing a positive and respected relationship with other senior leaders in the business. Be prepared to identify the positives and communicate this value to advance the business’ perception of IT.

    Goal: To carry out the planned integration activities and deliver the intended value to the business

    Execution Prerequisite Checklist

    Before coming into the Execution & Value Realization phase, you must have addressed the following:

    • Understand the rationale for the company's decisions to pursue an acquisition and what opportunities or pain points the acquisition should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics and align to project tasks.
    • Select an integration strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.
    • Create a list of data room artifacts and engage in due diligence (directly or indirectly).
    • Prioritize integration tasks.
    • Establish the integration roadmap.
    • Identify the needed workforce supply.
    • Create employee transition plans.

    Before coming into the Execution & Value Realization phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT's value to the business.
    • Establish a due diligence charter.
    • Assess the target organization’s technical debt.
    • Valuate the target IT organization.
    • Assess and plan for culture.
    • Estimate integration costs.
    • Create functional workplans for employees.

    Integration checklists

    Prerequisite Checklist
    • Build the project plan for integration and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the acquisition or purchase
    • Develop IT's purchasing strategy
    • Determine goal opportunities
    • Create the mission and vision statements
    • Create the guiding principles
    • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Assess workforce demand and supply
    • Plan and communicate potential layoffs
    • Create an employee transition plan
    • Identify the IT investment
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Identify and assess all of IT's risks
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the needed workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Data architecture
    • Data sources
    • Data storage (on-premises vs. cloud)
    • Enterprise content management
    • Compatibility of data types between organizations
    • Cleanliness/usability of target organization data sets
    • Identify data sets that need to be combined to capture synergies/drive core capabilities
    • Reporting and analytics capabilities
    Applications
    • Prioritize and address critical applications
      • ERP
      • CRM
      • Email
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
    • Leverage application rationalization framework to determine applications to keep, terminate, or create
    • Develop method of integrating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    Operations
    • Communicate helpdesk/service desk information
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Consolidate phone lists and extensions
    • Synchronize email address books

    Integration checklists (continued)

    Infrastructure
    • Determine single network access
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Rationalize vendor services and solutions
    • Identify opportunities to mature the security architecture
    People
    • Design an IT operating model
    • Redesign your IT organizational structure
    • Conduct a RACI
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Create a list of employees to be terminated
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Stop duplicate or unnecessary target organization projects
    • Communicate project intake process
    • Prioritize projects
    Products & Services
    • Ensure customer services requirements are met
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    Security
    • Conduct a security assessment of target organization
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be terminated
    • Identify process expectations from target organization
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies

    Execution & Value Realization

    Step 4.1

    Execute the Transaction

    Activities

    • 4.1.1 Rationalize the IT environment
    • 4.1.2 Continually update the project plan

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Outcomes of Step

    Successfully execute on the integration and strategize how to rationalize the two (or more) IT environments and update the project plan, strategizing against any roadblocks as they might come.

    Compile –› Assess –› Rationalize

    Access to critical information often does not happen until day one

    • As the transaction comes to a close and the target organization becomes the acquired organization, it’s important to start working on the rationalization of your organization.
    • One of the most important elements will be to have a complete understanding of the acquired organization’s IT environment. Specifically, assess the technology, people, and processes that might exist.
    • This rationalization will be heavily dependent on your planned integration strategy determined in the Discovery & Strategy phase of the process.
    • If your IT organization was not involved until after that phase, then determine whether your organization plans on remaining in its original state, taking on the acquired organization’s state, or forming a best-of-breed state by combining elements.
    • To execute on this, however, a holistic understanding of the new IT environment is required.

    Some Info-Tech resources to support this initiative:

    • Reduce and Manage Your Organization’s Insider Threat Risk
    • Build an Application Rationalization Framework
    • Rationalize Your Collaboration Tools
    • Consolidate IT Asset Management
    • Build Effective Enterprise Integration on the Back of Business Process
    • Consolidate Your Data Centers

    4.1.1 Rationalize the IT environment

    6-12 months

    Input: RACI chart, List of critical applications, List of vendor contracts, List of infrastructure assets, List of data assets

    Output: Rationalized IT environment

    Materials: Software Terms & Conditions Evaluation Tool

    Participants: IT executive/CIO, IT senior leadership, Vendor management

    The purpose of this activity is to rationalize the IT environment to reduce and eliminate redundant technology.

    1. Compile a list of the various applications and vendor contracts from the acquired organization and the original organization.
    2. Determine where there is repetition. Have a member of the vendor management team review those contracts and identify cost-saving opportunities.

    This will not be a quick and easy activity to complete. It will require strong negotiation on the behalf of the vendor management team.

    For additional information and support for this activity, see the blueprint Master Contract Review and Negotiations for Software Agreements.

    4.1.2 Continually update the project plan

    Reoccurring basis following transition

    Input: Prioritized integration tasks, Integration RACI, Activity owners

    Output: Updated integration project plan

    Materials: M&A Integration Project Management Tool

    Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

    The purpose of this activity is to ensure that the project plan is continuously updated as your transaction team continues to execute on the various components outlined in the project plan.

    1. Set a regular cadence for the transaction team to meet, update and review the status of the various integration task items, and strategize how to overcome any roadblocks.
    2. Employ governance best practices in these meetings to ensure decisions can be made effectively and resources allocated strategically.

    Record the updates in the M&A Integration Project Management Tool (SharePoint).

    Record the updates in the M&A Integration Project Management Tool (Excel).

    Execution & Value Realization

    Step 4.2

    Reflection and Value Realization

    Activities

    • 4.2.1 Confirm integration costs
    • 4.2.2 Review IT’s transaction value
    • 4.2.3 Conduct a transaction and integration SWOT
    • 4.2.4 Review the playbook and prepare for future transactions

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team

    Outcomes of Step

    Review the value that IT was able to generate around the transaction and strategize on how to improve future acquisition transactions.

    4.2.1 Confirm integration costs

    3-4 hours

    Input: Integration tasks, Transition team, Previous RACI, Estimated costs

    Output: Actual integration costs

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

    The purpose of this activity is to confirm the associated costs around integration. While the integration costs would have been estimated previously, it’s important to confirm the costs that were associated with the integration in order to provide an accurate and up-to-date report to the company’s M&A team.

    1. Taking all the original items identified previously in activity 3.2.4, identify if there were changes in the estimated costs. This can be an increase or a decrease.
    2. Ensure that each cost has a justification for why the cost changed from the original estimation.

    Record the results in the M&A Buy Playbook.

    Track synergy capture through the IT integration

    The ultimate goal of the M&A is to achieve and deliver deal objectives. Early in the M&A, IT must identify, prioritize, and execute upon synergies that deliver value to the business and its shareholders. Continue to measure IT’s contribution toward achieving the organization’s M&A goals throughout the integration by keeping track of cost savings and synergies that have been achieved. When these achievements happen, communicate them and celebrate success.

    1. Define Synergy Metrics: Select metrics to track synergies through the integration.
      1. You can track value by looking at percentages of improvement in process-level metrics depending on the synergies being pursued.
      2. For example, if the synergy being pursued is increasing asset utilization, metrics could range from capacity to revenue generated through increased capacity.
    2. Prioritize Synergistic Initiatives: Estimate the cost and benefit of each initiative's implementation to compare the amount of business value to the cost. The benefits and costs should be illustrated at a high level. Estimating the exact dollar value of fulfilling a synergy can be difficult and misleading.
        Steps
      • Determine the benefits that each initiative is expected to deliver.
      • Determine the high-level costs of implementation (capacity, time, resources, effort).
    3. Track Synergy Captures: Develop a detailed workplan to resource the roadmap and track synergy captures as the initiatives are undertaken.

    Once 80% of the necessary synergies are realized, executive pressure will diminish. However, IT must continue to work toward the technology end state to avoid delayed progression.

    4.2.2 Review IT’s transaction value

    3-4 hours

    Input: Prioritized integration tasks, Integration RACI, Activity owners, M&A company goals

    Output: Transaction value

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company's M&A team

    The purpose of this activity is to track how your IT organization performed against the originally identified metrics.

    1. If your organization did not have the opportunity to identify metrics earlier, determine from the company M&A team what those metrics might be. Review activity 3.2.7 for more information on metrics.
    2. Identify whether the metric (which should be used to support a goal) was at, below, or above the original target metric. This is a very critical task for IT to complete because it allows IT to confirm that they were successful engaging in the transaction and that the business can count on them in future transactions.
    3. Be sure to record accurate and relevant information on why the outcomes (good or bad) are supporting the M&A goals that were set out by the business.

    Record the results in the M&A Buy Playbook.

    4.2.3 Conduct a transaction and integration SWOT

    2 hours

    Input: Integration costs, Retention rates, Value IT contributed to the transaction

    Output: Strengths, weaknesses, opportunities, and threats

    Materials: Flip charts, Markers, Sticky notes

    Participants: IT executive/CIO, IT senior leadership, Business transaction team

    The purpose of this activity is to assess the positive and negative elements of the transaction.

    1. Consider the various internal and external elements that could have impacted the outcome of the transaction.
      • Strengths. Internal characteristics that are favorable as they relate to your development environment.
      • Weaknesses Internal characteristics that are unfavorable or need improvement.
      • Opportunities External characteristics that you may use to your advantage.
      • Threats External characteristics that may be potential sources of failure or risk.

    Record the results in the M&A Buy Playbook.

    M&A Buy Playbook review

    With an acquisition complete, your IT organization is now more prepared then ever to support the business through future M&As

    • Now that the transaction is more than 80% complete, take the opportunity to review the key elements that worked well and the opportunities for improvement in future transactions.
    • Critically examine the M&A Buy Playbook your IT organization created and identify what worked well to help the transaction and where your organization could adjust to do better in future transactions.
    • If your organization were to engage in another acquisition under your IT leadership, how would you go about the transaction to make sure the company meets its goals?

    4.2.4 Review the playbook and prepare for future transactions

    4 hours

    Input: Transaction and integration SWOT

    Output: Refined M&A playbook

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to revise the playbook and ensure it is ready to go for future transactions.

    1. Using the outputs from the previous activity, 4.2.3, determine what strengths and opportunities there were that should be leveraged in the next transaction.
    2. Likewise, determine which threats and weaknesses could be avoided in the future transactions.
      Remember, this is your M&A Buy Playbook, and it should reflect the most successful outcome for you in your organization.

    Record the results in the M&A Buy Playbook.

    By the end of this post-transaction phase you should:

    Have completed the integration post-transaction and be fluidly delivering the critical value that the business expected of IT.

    Key outcomes from the Execution & Value Realization phase
    • Ensure the integration tasks are being completed and that any blockers related to the transaction are being removed.
    • Determine where IT was able to realize value for the business and demonstrate IT’s involvement in meeting target goals.
    Key deliverables from the Execution & Value Realization phase
    • Rationalize the IT environment
    • Continually update the project plan for completion
    • Confirm integration costs
    • Review IT’s transaction value
    • Conduct a transaction and integration SWOT
    • Review the playbook and prepare for future transactions

    Summary of Accomplishment

    Problem Solved

    Congratulations, you have completed the M&A Buy Blueprint!

    Rather than reacting to a transaction, you have been proactive in tackling this initiative. You now have a process to fall back on in which you can be an innovative IT leader by suggesting how and why the business should engage in an acquisition. You now have:

    • Created a standardized approach for how your IT organization should address acquisitions.
    • Evaluated the target organizations successfully and established an integration project plan.
    • Delivered on the integration project plan successfully and communicated IT’s transaction value to the business.

    Now that you have done all of this, reflect on what went well and what can be improved in case if you have to do this all again in a future transaction.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8899

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst | CIO
    Info-Tech Research Group
    Brittany Lutes
    Senior Research Analyst | CIO
    Info-Tech Research Group
    John Annand
    Principal Research Director | Infrastructure
    Info-Tech Research Group
    Scott Bickley
    Principal Research Director | Vendor Management
    Info-Tech Research Group
    Cole Cioran
    Practice Lead | Applications
    Info-Tech Research Group
    Dana Daher
    Research Analyst | Strategy & Innovation
    Info-Tech Research Group
    Eric Dolinar
    Manager | M&A Consulting
    Deloitte Canada
    Christoph Egel
    Director, Solution Design & Deliver
    Cooper Tire & Rubber Company
    Nora Fisher
    Vice President | Executive Services Advisory
    Info-Tech Research Group
    Larry Fretz
    Vice President | Industry
    Info-Tech Research Group

    Research Contributors and Experts

    David Glazer
    Vice President of Analytics
    Kroll
    Jack Hakimian
    Senior Vice President | Workshops and Delivery
    Info-Tech Research Group
    Gord Harrison
    Senior Vice President | Research & Advisory
    Info-Tech Research Group
    Valence Howden
    Principal Research Director | CIO
    Info-Tech Research Group
    Jennifer Jones
    Research Director | Industry
    Info-Tech Research Group
    Nancy McCuaig
    Senior Vice President | Chief Technology and Data Office
    IGM Financial Inc.
    Carlene McCubbin
    Practice Lead | CIO
    Info-Tech Research Group
    Kenneth McGee
    Research Fellow | Strategy & Innovation
    Info-Tech Research Group
    Nayma Naser
    Associate
    Deloitte
    Andy Neill
    Practice Lead | Data & Analytics, Enterprise Architecture
    Info-Tech Research Group

    Research Contributors and Experts

    Rick Pittman
    Vice President | Research
    Info-Tech Research Group
    Rocco Rao
    Research Director | Industry
    Info-Tech Research Group
    Mark Rosa
    Senior Vice President & Chief Information Officer
    Mohegan Gaming and Entertainment
    Tracy-Lynn Reid
    Research Lead | People & Leadership
    Info-Tech Research Group
    Jim Robson
    Senior Vice President | Shared Enterprise Services (retired)
    Great-West Life
    Steven Schmidt
    Senior Managing Partner Advisory | Executive Services
    Info-Tech Research Group
    Nikki Seventikidis
    Senior Manager | Finance Initiative & Continuous Improvement
    CST Consultants Inc.
    Allison Straker
    Research Director | CIO
    Info-Tech Research Group
    Justin Waelz
    Senior Network & Systems Administrator
    Info-Tech Research Group
    Sallie Wright
    Executive Counselor
    Info-Tech Research Group

    Bibliography

    “5 Ways for CIOs to Accelerate Value During Mergers and Acquisitions.” Okta, n.d. Web.

    Altintepe, Hakan. “Mergers and acquisitions speed up digital transformation.” CIO.com, 27 July 2018. Web.

    “America’s elite law firms are booming.” The Economist, 15 July 2021. Web.

    Barbaglia, Pamela, and Joshua Franklin. “Global M&A sets Q1 record as dealmakers shape post-COVID world.” Nasdaq, 1 April 2021. Web.

    Boyce, Paul. “Mergers and Acquisitions Definition: Types, Advantages, and Disadvantages.” BoyceWire, 8 Oct. 2020. Web.

    Bradt, George. “83% Of Mergers Fail -- Leverage A 100-Day Action Plan For Success Instead.” Forbes, 27 Jan. 2015. Web.

    Capgemini. “Mergers and Acquisitions: Get CIOs, IT Leaders Involved Early.” Channel e2e, 19 June 2020. Web.

    Chandra, Sumit, et al. “Make Or Break: The Critical Role Of IT In Post-Merger Integration.” IMAA Institute, 2016. Web.

    Deloitte. “How to Calculate Technical Debt.” The Wall Street Journal, 21 Jan. 2015. Web.

    Ernst & Young. “IT As A Driver Of M&A Success.” IMAA Institute, 2017. Web.

    Fernandes, Nuno. “M&As In 2021: How To Improve The Odds Of A Successful Deal.” Forbes, 23 March 2021. Web.

    “Five steps to a better 'technology fit' in mergers and acquisitions.” BCS, 7 Nov. 2019. Web.

    Fricke, Pierre. “The Biggest Opportunity You’re Missing During an M&Aamp; IT Integration.” Rackspace, 4 Nov. 2020. Web.

    Garrison, David W. “Most Mergers Fail Because People Aren't Boxes.” Forbes, 24 June 2019. Web.

    Harroch, Richard. “What You Need To Know About Mergers & Acquisitions: 12 Key Considerations When Selling Your Company.” Forbes, 27 Aug. 2018. Web.

    Hope, Michele. “M&A Integration: New Ways To Contain The IT Cost Of Mergers, Acquisitions And Migrations.” Iron Mountain, n.d. Web.

    “How Agile Project Management Principles Can Modernize M&A.” Business.com, 13 April 2020. Web.

    Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 Jan. 2013. Web.

    Kanter, Rosabeth Moss. “What We Can Learn About Unity from Hostile Takeovers.” Harvard Business Review, 12 Nov. 2020. Web.

    Koller, Tim, et al. “Valuation: Measuring and Managing the Value of Companies, 7th edition.” McKinsey & Company, 2020. Web.

    Labate, John. “M&A Alternatives Take Center Stage: Survey.” The Wall Street Journal, 30 Oct. 2020. Web.

    Lerner, Maya Ber. “How to Calculate ROI on Infrastructure Automation.” DevOps.com, 1 July 2020. Web.

    Loten, Angus. “Companies Without a Tech Plan in M&A Deals Face Higher IT Costs.” The Wall Street Journal, 18 June 2019. Web.

    Low, Jia Jen. “Tackling the tech integration challenge of mergers today” Tech HQ, 6 Jan. 2020. Web.

    Lucas, Suzanne. “5 Reasons Turnover Should Scare You.” Inc. 22 March 2013. Web.

    “M&A Trends Survey: The future of M&A. Deal trends in a changing world.” Deloitte, Oct. 2020. Web.

    Maheshwari, Adi, and Manish Dabas. “Six strategies tech companies are using for successful divesting.” EY, 1 Aug. 2020. Web.

    Majaski, Christina. “Mergers and Acquisitions: What's the Difference?” Investopedia, 30 Apr. 2021.

    “Mergers & Acquisitions: Top 5 Technology Considerations.” Teksetra, 21 Jul. 2020. Web.

    “Mergers Acquisitions M&A Process.” Corporate Finance Institute, n.d. Web.

    “Mergers and acquisitions: A means to gain technology and expertise.” DLA Piper, 2020. Web.

    Nash, Kim S. “CIOs Take Larger Role in Pre-IPO Prep Work.” The Wall Street Journal, 5 March 2015. Web.

    Paszti, Laila. “Canada: Emerging Trends In Information Technology (IT) Mergers And Acquisitions.” Mondaq, 24 Oct. 2019. Web.

    Patel, Kiison. “The 8 Biggest M&A Failures of All Time” Deal Room, 9 Sept. 2021. Web.

    Peek, Sean, and Paula Fernandes. “What Is a Vision Statement?” Business News Daily, 7 May 2020. Web.

    Ravid, Barak. “Tech execs focus on growth amid increasingly competitive M&A market.” EY, 28 April 2021. Web.

    Resch, Scott. “5 Questions with a Mergers & Acquisitions Expert.” CIO, 25 June 2019. Web.

    Salsberg, Brian. “Four tips for estimating one-time M&A integration costs.” EY, 17 Oct. 2019. Web.

    Samuels, Mark. “Mergers and acquisitions: Five ways tech can smooth the way.” ZDNet, 15 Aug. 2018. Web.

    “SAP Divestiture Projects: Options, Approach and Challenges.” Cognizant, May, 2014. Web.

    Steeves, Dave. “7 Rules for Surviving a Merger & Acquisition Technology Integration.” Steeves and Associates, 5 Feb. 2020. Web.

    Tanaszi, Margaret. “Calculating IT Value in Business Terms.” CSO, 27 May 2004. Web.

    “The CIO Playbook. Nine Steps CIOs Must Take For Successful Divestitures.” SNP, 2016. Web.

    “The Role of IT in Supporting Mergers and Acquisitions.” Cognizant, Feb. 2015. Web.

    Torres, Roberto. “M&A playbook: How to prepare for the cost, staff and tech hurdles.” CIO Dive, 14 Nov. 2019. Web.

    “Valuation Methods.” Corporate Finance Institute, n.d. Web.

    Weller, Joe. “The Ultimate Guide to the M&A Process for Buyers and Sellers.” Smartsheet, 16 May 2019. Web.

    Enable Omnichannel Commerce That Delights Your Customers

    • Buy Link or Shortcode: {j2store}534|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $17,249 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Today’s customers expect to be able to transact with you in the channels of their choice. The proliferation of e-commerce, innovations in brick-and-mortar retail, and developments in mobile commerce and social media selling mean that IT organizations are managing added complexity in drafting a strategy for commerce enablement.
    • The right technology stack is critical in order to support world-class e-commerce and brick-and-mortar interactions with customers.

    Our Advice

    Critical Insight

    • Support the right transactional channels for the right customers: there is no “one-size-fits-all” approach to commerce enablement – understand your customers to drive selection of the right transactional channels.
    • Don’t assume that “traditional” commerce channels have stagnated: IoT, customer analytics, and blended retail are reinvigorating brick-and-mortar selling.
    • Don’t buy best-of-breed; buy best-for-you. Base commerce vendor selection on your requirements and use cases, not on the vendor’s overall performance.

    Impact and Result

    • Leverage Info-Tech’s proven, road-tested approach to using personas and scenarios to build strong business drivers for your commerce strategy.
    • Before selecting and deploying technology solutions, create a cohesive channel matrix outlining which channels your organization will support with transactional capabilities.
    • Understand evolving trends in the commerce solution space, such as AI-driven product recommendations and integration with other essential enterprise applications (i.e. CRM and marketing automation platforms).
    • Understand and apply operational best practices such as content optimization and dynamic personalization to improve the conversion rate via your e-commerce channels.

    Enable Omnichannel Commerce That Delights Your Customers Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enable Omnichannel Commerce Deck – A deck outlining the importance of creating a cohesive omnichannel framework to improve your customer experience.

    E-commerce channels have proliferated, and traditional brick-and-mortar commerce is undergoing reinvention. In order to provide your customers with a strong experience, it's imperative to create a strategy – and to deploy the right enabling technologies – that allow for robust multi-channel commerce. This storyboard provides a concise overview of how to do just that.

    • Enable Omnichannel Commerce That Delights Your Customers – Phases 1-2

    2. Create Personas to Drive Omnichannel Requirements Template – A template to identify key customer personas for e-commerce and other channels.

    Customer personas are archetypal representations of your key audience segments. This template (and populated examples) will help you construct personas for your omnichannel commerce project.

    • Create Personas to Drive Omnichannel Requirements Template
    [infographic]

    Further reading

    Enable Omnichannel Commerce That Delights Your Customers

    Create a cohesive, omnichannel framework that supports the right transactions through the right channels for the right customers.

    Analyst Perspective

    A clearly outlined commerce strategy is a necessary component of a broader customer experience strategy.

    This is a picture of Ben Dickie, Research Lead, Research – Applications at Info-Tech Research Group

    Ben Dickie
    Research Lead, Research – Applications
    Info-Tech Research Group

    “Your commerce strategy is where the rubber hits the road, converting your prospects into paying customers. To maximize revenue (and provide a great customer experience), it’s essential to have a clearly defined commerce strategy in place.

    A strong commerce strategy seeks to understand your target customer personas and commerce journey maps and pair these with the right channels and enabling technologies. There is not a “one-size-fits-all” approach to selecting the right commerce channels: while many organizations are making a heavy push into e-commerce and mobile commerce, others are seeking to differentiate themselves by innovating in traditional brick-and-mortar sales. Hybrid channel design now dominates many commerce strategies – using a blend of e-commerce and other channels to deliver the best-possible customer experience.

    IT leaders must work with the business to create a succinct commerce strategy that defines personas and scenarios, outlines the right channel matrix, and puts in place the right enabling technologies (for example, point-of-sale and e-commerce platforms).”

    Stop! Are you ready for this project?

    This Research Is Designed For:

    • IT leaders and business analysts supporting their commercial and marketing organizations in developing and executing a technology enablement strategy for e-commerce or brick-and-mortar commerce.
    • Any organization looking to develop a persona-based approach to identifying the right channels for their commerce strategy.

    This Research Will Help You:

    • Identify key personas and customer journeys for a brick-and-mortar and/or e-commerce strategy.
    • Select the right channels for your commerce strategy and build a commerce channel matrix to codify the results.
    • Review the “art of the possible” and new developments in brick-and-mortar and e-commerce execution.

    This Research Will Also Assist:

    • Sales managers, brand managers, and any marketing professional looking to build a cohesive commerce strategy.
    • E-commerce or POS project teams or working groups tasked with managing an RFP process for vendor selection.

    This Research Will Help Them:

    • Build a persona-centric commerce strategy.
    • Understand key technology trends in the brick-and-mortar and e-commerce space.

    Executive Summary

    Your Challenge

    Today’s customers expect to be able to transact with you in the channels of their choice.

    The proliferation of e-commerce, innovations in brick-and-mortar retail, and developments in mobile commerce and social media selling mean that IT organizations are managing added complexity in drafting a strategy for commerce enablement.

    The right technology stack is critical to support world-class e-commerce and brick-and-mortar interactions with customers.

    Common Obstacles

    Many organizations do not define strong, customer-centric drivers for dictating which channels they should be investing in for transactional capabilities.

    As many retailers look to move shopping experiences online during the pandemic, the impetus for having a strong e-commerce suite has markedly increased. The proliferation of commerce vendors has made it difficult to identify and shortlist the right solution, while the pandemic has also highlighted the importance of adopting new vendors quickly and efficiently: companies need to understand the top players in different commerce market landscapes.

    IT is receiving a growing number of commerce platform requests and must be prepared to speak intelligently about requirements and the “art of the possible.”

    Info-Tech’s Approach

    • Leverage Info-Tech’s proven, road-tested approach to using personas and scenarios to build strong business drivers for your commerce strategy.
    • Before selecting and deploying technology solutions, create a cohesive channel matrix outlining which channels your organization will support with transactional capabilities.
    • Understand evolving trends in the commerce solution space, such as AI-driven product recommendations and integration with other essential enterprise applications (i.e. customer relationship management [CRM] and marketing automation platforms).
    • Understand and apply operational best practices such as content optimization and dynamic personalization to improve the conversion rate via your e-commerce channels.

    Info-Tech Insight

    • Support the right transactional channels for the right customers: there is no “one-size-fits-all” approach to commerce enablement – understand your customers to drive selection of the right transactional channels.
    • Don’t assume that “traditional” commerce channels have stagnated: IoT, customer analytics, and blended retail are reinvigorating brick-and-mortar selling.
    • Don’t buy best-of-breed; buy best-for-you: base commerce vendor selection on your requirements and use cases, not on the vendor’s overall performance.

    A strong commerce strategy is an essential component of a savvy approach to customer experience management

    A commerce strategy outlines an organization’s approach to selling its products and services. A strong commerce strategy identifies target customers’ personas, commerce journeys that the organization wants to support, and the channels that the organization will use to transact with customers.

    Many commerce strategies encompass two distinct but complementary branches: a commerce strategy for transacting through traditional channels and an e-commerce strategy. While the latter often receives more attention from IT, it still falls on IT leaders to provide the appropriate enabling technologies to support traditional brick-and-mortar channels as well. Traditional channels have also undergone a digital renaissance in recent years, with forward-looking companies capitalizing on new technology to enhance customer experiences in their stores.

    Traditional Channels

    • Physical Stores (Brick and Mortar)
    • Kiosks or Pop-Up Stores
    • Telesales
    • Mail Orders
    • EDI Transactions

    E-Commerce Channels

    • E-Commerce Websites
    • Mobile Commerce Apps
    • Embedded Social Shopping
    • Customer Portals
    • Configure Price Quote Tool Sets (CPQ)
    • Hybrid Retail

    Info-Tech Insight

    To better serve their customers, many companies position themselves as “click-and-mortar” shops – allowing customers to transact at a store or online.

    Customers’ expectations are on the rise: meet them!

    Today’s consumers expect speed, convenience, and tailored experiences at every stage of the customer lifecycle. Successful organizations strive to support these expectations.

    58%
    of retail customers admitted that their expectations now are higher than they were a year ago (FinancesOnline).

    70%
    of consumers between the ages of 18 and 34 have increasing customer expectations year after year (FinancesOnline).

    69%
    of consumers now expect store associates to be armed with a mobile device to deliver value-added services, such as looking up product information and checking inventory (V12).

    73%
    of support leaders agree that customer expectations are increasing, but only…

    42%
    of support leaders are confident that they’re actually meeting those expectations.

    How can you be sure that you are meeting your customers’ expectations?

    1. Offer more personalization throughout the entire customer journey
    2. Practice quality customer service – ensure staff have up-to-date knowledge and offer quick resolution time for complaints
    3. Focus on offering low-effort experiences and easy-to-use platforms (i.e. “one-click buying”)
    4. Ensure your products and services perform well and do what they’re meant to do
    5. Ensure omnichannel availability – 9 in 10 consumers want a seamless omnichannel experience

    Info-Tech Insight

    Customers expect to interact with organizations through the channels of their choice. Now more than ever, you must enable your organization to provide tailored commerce and transactional experiences.

    Omnichannel commerce is the way of the future

    Create a strategy that embraces this reality with the right tools!

    Get ahead of the competition by doing omnichannel right! Devise a strategy that allows you to create and maintain a consistent, seamless commerce experience by optimizing operations with an omnichannel framework. Customers want to interact with you on their own terms, and it falls to IT to ensure that applications are in place to support and manage both traditional and e-commerce channels. There must also be consistency of copy, collateral, offers, and pricing between commerce channels.

    71%
    of consumers want a consistent experience across all channels, but only…

    29%
    say that they actually get it.

    (Source: Business 2 Community, 2020)

    Omnichannel is a “multichannel approach that aims to provide customers with a personalized, integrated, and seamless shopping experience across diverse touchpoints and devices.”
    Source: RingCentral, 2021

    IT is responsible for providing technology enablement of the commerce strategy: e-commerce platforms are a cornerstone

    An e-commerce platform is an enterprise application that provides end-to-end capabilities for allowing customers to purchase products or services from your company via an online channel (e.g. a traditional website, a mobile application, or an embedded link in a social media post). Modern e-commerce platforms are essential for delivering a frictionless customer journey when it comes to purchasing online.

    $6.388
    trillion dollars worth of sales will be conducted online by 2024 (eMarketer, 14 Jan. 2021).

    44%
    of all e-commerce transactions are expected to be completed via a mobile device by 2024 (Insider).

    21.8%
    of all sales will be made from online purchases by 2024 (eMarketer, 14 Jan. 2021).

    Strong E-Commerce Platforms Enable a Wide Range of Functional Areas:

    • Product Catalog Management
    • Web Content Delivery
    • Product Search Engine
    • Inventory Management
    • Shopping Cart Management
    • Discount and Coupon Management
    • Return Management and Reverse Logistics
    • Dynamic Personalization
    • Dynamic Promotions
    • Predictive Re-Targeting
    • Predictive Product Recommendations
    • Transaction Processing
    • Compliance Management
    • Commerce Workflow Management
    • Loyalty Program Management
    • Reporting and Analytics

    An e-commerce solution boosts the effectiveness and efficiency of your operations and drives top-line growth

    Take time to learn the capabilities of modern e-commerce applications. Understanding the “art of the possible” will help you to get the most out of your e-commerce platform.

    An e-commerce platform helps marketers and sales staff in three primary ways:

    1. It allows the organization to effectively and efficiently operate e-commerce operations at scale.
    2. It allows commercial staff to have a single system for managing and monitoring all commercial activity through online channels.
    3. It allows the organization to improve the customer-facing e-commerce experience, boosting conversions and top-line sales.

    A dedicated e-commerce platform improves the efficiency of customer-commerce operations

    • Workflow automation reduces the amount of time spent executing dynamic e-commerce campaigns.
    • The use of internal or third-party data increases conversion effectiveness from customer databases across the organization.

    Info-Tech Insight

    A strong e-commerce provides marketers with the data they need to produce actionable insights about their customers.

    Case Study

    INDUSTRY - Retail
    SOURCE - Salesforce (a)

    PetSmart improves customer experience by leveraging a new commerce platform in the Salesforce ecosystem

    PetSmart

    PetSmart is a leading retailer of pet products, with a heavy footprint across North America. Historically, PetSmart was a brick-and-mortar retailer, but it has placed a heavy emphasis on being a true multi-channel “click-and-mortar” retailer to ensure it maintains relevance against competitors like Amazon.

    E-Commerce Overhaul Initiative

    To improve its e-commerce capabilities, PetSmart recognized that it needed to consolidate to a single, unified e-commerce platform to realize a 360-degree view of its customers. A new platform was also required to power dynamic and engaging experiences, with appropriate product recommendations and tailored content. To pursue this initiative, the company settled on Salesforce.com’s Commerce Cloud product after an exhaustive requirements definition effort and rigorous vendor selection approach.

    Results

    After platform implementation, PetSmart was able to effortlessly handle the massive transaction volumes associated with Black Friday and Cyber Monday and deliver 1:1 experiences that boosted conversion rates.

    PetSmart standardized on the Commerce Cloud from Salesforce to great effect.

    This is an image of the journey from Discover & Engage to Retain & Advocate.

    Case Study

    Icebreaker exceeds customer expectations by using AI to power product recommendations

    INDUSTRY - Retail
    SOURCE - Salesforce (b)

    Icebreaker

    Icebreaker is a leading outerwear and lifestyle clothing company, operating six global websites and owning over 5,000 stores across 50 countries. Icebreaker is focused on providing its shoppers with accurate, real-time product suggestions to ensure it remains relevant in an increasingly competitive online market.

    E-Commerce Overhaul Initiative

    To improve its e-commerce capabilities, Icebreaker recognized that it needed to adopt a predictive recommendation engine that would offer its customers a more personalized shopping experience. This new system would need to leverage relevant data to provide both known and anonymous shoppers with product suggestions that are of interest to them. To pursue this initiative, Icebreaker settled on using Salesforce.com’s Commerce Cloud Einstein, a fully integrated AI.

    Results

    After integrating Commerce Cloud Einstein on all its global sites, Icebreaker was able to cross-sell and up-sell its merchandise more effectively by providing its shoppers with accurate product recommendations, ultimately increasing average order value.

    IT must also provide technology enablement for other channels, such as point-of-sale systems for brick-and-mortar

    Point-of-sale systems are the “real world” complement to e-commerce platforms. They provide functional capabilities for selling products in a physical store, including basic inventory management, cash register management, payment processing, and retail analytics. Many firms struggle with legacy POS environments that inhibit a modern customer experience.

    $27.338
    trillion dollars in retail sales are expected to be made globally in 2022 (eMarketer, 2022).

    84%
    of consumers believe that retailers should be doing more to integrate their online and offline channels (Invoca).

    39%
    of consumers are unlikely or very unlikely to visit a retailer’s store if the online store doesn’t provide physical store inventory information (V12).

    Strong Point-of-Sale Platforms Enable a Wide Range of Functional Areas:

    • Product Catalog Management
    • Discount Management
    • Coupon Management and Administration
    • Cash Management
    • Cash Register Reconciliation
    • Product Identification (Barcode Management)
    • Payment Processing
    • Compliance Management
    • Basic Inventory Management
    • Commerce Workflow Management
    • Exception Reporting and Overrides
    • Loyalty Program Management
    • Reporting and Analytics

    E-commerce and POS don’t live in isolation

    They’re key components of a well-oiled customer experience ecosystem!

    Integrate commerce solutions with other customer experience applications – and with ERP or logistics systems – to handoff transactions for order fulfilment.

    Having a customer master database – the central place where all up-to-the-minute data on a customer profile is stored – is essential for traditional and e-commerce success. Typically, the POS or e-commerce platform is not the system of record for the master customer profile: this information lives in a CRM platform or customer data warehouse. Conceptually, this system is at the center of the customer-experience ecosystem.

    Strong POS and e-commerce solutions orchestrate transactions but typically do not do the heavy lifting in terms of order fulfilment, shipping logistics, economic inventory management, and reverse logistics (returns). In an enterprise-grade environment, these activities are executed by an enterprise resource planning (ERP) solution – integrating your commerce systems with a back-end ERP solution is a crucial step from an application architecture point of view.

    This is an example of a customer experience ecosystem.  Core Apps (CRM, ERP): MMS Suite; E-Commerce; POS; Web CMS; Data Marts/BI Tools; Social Media Platforms

    Case Study

    INDUSTRY - Retail
    SOURCES - Amazon, n.d. CNET, 2020

    Amazon is creating a hybrid omnichannel experience for retail by introducing innovative brick-and-mortar stores

    Amazon

    Amazon began as an online retailer of books in the mid-1990s, and rapidly expanded its product portfolio to nearly every category imaginable. Often hailed as the foremost success story in online commerce, the firm has driven customer loyalty via consistently strong product recommendations and a well-designed site.

    Bringing Physical Retail Into the Digital Age

    Beginning in 2016 (and expanding in 2018), Amazon introduced Amazon Go, a next-generation grocery retailer, to the Seattle market. While most firms that pursue an e-commerce strategy traditionally come from a brick-and-mortar background, Amazon upended the usual narrative: the world’s largest online retailer opening physical stores to become a true omnichannel, “click-and-mortar” vendor. From the get-go, Amazon Go focused on innovating the physical retail experience – using cameras, IoT capabilities, and mobile technologies to offer “checkout-free” virtual shopping carts that automatically know what products customers take off the shelves and bill their Amazon accounts accordingly.

    Results

    Amazon received a variety of industry and press accolades for re-inventing the physical store experience and it now owns and operates seven separate store brands, with more still on the horizon.

    Case Study

    INDUSTRY - Retail
    SOURCES - Glossy, 2020

    Old Navy

    Old Navy is a clothing and accessories retail company that owns and operates over 1,200 stores across North America and China. Typically, Old Navy has relied on using traditional marketing approaches, but recently it has shifted to producing more digitally focused campaigns to drive revenue.

    Bringing Physical Retail Into the Digital Age

    To overcome pandemic-related difficulties, including temporary store closures, Old Navy knew that it had to have strong holiday sales in 2020. With the goal of stimulating retail sales growth and maximizing its pre-existing omnichannel capabilities, Old Navy decided to focus more of its holiday campaign efforts online than in years past. With this campaign centered on connected TV platforms, such as Hulu, and social media channels including Facebook, Instagram, and TikTok, Old Navy was able to take a more unique, fun, and good-humored approach to marketing.

    Results

    Old Navy’s digitally focused campaign was a success. When compared with third quarter sales figures from 2019, third quarter net sales for 2020 increased by 15% and comparable sales increased by 17%.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Assess current maturity.

    Call #4: Identify relationship between current initiatives and capabilities.

    Call #6: Identify strategy risks.

    Call #8: Identify and prioritize improvements.

    Call #3: Identify target-state capabilities.

    Call #5: Create initiative profiles.

    Call #7: Identify required budget.

    Call #9: Summarize results and plan next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Enable Omnichannel Commerce That Delights Your Customers – Project Overview

    1. Identify Critical Drivers for Your Omnichannel Commerce Strategy 2. Map Drivers to the Right Channels and Technologies
    Best Practice Toolkit

    1.1 Assess Personas and Scenarios

    1.2 Create Key Drivers and Metrics

    2.1 Build the Commerce Channel Matrix

    2.2 Review Technology and Trends Primer

    Guided Implementations
    • Validate customer personas.
    • Validate commerce scenarios.
    • Review key drivers and metrics.
    • Build the channel matrix.
    • Discuss technology and trends.
    Onsite Workshop

    Module 1:

    Module 2:

    Identify Critical Drivers for Your Omnichannel Commerce Strategy

    Map Drivers to the Right Channels and Technologies

    Phase 1 Outcome:

    Phase 2 Outcome:

    An initial shortlist of customer-centric drivers for your channel strategy and supporting metrics.

    A completed commerce channel matrix tailored to your organization, and a snapshot of enabling technologies and trends.

    Phase 1

    Identify Critical Drivers for Your Omnichannel Commerce Strategy

    1.1 Assess Personas and Scenarios

    1.2 Create Key Drivers and Metrics

    Enable Omnichannel Commerce That Delights Your Customers

    Step 1.1

    Assess Personas and Scenarios

    This step will walk you through the following activities:

    1.1.1 Build key customer personas for your commerce strategy.

    1.1.2 Create commerce scenarios (journey maps) that you need to enable.

    Identify Critical Drivers for Your Omnichannel Commerce Strategy

    This step involves the following participants:

    • Business stakeholders (Sales, Marketing)
    • IT project team

    Outcomes of this step:

    • Critical customer personas
    • Key traditional and e-commerce scenarios

    Use customer personas to picture who will be using your commerce channels and guide scenario design and key drivers

    What Are Personas?

    Personas are detailed descriptions of the targeted audience of your e-commerce presence. Effective personas:

    • Express and focus on the major needs and expectations of the most important user groups.
    • Give a clear picture of the typical user’s behavior.
    • Aid in uncovering universal features and functionality.
    • Describe real people with backgrounds, goals, and values.

    Source: Usability.gov, n.d.

    Why Are Personas Important?

    Personas help:

    • Focus the development of commerce platform features on the immediate needs of the intended audience.
    • Detail the level of customization needed to ensure content is valuable to the user.
    • Describe how users may behave when certain audio and visual stimulus are triggered from the website.
    • Outline the special design considerations required to meet user accessibility needs.

    Key Elements of a Persona:

    • Persona Group (e.g. executives)
    • Demographics (e.g. nationality, age, language spoken)
    • Purpose of Using Commerce Channels (e.g. product search versus ready to transact)
    • Typical Behaviors and Tendencies (e.g. goes to different websites when cannot find products in 20 seconds)
    • Technological Environment of User (e.g. devices, browsers, network connection)
    • Professional and Technical Skills and Experiences (e.g. knowledge of websites, area of expertise)

    Use Info-Tech’s guidelines to assist in the creation of personas

    How many personas should I create?

    The number of personas that should be created is based on the organizational coverage of your commerce strategy. Here are some questions you should ask:

    • Do the personas cover a majority of your revenues or product lines?
    • Is the number manageable for your project team to map out?

    How do I prioritize which personas to create?

    The identified personas should generate the most revenue – or provide a significant opportunity – for your business. Here are some questions that you should ask:

    • Are the personas prioritized based on the revenue they generate for the business?
    • Is the persona prioritization process considering both the present and future revenues the persona is generating?

    Sample: persona for e-commerce platform

    Example

    Persona quote: “After I call the company about the widget, I would usually go onto the company’s website and look at further details about the product. How am I supposed to do so when it is so hard to find the company’s website on everyday search engines, such as Google, Yahoo, or Bing?”

    Michael is a middle-aged manager working in the financial district. He wants to buy the company’s widgets for use in his home, but since he is distrusting of online shopping, he prefers to call the company’s call center first. Afterwards, if Michael is convinced by the call center representative, he will look at the company’s website for further research before making his purchase.

    Michael does not have a lot of free time on his hands, and tries to make his free time as relaxing as possible. Due to most of his work being client-facing, he is not in front of a computer most of the time during his work. As such, Michael does not consider himself to be skilled with technology. Once he makes the decision to purchase, Michael will conduct online transactions and pay most delivery costs due to his shortage of time.

    Needs:

    • Easy-to-find website and widget information.
    • Online purchasing and delivery services.
    • Answer to his questions about the widget.
    • To maintain contact post-purchase for easy future transactions.

    Info-Tech Tip

    The quote attached to a persona should be from actual quotes that your customers have used when you reviewed your voice of the customer (VoC) surveys or focus groups to drive home the impact of their issues with your company.

    1.1.1 Activity: Build personas for your key customers that you’ll need to support via traditional and e-commerce channels

    1 hour

    1. In two to four groups, list all the major, target customer personas that need to be built. In doing so, consider the people who interact with your e-commerce site (or other channels) most often.
    2. Build a demographic profile for each customer persona. Include information such as age, geographic location, occupation, and annual income.
    3. Augment the persona with a psychographic profile. Consider the goals and objectives of each customer persona and how these might inform buyer behaviors.
    4. Introduce your group’s personas to the entire group, in a round-robin fashion, as if you are introducing your persona at a party.
    5. Summarize the personas in a persona map. Rank your personas according to importance and remove any duplicates.
    6. Use Info-Tech’s Create Personas to Drive Omnichannel Requirements Template to assist.

    Info-Tech Insight

    Persona building is typically used for understanding the external customer; however, if you need to gain a better understanding of the organization’s internal customers (those who will be interacting with the e-commerce platform), personas can also be built for this purpose. Examples of useful internal personas are sales managers, brand managers, and customer service directors.

    1.1.1 Activity: Build personas for your key customers that you’ll need to support via traditional and e-commerce channels (continued)

    Input

    • Customer demographics and psychographics

    Output

    • List of prioritized customer personas

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project team

    Build use-case scenarios to model the transactional customer journey and inform drivers for your commerce strategy

    A use-case scenario is a story or narrative that helps explore the set of interactions that a customer has with an organization. Scenario mapping will help identify key business and technology drivers as well as more granular functional requirements for POS or e-commerce platform selection.

    A GOOD SCENARIO…

    • Describes specific task(s) that need to be accomplished.
    • Describes user goals and motivations.
    • Describes interactions with a compelling but not overwhelming amount of detail.
    • Can be rough, as long as it provokes ideas and discussion.

    SCENARIOS ARE USED TO...

    • Provide a shared understanding about what a user might want to do and how they might want to do it.
    • Help construct the sequence of events that are necessary to address in your user interface(s).

    TO CREATE GOOD SCENARIOS…

    • Keep scenarios high level, not granular, in nature.
    • Identify as many scenarios as possible. If you’re time constrained, try to develop two to three key scenarios per persona.
    • Sketch each scenario out so that stakeholders understand the goal of the scenario.

    1.1.2 Exercise: Build commerce user scenarios to understand what you want your customers to do from a transactional viewpoint

    1 hour

    Example

    Simplified E-Commerce Workflow Purchase Products

    This image contains an example of a Simplified E-Commerce Workflow Purchase Products

    Step 1.2

    Create Key Drivers and Metrics

    This step will walk you through the following activities:

    • Create the business drivers you need to enable with your commerce strategy.
    • Enumerate metrics to track the efficacy of your commerce strategy.

    Identify Critical Drivers for Your Omnichannel Commerce Strategy

    This step involves the following participants:

    • Business stakeholders (Sales, Marketing)
    • IT project team

    Outcomes of this step:

    • Business drivers for the commerce strategy
    • Metrics and key performance indicators for the commerce strategy

    1.2 Finish elaboration of your scenarios and map them to your personas: identify core business drivers for commerce

    1.5 hours

    1. List all commerce scenarios required to satisfy the immediate needs of your personas.
      1. Does the use-case scenario address commonly felt user challenges?
      2. Can the scenario be used by those with changing behaviors and tendencies?
    2. Look for recurring themes in use-case scenarios (for example, increasing average transaction cost through better product recommendations) and identify business drivers: drivers are common thematic elements that can be found across multiple scenarios. These are the key principles for your commerce strategy.
    3. Prioritize your use cases by leveraging the priorities of your business drivers.

    Example

    This is an example of how step 1.2 can help you identify business drivers

    1.2 Finish elaboration of your scenarios and map them to your personas: identify core business drivers for commerce (continuation)

    Input

    • User personas

    Output

    • List of use cases
    • Alignment of use cases to business objectives

    Materials

    • Whiteboard
    • Markers

    Participants

    • Business Analyst
    • Developer
    • Designer

    Show the benefits of commerce solution deployment with metrics aimed at both overall efficacy and platform adoption

    The ROI and perceived value of the organization’s e-commerce and POS solutions will be a critical indication of the success of the suite’s selection and implementation.

    Commerce Strategy and Technology Adoption Metrics

    EXAMPLE METRICS

    Commerce Performance Metrics

    Average revenue per unique transaction

    Quantity and quality of commerce insights

    Aggregate revenue by channel

    Unique customers per channel

    Savings from automated processes

    Repeat customers per channel

    User Adoption and Business Feedback Metrics

    User satisfaction feedback

    User satisfaction survey with technology

    Business adoption rates

    Application overhead cost reduction

    Info-Tech Insight

    Even if e-commerce metrics are difficult to track right now, the implementation of a dedicated e-commerce platform brings access to valuable customer intelligence from data that was once kept in silos.

    Phase 2

    Map Drivers to the Right Channels and Technologies

    2.1 Build the Commerce Channel Matrix

    2.2 Review Technology and Trends Primer

    Enable Omnichannel Commerce That Delights Your Customers

    Step 2.1

    Build the Commerce Channel Matrix

    This step will walk you through the following activities:

    • Based on your business drivers, create a blended mix of e-commerce channels that will suit your organization’s and customers’ needs.

    Map Drivers to the Right Channels and Technologies

    This step involves the following participants:

    • Business stakeholders (Sales, Marketing)
    • IT project team

    Outcomes of this step:

    • Commerce channel map

    Pick the transactional channels that align with your customer personas and enable your target scenarios and drivers

    Traditional Channels

    E-Commerce Channels

    Hybrid Channels

    Physical stores (brick and mortar) are the mainstay of retailers selling tangible goods – some now also offer intangible service delivery.

    E-commerce websites as exemplified by services like Amazon are accessible by a browser and deliver both goods and services.

    Online ordering/in-store fulfilment is a model whereby customers can place orders online but pick the product up in store.

    Telesales allows customers to place orders over the phone. This channel has declined in favor of mobile commerce via smartphone apps.

    Mobile commerce allows customers to shop through a dedicated, native mobile application on a smartphone or tablet.

    IoT-enabled smart carts/bags allow customers to shop in store, but check-out payments are handled by a mobile application.

    Mail order allows customers to send (”snail”) mail orders. A related channel is fax orders. Both have diminished in favor of e-commerce.

    Social media embedded shopping allows customers to order products directly through services such as Facebook.

    Info-Tech Insight

    Your channel selections should be driven by customer personas and scenarios. For example, social media may be extensively employed by some persona types (i.e. millennials) but see limited adoption in other demographics or use cases (i.e. B2B).

    2.1 Activity: Build your commerce channel matrix

    30 minutes

    1. Inventory which transactional channels are currently used by your firm (segment by product lines if variation exists).
    2. Interview product leaders, sales leaders, and marketing managers to determine if channels support transactional capabilities or are used for marketing and service delivery.
    3. Review your customer personas, scenarios, and drivers and assess which of the channels you will use in the future to sell products and services. Document below.

    Example: Commerce Channel Map

    Product Line A Product Line B Product Line C
    Currently Used? Future Use? Currently Used? Future Use? Currently Used? Future Use?
    Store Yes Yes No No No No
    Kiosk Yes No No No No No
    E-Commerce Site/Portal No Yes Yes Yes Yes Yes
    Mobile App No No Yes Yes No Yes
    Embedded Social Yes Yes Yes Yes Yes Yes

    Input

    • Personas, scenarios, and driver

    Output

    • Channel map

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project team

    Step 2.2

    Review Technology and Trends Primer

    This step will walk you through the following activities:

    • Review the scope of e-commerce and POS solutions and understand key drivers impacting e-commerce and traditional commerce.

    Map Drivers to the Right Channels and Technologies

    This step involves the following participants:

    • Business stakeholders (Sales, Marketing)
    • IT project team

    Outcomes of this step:

    • Understanding of key technologies
    • Understanding of key trends

    Application spotlight: e-commerce platforms

    How It Enables Your Strategy

    • Modern e-commerce platforms provide capabilities for end-to-end orchestration of online commerce experiences, from product site deployment to payment processing.
    • Some e-commerce platforms are purpose-built for business-to-business (B2B) commerce, emphasizing customer portals and EDI features. Other e-commerce vendors place more emphasis on business-to-consumer (B2C) capabilities, such as product catalog management and executing transactions at scale.
    • There has been an increasing degree of overlap between traditional web experience management solutions and the e-commerce market; for example, in 2018, Adobe acquired Magento to augment its overall web experience offering within Adobe Experience Manager.
    • E-commerce platforms typically fall short when it comes to order fulfilment and logistics; this piece of the puzzle is typically orchestrated via an ERP system or logistics management module.
    • This research provides a starting place for defining e-commerce requirements and selection artefacts.

    Key Trends

    • E-commerce vendors are rapidly supporting a variety of form factors and integration with other channels such as social media. Mobile is sufficiently popular that some vendors and industry commentators refer to it as “m-commerce” to differentiate app-based shopping experiences from those accessed through a traditional browser.
    • Hybrid commerce is driving more interplay between e-commerce solutions and POS.

    E-Commerce KPIs

    Strong e-commerce applications can improve:

    • Bounce Rates
    • Exit Rates
    • Lead Conversion Rates
    • Cart Abandonment Rates
    • Re-Targeting Efficacy
    • Average Cart Size
    • Average Cart Value
    • Customer Lifetime Value
    • Aggregate Reach/Impressions

    Familiarize yourself with the e-commerce market

    How it got here

    Initial Traction as the Dot-Com Era Came to Fruition

    Unlike some enterprise application markets, such as CRM, the e-commerce market appeared almost overnight during the mid-to-late nineties as the dot-com explosion fueled the need to have reliable solutions for executing transactions online.

    Early e-commerce solutions were less full-fledged suites than they were mediums for payment processing and basic product list management. PayPal and other services like Digital River were pioneers in the space, but their functionality was limited vis-à-vis tools such as web content management platforms, and their ability to amalgamate and analyze the data necessary for dynamic personalization and re-targeting was virtually non-existent.

    Rapidly Expanding Scope of Functional Capabilities as the Market Matured

    As marketers became more sophisticated and companies put an increased focus on customer experience and omnichannel interaction, the need arose for platforms that were significantly more feature rich than their early contemporaries. In this context, vendors such as Shopify and Demandware stepped into the limelight, offering far richer functionality and analytics than previous offerings, such as asset management, dynamic personalization, and the ability to re-target customers who abandoned their carts.

    As the market has matured, there has also been a series of acquisitions of some players (for example, Demandware by Salesforce) and IPOs of others (i.e. Shopify). Traditional payment-oriented services like PayPal still fill an important niche, while newer entrants like Square seek to disrupt both the e-commerce market and point-of-sale solutions to boot.

    Familiarize yourself with the e-commerce market

    Where it’s going

    Support for a Proliferation of Form Factors and Channels

    Modern e-commerce solutions are expanding the number of form factors (smartphones, tablets) they support via both responsive design and in-app capabilities. Many platforms now also support embedded purchasing options in non-owned channels (for example, social media). With the pandemic leading to a heightened affinity for online shopping, the importance of fully using these capabilities has been further emphasized.

    AI and Machine Learning

    E-commerce is another customer experience domain ripe for transformation via the potential of artificial intelligence. Machine learning algorithms are being used to enhance the effectiveness of dynamic personalization of product collateral, improve the accuracy of product recommendations, and allow for more effective re-targeting campaigns of customers who did not make a purchase.

    Merger of Online Commerce and Traditional Point-of-Sale

    Many e-commerce vendors – particularly the large players – are now going beyond traditional e-commerce and making plays into brick-and-mortar environments, offering point-of-sale capabilities and the ability to display product assets and customizations via augmented reality – truly blending the physical and virtual shopping experience.

    Emphasis on Integration with the Broader Customer Experience Ecosystem

    The big names in e-commerce recognize they don’t live on an island: out-of-the-box integrations with popular CRM, web experience, and marketing automation platforms have been increasing at a breakneck pace. Support for digital wallets has also become increasingly popular, with many vendors integrating contactless payment technology (i.e. Apple Pay) directly into their applications.

    E-Commerce Vendor Snapshot: Part 1

    Mid-Market E-Commerce Solutions

    This image contains the logos for the following Companies: Magento; Spryker; Bigcommerce; Woo Commerce; Shopify

    E-Commerce Vendor Snapshot: Part 2

    Large Enterprise and Full-Suite E-Commerce Platforms

    This image contains the logos for the following Companies: Salesforce commerce cloud; Oracle Commerce Cloud; Adobe Commerce Cloud; Sitecore; Sap Hybris Commerce

    Speak with category experts to dive deeper into the vendor landscape

    • Fact-based reviews of business software from IT professionals.
    • Product and category reports with state-of-the-art data visualization.
    • Top-tier data quality backed by a rigorous quality assurance process.
    • User-experience insight that reveals the intangibles of working with a vendor.

    Software Reviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. The insights of our expert analysts provide unparalleled support to our members at every step of their buying journey.

    CLICK HERE to access SoftwareReviews Comprehensive software reviews to make better IT decisions.

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews

    This is an image of the data quarant report

    The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    This is an image of the data quarant report chart

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    This is a image of the Emotional Footprint Report

    The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    This is a image of the Emotional Footprint Report chart

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Leading B2B E-Commerce Platforms

    As of February 2022

    Data Quadrant

    This image contains a screenshot of the Data Quadrant chart for B2B E-commerce

    Emotional Footprint

    This image contains a screenshot of the Emotional Footprint chart for B2B E-commerce

    Leading B2C E-Commerce Platforms

    As of February 2022

    Data Quadrant

    This image contains a screenshot of the Data Quadrant chart for B2C E-commerce

    Emotional Footprint

    This image contains a screenshot of the Emotional Footprint chart for B2C E-commerce

    Application spotlight: point-of-sale solutions

    How It Enables Your Strategy

    • Point-of-sale solutions provide capabilities for cash register/terminal management, transaction processing, and lightweight inventory management.
    • Many POS vendors also offer products that have the ability to create orders from EDI, phone, or fax channels.
    • An increasing emphasis has been placed on retail analytics by POS vendors – providing reporting and analysis tools to help with inventory planning, promotion management, and product recommendations.
    • Integration of POS systems with a central customer data warehouse or other system of record for customer information allows for the ability to build richer customer profiles and compare shopping habits in physical stores against other transactional channels that are offered.
    • POS vendors often offer (or integrate with) loyalty management solutions to track, manage, and redeem loyalty points. See this note on loyalty management systems.
    • Legacy and/or homegrown POS systems tend to be an area of frustration for customer experience management modernization.

    Key Trends

    • POS solutions are moving from “cash-register-only” solutions to encompass mobile POS form factors like smartphones and tablets. Vendors such as Square have experienced tremendous growth in opening up the market via “mPOS” platforms that have lower costs to entry than the traditional hardware needed to support full-fledged POS solutions.
    • This development puts robust POS toolsets in the hands of small and medium businesses that otherwise would be priced out of the market.

    POS KPIs

    Strong POS applications can improve:

    • Customer Data Collection
    • Inventory or Cash Shrinkage
    • Cost per Transaction
    • Loyalty Program Administration Costs
    • Cycle Time for Transaction Execution

    Point-of-Sales Vendor Snapshot: Part 1

    Mid-Market POS Solutions

    This image contains the following company Logos: Square; Shopify; Vend; Heartland|Retail

    Point-of-Sales Vendor Snapshot: Part 2

    Large Enterprise POS Platforms

    This image contains the following Logos: Clover; Oracle Netsuite; RQ Retail Management; Salesforce Commerce Cloud; Korona

    Leading Retail POS Systems

    As of February 2022

    Data Quadrant

    This is an image of the Data Quadrant Chart for the Leading Retail Pos Systems

    Emotional Footprint

    This is an image of the Emotional Footprint chart for the Leading Retail POS Systems

    Summary of Accomplishment

    Knowledge Gained

    • Commerce channel framework
    • Customer affinities
    • Commerce channel overview
    • Commerce-enabling technologies

    Processes Optimized

    • Persona definition for commerce strategy
    • Persona channel shortlist

    Deliverables Completed

    • Customer personas
    • Commerce user scenarios
    • Business drivers for traditional commerce and e-commerce
    • Channel matrix for omnichannel commerce

    Bibliography

    “25 Amazing Omnichannel Statistics Every Marketer Should Know (Updated for 2021).” V12, 29 June 2021. Accessed 12 Jan. 2022.

    “Amazon Go.” Amazon, n.d. Web.

    Andersen, Derek. “33 Statistics Retail Marketers Need to Know in 2021.” Invoca, 19 July 2021. Accessed 12 Jan. 2022.

    Andre, Louie. “115 Critical Customer Support Software Statistics: 2022 Market Share Analysis & Data.” FinancesOnline, 14 Jan. 2022. Accessed 25 Jan. 2022.

    Chuang, Courtney. “The future of support: 5 key trends that will shape customer care in 2022.” Intercom, 10 Jan. 2022. Accessed 11 Jan. 2022.

    Cramer-Flood, Ethan. “Global Ecommerce Update 2021.” eMarketer, 13 Jan. 2021. Accessed 12 Jan. 2022.

    Cramer-Flood, Ethan. “Spotlight on total global retail: Brick-and-mortar returns with a vengeance.” eMarketer, 3 Feb. 2022. Accessed 12 Apr. 2022.

    Fox Rubin, Ben. “Amazon now operates seven different kinds of physical stores. Here's why.” CNET, 28 Feb. 2020. Accessed 12 Jan. 2022.

    Krajewski, Laura. “16 Statistics on Why Omnichannel is the Future of Your Contact Center and the Foundation for a Top-Notch Competitive Customer Experience.” Business 2 Community, 10 July 2020. Accessed 11 Jan. 2022.

    Manoff, Jill. “Fun and convenience: CEO Nany Green on Old Navy’s priorities for holiday.” Glossy, 8 Dec. 2020. Accessed 12 Jan. 2022.

    Meola, Andrew. “Rise of M-Commerce: Mobile Ecommerce Shopping Stats & Trends in 2021.” Insider, 30 Dec. 2020. Accessed 12 Jan. 2022.

    “Outdoor apparel retailer Icebreaker uses AI to exceed shopper expectations.” Salesforce, n.d.(a). Accessed 20 Jan. 2022.

    “Personas.” Usability.gov., n.d. Web. 28 Aug. 2018.

    “PetSmart – Why Commerce Cloud?” Salesforce, n.d.(b). Web. 30 April 2018.

    Toor, Meena. “Customer expectations: 7 Types all exceptional researchers must understand.” Qualtrics, 3 Dec. 2020. Accessed 11 Jan. 2022.

    Westfall, Leigh. “Omnichannel vs. multichannel: What's the difference?” RingCentral, 10 Sept. 2021. Accessed 11 Jan. 2022.

    “Worldwide ecommerce will approach $5 trillion this year.” eMarketer, 14 Jan. 2021. Accessed 12 Jan. 2022.

    Demystify the New PMBOK Guide and PMI Certifications

    • Buy Link or Shortcode: {j2store}446|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • There is lots of confusion with the latest edition of A Guide to The Project Management Body of Knowledge (PMBOK Guide).
    • The Project Management Professional (PMP) certification is not satisfying the needs of PMOs.
    • There is still a divide on whether the focus should be on the PMP or an Agile-related certification.
    • The PMP certification has lost its sizzle while other emerging certifications have started to penetrate the market. It’s hard to distinguish which certifications still hold weight.

    Our Advice

    Critical Insight

    • The PMP certification is still valuable and worth your time in 2023.
    • There are still over a million active PMP-certified individuals worldwide.
    • PMP can make you more money.

    Impact and Result

    • Study the market trends for certification options as they emerge and evolve.
    • Go with longstanding, reputable certifications, but be ready to pivot if they are not adding value.
    • Look at the job market as an indicator of certification demands.
    • There are a lot of certification options out there, and every day there seems to be a new one that pops up. Wait and see how the market reacts before investing your time and money in a new certification.

    Demystify the New PMBOK Guide and PMI Certifications Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Demystify the New PMBOK and PMI Certifications Storyboard – A guide to validate if the PMP is still valuable. It will also provide clarity related to the updated PMBOK 7th edition.

    This publication will validate if the PMP certification is still valuable and worth your time. In addition, you will gain different perspectives related to other PMI and non-PMI certifications. You will gain a better understanding of the evolution of the PMBOK Guide, and the significant changes made from PMBOK 6th edition to the 7th edition.

    • Demystify the New PMBOK and PMI Certifications Storyboard
    [infographic]

    Further reading

    Demystify the New PMBOK Guide and the PMI Certifications

    The PMP certification is still valuable and worth your time in 2023.

    Analyst Perspective

    The PMP (Project Management Professional) certification is still worth your time.

    Long Dam

    I often get asked, “Is the PMP worth it?” I then proceed with a question of my own: “If it gets you an interview or a foot in the door or bolsters your salary, would it be worth it?” Typically, the answer is a resounding “YES!”

    CIO magazine ranked the PMP as the top project management certification in North America because it demonstrates that you have the specific skills employers seek, dedication to excellence, and the capacity to perform at the highest levels.

    Given its popularity and the demand in the marketplace, I strongly believe it is still worth your time and investment. The PMP is a globally recognized certification that has dominated for decades. It is hard to overlook the fact that the Project Management Institute (PMI) has more than 1.2 million PMP certification holders worldwide and is still considered the gold standard for project management.

    Yes, it’s worth it. It gets you interviews, a foot in the door, and bolsters your salary. Oh, and it makes you a more complete project manager.

    Long Dam, PMP, PMI-ACP, PgMP, PfMP

    Principal Research Director, Project Portfolio Management Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • There is lots of confusion with the latest A Guide to The Project Management Body of Knowledge (aka PMBOK Guide).
    • The Project Management Professional (PMP) certification is not satisfying the needs of PMOs.
    • There is still a divide on whether the focus should be on the PMP or an Agile-related certification.

    The PMP certification has lost its sizzle while other emerging certifications have started to penetrate the market. It’s hard to distinguish which certification still holds weight.

    Common Obstacles

    • Poor understanding and lack of awareness of other PMI certifications outside of the PMP.
    • There are too many competing certifications out there, and it’s hard to decipher which ones to choose.
    • PMI certifications typically take a lot of effort to obtain and maintain.

    There are other, less intensive certifications available. It’s unclear what will be popular in the future.

    Info-Tech's Approach

    • Study the market trends for certification options as they emerge and evolve.
    • Go with longstanding reputable certifications, but be ready to pivot if they are not adding value.
    • Look at the job market as an indicator for certification demands.

    There are a lot of certification options out there, and every day there seems to be a new one that pops up. Wait and see how the market reacts before investing your time and money in a new certification.

    Info-Tech Insight

    The PMP certification is still valuable and worthy of your time in 2023.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guide Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or knowledge to take this project on. We need assistance through the entirety of the this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    The PMP dominated the market for decades and got over 1 million people certified

    Total active project management professional holders from December 2021 versus July 2022

    Info-Tech Insight

    The PMI’s flagship PMP certification numbers have not significantly increased from 2021 to 2022. However, PMP substantially outpaces all competitors with over 1.2 million certified PMPs.

    Source: projectmanagement.com

    The PMP penetrated over 200 countries

    PMP is the global project management gold standard.

    • CIO magazine ranked the PMP as the top project management certification because it demonstrates you have the specific skills employers seek, dedication to excellence, and the capacity to perform at the highest levels.
    • It delivers real value in the form of professional credibility, deep knowledge, and increased earning potential. Those benefits have staying power.
    • The PMP now includes predictive, Agile, and hybrid approaches.
    • The PMP demonstrates expertise across the wide array of planning and work management styles.

    Source: PMI, “PMP Certification.” PMI, “Why You Should Get the PMP.”

    The PMP was valuable in the past specifically because it was the standard

    79% of project managers surveyed have the PMP certification out of 30,000 respondents in 40 countries.

    The PMP became table stakes for jobs in project management and PMO’s.

    Work desk with project management written in middle. Arrows point to: Goals, planning, risks, control, teamwork, cost, communication, and problem solving.

    Source: PMI’s Earning Power: Project Management Salary Survey—Twelfth Edition (2021)

    The PMP put itself on a collision course with Agile

    • The Agile Certified Practitioner (PMI-ACP) was introduced in 2012 which initially clashed with the PMP for project management supremacy from the PMI.
    • Then the Disciplined Agile (DA) was introduced in 2019, which further compounded the issue and caused even more confusion with both the PMP and the PMI-ACP certification.
    • Instead of complementing the PMP, these certifications began to inadvertently compete with it head-to-head.

    There is a new PMBOK Guide Seventh Edition in town

    The PMI made its most significant changes between 2017 and 2021.

    Chart showing editions of the PMBOK guide from 1996 to 2021.

    Timeline adapted from Wikipedia, “Project Management Body of Knowledge.”

    Roughly every 3-5 years, the PMI has released a new PMBOK version. It’s unclear if there will be an eighth edition.

    The market got confused by PMBOK Guide – Seventh Edition

    PMBOK guide version 5 considered the gold standard, version 6 first included Agile and version 7 was the most radical change.

    • Die-hard traditional project managers have a hard time grasping why the PMI messed around with the PMBOK Guide. There is sentiment that the PMBOK Guide V7 got diluted.
    • Naysayers do not think that the PMBOK Guide V7 hit the mark and found it to be a concession to Agilists.
    • The PMBOK Guide V7 was significantly trimmed down by almost two-thirds to 274 pages whereas the PMBOK V6 ballooned to 756 pages!
    • Some Agile practitioners found this to be a refreshing, bold move from the PMI. Most, however, ignored or resisted it.
    PMBOK Guide: A guide to the Project Management Body of Knowledge Seventh Edition.  AND The Standard for Project Management.

    PMBOK Guide – Seventh edition released in 2021

    • The PMBOK Guide – Seventh Edition was released in late 2021. It was the most radical change since 1987. For the first time, the PMI went from a process-based standard to a principles-based standard, and the guide went from knowledge areas to project performance domains. This may have diluted the traditional predictive project management practices. However, it was offset by incorporating more iterative, Agile, and hybrid approaches.
    • The market is confused and is clearly shifting toward Agile and away from the rigor that is typically associated with the PMI.
    • The PMI transitioned most of the process-based standards & ITTO to their new digital PMIStandards+ online platform, which can be found here (access for PMI members only).
    • The PMBOK Guide is not the sole basis of the certification exam; however, it can be used as one of several reference resources. Using the exam content outline (ECO) is the way forward, which can be found here.

    The Agile certification seems to be the focus for the PMI in the coming years

    • The PMI started to get into the Agile game with the introduction of Agile certifications, which is where all the confusion started. Although the PMI-ACP & the DASM have seen a steady uptake recently, it appears to be at the expense of the PMP certification.
    • The PMI acquired the Discipline Agile (DA) in late 2019, which expanded their offerings and capabilities for project managers and teams to choose their “way of working.”
    • This was an important milestone for the PMI to address the new way of working for Agile practitioners with this offering to provide more options and to better support enterprise agility.
    PMI-ACP & the DASM have seen a steady uptake recently.

    Source: projectmanagement.com as of July 2022

    The PMI has lost more certified PMPs than they have gained so far in 2022

    The PMI has lost more certified PMPs than they have gained so far in 2022.

    PMP

    PMP – Project Management Professional

    It is a concerning trend that their bread and butter, the PMP flagship certification, has largely stalled in 2022. We are unsure if this was attributed to them being displaced by competitors such as the Agile Alliance, their own Agile offerings, or the market’s lackluster reaction to PMBOK Guide – Seventh Edition.

    Source: projectmanagement.com as of July 2022

    The PMI’s total memberships have stalled since September 2021

    The PMIs total memberships have stalled since September 2021.

    PMI: Project Management Insitute

    The PMI’s membership appears to have a direct correlation to the PMP numbers. As the PMP number stalls, so do the PMI’s memberships.

    Source: projectmanagement.com as of July 2022

    The PMP and the PMBOK Guide are more focused on project management

    The knowledge and skills were not all that helpful for running programs, portfolios, and PMOs.
    • It became evident that other certifications were more tightly aligned to program and portfolio management for the PMOs. The PMI provides the following:
      • Program Management Professional (PgMP)
      • Portfolio Management Professional (PfMP)
    • Axelos also has certifications for program management and portfolio management, such as:
      • Managing Successful Programmes (MSP)
      • Management of Portfolios (MoP)
      • Portfolio, Programme, and Project Offices (P3O)

    The market didn’t know what to do with the PgMP or the PfMP

    These were relatively unknown certifications for Program and Portfolio Management.

    • The PMI’s story was that you would start as a project manager with the PMP certification and then the natural progression would be toward either Program Management (PgMP) or Portfolio Management (PfMP).
    • The uptake for the PgMP and the PfMP certification has been insignificant and underwhelming. The appetite and the demand for PMO-aligned certifications has been lackluster since their inception.
    PgMP - Program Management Professional and PfMP - Portfolio Management Professioanal Certifications are relatively unkown. PgMP only has 3780 members since 2007, and PfMP has 1266 since 2014.

    Source: projectmanagement.com as of July 2022

    There are other non-PMI certifications to consider

    Depending on your experience level

    List of non-PMI certifications based on specialization. List of non-PMI certifications based on years of experience.  Divided into 3 categories: 0-3 years, 3+ years, and 8+ years of experience.

    Other non-PMI project management certifications

    Non-PMI project management certifications

    PRINCE2 and CSM appear to be the more popular ones in the market.

    In April 2022, CIO.com outlined other popular project management certifications outside of the PMI.

    Source: CIO.com

    Project managers have an image problem among senior leaders

    There is a perception that PMs are just box-checkers and note-takers.

    • Project managers are seen as tactical troubleshooters rather than strategic partners. This suggests a widespread lack of understanding of the value and impact of project management at the C-suite level.
    • Very few C-suite executives associate project managers with "realizing visions," being "essential," or being "changemakers."
    • Strong strategic alignment between the PMO and the C-suite helps to reinforce the value of project management capabilities in achieving wider strategic aims.

    Source: PMI, Narrowing The Talent Gap, 2021

    Hiring practices have yet to change in response to the PMI’s moves

    The PMP is still the standard, even for organizations transitioning to Agile and PMO/portfolio jobs.

    • Savvy business leaders are still unsure about how Agile will impact them in the long term.
    • According to the Narrowing the Talent Gap report, PMI and PwC’s latest global research indicates that talent strategies haven’t changed much. There’s a widespread lack of focus on developing and retaining existing project managers, and a lack of variety and innovation in attracting and recruiting new talent. The core problem is that there isn’t a business case for investment in talent.

    Noteworthy Agile certifications to consider

    AGILE Certified Practioner(PMI-ACP) and Certified ScrumMaster(CSM) certification details.

    Source: PMI, “Agile Certifications,” and ScrumAlliance, “Become a Certified ScrumMaster.”

    Info-Tech Insight

    There is a lot of chatter about which Agile certification is better, and the jury is still out with no consensus. There are pros and cons to both certifications. We believe the PMI-ACP will give you more mileage and flexibility because of its breath of coverage in the Agile practice compared to the CSM.

    The talent shortage is a considerable risk to organizations

    • According to the PMI’s 2021 Talent Gap report1, the talent gap is likely to impact every region. By 2030, at least 13 million project managers are expected to have retired, creating additional challenges for recruitment. To close the gap, 25 million new project professionals are needed by 2030.
    • Young project managers will change the profession. Millennials and Generation Z are bringing fresh perspectives to projects. Learning to work alongside these younger generations isn't optional, as they increasingly dominate the labor force and extend their influence.
    • Millennials have already arrived: According to Pew Research2, this group surpassed Gen X in 2016 and is now the largest generation in the US labor force.

    1. PMI, Talent Gap, 2021.
    2. PM Network, 2019.

    Money talks – the PMP is still your best payoff

    It is a financially rewarding profession!

    The median salary for PMP holders in the US is 25% higher than those without PMP certification.

    On a global level, the Project Management Professional (PMP) certification has been shown to bolster salary levels. Holders of the PMP certification report higher median salaries than those without a PMP certification – 16% higher on average across the 40 countries surveyed.

    Source: PMI, Earning Power, 2021

    Determine which skills and capabilities are needed in the coming years

    • A scan of 2022 PM and PMO postings still shows continued dominance of the PMP certification requirement.
    • People and relationships have become more important than predicting budgets and timelines.
    • The PMI and PwC Global Survey on Transformation and Project Management 2021 identified the top five skills/capabilities for project managers (in order of priority):
      1. Relationship building
      2. Collaborative leadership
      3. Strategic thinking
      4. Creative problem solving
      5. Commercial awareness

    Source: PMI, Narrowing The Talent Gap, 2021.

    Prepare for product delivery by focusing on top digital-age skills

    According to the PMI Megatrends 2022 report, they have identified six areas as the top digital-age skills for product delivery:

    1. Innovative mindset
    2. Legal and regulatory compliance knowledge
    3. Security and privacy knowledge
    4. Data science skills
    5. Ability to make data-driven decisions
    6. Collaborative leadership skills

    Many organizations aren’t considering candidates who don’t have project-related qualifications. Indeed, many more are increasing the requirements for their qualifications than those who are reducing it.

    Source: PMI, Narrowing The Talent Gap, 2021

    Prioritize training and development at the C-suite level

    Currently, there is an imbalance with more emphasis of training on tools, processes, techniques, and methodologies rather than business acumen skills, collaboration, and management skills. With the explosion of remote work, training needs to be revamped and, in some cases, redesigned altogether to accommodate remote employees.

    Train of gears Labeled: Training. Gears from left to right are labeled: Knowledge, coaching, skills, developement, and experience.

    Lack of strategic prioritization is evident in how training and development is being done, with organizations largely not embracing a diversity of learning preferences and opportunities.

    Source: PMI, Narrowing The Talent Gap, 2021

    PM is evolving into a more strategic role

    • Ensure program and portfolio management roles are supported by the most appropriate certifications.
    • For project managers that have evolved beyond the iron triangle of managing projects, there is applicability to the PgMP and the PfMP for program managers, portfolio managers, and those in charge of PMOs.
    • Although these certifications have not been widely adopted due to lack of awareness and engagement at the decision-maker level, they still hold merit and prestige within the project management community.

    Project managers are evolving. No longer creatures of scope, schedule, and budget alone, they are now – enabled by new technology – focusing on influencing outcomes, building relationships, and achieving the strategic goals of their organizations.

    Source: PMI, Narrowing the Talent Gap, 2021

    Overhaul your recruitment practices to align with skills/capabilities

    World map with cartoon profile images, linked in a network.

    Talent managers will need to retool their toolbox to fill the capability gap and to look beyond where the role is geographically based by embracing flexible staffing models.

    They will need to evolve their talent strategies in line with changing business priorities.

    Organizations should be actively working to increase the diversity of candidates and upskilling young people in underrepresented communities as a priority.

    Most organizations are still relying on traditional approaches to recruit talent. Although we are prioritizing power skills and business acumen, we are still searching in the same, shrinking pool of talent.

    Source: PMI, Narrowing the Talent Gap, 2021.

    Bibliography

    “Agile Certifications for Every Step in Your Career.” PMI. Web.

    “Become a Certified ScrumMaster and Help Your Team Thrive.” ScrumAlliance. Web.

    “Become a Project Manager.” PMI. Accessed 14 Sept. 2022.

    Bucero, A. “The Next Evolution: Young Project Managers Will Change the Profession: Here's What Organizations Need to Know.” PM Network, 2019, 33(6), 26–27.

    “Certification Framework.” PMI. Accessed 14 Sept. 2022.

    “Certifications.” PMI. Accessed 14 Sept. 2022.

    DePrisco, Mike. Global Megatrends 2022. “Foreword.” PMI, 2022. Accessed 14 Sept. 2022.

    Earning Power: Project Management Salary Survey. 12th ed. PMI, 2021. Accessed 14 Sept. 2022.

    “Global Research From PMI and PwC Reveals Attributes and Strategies of the World’s Leading Project Management Offices.” PMI, 1 Mar. 2022. Press Release. Accessed 14 Sept. 2022.

    Narrowing the Talent Gap. PMI, 2021. Accessed 14 Sept. 2022.

    “PMP Certification.” PMI. Accessed 4 Aug. 2022.

    “Project Management Body of Knowledge.” Wikipedia, Wikimedia Foundation, 29 Aug. 2022.

    “Project Portfolio Management Pulse Survey 2021.” PwC. Accessed 30 Aug. 2022.

    Talent Gap: Ten-Year Employment Trends, Costs, and Global Implications. PMI. Accessed 14 Sept. 2022.

    “The Critical Path.” ProjectManagement.com. Accessed 14 Sept. 2022.

    “True Business Agility Starts Here.” PMI. Accessed 14 Sept. 2022.

    White, Sarah K. and Sharon Florentine. “Top 15 Project Management Certifications.” CIO.com, 22 Apr. 2022. Web.

    “Why You Should Get the PMP.” PMI. Accessed 14 Sept. 2022.

    Requirements Gathering

    • Buy Link or Shortcode: {j2store}49|cart{/j2store}
    • Related Products: {j2store}49|crosssells{/j2store}
    • member rating overall impact: 9.5/10
    • member rating average dollars saved: $33,901
    • member rating average days saved: 23
    • Parent Category Name: Project Portfolio Management and Projects
    • Parent Category Link: /ppm-and-projects

    The challenge

    • The number reason projects fail because from the outset, what people wanted was not clear.
    • Without proper due diligence, IT will deliver projects that fail to meet business expectations and fail to provide business value.
    • If you failed to accurately capture the needs and desires, your projects are set up for costly rework. That will hurt your business's financial performance and result in damage to your relationship with your business partners.
    • Even with requirements gathering processes in place, your business analysts may not have the required competencies to execute them.

    Our advice

    Insight

    • You need to gather requirements with your organizations' end-state in mind. That requires IT and business alignment.
    • You would be good to create a set of standard operating procedures around requirements gathering. But many companies fail to do so.
    • Bring standardization and conformity to your requirements gathering processes via a centralized center of excellence. That brings cohesion and uniformity to your practice.
    • It is critical that your business analysts have the necessary competencies to execute your processes and that they ask the right questions.

    Impact and results 

    • Better requirements analysis will result in shorter cycle timed and reduced project rework and overhead.
    • You will enjoy better relationships with your business partners, greater stakeholder satisfaction, and gradually a better standing of IT.
    • Most importantly, the applications and systems you deliver will contain all must-haves and some nice-to-haves. Your minimal viable deliverable will start to create business value immediately.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand why you should invest in optimizing requirements gathering in your company. We show you how we can support you.

    Build the target state

    Fully understand the target needs of the requirements gathering process.

    • Build a Strong Approach to Business Requirements Gathering – Phase 1: Build the Target State for the Requirements Gathering Process (ppt)
    • Requirements Gathering SOP and BA Playbook (doc)
    • Requirements Gathering Maturity Assessment (xls)
    • Project Level Selection Tool (xls)
    • Business Requirements Analyst (doc)
    • Requirements Gathering Communication Tracking Template (xls)

    Develop best practices to gather business requirements

    • Build a Strong Approach to Business Requirements Gathering – Phase 2: Define the Elicitation Process (ppt)
    • Business Requirements Document Template (xls)
    • Scrum Documentation Template (doc)

    Analyze and validate requirements

    Standardize your frameworks for analysis and validation of the business requirements

    • Build a Strong Approach to Business Requirements Gathering – Phase 3: Analyze and Validate Requirements (ppt)
    • Requirements Gathering Documentation Tool (xls)
    • Requirements Gathering Testing Checklist (doc)

    Build your requirements gathering governance action plan

    Formalize governance.

    • Build a Strong Approach to Business Requirements Gathering – Phase 4: Create a Requirements Governance Action Plan (ppt)
    • Requirements Traceability Matrix (xls)

     

     

    Consolidate Your Data Centers

    • Buy Link or Shortcode: {j2store}498|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Center & Facilities Strategy
    • Parent Category Link: /data-center-and-facilities-strategy
    • Data center operating costs continue to escalate as organizations struggle with data center sprawl.
    • While data center consolidation is an attractive option to reduce cost and sprawl, the complexity of these projects makes them extremely difficulty to execute.
    • The status quo is also not an option, as budget constraints and the challenges with managing multiple data centers continues to increase.

    Our Advice

    Critical Insight

    • Despite consolidation being an effective way of addressing sprawl, it is often difficult to secure buy-in and funding from the business.
    • Many consolidation projects suffer cost overruns due to unforeseen requirements and hidden interdependencies which could have been mitigated during the planning phase.
    • Organizations that avoid consolidation projects due to their complexity are just deferring the challenge, while costs and inefficiencies continue to increase.

    Impact and Result

    • Successful data center consolidation will have an immediate impact on reducing data center sprawl. Maximize your chances of success by securing buy-in from the business.
    • Avoid cost overruns and unforeseen requirements by engaging with the business at the start of the process. Clearly define business requirements and establish common expectations.
    • While cost improvements often drive data center consolidation, successful projects will also improve scalability, operational efficiency, and data center redundancy.

    Consolidate Your Data Centers Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should perform a data center consolidation, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Discover

    Identify IT infrastructure systems and establish dependency bundles for the current and target sites.

    • Consolidate Your Data Centers – Phase 1: Discover
    • Data Center Consolidation Data Collection Workbook
    • Data Center Consolidation Project Planning and Prioritization Tool

    2. Plan

    Build a strong business case for data center consolidation by leveraging a TCO analysis and incorporating business requirements.

    • Consolidate Your Data Centers – Phase 2: Plan
    • Data Center Consolidation TCO Comparison Tool
    • Data Center Relocation Vendor Statement of Work Evaluation Tool

    3. Execute

    Streamline the move-day process through effective communication and clear delegation of duties.

    • Consolidate Your Data Centers – Phase 3: Execute
    • Communications Plan Template for Data Center Consolidation
    • Data Center Consolidation Executive Presentation
    • Minute-to-Minute Move Day Script (PDF)
    • Minute-to-Minute Move Day Script (Visio)
    • Data Center Relocation Minute-to-Minute Project Planning and Monitoring Tool

    4. Close

    Close the loop on the data center consolidation project by conducting an effective project retrospective.

    • Consolidate Your Data Centers – Phase 4: Close
    • Data Center Relocation QA Team Project Planning and Monitoring Tool
    • Data Center Move Issue Resolution and Change Order Template
    • Data Center Relocation Wrap-up Checklist
    [infographic]

    Ransomware Cyber Attack. The real Disaster Recovery Scenario

    Cyber-ransomware criminals need to make sure that you cannot simply recover your encrypted data via your backups. They must make it look like paying is your only option. And if you do not have a strategy that takes this into account, unfortunately, you may be up the creek without a paddle. because how do they make their case? Bylooking for ways to infect your backups, way before you find out you have been compromised. 

    That means your standard disaster recovery scenarios provide insufficient protection against this type of event. You need to think beyond DRP and give consideration to what John Beattie and Michael Shandrowski call "Cyber Incident Recovery Risk management" (CIR-RM).  

    incident, incident management, cybersecurity, cyber, disaster recovery, drp, business continuity, bcm, recovery

    Register to read more …

    Build a Robust and Comprehensive Data Strategy

    • Buy Link or Shortcode: {j2store}120|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $46,734 Average $ Saved
    • member rating average days saved: 29 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • The volume and variety of data that organizations have been collecting and producing have been growing exponentially and show no sign of slowing down.
    • At the same time, business landscapes and models are evolving, and users and stakeholders are becoming more and more data centric, with maturing expectations and demands.

    Our Advice

    Critical Insight

    • As the CDO or equivalent data leader in your organization, a robust and comprehensive data strategy is the number one tool in your toolkit for delivering on your mandate of creating measurable business value from data.
    • A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.
    • Building and fostering a data-driven culture will accelerate and sustain adoption of, appetite for, and appreciation for data and hence drive the ROI on your various data investments.

    Impact and Result

    • Formulate a data strategy that stitches all of the pieces together to better position you to unlock the value in your data:
      • Establish the business context and value: Identify key business drivers for executing on an optimized data strategy, build compelling and relevant use cases, understand your organization’s culture and appetite for data, and ensure you have well-articulated vision, principles, and goals for your data strategy
      • Ensure you have a solid data foundation: Understand your current data environment, data management enablers, people, skill sets, roles, and structure. Know your strengths and weakness so you can optimize appropriately.
      • Formulate a sustainable data strategy: Round off your strategy with effective change management and communication for building and fostering a data-driven culture.

    Build a Robust and Comprehensive Data Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Data Strategy Research – A step-by-step document to facilitate the formulation of a data strategy that brings together the business context, data management foundation, people, and culture.

    Data should be at the foundation of your organization’s evolution. The transformational insights that executives and decision makers are constantly seeking to leverage can be unlocked with a data strategy that makes high-quality, trusted, and relevant data readily available to the users who need it.

    • Build a Robust and Comprehensive Data Strategy – Phases 1-3

    2. Data Strategy Stakeholder Interview Guide and Findings – A template to support you in your meetings or interviews with key stakeholders as you work on understanding the value of data within the various lines of business.

    This template will help you gather insights around stakeholder business goals and objectives, current data consumption practices, the types or domains of data that are important to them in supporting their business capabilities and initiatives, the challenges they face, and opportunities for data from their perspective.

    • Data Strategy Stakeholder Interview Guide and Findings

    3. Data Strategy Use Case Template – An exemplar template to demonstrate the business value of your data strategy.

    Data strategy optimization anchored in a value proposition will ensure that the data strategy focuses on driving the most valuable and critical outcomes in support of the organization’s enterprise strategy. The template will help you facilitate deep-dive sessions with key stakeholders for building use cases that are of demonstrable value not only to their relevant lines of business but also to the wider organization.

    • Data Strategy Use Case Template

    4. Chief Data Officer – A job description template that includes a detailed explication of the responsibilities and expectations of a CDO.

    Bring data to the C-suite by creating the Chief Data Officer role. This position is designed to bridge the gap between the business and IT by serving as a representative for the organization's data management practices and identifying how the organization can leverage data as a competitive advantage or corporate asset.

    • Chief Data Officer

    5. Data Strategy Document Template – A structured template to plan and document your data strategy outputs.

    Use this template to document and formulate your data strategy. Follow along with the sections of the blueprint Build a Robust and Comprehensive Data Strategy and complete the template as you progress.

    • Data Strategy Document Template
    [infographic]

    Workshop: Build a Robust and Comprehensive Data Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Context and Value: Understand the Current Business Environment

    The Purpose

    Establish the business context for the business strategy.

    Key Benefits Achieved

    Substantiates the “why” of the data strategy.

    Highlights the organization’s goals, objectives, and strategic direction the data must align with.

    Activities

    1.1 Data Strategy 101

    1.2 Intro to Tech’s Data Strategy Framework

    1.3 Data Strategy Value Proposition: Understand stakeholder’s strategic priorities and the alignment with data

    1.4 Discuss the importance of vision, mission, and guiding principles of the organization’s data strategy

    1.5 Understand the organization’s data culture – discuss Data Culture Survey results

    1.6 Examine Core Value Streams of Business Architecture

    Outputs

    Business context; strategic drivers

    Data strategy guiding principles

    Sample vision and mission statements

    Data Culture Diagnostic Results Analysis

    2 Business-Data Needs Discovery: Key Business Stakeholder Interviews

    The Purpose

    Build use cases of demonstrable value and understand the current environment.

    Key Benefits Achieved

    An understanding of the current maturity level of key capabilities.

    Use cases that represent areas of concern and/or high value and therefore need to be addressed.

    Activities

    2.1 Conduct key business stakeholder interviews to initiate the build of high-value business-data cases

    Outputs

    Initialized high-value business-data cases

    3 Understand the Current Data Environment & Practice: Analyze Data Capability and Practice Gaps and Develop Alignment Strategies

    The Purpose

    Build out a future state plan that is aimed at filling prioritized gaps and that informs a scalable roadmap for moving forward on treating data as an asset.

    Key Benefits Achieved

    A target state plan, formulated with input from key stakeholders, for addressing gaps and for maturing capabilities necessary to strategically manage data.

    Activities

    3.1 Understand the current data environment: data capability assessment

    3.2 Understand the current data practice: key data roles, skill sets; operating model, organization structure

    3.3 Plan target state data environment and data practice

    Outputs

    Data capability assessment and roadmapping tool

    4 Align Business Needs with Data Implications: Initiate Roadmap Planning and Strategy Formulation

    The Purpose

    Consolidate business and data needs with consideration of external factors as well as internal barriers and enablers to the success of the data strategy. Bring all the outputs together for crafting a robust and comprehensive data strategy.

    Key Benefits Achieved

    A consolidated view of business and data needs and the environment in which the data strategy will be operationalized.

    An analysis of the feasibility and potential risks to the success of the data strategy.

    Activities

    4.1 Analyze gaps between current- and target-state

    4.2 Initiate initiative, milestone and RACI planning

    4.3 Working session with Data Strategy Owner

    Outputs

    Data Strategy Next Steps Action Plan

    Relevant data strategy related templates (example: data practice patterns, data role patterns)

    Initialized Data Strategy on-a-Page

    Further reading

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    ANALYST PERSPECTIVE

    Data Strategy: Key to helping drive organizational innovation and transformation

    "In the dynamic environment in which we operate today, where we are constantly juggling disruptive forces, a well-formulated data strategy will prove to be a key asset in supporting business growth and sustainability, innovation, and transformation.

    Your data strategy must align with the organization’s business strategy, and it is foundational to building and fostering an enterprise-wide data-driven culture."

    Crystal Singh,

    Director – Research and Advisory

    Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • Chief data officers (CDOs), chief architects, VPs, and digital transformation directors and CIOs who are accountable for ensuring data can be leveraged as a strategic asset of the organization.

    This Research Will Help You:

    • Put a strategy in place to ensure data is available, accessible, well integrated, secured, of acceptable quality, and suitably visualized to fuel decision making by the organizations’ executives.
    • Align data management plans and investments with business requirements and the organization’s strategic plans.
    • Define the relevant roles for operationalizing your data strategy.

    This Research Will Also Assist:

    • Data architects and enterprise architects who have been tasked with supporting the formulation or optimization of the organization’s data strategy.
    • Business leaders creating plans for leveraging data in their strategic planning and business processes.
    • IT professionals looking to improve the environment that manages and delivers data.

    This Research Will Help Them:

    • Get a handle on the current situation of data within the organization.
    • Understand how the data strategy and its resulting initiatives will affect the operations, integration, and provisioning of data within the enterprise.

    Executive Summary

    Situation

    • The volume and variety of data that organizations have been collecting and producing have been growing exponentially and show no sign of slowing down. At the same time, business landscapes and models are evolving, and users and stakeholders are becoming more and more data centric, with maturing and demanding expectations.

    Complication

    • As organizations pivot in response to industry disruptions and changing landscapes, a reactive and piecemeal approach leads to data architectures and designs that fail to deliver real and measurable value to the business.
    • Despite the growing focus on data, many organizations struggle to develop a cohesive business-driven strategy for effectively managing and leveraging their data assets.

    Resolution

    Formulate a data strategy that stitches all of the pieces together to better position you to unlock the value in your data:

    • Establish the business context and value: Identify key business drivers for executing on an optimized data strategy, build compelling and relevant use cases, understand your organization’s culture and appetite for data, and ensure you have well-articulated vision, principles, and goals for your data strategy.
    • Ensure you have a solid data foundation: Understand your current data environment, data management enablers, people, skill sets, roles, and structure. Know your strengths and weakness so you can optimize appropriately.
    • Formulate a sustainable data strategy: Round off your strategy with effective change management and communication for building and fostering a data-driven culture.

    Info-Tech Insight

    1. As the CDO or equivalent data leader in your organization, a robust and comprehensive data strategy is the number one tool in your toolkit for delivering on your mandate of creating measurable business value from data.
    2. A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.
    3. Building and fostering a data-driven culture will accelerate and sustain adoption of, appetite for, and appreciation for data and hence drive the ROI on your various data investments.

    Why do you need a data strategy?

    Your data strategy is the vehicle for ensuring data is poised to support your organization’s strategic objectives.

    The dynamic marketplace of today requires organizations to be responsive in order to gain or maintain their competitive edge and place in their industry.

    Organizations need to have that 360-degree view of what’s going on and what’s likely to happen.

    Disruptive forces often lead to changes in business models and require organizations to have a level of adaptability to remain relevant.

    To respond, organizations need to make decisions and should be able to turn to their data to gain insights for informing their decisions.

    A well-formulated and robust data strategy will ensure that your data investments bring you the returns by meeting your organization’s strategic objectives.

    Organizations need to be in a position where they know what’s going on with their stakeholders and anticipate what their stakeholders’ needs are going to be.

    Data cannot be fully leveraged without a cohesive strategy

    Most organizations today will likely have some form of data management in place, supported by some of the common roles such as DBAs and data analysts.

    Most will likely have a data architecture that supports some form of reporting.

    Some may even have a chief data officer (CDO), a senior executive who has a seat at the C-suite table.

    These are all great assets as a starting point BUT without a cohesive data strategy that stitches the pieces together and:

    • Effectively leverages these existing assets
    • Augments them with additional and relevant key roles and skills sets
    • Optimizes and fills in the gaps around your current data management enablers and capabilities for the growing volume and variety of data you’re collecting
    • Fully caters to real, high-value strategic organizational business needs

    you’re missing the mark – you are not fully leveraging the incredible value of your data.

    Cross-industry studies show that on average, less than half of an organization’s structured data is actively used in making decisions

    And, less than 1% of its unstructured data is analyzed or used at all. Furthermore, 80% of analysts' time is spent simply discovering and preparing, data with over 70% of employees having access to data they should not. Source: HBR, 2017

    Organizational drivers for a data strategy

    Your data strategy needs to align with your organizational strategy.

    Main Organizational Strategic Drivers:

    1. Stakeholder Engagement/Service Excellence
    2. Product and Service Innovations
    3. Operational Excellence
    4. Privacy, Risk, and Compliance Management

    “The companies who will survive and thrive in the future are the ones who will outlearn and out-innovate everyone else. It is no longer ‘survival of the fittest’ but ‘survival of the smartest.’ Data is the element that both inspires and enables this new form of rapid innovation.– Joel Semeniuk, 2016

    A sound data strategy is the key to unlocking the value in your organization’s data.

    Data should be at the foundation of your organization’s evolution.

    The transformational insights that executives are constantly seeking to leverage can be unlocked with a data strategy that makes high-quality, well-integrated, trustworthy, relevant data readily available to the business users who need it.

    Whether hoping to gain a better understanding of your business, trying to become an innovator in your industry, or having a compliance and regulatory mandate that needs to be met, any organization can get value from its data through a well-formulated, robust, and cohesive data strategy.

    According to a leading North American bank, “More than one petabyte of new data, equivalent to about 1 million gigabytes” is entering the bank’s systems every month. – The Wall Street Journal, 2019

    “Although businesses are at many different stages in unlocking the power of data, they share a common conviction that it can make or break an enterprise.”– Jim Love, ITWC CIO and Chief Digital Officer, IT World Canada, 2018

    Data is a strategic organizational asset and should be treated as such

    The expression “Data is an asset” or any other similar sentiment has long been heard.

    With such hype, you would have expected data to have gotten more attention in the boardrooms. You would have expected to see its value reflected on financial statements as a result of its impact in driving things like acquisition, retention, product and service development and innovation, market growth, stakeholder satisfaction, relationships with partners, and overall strategic success of the organization.

    The time has surely come for data to be treated as the asset it is.

    “Paradoxically, “data” appear everywhere but on the balance sheet and income statement.”– HBR, 2018

    “… data has traditionally been perceived as just one aspect of a technology project; it has not been treated as a corporate asset.”– “5 Essential Components of a Data Strategy,” SAS

    According to Anil Chakravarthy, who is the CEO of Informatica and has a strong vantage point on how companies across industries leverage data for better business decisions, “what distinguishes the most successful businesses … is that they have developed the ability to manage data as an asset across the whole enterprise.”– McKinsey & Company, 2019

    How data is perceived in today’s marketplace

    Data is being touted as the oil of the digital era…

    But just like oil, if left unrefined, it cannot really be used.

    "Data is the new oil." – Clive Humby, Chief Data Scientist

    Source: Joel Semeniuk, 2016

    Enter your data strategy.

    Data is being perceived as that key strategic asset in your organization for fueling innovation and transformation.

    Your data strategy is what allows you to effectively mine, refine, and use this resource.

    “The world’s most valuable resource is no longer oil, but data.”– The Economist, 2017

    “Modern innovation is now dependent upon this data.”– Joel Semeniuk, 2016

    “The better the data, the better the resulting innovation and impact.”– Joel Semeniuk, 2016

    What is it in it for you? What opportunities can data help you leverage?

    GOVERNMENT

    Leveraging data as a strategic asset for the benefit of citizens.

    • The strategic use of data can enable governments to provide higher-quality services.
    • Direct resources appropriately and harness opportunities to improve impact.
    • Make better evidence-informed decisions and better understand the impact of programs so that funds can be directed to where they are most likely to deliver the best results.
    • Maintain legitimacy and credibility in an increasingly complex society.
    • Help workers adapt and be competitive in a changing labor market.
    • A data strategy would help protect citizens from the misuse of their data.

    Source: Privy Council Office, Government of Canada, 2018

    What is it in it for you? What opportunities can data help you leverage?

    FINANCIAL

    Leveraging data to boost traditional profit and loss levers, find new sources of growth, and deliver the digital bank.

    • One bank used credit card transactional data (from its own terminals and those of other banks) to develop offers that gave customers incentives to make regular purchases from one of the bank’s merchants. This boosted the bank’s commissions, added revenue for its merchants, and provided more value to the customer (McKinsey & Company, 2017).
    • In terms of enhancing productivity, a bank used “new algorithms to predict the cash required at each of its ATMs across the country and then combined this with route-optimization techniques to save money” (McKinsey & Company, 2017).

    A European bank “turned to machine-learning algorithms that predict which currently active customers are likely to reduce their business with the bank.” The resulting understanding “gave rise to a targeted campaign that reduced churn by 15 percent” (McKinsey & Company, 2017).

    A leading Canadian bank has built a marketplace around their data – they have launched a data marketplace where they have productized the bank’s data. They are providing data – as a product – to other units within the bank. These other business units essentially represent internal customers who are leveraging the product, which is data.

    Through the use of data and advanced analytics, “a top bank in Asia discovered unsuspected similarities that allowed it to define 15,000 microsegments in its customer base. It then built a next-product-to-buy model that increased the likelihood to buy three times over.” Several sets of big data were explored, including “customer demographics and key characteristics, products held, credit-card statements, transaction and point-of-sale data, online and mobile transfers and payments, and credit-bureau data” (McKinsey & Company, 2017).

    What is it in it for you? What opportunities can data help you leverage?

    HEALTHCARE

    Leveraging data and analytics to prevent deadly infections

    The fifth-largest health system in the US and the largest hospital provider in California uses a big data and advanced analytics platform to predict potential sepsis cases at the earliest stages, when intervention is most helpful.

    Using the Sepsis Bio-Surveillance Program, this hospital provider monitors 120,000 lives per month in 34 hospitals and manages 7,500 patients with potential sepsis per month.

    Collecting data from the electronic medical records of all patients in its facilities, the solution uses natural language processing (NLP) and a rules engine to continually monitor factors that could indicate a sepsis infection. In high-probability cases, the system sends an alarm to the primary nurse or physician.

    Since implementing the big data and predictive analytics system, this hospital provider has seen a significant improvement in the mortality and the length of stay in ICU for sepsis patients.

    At 28 of the hospitals which have been on the program, sepsis mortality rates have dropped an average of 5%.

    With patients spending less time in the ICU, cost savings were also realized. This is significant, as sepsis is the costliest condition billed to Medicare, the second costliest billed to Medicaid and the uninsured, and the fourth costliest billed to private insurance.

    Source: SAS, 2019

    What is it in it for you? What opportunities can data help you leverage?

    RETAIL

    Leveraging data to better understand customer preferences, predict purchasing, drive customer experience, and optimize supply and demand planning.

    Netflix is an example of a big brand that uses big data analytics for targeted advertising. With over 100 million subscribers, the company collects large amounts of data. If you are a subscriber, you are likely familiar with their suggestions messages of the next series or movie you should catch up on. These suggestions are based on your past search data and watch data. This data provides Netflix with insights into your interests and preferences for viewing (Mentionlytics, 2018).

    “For the retail industry, big data means a greater understanding of consumer shopping habits and how to attract new customers.”– Ron Barasch, Envestnet | Yodlee, 2019

    The business case for data – moving from platitudes to practicality

    When building your business case, consider the following:

    • What is the most effective way to communicate the business case to executives?
    • How can CDOs and other data leaders use data to advance their organizations’ corporate strategy?
    • What does your data estate look like? Are you looking to leverage and drive value from your semi-structured and unstructured data assets?
    • Does your current organizational culture support a data-driven one? Does the organization have a history of managing change effectively?
    • How do changing privacy and security expectations alter the way businesses harvest, save, use, and exchange data?

    “We’re the converted … We see the value in data. The battle is getting executive teams to see it our way.”– Ted Maulucci, President of SmartONE Solutions Inc. IT World Canada, 2018

    Where do you stack up? What is your current data management maturity?

    Info-Tech’s IT Maturity Ladder denotes the different levels of maturity for an IT department and its different functions. What is the current state of your data management capability?

    Innovator - Transforms the Business. Business Partner - Expands the Business. Trusted Operator - Optimizes the Business. Firefighter - Supports the Business. Unstable - Struggles to Support.

    Info-Tech Insight

    You are best positioned to successfully execute on a data strategy if you are currently at or above the Trusted Operator level. If you find yourself still at the Unstable or Firefighter stage, your efforts are best spent on ensuring you can fulfill your day-to-day data and data management demands. Improving this capability will help build a strong data management foundation.

    Guiding principles of a data strategy

    Value of Clearly Defined Data Principles

    • Guiding principles help define the culture and characteristics of your practice by describing your beliefs and philosophy.
    • Guiding principles act as the heart of your data strategy, helping to shape initiative plans and day-to-day behaviors related to the use and treatment of the organization’s data assets.

    “Organizational culture can accelerate the application of analytics, amplify its power, and steer companies away from risky outcomes.”– McKinsey, 2018

    Build a Robust and Comprehensive Data Strategy

    Business Strategy and Current Environment connect with the Data Strategy. Data Strategy includes: Organizational Drivers and Data Value, Data Strategy Objectives and Guiding Principles, Data Strategy Vision and Mission, Data Strategy Roadmap, People: Roles and Organizational Structure, Data Culture and Data Literacy, Data Management and Tools, Risk and Feasibility.

    Follow Info-Tech’s methodology for effectively leveraging the value out of your data

    Some say it’s the new oil. Or the currency of the new business landscape. Others describe it as the fuel of the digital economy. But we don’t need platitudes — we need real ways to extract the value from our data. – Jim Love, CIO and Chief Digital Officer, IT World Canada, 2018

    1. Business Context. 2. Data and Resources Foundation. 3. Effective Data Strategy

    Our practical step-by-step approach helps you to formulate a data strategy that delivers business value.

    1. Establish Business Context and Value: In this phase, you will determine and substantiate the business drivers for optimizing the data strategy. You will identify the business drivers that necessitate the data strategy optimization and examine your current organizational data culture. This will be key to ensuring the fruits of your optimization efforts are being used. You will also define the vision, mission, and guiding principles and build high-value use cases for the data strategy.
    2. Ensure You Have a Solid Data and Resources Foundation: This phase will help you ensure you have a solid data and resources foundation for operationalizing your data strategy. You will gain an understanding of your current environment in terms of data management enablers and the required resources portfolio of key people, roles, and skill sets.
    3. Formulate a Sustainable Data Strategy: In this phase, you will bring the pieces together for formulating an effective data strategy. You will evaluate and prioritize the use cases built in Phase 1, which summarize the alignment of organizational goals with data needs. You will also create your strategic plan, considering change management and communication.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks are used throughout all four options.

    Drive Business Value With Off-the-Shelf AI

    • Buy Link or Shortcode: {j2store}205|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • Understanding the impact of the machine learning/AI component that is built into most of the enterprise products and tools and its role in the implementation of the solution.
    • Understanding the most important aspects that the organization needs to consider while planning the implementation of the AI-powered product.

    Our Advice

    Critical Insight

    • Organizations are faced with multiple challenges trying to adopt AI solutions. Challenges include data issues, ethics and compliance considerations, business process challenges, and misaligned leadership goals.
    • When choosing the right product to meet business needs, organizations need to know what questions to ask vendors to ensure they fully understand the implications of buying an AI/ML product.
    • To guarantee the success of your off-the-shelf AI implementation and ensure it delivers value, you must start with a clear definition of the business case and an understanding of your data.

    Impact and Result

    To guarantee success of the off-the-shelf AI implementation and deliver value, in addition to formulating a clear definition of the business case and understanding of data, organizations should also:

    • Know what questions to ask vendors while evaluating AI-powered products.
    • Measure the impact of the project on business and IT processes.

    Drive Business Value With Off-the-Shelf AI Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive Business Value With Off-the-Shelf AI Deck – A step-by-step approach that will help guarantee the success of your Off-the-Shelf AI implementation and ensure it delivers business value

    Use this practical and actionable framework that will guide you through the planning of your Off-the-Shelf AI product implementation.

    • Drive Business Value With Off-the-Shelf AI Storyboard

    2. Off-the-Shelf AI Analysis – A tool that will guide the analysis and planning of the implementation

    Use this analysis tool to ensure the success of the implementation.

    • Off-the-Shelf AI Analysis

    Infographic

    Further reading

    Drive Business Value With Off-the-Shelf AI

    A practical guide to ensure return on your Off-the-Shelf AI investment

    Executive Summary

    Your Challenge
    • Understanding the impact of the machine learning/AI component that is built into most of the enterprise products and tools and its role in the implementation of the solution.
    • What are the most important aspects that organizations needs to consider while planning the implementation of the AI-powered product?
    Common Obstacles
    • Organizations are faced with multiple challenges trying to adopt an AI solution. Challenges include data issues, ethics and compliance considerations, business process challenges, and misaligned leadership goals.
    • When choosing the right product to meet business needs, organizations need to know what questions to ask vendors to ensure they fully understand the implications of buying an AI/ML product.
    Info-Tech’s Approach

    Info-Tech’s approach includes a framework that will guide organizations through the process of the Off-the-Shelf AI product selection.

    To guarantee success of the Off-the-Shelf AI implementation and deliver value, organization should start with clear definition of the business case and an understanding of data.

    Other steps include:

    • Knowing what questions to ask vendors to evaluate AI-powered products.
    • Measuring the impact of the project on your business and IT processes.
    • Assessing impact on the organization and ensure team readiness.

    Info-Tech Insight

    To guarantee the success of your Off-the-Shelf AI implementation and ensure it delivers value, you must start with a clear definition of the business case and an understanding of your data.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Getting value out of AI and machine learning investments

    92.1%

    of companies say they are achieving returns on their data and AI investments

    91.7%

    said they were increasing investments in data and AI

    26.0%

    of companies have AI systems in widespread production
    However, CIO Magazine identified nine main hurdles to AI adoption based on the survey results:
    • Data issues
    • Business process challenges
    • Implementation challenges and skill shortages
    • Costs of tools and development
    • Misaligned leadership goals
    • Measuring and proving business value
    • Legal and regulatory risks
    • Cybersecurity
    • Ethics
    • (Source: CIO, 2019)
    “Data and AI initiatives are becoming well established, investments are paying off, and companies are getting more economic value from AI.” (Source: NewVantage, 2022.)

    67% of companies are currently using machine learning, and 97% are using or planning to use it in the next year.” (Source: Deloitte, 2020)

    AI vs. ML

    Machine learning systems learn from experience and without explicit instructions. They learn patterns from data then analyze and make predictions based on past behavior and the patterns learned.

    Artificial intelligence is a combination of technologies and can include machine learning. AI systems perform tasks mimicking human intelligence such as learning from experience and problem solving. Most importantly, AI is making its own decisions without human intervention.

    The AI system can make assumptions, test these assumptions, and learn from the results.

    (Level of decision making required increases from left to right)
    Statistical Reasoning
    Infer relationships between variables

    Statistical models are designed to find relationships between variables and the significance of those relationships.

    Machine Learning:
    Making accurate predictions

    Machine learning is a subset of AI that discovers patterns from data without being explicitly programmed to do so.

    Artificial Intelligence
    Dynamic adaptation to novelty

    AI systems choose the optimal combination of methods to solve a problem. They make assumptions, reassess the model, and reevaluate the data.

    “Machine learning is the study of computer algorithms that improve automatically through experience.” (Tom Mitchell, 1997)

    “At its simplest form, artificial intelligence is a field, which combines computer science and robust datasets, to enable problem-solving.” (IBM, “What is artificial intelligence?”)

    Types of Off-the-Shelf AI products and solutions

    ML/AI-Powered Products Off-the-Shelf Pre-built and Pre-trained AI/ML Models
    • AI/ML capabilities built into the product and might require training as part of the implementation.
    • Off-the-Shelf ML/AI Models, pre-built, pre-trained, and pre-optimized for a particular task. For example, language models or image recognition models that can be used to speed up and simplify ML/AI systems development.
    Examples of OTS tools/products: Examples of OTS models:

    The data inputs for these models are defined, the developer has to conform to the provided schema, and the data outputs are usually fixed due to the particular task the OTS model is built to solve.

    Insight summary

    Overarching insight:

    To guarantee the success of your Off-the-Shelf AI implementation and ensure it delivers value, you must start with a clear definition of the business case and an understanding of your data.

    Business Goals

    Question the value that AI adds to the tool you are evaluating. Don’t go after the tool simply because it has an AI label attached to it. AI/ML capabilities might add little value but increase implementation complexity. Define the problem you are solving and document business requirements for the tool or a model.

    Data

    Know your data. Determine data requirements to:

    • Train the model during the implementation and development.
    • Run the model in production.

    People/Skills

    Define the skills required for the implementation and assemble the team that will support the project from requirements to deployment and support, through its entire lifecycle. Don’t forget about production support and maintenance.

    Choosing an AI-Powered Tool

    No need to reinvent the wheel and build a product you can buy, but be prepared to work around tool limitations, and make sure you understand the data and the model the tool is built on.

    Choosing an AI/ML Model

    Using Off-the-Shelf-AI models enables an agile approach to system development. Faster POC and validation of ideas and approaches, but the model might not be customizable for your requirements.

    Guaranteeing Off-the-Shelf AI Implementation Success

    Info-Tech Insight

    To guarantee the success of your Off-the-Shelf AI implementation and ensure it delivers value, you must start with a clear definition of the business case and an understanding of your data.

    Why do you need AI in your toolset?
    Business Goals

    Clearly defined problem statement and business requirements for the tool or a model will help you select the right solution that will deliver business value even if it does not have all the latest bells and whistles.

    Small chevron pointing right.
    Do you know the data required for implementation?
    Data

    Expected business outcome defines data requirements for implementation. Do you have the right data required to train and run the model?

    Large chevron pointing right.
    Is your organization ready for AI?
    People/Team/ Skills

    New skills and expertise are required through all phases of the implementation: design, build, deployment, support, and maintenance, as well as post-production support, scaling, and adoption.

    Data Architecture/ Infrastructure

    New tool or model will impact your cloud and integration strategy. It will have to integrate with the existing infrastructure, in the cloud or on prem.

    Large chevron pointing right.
    What questions do you need to ask when choosing the solution?
    Product/ Tool or Model Selection

    Do you know what model powers the AI tool? What data was used to train the tool and what data is required to run it? Ask the right questions.

    Small chevron pointing right.
    Are you measuring impact on your processes?
    Business and IT Processes

    Business processes need to be defined or updated to incorporate the output of the tool back into the business processes to deliver value.

    IT governance and support processes need to accommodate the new AI-powered tool.

    Small chevron pointing right.
    Realize and measure business value of your AI investment
    Value

    Do you have a clear understanding of the value that AI will bring to your organization?Optimization?Increased revenue?Operational efficiency?

    Introduction of Off-the-Shelf AI Requires a Strategic Approach

    Business Goals and Value Data People/Team/ Skills Infrastructure Business and IT Processes
    AI/ML–powered tools
    • Define a business problem that can be solved with either an AI-powered tool or an AI/ML pre-built model that will become part of the solution.
    • Define expectations and assumptions around the value that AI can bring.
    • Document business requirements for the tool or model.
    • Define the scope for a prototype or POC.
    • Define data requirements.
    • Define data required for implementation.
    • Determine if the required data can be acquired or captured/generated.
    • Document internal and external sources of data.
    • Validate data quality (define requirements and criteria for data quality).
    • Define where and how the data is stored and will be stored. Does it have to be moved or consolidated?
    • Define all stakeholders involved in the implementation and support.
    • Define skills and expertise required through all phases of the implementation: design, build, deployment, support, and maintenance.
    • Define skills and expertise required to grow AI practice and achieve the next level of adoption, scaling, and development of the tool or model POC.
    • Define infrastructure requirements for either Cloud, Software-as-a-Service, or on-prem deployment of a tool or model.
    • Define how the tool is integrated with existing systems and into existing infrastructure.
    • Determine the cost to deploy and run the tool/model.
    • Define processes that need to be updated to accommodate new functionality.
    • Define how the outcome of the tool or a model (e.g. predictions) are incorporated back into the business processes.
    • Define new business and IT processes that need to be defined around the tool (e.g. chatbot maintenance; analysis of the data generated by the tool).
    Off-the-shelf AI/ML pre-built models
    • Define the business metrics and KPIs to measure success of the implementation against.
    • Determine if there are requirements for a specific data format required for the tool or a model.
    • Determine if there is a need to classify/label the data (supervised learning).
    • Define privacy and security requirements.
    • Define requirements for employee training. This can be vendor training for a tool or platform training in the case of a pre-built model or service.
    • Define if ML/AI expertise is required.
    • Is the organization ready for ML/AI? Conduct an AI literacy survey and understand team’s concerns, fears, and misconceptions and address them.
    • Define requirements for:
      • Data migration.
      • Security.
      • AI/ML pipeline deployment and maintenance.
    • Define requirements for operation and maintenance of the tool or model.
    • Confirm infrastructure readiness.
    • How AI and its output will be used across the organization.

    Define Business Goals and Objectives

    Why do you need AI in your toolset? What value will AI deliver? Have a clear understanding of business benefits and the value AI delivers through the tool.

    • Define a business problem that can be solved with either an AI-powered tool or AI/ML pre-built model.
    • Define expectations and assumptions around the value that AI can bring.
    • Document business requirements for a tool or model.
    • Start with the POC or a prototype to test assumptions, architecture, and components of the solution.
    • Define business metrics and KPIs to measure success of the implementation.

    Info-Tech Insight

    Question the value that AI adds to the tool you are evaluating. Don’t go after the tool simply because it has an AI label attached to it. AI/ML capabilities might add little value but increase implementation complexity. Define the problem you are solving and document business requirements for the tool or a model.

    Venn diagram of 'Applied Artificial Intelligence (AAI)' with a larger circle at the top, 'Machine Learning (ML)', and three smaller ovals intersecting, 'Computer Vision', 'Natural Language Processing (NLP)', and 'Robotic Process Automation (RPA)'.

    AAI solutions and technologies are helping organizations make faster decisions and predict future outcomes such as:

    • Business process automation
    • Intelligent integration
    • Intelligent insights
    • Operational efficiency improvement
    • Increase revenue
    • Improvement of existing products and services
    • Product and process innovation

    1. Use Info-Tech’s Off-the-Shelf AI Analysis Tool to define business drivers and document business requirements

    2-3 hours
    Screenshot of the Off-the-Shelf AI Analysis Tool's Business Drivers tab, a table with columns 'AI/ML Tool or Model', 'Use Case', 'Business problem / goal for AI/ML use case', 'Description', 'Business Owner (Primary Stakeholder)', 'Priority', 'Stakeholder Groups Impacted', 'Requirements Defined? Yes/No', 'Related Data Domains', and 'KPIs'. Use the Business Drivers tab to document:
    • Business objectives of the initiative that might drive the AI/ML use case.
    • The business owner or primary stakeholder who will help to define business value and requirements.
    • All stakeholders who will be involved or impacted.
    • KPIs that will be used to assess the success of the POC.
    • Data required for the implementation.
    • Use the Business Requirements tab to document high-level requirements for a tool or model.
    • These requirements will be used while defining criteria for a tool selection and to validate if the tool or model meets your business goals.
    • You can use either traditional BRD format or a user story to document requirements.
    Screenshot of the Off-the-Shelf AI Analysis Tool's Business Requirements tab, a table with columns 'Requirement ID', 'Requirement Description / user story', 'Requirement Category', 'Stakeholder / User Role', 'Requirement Priority', and 'Complexity (point estimates)'.

    Download the Off-the-Shelf AI Analysis Tool

    1. Define business drivers and document business requirements

    Input

    • Strategic plan of the organization
    • Data strategy that defines target data capabilities required to support enterprise strategic goals
    • Roadmap of business and data initiatives to support target state of data capabilities

    Output

    • Prioritized list of business use cases where an AI-powered tool or AI/ML can deliver business value
    • List of high-level requirements for the selected use case

    Materials

    • Whiteboard/Flip Charts
    • Off-the-Shelf-AI Analysis Tool, “Business Drivers” and “Business Requirements” tabs

    Participants

    • CIO
    • Senior business and IT stakeholders
    • Data owner(s)
    • Data steward(s)
    • Enterprise Architect
    • Data Architect
    • Data scientist/Data analyst

    Understand data required for implementation

    Do you have the right data to implement and run the AI-powered tool or AI/ML model?

    Info-Tech Insight

    Know your data. Determine data requirements to:

    • Train the model during the implementation and development, and
    • Run the model in production
    AvailabilityArrow pointing rightQualityArrow pointing rightPreparationArrow pointing rightBias, Privacy, SecurityArrow pointing rightData Architecture
    • Define what data is required for implementation, e.g. customer data, financial data, product sentiment.
    • If the data is not available, can it be acquired, gathered, or generated?
    • Define the volume of data required for implementation and production.
    • If the model has to be trained, do you have the data required for training (e.g. dictionary of terms)? Can it be created, gathered, or acquired?
    • Document internal and external sources of data.
    • Evaluate data quality for all data sources based on the requirements and criteria defined in the previous step.
    • For datasets with data quality issues, determine if the data issues can be resolved (e.g. missing values are inferred). If not, can this issue be resolved by using other data sources?
    • Engage a Data Governance organization to address any data quality concerns.
    • Determine if there are requirements for a specific data format required for the tool or model.
    • Determine if there is a need to classify/label or tag the data. What are the metadata requirements?
    • Define whether or not the implementation team needs to aggregate or transform the data before it can be used.
    • Define privacy requirements, as these might affect the availability of the data for ML/AI.
    • Define data bias concerns and considerations. Do you have datasheets for datasets that will be used in this project? What datasets cannot be used to prevent bias?
    • What are the security requirements and how will they affect data storage, product selection, and infrastructure requirements for the tool and overall solution?
    • Define where and how the data is currently stored and will be stored.
    • Does it have to be migrated or consolidated? Does it have to be moved to the cloud or between systems?
    • Is a data lake or data warehouse a requirement for this implementation as defined by the solution architecture?

    2. Use Info-Tech’s Off-the-Shelf AI Analysis Tool to document data requirements

    2-3 hours

    Use the Data tab to document the following for each data source or dataset:
    • Data Domain – e.g. Customer data
    • Data Concept – e.g. Customer
    • Data Internally Accessible – Identify datasets that are required for the implementation even if the data might not be available internally. Work on determining if the data ca be acquired externally or collected internally.
    • Source System – define the primary source system for the data, e.g. Salesforce
    • Target System (if applicable) – Define if the data needs to be migrated/transferred. For example, you might use a datalake or data warehouse for the AI/ML solution or migrate data to the cloud.
    • Classification/Taxonomy/Ontology
    • Data Steward
    • Data Owner
    • Data Quality – Data quality indicator
    • Refresh Rate – Frequency of data refresh. Indicate if the data can be accessed in real time or near-real time

    Screenshot of the Off-the-Shelf AI Analysis Tool's Data tab, a spreadsheet table with the columns listed to the left and below.
    • Retention – Retention policy requirements
    • Compliance Requirements – Define if data has to comply with any of the regulatory requirements, e.g. GDPR
    • Privacy, Bias, and Ethics Considerations – Privacy Act, PIPEDA, etc. Identify if the dataset contains sensitive information that should be excluded from the model, such as gender, age, race etc. Indicate fairness metrics, if applicable.

    Download the Off-the-Shelf AI Analysis Tool

    2. Document data requirements

    Input

    • Documented business use cases from Step 1.
    • High-level business requirements from Step 1.
    • Data catalog, data dictionaries, business glossary
    • Data flows and data architecture

    Output

    • High-level data requirements
    • List of data sources and datasets that can be used for the implementation
    • Datasets that need to be collected or acquired externally

    Materials

    • Whiteboard/Flip Charts
    • Off-the-Shelf AI Analysis Tool, “Data” tab

    Participants

    • CIO
    • Business and IT stakeholders
    • Data owner(s)
    • Data steward(s)
    • Enterprise Architect
    • Data Architect
    • Data scientist/Data analyst

    Is Your Organization Ready for AI?

    Assess organizational readiness and define stakeholders impacted by the implementation. Build the team with the right skillset to drive the solution.

    • Implementation of the AI/ML-powered Off-the-Shelf Tool or an AI/ML model will require a team with a combination of skills through all phases of the project, from design of the solution to build, production, deployment, and support.
    • Document the skillsets required and determine the skills gap. Before you start hiring, depending on the role, you might find talent within the organization to join the implementation team with little to no training.
    • AI/ML resources that may be needed on your team driving AI implementation (you might consider bringing part-time resources to fill the gaps or use vendor developers) are:
      • Data Scientist
      • Machine Learning Engineer
      • Data Engineer
      • Data Architect
      • AI/ML Ops engineer
    • Define training requirements. Consider vendor training for a tool or platform.
    • Plan for future scaling and the growing of the solution and AI practice. Assess the need to apply AI in other business areas. Work with the team to analyze use cases and prioritize AI initiatives. As the practice grows, grow your team expertise.
    • Identify the stakeholders who will be affected by the AI implementation.
    • Work with them to understand and address any concerns, fears, or misconceptions around the role of AI and the consequences of bringing AI into the organization.
    • Develop a communication and change management plan to educate everyone within the organization on the application and benefits of using AI and machine learning.

    Info-Tech Insight:

    Define the skills required for the implementation and assemble the team that will support the project through its entire lifecycle. Don’t forget about production, support, and maintenance.

    3. Build your implementation team

    1-2 hours

    Input: Solution conceptual design, Current resource availability

    Output: Roles required for the implementation of the solution, Resources gap analysis, Training and hiring plan

    Materials: Whiteboard/Flip charts, Off-the-Shelf AI Analysis Tool, “People and Team” tab

    Participants: Project lead, HR, Enterprise Architect

    1. Review your solution conceptual design and define implementation team roles.
    2. Document requirements for each role.
    3. Review current org chart and job descriptions and identify skillset gaps. Draft an action plan to fill in the roles.
    4. Use Info-Tech’s Off-the-Shelf AI Analysis Tool's People and Team tab to document team roles for the entire implementation, including design, build/implement, deployment, support and maintenance, and future development.

    Screenshot of the Off-the-Shelf AI Analysis Tool's People and Team tab, a table with columns 'Design', 'Implement', 'Deployment', 'Support and Maintenance', and 'Future Development'.

    Download the Off-the-Shelf AI Analysis Tool

    Cloud, SaaS or On Prem – what are my options and what is the impact?

    Depending on the architecture of the solution, define the impact on the current infrastructure, including system integration, AI/ML pipeline deployment, maintenance, and data storage

    • Data Architecture: use the current data architecture to design the architecture for an AI-powered solution. Assess changes to the data architecture with the introduction of a new tool to make sure it is scalable enough to support the change.
    • Define infrastructure requirements for either Cloud, Software-as-a-Service, or on-prem deployment of a tool or model.
    • Define how the tool will be integrated with existing systems and into existing infrastructure.
    • Define requirements for:
      • Data migration and data storage
      • Security
      • AI/ML pipeline deployment, production monitoring, and maintenance
    • Define requirements for operation and maintenance of the tool or model.
    • Work with your infrastructure architect and vendor to determine the cost of deploying and running the tool/model.
    • Make a decision on the preferred architecture of the system and confirm infrastructure readiness.

    Download the Create an Architecture for AI blueprint

    4. Use Info-Tech’s Off-the-Shelf AI Analysis Tool to document infrastructure decisions

    2-3 hours

    Input: Solution conceptual design

    Output: Infrastructure requirements, Infrastructure readiness assessment

    Materials: Whiteboard/Flip charts, Off-the-Shelf AI Analysis Tool, “Infrastructure” tab

    Participants: Infrastructure Architect, Solution Architect, Enterprise Architect, Data Architect, ML/AI Ops Engineer

    1. Work with Infrastructure, Data, Solution, and Enterprise Architects to define your conceptual solution architecture.
    2. Define integration and storage requirements.
    3. Document security requirements for the solution in general and the data specifically.
    4. Define MLOps requirements and tools required for ML/AI pipeline deployment and production monitoring.
    5. Use Info-Tech’s Off-the-Shelf AI Analysis Tool's Infrastructure tab to document requirements and decisions around Data and Infrastructure Architecture.

    Screenshot of the Off-the-Shelf AI Analysis Tool's Infrastructure tab, a table with columns 'Cloud, SaaS or On-Prem', 'Data Migration Requirements', 'Data Storage Requirements', 'Security Requirements', 'Integrations Required', and 'AI/ML Pipeline Deployment and Maintenance Requirements'.

    Download the Off-the-Shelf AI Analysis Tool

    What questions do you need to ask vendors when choosing the solution?

    Take advantage of Info-Tech’s Rapid Application Selection Framework (RASF) to guide tool selection, but ask vendors the right questions to understand implications of having AI/ML built into the tool or a model

    Data Model Implementation and Integration Deployment Security and Compliance
    • What data (attributes) were used to train the model?
    • Do you have datasheets for the data used?
    • How was data bias mitigated?
    • What are the data labeling/classification requirements for training the model?
    • What data is required for production? E.g. volume; type of data, etc.
    • Were there any open-source libraries used in the model? If yes, how were vulnerabilities and security concerns addressed?
    • What algorithms are implemented in the tool/model?
    • Can model parameters be configured?
    • What is model accuracy?
    • Level of customization required for the implementation to meet our requirements.
    • Does the model require training? If yes, can you provide details? Can you estimate the effort required?
    • Integration capabilities and requirements.
    • Data migration requirements for tool operation and development.
    • Administrator console – is this functionality available?
    • Implementation timeframe.
    • Is the model or tool deployable on premises or in the cloud? Do you support hybrid cloud and multi-cloud deployment?
    • What cloud platforms are your product/model integrated with (AWS, Azure, GCP)?
    • What are the infrastructure requirements?
    • Is the model containerized/ scalable?
    • What product support and product updates are available?
    • Regulatory compliance (GDPR, PIPEDA, HIPAA, PCI DSS, CCPA, SOX, etc.)?
    • How are data security risks addressed?

    Use Info-Tech’s Off-the-Shelf AI Analysis Tool, “Vendor Questionnaire” tab to track vendor responses to these questions.

    Are you measuring impact on your processes?

    Make sure that you understand the impact of the new technology on the existing business and IT processes.

    And make sure your business processes are ready to take advantage of the benefits and new capabilities enabled by AI/ML.

    Process automation, optimization, and improvement enabled by the technology and AI/ML-powered tools allow organizations to reduce manual work, streamline existing business processes, improve customer satisfaction, and get critical insights to assist decision making.

    To take full advantage of the benefits and new capabilities enabled by the technology, make sure that business and IT processes reflect these changes:

    • Processes that need to be updated.
    • How the outcome of the tool or a model (e.g. predictions) is incorporated into the existing business processes and the processes that will monitor the accuracy of the outcome and monitor performance of the tool or model.
    • New business and IT processes that need to be defined for the tool (e.g. chatbot maintenance, analysis of the data generated by the tool, etc.).

    5. Document the Impact on Business and IT Processes

    2-3 hours

    Input: Solution design, Existing business and IT processes

    Output: Documented updates to the existing processes, Documented new business and IT processes

    Materials: Whiteboard/Flip charts, Off-the-Shelf AI Analysis Tool, “Business and IT Processes” tab

    Participants: Project lead, Business stakeholders, Business analyst

    1. Review current business processes affected by the implementation of the AI/ML- powered tool or model. Define the changes that need to be made. The changes might include simplification of the process due to automation of some of the steps. Some processes will need to be redesigned and some processes might become obsolete.
    2. Document high-level steps for any new processes that need to be defined around the AI/ML-powered tool. An example of such a process would be defining new IT and business processes to support a new chatbot.
    3. Use Info-Tech’s Off-the-Shelf AI Analysis Tool's Business and IT Processes tab, to document process changes.

    Screenshot of the Off-the-Shelf AI Analysis Tool's Business and IT Processes tab, a table with columns 'Existing business process affected', 'New business process', 'Stakeholders involved', 'Changes to be made', and 'New Process High-Level Steps'.

    Download the Off-the-Shelf AI Analysis Tool

    AI-powered Tools – Considerations

    PROS:
    • Enhanced functionality, allows the power of AI without specialized skills (e.g., Mathematica – recognizing patterns in data).
    • Might be a cheaper option compared to building a solution in-house (chatbot, for ex.).

    Info-Tech Insight:

    No need to reinvent the wheel and build the product you can buy, but be prepared to work around tool limitations, and make sure you understand the data and the model the tool is built on.

    CONS:
    • Dependency on the service provider.
    • The tool might not meet all the business requirements without customization.
    • Bias can be built into the tool:
      • Work with the vendor to understand what data was used to train the model.
      • From the perspective of ethics and bias, learn what model is implemented in the tool and what data attributes the model uses.

    Pre-built/pre-trained models – what to keep in mind when choosing

    PROS:
    • Lower cost and less time to development compared to creating and training models from scratch (e.g. using image recognition models or pre-trained language models like BERT).
    • If the pre-trained and optimized model perfectly fits your needs, the model accuracy might be high and sufficient for your scenario.
    • Off-the-Shelf AI models are useful for creating prototypes or POCs, for testing a hypothesis, and for validating ideas and requirements.
    • Usage of Off-the-Shelf models shortens the development cycle and reduces investment risks.
    • Language models are particularly useful if you don’t have data to train your own model (a “small data” scenario).
    • Infrastructure and model training cost reduction.
    CONS:
    • Might be a challenge to deploy and maintain the system in production.
    • Lack of flexibility: you might not be able to configure input or output parameters to your requirements. For example, a pre-built sentiment analysis model might return four values (“positive,” “negative,” “neutral,” and “mixed”), but your solution will require only two or three values.
    • Might be a challenge to comply with security and privacy requirements.
    • Compliance with privacy and fairness requirements and considerations: what data was used to pretrain the model?
    • If open-source libraries were used to create the model, how will vulnerabilities, risks, and security concerns be addressed?

    Info-Tech Insight:

    Using Off-the-Shelf AI models enables an agile approach to system development – faster POC and validation of ideas and approaches, but the model might not be customizable for your requirements.

    Metrics

    Metrics and KPIs for this project will depend on the business goals and objectives that you will identify in Step 1 of the tool selection process.

    Metrics might include:

    • Reduction of time spent on a specific business process. If the tool is used to automate certain steps of a business process, this metric will measure how much time was saved, in minutes/hours, compared to the process time before the introduction of the tool.
    • Accuracy of prediction. This metric would measure the accuracy of estimations or predictions compared to the same estimations done before the implementation of the tool. It can be measured by generating the same prediction or estimation using the AI-powered tool or using any methods used before the introduction of the tool and comparing the results.
    • Accuracy of the search results. If the AI-powered tool is a search engine, compare a) how much time it would take a user to find an article or a piece of content they were searching for using new tool vs. previous techniques, b) how many steps it took the user to locate the required article in the search results, and c) the location of the correct piece of content in the search result list (at the top of the search result list or on the tenth page).
    • Time spent on manual tasks and activities. This metric will measure how much time, in minutes/hours, is spent by the employees or users on manual tasks if the tool automates some of these tasks.
    • Reduction of business process steps (if the steps are being automated). To derive this metric, create a map of the business process before the introduction of the AI-powered tool and after, and determine if the tool helped to simplify the process by reducing the number of process steps.

    Bibliography

    Adryan, Boris. “Is it all machine learning?” Badryan, Oct. 20, 2015. Accessed Feb. 2022.

    “AI-Powered Data Management Platform.” Informatica, N.d. Accessed Feb 2022.

    Amazon Rekognition. “Automate your image and video analysis with machine learning.” AWS. N.d. Accessed Feb 2022.

    “Artificial Intelligence (AI).” IBM Cloud Education, 3 June 2020. Accessed Feb 2022.

    “Artificial intelligence (AI) vs machine learning (ML).” Microsoft Azure Documentation. Accessed Feb. 2022.

    “Avante Garde in the Realm of AI” SearchUnify Cognitive Platform. Accessed Feb 2022.

    “Azure Cognitive Services.” Microsoft. N.d. Accessed Feb 2022.

    “Becoming an AI-fueled organization. State of AI in the enterprise, 4th edition,” Deloitte, 2020. Accessed Feb. 2022.

    “Coveo Predictive Search.” Coveo, N.d. Accessed Feb 2022.

    ”Data and AI Leadership. Executive Survey 2022. Executive Summary of Findings.” NewVantage Partners. Accessed Feb 2022.

    “Einstein Discovery in Tableau.” Tableau, N.d. Accessed Feb 2022.

    Korolov, Maria. “9 biggest hurdles to AI adoption.” CIO, Feb 26, 2019. Accessed Feb 2022.

    Meel, Vidushi. “What Is Deep Learning? An Easy to Understand Guide.” visio.ai. Accessed Feb. 2022.

    Mitchell, Tom. “Machine Learning,” McGraw Hill, 1997.

    Stewart, Matthew. “The Actual Difference Between Statistics and Machine Learning.” Towards Data Science, Mar 24, 2019. Accessed Feb 2022.

    “Sentiment analysis with Cognitive Services.” Microsoft Azure Documentation. Accessed February 2022.

    “Three Principles for Designing ML-Powered Products.” Spotify Blog. Oct 2019, Accessed Feb 2022.

    “Video Intelligence API.” Google Cloud Platform. N.d. Accessed Feb 2022

    Identify and Manage Financial Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}218|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • As vendors become more prevalent in organizations, organizations increasingly need to understand and manage the potential financial impacts of vendors’ actions.
    • It is only a matter of time until a vendor mistake impacts your organization. Make sure you are prepared to manage the adverse financial consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.
    • Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.

    Impact and Result

    • Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Financial Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Financial Risk Impact on Your Organization Deck – Use the research to better understand the negative financial impacts of vendor actions.

    Use this research to identify and quantify the potential financial impacts of vendors’ poor performance. Use Info-Tech’s approach to look at the financial impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Financial Risk Impacts on Your Organization Storyboard

    2. “What If” Financial Risk Impact Tool – Use this tool to help identify and quantify the financial impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Financial Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Financial Risk Impacts on Your Organization

    Good vendor management practices help organizations understand the costs of negative vendor actions.

    Analyst Perspective

    Vendor actions can have significant financial consequences for your organization.

    Photo of Frank Sewell, Research Director, Vendor Management, Info-Tech Research Group.

    Vendors are becoming more influential and essential to the operation of organizations. Often the sole risk consideration of a business is whether the vendor meets a security standard, but vendors can negatively impact organizations’ budgets in various ways. Fortunately, though inherent risk is always present, organizations can offset the financial impacts of high-risk vendors by employing due diligence in their vendor management practices to help manage the overall risks.

    Frank Sewell
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    As vendors become more prevalent in organizations, organizations increasingly need to understand and manage the potential financial impacts of vendors’ actions.

    It is only a matter of time until a vendor mistake impacts your organization. Make sure you are prepared to manage the adverse financial consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.

    Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Info-Tech Insight

    Companies without good vendor management risk initiatives will take on more risk than they should. Solid vendor management practices are imperative –organizations must evolve to ensure that vendors deliver services according to performance objectives and that risks are managed accordingly.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    Cube with each multiple colors on each face, similar to a Rubix cube, and individual components of vendor risk branching off of it: 'Financial', 'Reputational', 'Operational', 'Strategic', 'Security', and 'Regulatory & Compliance'.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Financial risk impact

    Potential losses to the organization due to financial risks

    In this blueprint, we’ll explore financial risks and their impacts.

    Identifying negative actions is paramount to assessing the overall financial impact on your organization, starting in the due diligence phase of the vendor assessment and continuing throughout the vendor lifecycle.

    Cube with each multiple colors on each face, similar to a Rubix cube, and the vendor risk component 'Financial' highlighted.

    Unbudgeted financial risk impact

    The costs of adverse vendor actions, such as a breach or an outage, are increasing. By knowing these potential costs, leaders can calculate how to avoid them throughout the lifecycle of the relationship.

    Loss of business represents the largest share of the breach

    38%

    Avg. $1.59M
    Global average cost of a vendor breach

    $4.2M

    Percentage of breaches in 2020 caused by business associates

    40.2%

    23.2% YoY
    (year over year)
    (Source: “Cost of a Data Breach Report 2021,” IBM, 2021) (Source: “Vendor Risk Management – A Growing Concern,” Stern Security, 2021)

    Example: Hospital IT System Outage

    Hospitals often rely on vendors to manage their data center environments but rarely understand the downstream financial impacts if that vendor fails to perform.

    For example, a vendor implements a patch out of cycle with no notice to the IT group. Suddenly all IT systems are down. It takes 12 hours for the IT teams to return systems to normal. The downstream impacts are substantial.

    • There is no revenue capture during outage (patient registration, payments).
      • The financial loss is significant, impacting cash on hand and jeopardizing future projects.
    • Clinicians cannot access the electronic health record (EHR) system and shift to downtime paper processes.
      • This can cause potential risks to patient health, such as unknown drug interactions.
      • This could also incur lawsuits, fines, and penalties.
    • Staff must manually add the paper records into the EHR after the incident is corrected.
      • Staff time is lost on creating paper records and overtime is required to reintroduce those records into EMR.
    • Staff time and overtime pay on troubleshooting and solving issues take away from normal operations and could cause delays, having downstream effects on the timing of other projects.

    Insight Summary

    Assessing financial impacts is an ongoing, educative, and collaborative multidisciplinary process that vendor management initiatives are uniquely designed to coordinate and manage for organizations.

    Insight 1 Vendors are becoming more and more crucial to organizations’ overall operations, and most organizations have a poor understanding of the potential impacts they represent.

    Is your vendor solvent? Do they have enough staff to accommodate your needs? Has their long-term planning been affected by changes in the market? Are they unique in their space?

    Insight 2 Financial impacts from other risk types deserve just as much focus as security alone, if not more.

    Examples include penalties and fines, loss of revenue due to operational impacts, vendor replacement costs, hidden costs in poorly understood contracts, and lack of contractual protections.

    Insight 3 There is always an inherent risk in working with a vendor, but organizations should financially quantify how much each risk may impact their budget.

    A significant concern for organizations is quantifying different types of risks. When a risk occurs, the financial losses are often poorly understood, with unbudgeted financial impacts.

    Three stages of vendor financial risk assessment

    Assess risk throughout the complete vendor lifecycle

    1. Pre-Relationship Due Diligence: The initial pre-relationship due diligence stage is a crucial point to establish risk management practices. Vendor management practices ensure that a potential vendor’s risk is categorized correctly by facilitating the process of risk assessment.
    2. Monitor & Manage: Once the relationship is in place, organizations should enact ongoing management efforts to ensure they are both getting their value from the vendor and appropriately addressing any newly identified risks.
    3. Termination: When the termination of the relationship arrives, the organization should validate that adequate protections that were established while forming a contract in the pre-relationship stage remain in place.

    Inherent risks from negative actions are pervasive throughout the entire vendor lifecycle. Collaboratively understanding those risks and working together to put proper management in place enables organizations to get the most value out of the relationship with the least amount of risk.

    Flowchart for 'Assessing Financial Risk Impacts', beginning with 'New Vendor' to 'Sourcing' to the six components of 'Vendor Management'. After a gamut of assessments such as ''What If' Game' one can either 'Accept' to move on to 'Pre-Relationship', 'Monitor & Manage', and eventually to 'Termination', or not accept and circle back to 'Sourcing'.

    Stage 1: Pre-relationship assessment

    Do these as part of your due diligence

    • Review and negotiate contract terms and conditions.
      • Ensure that you have the protections to make you whole in the event of an incident, in the event that another entity purchases the vendor, and throughout the entire lifecycle of your relationship with the vendor.
      • Make sure to negotiate your post-termination protections in the initial agreement.
    • Perform a due-diligence financial assessment.
      • Make sure the vendor is positioned in the market to be able to service your organization.
    • Perform an initial risk assessment.
      • Identify and understand all potential factors that may cause financial impacts to your organization.
      • Include total cost of ownership (TCO) and return of investment (ROI) as potential impact offsets.
    • Review case studies – talk to other customers.
      • Research who else has worked with the vendor to get “the good, the bad, and the ugly” stories to form a clear picture of a potential relationship with the vendor.
    • Use proofs of concept.
      • It is essential to know how the vendor and their solutions will work in the environment before committing resources and to incorporate them into organizational strategic plans.
    • Limit vendors’ ability to increase costs over the years. It is not uncommon for a long-term relationship to become more expensive than a new one over time when the increases are unmanaged.
    • Vendor audits can be costly and a significant distraction to your staff. Make sure to contractually limit them.
    • Many vendors enjoy significant revenue from unclear deliverables and vague expectations that lead to change requests at unknown rates – clarifying expectations and deliverables and demanding negotiated rate sheets before engagement will save budget and strengthen the relationship.

    Visit Info-Tech’s VMO ROI Calculator and Tracker

    The “what if” game

    1-3 hours

    Input: List of identified potential risk scenarios scored by likelihood and financial impact, List of potential management of the scenarios to reduce the risk

    Output: Comprehensive financial risk profile on the specific vendor solution

    Materials: Whiteboard/flip charts, Financial Risk Impact Tool to help drive discussion

    Participants: Vendor Management – Coordinator, IT Operations, Legal/Compliance/Risk Manager, Finance/Procurement

    Vendor management professionals are in an excellent position to collaboratively pull together resources across the organization to determine potential risks. By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Financial Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potential risks but manage the overall process to keep the discussion on track.
    3. Collect the outputs and ask the subject matter experts for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Financial Risk Impact Tool

    Stage 2.1: Monitor the financial risk

    Ongoing monitoring activities

    Never underestimate the value of keeping the relationship moving forward.

    Examples of items and activities to monitor include;

    Stock photo of a worker being trained on a computer.
    • Fines
    • Data leaks
    • Performance
    • Credit monitoring
    • Viability/solvency
    • Resource capacity
    • Operational impacts
    • Regulatory penalties
    • Increases in premiums
    • Security breaches (infrastructure)

    Info-Tech Insight

    Many organizations do not have the resources to dedicate to annual risk assessments of all vendors.

    Consider timing ongoing risk assessments to align with contract renewal, when you have the most leverage with the vendor.

    Visit Info-Tech’s Risk Register Tool

    Stage 2.2: Manage the financial risk

    During the lifecycle of the vendor relationship

    • Renew risk assessments annually.
    • Focus your efforts on highly ranked risks.
    • Is there a new opportunity to negotiate?
    • Identify and classify individual vendor risk.
    • Are there better existing contracts in place?
    • Review financial health checks at the same time.
    • Monitor and schedule contract renewals and new service/module negotiations.
    • Perform business alignment meetings to reassess the relationship.
    • Ongoing operational meetings should be supplemental, dealing with day-to-day issues.
    • Develop performance metrics and hold vendors accountable to established service levels.
    Stock image of a professional walking an uneven line over the words 'Risk Management'.

    Stage 3: Termination

    An essential and often overlooked part of the vendor lifecycle is the relationship after termination

    • The risk of a vendor keeping your data for “as long as they want” is high.
      • Data retention becomes a “forever risk” in today’s world of cyber issues if you do not appropriately plan.
    • Ensure that you always know where data resides and where people are allowed to access that data.
      • If there is a regulatory need to house data only in specific locations, ensure that it is explicit in agreements.
    • Protect your data through language in initial agreements that covers what needs to happen when the relationship with the vendor terminates.
      • Typically, all the data that the vendor has retained is returned and/or destroyed at your sole discretion.
    Stock image of a sign reading 'Closure'.

    Related Info-Tech Research

    Stock photo of two co-workers laughing. Design and Build an Effective Contract Lifecycle Management Process
    • Achieve measurable savings in contract time processing, financial risk avoidance, and dollar savings
    • Understand how to identify and mitigate risk to save the organization time and money.
    Stock image of reports and file folders. Identify and Reduce Agile Contract Risk
    • Manage Agile contract risk by selecting the appropriate level of protections for an Agile project.
    • Focus on the correct contract clauses to manage Agile risk.
    Stock photo of three co-workers gathered around a computer screen. Jump Start Your Vendor Management Initiative
    • Vendor management must be an IT strategy. Solid vendor management is an imperative – IT organizations must develop capabilities to ensure that services are delivered by vendors according to service level objectives and that risks are mitigated according to the organization's risk tolerance.
    • Gain visibility into your IT vendor community. Understand how much you spend with each vendor and rank their criticality and risk to focus on the vendors you should be concentrating on for innovative solutions.

    Take Control of Cloud Costs on Microsoft Azure

    • Buy Link or Shortcode: {j2store}426|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $125,999 Average $ Saved
    • member rating average days saved: 50 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • Traditional IT budgeting and procurement processes don't work for public cloud services.
    • The self-service nature of the cloud means that often the people provisioning cloud resources aren't accountable for the cost of those resources.
    • Without centralized control or oversight, organizations can quickly end up with massive Azure bills that exceed their IT salary cost.

    Our Advice

    Critical Insight

    • Most engineers care more about speed of feature delivery and reliability of the system than they do about cost.
    • Often there are no consequences for overarchitecting or overspending on Azure.
    • Many organizations lack sufficient visibility into their Azure spend, making it impossible to establish accountability and controls.

    Impact and Result

    • Define roles and responsibilities.
    • Establish visibility.
    • Develop processes, procedures, and policies.

    Take Control of Cloud Costs on Microsoft Azure Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should take control of cloud costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a cost accountability framework

    Assess your current state, define your cost allocation model, and define roles and responsibilities.

    • Cloud Cost Management Worksheet
    • Cloud Cost Management Capability Assessment
    • Cloud Cost Management Policy
    • Cloud Cost Glossary of Terms

    2. Establish visibility

    Define dashboards and reports, and document account structure and tagging requirements.

    • Service Cost Cheat Sheet for Azure

    3. Define processes and procedures

    Establish governance for tagging and cost control, define process for right-sizing, and define process for purchasing commitment discounts.

    • Right-Sizing Workflow (Visio)
    • Right-Sizing Workflow (PDF)
    • Commitment Purchasing Workflow (Visio)
    • Commitment Purchasing Workflow (PDF)

    4. Build an implementation plan

    Document process interactions, establish program KPIs, and build implementation roadmap and communication plan.

    • Cloud Cost Management Task List
    [infographic]

    Workshop: Take Control of Cloud Costs on Microsoft Azure

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build a Cost Accountability Framework

    The Purpose

    Establish clear lines of accountability and document roles & responsibilities to effectively manage cloud costs.

    Key Benefits Achieved

    Understanding of key areas to focus on to improve cloud cost management capabilities.

    Activities

    1.1 Assess current state

    1.2 Determine cloud cost model

    1.3 Define roles & responsibilities

    Outputs

    Cloud cost management capability assessment

    Cloud cost model

    Roles & responsibilities

    2 Establish Visibility

    The Purpose

    Establish visibility into cloud costs and drivers of those costs.

    Key Benefits Achieved

    Better understanding of what is driving costs and how to keep them in check.

    Activities

    2.1 Develop architectural patterns

    2.2 Define dashboards and reports

    2.3 Define account structure

    2.4 Document tagging requirements

    Outputs

    Architectural patterns; service cost cheat sheet

    Dashboards and reports

    Account structure

    Tagging scheme

    3 Define Processes & Procedures

    The Purpose

    Develop processes, procedures, and policies to control cloud costs.

    Key Benefits Achieved

    Improved capability of reducing costs.

    Documented processes & procedures for continuous improvement.

    Activities

    3.1 Establish governance for tagging

    3.2 Establish governance for costs

    3.3 Define right-sizing process

    3.4 Define purchasing process

    3.5 Define notification and alerts

    Outputs

    Tagging policy

    Cost control policy

    Right-sizing process

    Commitment purchasing process

    Notifications and alerts

    4 Build an Implementation Plan

    The Purpose

    Document next steps to implement & improve cloud cost management program.

    Key Benefits Achieved

    Concrete roadmap to stand up and/or improve the cloud cost management program.

    Activities

    4.1 Document process interaction changes

    4.2 Define cloud cost program KPIs

    4.3 Build implementation roadmap

    4.4 Build communication plan

    Outputs

    Changes to process interactions

    Cloud cost program KPIs

    Implementation roadmap

    Communication plan

    IT Organizational Design

    • Buy Link or Shortcode: {j2store}32|cart{/j2store}
    • Related Products: {j2store}32|crosssells{/j2store}
    • member rating overall impact: 9.1/10
    • member rating average dollars saved: $83,392
    • member rating average days saved: 21
    • Parent Category Name: People and Resources
    • Parent Category Link: /people-and-resources

    The challenge

    • IT can ensure full business alignment through an organizational redesign.
    • Finding the best approach for your company is difficult due to many frameworks and competing priorities.
    • External competitive influences and technological trends exacerbate this.

    Our advice

    Insight

    • Your structure is the critical enabler of your strategic direction. Structure dictates how people work together and how they can fill in their roles to create the desired business value. 
    • Constant change is killing for an organization. You need to adapt, but you need a stable baseline and make sure the change is in line with the overall strategy and company context.
    • A redesign is only successful if it really happens. Shifting people into new positions is not enough to implement a redesign. 

    Impact and results 

    • Define your redesign principles. They will act as a manifesto to your change. It also provides for a checklist, ensuring that the structure does not deviate from the business strategy.
    • Visualize the new design with a customized operating model for your company. It must demonstrate how IT creates value and supports the business value creation chains.
    • Define the future-state roles, functions, and responsibilities to enable your IT department to support the business effectively.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief explains to you the challenges associated with the organizational redesign. We'll show you our methodology and the ways we can help you in completing this.

    Define your organizational design principles and select your operating model

    The design principles will govern your organizational redesign; Align the principles with your business strategy.

    • Redesign Your IT Organizational Structure – Phase 1: Craft Organizational Design Principles and Select an IT Operating Model (ppt)
    • Organizational Design Communications Deck (ppt)

    Customize the selected IT operating model to your company

    Your operating model must account for the company's nuances and culture.

    • Redesign Your IT Organizational Structure – Phase 2: Customize the IT Operating Model (ppt)
    • Operating Models and Capability Definition List (ppt)

    Design the target-state of your IT organizational structure

    Go from an operating model to the structure fit for your company.

    • Redesign Your IT Organizational Structure – Phase 3: Architect the Target-State IT Organizational Structure (ppt)
    • Organizational Design Capability RACI Chart (xls)
    • Work Unit Reference Structures (Visio)
    • Work Unit Reference Structures (pdf)

    Communicate the benefits of the new structure

    Change does not come easy. People will be anxious. Craft your communications to address critical concerns and obtain buy-in from the organization. If the reorganization will be painful, be up-front on that, and limit the time in which people are uncertain.

    • Redesign Your IT Organizational Structure – Phase 4: Communicate the Benefits of the New Organizational Structure (ppt)

     

    Select an EA Tool Based on Business and User Need

    • Buy Link or Shortcode: {j2store}274|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $62,999 Average $ Saved
    • member rating average days saved: 18 Average Days Saved
    • Parent Category Name: Architecture Domains
    • Parent Category Link: /architecture-domains
    • A mature EA function is increasingly becoming an organizational priority to drive innovation, provide insight, and define digital capabilities.
    • Proliferation of digital technology has increased complexity, straining the EA function to deliver insights.
    • An EA tool increases the efficiency with which the EA function can deliver insights, but a large number of organizations have not a selected an EA tool that suits their needs.

    Our Advice

    Critical Insight

    • EA tool value largely comes from tying organizational context and requirements to the selection process.
    • Organizations that have selected an EA tool often fail to have it adopted and show its true value. To ensure successful adoption and value delivery, the EA tool selection process must account for the needs of business stakeholders and tool users.

    Impact and Result

    • Link the need for the EA tool to your organization’s EA value proposition. The connection enables the EA tool to address the future needs of stakeholders and the design style of the EA team.
    • Use Info-Tech’s EA Solution Recommendation Tool to create a shortlist of EA tools that is suited to the preferences of the organization.
    • Gather additional information on the shortlist of EA tool vendors to narrow down the selection using the EA Tool Request for Information Template.

    Select an EA Tool Based on Business and User Need Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should procure an EA tool in the digital age, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Select an EA Tool Based on Business and User Need – Executive Brief
    • Select an EA Tool Based on Business and User Need – Phases 1-3

    1. Make the case

    Decide if an EA tool is needed in your organization and define the requirements of EA tool users.

    • Select an EA Tool Based on Business and User Need – Phase 1: Make the Case
    • EA Value Proposition Template
    • EA Tool User Requirements Template

    2. Shortlist EA tools

    Determine your organization’s preferences in terms of product capabilities and vendor characteristics.

    • Select an EA Tool Based on Business and User Need – Phase 2: Shortlist EA Tools
    • EA Solution Recommendation Tool

    3. Select and communicate the process

    Gather information on shortlisted vendors and make your final decision.

    • Select an EA Tool Based on Business and User Need – Phase 3: Select and Communicate the Process
    • EA Tool Request for Information Template
    • EA Tool Demo Script Template
    • Request for Proposal (RFP) Template
    • EA Tool Selection Process Template
    [infographic]

    IT Governance

    • Buy Link or Shortcode: {j2store}22|cart{/j2store}
    • Related Products: {j2store}22|crosssells{/j2store}
    • Up-Sell: {j2store}22|upsells{/j2store}
    • member rating overall impact: 9.2/10
    • member rating average dollars saved: $124,127
    • member rating average days saved: 37
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: /strategy-and-governance
    Read our concise Executive Brief to find out why you may want to redesign your IT governance, Review our methodology, and understand how we can support you in completing this process.

    Design and Implement a Business-Aligned Security Program

    • Buy Link or Shortcode: {j2store}368|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • You need to build a security program that enables business services and secures the technology that makes them possible.
    • Building an effective, business-aligned security program requires that you coordinate many components, including technologies, processes, organizational structures, information flows, and behaviors.
    • The program must prioritize the right capabilities, and support its implementation with clear accountabilities, roles, and responsibilities.

    Our Advice

    Critical Insight

    • Common security frameworks focus on operational controls rather than business value creation, are difficult to convey to stakeholders, and provide little implementation guidance.
    • A security strategy can provide a snapshot of your program, but it won’t help you modernize or transform it, or align it to meet emerging business requirements.
    • There is no unique, one-size-fits-all security program. Each organization has a distinct character and profile and differs from others in several critical respects.

    Impact and Result

    Tailor your security program according to what makes your organization unique.

    • Analyze critical design factors to determine and refine the scope of your security program and prioritize core program capabilities.
    • Identify program accountabilities, roles, and responsibilities.
    • Build an implementation roadmap to ensure its components work together in a systematic way to meet business requirements.

    Design and Implement a Business-Aligned Security Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design and Implement a Business-Aligned Security Strategy – A step-by-step guide on how to understand what makes your organization unique and design a security program with capabilities that create business value.

    This storyboard will help you lay foundations for your security program that will inform future security program decisions and give your leadership team the information they need to support your success. You will evaluate design factors that make your organization unique, prioritize the security capabilities to suit, and assess the maturity of key security program components including security governance, security strategy, security architecture, service design, and service metrics.

    • Design and Implement a Business-Aligned Security Program Storyboard

    2. Security Program Design Tool – Tailor the security program to what makes your organization unique to ensure business-alignment.

    Use this Excel workbook to evaluate your security program against ten key design factors. The tool will produce a goals cascade that shows the relationship between business and security goals, a prioritized list of security capabilities that align to business requirements, and a list of program accountabilities.

    • Security Program Design Tool

    3. Security Program Design and Implementation Plan – Assess the current state of different security program components, plan next steps, and communicate the outcome to stakeholders.

    This second Excel workbook will help you conduct a gap analysis on key security program components and identify improvement initiatives. You can then use the Security Program Design and Implementation Plan to collect results from the design and implementation tools and draft a communication deck.

    • Security Program Implementation Tool
    • Security Program Design and Implementation Plan

    Infographic

    Workshop: Design and Implement a Business-Aligned Security Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Initial Security Program Design

    The Purpose

    Determine the initial design of your security program.

    Key Benefits Achieved

    An initial prioritized list of security capabilities that aligns with enterprise strategy and goals.

    Activities

    1.1 Review Info-Tech diagnostic results.

    1.2 Identify project context.

    1.3 Identify enterprise strategy.

    1.4 Identify enterprise goals.

    1.5 Build a goal cascade.

    1.6 Assess the risk profile.

    1.7 Identify IT-related issues.

    1.8 Evaluate initial program design.

    Outputs

    Stakeholder satisfaction with program

    Situation, challenges, opportunities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    2 Refine Security Program Capabilities

    The Purpose

    Refine the design of your security program.

    Key Benefits Achieved

    A refined, prioritized list of security capabilities that reflects what makes your organization unique.

    Activities

    2.1 Gauge threat landscape.

    2.2 Identify compliance requirements.

    2.3 Categorize the role of IT.

    2.4 Identify the sourcing model.

    2.5 Identify the IT implementation model.

    2.6 Identify the tech adoption strategy.

    2.7 Refine the scope of the program.

    Outputs

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    3 Security Program Gap Analysis

    The Purpose

    Finalize security program design.

    Key Benefits Achieved

    Key accountabilities to support the security program

    Gap analysis to produce an improvement plan

    Activities

    3.1 Identify program accountabilities.

    3.2 Conduct program gap analysis.

    3.3 Prioritize initiatives.

    Outputs

    Documented program accountabilities.

    Security program gap analysis

    Security program gap analysis

    4 Roadmap and Implementation Plan

    The Purpose

    Create and communicate an improvement roadmap for the security program.

    Key Benefits Achieved

    Security program design and implementation plan to organize and communicate program improvements.

    Activities

    4.1 Build program roadmap

    4.2 Finalize implementation plan

    4.3 Sponsor check-in

    Outputs

    Roadmap of program improvement initiatives

    Roadmap of program improvement initiatives

    Communication deck for program design and implementation

    Further reading

    Design a Business-Aligned Security Program

    Focus on business value first.

    EXECUTIVE BRIEF

    Analyst Perspective

    Business alignment is no accident.

    Michel Hébert

    Security leaders often tout their choice of technical security framework as the first and most important program decision they make. While the right framework can help you take a snapshot of the maturity of your program and produce a quick strategy and roadmap, it won’t help you align, modernize, or transform your program to meet emerging business requirements.

    Common technical security frameworks focus on operational controls rather than business services and value creation. They are difficult to convey to business stakeholders and provide little program management or implementation guidance.

    Focus on business value first, and the security services that enable it. Your organization has its own distinct character and profile. Understand what makes your organization unique, then design and refine the design of your security program to ensure it supports the right capabilities. Next, collaborate with stakeholders to ensure the right accountabilities, roles, and responsibilities are in place to support the implementation of the security program.

    Michel Hébert
    Research Director, Security & Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • You need to build a security program that enables business services and secures the technology that makes them possible.
    • Building an effective, business-aligned security program requires that you coordinate many components, including technologies, processes, organizational structures, information flows, and behaviors.
    • The program must prioritize the right capabilities, and support its implementation with clear accountabilities, roles, and responsibilities.
    • Common security frameworks focus on operational controls rather than business value creation, are difficult to convey to stakeholders, and provide little implementation guidance.
    • A security strategy can provide a snapshot of your program, but it won’t help you modernize or transform it, or align it to meet emerging business requirements.
    • There is no unique, one-size-fits-all security program. Each organization has a distinct character and profile and differs from others in several critical respects.

    Tailor your security program according to what makes your organization unique.

    • Analyze critical design factors to determine and refine the design of your security program and prioritize core program capabilities.
    • Identify program accountabilities, roles, and responsibilities.
    • Build an implementation roadmap to ensure its components work together in a systematic way to meet business requirements.

    Info-Tech Insight

    You are a business leader who supports business goals and mitigates risk. Focus first on business value and the security services that enable it, not security controls.

    Your challenge

    The need for a solid and responsive security program has never been greater.

    • You need to build a security program that enables business services and secures the technology that makes them possible.
    • Building an effective, business-aligned security program requires that you coordinate many components, including technologies, processes, organizational structures, information flows, and behaviors.
    • The program must prioritize the right capabilities, and support its implementation with clear accountabilities, roles, and responsibilities.
    • You must communicate effectively with stakeholders to describe the risks the organization faces, their likely impact on organizational goals, and how the security program will mitigate those risks and support the creation of business value.
    • Ransomware is a persistent threat to organizations worldwide across all industries.
    • Cybercriminals deploying ransomware are evolving into a growing and sophisticated criminal ecosystem that will continue to adapt to maximize its profits.

    • Critical infrastructure is increasingly at risk.
    • Malicious agents continue to target critical infrastructure to harm industrial processes and the customers they serve State-sponsored actors are expected to continue to target critical infrastructure to collect information through espionage, pre-position in case of future hostilities, and project state power.

    • Disruptive technologies bring new threats.
    • Malicious actors increasingly deceive or exploit cryptocurrencies, machine learning, and artificial intelligence technologies to support their activities.

    Sources: CCCS (2023), CISA (2023), ENISA (2023)

    Your challenge

    Most security programs are not aligned with the overall business strategy.

    50% Only half of leaders are framing the impact of security threats as a business risk.

    49% Less than half of leaders align security program cost and risk reduction targets with the business.

    57% Most leaders still don’t regularly review security program performance of the business.

    Source: Tenable, 2021

    Common obstacles

    Misalignment is hurting your security program and making you less influential.

    Organizations with misaligned security programs have 48% more security incidents...

    …and the cost of their data breaches are 40% higher than those with aligned programs.

    37% of stakeholders still lack confidence in their security program.

    54% of senior leaders still doubt security gets the goals of the organization.

    Source: Frost & Sullivan, 2019
    Source: Ponemon, 2023

    Common obstacles

    Common security frameworks won’t help you align your program.

    • Common security frameworks focus on operational controls rather than business value creation, are difficult to convey to stakeholders, and provide little implementation guidance.
    • A security strategy based on the right framework can provide a snapshot of your program, but it won’t help you modernize, transform, or align your program to meet emerging business requirements.
    • The lack of guidance leads to a lack of structure in the way security services are designed and managed, which reduces service quality, increases security friction, and reduces business satisfaction.

    There is no unique, one-size-fits-all security program.

    • Each organization has a distinct character and profile and differs from others in several critical respects. The security program for a cloud-first, DevOps environment must emphasize different capabilities and accountabilities than one for an on-premise environment and a traditional implementation model.

    Info-Tech’s approach

    You are a business leader who supports business goals and mitigates risk.

    • Understand what makes your organization unique, then design and refine a security program with capabilities that create business value.
    • Next, collaborate with stakeholders to ensure the right accountabilities, roles, and responsibilities are in place, and build an implementation roadmap to ensure its components work together over time.

    Security needs to evolve as a business strategy.

    • Laying the right foundations for your security program will inform future security program decisions and give your leadership team the information they need to support your success. You can do it in two steps:
      • Evaluate the design factors that make your organization unique and prioritize the security capabilities to suit. Info-Tech’s approach is based on the design process embedded in the latest COBIT framework.
      • Review the key components of your security program, including security governance, security strategy, security architecture, service design, and service metrics.

    If you build it, they will come

    “There's so much focus on better risk management that every leadership team in every organization wants to be part of the solution.

    If you can give them good data about what things they really need to do, they will work to understand it and help you solve the problem.”

    Dan Bowden, CISO, Sentara Healthcare (Tenable)

    Design a Business-Aligned Security Program

    The image contains a screenshot of how to Design a business-aligned security program.


    Choose your own adventure

    This blueprint is ideal for new CISOs and for program modernization initiatives.

    1. New CISO

    “I need to understand the business, prioritize core security capabilities, and identify program accountabilities quickly.”

    2. Program Renewal

    “The business is changing, and the threat landscape is shifting. I am concerned the program is getting stale.”

    Use this blueprint to understand what makes your organization unique:

    1. Prioritize security capabilities.
    2. Identify program accountabilities.
    3. Plan program implementation.

    If you need a deep dive into governance, move on to a security governance and management initiative.

    3. Program Update

    “I am happy with the fundamentals of my security program. I need to assess and improve our security posture.”

    Move on to our guidance on how to Build an Information Security Strategy instead.

    Info-Tech’s methodology for security program design

    Define Scope of
    Security Program

    Refine Scope of
    Security Program

    Finalize Security
    Program Design

    Phase steps

    1.1 Identify enterprise strategy

    1.2 Identify enterprise goals

    1.3 Assess the risk profile

    1.4 Identify IT-related issues

    1.5 Define initial program design

    2.1 Gage threats and compliance

    2.2 Assess IT role and sourcing

    2.3 Assess IT implementation model

    2.4 Assess tech adoption strategy

    2.5 Refine program design

    3.1 Identify program accountabilities

    3.2 Define program target state

    3.3 Build program roadmap

    Phase outcomes

    • Initial security program design
    • Refined security program design
    • Prioritized set of security capabilities
    • Program accountabilities
    • Program gap closure initiatives

    Tools

    Insight Map

    You are a business leader first and a security leader second

    Technical security frameworks are static and focused on operational controls and standards. They belong in your program’s solar system but not at its center. Design your security program with business value and the security services that enable it in mind, not security controls.

    There is no one-size-fits-all security program
    Tailor your security program to your organization’s distinct profile to ensure the program generates value.

    Lay the right foundations to increase engagement
    Map out accountabilities, roles, and responsibilities to ensure the components of your security program work together over time to secure and enable business services.

    If you build it, they will come
    Your executive team wants to be part of the solution. If you give them reliable data for the things they really need to do, they will work to understand and help you solve the problem.

    Blueprint deliverables

    Info-Tech supports project and workshop activities with deliverables to help you accomplish your goals and accelerate your success.

    Security Program Design Tool

    Tailor the security program to what makes your organization unique to ensure alignment.

    The image contains a screenshot of the Security Program Design Tool.

    Security Program Implementation Tool

    Assess the current state of different security program components and plan next steps.



    SecurityProgram Design and Implementation Plan

    Communicate capabilities, accountabilities, and implementation initiatives.

    The image contains a screenshot of the Security Program Design and Implementation Plan.

    Key deliverable

    Security Program Design and Implementation Plan

    The design and implementation plan captures the key insights your work will generate, including:

    • A prioritized set of security capabilities aligned to business requirements.
    • Security program accountabilities.
    • Security program implementation initiatives.

    Blueprint benefits

    IT Benefits

    Business Benefits

    • Laying the right foundations for your security program will:
      • Inform the future security governance, security strategy, security architecture, and service design decisions you need to make.
      • Improve security service design and service quality, reduce security friction, and increase business satisfaction with the security program.
      • Help you give your leadership team the information they need to support your success.
      • Improve the standing of the security program with business leaders.
    • Organizations with a well-aligned security program:
      • Improve security risk management, performance measurement, resource management, and value delivery.
      • Lower rates of security incidents and lower-cost security breaches.
      • Align costs, performance, and risk reduction objectives with business needs.
      • Are more satisfied with their security program.

    Measure the value of using Info-Tech’s approach

    Assess the effectiveness of your security program with a risk-based approach.

    Deliverable

    Challenge

    Security Program Design

    • Prioritized set of security capabilities
    • Program accountabilities
    • Devise and deploy an approach to gather business requirements, identify and prioritize relevant security capabilities, and assign program accountabilities.
    • Cost and Effort : 2 FTEs x 90 days x $130,000/year

    Program Assessment and Implementation Plan

    • Security program assessment
    • Roadmap of gap closure initiatives
    • Devise and deploy an approach to assess the current state of your security program, identify gap closure or improvement initiatives, and build a transformation roadmap.
    • Cost and Effort : 2 FTEs x 90 days x $130,000/year

    Measured Value

    • Using Info-Tech’s best practice methodology will cut the cost and effort in half.
    • Savings: 2 FTEs x 45 days x $130,000/year = $65,000

    Measure the impact of your project

    Use Info-Tech diagnostics before and after the engagement to measure your progress.

    • Info-Tech diagnostics are standardized surveys that produce historical and industry trends against which to benchmark your organization.
    • Run the Security Business Satisfaction and Alignment diagnostic now, and again in twelve months to assess business satisfaction with the security program and measure the impact of your program improvements.
    • Reach out to your account manager or follow the link to deploy the diagnostic and measure your success. Diagnostics are included in your membership.

    Inform this step with Info-Tech diagnostic results

    • Info-Tech diagnostics are standardized surveys that accelerate the process of gathering and analyzing pain point data.
    • Diagnostics also produce historical and industry trends against which to benchmark your organization.
    • Reach out to your account manager or follow the links to deploy some or all these diagnostics to validate your assumptions. Diagnostics are included in your membership.

    Governance & Management Maturity Scorecard
    Understand the maturity of your security program across eight domains.
    Audience: Security Manager

    Security Business Satisfaction and Alignment Report
    Assess the organization’s satisfaction with the security program.
    Audience: Business Leaders

    CIO Business Vision
    Assess the organization’s satisfaction with IT services and identify relevant challenges.
    Audience: Business Leaders

    Executive Brief Case Study

    INDUSTRY: Higher Education

    SOURCE: Interview

    Building a business-aligned security program

    Portland Community College (PCC) is the largest post-secondary institution in Oregon and serves more than 50,000 students each year. The college has a well-established information technology program, which supports its education mission in four main campuses and several smaller centers.

    PCC launched a security program modernization effort to deal with the evolving threat landscape in higher education. The CISO studied the enterprise strategy and goals and reviewed the college’s risk profile and compliance requirements. The exercise helped the organization prioritize security capabilities for the renewal effort and informed the careful assessment of technical controls in the current security program.

    Results

    Laying the right foundations for the security program helped the security function understand how to provide the organization with a clear report of its security posture. The CISO now reports directly to the board of directors and works with stakeholders to align cost, performance, and risk reduction objectives with the needs of the college.

    The security program modernization effort prioritized several critical design factors

    • Enterprise Strategy
    • Enterprise Goals
    • IT Risk Profile
    • IT-Related Issues
    • IT Threat Landscape
    • Compliance Requirements

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1:
    Scope requirements, objectives, and specific challenges.

    Call #2:
    Define business context, assess risk profile, and identify existing security issues.

    Define initial design of security program.

    Call #3:
    Evaluate threat landscape and compliance requirements.

    Call #4:
    Analyze the role of IT, the security sourcing model, technology adoption, and implementation models.

    Refine the design of the security program.

    Call #5:
    Identify program accountabilities.

    Call #6:
    Design program target state and draft security program implementation plan.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 4 to 6 calls over the course of 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5

    Initial Security
    Program Design

    Refine Security
    Program Design

    Security Program
    Gap Analysis

    Roadmap and Implementation Plan

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1.0 Review Info-Tech diagnostic results

    1.1.1 Identify project context

    1.1.2 Identify enterprise strategy

    1.2.1 Identify enterprise goals

    1.2.2 Build a goals cascade

    1.3 Assess the risk profile

    1.4 Identify IT-related issues

    1.5 Evaluate initial program design

    2.1.1 Gauge threat landscape

    2.1.2 Identify compliance requirements

    2.2.1 Categorize the role of IT

    2.2.2 Identify the sourcing model

    2.3.1 Identify the IT implementation model

    2.4.1 Identify the tech adoption strategy

    2.5.1 Refine the design of the program

    3.1 Identify program accountabilities

    3.2.1 Conduct program gap analysis

    3.2.2 Prioritize initiatives

    3.3.1 Build program roadmap

    3.3.2 Finalize implementation plan

    3.3.3 Sponsor check-in

    4.1 Complete in-progress deliverables from previous four days

    4.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Project context
    2. Stakeholder satisfaction feedback on security program
    3. Initial set of prioritized security capabilities
    1. Refined set of prioritized security capabilities
    1. Documented program accountabilities
    2. Security program gap analysis
    1. Roadmap of initiatives
    2. Communication deck for program design and implementation
    1. Completed security program design
    2. Security program design and implementation plan

    Customize your journey

    The security design blueprint pairs well with security governance and security strategy.

    • The prioritized set of security capabilities you develop during the program design project will inform efforts to develop other parts of your security program, like the security governance and management program and the security strategy.
    • Work with your member services director, executive advisor, or technical counselor to scope the journey you need. They will work with you to align the subject matter experts to support your roadmap and workshops.

    Workshop
    Days 1 and 2

    Workshop
    Days 3 and 4

    Security Program Design Factors

    Security Program Gap Analysis or
    Security Governance and Management

    Implement DevOps Practices That Work

    • Buy Link or Shortcode: {j2store}155|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $42,916 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • In today’s world, business agility is essential to stay competitive. Quick responses to business needs through efficient development and deployment practices are critical for business value delivery.
    • Organizations are looking to DevOps as an approach to rapidly deliver changes, but they often lack the foundations to use DevOps effectively.

    Our Advice

    Critical Insight

    Even in a highly tool-centric view, it is the appreciation of DevOps core principles that will determine your success in implementing its practices.

    Impact and Result

    • Understand the basics of DevOps-related improvements.
    • Assess the health and conduciveness of software delivery process through Info-Tech Research Group’s MATURE framework.

    Implement DevOps Practices That Work Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement DevOps, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Examine your current state

    Understand the current state of your software delivery process and categorize existing challenges in it.

    • DevOps Readiness Survey

    2. MATURE your delivery lifecycle

    Brainstorm solutions using Info-Tech Research Group’s MATURE framework.

    • DevOps Roadmap Template

    3. Choose the right metrics and tools for your needs

    Identify metrics that are insightful and valuable. Determine tools that can help with DevOps practices implementation.

    • DevOps Pipeline Maturity Assessment

    4. Select horizons for improvement

    Lay out a schedule for enhancements for your software process to make it ready for DevOps.

    [infographic]

    Workshop: Implement DevOps Practices That Work

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Examine Your Current State

    The Purpose

    Set the context for improvement.

    Key Benefits Achieved

    Provide a great foundation for an actionable vision and goals that people can align to.

    Activities

    1.1 Review the outcome of the DevOps Readiness Survey.

    1.2 Articulate the current-state delivery process.

    1.3 Categorize existing challenges using PEAS.

    Outputs

    Baseline assessment of the organization’s readiness for introducing DevOps principles in its delivery process

    A categorized list of challenges currently evident in the delivery process

    2 MATURE Your Delivery Lifecycle

    The Purpose

    Brainstorm solutions using the MATURE framework.

    Key Benefits Achieved

    Collaborative list of solutions to challenges that are restricting/may restrict adoption of DevOps in your organization.

    Activities

    2.1 Brainstorm solutions for identified challenges.

    2.2 Understand different DevOps topologies within the context of strong communication and collaboration.

    Outputs

    A list of solutions that will enhance the current delivery process into one which is influenced by DevOps principles

    (Optional) Identify a team topology that works for your organization.

    3 Choose the Right Metrics and Tools for Your Needs

    The Purpose

    Select metrics and tools for your DevOps-inspired delivery pipeline.

    Key Benefits Achieved

    Enable your team to select the right metrics and tool chain that support the implementation of DevOps practices.

    Activities

    3.1 Identify metrics that are sensible and provide meaningful insights into your organization’s DevOps transition.

    3.2 Determine the set of tools that satisfy enterprise standards and can be used to implement DevOps practices.

    3.3 (Optional) Assess DevOps pipeline maturity.

    Outputs

    A list of metrics that will assist in measuring the progress of your organization’s DevOps transition

    A list of tools that meet enterprise standards and enhance delivery processes

    4 Define Your Release, Communication, and Next Steps

    The Purpose

    Build a plan laying out the work needed to be done for implementing the necessary changes to your organization.

    Key Benefits Achieved

    Roadmap of steps to take in the coming future.

    Activities

    4.1 Create a roadmap for future-state delivery process.

    Outputs

    Roadmap for future-state delivery process

    Identify and Manage Operational Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}230|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    More than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    A new threat will impact your organization's operations at some point. Make sure your plans are flexible enough to manage the inevitable consequences and that you understand where those threats may originate.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential operational impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.
    • Organizational leadership is often taken unaware during crises, and their plans lack the flexibility to adjust to significant market upheavals.

    Impact and Result

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Operational Risk Impact Tool.

    Identify and Manage Operational Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Operational Risk Impacts to Your Organization Storyboard – Use this research to better understand the negative impacts of vendor actions to your brand reputation.

    Use this research to identify and quantify the potential operational impacts caused by vendors. Utilize Info-Tech's approach to look at the operational impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Operational Risk Impacts to Your Organization Storyboard

    2. Operational Risk Impact Tool – Use this tool to help identify and quantify the operational impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate - possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Operational Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Operational Risk Impacts on Your Organization

    Understand internal and external vendor risks to avoid potential disaster.

    Analyst perspective

    Organizations need to be aware of the operational damage vendors may cause to plan around those impacts effectively.

    Frank Sewell

    Organizations must be mindful that operational risks come from internal and external vendor sources. Missing either component in the overall risk assessment can significantly impact day-to-day business processes that cost revenue, delay projects, and lead to customer dissatisfaction.

    Frank Sewell,

    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    More than any other time, our world is changing rapidly. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    A new threat will impact your organization's operations at some point. Make sure your plans are flexible enough to manage the inevitable consequences and that you understand where those threats may originate.

    Common Obstacles

    Identifying and managing a vendor’s potential operational impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.

    Organizational leadership is often taken unaware during crises, and their plans lack the flexibility to adjust to significant market upheavals.

    Info-Tech's Approach

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Operational Risk Impact Tool.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to threats in the market. Ongoing monitoring of the vendors tied to company operations, and understanding where those vendors impact your operations, is imperative to avoiding disasters.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    There are many components to vendor risk, including: Financial, Reputational, Operational, Strategic, Security, Regulatory & Compliance.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Operational risk impacts

    Potential losses to the organization due to incidents that affect operations.

    • In this blueprint we’ll explore operational risks, particularly from third-party vendors, and their impacts.
    • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to identify, manage, and monitor vendor performance.
    Operational

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

    When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    27%

    Businesses are changing their internal processes around TPRM in response to the Pandemic.

    70%

    Of organizations attribute a third-party breach to too much privileged access.

    85%

    Of breaches involved human factors (phishing, poor passwords, etc.).

    Assess internal and external operational risk impacts

    Due diligence and consistent monitoring are the keys to safeguarding your organization.

    Two sides of the Same Coin

    Internal

    • Poorly vetted supplemental staff
    • Bad system configurations
    • Lack of relevant skills
    • Poor vendor performance
    • Failure to follow established processes
    • Weak contractual accountability
    • Unsupportable or end-of-life system components

    External

    • Cyberattacks
    • Supply Chain Issues
    • Geopolitical Disruptions
    • Vendor Acquisitions
    • N-Party Non-Compliance
    • Vendor Fraud

    Operational risk is the risk of losses caused by flawed or failed processes, policies, systems, or events that disrupt business operations.

    - Wikipedia

    Internal operational risk

    Vendors operating within your secure perimeter can open your organization to substantial risk.

    Frequently monitor your internal process around vendor management to ensure safe operations.

    • Poorly vetted supplemental staff
    • Bad system configurations
    • Lack of relevant skills
    • Poor vendor performance
    • Failure to follow established processes
    • Weak contractual accountability
    • Unsupportable or end-of-life system components

    Info-Tech Insight

    You may have solid policies, but if your employees and vendors are not following them, they will not protect the organization.

    External operational risks

    • Cyberattacks
    • Supplier issues and geopolitical instability
    • Vendor acquisitions
    • N-party vendor non-compliance

    Identify and manage operational risks

    Poorly configured systems

    Failing to ensure that your vendor-supported systems are properly configured and that your vendors are meeting your IT change control and configuration standards is more commonplace than expected. Proper oversight and management of your support vendors are crucial to ensure they are meeting expectations in this regard.

    Failure to follow processes

    Most companies have policies and procedures around IT change and configuration control, security standards, risk management, vendor performance standards, etc. While having these processes is a good start, failure to perform continuous monitoring and management of these leads to increased risks of incidents.

    Supply chain disruptions

    Awareness of the supply chain's complications, and each organization's dependencies, are increasing for everyone. However, most organizations still do not understand the chain of n-party vendors that support their specific vendors or how interruptions in their supply chains could affect them. The 2022 Toyota shutdown due to Kojima is a perfect example of how one essential parts vendor could shut down your operations.

    What to look for

    Identify operational risk impacts

    • Does the vendor have a business continuity plan they will share for your review?
    • Is the vendor operating on old hardware that may be out of warranty or at end of life?
    • Is the vendor operating on older software or shareware that may lack the necessary patches?
    • Does the vendor self-audit, or do they use a vetted third-party audit firm to issue a SOC report annually?
    • Does the vendor have sufficient personnel in acceptable regions to support your operations?
    • Is the vendor willing to make concessions on contractual protections, or are they only offering “one-sided” agreements with “as-is” warranties?

    Operational risks

    Not knowing where your risks come from creates additional risks to operations.

    • Supply chain disruptions and global shortages.
      • Geopolitical disruptions and natural disasters have caused unprecedented interruptions to business. Do you know where your critical vendors are getting their supplies? Are you aware of their business continuity plans to accommodate for those interruptions?
    • Poor vendor performance.
      • Organizations need to understand where vendors are acting in their operations and manage the impact of replacing that vendor and cutting their losses rather than continuing to throw good money away after a bad performance.
    • Vendor acquisitions.
      • A lot of acquisition is going on in the market today. Large companies are buying competitors, imposing new terms on customers, or removing competing products from the market. Understand your options if a vendor is acquired by a company with which you do not wish to be in a relationship.

    It is important to identify where potential risks to your operations may come from to manage and potentially eliminate them from impacting your organization.

    Info-Tech Insight

    Most organizations realize that their vendors could operationally affect them if an incident occurs. Still, they fail to follow the chain of events that might arise from those incidents to understand the impact fully.

    Prepare your vendor risk management for success

    Due diligence will enable successful outcomes.

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy‑in.
    7. Normalize the process long term with ongoing updates and continuing education for the organization.

    How to assess third-party operational risk

    1. Review Organizational Operations

      Understand the organization’s operational risks to prepare for the “what if” game exercise.
    2. Identify and Understand Potential Operational Risks

      Play the “what if” game with the right people at the table.
    3. Create a Risk Profile Packet for Leadership

      Pull all the information together in a presentation document.
    4. Validate the Risks

      Work with leadership to ensure that the proposed risks are in line with their thoughts.
    5. Plan to Manage the Risks

      Lower the overall risk potential by putting mitigations in place.
    6. Communicate the Plan

      It is important not only to have a plan but also to socialize it in the organization for awareness.
    7. Enact the Plan

      Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Insight summary

    Operational risk impacts often come from unexpected places and have unforeseen impacts. Knowing where your vendors place in critical business processes and those vendors' business continuity plans concerning your organization should be a priority for those who manage the vendors.

    Insight 1

    Organizations fail to plan for vendor acquisitions appropriately.

    Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans around replacing critical vendors purchased in such a manner?

    Insight 2

    Organizations often fail to understand how they factor into a vendor’s business continuity plan.

    If one of your critical vendors goes down, do you know how they intend to re-establish business? Do you know how you factor into their priorities?

    Insight 3

    Organizations need to have a comprehensive understanding of how their vendor-managed systems integrate with Operations.

    Do you understand where in the business processes vendor-supported systems lie? Do you have contingencies around disruptions that account for those pieces missing from the process?

    Identifying operational vendor risk

    Who should be included in the discussion

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from operational experts at your organization will enhance your organization's long-term potential for success.
    • Involving those who not only directly manage vendors but also understand your business processes will aid in determining the forward path for relationships with your current vendors and identifying new emerging potential partners.

    See the blueprint Build an IT Risk Management Program

    Review your operational plans for new risks on a regular basis.

    Keep in mind Risk = Likelihood x Impact (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent

    Managing vendor operational risk impacts

    What can we realistically do about the risks?

    • Review vendors’ business continuity plans and disaster recovery testing.
      • Understand your priority in their plans.
    • Institute proper contract lifecycle management.
      • Make sure to follow corporate due diligence and risk assessment policies and procedures.
      • Failure to do so consistently can be a recipe for disaster.
    • Develop IT governance and change control.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
      • Regularly review your operational plans for new risks and evolving likelihoods.
      • Risk = Likelihood x Impact (R=L*I).
        • Impact (I) tends to remain the same and be well understood, while Likelihood (L) may often be considered 100%.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time and adjust your plans accordingly.

    Organizations need to review their organizational risk plans, considering the placement of vendors in their operations.

    Pandemics, extreme weather, and wars that affect global supply chains are current realities, not unlikely scenarios.

    Ongoing improvement

    Incorporating lessons learned

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When it happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and improve our plans going forward.

    The "what if" game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Break into smaller groups (or if too small, continue as a single group).
    • Use the Operational Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    • Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Operational Risk Impact Tool

    Input

    • List of identified potential risk scenarios scored by likelihood and operational impact
    • List of potential management of the scenarios to reduce the risk

    Output

    • Comprehensive operational risk profile on the specific vendor solution

    Materials

    • Whiteboard/flip charts
    • Operational Risk Impact Tool to help drive discussion

    Participants

    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Legal/Compliance/Risk Manager

    High risk example from tool

    Sample Questions to Ask to Identify Impacts. Lists questions impact score, weight, question and comments or notes.

    Being overly reliant on a single talented individual can impose risk to your operations. Make sure you include resiliency in your skill sets for critical business practices.

    Impact score and level. Each score for impacts are unique to the organization.

    Low risk example from tool

    Sample Questions to Ask to Identify Impacts. Lists questions impact score, weight, question and comments or notes. Impact score and level. Each score for impacts are unique to the organization.

    Summary

    Seek to understand all aspects of your operations.

    • Organizations need to understand and map out where vendors are critical to their operations.
    • Those organizations that consistently follow their established risk assessment and due diligence processes will be better positioned to avoid disasters.
    • Bring the right people to the table to outline potential risks in the market and your organization.
    • Understand how your vendors prioritize your organization in their business continuity processes.
    • Incorporate “lessons learned” from prior incidents into your risk management process to build better plans for future issues.

    Organizations must evolve their operational risk assessments considering their vendor portfolio.

    Ongoing monitoring of the market and the vendors tied to company operations is imperative to avoiding disaster.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    • Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Bibliography

    “Weak Cybersecurity is taking a toll on Small Businesses.” Tripwire. August 7, 2022.

    SecureLink 2022 White Paper SL_Page_EA+PAM (rocketcdn.me)

    Member Poll March 2021 "Guide: Evolving Work Environments Impact of Covid-19 on Profile and Management of Third Parties.“ Shared Assessments. March 2021.

    “Operational Risk.” Wikipedia.

    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, August 23, 2012.

    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Assess Your Readiness to Implement UCaaS

    • Buy Link or Shortcode: {j2store}305|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Voice & Video Management
    • Parent Category Link: /voice-video-management
    • Employees no longer work in the office all the time and have adopted a hybrid or remote policy.
    • Security is on your mind when it comes to the risks associated with data and voice across the internet.
    • You are unaware of the technology used by other departments, such as sales and marketing.

    Our Advice

    Critical Insight

    • The importance of doing your due diligence and building out requirements is paramount to deciding on what UCaaS solution works for you. Even if you decide not to pursue this cloud-based service, at least you have done your homework.
    • There are five reasons you should migrate to UCaaS: flexibility & scalability, productivity, enhanced security, business continuity, and cost savings. Challenge your selection with these criteria at your foundation and you cannot go wrong.

    Impact and Result

    With features such as messaging, collaboration tools, and video conferencing, UCaaS enables users to be more effective regardless of location and device. This can lead to quicker decision making and reduce communication delays.

    Assess Your Readiness to Implement UCaaS Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Your Readiness to Implement UCaaS Storyboard – Research that reviews the business drivers to move to a UCaaS solution.

    In addition to examining the benefits of UCaaS, this deck covers how to drive toward an RFP and convince the C-suite to champion your UCaaS strategy.

    • Assess Your Readiness to Implement UCaaS Storyboard

    2. UCaaS Readiness Questionnaire – Three sets of questions to help determine your organization's readiness to move to a UCaaS platform.

    This questionnaire is a starting point. Sections include: 1) Current State Questionnaire, 2) IT Infrastructure Readiness Questionnaire, and 3) UCaaS Vendor Questionnaire. These questions can also be added to an RFP for UCaaS vendors you may want to work with.

    • UCaaS Readiness Questionnaire
    [infographic]

    Further reading

    Assess Your Readiness to Implement UCaaS

    Unified communication as a service (UCaaS) is already here. Find the right solution for your organization, whether it is Teams Phone or another solution.

    Analyst Perspective

    UCaaS is the solution to the hybrid and remote working world

    Hybrid/remote work is a reality and there is little evidence to prove otherwise despite efforts to return employees to the office. A 2023 survey from Zippia says 74% of US companies are planning to or have implemented hybrid work policies. Given the reality of the new ways people work, there’s a genuine need for a UCaaS solution.

    The days of on-premises private branch exchange (PBX) and legacy voice over internet protocol (VoIP) solutions are numbered, and organizations are examining alternative solutions to redundant desk phones. The stalwarts of voice solutions, Cisco and Avaya, have seen the writing on the wall for some time: the new norm must be a cloud-based solution that integrates via API with content resource management (CRM), email, chat, and collaboration tools.

    Besides remaining agile when accommodating different work locations, it’s advantageous to be able to quickly scale and meet the needs of organizations and their employees. New technology is moving at such a pace that utilizing a UCaaS service is truly beneficial, especially given its AI, analytics, and mobile capabilities. Being held back by an on-premises solution that is capitalized over several years is not a wise option.

    Photo of John Donovan
    John Donovan
    Principle Research Director, I&O Practice
    Info-Tech Research Group

    Insight Summary

    Improved integration and communication in a hybrid world
    Unified communication as a service (UCaaS) integrates several tools into one platform to provide seamless voice, video, chat, collaboration, sharing and much more. The ability to work from anywhere and the ability to use application programming interfaces (APIs) to integrate content resource management (CRM) and other productivity tools into a unified environment is a key component of employee productivity, whether at the office or remote, or even on mobile devices.

    Simplify your maintenance, management, and support
    Communication and voice using a cloud provisioner has many benefits and makes life easier for your IT staff. No more ongoing maintenance, upgrades, patching and managing servers or private branch exchanges (PBXs). UCaaS is easy to deploy, and due to its scalability and flexibility, users can easily be added or removed. Now businesses can retire their legacy technical debt of voice hardware and old desk phones that clutter the office.

    Oversight on security
    The utilization of a software as a service (SaaS) platform in UCaaS form does by design risk data breaches, phishing, and third-party malware. Fortunately, you can safeguard your organization’s security by ensuring the vendor you choose features SOC2 certification, taking care of encryption, firewalls, two-factor authentication and security incident handling, and disaster recovery. The big players in the UCaaS world have these features.

    Executive Summary

    Your Challenge

    So, your legacy PBX is ready to be replaced. It has no support or maintenance contract, and you face a critical decision. You could face these challenges:

    • Employees no longer work in the office all the time and have adopted a hybrid or remote policy
    • Security risks associated with data and voice across the internet
    • Limited awareness of the technology used by some departments, such as sales and marketing

    Common Obstacles

    Businesses may worry about several obstacles when it’s time to choose a voice and collaboration solution. For example:

    • Concern over internet connectivity or disruptions
    • Uncertainty integrating systems with the platform
    • Unsure whether employees will embrace new tools/workflows that completely change how they work, collaborate, and communicate
    • Failure to perform due diligence when trying to choose the right solution for an organization

    Info-Tech’s Approach

    It’s critically important to perform due diligence and build out requirements when deciding what UCaaS solution works for you. Even if you decide not to pursue this cloud-based service, at least you will:

    • Determine your business case
    • Evaluate your roadmap for unified communication
    • Ask all the right questions to determine suitability

    In this advisory deck, you will see a set of questions you must ask including whether Teams is suitable for your business.

    Info-Tech Insight

    Determine your communication and collaboration needs. Evaluate your current use of voice, video, chat, collaboration, sharing, and mobility whether for the office or remote work. Evaluate your security and regulatory requirements and needs. Determine the integration requirements when evaluating top vendors.

    The evolution of unified communication

    How we moved from fax machines and desk phones to an integrated set of tools on one platform in the cloud

    A diagram that shows the evolution of unified communication from 1980s to 2020s.

    Business drivers for moving to UCaaS

    What organizations look to gain or save by moving to UCaaS solutions

    Flexibility and scalability
    Ability to add/remove users and services as appropriate for changing business needs, allowing for quick adaptation to changing markets.

    Productivity
    Offering features like messaging, collaboration tools, and video conferencing enables users to be more effective regardless of location and device. May lead to quicker decision making and reduced communication delays.

    Cost savings
    Eliminating the need for on-premises hardware and software, reducing maintenance and support costs. Predictable monthly billing.

    Business continuity
    Reducing risks of disruption or disaster. Allowing users to work from anywhere when the physical office is unavailable. Additional features can include disaster recovery and backup services.

    Enhanced security
    UCaaS providers usually offer advanced security and compliance features including encryption, firewall, intrusion detection, and certifications like HIPAA and SOC 2.

    KPIs to demonstrate success

    What key metrics should businesses measure to demonstrate a successful UCaaS project?
    What improvements are needed?
    What can be optimized?

    KPI Measurement
    User adoption rate
    • % of employees utilizing UCaaS solutions
    • # of users who completed UCaaS training/onboarding
    • # of calls or messages sent per user
    Call quality and reliability
    • % of calls with good to excellent quality
    • # of dropped calls or call disruption
    • Mean opinion score (MOS) for video and voice quality
    Cost savings
    • TCO for UCaaS compared to previous solution
    • Cost per month for UCaaS
    • Reduced hardware/maintenance and communication costs
    Improved productivity
    • Time saved with streamlined comms workflows
    • # of successful collaborative projects or meetings
    • Improved speed and quality for customer service or support
    Customer satisfaction
    • Net promoter score or CSAT
    • Positive customer reviews
    • Time-to-resolution of customer issues
    Scalability
    • Ability to add/remove/change user features as needed
    • Time to deploy new UCaaS features
    • Scalability of network to support increased UCaaS usage

    What are the surveys telling us?

    Different organizations adopt UCaaS solutions for different reasons

    95%

    Collaboration: No Jitter’s study on team collaboration found that 95% of survey respondents think collaborative communication apps are a necessary component of a successful communications strategy.
    Source: No Jitter, 2018.

    95%

    Security: When deploying remote communication solutions, 95% of businesses say they want to use VPN connections to keep data private.
    Source: Mitel, 2018.

    31%

    Flexibility: While there are numerous advantages to cloud-based communications, 31% of companies intend to use UCaaS to eliminate technical debt from legacy systems and processes.
    Source: Freshworks, 2019.

    UCaaS adoption

    While many organizations are widely adopting UCaaS, they still have data security concerns

    UCaaS deployments are growing

    UCaaS is growing at a rate that shows the market for UC is moving toward cloud-based voice and collaboration solutions at a rate of 29% year over year.

    Source: Synergy Research Group, 2017.

    Security is still a big concern

    While it’s increasingly popular to adopt cloud-based unified communication solutions, 70% of those companies are still concerned about their data security.

    Source: Masergy, 2022.


    Concerns around security range from encrypting conversations to controlling who has access to what data in the organization’s network to how video is managed on emerging video communications platforms.

    Info-Tech Insight

    Ensure you maintain a robust security posture with your data regardless of where it is being stored. Security breaches can happen at any location.

    UCaaS vs. on-premises UC

    A diagram that shows UCaaS benefits

    Main benefits of UCaaS

    • Rapid deployment: Cloud hosting provides the ability to deploy quickly.
    • Ease of management: It’s no longer necessary for companies to manage communications across multiple platforms and devices.
    • Better connection: The communication flow across teams and with customers is faster and easier with phone, messaging, audio and video conferencing available in one place.
    • Scalability: Since UCaaS is an on-demand service, companies can scale their communication needs to what’s immediately required at an affordable price.

    Info-Tech Insight

    There are five reasons you should migrate to UCaaS. They are advanced technology, easily scalable, cost efficiencies, highly available, and security. There are always outliers, but these five criteria are a reliable foundation when assessing a vendor/product.

    UCaaS architecture

    The 6 primary elements of UCaaS

    Unified communications as a service (UCaaS) is a cloud-based subscription service primarily for communication tools such as voice, video, messaging, collaboration, content sharing, and other cloud services over the internet. It uses VoIP to process calls.

    The popularity of UCaaS is increasing with the recent trend of users working remotely full or part-time and requiring collaboration tools for their work.

    • The main benefit to businesses is the ability to remove on-premises hardware and reduce technical debt.
    • Additionally, it removes the need for expensive up-front capital costs and reduces communications costs.
    • From a productivity perspective, delivering these services under one platform/service increases effective collaboration and allows instant communication regardless of device or location.

    A diagram that shows protocols

    Features available to UCaaS/UC

    Must-haves vs. nice-to-haves

    A diagram that shows Must-haves vs. nice-to-haves UC features

    Info-Tech Insight

    Decide what matters most to the organization when choosing the UC platform and applications. Divide criteria into must-have vs. nice-to-have categories.

    Security and UCaaS

    • Maintain company integrity
    • Enhance data security
    • Regulatory compliance
    • Reduce risk of fraud
    • Protect data for multiple devices

    What are the concerns? What is at risk?

    • DDoS attacks: Enterprise transactions are paralyzed by flooding of data across the network preventing access
    • Phishing: Users are tricked into clicking a URL and sharing an organization’s sensitive data
    • Ransomware: Malicious attack preventing the business from accessing data and demanding a ransom for access
    • Third-party malware: Software infected with a virus, trojan horse, worms, spyware, or even ransomware with malicious intent

    Security solutions in UCaaS

    End-to-end encryption is critical

    SRTP

    • Secure real-time protocol is a cryptographic protocol used to secure voice & video calls over IP networks
    • SRTP provides encryption, message authentication, and integrity protection for voice and data packets. Using advanced encryption standard (AES) reduces chance of DDoS attacks

    TLS

    • Transport layer security (TLS) is a cryptographic protocol that secures data in transit over the internet, protecting from interception and tampering

    VPNs and firewalls

    • Virtual private networks (VPNs) are used to secure and encrypt connections between remote devices and the network. UCaaS providers can use VPN to secure access from remote locations
    • Firewalls are your primary line of defense against unauthorized traffic entering or leaving the network

    SIP

    • Session initiated protocol (SIP) over TLS is used to initiate and terminate video and voice calls over the internet. UCaaS providers often use SIP over TLS to encrypt and secure SIP messages

    SSH

    • Secure shell (SSH) is a cryptographic network protocol used to secure remote access and communications over the network. SSH is often used by UCaaS providers to secure remote management and configuration of systems

    Info-Tech Insight

    Encryption is a must for securing data and voice packets across the internet. These packets can be vulnerable to eavesdropping techniques and local area network (LAN) breaches. This risk must be mitigated from end to end.

    UCaaS

    Seven vendors competing with Microsoft’s integrated suite of collaboration tools

    Zoom

    A logo of Zoom
    Best for large meetings and webinars

    Key features:

    • Virtual meetings up to 300 users, up to 1,000 with enterprise version
    • Team chat
    • Digital whiteboard
    • Phone

    RingCentral

    A logo of RingCentral
    Best for project management collaboration tools

    Key features:

    • Video conferencing up to 200 users
    • Chat
    • Voice calls
    • Video polls and captioning
    • Digital whiteboard

    Nextiva

    A logo of Nextiva
    Best for CRM support, best-in-class functionality and features

    Key features:

    • Single dashboard
    • Chat
    • Cospace collaboration tool
    • Templates
    • Voice and call pop

    GoTo Connect

    A logo of GoTo Connect
    Best for integration with other business apps

    Key features:

    • Video conferencing up to 250 participants
    • Meeting transcripts
    • Dial plan

    Dialpad

    A logo of Dialpad
    Best for small companies under 15 users

    Key features:

    • Video meetings up to 15 participants
    • AI transcripts with call summary
    • Call controls share screen, switch between devices
    • Channel conversations with calendar app

    WebEx

    A logo of WebEx
    Only vendor offering real-time translation & closed captioning

    Key features:

    • Video meetings up to 200 participants
    • Calling features with noise removal, call recording, and transcripts
    • Live polling and Q&A

    Google Workspace

    A logo of Google Workspace
    Best for whole team collaboration for docs and slides

    Key features:

    • Google meet video
    • Collaboration on docs, sheets, and slides
    • Google chat and spaces
    • Calendars with sync updates with Gmail and auto-reminders

    Avaya and Cisco

    The major players in the VoIP on-premises PBX world have moved to a cloud experience to compete with Microsoft and other UCaaS players

    Avaya offers the OneCloud UC platform. It is one of the last UC vendors to offer on-premises solutions. In a market which is moving to the cloud at a serious pace, Avaya retains a 14% share. It made a strategic partnership with RingCentral in 2019 and in February 2021 they formed a joint venture which is now called Avaya Cloud Office, a UCaaS solution that integrates Avaya’s communication and collaboration solution with the RingCentral cloud platform.

    With around 33% of the UC market, Cisco also has a selection of UC products and services for on-premises deployment and the cloud, including WebEx Calling, Jabber, Unity Connections for voice messaging, and Single Number Reach for extensive telephony features.

    Both vendors support on-premises and cloud-based solutions for UC.

    Services provided by Avaya and Cisco in the UCaaS space

    A logo of Avaya Cloud Office
    Avaya Cloud Office

    • Voice calling: Cloud-based phone system over the internet with call forwarding, call transfer, voice mail, and more
    • Video conferencing: Virtual meetings for real-time collaboration, screen sharing, virtual backgrounds, video layout, meeting recording, whiteboarding and annotation, and virtual waiting room
    • Messaging: A feature that allows users to send and receive instant messages and SMS text messaging on the same platform
    • Collaboration: Work together on documents and projects in real time. File sharing and task management
    • Contact center: Manage customer interactions across voice, email, chat, and social media
    • Mobile app: Allows users to access communication and collaboration features on smartphones and tablets

    A logo of Cisco WebEx
    Cisco WebEx

    • Voice calling: Cisco WebEx calling provides cloud-based phone system over the internet including call forwarding, transfer, and voice mail
    • Video conferencing: Features include virtual meeting and real-time collaboration, screen sharing, and virtual backgrounds and layouts, highly scalable to large audiences
    • Messaging: Features include chat and SMS
    • Collaboration: Allows users to work together on docs and projects in real time, including file sharing and task management
    • Contact center: Multiple contact center solutions offered for small, medium, and large enterprises
    • Mobile app: Software clients for Jabber on cellphones
    • Artificial intelligence: Business insights, automatic transcripts, notes, and highlights to capture the meeting

    Service desk and contact center cloud options

    INDUSTRY: All industries
    SOURCE: Software reviews

    What vendors offer and what they don’t

    RingCentral integrates with some popular contact centers such as Five 9, Talkdesk and Sharpen. They also have a built-in contact center solution that can be integrated with their messaging and video conferencing tools.

    GoToConnect integrates with several leading customer service providers including Zendesk and Salesforce Service Cloud They also offer a built-in contact center solution with advanced call routing and management features.

    WebEx integrates with a variety of contact center and customer service platforms including Five9, Genesys, and ServiceNow.

    Dialpad integrates with contact center platforms such as Talkdesk and ServiceNow as well as CRM tools such as Salesforce and HubSpot.

    Google Workspace integrates with third-party contact center platforms through their Google Cloud Contact Center AI offering.

    SoftwareReviews

    A diagram that shows some top cloud options in Software reviews

    UCaaS comparison table

    A diagram of a UCaaS comparison table
    * Some reported issues around sound and voice quality may be due to network
    **Limited to certain plans

    Differences between UCaaS and CPaaS

    UCaaS

    CPaaS

    Defined

    Unified communication as a service – a cloud-based platform providing a suite of tools like voice, video messaging, file sharing & contact center.

    Communication platform as a service – a cloud-based platform allowing developers to use APIs to integrate real-time communications into their own applications.

    Functionality

    Designed for end users accessing a suite of tools for communication and collaboration through a unified platform.

    Designed for developers to create and integrate comms features into their own applications.

    Use cases

    Replace aging on-premises PBX systems with consolidated voice and collaboration services.

    Embedded communications capabilities into existing applications through SDKs, Java, and .NET libraries.

    Cost

    Often has a higher cost depending on services provided which can be quite comprehensive.

    Can be more cost effective than UCaaS if the business only requires a few communication features Integrated into their apps.

    Customization

    Offers less customization as it provides a predefined suite of tools that are rarely customized.

    Highly flexible and customizable so developers can build and integrate to fit unique use cases.

    Vendors

    Zoom, MS Teams, Cisco WebEx, RingCentral 8x8, GoTo Meeting, Slack, Avaya & many more.

    Twilio, Vonage, Pivo, MessageBird, Nexmo, SignalWire, CloudTalk, Avaya OneCloud, Telnyx, Voximplant, and others.

    Microsoft Teams Phone

    UCaaS for Microsoft 365

    Consider your approach to the telephony question. Microsoft incorporates telephony functionality with their broader collaboration suite. Other providers do the opposite.

    Microsoft’s voice solution

    These options allow you to plan for an all-cloud solution, connect to your own carrier, or use a combination of all cloud with a third-party carrier. Caveat: Calling plans must be available in your country or region.

    How do you connect with the public switched telephone network (PSTN)?

    Microsoft has three options for connecting the phone system to the PSTN:

    Calling Plan

    • Uses Microsoft's phone system and adds a domestic and international calling plan, which enables worldwide calling but depends on your chosen license
    • Since PSTN Calling Plan operates out of Microsoft 365, you are not required to deploy/maintain on-premises hardware
    • Customers can connect a supported session border controller (SBC) via direct routing if it’s necessary to operate with third-party PBX analog devices or other voice solutions supported by the SBC
    • You can assign your phone numbers directly in the Teams Admin Center

    This plan will work for you if:

    • There is a calling plan available in your region
    • You don’t need to maintain your PSTN carrier
    • You want to use Microsoft's managed PSTN
    • No SBC is necessary in your organization
    • Teams provides all the features your business needs

    Operator Connect

    • Leverage existing contracts or find a new operator from a selection of participating operators
    • Operator-managed infrastructure, your operator manages PSTN calling services and SBC
    • Faster, easier deployment, quickly connect to your operator and assign phone numbers directly from Teams Admin Center
    • Enhanced support and reliability, operators provide technical support and shared service level agreements
    • Customers can connect a supported SBC via Direct Routing for interoperability with third-party PBXs, analog devices, and other third-party voice solution equipment supported by SBC

    This plan will work for you if:

    • There is no calling plan available in your region
    • Your preferred carrier participates in the Microsoft operator connect plan
    • You are looking to get a new operator that enables calling in Teams

    Direct Routing

    • Connect your own supported SBC to Microsoft Phone System directly without needing additional on-premises software
    • Use virtually any voice solution carrier with Microsoft Phone System
    • Can be configured and managed by customers or by your carrier or partner (ask if your carrier or partner provides this option)
    • Configure interoperability between your voice solution equipment (e.g., a third-party PBX and analog devices) and Microsoft Phone System
    • Assign phone numbers directly from Teams Admin Center

    This plan will work for you if:

    • You want to use Teams with Phone System
    • You need to retain your current PSTN carrier
    • You want to mix routing – some calls are going via Calling Plans, some via your carrier
    • You need to interoperate with third-party PBXs and/or equipment such as overhead pagers, analog devices
    • Teams has all the features that your organization requires


    For more information, go to Microsoft Teams call flows.

    Teams phone architecture

    Microsoft offers three options that can be deployed based on several factors and questions you must answer.

    Microsoft Teams phone considerations when connecting to a PSTN

    • Do you want to move on-premises users to the cloud?
    • Is Microsoft's PSTN Calling Plan available in your region?
    • Is your preferred operator a participant in the Microsoft Operator Connect Program?
    • Do you want or need to keep your current voice carrier (e.g., does an existing contract require you to do so)?
    • Do you have an existing on-premises legacy PBX that you want or need to keep?
    • Does your current legacy PBX offer unique business-critical features?
    • Do all/any of your users require features not currently offered in Phone System?

    1. Phone System with Calling Plan

    All in the cloud for Teams users
    A diagram that shows Phone System with Calling Plan.

    Infrastructure requirements:

    Requires uninterrupted connection with Microsoft 365 Yes
    Available worldwide* No
    Requires deploying and maintaining a supported session border controller (SBC) No
    Requires contract with third-party carrier No

    *List of countries where calling plans are available: aka.ms/callingplans

    2. Phone System with own carrier via operator connect

    Phone system in the cloud; connectivity to on-premises voice network for Teams users
    A diagram that shows Phone System with own carrier via operator connect

    Infrastructure requirements:

    Requires uninterrupted connection with Microsoft 365 Yes
    Available worldwide* No
    Requires deploying and maintaining a supported session border controller (SBC) No
    Requires contract with third-party carrier Yes

    *List of countries where Operator Connect is available: aka.ms/operatorconnect

    3. Phone System with own carrier via Direct Routing

    Phone system in the cloud; connectivity to on-premises voice network for Teams users
    A diagram that shows Phone System with own carrier via Direct Routing

    Infrastructure requirements:

    Requires uninterrupted connection with Microsoft 365 Yes
    Available worldwide Yes
    Requires deploying and maintaining a supported session border controller (SBC) Yes
    Requires contract with third-party carrier* Yes

    *Unless deployed as an option to provide connection to third-party PBX, analog devices, or other voice equipment for users who are on Phone System with Calling Plans


    A Metrigy study found that 70% of organizations adopting MS Teams are using direct routing to connect to the PSTN
    Note: Complex organizations with varying needs can adopt all three options simultaneously.

    Avoid overpurchasing Microsoft telephony

    Microsoft telephony products on a page

    A diagram that shows Microsoft telephony products

    Pros:

    • The complete package: sole-sourcing your environment for simpler management
    • Users familiar with Microsoft will only have one place to go for telephony
    • You can bring your own provider and manage your own routing, giving you more choice
    • This can keep costs down as you do not have to pay for calling plan services
    • You can choose your own third-party solution while still taking advantage of the integrations that make Microsoft so attractive as a vendor

    Cons:

    • The most expensive option of the three
    • Less control and limited features compared to other pure-play telephony vendors
    • This service requires expertise in managing telephony infrastructure
    • Avoiding the cloud may introduce technical debt in the long term
    • You will have to manage integrations and deal with limited feature functionality (e.g. you may be able to receive inbound calls but not make outbound calls)

    Why does it matter?

    Phone System is Microsoft’s answer to the premises-based private branch exchange (PBX) functionality that has traditionally required a large capital expenditure. The cloud-based Phone System, offered with Microsoft’s highest tier of Microsoft/Office 365 licensing, allows Skype/Teams customers access to the following features (among others):

    • PSTN telephony (inbound and outbound)
    • Auto attendants (a menu system for callers to navigate your company directory)
    • Call forwarding, voice mail, and transferring
    • Caller ID
    • Shared lines
    • Common area phones

    Phone System, especially the Teams version, is a fully-featured telephony solution that integrates natively with a popular productivity solution. Phone System is worth exploring because many organizations already have Teams licenses.

    Key insights

    1. Don’t pay twice for the same service (unless you must). If you already have M/O365 E5 customer, Teams telephony can be a great way to save money and streamline your environment.
    2. Consider your approach to the telephony question. Microsoft incorporates telephony functionality into a broader collaboration suite. Other providers do the opposite. This reflects their relative strengths.
    3. Teams is a platform. You can use it as a front end for other telephone services. This might make sense if you have a preferred cloud PBX provider.

    Sources

    “Plan your Teams voice solution,” Microsoft, 2022.

    “Microsoft Calling Plans for Teams,” Microsoft, 2023.

    “Plan Direct Routing,” Microsoft, 2023.

    “Cisco vs. Microsoft Cloud Calling—Discussing the Options,” UC Today, 2022.

    “Microsoft Teams Phone Systems: 5 Deployment Options in 2020,” AeroCom, 2020.

    Contact Center and Teams integration

    Three Teams integration options

    If you want to use a certified and direct routing solution for Teams Phone, use the Connect model.

    If you want to use Azure bots and the Microsoft Graph Communication APIs that enable solution providers to create the Teams app, use the Extend model.

    If you want to use the SDK that enables solution providers to embed native Teams experiences in their App, use the Power model (under development).

    The Connect model features

    The Extend model features

    The Power model features (TBD)

    Office 365 authN for agents to connect to their MS tenant from their integrated CCaaS client

    Team graph APIs and Cloud Communication APIs for integration with Teams

    Goal: One app, one screen contact center experience

    Use Teams to see when agents are available

    Teams-based app for agent experience Chat and collaboration experience integrated with the Teams Client

    Goal: Adapt using software development kits (SDKs)

    Transfers and groups call support for Teams

    Teams as the primary calling endpoint for the agent

    Goal: One dashboard experience

    Teams Graph APIs and Cloud communication APIs for integration with Teams

    Teams' client calling for the all the call controls. Preserve performance & quality of Teams client experience

    Multi-tenant SIP trunking to support several customers on solution provider’s SBC

    Agent experience apps for both Teams web and mobile client

    Solution providers to use Microsoft certified session border controller (SBC)

    Analytics workflow management role-based experience for agents in the CaaS app in Teams

    Teams phone network assessment

    Useful tools for Microsoft network testing and Microsoft Teams site assessment

    Plan network basics

    • Does your network infrastructure have enough capacity? Consider switch ports, wireless access points, and other coverage.
    • If you use VLANs and DHCP, are your scopes sized accordingly?
    • Evaluate and test network paths from where devices are deployed to Microsoft 365.
    • Open the required firewall ports and URLs for Microsoft 365 as per guidance.
    • Review and test E911 requirements and configuration for location accuracy and compliance.
    • Avoid using a proxy server and optimize media paths for reliability and quality.

    What internet speed do I need for Teams calls?

    • Microsoft Teams uses about 1.2 Mbps for HD video calling (720p), 1.5 Mbps for 1080p, 500 kbps for standard quality video (360p). Group video requires about 1 Mbps, HD group video uses about 2 Mbps.

    Key physical considerations

    • Power: Do you have enough electrical outlets? If the device needs an external power source, how close can you position it to an outlet?
    • Device placement: Where will your device be located? Review desk stands, wall mounts, and other accessories from the original equipment manufacturer (OEM).
    • Security: Does your device need to be locked in certain spaces?
    • Accessibility: Does the device meet the accessibility requirements of its primary user? Consider where it's placed, wire length, and handset or headset usability.

    Prepare your organization's network for Microsoft Teams

    Plan your Teams voice solution

    Check your internet connection for Teams Phone System

    Teams Phone Mobile

    UCaaS Activity

    Questions that must be addressed by your business and the vendor. Site surveys and questionnaires for your assessment

    Activity: Questionnaire

    Input: Evaluate your current state, Network readiness
    Output: Decisions on readiness, Gaps in infrastructure readiness, Develop a project plan
    Materials: UCaaS Readiness Questionnaire
    Participants: Infrastructure Manager, Project Manager, Network Engineer, Voice Engineer

    As a group, read through the questions on Tabs 1 and 2 of the UCaaS Readiness Questionnaire workbook. The answers to the questions will determine if you have gaps to fill when determining your readiness to move forward on a UCaaS solution.

    You may produce additional questions during the session that pertain to your specific business and situation. Please add them to the questionnaire as needed.

    Record your answers to determine next steps and readiness.

    When assessing potential vendors, use Tab 3 to determine suitability for your organization and requirements. This section may be left to a later date when building a request for proposal (RFP).

    Call #1: Review client advisory deck and next steps.

    Call #2: Assess readiness from answers to the Tab 1 questions.

    Download the UCaaS Readiness Questionnaire here

    Critical Path – Teams with Phone System Deployment

    A diagram that shows Critical Path – Teams with Phone System Deployment

    Example Ltd.’s Communications Guide

    A diagram that shows Example Ltd.’s Communications Guide

    [Insert Organization Name]’s Communications Guide

    A diagram that shows [Insert Organization Name]’s Communications Guide

    Related Info-Tech Research

    Photo of Modernize Communications and Collaboration Infrastructure

    Modernize Communications and Collaboration Infrastructure

    Organizations are losing productivity from managing the limitations of yesterday’s technology. The business is changing and the current communications solution no longer adequately connects end users. A new communications and collaboration infrastructure is due to replace or update the legacy infrastructure in place today.

    Photo of Establish a Communication and Collaboration System Strategy

    Establish a Communication and Collaboration System Strategy

    Communication and collaboration portfolios are overburdened with redundant and overlapping services. Between Office 365, Slack, Jabber, and WebEx, IT is supporting a collection of redundant apps. This redundancy takes a toll on IT, and on the user.

    Photo of Implement a Transformative IVR Experience That Empowers Your Customers

    Implement a Transformative IVR Experience That Empowers Your Customers

    Learn the strategies that will allow you to develop an effective interactive voice response (IVR) framework that supports self-service and improves the customer experience.

    Bibliography

    “8 Security Considerations for UCaaS.” Tech Guidance, Feb. 2022. Accessed March 2023.

    “2022 UCaaS & CCaaS market trends snapshot.” Masergy, 2022. Web.

    “All-in-one cloud communications.” Avaya, 2023. Accessed April 2023. Web.

    Carter, Rebekah. “UC Case Study in Focus: Microsoft Teams and GroupM.” UC Today, 9 May 2022. Accessed Feb. 2023.

    “Cisco Unified Communications Manager Cloud (Cisco UCM Cloud) Data Sheet.” Cisco, 15 Sept. 2021. Accessed Jan. 2023.

    “Cloud Adoption as Viewed by European Companies: Assessing the Impact on Public, Hybrid and Private Cloud Communications.” Mitel, 2018. Web.

    De Guzman, Marianne. “Unified Communications Security: The Importance of UCaaS Encryption.” Fit Small Business, 13 Dec. 2022. Accessed March 2023.

    “Evolution of Unified Communications.” TrueConf, n.d. Accessed March 2023. Web.

    Froehlich, Andrew. “Choose between Microsoft Teams vs. Zoom for conference needs.” TechTarget, 7 May 2021. Accessed March 2023.

    Gerwig, Kate. “UCaaS explained: Guide to unified communications as a service.” TechTarget, 29 March 2022. Accessed Jan. 2023.

    Irei, Alissa. “Emerging UCaaS trends include workflow integrations and AI.” TechTarget, 21 Feb 2020. Accessed Feb. 2023.

    Kuch, Mike. “What Is Unified Communications as a Service (UCaaS)?” Avaya, 27 Dec. 2022. Accessed Jan. 2023.

    Lazar, Irwin. “UC vendors extend mobile telephony capabilities.” TechTarget, 10 Feb. 2023. Accessed Mar 2023.

    McCain, Abby. "30 Essential Hybrid Work Statistics [2023]: The Future of Work." Zippia, 20 Feb. 2023. Accessed Mar 2023.

    “Meet the modern CIO: What CEOs expect from their IT leaders.” Freshworks, 2019. Web.

    “A New Era of Workplace Communications: Will You Lead or Be Left Behind.” No Jitter, 2018. Web.

    Plumley, Mike, et al. “Microsoft Teams IT architecture and voice solutions posters.’” Microsoft Teams, Microsoft, 14 Feb. 2023. Accessed March 2023.

    Rowe, Carolyn, et al. “Plan your Teams voice solution” Microsoft Learn, Microsoft, 1 Oct. 2022.

    Rowe, Carolyn, et al. “Microsoft Calling Plans for Teams.” Microsoft Learn, Microsoft, 23 May 2023.

    Rowe, Carolyn, et al. “Plan Direct Routing.” Microsoft Learn, Microsoft, 20 Feb. 2023.

    Scott, Rob. “Cisco vs. Microsoft Cloud Calling—Discussing the Options,” UC Today, 21 April 2022.

    Smith, Mike. “Microsoft Teams Phone Systems: 5 Deployment Options in 2020.” YouTube, uploaded by AeroCom Inc, 23 Oct. 2020.

    “UCaaS - Getting Started With Unified Communications As A Service.” Cloudscape, 10 Nov. 2022. Accessed March 2023.

    “UCaaS Market Accelerating 29% per year; RingCentral, 8x8, Mitel, BroadSoft and Vonage Lead.” Synergy Research Group, 16 Oct. 2017. Web.

    “UCaaS Statistics – The Future of Remote Work.” UC Today, 21 April 2022. Accessed Feb. 2023.

    “Workplace Collaboration: 2021-22.” Metrigy, 27 Jan. 2021. Web.

    Asset Management

    • Buy Link or Shortcode: {j2store}1|cart{/j2store}
    • Related Products: {j2store}1|crosssells{/j2store}
    • Up-Sell: {j2store}1|upsells{/j2store}
    • Download01-Title: Asset Management Executive Brief
    • Download-01: Visit Link
    • member rating overall impact: 9.1/10
    • member rating average dollars saved: $16,518
    • member rating average days saved: 19
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    Asset management has a clear impact on the financials of your company. Clear insights are essential to keep your spending at the right level.

    Asset Management

    Enhance Your Solution Architecture Practices

    • Buy Link or Shortcode: {j2store}157|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $33,359 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • In today’s world, business agility is essential to stay competitive. Quick responses to business needs through efficient development and deployment practices is critical for business value delivery.
    • A mature solution architecture practice is the basic necessity for a business to have technical agility.

    Our Advice

    Critical Insight

    Don’t architect for normal situations. That is a shallow approach and leads to decisions that may seem “right” but will not be able to stand up to system elasticity needs.

    Impact and Result

    • Understand the different parts of a continuous security architecture framework and how they may apply to your decisions.
    • Develop a solution architecture for upcoming work (or if there is a desire to reduce tech debt).

    Enhance Your Solution Architecture Practices Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Solution Architecture Practices Deck – A deck to help you develop an approach for or validate existing solution architecture capability.

    Translate stakeholder objectives into architecture requirements, solutions, and changes. Incorporate architecture quality attributes in decisions to increase your architecture’s life. Evaluate your solution architecture from multiple views to obtain a holistic perspective of the range of issues, risks, and opportunities.

    • Enhance Your Solution Architecture Practices – Phases 1-3

    2. Solution Architecture Template – A template to record the results from the exercises to help you define, detail, and make real your digital product vision.

    Identify and detail the value maps that support the business, and discover the architectural quality attribute that is most important for the value maps. Brainstorm solutions for design decisions for data, security, scalability, and performance.

    • Solution Architecture Template
    [infographic]

    Workshop: Enhance Your Solution Architecture Practices

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Vision and Value Maps

    The Purpose

    Document a vision statement for the solution architecture practice (in general) and/or a specific vision statement, if using a single project as an example.

    Document business architecture and capabilities.

    Decompose capabilities into use cases.

    Key Benefits Achieved

    Provide a great foundation for an actionable vision and goals that people can align to.

    Develop a collaborative understanding of business capabilities.

    Develop a collaborative understanding of use cases and personas that are relevant for the business.

    Activities

    1.1 Develop vision statement.

    1.2 Document list of value stream maps and their associated use cases.

    1.3 Document architectural quality attributes needed for use cases using SRME.

    Outputs

    Solution Architecture Template with sections filled out for vision statement canvas and value maps

    2 Continue Vision and Value Maps, Begin Phase 2

    The Purpose

    Map value stream to required architectural attributes.

    Prioritize architecture decisions.

    Discuss and document data architecture.

    Key Benefits Achieved

    An understanding of architectural attributes needed for value streams.

    Conceptual understanding of data architecture.

    Activities

    2.1 Map value stream to required architectural attributes.

    2.2 Prioritize architecture decisions.

    2.3 Discuss and document data architecture.

    Outputs

    Solution Architecture Template with sections filled out for value stream and architecture attribute mapping; a prioritized list of architecture design decisions; and data architecture

    3 Continue Phase 2, Begin Phase 3

    The Purpose

    Discuss security and threat assessment.

    Discuss resolutions to threats via security architecture decisions.

    Discuss system’s scalability needs.

    Key Benefits Achieved

    Decisions for security architecture.

    Decisions for scalability architecture.

    Activities

    3.1 Discuss security and threat assessment.

    3.2 Discuss resolutions to threats via security architecture decisions.

    3.3 Discuss system’s scalability needs.

    Outputs

    Solution Architecture Template with sections filled out for security architecture and scalability design

    4 Continue Phase 3, Start and Finish Phase 4

    The Purpose

    Discuss performance architecture.

    Compile all the architectural decisions into a solutions architecture list.

    Key Benefits Achieved

    A complete solution architecture.

    A set of principles that will form the foundation of solution architecture practices.

    Activities

    4.1 Discuss performance architecture.

    4.2 Compile all the architectural decisions into a solutions architecture list.

    Outputs

    Solution Architecture Template with sections filled out for performance and a complete solution architecture

    Further reading

    Enhance Your Solution Architecture Practice

    Ensure your software systems solution is architected to reflect stakeholders’ short- and long-term needs.

    Analyst Perspective

    Application architecture is a critical foundation for supporting the growth and evolution of application systems. However, the business is willing to exchange the extension of the architecture’s life with quality best practices for the quick delivery of new or enhanced application functionalities. This trade-off may generate immediate benefits to stakeholders, but it will come with high maintenance and upgrade costs in the future, rendering your system legacy early.

    Technical teams know the importance of implementing quality attributes into architecture but are unable to gain approval for the investments. Overcoming this challenge requires a focus of architectural enhancements on specific problem areas with significant business visibility. Then, demonstrate how quality solutions are vital enablers for supporting valuable application functionalities by tracing these solutions to stakeholder objectives and conducting business and technical risk and impact assessments through multiple business and technical perspectives.

    this is a picture of Andrew Kum-Seun

    Andrew Kum-Seun
    Research Manager, Applications
    Info-Tech Research Group

    Enhance Your Solution Architecture

    Ensure your software systems solution is architected to reflect stakeholders’ short- and long-term needs.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    • Most organizations have some form of solution architecture; however, it may not accurately and sufficiently support the current and rapidly changing business and technical environments.
    • To enable quick delivery, applications are built and integrated haphazardly, typically omitting architecture quality practices.

    Common Obstacles

    • Failing to involve development and stakeholder perspectives in design can lead to short-lived architecture and critical development, testing, and deployment constraints and risks being omitted.
    • Architects are experiencing little traction implementing solutions to improve architecture quality due to the challenge of tracing these solutions back to the right stakeholder objectives.

    Info-Tech's Approach

    • Translate stakeholder objectives into architecture requirements, solutions, and changes. Incorporate architecture quality attributes in decisions to increase your architecture’s life.
    • Evaluate your solution architecture from multiple views to obtain a holistic perspective of the range of issues, risks, and opportunities.
    • Regularly review and recalibrate your solution architecture so that it accurately reflects and supports current stakeholder needs and technical environments.

    Info-Tech Insight

    Well-received applications can have poor architectural qualities. Functional needs often take precedence over quality architecture. Quality must be baked into design, execution, and decision-making practices to ensure the right tradeoffs are made.

    A badly designed solution architecture is the root of all technical evils

    A well-thought-through and strategically designed solution architecture is essential for the long-term success of any software system, and by extension, the organization because:

    1. It will help achieve quality attribute requirements (security, scalability, performance, usability, resiliency, etc.) for a software system.
    2. It can define and refine architectural guiding principles. A solution architecture is not only important for today but also a vision for the future of the system’s ability to react positively to changing business needs.
    3. It can help build usable (and reusable) services. In a fast-moving environment, the convenience of having pre-made plug-and-play architectural objects reduces the risk incurred from knee-jerk reactions in response to unexpected demands.
    4. It can be used to create a roadmap to an IT future state. Architectural concerns support transition planning activities that can lead to the successful implementation of a strategic IT plan.

    Demand for quick delivery makes teams omit architectural best practices, increasing downstream risks

    In its need for speed, a business often doesn’t see the value in making sure architecture is maintainable, reusable, and scalable. This demand leads to an organizational desire for development practices and the procurement of vendors that favor time-to-market over long-term maintainability. Unfortunately, technical teams are pushed to omit design quality and validation best practices.

    What are the business impacts of omitting architecture design practices?

    Poor quality application architecture impedes business growth opportunities, exposes enterprise systems to risks, and consumes precious IT budgets in maintenance that could otherwise be used for innovation and new projects.

    Previous estimations indicate that roughly 50% of security problems are the result of software design. […] Flaws in the architecture of a software system can have a greater impact on various security concerns in the system, and as a result, give more space and flexibility for malicious users.(Source: IEEE Software)

    Errors in software requirements and software design documents are more frequent than errors in the source code itself according to Computer Finance Magazine. Defects introduced during the requirements and design phase are not only more probable but also more severe and more difficult to remove. (Source: iSixSigma)

    Design a solution architecture that can be successful within the constraints and complexities set before you

    APPLICATION ARCHITECTURE…

    … describes the dependencies, structures, constraints, standards, and development guidelines to successfully deliver functional and long-living applications. This artifact lays the foundation to discuss the enhancement of the use and operations of your systems considering existing complexities.

    Good architecture design practices can give you a number of benefits:

    Lowers maintenance costs by revealing key issues and risks early. The Systems Sciences Institute at IBM has reported that the cost to fix an error found after product release was 4 to 5 times as much as one uncovered during design.(iSixSigma)

    Supports the design and implementation activities by providing key insights for project scheduling, work allocation, cost analysis, risk management, and skills development.(IBM: developerWorks)

    Eliminates unnecessary creativity and activities on the part of designers and implementers, which is achieved by imposing the necessary constraints on what they can do and making it clear that deviation from constraints can break the architecture.(IBM: developerWorks)

    Use Info-Tech’s Continuous Solution Architecture (CSA) Framework for designing adaptable systems

    Solution architecture is not a one-size-fits-all conversation. There are many design considerations and trade-offs to keep in mind as a product or services solution is conceptualized, evaluated, tested, and confirmed. The following is a list of good practices that should inform most architecture design decisions.

    Principle 1: Design your solution to have at least two of everything.

    Principle 2: Include a “kill switch” in your fault-isolation design. You should be able to turn off everything you release.

    Principle 3: If it can be monitored, it should be. Use server and audit logs where possible.

    Principle 4: Asynchronous is better than synchronous. Asynchronous design is more complex but worth the processing efficiency it introduces.

    Principle 5: Stateless over stateful: State data should only be used if necessary.

    Principle 6: Go horizonal (scale out) over vertical (scale up).

    Principle 7: Good architecture comes in small packages.

    Principle 8: Practice just-in-time architecture. Delay finalizing an approach for as long as you can.

    Principle 9: X-ilities over features. Quality of an architecture is the foundation over which features exist. A weak foundation can never be obfuscated through shiny features.

    Principle 10: Architect for products not projects. A product is an ongoing concern, while a project is short lived and therefore only focused on what is. A product mindset forces architects to think about what can or should be.

    Principle 11: Design for rollback: When all else fails, you should be able to stand up the previous best state of the system.

    Principle 12: Test the solution architecture like you test your solution’s features.

    CSA should be used for every step in designing a solution’s architecture

    Solution architecture is a technical response to a business need, and like all complex evolutionary systems, must adapt its design for changing circumstances.

    The triggers for changes to existing solution architectures can come from, at least, three sources:

    1. Changing business goals
    2. Existing backlog of technical debt
    3. Solution architecture roadmap

    A solution’s architecture is cross-cutting and multi-dimensional and at the minimum includes:

    • Product Portfolio Strategy
    • Application Architecture
    • Data Architecture
    • Information Architecture
    • Operational Architecture

    along with several qualitative attributes (also called non-functional requirements).

    This image contains a chart which demonstrates the relationship between changing hanging business goals, Existing backlog of technical debt, Solution architecture roadmap, and Product Portfolio Strategy, Application Architecture, Data Architecture, Information Architecture and, Operational Architecture

    Related Research: Product Portfolio Strategy

    Integrate Portfolios to Create Exceptional Customer Value

    • Define an organizing principle that will structure your projects and applications in a way that matters to your stakeholders.
    • Bridge application and project portfolio data using the organizing principle that matters to communicate with stakeholders across the organization.
    • Create a dashboard that brings together the benefits of both project and application portfolio management to improve visibility and decision making.

    Deliver on Your Digital Portfolio Vision

    • Recognize that a vision is only as good as the data that backs it up. Lay out a comprehensive backlog with quality built in that can be effectively communicated and understood through roadmaps.
    • Your intent is only a dream if it cannot be implemented ; define what goes into a release plan via the release canvas.
    • Define a communication approach that lets everyone know where you are heading.

    Related Research: Data, Information & Integration Architecture

    Build a Data Architecture Roadmap

    • Have a framework in place to identify the appropriate solution for the challenge at hand. Our three-phase practical approach will help you build a custom and modernized data architecture.
    • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit and determine the corresponding data architecture tiers that need to be addressed.
    • Discover the best-practice trends, measure your current state, and define the targets for your data architecture tactics.
    • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

    Build a Data Pipeline for Reporting and Analytics

    • Understand your high-level business capabilities and interactions across them – your data repositories and flows should be just a digital reflection thereof.
    • Divide your data world in logical verticals overlaid with various speed data progression lanes, i.e. build your data pipeline – and conquer it one segment at a time.
    • Use the most appropriate database design pattern for a given phase/component in your data pipeline progression.

    Related Research:Operational Architecture

    Optimize Application Release Management

    • Acquire release management ownership. Ensure there is appropriate accountability for the speed and quality of the releases passing through the entire pipeline.
    • A release manager has oversight over the entire release process and facilitates the necessary communication between business stakeholders and various IT roles.
    • Instill holistic thinking. Release management includes all steps required to push release and change requests to production along with the hand-off to Operations and Support. Increase the transparency and visibility of the entire pipeline to ensure local optimizations do not generate bottlenecks in other areas.
    • Standardize and lay a strong release management foundation. Optimize the key areas where you are experiencing the most pain and continually improve.

    Build Your Infrastructure Roadmap

    • Increased communication. More information being shared to more people who need it.
    • Better planning. More accurate information being shared.
    • Reduced lead times. Less due diligence or discovery work required as part of project implementations.
    • Faster delivery times. Less low-value work, freeing up more time for project work.

    Related Research:Security Architecture

    Identify Opportunities to Mature the Security Architecture

    • A right-sized security architecture can be created by assessing the complexity of the IT department, the operations currently underway for security, and the perceived value of a security architecture within the organization. This will bring about a deeper understanding of the organizational infrastructure.
    • Developing a security architecture should also result in a list of opportunities (i.e. initiatives) that an organization can integrate into a roadmap. These initiatives will seek to improve security operations and strengthen the IT department’s understanding of security’s role within the organization.
    • A better understanding of the infrastructure will help to save time on determining the correct technologies required from vendors, and therefore, cut down on the amount of vendor noise.
    • Creating a defensible roadmap will assist with justifying future security spend.

    Key deliverable:

    Solution Architecture Template
    Record the results from the exercises to help you define, detail, and make real your digital product vision.

    Blueprint Deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    This image contains screenshots of the deliverables which will be discussed later in this blueprint

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.

    Guided Implementation

    Our team knows that we need to fix a process, but we need assistance to determine where to focus. some check-ins along the way would help keep us on track

    Workshop

    We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place

    Consulting

    Our team does not have the time or the knowledge to take this project on. we need assistance through the entirety of this project.

    Diagnostics and consistent frameworks are used throughout all four options

    Workshop Overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4
    Exercises
    1. Articulate an architectural vision
    2. Develop dynamic value stream maps
    1. Create a conceptual map between the value stream, use case, and required architectural attribute
    2. Create a prioritized list of architectural attributes
    3. Develop a data architecture that supports transactional and analytical needs
    1. Document security architecture risks and mitigations
    2. Document scalability architecture
    1. Document performance-enhancing architecture
    2. Bring it all together
    Outcomes
    1. Architecture vision
    2. Dynamic value stream maps (including user stories/personas)
    1. List of required architectural attributes
    2. Architectural attributes prioritized
    3. Data architecture design decisions
    1. Security threat and risk analysis
    2. Security design decisions
    3. Scalability design decisions
    1. Performance design decisions
    2. Finalized decisions

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.
    This GI is between 8 to 10 calls over the course of approximately four to six months.

    Phase 1 Phase 2 Phase 2
    Call #1:
    Articulate an architectural vision.
    Call #4:
    Continue discussion on value stream mapping and related use cases.
    Call #6:
    Document security design decisions.
    Call #2:
    Discuss value stream mapping and related use cases.
    Call #5:
    • Map the value streams to required architectural attribute.
    • Create a prioritized list of architectural attributes.
    Call #7:
    • Document scalability design decisions.
    • Document performance design decisions.
    Call #3:
    Continue discussion on value stream mapping and related use cases.
    Call #8:
    Bring it all together.

    Phase 1: Visions and Value Maps

    Phase 1

    1.1 Articulate an Architectural Vision
    1.2 Develop Dynamic Value Stream Maps
    1.3 Map Value Streams, Use Cases, and Required Architectural Attributes
    1.4 Create a Prioritized List of Architectural Attributes

    Phase 2

    2.1 Develop a Data Architecture That Supports Transactional and Analytical Needs
    2.2 Document Security Architecture Risks and Mitigations

    Phase 3

    3.1 Document Scalability Architecture
    3.2 Document Performance Enhancing Architecture
    3.3 Combine the Different Architecture Design Decisions Into a Unified Solution Architecture

    This phase will walk you through the following activities:

    • Determine a vision for architecture outcomes
    • Draw dynamic value stream maps
    • Derive architectural design decisions
    • Prioritize design decisions

    This phase involves the following participants:

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect
    • Database Architect
    • Enterprise Architect

    Enhance Your Solution Architecture Practice

    Let’s get this straight: You need an architectural vision

    If you start off by saying I want to architect a system, you’ve already lost. Remember what a vision is for!

    An architectural vision...

    … is your North Star

    Your product vision serves as the single fixed point for product development and delivery.

    … aligns stakeholders

    It gets everyone on the same page.

    … helps focus on meaningful work

    There is no pride in being a rudderless ship. It can also be very expensive.

    And eventually...

    … kick-starts your strategy

    We know where to go, we know who to bring along, and we know the steps to get there. Let’s plan this out.

    An architectural vision is multi-dimensional

    Who is the target customer (or customers)?

    What is the key benefit a customer can get from using our service or product?

    Why should they be engaged with you?

    What makes our service or product better than our competitors?

    (Adapted from Crossing the Chasm)

    Info-Tech Insight

    It doesn’t matter if you are delivering value to internal or external stakeholders, you need a product vision to ensure everyone understands the “why.”

    Use a canvas as the dashboard for your architecture

    The solution architecture canvas provides a single dashboard to quickly define and communicate the most important information about the vision. A canvas is an effective tool for aligning teams and providing an executive summary view.

    This image contains a sample canvas for you to use as the dashboard for your architecture. The sections are: Solution Name, Tracking Info, Vision, Business Goals, Metrics, Personas, and Stakeholders.

    Leverage the solution architecture canvas to state and inform your architecture vision

    This image contains the sample canvas from the previous section, with annotations explaining what to do for each of the headings.

    1.1 Craft a vision statement for your solution’s architecture

    1. Use the product canvas template provided for articulating your solution’s architecture.

    *If needed, remove or add additional data points to fit your purposes.

    There are different statement templates available to help form your product vision statements. Some include:

    • For [our target customer], who [customer’s need], the [product] is a [product category or description] that [unique benefits and selling points]. Unlike [competitors or current methods], our product [main differentiators].
    • We believe (in) a [noun: world, time, state, etc.] where [persona] can [verb: do, make, offer, etc.], for/by/with [benefit/goal].
    • To [verb: empower, unlock, enable, create, etc.] [persona] to [benefit, goal, future state].
    • Our vision is to [verb: build, design, provide] the [goal, future state] to [verb: help, enable, make it easier to...] [persona].

    (Adapted from Crossing the Chasm)

    Download the Solution Architecture Template and document your vision statement.

    Input

    • Business Goals
    • Product Portfolio Vision

    Output

    • Solution Architecture Vision

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • IT Leadership
    • Business Leadership

    Solution Architecture Canvas: Refine your vision statement

    This image contains a screenshot of the canvas from earlier in the blueprint, with only the annotation for Solution Name: Vision, unique value proposition, elevator pitch, or positioning statement.

    Understand your value streams before determining your solution’s architecture

    Business Strategy

    Sets and communicates the direction of the entire organization.

    Value Stream

    Segments, groups, and creates a coherent narrative as to how an organization creates value.

    Business Capability Map

    Decomposes an organization into its component parts to establish a common language across the organization.

    Execution

    Implements the business strategy through capability building or improvement projects.

    Identify your organization’s goals and define the value streams that support them

    Goal

    Revenue Growth

    Value Streams

    Stream 1- Product Purchase
    Stream 2- Customer Acquisition
    stream 3- Product Financing

    There are many techniques that help with constructing value streams and their capabilities.

    Domain-driven design is a technique that can be used for hypothesizing the value maps, their capabilities, and associated solution architecture.

    Read more about domain-driven design here.

    Value streams can be external (deliver value to customers) or internal (support operations)

      External Perspective

    1. Core value streams are mostly externally facing: they deliver value to either an external/internal customer and they tie to the customer perspective of the strategy map.
    • E.g. customer acquisition, product purchase, product delivery

    Internal Perspective

  • Support value streams are internally facing: they provide the foundational support for an organization to operate.
    • E.g. employee recruitment to retirement

    Key Questions to Ask While Evaluating Value Streams

    • Who are your customers?
    • What benefits do we deliver to them?
    • How do we deliver those benefits?
    • How does the customer receive the benefits?
    This image contains an example of value streams. The main headings are: Customer Acquisitions, Product Purchase, Product Delivery, Confirm Order, Product Financing, and Product Release.

    Value streams highlight the what, not the how

    Value chains set a high-level context, but architectural decisions still need to be made to deal with the dynamism of user interaction and their subsequent expectations. User stories (and/or use cases) and themes are great tools for developing such decisions.

    Product Delivery

    1. Order Confirmation
    2. Order Dispatching
    3. Warehouse Management
    4. Fill Order
    5. Ship Order
    6. Deliver Order

    Use Case and User Story Theme: Confirm Order

    This image shows the relationship between confirming the customer's order online, and the Online Buyer, the Online Catalog, the Integrated Payment, and the Inventory Lookup.

    The use case Confirming Customer’s Online Order has four actors:

    1. An Online Buyer who should be provided with a catalog of products to purchase from.
    2. An Online Catalog that is invoked to display its contents on demand.
    3. An Integrated Payment system for accepting an online form of payment (credit card, Bitcoins, etc.) in a secure transaction.
    4. An Inventory Lookup module that confirms there is stock available to satisfy the Online Buyer’s order.

    Info-Tech Insight

    Each use case theme links back to a feature(s) in the product backlog.

    Related Research

    Deliver on Your Digital Portfolio Vision

    • Recognize that a vision is only as good as the data that backs it up. Lay out a comprehensive backlog with quality built in that can be effectively communicated and understood through roadmaps.
    • Your intent is only a dream if it cannot be implemented – define what goes into a release plan via the release canvas.
    • Define a communication approach that lets everyone know where you are heading.

    Document Your Business Architecture

    • Recognize the opportunity for architecture work, analyze the current and target states of your business strategy, and identify and engage the right stakeholders.
    • Model the business in the form of architectural blueprints.
    • Apply business architecture techniques such as strategy maps, value streams, and business capability maps to design usable and accurate blueprints of the business.
    • Drive business architecture forward to promote real value to the organization.
    • Assess your current projects to determine if you are investing in the right capabilities. Conduct business capability assessments to identify opportunities and to prioritize projects.

    1.2 Document dynamic value stream maps

    1. Create value stream maps that support your business objectives.
    • The value stream maps could belong to existing or new business objectives.
  • For each value stream map:
    • Determine use case(s), the actors, and their expected activity.

    *Refer to the next slide for an example of a dynamic value stream map.

    Download the Solution Architecture Template for documentation of dynamic value stream map

    Input

    • Business Goals
    • Some or All Existing Business Processes
    • Some or All Proposed New Business Processes

    Output

    • Dynamic Value Stream Maps for Multiple Use Roles and Use Cases

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect

    Example: Dynamic value stream map

    Loan Provision*

    *Value Stream Name: Usually has the same name as the capability it illustrates.

    Loan Application**; Disbursement of Fund**; Risk Management**; Service Accounts**

    **Value Stream Components: Specific functions that support the successful delivery of a value stream.

    Disbursement of Funds

    This image shows the relationship between depositing the load into the applicant's bank account, and the Applicant's bank, the Loan Applicant, and the Loan Supplier.

    Style #1:

    The use case Disbursement of Funds has three actors:

    1. A Loan Applicant who applied for a loan and got approved for one.
    2. A Loan Supplier who is the source for the funds.
    3. The Applicant’s Bank that has an account into which the funds are deposited.

    Style # 2:

    Loan Provision: Disbursement of Funds
    Use Case Actors Expectation
    Deposit Loan Into Applicant’s Bank Account
    1. Loan Applicant
    2. Loan Supplier
    3. Applicant’s Bank
    1. Should be able to see deposit in bank account
    2. Deposit funds into account
    3. Accept funds into account

    Mid-Phase 1 Checkpoint

    By now, the following items are ideally completed:

    • Mid-Phase 1 Checkpoint

    Start with an investigation of your architecture’s qualitative needs

    Quality attributes can be viewed as the -ilities (e.g. scalability, usability, reliability) that a software system needs to provide. A system not meeting any of its quality attribute requirements will likely not function as required. Examples of quality attributes are:

    1. Slow system response time
    2. Security breaches that result in loss of personal data
    3. A product feature upgrade that is not compatible with previous versions
    Examples of Qualitative Attributes
    Performance Compatibility Usability Reliability Security Maintainability
    • Response Time
    • Resource Utilization
    • System Capacity
    • Interoperability
    • Accessibility
    • User Interface
    • Intuitiveness
    • Availability
    • Fault Tolerance
    • Recoverability
    • Integrity
    • Non-Repudiation
    • Modularity
    • Reusability
    • Modifiability
    • Testability

    Focus on quality attributes that are architecturally significant.

    • Not every system requires every quality attribute.
    • Pay attention to those attributes without which the solution will not be able to satisfy a user’s abstract* expectation.
    • This set can be considered Architecturally Significant Requirements (ASR). ASR concern scenarios have the most impact on the architecture of the software system.
    • ASR are fundamental needs of the system and changing them in the future can be a costly and difficult exercise.

    *Abstract since attributes like performance and reliability are not directly measurable by a user.

    Stimulus Response Measurement Environmental Context

    For applicable use cases: (*Adapted from S Carnegie Mellon University, 2000)

    1. Determine the Stimulus (temporal, external, or internal) that puts stress on the system. For example, a VPN-accessed hospital management system is used for nurses to login at 8am every weekday.
    2. Describe how the system should Respond to the stimulus. For example, the hospital management system should complete a nurse login under 10ms on initiation of the HTTPS request.
    3. Set a Measurement criteria for determining the success of the response to the stimulus. For example, the system should be able to successfully respond to 98% of the HTTPS requests the first time.
    4. Note the environmental context under which the stimulus occurs, including any unusual conditions in effect.
    • The hospital management system needs to respond in under 10ms under typical load or peak load?
    • What is the time variance of peak loads, for example, an e-commerce system during a Black Friday sale?
    • How big is the peak load?

    Info-Tech Insight

    Three out of four is bad. Don’t architect for normal situations because the solution will be fragile and prone to catastrophic failure under unexpected events.
    Read article: Retail sites crash under weight of online Black Friday shoppers.

    Discover and evaluate the qualitative attributes needed for use cases or user stories

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    User Loan Applicant
    Expectations On login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From System System creates a connection to the data source and renders it on the screen in under 10ms.
    Measurement Under Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute Required Required Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.
    Required Attribute # 2: Data Reliability
    • Design Decision: Use event-driven ETL pipelines.
    Required Attribute # 3: Scalability
    • Design Decision: Following Principle # 4 of the CSA (JIT Architecture), delay decision until necessary.

    Use cases developed in Phase 1.2 should be used here. (Adapted from the ATAM Utility Tree Method for Quality Attribute Engineering)

    Reduce technical debt while you are at it

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    UserLoan Applicant
    ExpectationsOn login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From SystemSystem creates a connection to the data source and renders it on the screen in under 10ms.
    MeasurementUnder Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute RequiredRequired Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.

    Required Attribute # 2: Data Reliability

    • Expected is 15ms or less under peak loads, but average latency is 21ms.
    • Design Decision: Use event-driven ETL pipelines.

    Required Attribute # 3: Scalability

    • Data should not be stale and should sync instantaneously, but in some zip codes data synchronization is taking 8 hours.
    • Design Decision: Investigate integrations and flows across application, database, and infrastructure. (Note: A dedicated section for discussing scalability is presented in Phase 2.)

    1.3 Create a conceptual map between the value streams, use cases, and required architectural attributes

    1. For selected use cases completed in Phase 1.2:
    • Map the value stream to its associated use cases.
    • For each use case, list the required architectural quality attributes.

    Download the Solution Architecture Template for mapping value stream components to their required architectural attribute.

    Input

    • Use Cases
    • User Roles
    • Stimulus to System
    • Response From System
    • Response Measurement

    Output

    • List of Architectural Quality Attributes

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Example for Phase 1.3

    Loan Provision

    Loan Application → Disbursement of Funds → Risk Management → Service Accounts

    Value Stream Component Use Case Required Architectural Attribute
    Loan Application UC1: Submit Loan Application
    UC2: Review Loan Application
    UC3: Approve Loan Application
    UCn: ……..
    UC1: Resilience, Data Reliability
    UC2: Data Reliability
    UC3: Scalability, Security, Performance
    UCn: …..
    Disbursement of Funds UC1: Deposit Funds Into Applicant’s Bank Account
    UCn: ……..
    UC1: Performance, Scalability, Data Reliability
    Risk Management ….. …..
    Service Accounts ….. …..

    1.2 Document dynamic value stream maps

    1. Create value stream maps that support your business objectives.
    • The value stream maps could belong to existing or new business objectives.
  • For each value stream map:
    • Determine use case(s), the actors, and their expected activity.

    *Refer to the next slide for an example of a dynamic value stream map.

    Download the Solution Architecture Template for documentation of dynamic value stream map

    Input

    • Business Goals
    • Some or All Existing Business Processes
    • Some or All Proposed New Business Processes

    Output

    • Dynamic Value Stream Maps for Multiple Use Roles and Use Cases

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect

    Example: Dynamic value stream map

    Loan Provision*

    *Value Stream Name: Usually has the same name as the capability it illustrates.

    Loan Application**; Disbursement of Fund**; Risk Management**; Service Accounts**

    **Value Stream Components: Specific functions that support the successful delivery of a value stream.

    Disbursement of Funds

    This image shows the relationship between depositing the load into the applicant's bank account, and the Applicant's bank, the Loan Applicant, and the Loan Supplier.

    Style #1:

    The use case Disbursement of Funds has three actors:

    1. A Loan Applicant who applied for a loan and got approved for one.
    2. A Loan Supplier who is the source for the funds.
    3. The Applicant’s Bank that has an account into which the funds are deposited.

    Style # 2:

    Loan Provision: Disbursement of Funds
    Use Case Actors Expectation
    Deposit Loan Into Applicant’s Bank Account
    1. Loan Applicant
    2. Loan Supplier
    3. Applicant’s Bank
    1. Should be able to see deposit in bank account
    2. Deposit funds into account
    3. Accept funds into account

    Mid-Phase 1 Checkpoint

    By now, the following items are ideally completed:

    • Mid-Phase 1 Checkpoint

    Start with an investigation of your architecture’s qualitative needs

    Quality attributes can be viewed as the -ilities (e.g. scalability, usability, reliability) that a software system needs to provide. A system not meeting any of its quality attribute requirements will likely not function as required. Examples of quality attributes are:

    1. Slow system response time
    2. Security breaches that result in loss of personal data
    3. A product feature upgrade that is not compatible with previous versions
    Examples of Qualitative Attributes
    Performance Compatibility Usability Reliability Security Maintainability
    • Response Time
    • Resource Utilization
    • System Capacity
    • Interoperability
    • Accessibility
    • User Interface
    • Intuitiveness
    • Availability
    • Fault Tolerance
    • Recoverability
    • Integrity
    • Non-Repudiation
    • Modularity
    • Reusability
    • Modifiability
    • Testability

    Focus on quality attributes that are architecturally significant.

    • Not every system requires every quality attribute.
    • Pay attention to those attributes without which the solution will not be able to satisfy a user’s abstract* expectation.
    • This set can be considered Architecturally Significant Requirements (ASR). ASR concern scenarios have the most impact on the architecture of the software system.
    • ASR are fundamental needs of the system and changing them in the future can be a costly and difficult exercise.

    *Abstract since attributes like performance and reliability are not directly measurable by a user.

    Stimulus Response Measurement Environmental Context

    For applicable use cases: (*Adapted from S Carnegie Mellon University, 2000)

    1. Determine the Stimulus (temporal, external, or internal) that puts stress on the system. For example, a VPN-accessed hospital management system is used for nurses to login at 8am every weekday.
    2. Describe how the system should Respond to the stimulus. For example, the hospital management system should complete a nurse login under 10ms on initiation of the HTTPS request.
    3. Set a Measurement criteria for determining the success of the response to the stimulus. For example, the system should be able to successfully respond to 98% of the HTTPS requests the first time.
    4. Note the environmental context under which the stimulus occurs, including any unusual conditions in effect.
    • The hospital management system needs to respond in under 10ms under typical load or peak load?
    • What is the time variance of peak loads, for example, an e-commerce system during a Black Friday sale?
    • How big is the peak load?

    Info-Tech Insight

    Three out of four is bad. Don’t architect for normal situations because the solution will be fragile and prone to catastrophic failure under unexpected events.
    Read article: Retail sites crash under weight of online Black Friday shoppers.

    Discover and evaluate the qualitative attributes needed for use cases or user stories

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    User Loan Applicant
    Expectations On login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From System System creates a connection to the data source and renders it on the screen in under 10ms.
    Measurement Under Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute Required Required Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.
    Required Attribute # 2: Data Reliability
    • Design Decision: Use event-driven ETL pipelines.
    Required Attribute # 3: Scalability
    • Design Decision: Following Principle # 4 of the CSA (JIT Architecture), delay decision until necessary.

    Use cases developed in Phase 1.2 should be used here. (Adapted from the ATAM Utility Tree Method for Quality Attribute Engineering)

    Reduce technical debt while you are at it

    Deposit Loan Into Applicant’s Bank Account

    Assume analysis is being done for a to-be developed system.

    UserLoan Applicant
    ExpectationsOn login to the web system, should be able to see accurate bank balance after loan funds are deposited.
    User signs into the online portal and opens their account balance page.
    Expected Response From SystemSystem creates a connection to the data source and renders it on the screen in under 10ms.
    MeasurementUnder Normal Loads:
    • Response in 10ms or less
    • Data should not be stale
    Under Peak Loads:
    • Response in 15ms or less
    • Data should not be stale
    Quality Attribute RequiredRequired Attribute # 1: Performance
    • Design Decision: Reduce latency by placing authorization components closer to user’s location.

    Required Attribute # 2: Data Reliability

    • Expected is 15ms or less under peak loads, but average latency is 21ms.
    • Design Decision: Use event-driven ETL pipelines.

    Required Attribute # 3: Scalability

    • Data should not be stale and should sync instantaneously, but in some zip codes data synchronization is taking 8 hours.
    • Design Decision: Investigate integrations and flows across application, database, and infrastructure. (Note: A dedicated section for discussing scalability is presented in Phase 2.)

    1.3 Create a conceptual map between the value streams, use cases, and required architectural attributes

    1. For selected use cases completed in Phase 1.2:
    • Map the value stream to its associated use cases.
    • For each use case, list the required architectural quality attributes.

    Download the Solution Architecture Template for mapping value stream components to their required architectural attribute.

    Input

    • Use Cases
    • User Roles
    • Stimulus to System
    • Response From System
    • Response Measurement

    Output

    • List of Architectural Quality Attributes

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Prioritize architectural quality attributes to ensure a right-engineered solution

    Trade-offs are inherent in solution architecture. Scaling systems may impact performance and weaken security, while fault-tolerance and redundancy may improve availability but at higher than desired costs. In the end, the best solution is not always perfect, but balanced and right-engineered (versus over- or under-engineered).

    Loan Provision

    Loan Application → Disbursement of Funds → Risk Management → Service Accounts

    1. Map architecture attributes against the value stream components.
    • Use individual use cases to determine which attributes are needed for a value stream component.
    This image contains a screenshot of the table showing the importance of scalability, resiliance, performance, security, and data reliability for loan application, disbursement of funds, risk management, and service accounts.

    In our example, the prioritized list of architectural attributes are:

    • Security (4 votes for Very Important)
    • Data Reliability (2 votes for Very Important)
    • Scalability (1 vote for Very Important and 1 vote for Fairly Important) and finally
    • Resilience (1 vote for Very Important, 0 votes for Fairly Important and 1 vote for Mildly Important)
    • Performance (0 votes for Very Important, 2 votes for Fairly Important)

    1.4 Create a prioritized list of architectural attributes (from 1.3)

    1. Using the tabular structure shown on the previous slide:
    • Map each value stream component against architectural quality attributes.
    • For each mapping, indicate its importance using the green, blue, and yellow color scheme.

    Download the Solution Architecture Template and document the list of architectural attributes by priority.

    Input

    • List of Architectural Attributes From 1.3

    Output

    • Prioritized List of Architectural Attributes

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    End of Phase 1

    At the end of this Phase, you should have completed the following activities:

    • Documented a set of dynamic value stream maps along with selected use cases.
    • Using the SRME framework, identified quality attributes for the system under investigation.
    • Prioritized quality attributes for system use cases.

    Phase 2: Multi-Purpose Data and Security Architecture

    Phase 1

    1.1 Articulate an Architectural Vision
    1.2 Develop Dynamic Value Stream Maps
    1.3 Map Value Streams, Use Cases, and Required Architectural Attributes
    1.4 Create a Prioritized List of Architectural Attributes

    Phase 2

    2.1 Develop a Data Architecture That Supports Transactional and Analytical Needs
    2.2 Document Security Architecture Risks and Mitigations

    Phase 3

    3.1 Document Scalability Architecture
    3.2 Document Performance Enhancing Architecture
    3.3 Combine the Different Architecture Design Decisions Into a Unified Solution Architecture

    This phase will walk you through the following activities:

    • Understand the scalability, performance, resilience, and security needs of the business.

    This phase involves the following participants:

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect
    • Database Architect
    • Enterprise Architect

    Enhance Your Solution Architecture Practice

    Fragmented data environments need something to sew them together

    • A full 93% of enterprises have a multi-cloud strategy, with 87% having a hybrid-cloud environment in place.
    • On average, companies have data stored in 2.2 public and 2.2 private clouds as well as in various on-premises data repositories.
    This image contains a breakdown of the cloud infrastructure, including single cloud versus multi-cloud.

    Source: Flexera

    In addition, companies are faced with:

    • Access and integration challenges (Who is sending the data? Who is getting it? Can we trust them?)
    • Data format challenges as data may differ for each consumer and sender of data
    • Infrastructure challenges as data repositories/processors are spread out over public and private clouds, are on premises, or in multi-cloud and hybrid ecosystems
    • Structured vs. unstructured data

    A robust and reliable integrated data architecture is essential for any organization that aspires to be relevant and impactful in its industry.

    Data’s context and influence on a solution’s architecture cannot be overestimated

    Data used to be the new oil. Now it’s the life force of any organization that has serious aspirations of providing profit-generating products and services to customers. Architectural decisions about managing data have a significant impact on the sustainability of a software system as well as on quality attributes such as security, scalability, performance, and availability.

    Storage and Processing go hand in hand and are the mainstay of any data architecture. Due to their central position of importance, an architecture decision for storage and processing must be well thought through or they become the bottleneck in an otherwise sound system.

    Ingestion refers to a system’s ability to accept data as an input from heterogenous sources, in different formats, and at different intervals.

    Dissemination is the set of architectural design decisions that make a system’s data accessible to external consumers. Major concerns involve security for the data in motion, authorization, data format, concurrent requests for data, etc.

    Orchestration takes care of ensuring data is current and reliable, especially for systems that are decentralized and distributed.

    Data architecture requires alignment with a hybrid data management plan

    Most companies have a combination of data. They have data they own using on-premises data sources and on the cloud. Hybrid data management also includes external data, such as social network feeds, financial data, and legal information amongst many others.

    Data integration architectures have typically been put in one of two major integration patterns:

    Application to Application Integration (or “speed matters”) Analytical Data Integrations (or “send it to me when its all done”)
    • This domain is concerned with ensuring communication between processes.
    • Examples include patterns such as Service-Oriented Architecture, REST, Event Hubs and Enterprise Service Buses.
    • This domain is focused on integrating data from transactional processes towards enterprise business intelligence. It supports activities that require well-managed data to generate evidence-based insights.
    • Examples of this pattern are ELT, enterprise data warehouses, and data marts.

    Sidebar

    Difference between real-time, batch, and streaming data movements

    Real-Time

    • Reacts to data in seconds or even quicker.
    • Real-time systems are hard to implement.

    Batch

    • Batch processing deals with a large volume of data all at once and data-related jobs are typically completed simultaneously in non-stop, sequential order.
    • Batch processing is an efficient and low-cost means of data processing.
    • Execution of batch processing jobs can be controlled manually, providing further control over how the system treats its data assets.
    • Batch processing is only useful if there are no requirements for data to be fresh and current. Real-time systems are suited to processing data that requires these attributes.

    Streaming

    • Stream processing allows almost instantaneous analysis of data as it streams from one device to another.
    • Since data is analyzed quickly, storage may not be a concern (since only computed data is stored while raw data can be dispersed).
    • Streaming requires the flow of data into the system to equal the flow of data computing, otherwise issues of data storage and performance can rise.

    Modern data ingestion and dissemination frameworks keep core data assets current and accessible

    Data ingestion and dissemination frameworks are critical for keeping enterprise data current and relevant.

    Data ingestion/dissemination frameworks capture/share data from/to multiple data sources.

    Factors to consider when designing a data ingestion/dissemination architecture

    What is the mode for data movement?

    • The mode for data movement is directly influenced by the size of data being moved and the downstream requirements for data currency.
    • Data can move in real-time, as a batch, or as a stream.

    What is the ingestion/dissemination architecture deployment strategy?

    • Outside of critical security concerns, hosting on the cloud vs. on premises leads to a lower total cost of ownership (TCO) and a higher return on investment (ROI).

    How many different and disparate data sources are sending/receiving data?

    • Stability comes if there is a good idea about the data sources/recipient and their requirements.

    What are the different formats flowing through?

    • Is the data in the form of data blocks? Is it structured, semi-unstructured, or unstructured?

    What are expected performance SLAs as data flow rate changes?

    • Data change rate is defined as the size of changes occurring every hour. It helps in selecting the appropriate tool for data movement.
    • Performance is a derivative of latency and throughput, and therefore, data on a cloud is going to have higher latency and lower throughput then if it is kept on premises.
    • What is the transfer data size? Are there any file compression and/or file splits applied on the data? What is the average and maximum size of a block object per ingestion/dissemination operation?

    What are the security requirements for the data being stored?

    • The ingestion/dissemination framework should be able to work through a secure tunnel to collect/share data if needed.

    Sensible storage and processing strategy can improve performance and scalability and be cost-effective

    The range of options for data storage is staggering...

    … but that’s a good thing because the range of data formats that organizations must deal with is also richer than in the past.

    Different strokes for different workloads.

    The data processing tool to use may depend upon the workloads the system has to manage.

    Expanding upon the Risk Management use case (as part of the Loan Provision Capability), one of the outputs for risk assessment is a report that conducts a statistical analysis of customer profiles and separates those that are possibly risky. The data for this report is spread out across different data systems and will need to be collected in a master data management storage location. The business and data architecture team have discussed three critical system needs, noted below:

    Data Management Requirements for Risk Management Reporting Data Design Decision
    Needs to query millions of relational records quickly
    • Strong indexing
    • Strong caching
    • Message queue
    Needs a storage space for later retrieval of relational data
    • Data storage that scales as needed
    Needs turnkey geo-replication mechanism with document retrieval in milliseconds
    • Add NoSQL with geo-replication and quick document access

    Keep every core data source on the same page through orchestration

    Data orchestration, at its simplest, is the combination of data integration, data processing, and data concurrency management.

    Data pipeline orchestration is a cross-cutting process that manages the dependencies between your data integration tasks and scheduled data jobs.

    A task or application may periodically fail, and therefore, as a part of our data architecture strategy, there must be provisions for scheduling, rescheduling, replaying, monitoring, retrying, and debugging the entire data pipeline in a holistic way.

    Some of the functionality provided by orchestration frameworks are:

    • Job scheduling
    • Job parametrization
    • SLAs tracking, alerting, and notification
    • Dependency management
    • Error management and retries
    • History and audit
    • Data storage for metadata
    • Log aggregation
    Data Orchestration Has Three Stages
    Organize Transform Publicize
    Organizations may have legacy data that needs to be combined with new data. It’s important for the orchestration tool to understand the data it deals with. Transform the data from different sources into one standard type. Make transformed data easily accessible to stakeholders.

    2.1 Discuss and document data architecture decisions

    1. Using the value maps and associated use cases from Phase 1, determine the data system quality attributes.
    2. Use the sample tabular layout on the next slide or develop one of your own.

    Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Value Maps and Use Cases

    Output

    • Initial Set of Data Design Decisions

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Example: Data Architecture

    Data Management Requirements for Risk Management Reporting Data Design Decision
    Needs to query millions of relational records quickly
    • Strong indexing
    • Strong caching
    • Message queue
    Needs a storage space for later retrieval of relational data
    • Data storage that scales as needed
    Needs turnkey geo-replication mechanism with document retrieval in milliseconds
    • Add NoSQL with geo-replication and quick document access

    There is no free lunch when making the most sensible security architecture decision; tradeoffs are a necessity

    Ensuring that any real system is secure is a complex process involving tradeoffs against other important quality attributes (such as performance and usability). When architecting a system, we must understand:

    • Its security needs.
    • Its security threat landscape.
    • Known mitigations for those threats to ensure that we create a system with sound security fundamentals.

    The first thing to do when determining security architecture is to conduct a threat and risk assessment (TRA).

    This image contains a sample threat and risk assessment. The steps are Understand: Until we thoroughly understand what we are building, we cannot secure it. Structure what you are building, including: System boundary, System structure, Databases, Deployment platform; Analyze: Use techniques like STRIDE and attack trees to analyze what can go wrong and what security problems this will cause; Mitigate: The security technologies to use, to mitigate your concerns, are discussed here. Decisions about using single sign-on (SSO) or role-based access control (RBAC), encryption, digital signatures, or JWT tokens are made. An important part of this step is to consider tradeoffs when implementing security mechanisms; validate: Validation can be done by experimenting with proposed mitigations, peer discussion, or expert interviews.

    Related Research

    Optimize Security Mitigation Effectiveness Using STRIDE

    • Have a clear picture of:
      • Critical data and data flows
      • Organizational threat exposure
      • Security countermeasure deployment and coverage
    • Understand which threats are appropriately mitigated and which are not.
    • Generate a list of initiatives to close security gaps.
    • Create a quantified risk and security model to reassess program and track improvement.
    • Develop measurable information to present to stakeholders.

    The 3A’s of strong security: authentication, authorization, and auditing

    Authentication

    Authentication mechanisms help systems verify that a user is who they claim to be.

    Examples of authentication mechanisms are:

    • Two-Factor Authentication
    • Single Sign-On
    • Multi-Factor Authentication
    • JWT Over OAUTH

    Authorization

    Authorization helps systems limit access to allowed features, once a user has been authenticated.

    Examples of authentication mechanisms are:

    • RBAC
    • Certificate Based
    • Token Based

    Auditing

    Securely recording security events through auditing proves that our security mechanisms are working as intended.

    Auditing is a function where security teams must collaborate with software engineers early and often to ensure the right kind of audit logs are being captured and recorded.

    Info-Tech Insight

    Defects in your application software can compromise privacy and integrity even if cryptographic controls are in place. A security architecture made after thorough TRA does not override security risk introduced due to irresponsible software design.

    Examples of threat and risk assessments using STRIDE and attack trees

    STRIDE is a threat modeling framework and is composed of:

    • Spoofing or impersonation of someone other than oneself
    • Tampering with data and destroying its integrity
    • Repudiation by bypassing system identity controls
    • Information disclosure to unauthorized persons
    • Denial of service that prevents system or parts of it from being used
    • Elevation of privilege so that attackers get rights they should not have
    Example of using STRIDE for a TRA on a solution using a payment system This image contains a sample attack tree.
    Spoofing PayPal Bad actor can send fraudulent payment request for obtaining funds.
    Tampering PayPal Bad actor accesses data base and can resend fraudulent payment request for obtaining funds.
    Repudiation PayPal Customer claims, incorrectly, their account made a payment they did not authorize.
    Disclosure PayPal Private service database has details leaked and made public.
    Denial of Service PayPal Service is made to slow down through creating a load on the network, causing massive build up of requests
    Elevation of Privilege PayPal Bad actor attempts to enter someone else’s account by entering incorrect password a number of times.

    2.2 Document security architecture risks and mitigations

    1. Using STRIDE, attack tree, or any other framework of choice:
    • Conduct a TRA for use cases identified in Phase 1.2
  • For each threat identified through the TRA, think through the implications of using authentication, authorization, and auditing as a security mechanism.
  • Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Dynamic Value Stream Maps

    Output

    • Security Architecture Risks and Mitigations

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Product Owner
    • Security Team
    • Application Architect
    • Integration Architect

    Examples of threat and risk assessments using STRIDE

    Example of using STRIDE for a TRA on a solution using a payment system
    Threat System Component Description Quality Attribute Impacted Resolution
    Spoofing PayPal Bad actor can send fraudulent payment request for obtaining funds. Confidentiality Authorization
    Tampering PayPal Bad actor accesses data base and can resend fraudulent payment request for obtaining funds. Integrity Authorization
    Repudiation PayPal Customer claims, incorrectly, their account made a payment they did not authorize. Integrity Authentication and Logging
    Disclosure PayPal Private service database has details leaked and made public. Confidentiality Authorization
    Denial of Service PayPal Service is made to slow down through creating a load on the network, causing massive build up of requests Availability N/A
    Elevation of Privilege PayPal Bad actor attempts to enter someone else’s account by entering incorrect password a number of times. Confidentiality, Integrity, and Availability Authorization

    Phase 3: Upgrade Your System’s Availability

    Phase 1

    1.1 Articulate an Architectural Vision
    1.2 Develop Dynamic Value Stream Maps
    1.3 Map Value Streams, Use Cases, and Required Architectural Attributes
    1.4 Create a Prioritized List of Architectural Attributes

    Phase 2

    2.1 Develop a Data Architecture That Supports Transactional and Analytical Needs
    2.2 Document Security Architecture Risks and Mitigations

    Phase 3

    3.1 Document Scalability Architecture
    3.2 Document Performance Enhancing Architecture
    3.3 Combine the Different Architecture Design Decisions Into a Unified Solution Architecture

    This phase will walk you through the following activities:

    • Examine architecture for scalable and performant system designs
    • Integrate all design decisions made so far into a solution design decision log

    This phase involves the following participants:

    • Business Architect
    • Product Owner
    • Application Architect
    • Integration Architect
    • Database Architect
    • Enterprise Architect

    Enhance Your Solution Architecture Practice

    In a cloud-inspired system architecture, scalability takes center stage as an architectural concern

    Scale and scope of workloads are more important now than they were, perhaps, a decade and half back. Architects realize that scalability is not an afterthought. Not dealing with it at the outset can have serious consequences should an application workload suddenly exceed expectations.

    Scalability is …

    … the ability of a system to handle varying workloads by either increasing or decreasing the computing resources of the system.

    An increased workload could include:

    • Higher transaction volumes
    • A greater number of users

    Architecting for scalability is …

    … not easy since organizations may not be able to accurately judge, outside of known circumstances, when and why workloads may unexpectedly increase.

    A scalable architecture should be planned at the:

    • Application Level
    • Infrastructure Level
    • Database Level

    The right amount and kind of scalability is …

    … balancing the demands of the system with the supply of attributes.

    If demand from system > supply from system:

    • Services and products are not useable and deny value to customers.

    If supply from system > demand from system:

    • Excess resources have been paid for that are not being used.

    When discussing the scalability needs of a system, investigate the following, at a minimum:

    • In case workloads increase due to higher transaction volumes, will the system be able to cope with the additional stress?
    • In situations where workloads increase, will the system be able to support the additional stress without any major modifications being made to the system?
    • Is the cost associated with handling the increased workloads reasonable for the benefit it provides to the business?
    • Assuming the system doesn’t scale, is there any mechanism for graceful degradation?

    Use evidence-based decision making to ensure a cost-effective yet appropriate scaling strategy

    The best input for an effective scaling strategy is previously gathered traffic data mapped to specific circumstances.

    In some cases, either due to lack of monitoring or the business not being sure of its needs, scalability requirements are hard to determine. In such cases, use stated tactical business objectives to design for scalability. For example, the business might state its desire to achieve a target revenue goal. To accommodate this, a certain number of transactions would need to be conducted, assuming a particular conversion rate.

    Scaling strategies can be based on Vertical or Horizontal expansion of resources.
    Pros Cons
    Vertical
    Scale up through use of more powerful but limited number of resources
    • May not require frequent upgrades.
    • Since data is managed through a limited number of resources, it is easier to share and keep current.
    • Costly upfront.
    • Application, database, and infrastructure may not be able to make optimal use of extra processing power.
    • As the new, more powerful resource is provisioned, systems may experience downtime.
    • Lacks redundancy due to limited points of failure.
    • Performance is constrained by the upper limits of the infrastructure involved.
    Horizontal
    Scale out through use of similarly powered but larger quantity of resources
    • Cost-effective upfront.
    • System downtime is minimal, when scaling is being performed.
    • More redundance and fault-tolerance is possible since there are many nodes involved, and therefore, can replace failed nodes.
    • Performance can scale out as more nodes are added.
    • Upgrades may occur more often than in vertical scaling.
    • Increases machine footprints and administrative costs over time.
    • Data may be partitioned on multiple nodes, leading to administrative and data currency challenges.

    Info-Tech Insight

    • Scalability is the one attribute that sparks a lot of trade-off discussions. Scalable solutions may have to compromise on performance, cost, and data reliability.
    • Horizontal scalability is mostly always preferable over vertical scalability.

    Sidebar

    The many flavors of horizontal scaling

    Traffic Shard-ing

    Through this mechanism, incoming traffic is partitioned around a characteristic of the workload flowing in. Examples of partitioning characteristics are user groups, geo-location, and transaction type.

    Beware of:

    • Lack of data currency across shards.

    Copy and Paste

    As the name suggests, clone the compute resources along with the underlying databases. The systems will use a load balancer as the first point of contact between itself and the workload flowing in.

    Beware of:

    • Though this is a highly scalable model, it does introduce risks related to data currency across all databases.
    • In case master database writes are frequent, it could become a bottleneck for the entire system.

    Productization Through Containers

    This involves breaking up the system into specific functions and services and bundling their business rules/databases into deployable containers.

    Beware of:

    • Too many containers introduce the need to orchestrate the distributed architecture that results from a service-oriented approach.

    Start a scalability overview with a look at the database(s)

    To know where to go, you must know where you are. Before introducing architectural changes to database designs, use the right metrics to get an insight into the root cause of the problem(s).

    In a nutshell, the purpose of scaling solutions is to have the technology stack do less work for the most requested services/features or be able to effectively distribute the additional workload across multiple resources.

    For databases, to ensure this happens, consider these techniques:

    • Reuse data through caching on the server and/or the client. This eliminates the need for looking up already accessed data. Examples of caching are:
      • In-memory caching of data
      • Caching database queries
    • Implement good data retrieval techniques like indexes.
    • Divide labor at the database level.
      • Through setting up primary-secondary distribution of data. In such a setup, the primary node is involved in writing data to itself and passes on requests to secondary nodes for fulfillment.
      • Through setting up database shards (either horizontally or vertically).
        • In a horizontal shard, a data table is broken into smaller pieces with the same data model but unique data in it. The sum total of the shared databases contains all the data in the primary data table.
        • In a vertical shard, a data table is broken into smaller pieces, but each piece may have a subset of the data columns. The data’s corresponding columns are put into the table where the column resides.

    Info-Tech Insight

    A non-scalable architecture has more than just technology-related ramifications. Hoping that load balancers or cloud services will manage scalability-related issues is bound to have economic impacts as well.

    Sidebar

    Caching Options

    CSA PRINCIPLE 5 applies to any decision that supports system scalability.
    “X-ilities Over Features”

    Database Caching
    Fetches and stores result of database queries in memory. Subsequent requests to the database for the same queries will investigate the cache before making a connection with the database.
    Tools like Memcached or Redis are used for database caching.

    Precompute Database Caching
    Unlike database caching, this style of caching precomputes results of queries that are popular and frequently used. For example, a database trigger could execute several predetermined queries and have them ready for consumption. The precomputed results may be stored in a database cache.

    Application Object Caching
    Stores computed results in a cache for later retrieval. For data sources, which are not changing frequently and are part of a computation output, application caching will remove the need to connect with a database.

    Proxy Caching
    Caches retrieved web pages on a proxy server and makes them available for the next time the page is requested.

    The intra- and inter-process communication of the systems middle tier can become a bottleneck

    To synchronize or not to synchronize?

    A synchronous request (doing one thing at a time) means that code execution will wait for the request to be responded to before continuing.

    • A synchronous request is a blocking event and until it is completed, all following requests will have to wait for getting their responses.
    • An increasing workload on a synchronous system may impact performance.
    • Synchronous interactions are less costly in terms of design, implementation, and maintenance.
    • Scaling options include:
    1. Vertical scale up
    2. Horizontal scale out of application servers behind a load balancer and a caching technique (to minimize data retrieval roundtrips)
    3. Horizonal scale out of database servers with data partitioning and/or data caching technique

    Use synchronous requests when…

    • Each request to a system sets the necessary precondition for a following request.
    • Data reliability is important, especially in real-time systems.
    • System flows are simple.
    • Tasks that are typically time consuming, such as I/O, data access, pre-loading of assets, are completed quickly.

    Asynchronous requests (doing many things at the same time) do not block the system they are targeting.

    • It is a “fire and forget” mechanism.
    • Execution on a server/processor is triggered by the request, however, additional technical components (callbacks) for checking the state of the execution must be designed and implemented.
    • Asynchronous interactions require additional time to be spent on implementation and testing.
    • With asynchronous interactions, there is no guarantee the request initiated any processing until the callbacks check the status of the executed thread.

    Use asynchronous requests when…

    • Tasks are independent in nature and don’t require inter-task communication.
    • Systems flows need to be efficient.
    • The system is using event-driven techniques for processing.
    • Many I/O tasks are involved.
    • The tasks are long running.

    Sidebar

    Other architectural tactics for inter-process communication

    STATELESS SERVICES VERSUS STATEFUL SERVICES
    • Does not require any additional data, apart from the bits sent through with the request.
    • Without implementing a caching solution, it is impossible to access the previous data trail for a transaction session.
    • In addition to the data sent through with the request, require previous data sent to complete processing.
    • Requires server memory to store the additional state data. With increasing workloads, this could start impacting the server’s performance.
    It is generally accepted that stateless services are better for system scalability, especially if vertical scaling is costly and there is expectation that workloads will increase.
    MICROSERVICES VERSUS SERVERLESS FUNCTIONS
    • Services are designed as small units of code with a single responsibility and are available on demand.
    • A microservices architecture is easily scaled horizontally by adding a load balancer and a caching mechanism.
    • Like microservices, these are small pieces of code designed to fulfill a single purpose.
    • Are provided only through cloud vendors, and therefore, there is no need to worry about provisioning of infrastructure as needs increase.
    • Stateless by design but the life cycle of a serverless function is vendor controlled.
    Serverless function is an evolving technology and tightly controlled by the vendor. As and when vendors make changes to their serverless products, your own systems may need to be modified to make the best use of these upgrades.

    A team that does not measure their system’s scalability is a team bound to get a 5xx HTTP response code

    A critical aspect of any system is its ability to monitor and report on its operational outcomes.

    • Using the principle of continuous testing, every time an architectural change is introduced, a thorough load and stress testing cycle should be executed.
    • Effective logging and use of insightful metrics helps system design teams make data-driven decisions.
    • Using principle of site reliability engineering and predictive analytics, teams can be prepared for any unplanned exaggerated stimulus on the system and proactively set up remedial steps.

    Any system, however well architected, will break one day. Strategically place kill-switches to counter any failures and thoroughly test their functioning before releasing to production.

    • Using Principles 2 and 9 of the CSA, (include kill-switches and architect for x-ilities over features), introduce tactics at the code and higher levels that can be used to put a system in its previous best state in case of failure.
    • Examples of such tactics are:
      • Feature flags for turning on/off code modules that impact x-ilities.
      • Implement design patterns like throttling, autoscaling, and circuit breaking.
      • Writing extensive log messages that bubble up as exceptions/error handling from the code base. *Logging can be a performance drag. Use with caution as even logging code is still code that needs CPU and data storage.

    Performance is a system’s ability to satisfy time-bound expectations

    Performance can also be defined as the ability for a system to achieve its timing requirements, using available resources, under expected full-peak load:

    (International Organization for Standardization, 2011)

    • Performance and scalability are two peas in a pod. They are related to each other but are distinct attributes. Where scalability refers to the ability of a system to initiate multiple simultaneous processes, performance is the system’s ability to complete the processes within a mandated average time period.
    • Degrading performance is one of the first red flags about a system’s ability to scale up to workload demands.
    • Mitigation tactics for performance are very similar to the tactics for scalability.

    System performance needs to be monitored and measured consistently.

    Measurement Category 1: System performance in terms of end-user experience during different load scenarios.

    • Response time/latency: Length of time it takes for an interaction with the system to complete.
    • Turnaround time: Time taken to complete a batch of tasks.
    • Throughput: Amount of workload a system is capable of handling in a unit time period.

    Measurement Category 2: System performance in terms of load managed by computational resources.

    • Resource utilization: The average usage of a resource (like CPU) over a period. Peaks and troughs indicate excess vs. normal load times.
    • Number of concurrent connections: Simultaneous user requests that a resource like a server can successfully deal with at once.
    • Queue time: The turnaround time for a specific interaction or category of interactions to complete.

    Architectural tactics for performance management are the same as those used for system scalability

    Application Layer

    • Using a balanced approach that combines CSA Principle 7 (Good architecture comes in small packages) and Principle 10 (Architect for products, not projects), a microservices architecture based on domain-driven design helps process performance. Microservices use lightweight HTTP protocols and have loose coupling, adding a degree of resilience to the system as well. *An overly-engineered microservices architecture can become an orchestration challenge.
    • The code design must follow standards that support performance. Example of standards is SOLID*.
    • Serverless architectures can run application code from anywhere – for example, from edge servers close to an end user – thereby reducing latency.

    Database Layer

    • Using the right database technologies for persistence. Relational databases have implicit performance bottlenecks (which get exaggerated as data size grows along with indexes), and document store database technologies (key-value or wide-column) can improve performance in high-read environments.
    • Data sources, especially those that are frequently accessed, should ideally be located close to the application servers. Hybrid infrastructures (cloud and on premises mixed) can lead to latency when a cloud-application is accessing on-premises data.
    • Using a data partitioning strategy, especially in a domain-driven design architecture, can improve the performance of a system.

    Performance modeling and continuous testing makes the SRE a happy engineer

    Performance modeling and testing helps architecture teams predict performance risks as the solution is being developed.
    (CSA Principle 12: Test the solution architecture like you test your solution’s features)

    Create a model for your system’s hypothetical performance testing by breaking an end-to-end process or use case into its components. *Use the SIPOC framework for decomposition.

    This image contains an example of modeled performance, showing the latency in the data flowing from different data sources to the processing of the data.

    In the hypothetical example of modeled performance above:

    • The longest period of latency is 15ms.
    • The processing of data takes 30ms, while the baseline was established at 25ms.
    • Average latency in sending back user responses is 21ms – 13ms slower than expected.

    The model helps architects:

    • Get evidence for their assumptions
    • Quantitatively isolate bottlenecks at a granular level

    Model the performance flow once but test it periodically

    Performance testing measures the performance of a software system under normal and abnormal loads.

    Performance testing process should be fully integrated with software development activities and as automated as possible. In a fast-moving Agile environment, teams should attempt to:

    • Shift-left performance testing activities.
    • Use performance testing to pinpoint performance bottlenecks.
    • Take corrective action, as quickly as possible.

    Performance testing techniques

    • Normal load testing: Verifies the system’s behavior under the expected normal load to ensure that its performance requirements are met. Load testing can be used to measure response time, responsiveness, turnaround time, and throughput.
    • Expected maximum load testing: Like the normal load testing process, ensures system meets its performance requirements under expected maximum load.
    • Stress testing: Evaluates system behavior when processing loads beyond the expected maximum.

    *In a real production scenario, a combination of these tests are executed on a regular basis to monitor the performance of the system over a given period.

    3.1-3.2 Discuss and document initial decisions made for architecture scalability and performance

    1. Use the outcomes from either or both Phases 1.3 and 1.4.
    • For each value stream component, list the architecture decisions taken to ensure scalability and performance at client-facing and/or business-rule layers.

    Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Output From Phase 1.3 and/or From Phase 1.4

    Output

    • Initial Set of Design Decisions Made for System Scalability and Performance

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Example: Architecture decisions for scalability and performance

    Value Stream Component Design Decision for User Interface Layer Design Decisions for Middle Processing Layer
    Loan Application Scalability: N/A
    Resilience: Include circuit breaker design in both mobile app and responsive websites.
    Performance: Cache data client.
    Scalability: Scale vertically (up) since loan application processing is very compute intensive.
    Resilience: Set up fail-over replica.
    Performance: Keep servers in the same geo-area.
    Disbursement of Funds *Does not have a user interface Scalability: Scale horizontal when traffic reaches X requests/second.
    Resilience: Create microservices using domain-driven design; include circuit breakers.
    Performance: Set up application cache; synchronous communication since order of data input is important.
    …. …. ….

    3.3 Combine the different architecture design decisions into a unified solution architecture

    Download the Solution Architecture Template for documenting data architecture decisions.

    Input

    • Output From Phase 1.3 and/or From Phase 1.4
    • Output From Phase 2.1
    • Output From Phase 2.2
    • Output From 3.1 and 3.2

    Output

    • List of Design Decisions for the Solution

    Materials

    • Whiteboard/Flip Charts

    Participants

    • Business Architect
    • Application Architect
    • Integration Architect
    • Database Architect
    • Infrastructure Architect

    Putting it all together is the bow that finally ties this gift

    This blueprint covered the domains tagged with the yellow star.

    This image contains a screenshot of the solution architecture framework found earlier in this blueprint, with stars next to Data Architecture, Security, Performance, and Stability.

    TRADEOFF ALERT

    The right design decision is never the same for all perspectives. Along with varying opinions, comes the “at odds with each other set” of needs (scalability vs. performance, or access vs. security).

    An evidence-based decision-making approach using a domain-driven design strategy is a good mix of techniques for creating the best (right?) solution architecture.

    This image contains a screenshot of a table that summarizes the themes discussed in this blueprint.

    Summary of accomplishment

    • Gained understanding and clarification of the stakeholder objectives placed on your application architecture.
    • Completed detailed use cases and persona-driven scenario analysis and their architectural needs through SRME.
    • Created a set of design decisions for data, security, scalability, and performance.
    • Merged the different architecture domains dealt with in this blueprint to create a holistic view.

    Bibliography

    Ambysoft Inc. “UML 2 Sequence Diagrams: An Agile Introduction.” Agile Modeling, n.d. Web.

    Bass, Len, Paul Clements, and Rick Kazman. Software Architecture in Practices: Third Edition. Pearson Education, Inc. 2003.

    Eeles, Peter. “The benefits of software architecting.” IBM: developerWorks, 15 May 2006. Web.

    Flexera 2020 State of the Cloud Report. Flexera, 2020. Web. 19 October 2021.

    Furdik, Karol, Gabriel Lukac, Tomas Sabol, and Peter Kostelnik. “The Network Architecture Designed for an Adaptable IoT-based Smart Office Solution.” International Journal of Computer Networks and Communications Security, November 2013. Web.

    Ganzinger, Matthias, and Petra Knaup. “Requirements for data integration platforms in biomedical research networks: a reference model.” PeerJ, 5 February 2015. (https://peerj.com/articles/755/).

    Garlan, David, and Mary Shaw. An Introduction to Software Architecture. CMU-CS-94-166, School of Computer Science Carnegie Mellon University, January 1994.

    Gupta, Arun. “Microservice Design Patterns.” Java Code Geeks, 14 April 2015. Web.

    How, Matt. The Modern Data Warehouse in Azure. O’Reilly, 2020.

    ISO/IEC 17788:2014: Information technology – Cloud computing, International Organization for Standardization, October 2014. Web.

    ISO/IEC 18384-1:2016: Information technology – Reference Architecture for Service Oriented Architecture (SOA RA), International Organization for Standardization, June 2016. Web.

    ISO/IEC 25010:2011(en) Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — System and software quality models. International Organization for Standardization, March 2011. Web.

    Kazman, R., M. Klein, and P. Clements. ATAM: Method for Architecture Evaluation. S Carnegie Mellon University, August 2000. Web.

    Microsoft Developer Network. “Chapter 16: Quality Attributes.” Microsoft Application Architecture Guide. 2nd Ed., 13 January 2010. Web.

    Microsoft Developer Network. “Chapter 2: Key Principles of Software Architecture.” Microsoft Application Architecture Guide. 2nd Ed., 13 January 2010. Web.

    Microsoft Developer Network. “Chapter 3: Architectural Patterns and Styles.” Microsoft Application Architecture Guide. 2nd Ed., 14 January 2010. Web.

    Microsoft Developer Network. “Chapter 5: Layered Application Guidelines.” Microsoft Application Architecture Guide. 2nd Ed., 13 January 2010. Web.

    Mirakhorli, Mehdi. “Common Architecture Weakness Enumeration (CAWE).” IEEE Software, 2016. Web.

    Moore, G. A. Crossing the Chasm, 3rd Edition: Marketing and Selling Disruptive Products to Mainstream Customers (Collins Business Essentials) (3rd ed.). Harper Business, 2014.

    OASIS. “Oasis SOA Reference Model (SOA RM) TC.” OASIS Open, n.d. Web.

    Soni, Mukesh. “Defect Prevention: Reducing Costs and Enhancing Quality.” iSixSigma, n.d. Web.

    The Open Group. TOGAF 8.1.1 Online, Part IV: Resource Base, Developing Architecture Views. TOGAF, 2006. Web.

    The Open Group. Welcome to the TOGAF® Standard, Version 9.2, a standard of The Open Group. TOGAF, 2018. Web.

    Watts, S. “The importance of solid design principles.” BMC Blogs, 15 June 2020. 19 October 2021.

    Young, Charles. “Hexagonal Architecture–The Great Reconciler?” Geeks with Blogs, 20 Dec 2014. Web.

    APPENDIX A

    Techniques to enhance application architecture.

    Consider the numerous solutions to address architecture issues or how they will impact your application architecture

    Many solutions exist for improving the layers of the application stack that may address architecture issues or impact your current architecture. Solutions range from capability changes to full stack replacement.

    Method Description Potential Benefits Risks Related Blueprints
    Business Capabilities:
    Enablement and enhancement
    • Introduce new business capabilities by leveraging unused application functionalities or consolidate redundant business capabilities.
    • Increase value delivery to stakeholders.
    • Lower IT costs through elimination of applications.
    • Increased use of an application could overload current infrastructure.
    • IT cannot authorize business capability changes.
    Use Info-Tech’s Document Your Business Architecture blueprint to gain better understanding of business and IT alignment.
    Removal
    • Remove existing business capabilities that don’t contribute value to the business.
    • Lower operational costs through elimination of unused and irrelevant capabilities.
    • Business capabilities may be seen as relevant or critical by different stakeholder groups.
    • IT cannot authorize business capability changes.
    Use Info-Tech’s Build an Application Rationalization Framework to rationalize your application portfolio.
    Business Process:
    Process integration and consolidation
    • Combine multiple business processes into a single process.
    • Improved utilization of applications in each step of the process.
    • Reduce business costs through efficient business processes.
    • Minimize number of applications required to execute a single process.
    • Significant business disruption if an application goes down and is the primary support for business processes.
    • Organizational pushback if process integration involves multiple business groups.
    Business Process (continued):
    Process automation
    • Automate manual business processing tasks.
    • Reduce manual processing errors.
    • Improve speed of delivery.
    • Significant costs to implement automation.
    • Automation payoffs are not immediate.
    Lean business processes
    • Eliminate redundant steps.
    • Streamline existing processes by focusing on value-driven steps.
    • Improve efficiency of business process through removal of wasteful steps.
    • Increase value delivered at the end of the process.
    • Stakeholder pushback from consistently changing processes.
    • Investment from business is required to fit documentation to the process.
    Outsource the process
    • Outsource a portion of or the entire business process to a third party.
    • Leverage unavailable resources and skills to execute the business process.
    • Loss of control over process.
    • Can be costly to bring the process back into the business if desired in the future.
    Business Process (continued):
    Standardization
    • Implement standards for business processes to improve uniformity and reusability.
    • Consistently apply the same process across multiple business units.
    • Transparency of what is expected from the process.
    • Improve predictability of process execution.
    • Process bottlenecks may occur if a single group is required to sign off on deliverables.
    • Lack of enforcement and maintenance of standards can lead to chaos if left unchecked.
    User Interface:
    Improve user experience (UX)
    • Eliminate end-user emotional, mechanical, and functional friction by improving the experience of using the application.
    • UX encompasses both the interface and the user’s behavior.
    • Increase satisfaction and adoption rate from end users.
    • Increase brand awareness and user retention.
    • UX optimizations are only focused on a few user personas.
    • Current development processes do not accommodate UX assessments
    Code:
    Update coding language
    Translate legacy code into modern coding language.
    • Coding errors in modern languages can have lesser impact on the business processes they support.
    • Modern languages tend to have larger pools of coders to hire.
    • Increase availability of tools to support modern languages.
    • Coding language changes can create incompatibilities with existing infrastructure.
    • Existing coding translation tools do not offer 100% guarantee of legacy function retention.
    Code (continued):
    Open source code
    • Download pre-built code freely available in open source communities.
    • Code is rapidly evolving in the community to meet current business needs.
    • Avoid vendor lock-in from proprietary software
    • Community rules may require divulgence of work done with open source code.
    • Support is primarily provided through community, which may not address specific concerns.
    Update the development toolchain
    • Acquire new or optimize development tools with increased testing, build, and deployment capabilities.
    • Increase developer productivity.
    • Increase speed of delivery and test coverage with automation.
    • Drastic IT overhauls required to implement new tools such as code conversion, data migration, and development process revisions.
    Update source code management
    • Optimize source code management to improve coding governance, versioning, and development collaboration.
    • Ability to easily roll back to previous build versions and promote code to other environments.
    • Enable multi-user development capabilities.
    • Improve conflict management.
    • Some source code management tools cannot support legacy code.
    • Source code management tools may be incompatible with existing development toolchain.
    Data:
    Outsource extraction
    • Outsource your data analysis and extraction to a third party.
    • Lower costs to extract and mine data.
    • Leverage unavailable resources and skills to translate mined data to a usable form.
    • Data security risks associated with off-location storage.
    • Data access and control risks associated with a third party.
    Update data structure
    • Update your data elements, types (e.g. transactional, big data), and formats (e.g. table columns).
    • Standardize on a common data definition throughout the entire organization.
    • Ease data cleansing, mining, analysis, extraction, and management activities.
    • New data structures may be incompatible with other applications.
    • Implementing data management improvements may be costly and difficult to acquire stakeholder buy-in.
    Update data mining and data warehousing tools
    • Optimize how data is extracted and stored.
    • Increase the speed and reliability of the data mined.
    • Perform complex analysis with modern data mining and data warehousing tools.
    • Data warehouses are regularly updated with the latest data.
    • Updating data mining and warehousing tools may create incompatibilities with existing infrastructure and data sets.
    Integration:
    Move from point-to-point to enterprise service bus (ESB)
    • Change your application integration approach from point-to-point to an ESB.
    • Increase the scalability of enterprise services by exposing applications to a centralized middleware.
    • Reduce the number of integration tests to complete with an ESB.
    • Single point of failure can cripple the entire system.
    • Security threats arising from centralized communication node.
    Leverage API integration
    • Leverage application programming interfaces (APIs) to integrate applications.
    • Quicker and more frequent transfers of lightweight data compared to extract, load, transfer (ETL) practices.
    • Increase integration opportunities with other modern applications and infrastructure (including mobile devices).
    • APIs are not as efficient as ETL when handling large data sets.
    • Changing APIs can break compatibility between applications if not versioned properly.

    Assess Your Cybersecurity Insurance Policy

    • Buy Link or Shortcode: {j2store}255|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $33,656 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Organizations must adapt their information security programs to accommodate insurance requirements.
    • Organizations need to reduce insurance costs.
    • Some organizations must find alternatives to cyber insurance.

    Our Advice

    Critical Insight

    • Shopping for insurance policies is not step one.
    • First and foremost, we must determine what the organization is at risk for and how much it would cost to recover.
    • The cyber insurance market is still evolving. As insurance requirements change, effectively managing cyber insurance requires that your organization proactively manages risk.

    Impact and Result

    Perform an insurance policy comparison with scores based on policy coverage and exclusions.

    Assess Your Cybersecurity Insurance Policy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Your Cybersecurity Insurance Policy Storyboard - A step-by-step document that walks you through how to acquire cyber insurance, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Use this blueprint to score your potential cyber insurance policies and develop skills to overcome common insurance pitfalls.

    • Assess Your Cybersecurity Insurance Policy Storyboard

    2. Acquire cyber insurance with confidence – Learn the essentials of the requirements gathering, policy procurement, and review processes.

    Use these tools to gather cyber insurance requirements, prepare for the underwriting process, and compare policies.

    • Threat and Risk Assessment Tool
    • DRP Business Impact Analysis Tool
    • Legacy DRP Business Impact Analysis Tool
    • DRP BIA Scoring Context Example
    • Cyber Insurance Policy Comparison Tool
    • Cyber Insurance Controls Checklist

    Infographic

    z-Series Modernization and Migration

    • Buy Link or Shortcode: {j2store}114|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    Under the best of circumstances, mainframe systems are complex, expensive, and difficult to scale. In today’s world, applications written for mainframe legacy systems also present significant operational challenges to customers compounded by the dwindling pool of engineers who specialize in these outdated technologies. Many organizations want to migrate their legacy applications to the cloud but to do so they need to go through a lengthy migration process that is made more challenging by the complexity of mainframe applications.

    Our Advice

    Critical Insight

    The most common tactic is for the organization to better realize their z/Series options and adopt a strategy built on complexity and workload understanding. To make the evident, obvious, the options here for the non-commodity are not as broad as with commodity server platforms and the mainframe is arguably the most widely used and complex non-commodity platform on the market.

    Impact and Result

    This research will help you:

    • Evaluate the future viability of this platform.
    • Assess the fit and purpose, and determine TCO
    • Develop strategies for overcoming potential challenges.
    • Determine the future of this platform for your organization.

    z/Series Modernization and Migration Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. z/Series Modernization and Migration Guide – A brief deck that outlines key migration options and considerations for the z/Series platform.

    This blueprint will help you assess the fit, purpose, and price; develop strategies for overcoming potential challenges; and determine the future of z/Series for your organization.

    • z/Series Modernization and Migration Storyboard

    2. Scale Up vs. Scale Out TCO Tool – A tool that provides organizations with a framework for TCO.

    Use this tool to play with the pre-populated values or insert your own amounts to compare possible database decisions, and determine the TCO of each. Note that common assumptions can often be false; for example, open-source Cassandra running on many inexpensive commodity servers can actually have a higher TCO over six years than a Cassandra environment running on a larger single expensive piece of hardware. Therefore, calculating TCO is an essential part of the database decision process.

    • Scale Up vs. Scale Out TCO Tool
    [infographic]

    Further reading

    z/Series Modernization and Migration

    The biggest migration is yet to come.

    Executive Summary

    Info-Tech Insight

    “A number of market conditions have coalesced in a way that is increasingly driving existing mainframe customers to consider running their application workloads on alternative platforms. In 2020, the World Economic Forum noted that 42% of core skills required to perform existing jobs are expected to change by 2022, and that more than 1 billion workers need to be reskilled by 2030.” – Dale Vecchio

    Your Challenge

    It seems like anytime there’s a new CIO who is not from the mainframe world there is immediate pressure to get off this platform. However, just as there is a high financial commitment required to stay on System Z, moving off is risky and potentially more costly. You need to truly understand the scale and complexity ahead of the organization.

    Common Obstacles

    Under the best of circumstances, mainframe systems are complex, expensive, and difficult to scale. In today’s world, applications written for mainframe legacy systems also present significant operational challenges to customers compounded by the dwindling pool of engineers who specialize in these outdated technologies. Many organizations want to migrate their legacy applications to the cloud, but to do so they need to go through a lengthy migration process that is made more challenging by the complexity of mainframe applications.

    Info-Tech Approach

    The most common tactic is for the organization to better realize its z/Series options and adopt a strategy built on complexity and workload understanding. To make the evident, obvious: the options here for the non-commodity are not as broad as with commodity server platforms and the mainframe is arguably the most widely used and complex non-commodity platform on the market.

    Review

    We help IT leaders make the most of their z/Series environment

    Problem statement:

    The z/Series remains a vital platform for many businesses and continues to deliver exceptional reliability and performance and play a key role in the enterprise. With the limited and aging resources at hand, CIOs and the like must continually review and understand their migration path with the same regard as any other distributed system roadmap.

    This research is designed for:

    IT strategic direction decision makers.

    IT managers responsible for an existing z/Series platform.

    Organizations evaluating platforms for mission critical applications.

    This research will help you:

    1. Evaluate the future viability of this platform.
    2. Assess the fit and purpose, and determine TCO.
    3. Develop strategies for overcoming potential challenges.
    4. Determine the future of this platform for your organization.

    Analyst Perspective

    Good Luck.

    Darin Stahl.

    Modernize the mainframe … here we go again.

    Prior to 2020, most organizations were muddling around in “year eleven of the four-year plan” to exit the mainframe platform where a medium-term commitment to the platform existed. Since 2020, it appears the appetite for the mainframe platform changed. Again. Discussions mostly seem to be about what the options are beyond hardware outsourcing or re-platforming to “cloud” migration of workloads – mostly planning and strategy topics. A word of caution: it would appear unwise to stand in front of the exit door for fear of being trampled.

    Hardware expirations between now and 2025 are motivating hosting deployments. Others are in migration activities, and some have already decommissioned and migrated but now are trying to rehab the operations team now lacking direction and/or structure.

    There is little doubt that modernization and “digital transformation” trends will drive more exit traffic, so IT leaders who are still under pressure to get off the platform need to assess their options and decide. Being in a state of perpetually planning to get off the mainframe handcuffs your ability to invest in the mainframe, address deficiencies, and improve cost-effectiveness.

    Darin Stahl
    Principal Research Advisor, Infrastructure & Operations Research
    Info-Tech Research Group

    The mainframe “fidget spinner”

    Thinking of modernizing your mainframe can cause you angst so grab a fidget spinner and relax because we have you covered!

    External Business Pressures:

    • Digital transformation
    • Modernization programs
    • Compliance and regulations
    • TCO

    Internal Considerations:

    • Reinvest
    • Migrate to a new platform
    • Evaluate public and vendor cloud alternatives
    • Hosting versus infrastructure outsourcing

    Info-Tech Insight

    With multiple control points to be addressed, care must be taken to simplify your options while addressing all concerns to ease operational load.

    The analyst call review

    “Who has Darin talked with?” – Troy Cheeseman

    Dating back to 2011, Darin Stahl has been the primary z/Series subject matter expert within the Infrastructure & Operations Research team. Below represents the percentage of calls, per industry, where z/Series advisory has been provided by Darin*:

    37% - State Government

    19% - Insurance

    11% - Municipality

    8% - Federal Government

    8% - Financial Services

    5% - Higher Education

    3% - Retail

    3% - Hospitality/Resort

    3% - Logistics and Transportation

    3% - Utility

    Based on the Info-Tech call history, there is a consistent cross section of industry members who not only rely upon the mainframe but are also considering migration options.

    Note:

    Of course, this only represents industries who are Info-Tech members and who called for advisory services about the mainframe.

    There may well be more Info-Tech members with mainframes who have no topic to discuss with us about the mainframe specifically. Why do we mention this?

    We caution against suggesting things like, ”somewhat less than 50% of mainframes live in state data centers” or any other extrapolated inference from this data.

    Our viewpoint and discussion is based on the cases and the calls that we have taken over the years.

    *37+ enterprise calls were reviewed and sampled.

    Scale out versus scale up

    For most workloads “scale out" (e.g. virtualized cloud or IaaS ) is going to provide obvious and quantifiable benefits.

    However, with some workloads (extremely large analytics or batch processing ) a "scale up" approach is more optimal. But the scale up is really limited to very specific workloads. Despite some assumptions, the gains made when moving from scale up to scale out are not linear.

    Obviously, when you scale out from a performance perspective you experience a drop in what a single unit of compute can do. Additionally, there will be latency introduced in the form of network overhead, transactions, and replication into operations that were previously done just bypassing object references within a single frame.

    Some applications or use cases will have to be architected or written differently (thinking about the high-demand analytic workloads at large scale). Remember the “grid computing” craze that hit us during the early part of this century? It was advantageous for many to distribute work across a grid of computing devices for applications but the advantage gained was contingent on the workload able to be parsed out as work units and then pulled back together through the application.

    There can be some interesting and negative consequences for analytics or batch operations in a large scale as mentioned above. Bottom line, as experienced previously with Microfocus mainframe ports to x86, the batch operations simply take much longer to complete.

    Big Data Considerations*:

    • Value: Data has no inherent value until it’s used to solve a business problem.
    • Variety: The type of data being produced is increasingly diverse and ranges from email and social media to geo-spatial and photographic data. This data may be difficult to process using a structured data model.
    • Volume: The sheer size of the datasets is growing exponentially, often ranging from terabytes to petabytes. This is complicating traditional data management strategies.
    • Velocity: The increasing speed at which data is being collected and processed is also causing complications. Big data is often time sensitive and needs to be captured in real time as it is streaming into the enterprise.

    *Build a Strategy for Big Data Platforms

    Consider your resourcing

    Below is a summary of concerns regarding core mainframe skills:

    1. System Management (System Programmers): This is the most critical and hard-to-replace skill since it requires in-depth low-level knowledge of the mainframe (e.g. at the MVS level). These are skills that are generally not taught anymore, so there is a limited pool of experienced system programmers.
    2. Information Management System (IMS) Specialists: Requires a combination of mainframe knowledge and data analysis skills, which makes this a rare skill set. This is becoming more critical as business intelligence takes on an ever-increasing focus in most organizations.
    3. Application Development: The primary concern here is a shortage of developers skilled in older languages such as COBOL. It should be noted that this is an application issue; for example, this is not solved by migrating off mainframes.
    4. Mainframe Operators: This is an easier skill set to learn, and there are several courses and training programs available. An IT person new to mainframes could learn this position in about six weeks of on-the-job training.
    5. DB2 Administration: Advances in database technology have simplified administration (not just for DB2 but also other database products). As a result, as with mainframe operators, this is a skill set that can be learned in a short period of time on the job.

    The Challenge

    An aging workforce, specialized skills, and high salary expectations

    • Mainframe specialists, such as system programmers and IMS specialists, are typically over 50, have a unique skill set, and are tasked with running mission-critical systems.

    The In-House Solution:

    Build your mentorship program to create a viable succession plan

    • Get your money’s worth out of your experienced staff by having them train others.
    • Operator skills take about six weeks to learn. However, it takes about two years before a system programmer trainee can become fully independent. This is similar to the learning curve for other platforms; however, this is a more critical issue for mainframes since organizations have far fewer mainframe specialists to fall back on when senior staff retire or move on.

    Understand your options

    Migrate to another platform

    Use a hosting provider

    Outsource

    Re-platform (cloud/vendors)

    Reinvest

    There are several challenges to overcome in a migration project, from finding an appropriate alternative platform to rewriting legacy code. Many organizations have incurred huge costs in the attempt, only to be unsuccessful in the end, so make this decision carefully.

    Organizations often have highly sensitive data on their mainframes (e.g. financial data), so many of these organizations are reluctant to have this data live outside of their four walls. However, the convenience of using a hosting provider makes this an attractive option to consider.

    The most common tactic is for the organization to adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house.

    A customer can “re-platform” the non-commodity workload into public cloud offerings or in a few offerings
    “re-host.”

    If you’re staying with the mainframe and keeping it in-house, it’s important to continue to invest in this platform, keep it current, and look for opportunities to optimize its value.

    Migrate

    Having perpetual plans to migrate handcuffs your ability to invest in your mainframe, extend its value, and improve cost effectiveness.

    If this sounds like your organization, it’s time to do the analysis so you can decide and get clarity on the future of the mainframe in your organization.

    1. Identify current performance, availability, and security requirements. Assess alternatives based on this criteria.
    2. Review and use Info-Tech’s Mainframe TCO Comparison Tool to compare mainframe costs to the potential alternative platform.
    3. Assess the business risks and benefits. Can the alternative deliver the same performance, reliability, and security? If not, what are the risks? What do you gain by migrating?
    4. If migration is still a go, evaluate the following:
    • Do you have the expertise or a reliable third party to perform the migration, including code rewrites?
    • How long will the migration take? Can the business function effectively during this transition period?
    • How much will the migration cost? Is the value you expect to gain worth the expense?

    *3 of the top 4 challenges related to shortfalls of alternative platforms

    The image contains a bar graph that demonstrates challenges related to shortfalls of alternative platforms.

    *Source: Maximize the Value of IBM Mainframes in My Business

    Hosting

    Using a hosting provider is typically more cost-effective than running your mainframe in-house.

    Potential for reduced costs

    • Hosting enables you to reduce or eliminate your mainframe staff.
    • Economies of scale enable hosting providers to reduce software licensing costs. They also have more buying power to negotiate better terms.
    • Power and cooling costs are also transferred to the hosting provider.

    Reliable infrastructure and experienced staff

    • A quality hosting provider will have 24/7 monitoring, full redundancy, and proven disaster recovery capabilities.
    • The hosting provider will also have a larger mainframe staff, so they don’t have the same risk of suddenly being without those advanced critical skills.

    So, what are the risks?

    • A transition to a hosting provider usually means eliminating or significantly reducing your in-house mainframe staff. With that loss of in-house expertise, it will be next to impossible to bring the mainframe back in-house, and you become highly dependent on your hosting provider.

    Outsourcing

    The most common tactic is for the organization to adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house.

    The options here for the non-commodity (z/Series, IBM Power platforms, for example) are not as broad as with commodity server platforms. More confusingly, the term “outsourcing” for these can include:

    Traditional/Colocation – A customer transitions their hardware environment to a provider’s data center. The provider can then manage the hardware and “system.”

    Onsite Outsourcing – Here a provider will support the hardware/system environment at the client’s site. The provider may acquire the customer’s hardware and provide software licenses. This could also include hiring or “rebadging” staff supporting the platform. This type of arrangement is typically part of a larger services or application transformation. While low risk, it is not as cost-effective as other deployment models.

    Managed Hosting – A customer transitions their legacy application environment to an off-prem hosted multi-tenanted environment. It will provide the most cost savings following the transition, stabilization, and disposal of existing environment. Some providers will provide software licensing, and some will also support “Bring Your Own,” as permitted by IBM terms for example.

    Info-Tech Insight

    Technical debt for non-commodity platforms isn’t only hardware based. Moving an application written for the mainframe onto a “cheaper” hardware platform (or outsourced deployment) leaves the more critical problems and frequently introduces a raft of new ones.

    Re-platform – z/Series COBOL Cloud

    Re-platforming is not trivial.

    While the majority of the coded functionality (JCLs, programs, etc.) migrate easily, there will be a need to re-code or re-write objects – especially if any object, code, or location references are not exactly the same in the new environment.

    Micro Focus has solid experience in this but if consider it within the context of an 80/20 rule (the actual metrics might be much better than that), meaning that some level of rework would have to be accomplished as an overhead to the exercise.

    Build that thought into your thinking and business case.

    AWS Cloud

    • Astadia (an AWS Partner) is re-platforming mainframe workloads to AWS. With its approach you reuse the original application source code and data to AWS services. Consider reviewing Amazon’s “Migrating a Mainframe to AWS in 5 Steps.”

    Azure Cloud

    Micro Focus COBOL (Visual COBOL)

    • Micro Focus' Visual COBOL also supports running COBOL in Docker containers and managing and orchestrating the containers with Kubernetes. I personally cannot imagine what sort of drunken bender decision would lead me to move COBOL into Docker and then use Kubernetes to run in GCP but there you are...if that's your Jam you can do it.

    Re-platform – z/Series (Non-COBOL)

    But what if it's not COBOL?

    Yeah, a complication for this situation is the legacy code.

    While re-platforming/re-hosting non-COBOL code is not new, we have not had many member observations compared to the re-platforming/re-hosting of COBOL functionality initiatives.

    That being said, there are a couple of interesting opportunities to explore.

    NTT Data Services (GLOBAL)

    • Most intriguing is the re-hosting of a mainframe environment into AWS. Not sure if the AWS target supports NATURAL codebase; it does reference Adabas however (Re-Hosting Mainframe Applications to AWS with NTT DATA Services). Nevertheless, NTT has supported re-platforming and NATURAL codebase environments previously.

    ModernSystems (or ModSys) has relevant experience.

    • ModSys is the resulting entity following a merger between BluePhoenix and ATERAS a number of years ago. ATERAS is the entity I find references to within my “wayback machine” for member discussions. There are also a number of published case studies still searchable about ATERAS’ successful re-platforming engagements, including the California Public Employees Retirement System (CalPERS) most famously after the Accenture project to rewrite it failed.

    ATOS, as a hosting vendor mostly referenced by customers with global locations in a short-term transition posture, could be an option.

    Lastly, the other Managed Services vendors with NATURAL and Adabas capabilities:

    Reinvest

    By contrast, reducing the use of your mainframe makes it less cost-effective and more challenging to retain in-house expertise.

    • For organizations that have migrated applications off the mainframe (at least partly to reduce dependency on the platform), inevitably there remains a core set of mission critical applications that cannot be moved off for reasons described on the “Migrate” slide. This is when the mainframe becomes a costly burden:
      • TCO is relatively high due to low utilization.
      • In-house expertise declines as workload declines and current staffing allocations become harder to justify.
    • Organizations that are instead adding capacity and finding new ways to use this platform have lower cost concerns and resourcing challenges. The charts below illustrate this correlation. While some capacity growth is due to normal business growth, some is also due to new workloads, and it reflects an ongoing commitment to the platform.

    *92% of organizations that added capacity said TCO is lower than for commodity servers (compared to 50% of those who did not add capacity)

    *63% of organizations that added capacity said finding resources is not very difficult (compared to 42% of those who did not add capacity)

    The image contains a bar graph as described in the above text. The image contains a bar graph as described in the above text.

    *Maximize the Value of IBM Mainframes in My Business

    An important thought about data migration

    Mainframe data migrations – “VSAM, IMS, etc.”

    • While the application will be replaced and re-platformed, there is the historical VIN data remaining in the VSAM files and access via the application. The challenge is that a bulk conversion can add upfront costs and delay the re-platforming of the application functionality. Some shops will break the historical data migration into a couple of phases.
    • While there are technical solutions to accessing VSAM data stores, what I have observed with other members facing a similar scenario is a need to “shrink” the data store over time. The technical accesses to historical VSAM records would also have a lifespan, and rather than kicking the can down the road indefinitely, many have turned to a process-based solution allowing them to shrink the historical data store over time. I have observed three approaches to the handling or digitization of historical records like this:

    Temporary workaround. This would align with a technical solution allowing the VASM files to be accessed using platforms other than on mainframe hardware (Micro Focus or other file store trickery). This can be accomplished relatively quickly but does run the risk of technology obsolesce for the workaround at some point in the future.

    Bulk conversion. This method would involve the extract/transform/load of the historical records into the new application platform. Often the order of the conversion is completed on work newest to oldest (the idea is that the newest historical records would have the highest likelihood of an access need), but all files would be converted to the new application and the old data store destroyed.

    Forward convert, which would have files undergo the extract/transform/load conversion into the new application as they are accessed or reopened. This method would keep historical records indefinitely or until they are converted – or the legal retention schedule allows for their destruction (hopefully no file must be kept forever). This could be a cost-efficient approach since the historical files remaining on the VSAM platform would be shrunk over time based on demand from the district attorney process. The conversion process could be automated and scripted, with a QR step allowing for the records to be deleted from the old platform.

    Info-Tech Insight

    It is not usual for organizations to leverage options #2 and #3 above to move the functionality forward while containing the scope creep and costs for the data conversions.

    Enterprise class job scheduling

    Job scheduling or data center automation?

    • Enterprise class job scheduling solutions enable complex unattended batched programmatically conditioned task/job scheduling.
    • Data center automation (DCIM) software automates and orchestrates the processes and workflow for infrastructure operations including provisioning, configuring, patching of physical, virtual, and cloud servers, and monitoring of tasks involved in maintaining the operations of a data center or Infrastructure environment.
    • While there maybe some overlap and or confusion between data center automation and enterprise class job scheduling solutions, data center automation (DCIM) software solutions are least likely to have support for non-commodity server platforms and lack robust scheduling functionality.

    Note: Enterprise job scheduling is a topic with low member interest or demand. Since our published research is driven by members’ interest and needs, the lack of activity or member demand would obviously be a significant influence into our ability to aggregate shared member insight, trends, or best practices in our published agenda.

    Data Center Automation (DCIM) Software

    Orchestration/Provisioning Software

    Enterprise class job scheduling features

    The feature set for these tools is long and comprehensive. The feature list below is not exhaustive as specific tools may have additional product capabilities. At a minimum, the solutions offered by the vendors in the list below will have the following capabilities:

    • Automatic restart and recovery
    • File management
    • Integration with security systems such as AD
    • Operator alerts
    • Ability to control spooling devices
    • Cross-platform support
    • Cyclical scheduling
    • Deadline scheduling
    • Event-based scheduling / triggers
    • Inter-dependent jobs
    • External task monitoring (e.g. under other sub-systems)
    • Multiple calendars and time-zones
    • Scheduling of packaged applications (such as SAP, Oracle, JD Edwards)
    • The ability to schedule web applications (e.g. .net, java-based)
    • Workload analysis
    • Conditional dependencies
    • Critical process monitoring
    • Event-based automation (“self-healing” processes in response to common defined error conditions)
    • Graphical job stream/workflow visualization
    • Alerts (job failure notifications, task thresholds (too long, too quickly, missed windows, too short, etc.) via multiple channels
    • API’s supporting programmable scheduler needs
    • Virtualization support
    • Workload forecasting and workload planning
    • Logging and message data supporting auditing capabilities likely to be informed by or compliant with regulatory needs such as Sarbanes, Gramme-Leach
    • Historical reporting
    • Auditing reports and summaries

    Understand your vendors and tools

    List and compare the job scheduling features of each vendor.

    • This is not presented as an exhaustive list.
    • The list relies on observations aggregated from analyst engagements with Info-Tech Research Group members. Those member discussions tend to be heavily tilted toward solutions supporting non-commodity platforms.
    • Nothing is implied about a solution suitability or capability by the order of presentation or inclusion or absence in this list.

    ✓ Advanced Systems Concepts

    ✓ BMC

    ✓ Broadcom

    ✓ HCL

    ✓ Fortra

    ✓ Redwood

    ✓ SMA Technologies

    ✓ StoneBranch

    ✓ Tidal Software

    ✓ Vinzant Software

    Info-Tech Insight

    Creating vendor profiles will help quickly filter the solution providers that directly meet your z/Series needs.

    Advanced Systems Concepts

    ActiveBatch

    Workload Management:

    Summary

    Founded in 1981, ASCs ActiveBatch “provides a central automation hub for scheduling and monitoring so that business-critical systems, like CRM, ERP, Big Data, BI, ETL tools, work order management, project management, and consulting systems, work together seamlessly with minimal human intervention.”*

    URL

    advsyscon.com

    Coverage:

    Global

    Amazon EC2

    Hadoop Ecosystem

    IBM Cognos

    DataStage

    IBM PureData (Netezza)

    Informatica Cloud

    Microsoft Azure

    Microsoft Dynamics AX

    Microsoft SharePoint

    Microsoft Team Foundation Server

    Oracle EBS

    Oracle PeopleSoft

    SAP

    BusinessObjects

    ServiceNow

    Teradata

    VMware

    Windows

    Linux

    Unix

    IBM i

    *Advanced Systems Concepts, Inc.


    BMC

    Control-M

    Workload Management:

    Summary

    Founded in 1980, BMCs Control-M product “simplifies application and data workflow orchestration on premises or as a service. It makes it easy to build, define, schedule, manage, and monitor production workflows, ensuring visibility, reliability, and improving SLAs.”*

    URL

    bmc.com/it-solutions/control-m.html

    Coverage:

    Global

    AWS

    Azure

    Google Cloud Platform

    Cognos

    IBM InfoSphere

    DataStage

    SAP HANA

    Oracle EBS

    Oracle PeopleSoft

    BusinessObjects

    ServiceNow

    Teradata

    VMware

    Windows

    Linux

    Unix

    IBM i

    IBM z/OS

    zLinux

    *BMC

    Broadcom

    Atomic Automation

    Autosys Workload Automation

    Workload Management:

    Summary

    Broadcom offers Atomic Automation and Autosys Workload Automation which ”gives you the agility, speed and reliability required for effective digital business automation. From a single unified platform, Atomic centrally provides the orchestration and automation capabilities needed accelerate your digital transformation and support the growth of your company.”*

    URL

    broadcom.com/products/software/automation/automic-automation

    broadcom.com/products/software/automation/autosys

    Coverage:

    Global


    Windows

    MacOS

    Linux

    UNIX

    AWS

    Azure

    Google Cloud Platform

    VMware

    z/OS

    zLinux

    System i

    OpenVMS

    Banner

    Ecometry

    Hadoop

    Oracle EBS

    Oracle PeopleSoft

    SAP

    BusinessObjects

    ServiceNow

    Teradata

    VMware

    Windows

    Linux

    Unix

    IBM i

    *Broadcom

    HCL

    Workload Automation

    Workload Management:

    Summary

    “HCL Workload Automation streamlined modelling, advanced AI and open integration for observability. Accelerate the digital transformation of modern enterprises, ensuring business agility and resilience with our latest version of one stop automation platform. Orchestrate unattended and event-driven tasks for IT and business processes from legacy to cloud and kubernetes systems.”*

    URL

    hcltechsw.com/workload-automation

    Coverage:

    Global


    Windows

    MacOS

    Linux

    UNIX

    AWS

    Azure

    Google Cloud Platform

    VMware

    z/OS

    zLinux

    System i

    OpenVMS

    IBM SoftLayer

    IBM BigInsights

    IBM Cognos

    Hadoop

    Microsoft Dynamics 365

    Microsoft Dynamics AX

    Microsoft SQL Server

    Oracle E-Business Suite

    PeopleSoft

    SAP

    ServiceNow

    Apache Oozie

    Informatica PowerCenter

    IBM InfoSphere DataStage

    Salesforce

    BusinessObjects BI

    IBM Sterling Connect:Direct

    IBM WebSphere MQ

    IBM Cloudant

    Apache Spark

    *HCL Software

    Fortra

    JAMS Scheduler

    Workload Management:

    Summary

    Fortra’s “JAMS is a centralized workload automation and job scheduling solution that runs, monitors, and manages jobs and workflows that support critical business processes.

    JAMS reliably orchestrates the critical IT processes that run your business. Our comprehensive workload automation and job scheduling solution provides a single pane of glass to manage, execute, and monitor jobs—regardless of platforms or applications.”*

    URL

    jamsscheduler.com

    Coverage:

    Global


    OpenVMS

    OS/400

    Unix

    Windows

    z/OS

    SAP

    Oracle

    Microsoft

    Infor

    Workday

    AWS

    Azure

    Google Cloud Compute

    ServiceNow

    Salesforce

    Micro Focus

    Microsoft Dynamics 365

    Microsoft Dynamics AX

    Microsoft SQL Server

    MySQL

    NeoBatch

    Netezza

    Oracle PL/SQL

    Oracle E-Business Suite

    PeopleSoft

    SAP

    SAS

    Symitar

    *JAMS

    Redwood

    Redwood SaaS

    Workload Management:

    Summary

    Founded in 1993 and delivered as a SaaS solution, ”Redwood lets you orchestrate securely and reliably across any application, service or server, in the cloud or on-premises, all inside a single platform. Automation solutions are at the core of critical business operations such as forecasting, replenishment, reconciliation, financial close, order to cash, billing, reporting, and more. Enterprises in every industry — from manufacturing, utility, retail, and biotech to healthcare, banking, and aerospace.”*

    URL

    redwood.com

    Coverage:

    Global


    OpenVMS

    OS/400

    Unix

    Windows

    z/OS

    SAP

    Oracle

    Microsoft

    Infor

    Workday

    AWS

    Azure

    Google Cloud Compute

    ServiceNow

    Salesforce

    Github

    Office 365

    Slack

    Dropbox

    Tableau

    Informatica

    SAP BusinessObjects

    Cognos

    Microsoft Power BI

    Amazon QuickSight

    VMware

    Xen

    Kubernetes

    *Redwood

    Fortra

    Robot Scheduler

    Workload Management:

    Summary

    “Robot Schedule’s workload automation capabilities allow users to automate everything from simple jobs to complex, event-driven processes on multiple platforms and centralize management from your most reliable system: IBM i. Just create a calendar of when and how jobs should run, and the software will do the rest.”*

    URL

    fortra.com/products/job-scheduling-software-ibm-i

    Coverage:

    Global


    IBM i (System i, iSeries, AS/400)

    AIX/UNIX

    Linux

    Windows

    SQL/Server

    Domino

    JD Edwards EnterpriseOne

    SAP

    Automate Schedule (formerly Skybot Scheduler)

    *Fortra

    SMA Technologies

    OpCon

    Workload Management:

    Summary

    Founded in1980, SMA offers to “save time, reduce error, and free your IT staff to work on more strategic contributions with OpCon from SMA Technologies. OpCon offers powerful, easy-to-use workload automation and orchestration to eliminate manual tasks and manage workloads across business-critical operations. It's the perfect fit for financial institutions, insurance companies, and other transactional businesses.”*

    URL

    smatechnologies.com

    Coverage:

    Global

    Windows

    Linux

    Unix

    z/Series

    IBM i

    Unisys

    Oracle

    SAP

    Microsoft Dynamics AX

    Infor M3

    Sage

    Cegid

    Temenos

    FICS

    Microsoft Azure Data Management

    Microsoft Azure VM

    Amazon EC2/AWS

    Web Services RESTful

    Docker

    Google Cloud

    VMware

    ServiceNow

    Commvault

    Microsoft WSUS

    Microsoft Orchestrator

    Java

    JBoss

    Asysco AMT

    Tuxedo ART

    Nutanix

    Corelation

    Symitar

    Fiserv DNA

    Fiserv XP2

    *SMA Technologies

    StoneBranch

    Universal Automation Center (UAC)

    Workload Management:

    Summary

    Founded in 1999, ”the Stonebranch Universal Automation Center (UAC) is an enterprise-grade business automation solution that goes beyond traditional job scheduling. UAC's event-based workload automation solution is designed to automate and orchestrate system jobs and tasks across all mainframe, on-prem, and hybrid IT environments. IT operations teams gain complete visibility and advanced control with a single web-based controller, while removing the need to run individual job schedulers across platforms.”*

    URL

    stonebranch.com/it-automation-solutions/enterprise-job-scheduling

    Coverage:

    Global

    Windows

    Linux

    Unix

    z/Series

    Apache Kafka

    AWS

    Databricks

    Docker

    GitHub

    Google Cloud

    Informatica

    Jenkins

    Jscape

    Kubernetes

    Microsoft Azure

    Microsoft SQL

    Microsoft Teams

    PagerDuty

    PeopleSoft

    Petnaho

    RedHat Ansible

    Salesforce

    SAP

    ServiceNow

    Slack

    SMTP and IMAP

    Snowflake

    Tableau

    VMware

    *Stonebranch

    Tidal Software

    Workload Automation

    Workload Management:

    Summary

    Founded in 1979, Tidal’s Workload Automation will “simplify management and execution of end-to-end business processes with our unified automation platform. Orchestrate workflows whether they're running on-prem, in the cloud or hybrid environments.”*

    URL

    tidalsoftware.com

    Coverage:

    Global

    CentOS

    Linux

    Microsoft Windows Server

    Open VMS

    Oracle Cloud

    Oracle Enterprise Linux

    Red Hat Enterprise Server

    Suse Enterprise

    Tandem NSK

    Ubuntu

    UNIX

    HPUX (PA-RISC, Itanium)

    Solaris (Sparc, X86)

    AIX, iSeries

    z/Linux

    z/OS

    Amazon AWS

    Microsoft Azure

    Oracle OCI

    Google Cloud

    ServiceNow

    Kubernetes

    VMware

    Cisco UCS

    SAP R/3 & SAP S/4HANA

    Oracle E-Business

    Oracle ERP Cloud

    PeopleSoft

    JD Edwards

    Hadoop

    Oracle DB

    Microsoft SQL

    SAP BusinessObjects

    IBM Cognos

    FTP/FTPS/SFTP

    Informatica

    *Tidal

    Vinzant Software

    Global ECS

    Workload Management:

    Summary

    Founded in 1987, Global ECS can “simplify operations in all areas of production with the GECS automation framework. Use a single solution to schedule, coordinate and monitor file transfers, database operations, scripts, web services, executables and SAP jobs. Maximize efficiency for all operations across multiple business units intelligently and automatically.”*

    URL

    vinzantsoftware.com

    Coverage:

    Global

    Windows

    Linux

    Unix

    iSeries

    SAP R/3 & SAP S/4HANA

    Oracle, SQL/Server

    *Vizant Software

    Activity

    Scale Out or Scale Up

    Activities:

    1. Complete the Scale Up vs. Scale Out TCO Tool.
    2. Compare total lifecycle costs to determine TCO.

    This activity involves the following participants:

    IT strategic direction decision makers

    IT managers responsible for an existing z/Series platform

    Organizations evaluating platforms for mission critical applications

    Outcomes of this step:

    • Completed Scale Up vs. Scale Out TCO Tool

    Info-Tech Insight

    This checkpoint process creates transparency around agreement costs with the business and gives the business an opportunity to re-evaluate its requirements for a potentially leaner agreement.

    Scale out versus scale up activity

    The Scale Up vs. Scale Out TCO Tool provides organizations with a framework for estimating the costs associated with purchasing and licensing for a scale-up and scale-out environment over a multi-year period.

    Use this tool to:

    • Compare the pre-populated values.
    • Insert your own amounts to contrast possible database decisions and determine the TCO of each.
    The image contains screenshots of the Scale Up vs. Scale Out TCO Tool.

    Info-Tech Insight

    Watch out for inaccurate financial information. Ensure that the financials for cost match your maintenance and contract terms.

    Use the Scale Up vs. Scale Out TCO Tool to determine your TCO options.

    Related Info-Tech Research

    Effectively Acquire Infrastructure Services

    Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.

    Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery

    There are very few IT infrastructure components you should be housing internally – outsource everything else.

    Build Your Infrastructure Roadmap

    Move beyond alignment: Put yourself in the driver’s seat for true business value.

    Define Your Cloud Vision

    Make the most of cloud for your organization.

    Document Your Cloud Strategy

    Drive consensus by outlining how your organization will use the cloud.

    Build a Strategy for Big Data Platforms

    Know where to start and where to focus attention in the implementation of a big data strategy.

    Create a Better RFP Process

    Improve your RFPs to gain leverage and get better results.

    Research Authors

    Darin Stahl.

    Darin Stahl, Principal Research Advisor, Info-Tech Research Group

    Darin is a Principal Research Advisor within the Infrastructure Practice, and leveraging 38+ years of experience, his areas of focus include: IT Operations Management, Service Desk, Infrastructure Outsourcing, Managed Services, Cloud Infrastructure, DRP/BCP, Printer Management, Managed Print Services, Application Performance Monitoring/ APM, Managed FTP, non-commodity servers (z/Series, mainframe, IBM i, AIX, Power PC).

    Troy Cheeseman.

    Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy has over 25 years of IT management experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT Operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) start-ups.

    Bibliography

    “AWS Announces AWS Mainframe Modernization.” Business Wire, 30 Nov. 2021.
    de Valence, Phil. “Migrating a Mainframe to AWS in 5 Steps with Astadia?” AWS, 23 Mar. 2018.
    Graham, Nyela. “New study shows mainframes still popular despite the rise of cloud—though times are changing…fast?” WatersTechnology, 12 Sept. 2022.
    “Legacy applications can be revitalized with API.” MuleSoft, 2022.
    Vecchio, Dale. “The Benefits of Running Mainframe Applications on LzLabs Software Defined Mainframe® & Microsoft Azure.” LzLabs Sites, Mar. 2021.

    It wasn't me

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security and Risk
    • Parent Category Link: /security-and-risk

    You heard the message before, and yet....  and yet it does not sink in.

    In july 2019 already, according to retruster:

    • The average financial cost of a data breach is $3.86m (IBM)
    • Phishing accounts for 90% of data breaches
    • 15% of people successfully phished will be targeted at least one more time within the year
    • BEC scams accounted for over $12 billion in losses (FBI)
    • Phishing attempts have grown 65% in the last year
    • Around 1.5m new phishing sites are created each month (Webroot)
    • 76% of businesses reported being a victim of a phishing attack in the last year
    • 30% of phishing messages get opened by targeted users (Verizon)

    This is ... this means we, as risk professionals may be delivering our messsage the wrong way. So, I really enjoyed my colleague Nick Felix (who got it from Alison Francis) sending me the URL of this video: Enjoy, but mostly: learn, because we want our children to enjoy the fruits of our work.

    Register to read more …

    Identify and Build the Data & Analytics Skills Your Organization Needs

    • Buy Link or Shortcode: {j2store}301|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    The rapid technological evolution in platforms, processes, and applications is leading to gaps in the skills needed to manage and use data. Some common obstacles that could prevent you from identifying and building the data & analytics skills your organization needs include:

    • Lack of resources and knowledge to secure professionals with the right mix of D&A skills and right level of experience/skills
    • Lack of well-formulated and robust data strategy
    • Underestimation of the value of soft skills

    Our Advice

    Critical Insight

    Skill deficiency is frequently stated as a roadblock to realizing corporate goals for data & analytics. Soft skills and technical skills are complementary, and data & analytics teams need a combination of both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization’s data strategy to ensure the right skills are available at the right time and minimize pertinent risks.

    Impact and Result

    Follow Info-Tech's advice on the roles and skills needed to support your data & analytics strategic growth objectives and how to execute an actionable plan:

    • Define the skills required for each essential data & analytics role.
    • Identify the roles and skills gaps in alignment with your current data strategy.
    • Establish an action plan to close the gaps and reduce risks.

    Identify and Build the Data & Analytics Skills Your Organization Needs Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Build the Data & Analytics Skills Your Organization Needs Deck – Use this research to assist you in identifying and building roles and skills that are aligned with the organization’s data strategy.

    To generate business value from data, data leaders must first understand what skills are required to achieve these goals, identify the current skill gaps, and then develop skills development programs to enhance the relevant skills. Use Info-Tech's approach to identify and fill skill gaps to ensure you have the right skills at the right time.

    • Identify and Build the Data & Analytics Skills Your Organization Needs Storyboard

    2. Data & Analytics Skills Assessment and Planning Tool – Use this tool to help you identify the current and required level of competency for data & analytics skills, analyze gaps, and create an actionable plan.

    Start with skills and roles identified as the highest priority through a high-level maturity assessment. From there, use this tool to determine whether the organization’s data & analytics team has the key role, the right combination of skill sets, and the right level competency for each skill. Create an actionable plan to develop skills and fill gaps.

    • Data & Analytics Skills Assessment and Planning Tool
    [infographic]

    Further reading

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Blending soft skills with deep technical expertise is essential for building successful data & analytics teams.

    Analyst Perspective

    Blending soft skills with deep technical expertise is essential for building successful data & analytics teams.

    In today's changing environment, data & analytics (D&A) teams have become an essential component, and it is critical for organizations to understand the skill and talent makeup of their D&A workforce. Chief data & analytics officers (CDAOs) or other equivalent data leaders can train current data employees or hire proven talent and quickly address skills gaps.

    While developing technical skills is critical, soft skills are often left underdeveloped, yet lack of such skills is most likely why the data team would face difficulty moving beyond managing technology and into delivering business value.

    Follow Info-Tech's methodology to identify and address skills gaps in today's data workplace. Align D&A skills with your organization's data strategy to ensure that you always have the right skills at the right time.

    Ruyi Sun
    Research Specialist,
    Data & Analytics, and Enterprise Architecture
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The rapid technological evolution in platforms, processes, and applications is leading to gaps in the skills needed to manage and use data. Some critical challenges organizations with skills deficiencies might face include:

    • Time loss due to delayed progress and reworking of initiatives
    • Poor implementation quality and low productivity
    • Reduced credibility of data leader and data initiatives

    Common Obstacles

    Some common obstacles that could prevent you from identifying and building the data and analytics (D&A) skills your organization needs are:

    • Lack of resources and knowledge to secure professionals with the right mixed D&A skills and the right experience/skill level
    • Lack of well-formulated and robust data strategy
    • Neglecting the value of soft skills and placing all your attention on technical skills

    Info-Tech's Approach

    Follow Info-Tech's guidance on the roles and skills required to support your D&A strategic growth objectives and how to execute an actionable plan:

    • Define skills required for each essential data and analytics role
    • Identify roles and skills gap in alignment with your current data strategy
    • Establish action plan to close the gaps and reduce risks

    Info-Tech Insight

    Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills required by your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

    The rapidly changing environment is impacting the nature of work

    Scarcity of data & analytics (D&A) skills

    • Data is one of the most valuable organizational assets, and regardless of your industry, data remains the key to informed decision making. More than 75% of businesses are looking to adopt technologies like big data, cloud computing, and artificial intelligence (AI) in the next five years (World Economic Forum, 2023). As organizations pivot in response to industry disruptions and technological advancements, the nature of work is changing, and the demand for data expertise has grown.
    • Despite an increasing need for data expertise, organizations still have trouble securing D&A roles due to inadequate upskilling programs, limited understanding of the skills required, and more (EY, 2022). Notably, scarce D&A skills have been critical. More workers will need at least a base level of D&A skills to adequately perform their jobs.

    Stock image of a data storage center.

    Organizations struggle to remain competitive when skills gaps aren't addressed

    Organizations identify skills gaps as the key barriers preventing industry transformation:

    60% of organizations identify skills gaps as the key barriers preventing business transformation (World Economic Forum, 2023)

    43% of respondents agree the business area with the greatest need to address potential skills gaps is data analytics (McKinsey & Company, 2020)

    Most organizations are not ready to address potential role disruptions and close skills gaps:

    87% of surveyed companies say they currently experience skills gaps or expect them within a few years (McKinsey & Company, 2020)

    28% say their organizations make effective decisions on how to close skills gaps (McKinsey & Company, 2020)

    Neglecting soft skills development impedes CDOs/CDAOs from delivering value

    According to BearingPoint's CDO survey, cultural challenges and limited data literacy are the main roadblocks to a CDO's success. To drill further into the problem and understand the root causes of the two main challenges, conduct a root cause analysis (RCA) using the Five Whys technique.

    Bar Chart of 'Major Roadblocks to the Success of a CDO' with 'Limited data literacy' at the top.
    (Source: BearingPoint, 2020)

    Five Whys RCA

    Problem: Poor data literacy is the top challenge CDOs face when increasing the value of D&A. Why?

    • People that lack data literacy find it difficult to embrace and trust the organization's data insights. Why?
    • Data workers and the business team don't speak the same language. Why?
    • No shared data definition or knowledge is established. Over-extensive data facts do not drive business outcomes. Why?
    • Leaders fail to understand that data literacy is more than technical training, it is about encompassing all aspects of business, IT, and data. Why?
    • A lack of leadership skills prevents leaders from recognizing these connections and the data team needing to develop soft skills.

    Problem: Cultural challenge is one of the biggest obstacles to a CDO's success. Why?

    • Decisions are made from gut instinct instead of data-driven insights, thus affecting business performance. Why?
    • People within the organization do not believe that data drives operational excellence, so they resist change. Why?
    • Companies overestimate the organization's level of data literacy and data maturity. Why?
    • A lack of strategies in change management, continuous improvement & data literacy for data initiatives. Why?
    • A lack of expertise/leaders possessing these relevant soft skills (e.g. change management, etc.).

    As organizations strive to become more data-driven, most conversations around D&A emphasize hard skills. Soft skills like leadership and change management are equally crucial, and deficits there could be the root cause of the data team's inability to demonstrate improved business performance.

    Data cannot be fully leveraged without a cohesive data strategy

    Business strategy and data strategy are no longer separate entities.

    • For any chief data & analytics officer (CDAO) or equivalent data leader, a robust and comprehensive data strategy is the number one tool for generating measurable business value from data. Data leaders should understand what skills are required to achieve these goals, consider the current skills gap, and build development programs to help employees improve those skills.
    • Begin your skills development programs by ensuring you have a data strategy plan prepared. A data strategy should never be formulated independently from the business. Organizations with high data maturity will align such efforts to the needs of the business, making data a major part of the business strategy to achieve data centricity.
    • Refer to Info-Tech's Build a Robust and Comprehensive Data Strategy blueprint to ensure data can be leveraged as a strategic asset of the organization.

    Diagram of 'Data Strategy Maturity' with two arrangements of 'Data Strategy' and 'Business Strategy'. One is 'Aligned', the other is 'Data Centric.'

    Info-Tech Insight

    The process of achieving data centricity requires alignment between the data and business teams, and that requires soft skills.

    Follow Info-Tech's methodology to identify the roles and skills needed to execute a data strategy

    1. Define Key Roles and Skills

      Digital Leadership Skills, Soft Skills, Technical Skills
      Key Output
      • Defined essential competencies, responsibilities for some common data roles
    2. Uncover the Skills Gap

      Data Strategy Alignment, High-Level Data Maturity Assessment, Skills Gap Analysis
      Key Output
      • Data roles and skills aligned with your current data strategy
      • Identified current and target state of data skill sets
    3. Build an Actionable Plan

      Initiative Priority, Skills Growth Feasibility, Hiring Feasibility
      Key Output
      • Identified action plan to address the risk of data skills deficiency

    Info-Tech Insight

    Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

    Research benefits

    Member benefits

    • Reduce time spent defining the target state of skill sets.
    • Gain ability to reassess the feasibility of execution on your data strategy, including resources and timeline.
    • Increase confidence in the data leader's ability to implement a successful skills development program that is aligned with the organization's data strategy, which correlates directly to successful business outcomes.

    Business benefits

    • Reduce time and cost spent hiring key data roles.
    • Increase chance of retaining high-quality data professionals.
    • Reduce time loss for delayed progress and rework of initiatives.
    • Optimize quality of data initiative implementation.
    • Improve data team productivity.

    Insight summary

    Overarching insight

    Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

    Phase 1 insight

    Technological advancements will inevitably require new technical skills, but the most in-demand skills go beyond mastering the newest technologies. Soft skills are essential to data roles as the global workforce navigates the changes of the last few years.

    Phase 2 insight

    Understanding and knowing your organization's data maturity level is a prerequisite to assessing your current skill and determining where you must align in the future.

    Phase 3 insight

    One of the misconceptions that organizations have includes viewing skills development as a one-time effort. This leads to underinvestment in data team skills, risk of falling behind on technological changes, and failure to connect with business partners. Employees must learn to continuously adapt to the changing circumstances of D&A.

    While the program must be agile and dynamic to reflect technological improvements in the development of technical skills, the program should always be anchored in soft skills because data management is fundamentally about interaction, collaboration, and people.

    Tactical insight

    Seeking input and support across your business units can align stakeholders to focus on the right data analytics skills and build a data learning culture.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is four to six calls over the course of two to three months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Call #1: Understand common data & analytics roles and skills, and your specific objectives and challenges. Call #2: Assess the current data maturity level and competency of skills set. Identify the skills gap. Call #3: Identify the relationship between current initiatives and capabilities. Initialize the corresponding roadmap for the data skills development program.

    Call #4: (follow-up call) Touching base to follow through and ensure that benefits have received.

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Phase 1

    Define Key Roles and Skills

    Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

    This phase will walk you through the following activities:

    • 1.1 Review D&A Skill & Role List in Data & Analytics Assessment and Planning Tool

    This phase involves the following participants:

    • Data leads

    Key resources for your data strategy: People

    Having the right role is a key component for executing effective data strategy.

    D&A Common Roles

    • Data Steward
    • Data Custodian
    • Data Owner
    • Data Architect
    • Data Modeler
    • Artificial Intelligence (AI) and Machine Learning (ML) Specialist
    • Database Administrator
    • Data Quality Analyst
    • Security Architect
    • Information Architect
    • System Architect
    • MDM Administrator
    • Data Scientist
    • Data Engineer
    • Data Pipeline Developer
    • Data Integration Architect
    • Business Intelligence Architect
    • Business Intelligence Analyst
    • ML Validator

    AI and ML Specialist is projected to be the fastest-growing occupation in the next five years (World Economic Forum, 2023).

    While tech roles take an average of 62 days to fill, hiring a senior data scientist takes 70.5 days (Workable, 2019). Start your recruitment cycle early for this demand.

    D&A Leader Roles

    • Chief Data Officer (CDO)/Chief Data & Analytics Officer (CDAO)
    • Data Governance Lead
    • Data Management Lead
    • Information Security Lead
    • Data Quality Lead
    • Data Product Manager
    • Master Data Manager
    • Content and Record Manager
    • Data Literacy Manager

    CDOs act as impactful change agents ensuring that the organization's data management disciplines are running effectively and meeting the business' data needs. Only 12.0% of the surveyed organizations reported having a CDO as of 2012. By 2022, this percentage had increased to 73.7% (NewVantage Partners, 2022).

    Sixty-five percent of respondents said lack of data literacy is the top challenge CDOs face today (BearingPoint, 2020). It has become imperative for companies to consider building a data literacy program which will require a dedicated data literacy team.

    Key resources for your data strategy: Skill sets

    Distinguish between the three skills categories.

    • Soft Skills

      Soft skills are described as power skills regarding how you work, such as teamwork, communication, and critical thinking.
    • Digital Leadership Skills

      Not everyone working in the D&A field is expected to perform advanced analytical tasks. To thrive in increasingly data-rich environments, however, every data worker, including leaders, requires a basic technological understanding and skill sets such as AI, data literacy, and data ethics. These are digital leadership skills.
    • Technical Skills

      Technical skills are the practical skills required to complete a specific task. For example, data scientists and data engineers require programming skills to handle and manage vast amounts of data.

    Info-Tech Insight

    Technological advancements will inevitably require new technical skills, but the most in-demand skills go beyond mastering the newest technologies. Soft skills are essential to data roles as the global workforce navigates the changes of the last few years.

    Soft skills aren't just nice to have

    They're a top asset in today's data workplace.

    Leadership

    • Data leaders with strong leadership abilities can influence the organization's strategic execution and direction, support data initiatives, and foster data cultures. Organizations that build and develop leadership potential are 4.2 times more likely to financially outperform those that do not (Udemy, 2022).

    Business Acumen

    • The process of deriving conclusions and insights from data is ultimately utilized to improve business decisions and solve business problems. Possessing business acumen helps provide the business context and perspectives for work within data analytics fields.

    Critical Thinking

    • Critical thinking allows data leaders at every level to objectively assess a problem before making judgment, consider all perspectives and opinions, and be able to make decisions knowing the ultimate impact on results.

    Analytical Thinking

    • Analytical thinking remains the most important skill for workers in 2023 (World Economic Forum, 2023). Data analytics expertise relies heavily on analytical thinking, which is the process of breaking information into basic principles to analyze and understand the logic and concepts.

    Design Thinking & Empathy

    • Design thinking skills help D&A professionals understand and prioritize the end-user experience to better inform results and assist the decision-making process. Organizations with high proficiency in design thinking are twice as likely to be high performing (McLean & Company, 2022).

    Learning Focused

    • The business and data analytics fields continue to evolve rapidly, and the skills, especially technical skills, must keep pace. Learning-focused D&A professionals continuously learn, expanding their knowledge and enhancing their techniques.

    Change Management

    • Change management is essential, especially for data leaders who act as change agents developing and enabling processes and who assist others with adjusting to changes with cultural and procedural factors. Organizations with high change management proficiency are 2.2 times more likely to be high performing (McLean & Company, 2022).

    Resilience

    • Being motivated and adaptable is essential when facing challenges and high-pressure situations. Organizations highly proficient in resilience are 1.8 times more likely to be high performing (McLean & Company, 2022).

    Managing Risk & Governance Mindset

    • Risk management ability is not limited to highly regulated institutions. All data workers must understand risks from the larger organizational perspective and have a holistic governance mindset while achieving their individual goals and making decisions.

    Continuous Improvement

    • Continuously collecting feedback and reflecting on it is the foundation of continuous improvement. To uncover and track the lessons learned and treat them as opportunities, data workers must be able to discover patterns and connections.

    Teamwork & Collaboration

    • Value delivery in a data-centric environment is a team effort, requiring collaboration across the business, IT, and data teams. D&A experts with strong collaborative abilities can successfully work with other teams to achieve shared objectives.

    Communication & Active Listening

    • This includes communicating with relevant stakeholders about timelines and expectations of data projects and associated technology and challenges, paying attention to data consumers, understanding their requirements and needs, and other areas of interest to the organization.

    Technical skills for everyday excellence

    Digital Leadership Skills

    • Technological Literacy
    • Data and AI Literacy
    • Cloud Computing Literacy
    • Data Ethics
    • Data Translation

    Data & Analytics Technical Competencies

    • Data Mining
    • Programming Languages (Python, SQL, R, etc.)
    • Data Analysis and Statistics
    • Computational and Algorithmic Thinking
    • AI/ML Skills (Deep Learning, Computer Vision, Natural Language Processing, etc.)
    • Data Visualization and Storytelling
    • Data Profiling
    • Data Modeling & Design
    • Data Pipeline (ETL/ELT) Design & Management
    • Database Design & Management
    • Data Warehouse/Data Lake Design & Management

    1.1 Review D&A Skill & Role List in the Data & Analytics Assessment and Planning Tool

    Sample of Tab 2 in the Data & Analytics Assessment and Planning Tool.

    Tab 2. Skill & Role List

    Objective: Review the library of skills and roles and customize them as needed to align with your organization's language and specific needs.

    Download the Data & Analytics Assessment and Planning Tool

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Phase 2

    Uncover the Skills Gap

    Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

    This phase will walk you through the following activities:

    • 2.1 High-level assessment of your present data management maturity
    • 2.2 Interview business and data leaders to clarify current skills availability
    • 2.3 Use the Data & Analytics Assessment and Planning Tool to Identify your skills gaps

    This phase involves the following participants:

    • Data leads
    • Business leads and subject matter experts (SMEs)
    • Key business stakeholders

    Identify skills gaps across the organization

    Gaps are not just about assigning people to a role, but whether people have the right skill sets to carry out tasks.

    • Now that you have identified the essential skills and roles in the data workplace, move to Phase 2. This phase will help you understand the required level of competency, assess where the organization stands today, and identify gaps to close.
    • Using the Data & Analytics Assessment and Planning Tool, start with areas that are given the highest priority through a high-level maturity assessment. From there, three levels of gaps will be found: whether people are assigned to a particular position, the right combination of D&A skill sets, and the right competency level for each skill.
    • Lack of talent assigned to a position

    • Lack of the right combination of D&A skill sets

    • Lack of appropriate competency level

    Info-Tech Insight

    Understanding your organization's data maturity level is a prerequisite to assessing the skill sets you have today and determining where you need to align in the future.

    2.1 High-level assessment of your present data management maturity

    Identifying and fixing skills gaps takes time, money, and effort. Focus on bridging the gap in high-priority areas.

    Input: Current state capabilities, Use cases (if applicable), Data culture diagnostic survey results (if applicable)
    Output: High-level maturity assessment, Prioritized list of data management focused area
    Materials: Data Management Assessment and Planning Tool (optional), Data & Analytics Assessment and Planning Tool
    Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

    Objectives:

    Prioritize these skills and roles based on your current maturity levels and what you intend to accomplish with your data strategy.

    Steps:

    1. (Optional Step) Refer to the Build a Robust and Comprehensive Data Strategy blueprint. You can assess your data maturity level using the following frameworks and methods:
      • Review current data strategy and craft use cases that represent high-value areas that must be addressed for their teams or functions.
      • Use the data culture assessment survey to determine your organization's data maturity level.
    2. (Optional Step) Refer to the Create a Data Management Roadmap blueprint and Data Management Assessment and Planning Tool to dive deep into understanding and assessing capabilities and maturity levels of your organization's data management enablers and understanding your priority areas and specific gaps.
    3. If you have completed Data Management Assessment and Planning Tool, fill out your maturity level scores for each of the data management practices within it - Tab 3 (Current-State Assessment). Skip Tab 4 (High-Level Maturity Assessment).
    4. If you have not yet completed Data Management Assessment and Planning Tool, skip Tab 3 and continue with Tab 4. Assign values 1 to 3 for each capability and enabler.
    5. You can examine your current-state data maturity from a high level in terms of low/mid/high maturity using either Tabs 3 or 4.
    6. Suggested focus areas along the data journey:
      • Low Maturity = Data Strategy, Data Governance, Data Architecture
      • Mid Maturity = Data Literacy, Information Management, BI and Reporting, Data Operations Management, Data Quality Management, Data Security/Risk Management
      • High Maturity = MDM, Data Integration, Data Product and Services, Advanced Analytics (ML & AI Management).

    Download the Data & Analytics Assessment and Planning Tool

    2.2 Interview business and data leaders to clarify current skills availability

    1-2 hours per interview

    Input: Sample questions targeting the activities, challenges, and opportunities of each unit
    Output: Identified skills availability
    Materials: Whiteboard/Flip charts, Data & Analytics Assessment and Planning Tool
    Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

    Instruction:

    1. Conduct a deep-dive interview with each key data initiative stakeholder (data owners, SMEs, and relevant IT/Business department leads) who can provide insights on the skill sets of their team members, soliciting feedback from business and data leaders about skills and observations of employees as they perform their daily tasks.
    2. Populate a current level of competency for each skill in the Data & Analytics Assessment and Planning Tool in Tabs 5 and 6. Having determined your data maturity level, start with the prioritized data management components (e.g. if your organization sits at low data maturity level, start with identifying relevant positions and skills under data governance, data architecture, and data architecture elements).
    3. More detailed instructions on how to utilize the workbook are at the next activity.

    Key interview questions that will help you :

    1. Do you have personnel assigned to the role? What are their primary activities? Do the personnel possess the soft and technical skills noted in the workbook? Are you satisfied with their performance? How would you evaluate their degree of competency on a scale of "vital, important, nice to have, or none"? The following aspects should be considered when making the evaluation:
      • Key Performance Indicators (KPIs): Business unit data will show where the organization is challenged and will help identify potential areas for development.
      • Project Management Office: Look at successful and failed projects for trends in team traits and competencies.
      • Performance Reviews: Look for common themes where employees excel or need to improve.
      • Focus Groups: Speak with a cross section of employees to understand their challenges.
    2. What technology is currently used? Are there requirements for new technology to be bought and/or optimized in the future? Will the workforce need to increase their skill level to carry out these activities with the new technology in place?

    Download the Data & Analytics Assessment and Planning Tool

    2.3 Use the Data & Analytics Assessment and Planning Tool to identify skills gaps

    1-3 hours — Not everyone needs the same skill levels.

    Input: Current skills competency, Stakeholder interview results and findings
    Output: Gap identification and analysis
    Materials: Data & Analytics Assessment and Planning Tool
    Participants: Data leads

    Instruction:

    1. Select your organization's data maturity level in terms of Low/Mid/High in cell A6 for both Tab 5 (Soft Skills Assessment) and Tab 6 (Technical Skills Assessment) to reduce irrelevant rows.
    2. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to determine whether the data role exists in the organization. If yes, assign a current-state value from “vital, important, nice to have, or none” for each skill in the assessment tool. Info-Tech has specified the desired/required target state of each skill set.
    3. Once you've assigned the current-state values, the tool will automatically determine whether there is a gap in skill set.

    Download the Data & Analytics Assessment and Planning Tool

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Phase 3

    Build an Actionable Plan

    Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

    This phase will walk you through the following activities:

    • 3.1 Use the Data & Analytics Assessment and Planning Tool to build your actionable roadmap

    This phase involves the following participants:

    • Data leads
    • Business leads and subject matter experts (SMEs)
    • Key business stakeholders

    Determine next steps and decision points

    There are three types of internal skills development strategies

    • There are three types of internal skills development strategies organizations can use to ensure the right people with the right abilities are placed in the right roles: reskill, upskill, and new hire.
    1. Reskill

      Reskilling involves learning new skills for a different or newly defined position.
    2. Upskill

      Upskilling involves building a higher level of competency in skills to improve the worker's performance in their current role.
    3. New hire

      New hire involves hiring workers who have the essential skills to fill the open position.

    Info-Tech Insight

    One of the misconceptions that organizations have includes viewing skills development as a one-time effort. This leads to underinvestment in data team skills, risk of falling behind on technological changes, and failure to connect with business partners. Employees must learn to continuously adapt to the changing circumstances of D&A. While the program must be agile and dynamic to reflect technological improvements in the development of technical skills, the program should always be anchored in soft skills because data management is fundamentally about interaction, collaboration, and people.

    How to determine when to upskill, reskill, or hire to meet your skills needs

    Reskill

    Reskilling often indicates a change in someone's career path, so this decision requires a goal aligned with both individuals and the organization to establish a mutually beneficial situation.

    When making reskilling decisions, organizations should also consider the relevance of the skill for different positions. For example, data administrators and data architects have similar skill sets, so reskilling is appropriate for these employees.

    Upskill

    Upskilling tends to focus more on the soft skills necessary for more advanced positions. A data strategy lead, for example, might require design thinking training, which enables leaders to think from different perspectives.

    Skill growth feasibility must also be considered. Some technical skills, particularly those involving cutting-edge technologies, require continual learning to maintain operational excellence. For example, a data scientist may require AI/ML skills training to incorporate use of modern automation technology.

    New Hire

    For open positions and skills that are too resource-intensive to reskill or upskill, it makes sense to recruit new employees. Consider, however, time and cost feasibility of hiring. Some positions (e.g. senior data scientist) take longer to fill. To minimize risks, coordinate with your HR department and begin recruiting early.

    Data & Analytics skills training

    There are various learning methods that help employees develop priority competencies to achieve reskilling or upskilling.

    Specific training

    The data team can collaborate with the human resources department to plan and develop internal training sessions aimed at specific skill sets.

    This can also be accomplished through external training providers such as DCAM, which provides training courses on data management and analytics topics.

    Formal education program

    Colleges and universities can equip students with data analytics skills through formal education programs such as MBAs and undergraduate or graduate degrees in Data Science, Machine Learning, and other fields.

    Certification

    Investing time and effort to obtain certifications in the data & analytics field allows data workers to develop skills and gain recognition for continuous learning and self-improvement.

    AWS Data Analytics and Tableau Data Scientist Certification are two popular data analytics certifications.

    Online learning from general providers

    Some companies offer online courses in various subjects. Coursera and DataCamp are two examples of popular providers.

    Partner with a vendor

    The organization can partner with a vendor who brings skills and talents that are not yet available within the organization. Employees can benefit from the collaboration process by familiarizing themselves with the project and enhancing their own skills.

    Support from within your business

    The data team can engage with other departments that have previously done skills development programs, such as Finance and Change & Communications, who may have relevant resources to help you improve your business acumen and change management skills.

    Info-Tech Insight

    Seeking input and support across your business units can align stakeholders to focus on the right data analytics skills and build a data learning culture.

    Data & Analytics skills reinforcement

    Don't assume learners will immediately comprehend new knowledge. Use different methods and approaches to reinforce their development.

    Innovation Space

    • Skills development is not a one-time event, but a continuous process during which innovation should be encouraged. A key aspect of being innovative is having a “fail fast” mentality, which means collecting feedback, recognizing when something isn't working, encouraging experimentation, and taking a different approach with the goal of achieving operational excellence.
    • Human-centered design (HCD) also yields innovative outcomes with a people-first focus. When creating skills development programs for various target groups, organizations should integrate a human-centered approach.

    Commercial Lens

    • Exposing people to a commercial way of thinking can add long-term value by educating people to act in the business' best interest and raising awareness of what other business functions contribute. This includes concepts such as project management, return on investment (ROI), budget alignment, etc.

    Checklists/Rubrics

    • Employees should record what they learn so they can take the time to reflect. A checklist is an effective technique for establishing objectives, allowing measurement of skills development and progress.

    Buddy Program

    • A buddy program helps employees gain and reinforce knowledge and skills they have learned through mutual support and information exchange.

    Align HR programs to support skills integration and talent recruitment

    With a clear idea of skills needs and an executable strategy for training and reinforcing of concepts, HR programs and processes can help the data team foster a learning environment and establish a recruitment plan. The links below will direct you to blueprints produced by McLean & Company, a division of Info-Tech Research Group.

    Workforce Planning

    When integrating the skills of the future into workforce planning, determine the best approach for addressing the identified talent gaps – whether to build, buy, or borrow.

    Integrate the future skills identified into the organization's workforce plan.

    Talent Acquisition

    In cases where employee development is not feasible, the organization's talent acquisition strategy must focus more on buying or borrowing talent. This will impact the TA process. For example, sourcing and screening must be updated to reflect new approaches and skills.

    If you have a talent acquisition strategy, assess how to integrate the new roles/skills into recruiting.

    Competencies/Succession Planning

    Review current organizational core competencies to determine if they need to be modified. New skills will help inform critical roles and competencies required in succession talent pools.

    If no competency framework exists, use McLean & Company's Develop a Comprehensive Competency Framework blueprint.

    Compensation

    Evaluate modified and new roles against the organization's compensation structure. Adjust them as necessary. Look at market data to understand compensation for new roles and skills.

    Reassess your base pay structure according to market data for new roles and skills.

    Learning and Development

    L&D plays a huge role in closing the skills gap. Build L&D opportunities to support development of new skills in employees.

    Design an Impactful Employee Development Program to build the skills employees need in the future.

    3.1 Use the Data & Analytics Assessment and Planning Tool to build an actionable plan

    1-3 hours

    Input: Roles and skills required, Key decision points
    Output: Actionable plan
    Materials: Data & Analytics Assessment and Planning Tool
    Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

    Instruction:

    1. On Tab 7 (Next Steps & Decision Points), you will find a list of tasks that correspond to roles that where there is a skills gap.
    2. Customize this list of tasks initiatives according to your needs.
    3. The Gantt chart, which will be generated automatically after assigning start and finish dates for each activity, can be used to structure your plan and guarantee that all the main components of skills development are addressed.

    Sample of Tab 7 in the Data & Analytics Assessment and Planning Tool.

    Download the Data & Analytics Assessment and Planning Tool

    Related Info-Tech Research

    Sample of the Create a Data Management Roadmap blueprint.

    Create a Data Management Roadmap

    • This blueprint will help you design a data management practice that will allow your organization to use data as a strategic enabler.

    Stock image of a person looking at data dashboards on a tablet.

    Build a Robust and Comprehensive Data Strategy

    • Put a strategy in place to ensure data is available, accessible, well-integrated, secured, of acceptable quality, and suitably visualized to fuel organization-wide decision making. Start treating data as strategic and corporate asset.

    Sample of the Foster Data-Driven Culture With Data Literacy blueprint.

    Foster Data-Driven Culture With Data Literacy

    • By thoughtfully designing a data literacy training program appropriate to the audience's experience, maturity level, and learning style, organizations build a data-driven and engaged culture that helps them unlock their data's full potential and outperform other organizations.

    Research Authors and Contributors

    Authors:

    Name Position Company
    Ruyi Sun Research Specialist Info-Tech Research Group

    Contributors:

    Name Position Company
    Steve Wills Practice Lead Info-Tech Research Group
    Andrea Malick Advisory Director Info-Tech Research Group
    Annabel Lui Principal Advisory Director Info-Tech Research Group
    Sherwick Min Technical Counselor Info-Tech Research Group

    Bibliography

    2022 Workplace Learning Trends Report.” Udemy, 2022. Accessed 20 June 2023.

    Agrawal, Sapana, et al. “Beyond hiring: How companies are reskilling to address talent gaps.” McKinsey & Company, 12 Feb. 2020. Accessed 20 June 2023.

    Bika, Nikoletta. “Key hiring metrics: Useful benchmarks for tech roles.” Workable, 2019. Accessed 20 June 2023.

    Chroust, Tomas. “Chief Data Officer – Leaders of data-driven enterprises.” BearingPoint, 2020. Accessed 20 June 2023.

    “Data and AI Leadership Executive Survey 2022.” NewVantage Partners, Jan 2022. Accessed 20 June 2023.

    Dondi, Marco, et al. “Defining the skills citizens will need in the future world of work.” McKinsey & Company, June 2021. Accessed 20 June 2023.

    Futschek, Gerald. “Algorithmic Thinking: The Key for Understanding Computer Science.” Lecture Notes in Computer Science, vol. 4226, 2006.

    Howard, William, et al. “2022 HR Trends Report.” McLean & Company, 2022. Accessed 20 June 2023.

    “Future of Jobs Report 2023.” World Economic Forum, May 2023. Accessed 20 June 2023.

    Knight, Michelle. “What is Data Ethics?” Dataversity, 19 May 2021. Accessed 20 June 2023.

    Little, Jim, et al. “The CIO Imperative: Is your technology moving fast enough to realize your ambitions?” EY, 22 Apr. 2022. Accessed 20 June 2023.

    “MDM Roles and Responsibilities.” Profisee, April 2019. Accessed 20 June 2023.

    “Reskilling and Upskilling: A Strategic Response to Changing Skill Demands.” TalentGuard, Oct. 2019. Accessed 20 June 2023.

    Southekal, Prashanth. “The Five C's: Soft Skills That Every Data Analytics Professional Should Have.” Forbes, 17 Oct. 2022. Accessed 20 June 2023.

    Corporate security consultancy

    Corporate security consultancy

    Based on experience
    Implementable advice
    human-based and people-oriented

    Engage our corporate security consultancy firm to discover any weaknesses within your company’s security management. Tymans Group has extensive expertise in helping small and medium businesses set up clear security protocols to safeguard their data and IT infrastructure. Read on to discover how our consulting firm can help improve corporate security within your company.

    Why should you hire a corporate security consultancy company?

    These days, corporate security includes much more than just regulating access to your physical location, be it an office or a store. Corporate security increasingly deals in information and data security, as well as general corporate governance and responsibility. Proper security protocols not only protect your business from harm, but also play an important factor in your overall success. As such, corporate security is all about setting up practical and effective strategies to protect your company from harm, regardless of whether the threat comes from within or outside. As such, hiring a security consulting firm to improve corporate security and security management within your company is not an unnecessary luxury, but a must.

    Security and risk management

    Our security and risk services

    Security strategy

    Security Strategy

    Embed security thinking through aligning your security strategy to business goals and values

    Read more

    Disaster Recovery Planning

    Disaster Recovery Planning

    Create a disaster recovey plan that is right for your company

    Read more

    Risk Management

    Risk Management

    Build your right-sized IT Risk Management Program

    Read more

    Check out all our services

    Improve your corporate security with help from our consulting company

    As a consultancy firm, Tymans Group can help your business to identify possible threats and help set up strategies to avoid them. However, as not all threats can be avoided, our corporate security consultancy firm also helps you set up protocols to mitigate and manage them, as well as help you develop effective incident management protocols. All solutions are practical, people-oriented and based on our extensive experience and thus have proven effectiveness.

    Hire our experienced consultancy firm

    Engage the services of our consulting company to improve corporate security within your small or medium business. Contact us to set up an appointment on-site or book a one-hour talk with expert Gert Taeymans to discuss any security issues you may be facing. We are happy to offer you a custom solution.

    Register to read more …

    Embed Business Relationship Management in IT

    • Buy Link or Shortcode: {j2store}270|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $21,960 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Manage Business Relationships
    • Parent Category Link: /manage-business-relationships
    • While organizations realize they need to improve business relationships, they often don’t know how.
    • IT doesn’t know what their business needs and so can’t add as much value as they’d like.
    • They find that their partners often reach out to third parties before they connect with internal IT.

    Our Advice

    Critical Insight

    • Business relationship management (BRM) is not just about communication, it’s about delivering on business value.
    • Build your BRM program on establishing trust.

    Impact and Result

    • Drive business value into the organization via innovative technology solutions.
    • Improve ability to meet and exceed business goals and objectives, resulting in more satisfied stakeholders (C-suite, board of directors).
    • Enhance ability to execute business activities to meet end customer requirements and expectations, resulting in more satisfied customers.

    Embed Business Relationship Management in IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Embed Business Relationship Management Deck – A step-by-step document that walks you through how to establish a practice with well-embedded business relationships, driving IT success.

    This blueprint helps you to establish a relationship with your stakeholders, both within and outside of IT. You’ll learn how to embed relationship management throughout your organization.

    • Embed Business Relationship Management in IT – Phases 1-5

    2. BRM Workbook Deck – A workbook for you to capture the results of your thinking on the BRM practice.

    Use this tool to capture your findings as you work through the blueprint.

    • Embed Business Relationship Management in IT Workbook

    3. BRM Buy-In and Communication Template – A template to help you communicate what BRM is to your organization, that leverages feedback from your business stakeholders and IT.

    Customize this tool to obtain buy in from leadership and other stakeholders. As you continue through the blueprint, continue to leverage this template to communicate what your BRM program is about.

    • BRM Buy-In and Communication Template

    4. BRM Role Expectations Worksheet – A tool to help you establish how the BRM role and/or other roles will be managing relationships.

    This worksheet template is used to outline what the BRM practice will do and associate the expectations and tasks with the roles throughout your organization. Use this to communicate that while your BRM role has a strategic focus and perspective of the relationship, other roles will continue to be important for relationship management.

    • Role Expectations Worksheet

    5. BRM Stakeholder Engagement Plan Worksheet – A tool to help you establish your stakeholders and your engagement with them.

    This worksheet allows you to list the stakeholders and their priority in order to establish how you want to engage with them.

    • BRM Stakeholder Engagement Plan Worksheet

    6. Business Relationship Manager Job Descriptions – These templates can be used as a guide for defining the BRM role.

    These job descriptions will provide you with list of competencies and qualifications necessary for a BRM operating at different levels of maturity. Use this template as a guide, whether hiring internally or externally, for the BRM role.

    • Business Relationship Manager – Level 1
    • Business Relationship Manager – Level 2
    • Business Relationship Manager – Level 3
    [infographic]

    Workshop: Embed Business Relationship Management in IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Foundation: Assess and Situate

    The Purpose

    Set the foundation for your BRM practice – understand your current state and set the vision.

    Key Benefits Achieved

    An understanding of current pain points and benefits to be addressed through your BRM practice. Establish alignment on what your BRM practice is – use this to start obtaining buy-in from stakeholders.

    Activities

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    1.4 Create Vision

    1.5 Create the BRM Mission

    1.6 Establish Goals

    Outputs

    BRM definition

    Identify areas to be addressed through the BRM practice

    Shared vision, mission, and understanding of the goals for the brm practice

    2 Plan

    The Purpose

    Determine where the BRM fits and how they will operate within the organization.

    Key Benefits Achieved

    Learn how the BRM practice can best act on your goals.

    Activities

    2.1 Establish Guiding Principles

    2.2 Determine Where BRM Fits

    2.3 Establish BRM Expectations

    2.4 Identify Roles With BRM Responsibilities

    2.5 Align Capabilities

    Outputs

    An understanding of where the BRM sits in the IT organization, how they align to their business partners, and other roles that support business relationships

    3 Implement

    The Purpose

    Determine how to identify and work with key stakeholders.

    Key Benefits Achieved

    Determine ways to engage with stakeholders in ways that add value.

    Activities

    3.1 Brainstorm Sources of Business Value

    3.2 Identify Key Influencers

    3.3 Categorize the Stakeholders

    3.4 Create the Prioritization Map

    3.5 Create Your Engagement Plan

    Outputs

    Shared understanding of business value

    A plan to engage with stakeholders

    4 Reassess and Embed

    The Purpose

    Determine how to continuously improve the BRM practice.

    Key Benefits Achieved

    An ongoing plan for the BRM practice.

    Activities

    4.1 Create Metrics

    4.2 Prioritize Your Projects

    4.3 Create a Portfolio Investment Map

    4.4 Establish Your Annual Plan

    4.5 Build Your Transformation Roadmap

    4.6 Create Your Communication Plan

    Outputs

    Measurements of success for the BRM practice

    Prioritization of projects

    BRM plan

    Further reading

    Embed Business Relationship Management in IT

    Show that IT is worthy of Trusted Partner status.

    Executive Brief

    Analyst Perspective

    Relationships are about trust.

    As long as humans are involved in enabling technology, it will always remain important to ensure that business relationships support business needs. At the cornerstone of those relationships is trust and the establishment of business value. Without trust, you won’t be believed, and without value, you won’t be invited to the business table.

    Business relationship management can be a role, a capability, or a practice – either way it’s essential to ensure it exists within your organization. Show that IT can be a trusted partner by showing the value that IT offers.

    Photo of Allison Straker, Research Director, CIO Practice, Info-Tech Research Group.

    Allison Straker
    Research Director, CIO Practice
    Info-Tech Research Group

    Your challenge: Why focus on business relationship management?

    Is IT saying this about business partners?

    I don’t know what my business needs and so we can’t add as much value as we’d like.

    My partners don’t give us the opportunity to provide new ideas to solve business problems

    My partners listen to third parties before they listen to IT.

    We’re too busy and don’t have the capacity to help my partners.

    Three stamps with the words 'Value', 'Innovation', and 'Advocacy'. Are business partners saying this about IT?

    IT does not create and deliver valuable services/solutions that resolve my business pain points.

    IT does not come to me with innovative solutions to my business problems/challenges/issues.

    IT blocks my efforts to drive the business forward using innovative technology solutions.

    IT does not advocate for my needs with the decision makers in the organization.

    Common obstacles

    While organizations realize they need to do better, they often don’t know how to improve.

    Organizations want to:
    • Understand and strategically align to business goals
    • Ensure stakeholders are satisfied
    • Show project value/success

    … these are all things that a mature business relationship can do to improve your organization.

    Key improvement areas identified by business leaders and IT leaders

    Bar chart comparing 'CXO' and 'CIO' responses to multiple areas one whether they need significant improvement or only some improvement. Areas in question are 'Understand Business Goals', 'Define and align IT strategy', 'Measure stakeholder satisfaction with IT', and 'Measure IT project success'. Source: CEO/CIO Alignment Diagnostic, N=446 organizations.

    Info-Tech’s approach

    BRMs who focus on achieving business value can improve organizational results.

    Visualization of a piggy bank labelled 'Business Value' with a person on a ladder labelled 'Strategic Tactical Operational' putting coins into the bank which are labelled 'External & internal views', 'Applied knowledge of the business', 'Strategic perspective', 'Trusted relationship', and 'Empathetic engagements “What’s in it for me/them?”'.

    Business relationships can take a strategic, tactical, or operational perspective.

    While all levels are needed, focus on a strategic perspective for optimal outcomes.

    Create business value through:

    • Applying your knowledge of the business so that conversations aren’t about what IT provides. Focus on what the overall business requires.
    • Ensuring your knowledge includes what is going on internally at your organization and also what occurs externally within and outside the industry (e.g. vendors, technologies used in similar industries or with similar customer interactions).
    • Discussing with the perspective of “what’s in it for [insert business partner here]” – don’t just present IT’s views.
    • Building a trusted strategic relationship – don’t just do well at the basics but also focus on the strategy that can move the organization to where it needs to be.

    Neither you nor your partners can view IT as separate from your overall business…

    …your IT goals need to be aligned with those of the overall business

    IT Maturity Pyramid with 'business goals' and 'IT goals' moving upward along its sides. It has five levels, 'unstable - Ad hoc – IT is too busy and the business is unsatisfied (too expensive, too long, not delivering on needs)', 'firefighter - Order taker – IT engaged on as-needed basis. IT unable to forecast demand to manage own resources', 'trusted operator - IT and business are not always sure of each other’s direction/priorities’, ‘business partner - IT understands and delivers on business needs', and 'innovator - Business and IT work together to achieve shared goals'.

    IT and other lines of business need to partner together – they are all part of the same overall business.

    Four puzzle pieces fitting together representing 'IT' and three other Lines of Business '(LOB)'

    <

    Why it’s important to establish a BRM program

    IT Benefits

    • Provides IT with a view of the lines of business they empower
    • Allows IT to be more proactive in providing solutions that help business partner teams
    • Allows IT to better manage their workload, as new requests can be prioritized and understood

    Business Benefits

    • Provides business teams with a view of the services that IT can help them with
    • Brings IT to the table with value-driven solutions
    • Creates an overall roadmap aligning both partners
    Ladder labelled 'Strategic Tactical Operational'.
    • Drive business value into the organization via innovative technology solutions.
    • Improve ability to meet and exceed business goals and objectives, resulting in more satisfied stakeholders (C-suite, board of directors).
    • Enhance ability to execute business activities to meet end-customer requirements and expectations, resulting in more satisfied customers.

    Increase your business benefits by moving up higher – from operational to tactical to strategic.

    Piggy bank labelled 'Business Value'.

    When IT understands the business, they provide better value

    Understanding all parties – including the business needs and context – is critical to effective business relationships.

    Establishing a focus on business relationship management is key to improving IT satisfaction.

    When business partners are satisfied that IT understands their needs, they have a higher perception of the value of overall IT

    Bar chart with axes 'Business satisfaction with IT understanding of needs' and 'Perception of IT value'. There is an upward trend.

    The relationship between the perception of IT value and business satisfaction is strong (r=0.89). Can you afford not to increase your understanding of business needs?

    (Source: Info-Tech Research Group diagnostic data/Business-Aligned IT Strategy blueprint (N=652 first-year organizations that completed the CIO Business Vision diagnostic))

    A tale of two IT partners

    Teleconference with an IT partner asking them to 'Tell me everything'.

    One IT partner approached their business partner without sufficient background knowledge to provide insights.

    The relationship was not strong and did not provide the business with the value they desired.

    Research your business and be prepared to apply your knowledge to be a better partner.

    Teleconference with an IT partner that approached with knowledge of your business and industry.

    The other IT partner approached with knowledge of the business and external parties (vendors, competitors, industry).

    The business partners received this positively. They invited the IT partners to meetings as they knew IT would bring value to their sessions.

    BRM success is measurable Measuring tape.

    1) Survey your stakeholders to measure improvements in customer satisfaction 2) Measure BRM success against the goals for the practice

    Business satisfaction survey

    • Audience: Business leaders
    • Frequency: Annual
    • Metrics:
      • Overall Satisfaction score
      • Overall Value score
      • Relationship Satisfaction:
        • Understand needs
        • Meet needs
        • Communication
    Two small tables showing example 'Value' and 'Satisfaction' scores. Dart board with five darts, each representing a goal, 'Demand Shaping', 'Value Realization', 'Servicing', 'Exploring', and 'Other Goal(s)'.
    Table with a breakdown of the example 'Satisfaction' score, with individual scores for 'Needs', 'Execution', and 'Communication'.

    Maturing your BRM practice is a journey

    Info-Tech has developed an approach that can be used by any organization to improve or successfully implement BRM. The same ladder as before with words 'Strategic', 'Tactical', 'Operational', and a person climbing on it. Become a Trusted Partner and Advisor
    KNOWLEDGE OF INDUSTRY

    STRATEGIC

    Value Creator and Innovator

    Strategic view of IT and the business with knowledge of the market and trends; a connector driving value-added services.

    KNOWLEDGE OF FUNCTIONS

    TACTICAL

    Influencer and Advocate

    Two-way voice between IT and business, understanding business processes and activities including IT touchpoints and growing tactical and strategic view of services and value.

    TABLE STAKES:
    COMMUNICATION
    SERVICE DELIVERY
    PROJECT DELIVERY

    OPERATIONAL

    Deliver

    Communication, service, and project delivery and fulfillment, initial engagement with and knowledge of the business.

    Foundation: Define and communicate the meaning and vision of BRM

    At each level, keep maturing your BRM practice

    ITPartnerWhat to do to move to the next level

    Strategic Partner

    Shared goals for maximizing value and shared risk and reward

    5

    Strategic view of IT and the business with knowledge of the market and trends; a connector driving value-added services.

    Value Creator and Innovator

    See partners as integral to business success and growth

    Focus on continuous learning and improvement.

    Trusted Advisor

    Cooperation based on mutual respect and understanding

    4

    Partners understand, work with, and help improve capabilities.

    Influencer and Advocate

    Sees IT as helpful and reliable

    Strategic: IT needs to demonstrate and apply knowledge of business, industry, and external influences.

    Service Provider

    Routine – innovation is a challenge

    3

    Two-way voice between IT and business; understanding business processes and activities including IT touchpoints and growing tactical and strategic view of services and value.

    Priorities set but still always falling behind.

    Views IT as helpful but they don’t provide guidance

    IT needs to excel in portfolio and transition management.

    Business needs to engage IT in strategy.

    Order Taker

    Distrust, reactive

    2

    Focuses on communication, service, and project delivery and fulfillment, initial engagement with and knowledge of the business.

    Delivery Service

    Engages with IT on an as-needed basis

    Improve Tactical: IT needs to demonstrate knowledge of the business they are in. IT to improve BRM and service management.

    Business needs to embrace BRM role and service management.

    Ad Hoc

    Loudest in, first out

    1

    Too busy doing the basics; in firefighter mode.

    Low satisfaction (cost, duration, quality)

    Improve Operational Behavior: IT to show value with “table stakes” – communication, service delivery, project delivery.

    IT needs to establish intake/demand management.


    Business to embrace a new way of approaching their partnership with IT.

    (Adapted from BRM Institute Maturity Model and Info-Tech’s own model)

    The Info-Tech path to implement BRM

    Use Info-Tech’s ASPIRe method to create a continuously improving BRM practice.

    Info-Tech's ASPIRe method visualized as a winding path. It begins with 'Role Definition', goes through many 'Role Refinements' and ends with 'Metrics'. The main steps to which the acronym refers are 'Assess', 'Situate', 'Plan', 'Implement', and 'Reassess & Embed'.

    Insight summary

    BRM is not just about communication, it’s about delivering on business value.

    Business relationship management isn’t just about having a pleasant relationship with stakeholders, nor is it about just delivering things they want. It’s about driving business value in everything that IT does and leveraging relationships with the business and IT, both within and outside your organization.

    Understand your current state to determine the best direction forward.

    Every organization will apply the BRM practice differently. Understand what’s needed within your organization to create the best fit.

    BRM is not just a communication conduit between IT and the business.

    When implemented properly, a BRM is a value creator, advocate, innovator, and influencer.

    The BRM role must be designed to match the maturity level of the IT organization and the business.

    Before you can create incremental business value, you must master the fundamentals of service and project delivery.

    Info-Tech Insight

    Knowledge of your current situation is only half the battle; knowledge of the business/industry is key.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Executive Buy-In and Communication Presentation Template

    Explain the need for the BRM practice and obtain buy-in from leadership and staff across the organization.

    Sample of Info-Tech's key deliverable, the Executive Buy-In and Communication Presentation Template.

    BRM Workbook

    Capture the thinking behind your organization’s BRM program.

    Sample of Info-Tech's BRM Workbook deliverable.

    BRM Stakeholder Engagement Plan Worksheet

    Worksheet to capture how the BRM practice will engage with stakeholders across the organization.

    Sample of Info-Tech's BRM Stakeholder Engagement Plan Worksheet deliverable.

    BRM Role Expectations Worksheet

    How business relationship management will be supported throughout the organization at a strategic, tactical, and operational level.

    Sample of Info-Tech's BRM Role Expectations Worksheet deliverable.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Phase 5

    Call #1: Discuss goals, current state, and an overview of BRM.

    Call #2: Examine business satisfaction and discuss results of SWOT.

    Call #3: Establish BRM mission, vision, and goals. Call #4: Develop guiding principles.

    Call #5: Establish the BRM operating model and role expectations.

    Call #6: Establish business value. Discuss stakeholders and engagement planning. Call #7: Develop metrics. Discuss portfolio management.

    Call #8: Develop a communication or rollout plan.

    Workshop Overview

    Complete the CIO-Business Vision diagnostic prior to the workshop.
    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Post-Workshop
    Activities
    Set the Foundation
    Assess & Situate
    Define the Operating Model
    Plan
    Define Engagement
    Implement
    Implement BRM
    Reassess
    Next steps and Wrap-Up (offsite)

    1.1 Discuss rationale and importance of business relationship management

    1.2 Review CIO BV results

    1.3 Conduct SWOT analysis (analyze strengths, weaknesses, opportunities, and threats)

    1.4 Establish BRM vision and mission

    1.5 Define objectives and goals for maturing the practice

    2.1 Create your list of guiding principles (optional)

    2.2 Define business value

    2.3. Establish the operating model for the BRM practice

    2.4 Define capabilities

    3.1. Identify key stakeholders

    3.2 Map, prioritize, and categorize the stakeholders

    3.4 Create an engagement plan

    4,1 Define metrics

    4.2 Identify remaining enablers/blockers for practice implementation

    4.3 Create roadmap

    4.4 Create communication plan

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. Summary of CIO Business Vision results
    2. Vision and list of objectives for the BRM program
    3. List of business and IT pain points
    1. BRM role descriptions, capabilities, and ownership definitions
    1. BRM reporting structure
    2. BRM engagement plans
    1. BRM communication plan
    2. BRM metrics tracking plan
    3. Action plan and next step
    1. Workshop Report

    ASSESS

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    To assess BRM, clarify what it means to you

    Who are BRM relationships with? Octopus holding icons with labels 'Tech Partners', 'Lines of Business', and 'External Partners'. The BRM has multiple arms/legs to ensure they’re aligned with multiple parties – the partners within the lines of business, external partners, and technology partners.
    What does a BRM do? Engage the right stakeholders – orchestrate key roles, resources, and capabilities to help stimulate, shape, and harvest business value.

    Connect partners (IT and other business) with the resources needed.

    Help stakeholders navigate the organization and find the best path to business value.

    Three figures performing different actions, labelled 'orchestrate', 'connect', and 'navigate'.
    What does a BRM focus on? Circle bisected at many random points to create areas of different colors with four color-coded circles surrounding it. Demand Shaping – Surfacing and shaping business demand
    Value Harvesting – Identifying ways to increase business value and providing insights
    Exploring – Rationalizing demand and reviewing new business, technology, and industry insights
    Servicing – Managing expectations and facilitating business strategy; business capability road mapping

    Determine what business relationship management is

    Many organizations face business dissatisfaction because they do not understand what the role of a BRM should be.

    A BRM Is NOT:
    • Order taker
    • Service desk
    • Project manager
    • Business analyst
    • Service delivery manager
    • Service owner
    • Change manager
    A BRM Is:
    • Value creator
    • Innovator
    • Trusted advisor
    • Strategic partner
    • Influencer
    • Business subject matter expert
    • Advocate for the business
    • Champion for business process improvement
    Business relationship management does not mean a go-between for the business and IT. Its focus should be on delivering VALUE and INNOVATIVE SOLUTIONS to the business.

    1.1 What is BRM?

    1 hour

    Input: Your preliminary thoughts and ideas on BRM

    Output: Themes summarizing what BRM will be at your organization

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Each team member will take a colored sticky note to capture what BRM is and what it isn’t.
    2. As a group, review and discuss the sticky notes.
    3. Group them into themes summarizing what BRM will be at your organization.
    4. Leverage the workbook to brainstorm the definition of BRM at your organization.
    5. Create a refined summary statement and capture it in the Executive Buy-In and Communication Template.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    It’s important to understand what the business thinks; ask them the right questions

    Leverage the CIO Business Vision Diagnostic to provide clarity on:
    • The organization’s view on satisfaction and importance of core IT services
    • Satisfaction across business priorities
    • IT’s capacity to meet business needs

    Contact your Account Representative to get started

    Sample of various scorecards from the CIO Business Vision Diagnostic.

    1.2 Use their responses to help guide your BRM program

    1 hour

    Input: CIO-Business Vision Diagnostic, Other business feedback

    Output: Summary of your partners’ view of the IT relationship

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: CIO, IT management team

    1. Complete the CIO Business Vision diagnostic.
    2. Analyze the findings from the Business Vision diagnostic or other business relationship and satisfaction surveys. Key areas to look at include:
      • Overall IT Satisfaction
      • IT Value
      • Relationship (Understands Needs, Communicates Effectively, Executes Requests, Trains Effectively)
      • Shadow IT
      • Capacity Needs
      • Business Objectives
    3. Capture the following on your analysis:
      • Success stories – what your business partners are satisfied with
      • Challenges – are the responses consistent across departments?
    4. Leverage the workbook to capture your findings the goals. Key highlights should be documented in the Executive Buy-In and Communication Template.

    Use the BRM Workbook to capture ideas

    Polish the goals in the Executive Buy-In and Communication Template

    Perform a SWOT analysis to explore internal and external business factors

    A SWOT analysis is a structured planning method organizations use to evaluate the effects of internal strengths and weaknesses and external opportunities and threats on a project or business venture.

    Why It Is Important

    • Business SWOT reveals internal and external trends that affect the business. You may uncover relevant information about the business that the other analysis methods did not reveal.
    • The organizational strengths or weaknesses will shed some light on implications that you might not have considered otherwise, such as brand perception or internal staff capability to change.

    Key Tips/Information

    • Although this activity is simple in theory, there is much value to be gained when performed effectively.
    • Focus on weaknesses that can cause a competitive disadvantage and strengths that can cause a competitive advantage.
    • Rank your opportunities and threats based on impact and probability.
    • Info-Tech members who have derived the most insights from a business SWOT analysis usually involved business stakeholders in the analysis.

    SWOT diagram split into four quadrants representing 'Strengths' at top left, 'Opportunities' at bottom left, 'Weaknesses' at top right, and 'Threats' at bottom right.

    Review these questions to help you conduct your SWOT analysis on the business

    Strengths (Internal)
    • What competitive advantage does your organization have?
    • What do you do better than anyone else?
    • What makes you unique (human resources, product offering, experience, etc.)?
    • Do you have location, price, cost, or quality advantages?
    • Does your organizational culture offer an advantage (hiring the best people, etc.)?
    • Do you have a high level of customer engagement or satisfaction?
    Weaknesses (Internal)
    • What areas of your business require improvement?
    • Are there gaps in capabilities?
    • Do you have financial vulnerabilities?
    • Are there leadership gaps (succession, poor management, etc.)?
    • Are there reputational issues?
    • Are there factors contributing to declining sales?
    Opportunities (External)
    • Are there market developments or new markets?
    • Are there industry or lifestyle trends (move to mobile, etc.)?
    • Are there geographical changes in the market?
    • Are there new partnerships or mergers and acquisitions (M&A) opportunities?
    • Are there seasonal factors that can be used to the advantage of the business?
    • Are there demographic changes that can be used to the advantage of the business?
    Threats (External)
    • Are there obstacles that the organization must face?
    • Are there issues with respect to sourcing of staff or technologies?
    • Are there changes in market demand?
    • Are your competitors making changes that you are not making?
    • Are there economic issues that could affect your business?

    1.3 Analyze internal and external business factors using a SWOT analysis

    1 hour

    Input: IT and business stakeholder expertise

    Output: Analysis of internal and external factors impacting the IT organization

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: CIO, IT management team

    1. Break the group into two teams:
      • Assign team A internal strengths and weaknesses.
      • Assign team B external opportunities and threats.
    2. Think about strengths, weaknesses, opportunities, and threats as they pertain to the IT-business relationship. Consider people, process, and technology elements.
    3. Have the teams brainstorm items that fit in their assigned grids. Use the prompt questions on the previous slide as guidance.
    4. Pick someone from each group to fill in the SWOT grid.
    5. Conduct a group discussion about the items on the list; identify implications for the BRM/IT.

    Capture in the BRM Workbook

    SITUATE

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    Your strategy informs your BRM program

    Your strategy is a critical input into your program. Extract critical components of your strategy and convert them into a set of actionable principles that will guide the selection of your operating model.

    Sample of Info-Tech's 'Build a Business-Aligned IT Strategy' blueprint.

    Vision, Mission & Principles Chevron pointing right.
    • Leverage your vision and mission statements that communicate aspirations and purpose for key information that can be turned into design principles.
    Business Goal Implications Chevron pointing right.
    • Implications are derived from your business goals and will provide important context about the way BRM needs to change to meet its overarching objectives.
    • Understand how those implications will change the way that work needs to be done – new capabilities, new roles, new modes of delivery, etc.
    Target-State Maturity Chevron pointing right.
    • Determine your target-state relationship maturity for your organization using the BRM goals that have been uncovered.

    Outline your mission and vision for your BRM practice

    If you don’t know where you’re trying to go, how do you know if you’ve arrived?

    Establish the vision of what your BRM practice will achieve.

    Your vision will paint a picture for your stakeholders, letting them know where you want to go with your BRM practice.

    Stock image of a hand painting on a large canvas.

    The vision will also help motivate and inspire your team members so they understand how they contribute to the organization.

    Your strategy must align with and support your organization’s strategy.

    Good Visions
    • Attainable – Aspirational but still within reach
    • Communicable – Easy to comprehend
    • Memorable – Not easily forgotten
    • Practical – Solid, realistic
    • Shared – Create a culture of shared ownership across the team/company
    When Visions Fail
    • Not Shared: Lack of buy-in, no alignment with stakeholders
    • Impractical: No plan or strategy to deliver on the vision
    • Unattainable: Set too far in the future
    • Forgettable: Not championed, not kept in mind
    (Source: UX Magazine, 2011)

    Derive the BRM vision statement

    Stock image of an easel with a bundle of paint brushes beside it. Begin the process of deriving the business relationship management vision statement by examining your business and user concerns. These are the problems your organization is trying to solve.
    Icon of one person asking another a question.
    Problem Statements
    First, ask what problems your organization hopes to solve.
    Icon of a magnifying glass on a box.
    Analysis
    Second, ask what success would look like when those problems were solved.
    Icon of two photos in quotes.
    Vision Statement
    Third, polish the answer into a short but meaningful phrase.

    Paint the picture for your team and stakeholders so that they align on what BRM will achieve.

    Vision statements demonstrate what your practice “aspires to be”

    Your vision statement communicates a desired future state of the BRM organization. The statement is expressed in the present tense. It seeks to articulate the desired role of business relationship management and how it will be perceived.

    Sample vision statements:

    • To be a trusted advisor and partner in enabling business innovation and growth through an engaged design practice.
    • The group will strive to become a world-class value center that is a catalyst for innovation.
    • Apple: “We believe that we are on the face of the earth to make great products and that’s not changing.” (Mission Statement Academy, May 2019.)
    • Coca-Cola: “To refresh the world in mind, body, and spirit, to inspire moments of optimism and happiness through our brands and actions, and to create value and make a difference.” (Mission Statement Academy, August 2019.)

    2.1 Vision generation

    1 hour

    Input: IT and business strategies

    Output: Vision statement

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review the goals and the sample vision statements provided on the previous slide.
    2. Brainstorm possible vision statements that can apply to your practice. Refer to the guidance provided on the previous page – ensure that it paints a picture for the reader to show the desired target state.
    3. Leverage the workbook to brainstorm the vision. Capture the refined statement in the Executive Buy-In and Communication Template.
    Strong vision statements have the following characteristics
    • Describe a desired future
    • Focus on ends, not means
    • Communicate promise
    • Concise, no unnecessary words
    • Compelling
    • Achievable
    • Inspirational
    • Memorable

    Use the BRM Workbook to capture ideas

    Polish the goals in the Executive Buy-In and Communication Template

    Create the mission statement from the problems and the vision statement

    Your mission demonstrates your current intent and the purpose driving you to achieve your vision.

    It reflects what the organization does for users/customers.

    The main word 'Analysis' is sandwiched between 'Goals and Problems' and 'Vision Statement', each with arrow pointing to the middle. Make sure the practice’s mission statement reflects answers to the questions below:

    The questions:

    • What does the organization do?
    • How does the organization do it?
    • For whom does the organization do it?
    • What value is the organization bringing?

    “A mission statement illustrates the purpose of the organization, what it does, and what it intends on achieving. Its main function is to provide direction to the organization and highlight what it needs to do to achieve its vision.” (Joel Klein, BizTank (in Hull, “Answer 4 questions to get a great mission statement.”))

    Sample mission statements

    To enhance the lives of our end users through our products so that our brand becomes synonymous with user-centricity.

    To enable innovative services that are seamless and enjoyable to our customers so that together we can inspire change.

    Apple’s mission statement: “To bring the best user experience to its customers through its innovative hardware, software, and services.” (Mission Statement Academy, May 2019.)

    Coca Cola’s mission statement: “To refresh the world in mind, body, and spirit, to inspire moments of optimism and happiness through our brands and actions, and to create value and make a difference.” (Mission Statement Academy, August 2019.)

    Tip: Using the “To … so that” format helps to keep your mission focused on the “why.”

    2.2 Develop your own mission statement

    1 hour

    Input: IT and business strategies, Vision

    Output: Mission statement

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review the goals and the vision statement generated in the previous activities.
    2. Brainstorm possible mission statements that can apply to your BRM practice. Capture this in your BRM workbook.
    3. Refine your mission statement. Refer to the guidance provided on the previous page – ensure that the mission provides “the why”. Document the refined mission statement in the Executive Buy-In and Communication Template.

    “People don't buy what you do; they buy why you do it and what you do simply proves what you believe.” (Sinek, Transcript of “How Great Leaders Inspire Action.”)

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    Areas that BRMs focus on include:

    Establish how much of these your practice will focus on.

    VALUE HARVESTING
    • Tracks and reviews performance
    • Identifies ways to increase business value
    • Provides insights on the results of business change/initiatives
    Circle bisected at many random points to create areas of different colors with four color-coded circles surrounding it. DEMAND SHAPING
    • Isn’t just demand/intake management
    • Surfaces and shapes business demand
    • Is influenced by knowledge of the overall business and external entities
    SERVICING
    • Coordinates resources
    • Manages expectations
    • Facilitates business strategy, business capability road-mapping, and portfolio and program management
    EXPLORING
    • Identifies and rationalizes demand
    • Reviews new business, technology, and industry insights
    • Identifies business value initiatives

    Establish what success means for your focus areas

    Brainstorm objectives and success areas for your BRM practice.

    Circle bisected at many random points to create areas of different colors with four color-coded circles surrounding it. VALUE HARVESTING
    Success may mean that you:
    • Understand the drivers and what the business needs to attain
    • Demonstrate focus on value in discussions
    • Ensure value is achieved, tracking it during and beyond deployment
    DEMAND SHAPING
    Success may mean that you:
    • Understand the business
    • Are engaged at business meetings (invited to the table)
    • Understand IT; communicate clarity around IT to the business
    • Help IT prioritize needs
    SERVICING
    Success may mean that you:
    • Understand IT services and service levels that are required
    • Provide clarity around services and communicate costs and risks
    EXPLORING
    Success may mean that you:
    • Surface new opportunities based on understanding of pain points and growth needs
    • Research and partner with others to further the business
    • Engage resources with a focus on the value to be delivered

    2.3 Establish BRM goals

    1 hour

    Input: Mission and vision statements

    Output: List of goals

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: CIO, IT management team, BRM team

    1. Use the previous slides as a starting point – review the focus areas and sample associated objectives.
    2. Determine if all apply to your role.
    3. Brainstorm the objectives for your BRM practice.
    4. Discuss and refine the objectives and goals until the team agrees on your starting set.
    5. Leverage the workbook to establish the goals. Capture refined goals in the Executive Buy-In and Communication Template.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    PLAN

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    Guiding principles help you focus the development of your practice

    Your guiding principles should define a set of loose rules that can be used to design your BRM practice to the specific needs of the organization and work that needs to be done.

    These rules will guide you through the establishment of your BRM practice and help you explain to your stakeholders the rationale behind organizing in a specific way.

    Sample Guiding Principles

    Principle Name

    Principle Statement

    Customer Focus We will prioritize internal and external customer perspectives
    External Trends We will monitor and liaise with external organizations to bring best practices and learnings into our own
    Organizational Span We embed relationship management across all levels of leadership in IT
    Role If the resource does not have a seat at the table, they are not performing the BRM role

    3.1 Establish guiding principles (optional activity)

    Input: Mission and vision statements

    Output: BRM guiding principles

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Think about strengths, weaknesses, opportunities, and threats as well as the overarching goals, mission, and vision.
    2. Identify a set of principles that the BRM practice should have. Guiding principles are shared, long-lasting beliefs that guide the use of business relationship management in your organization.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    Establish the BRM partner model and alignment

    Having the right model and support is just as important as having the right people.

    Gears with different BRM model terms: 'BRM Capabilities', 'BRM & Other Roles', 'Scope (pilot)', 'Operating Unit', 'BRM Expectations Across the organization', and 'Delivery & Support'.

    Don’t boil the ocean: Start small

    It may be useful to pilot the BRM practice with a small group within the organization – this gives you the opportunity to learn from the pilot and share best practices as you expand your BRM practice.

    You can leverage the pilot business unit’s feedback to help obtain buy-in from additional groups.

    Evaluate the approaches for your pilot:
    Work With an Engaged Business Unit
    Icon of a magnifying glass over a group of people.

    This approach can allow you to find a champion group and establish quick wins.

    Target Underperforming Area(s)
    Icon of an ambulance.

    This approach can allow you to establish significant wins, providing new opportunities for value.

    Target the Area(s) Driving the Most Business Value
    Icon of an arrow in a bullseye.

    Provide the largest positive impact on your portfolio’s ability to drive business value; for large strategic or transformative goals.

    Work Across a Single Business Process
    Icon of a process tree.

    This approach addresses a single business process or operation that exists across business units, departments, or locations. This, again, will allow you to limit the number of stakeholders.

    Leverage BRM goals to determine where the role fits within the organization

    Organization tree with a strategic BRM.

    Strategic BRMs are considered IT leaders, often reporting to the CIO.


    Organization tree with an operational BRM.

    In product-aligned organizations, the product owners will own the strategic business relationship from a product perspective (often across LOB), while BRMs will own the strategic role for the line(s) of businesses (often across products) that they hold a relationship with. The BRM role may be played by a product family leader.


    Organization tree with a BRM in a product-aligned organization.

    BRMs may take on a more operational function when they are embedded within another group, such as the PMO. This manifests in:

    • Accountability for projects and programs
    • BRM conversations around projects and programs rather than overall needs
    • Often, there is less focus on stimulating need, more about managing demand
    • This structure may be useful for smaller organizations or where organizations are piloting the relationship capability

    Use the IT structure and the business structure to determine how to align BRM and business partners. Many organizations ensure that each LOB has a designated BRM, but each BRM may work with multiple LOBs. Ensure your alignment provides an even and manageable distribution of work.

    Don’t be intimidated by those who play a significant role in relationship management

    Layers representing the BRM, BA, and Product Owner. Business Relationship Manager: Portfolio View
    • Ongoing with broader organization-wide objectives
    • A BRM’s strategic perspective is focused across projects and products
    The BRM will look holistically across a portfolio, rather than on specific projects or products. Their focus is ensuring value is delivered that impacts the overall organization. Multiple BRMs may be responsible for lines of businesses and ensure that products and project enable LOBs effectively.
    Business Analyst: Product or Project View
    • Works within a project or product
    • Accomplishes specific objectives within the project/product
    The BA tends to be involved in project work – to that end, they are often brought in a bit before a project begins to better understand the context. They also often remain after the project is complete to ensure project value is delivered. However, their main focus is on delivering the objectives within the project.
    Product Owner: Product View
    • Ongoing and strategic view of entire product, with product-specific objectives
    The Product Owner bridges the gap between the business and delivery to ensure their product continuously delivers value. Their focus is on the product.

    3.2 Establish the BRM’s place in the organizational structure

    Input: BRM goals, IT organizational structure, Business organizational structure

    Output: BRM operating model

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review the current organizational structure – both IT and overall business.
    2. Think about the maturity of the IT organization and what you and your partners will be able to support at this stage in the relationship or journey. Establish whether it is necessary to start with a pilot.
    3. Consider the reporting relationship that is required to support the desired maturity of your practice – who will your BRM function report into?
    4. Consider the distribution of work from your business partners. Establish which BRM is responsible for which partners.
    5. Document where the BRM fits in the organization in the Executive Buy-In and Communication Template.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    Align your titles to your business partners and ensure it demonstrates your strategic goals

    Some titles that may reflect alignment with your partners:
    • Business Capability Manager
    • Business Information Officer
    • Business Relationship Manager
    • Director, Technology Partner
    • IT Business Relationship Manager
    • People Relationship Manager
    • Relationship and Strategy Officer
    • Strategic Partnership Director
    • Technology Partner/People Partner/Finance Partner/etc.
    • Value Management Officer

    Support BRM team members might have “analyst” or “coordinator” as part of their titles.

    Caution when using these titles:
    • Account Manager (do you see your stakeholders as accounts or as partners?)
    • Customer Relationship Manager (do you see your stakeholders as customers or as partners?)
    • People Partner (differentiate your role from HR)

    Determine the expectations for your BRM role(s)

    Below are standard expectations from BRM job descriptions. Establish whether there are changes required for your organization.

    Act as a Relationship Manager
    • Build strong, collaborative relationships with business clients
    • Build strong, collaborative relationships with IT service owners
    • Track client satisfaction with services provided
    • Continuously improve, based on feedback from clients
    Communicate With Business Stakeholders
    • Ensure that effective communication occurs related to service delivery and project delivery (e.g. planned downtime, changes, open tickets)
    • Manage expectations of multiple business stakeholders
    • Provide a clear point of contact within IT for each business stakeholder
    • Act as a bridge between IT and the business
    Service Delivery

    Service delivery breaks out into three activities: service status, changes, and service desk tickets

    • Understand at a high level the services and technologies in use
    • Work with clients to plan and make sure they understand the relevance and impact of IT changes to their operations
    • Define, agree to, and report on key service metrics
    • Act as an escalation point for major issues with any aspect of service delivery
    • Work with service owners to develop and monitor service improvement plans
    Project/Product Delivery
    • Ensure that the project teams provide regular reports regarding project status, issues, and changes
    • Work with project managers and clients to ensure project requirements are well understood and documented and approved by all stakeholders
    • Ensure that the project teams provide key project metrics on a regular basis to all relevant stakeholders

    Determine role expectations (slide 2 of 3)

    Knowledge of the Business

    Understand the main business activities for each department:

    • Understand which IT services are required to complete each business activity
    • Understand business processes and associated business activities for each user group within a department
    Advocate for Your Business Clients
    • Act as an advocate for the client – be invested in client success
    • Understand the strategies and plans of the clients and help develop an IT strategic plan/roadmap that maps to business strategies
    • Help the business understand project governance processes
    • Help clients to develop proposals and advance them through the project intake and assessment process
    Influence Business and IT Stakeholders
    • Influence business and IT stakeholders at multiple levels of the organization to help clients achieve their business objectives
    • Leverage existing relationships to convince decision makers to move forward with business and IT initiatives that will benefit the department and the organization as a whole
    • Understand and solve issues and challenges such as differing agendas, political considerations, and resistance to change
    Knowledge of the Market
    • Understand the industry – trends, competition, future direction
    • Leverage what others are doing to bring innovative ideas to the organization
    • Understand what end customers expect with regards to IT services and bring this intelligence to business leaders and decision makers

    Determine role expectations (slide 3 of 3)

    Value Creator
    • Understand how services currently offered by IT can be put to best use and create value for the business
    • Work collaboratively with clients to define and prioritize technology initiatives (new or enhanced services) that will bring the most business benefit
    • Lead initiatives that help the business achieve or exceed business goals and objectives
    • Lead initiatives that create business value (increased revenue, lower costs, increased efficiency) for the organization
    Innovator
    • Lead initiatives that result in new and better ways of doing business
    • Identify opportunities for using IT in new and innovative ways to bring value to the business and drive the business forward
    • Leverage knowledge of the business, knowledge of the industry, and knowledge of leading-edge technological solutions to transform the way the business operates and provides services to its customers

    3.3 Establish BRM expectations

    Input: BRM goals

    Output: BRM expectations

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review the BRM expectations on the previous slides.
    2. Customize them – are they the appropriate set of expectations needed for your organization? What needs to be edited in or out?
    3. Add relevant expectations – what are the things that need to be done in the BRM practice at your organization?
    4. Leverage the workbook to brainstorm BRM expectations. Make sure you update them in the BRM Role Expectation Spreadsheet.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    Various roles and levels within your organization may have a part of the BRM pie

    Where the BRM sits will impact what they are able to get done.

    The BRM role is a strategic one, but other roles in the organization have a part to play in impacting IT-partner relationship.

    Some roles may have a more strategic focus, while others may have a more tactical or operational focus.

    3.4 Identify roles with BRM responsibilities

    Input: BRM goals

    Output: BRM-aligned roles

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Various roles can play a part in the BRM practice, managing business relationships. Which ones make sense in your organization, given the BRM goals?
    2. Identify the roles and capture in the BRM Role Expectation Spreadsheet. Use the Role Expectation Alignment tab, row 1.


    Download the Role Expectations Worksheet

    Determine the focus for each role that may manage business relationships

    Icon of a telescope. STRATEGIC Sets Direction: Focus of the activities is at the holistic, enterprise business level “relating to the identification of long-term or overall aims and interests and the means of achieving them” e.g. builds overarching relationships to enable and support the organization’s strategy; has strategic conversations
    Icon of a house in a location marker. TACTICAL Figures Out the How: Focuses on the tactics required to achieve the strategic focus “skillful in devising means to ends” e.g. builds relationships specific to tactics (projects, products, etc.)
    Icon of a gear cog with a checkmark. OPERATIONAL Executes on the Direction: Day-to-day operations; how things get done “relating to the routine functioning and activities of a business or organization” e.g. builds and leverages relationships to accomplish specific goals (within a project or product)

    3.5 Align BRM capabilities to roles

    Input: Current-state model, Business value matrix, Objectives and goals

    Output: BRM-aligned roles

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review each group of role expectations – Act as a Relationship Manager, Communicate with Business Stakeholders, etc. For each group, determine the focus each role can apply to it – strategic, tactical, or operational. Refer to the previous slide for examples.
    2. Capture on the spreadsheet:
      • S – This role is required to have a strategic view of the capabilities. They are accountable and set direction for this aspect of relationship management.
      • T – Indicate if the role is required to have a tactical view of the capabilities. This would include whether the role is required to figure out how the capabilities will be done; for example, is the role responsible for carrying out service management or are they just involved to ensure that that set of expectations are being performed?
      • O – Indicate if the role will have an operational view – are they the ones responsible for doing the work?
      • Note: In some organizations, a role may have more than one of these.
    3. The spreadsheet will highlight the cells in green if the role plays more of the strategic role, yellow for tactical, and brown for operational. This provides an overall visual of each role’s part in relationship management.
    4. (Optional) Review each detailed expectation within the group. Evaluate whether specific roles will have a different focus on the unique role expectations.

    Leverage the Role Expectations Worksheet

    Sample role expectation alignment

    Sample of a role expectation alignment table with expectation names and descriptions on the left and a matrix of which roles should have a Strategic (S), Tactical (T), or Operational (O) view of the capabilities.

    IMPLEMENT

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    Speak the same language as your partners: Business Value

    Business value represents the desired outcome from achieving business priorities.

    Value is not only about revenue or reduced expenses. Use this internal-external and capability-financial business value matrix to more holistically consider what is valuable to stakeholders.

    Improved Capabilities
    Enhance Services
    Products and services that enable business capabilities and improve an organization’s ability to perform its internal operations.
    Increase Customer Satisfaction
    Products and services that enable and improve the interaction with customers or produce practical market information and insights.
    Inward Outward
    Save Money
    Products and services that reduce overhead. They typically are less related to broad strategic vision or goals and more simply limit expenses that would occur had the product or service not put in place.
    Make money
    (Return on Investment)
    Products and services that are specifically related to the impact on an organization’s ability to create a return on investment.
    Financial Benefits

    Business Value Matrix Axes:

    Financial Benefits vs. Improved Capabilities
    • Improved capabilities refers to the enhancement of business capabilities and skill sets.
    • Financial Benefits refers to the degree in which the value source can be measured through monetary metrics and is often highly tangible.
    Inward vs. Outward Orientation
    • Inward refers to value sources that have an internal impact an organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from interactions with external factors, such as the market or your customers.

    4.1 Activity: Brainstorm sources of business value

    Input: Product and service knowledge, Business process knowledge

    Output: Understanding of different sources of business value

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Identify your key stakeholders. These individuals are the critical business strategic partners in the organization’s governing bodies.
    2. Brainstorm the different types of business value that the BRM practice can produce.
    3. Is the item more focused on improving capabilities or generating financial benefits?
    4. Is the item focused on the customers you serve or the IT team?
    5. Enter your value item into a cell on the Business Value Matrix based on where it falls on these axes.
    6. Start to think about metrics you can use to measure how effective the product or service is at generating the value source.
    Simplified version of the Business Value Matrix on the previous slide.

    Use the BRM Workbook to capture sources of business value

    Brainstorm the different sources of business value (continued)

    See appendix for more information on value drivers:
    Example:
    Enhance Services
    • Dashboards/IT Situational Awareness
    • Improve measurement of services for data-driven analytics that can improve services
    • Collaborate to support Enterprise Architecture
    • Approval for and support of new applications per customer demand
    • Provide consultation for IT issues
    Axis arrow with 'Improved Capabilities'.
    Axis arrow with 'Financial Benefits'.
    Reach Customers
    • Provide technology roadmaps for IT services and devices
    • Improved "PR" presence: websites, service catalog, etc.
    • Enhance customer experience
    • Faster Time-to-market delivering innovative technologies and current services
    Axis arrow with 'Inward'.Axis arrow with 'Outward'.
    Reduce Costs
    • Achieve better pricing through enterprise agreements for IT services that are duplicated across several orgs
    • Prioritization/ development of roadmap
    • Portfolio management / reduce duplication of services
    • Evolve resourcing strategies to integrate teams (e.g. do more with less)
    Return on Investment
    • Customer -focused dashboards
    • Encourage use of centralized services through external collaboration capabilities that fit multiple use cases
    • Devise strategies for measured/supported migration from older IT systems/software

    Implications of ineffective stakeholder management

    A stakeholder is any group or individual who is impacted by (or impacts) your objectives.

    Challenges with stakeholder management can result from a self-focused point of view. Avoid these challenges by taking on the other’s perspectives – what’s in it for them.

    The key objectives of stakeholder management are to improve outcomes, increase confidence, and enhance trust in IT.

    • Obtain commitment of executive management for IT-related objectives.
    • Enhance alignment between IT and the business.
    • Improve understanding of business requirements.
    • Improve implementation of technology to support business processes.
    • Enhance transparency of IT costs, risks, and benefits.

    Challenges

    • Stakeholders are missed or new stakeholders are identified too late.
    • IT has a tendency to only look for direct stakeholders. Indirect and hidden stakeholders are not considered.
    • Stakeholders may have conflicting priorities, different visions, and different needs. Keeping every stakeholder happy is impossible.
    • IT has a lack of business understanding and uses jargon and technical language that is not understood by stakeholders.

    Implications

    • Unanticipated stakeholders and negative changes in stakeholder sentiment can derail initiatives.
    • Direct stakeholders are identified, but unidentified indirect or hidden stakeholders cause a major impact to the initiative.
    • The CIO attempts to trade off competing agendas and ends up caught in the middle and pleasing no one.
    • There is a failure in understanding and communications, leading stakeholders to become disenchanted with IT.

    Cheat Sheet: Identify stakeholders

    Ask stakeholders “who else should I be talking to?” to discover additional stakeholders and ensure you don’t miss anyone.

    List the people who are identified through the following questions: Take a 360-degree view of potential internal and external stakeholders who might be impacted by the initiative.
    • Who will be adversely affected by potential environmental and social impacts in areas of influence that are affected by what you are doing?
    • At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)?
    • Will other stakeholders emerge as the phases are started and completed?
    • Who is sponsoring the initiative?
    • Who benefits from the initiative?
    • Who loses from the initiative?
    • Who can make approvals?
    • Who controls resources?
    • Who has specialist skills?
    • Who implements the changes?
    • Who are the owners, governors, customers, and suppliers to impacted capabilities or functions?

    Executives

    Peers

    Direct reports

    Partners

    Customers

    Stock image of a world.

    Subcontractors

    Suppliers

    Contractors

    Lobby groups

    Regulatory agencies

    Establish your stakeholder network “map”

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Your stakeholder map defines the influence landscape your BRM team operates in. It is every bit as important as the teams who enhance, support, and operate your products directly.

    Notes on the network map

    • Pay special attention to influencers who have many arrows; they are called “connectors,” and due to their diverse reach of influence, should themselves be treated as significant stakeholders.
    • Don’t forget to consider the through-lines from one influencer through intermediate stakeholders or influencers to the final stakeholder – a single influencer may have additional influence via multiple, possibly indirect paths to a single stakeholder.

    Legend for the example stakeholder network map below. 'Black arrows indicate the direction of professional influence'. 'Dashed green arrows indicate bidirectional, informal influence relationships'

    Example stakeholder network map visualizing relationships between different stakeholders.

    4.2 Visualize interrelationships among stakeholders to identify key influencers

    Input: List of stakeholders

    Output: Relationships among stakeholders and influencers

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. List direct stakeholders for your area. Ensure it includes stakeholders across the organization (both IT and business units).
    2. Determine the stakeholders of your stakeholders. Consider adding each of them to the stakeholder list: assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    3. Create a stakeholder network map to visualize relationships.
      • (Optional) Use black arrows to indicate the direction of professional influence.
      • (Optional) Use dashed green arrows to indicate bidirectional, informal influence relationships.
    4. Capture the list or diagram of your stakeholders in your workbook.

    Use the BRM Workbook to capture stakeholders

    Categorize your stakeholders with a stakeholder prioritization map

    A stakeholder prioritization map help teams categorize their stakeholders by their level or influence and ownership.

    There are four areas in the map and the stakeholders within each area should be treated differently.

    • Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical and a lack of support can cause significant impediment to the objectives.
    • Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
    • Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.
    • Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    Stakeholder prioritization map with axes 'Influence' and 'Ownership/Interest' splitting the map into four quadrants: 'Spectators Low/Low', 'Noisemakers Low/High', 'Mediators High/Low', and 'Players High/High'.

    4.3 Group your stakeholders into categories

    Input: Stakeholder Map

    Output: Categorization of stakeholders and influencers

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Identify your stakeholder’s interest in and influence on your BRM program.
    2. Map your results to the quadrant in your workbook to determine each stakeholder’s category.

    Stakeholder prioritization map with example 'Stakeholders' placed in or across the four quadrants.

    Level of Influence

    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.

    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Use the BRM Workbook to map your stakeholders

    Define strategies for engaging stakeholders by type

    Each group of stakeholders draws attention and resources away from critical tasks.

    By properly identifying your stakeholder groups, you can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of the Mediators and Players are met.

    Type Quadrant Actions
    Players High influence; high interest Actively Engage
    Keep them engaged through continuous involvement. Maintain their interest by demonstrating their value to its success.
    Mediators High influence; low interest Keep Satisfied
    They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust, and include them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence; high interest Keep Informed
    Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence; low interest Monitor
    They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Apply a third dimension for stakeholder prioritization: support.

    Support, in addition to interest and influence, is used to prioritize which stakeholders are should receive the focus of your attention. This table indicates how stakeholders are ranked:

    Table with 'Stakeholder Categories' and their 'Level of Support' for prioritizing. Support levels are 'Supporter', 'Evangelist', 'Neutral', and 'Blocker'.

    Support can be determined by rating the following question: how likely is it that your stakeholder would recommend IT at your organization/your group? Our four categories of support:

    • Blocker – beware of the blocker. These stakeholders do not support your cause and have the necessary drive to impede the achievement of your objectives.
    • Semi-Supporter – while these stakeholders are committed to your objectives, they are somewhat apathetic to advocate on your behalf. They will support you so long as it does not require much effort from them to do so.
    • Neutral – neutrals do not have much commitment to your objectives and are not willing to expend much energy to either support or detract from them.
    • Supporter – these stakeholders are committed to your initiative and are willing to whole-heartedly provide you with support.

    4.4 Update your stakeholder quadrant to include the three dimensions

    Input: Stakeholder Map

    Output: Categorization of stakeholders and influencers

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Identify the level of support of each stakeholder by answering the following question: how likely is it that your stakeholder would support your initiative/endeavor?
    2. Map your results to the model in your workbook to determine each stakeholder’s category.
    Stakeholder prioritization map with example 'Persons' placed in or across the four quadrants. with The third dimension, 'Level of Support', is color-coded.

    Use the BRM Workbook to map your stakeholders

    Leverage your map to think about how to engage with your stakeholders

    Not all stakeholders are equal, nor can they all be treated the same. Your stakeholder quadrant highlights areas where you may need to engage differently.

    Blockers

    Pay attention to your “blockers,” especially those that appear in the high influence and high interest part of the quadrant. Consider how your engagement with them varies from supporters in this quadrant. Consider what is valuable to these stakeholders and focus your conversations on “what’s in this for them.”

    Neutral & Evangelists

    Stakeholders that are neutral or evangelists do not require as much attention as blockers and supporters, but they still can’t be ignored – especially those who are players (high influence and engagement). Focus on what’s in it for them to move them to become supporters.

    Supporters

    Do not neglect supporters – continue to engage with them to ensure that they remain supporters. Focus on the supporters that are influential and impacted, rather than the “spectators.”

    4.5 Create your engagement plan

    Input: Stakeholder Map/list of stakeholders

    Output: Categorization of stakeholders and influencers

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Leverage the BRM Stakeholder Engagement Plan spreadsheet. List your key stakeholders.
    2. Consider: how do you show value at your current maturity level so that you can gain trust and your relationship can mature? Establish where your relationship lacks maturity, and consider whether you need to engage with them on a more strategic, tactical, or even operational manner.
      • At lower levels of maturity (Table Stakes), focus on service delivery, project delivery, and communication.
      • At mid-level maturity (Influencer/Advocate), focus on business pain points and a deeper knowledge of the business.
      • At higher maturity levels (Value Creator/Innovator), focus on creating value by leading innovative initiatives that drive the business forward.
    3. Review the stakeholder quadrant. Update the frequency of your communication accordingly.
    4. Capture the agenda for your engagements with them.

    Download and use the BRM Stakeholder Engagement Plan

    Your agenda should vary with the maturity of your relationship

    Agenda
    Stakeholder Information Type Meeting Frequency Lower Maturity Mid-Level Maturity Higher Maturity
    VP Strategic Quarterly
    • Summary of current and upcoming projects and initiatives
    • Business pain points for the department
    • Proposed solutions to address business pain points
    • Innovative solutions to improve business processes and drive value for the department and the organization
    Director Strategic, Tactical Monthly
    • Summary of recent and upcoming changes
    • Summary of current and upcoming projects and initiatives
    • Business pain points for the department
    • Proposed business process improvements
    • Current and upcoming project proposals to address business pain points
    • Innovative solutions to help the department achieve its business goals and objectives
    Manager Tactical Monthly
    • Summary of service desk tickets
    • Summary of recent and upcoming changes
    • Summary of current and upcoming projects and initiatives
    • Business pain points for the team
    • Proposed business activity improvements
    • Current and upcoming projects to address business pain points
    • Innovative solutions to help business users perform their daily business activities more effectively and efficiently

    Lower Maturity – Focus on service delivery, project delivery, and communication

    Mid-Level Maturity – Focus on business pain points and a deeper knowledge of the business

    Higher Maturity – Focus on creating value by leading innovative initiatives that drive the business forward

    Stakeholder – Include both IT and business stakeholders at appropriate levels

    Agenda – Manage stakeholders expectations, and clarify how your agenda will progress as the partnership matures

    REASSESS & EMBED

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    Measure your BRM practice success

    • Metrics are powerful because they drive behavior.
    • Metrics are also dangerous because they often lead to unintended negative outcomes.
    • Metrics should be chosen carefully to avoid getting “what you asked for” instead of “what you intended.”

    Stock image of multiple business people running off the end of a pointed finger like lemmings.

    Questions to ask Are your metrics achievable?
    1. What are the leading indicators of BRM effectively supporting the business’ strategic direction?
    2. How are success metrics aligned with the objectives of other functional groups?

    S pecific

    M easurable

    A chievable

    R ealistic

    T ime-bound

    Embedding the BRM practice within your organization must be grounded in achievable outcomes.

    Ensure that the metrics your practice is measured against reflect realistic and tangible business expectations. Overpromising the impact the practice will have can lead to long-term implementation challenges.

    Determine whether your business is satisfied with IT

    Measuring tape.

    1

    Survey your stakeholders to measure improvements in customer satisfaction.

    Leverage the CIO Business Vision on a regular interval – most find that annual assessments drive success.

    Evaluate whether the addition or increased maturity of your BRM practice has improved satisfaction with IT.

    Business satisfaction survey

    • Audience: Business leaders
    • Frequency: Annual
    • Metrics:
      • Overall Satisfaction score
      • Overall Value score
      • Relationship Satisfaction:
        • Understand needs
        • Meet needs
        • Communication
    Two small tables showing example 'Value' and 'Satisfaction' scores.
    Table with a breakdown of the example 'Satisfaction' score, with individual scores for 'Needs', 'Execution', and 'Communication'.

    Check if you’ve met the BRM goals you set out to achieve

    Measuring tape.

    2

    Measure BRM success against the goals for the practice.

    Evaluate whether the BRM practice has helped IT to meet the goals that you’ve established.

    For each of your goals, create metrics to establish how you will know if you’ve been successful. This might be how many or what type of interactions you have with your stakeholders, and/or it could be new connections with internal or external partners.

    Ensure you have established metrics to measure success at your goals.

    Dart board with five darts, each representing a goal, 'Demand Shaping', 'Value Realization', 'Servicing', 'Exploring', and 'Other Goal(s)'.

    5.1 Create metrics

    Input: Goals, The attributes which can align to goal success

    Output: Measurements of success

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Start with a consideration of your goals and objectives.
    2. Identify key aspects that can support confirming if the goal was successful.
    3. For each aspect, develop a method to measure success with a specific measurement.
    4. When creating the KPI consider:
      • How you know if you are achieving your objective (performance)?
      • How frequently will you be measuring this?
      • Are you looking for an increase, decrease, or maintenance of the metric?
    Table with columns 'BRM Goals', 'Measurement', 'KPI', and 'Frequency'.

    Use the BRM Workbook

    Don’t wait all year to find out if you’re on track

    Leverage the below questions to quickly poll your business partners on a more frequent basis.

    Partner instructions:

    Please indicate how much you agree with each of the following statements. Use a scale of 1-5, where 1 is low agreement and 5 indicates strong agreement:

    Demand Shaping: My BRM is at the table and seeks to understand my business. They help me understand IT and helps IT prioritize my needs.

    Exploring: My BRM surfaces new opportunities based on their understanding of my pain points and growth needs. They engage resources with a focus on the value to be delivered.

    Servicing: The BRM obtains an understanding of the services and service levels that are required, clarifies them, and communicates costs and risks.

    Value Harvesting: Focus on value is evident in discussions – the BRM supports IT in ensuring value realization is achieved and tracks value during and beyond deployment.

    Embedding the BRM practice also includes acknowledging the BRM’s part in balancing the IT portfolio

    IT needs to juggle “keeping the lights on” initiatives with those required to add value to the organization.

    Partner with the appropriate resources (Project Management Office, Product Owners, System Owners, and/or others as appropriate within your organization) to ensure that all initiatives focus on value.

    Info-Tech Insight

    Not every organization will balance their portfolio in the same way. Some organizations have higher risk tolerance and so their higher priority goals may require that they accept more risk to potentially reap more returns.

    Stock image of a man juggling business symbols.

    80% of organizations feel their portfolios are dominated by low-value initiatives that do not deliver value to the business. (Source: Stage-Gate International and Product Development Institute, March/April 2009)

    All new requests are not the same; establish a process for intake and manage expectations and IT’s capacity to deliver value.

    Ensure you communicate your process to support new ideas with your stakeholders. They’ll be clear on the steps to bring new initiatives into IT and will understand and be engaged in the process to demonstrate value.

    Flowchart for an example intake process.

    For support creating your intake process, go to Optimize Project Intake, Approval and Prioritization Sample of Info-Tech's Optimize Project Intake, Approval and Prioritization.

    Use value as your criteria to evaluate initiatives

    Work with project managers to ensure that all projects are executed in a way that meets business expectations.

    Sample of Info-Tech’s Project Value Scorecard Development Tool.

    Download Info-Tech’s Project Value Scorecard Development Tool.

    Enter risk/compliance criteria under operational alignment: projects must be aligned with the operational goals of the business and IT.

    Business value matrix.

    Enter these criteria under strategic alignment: projects must be aligned with the strategic goals of the business, customer, and IT.
    Enter financial criteria under financial: projects must realize monetary benefits, in increased revenue or decreased costs, while posing as little risk of cost overrun as possible.
    And don’t forget about feasibility: practical considerations for projects must be taken into account in selecting projects.

    5.2 Prioritize your investments/ projects (optional activity)

    Input: Value criteria

    Output: Prioritized project listing

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review and edit (if necessary) the criteria on tab 2 the Project Value Scorecard Development Tool.
      Screenshot from tab 2 of Info-Tech’s Project Value Scorecard Development Tool.
    2. Score initiatives and investments on tab 3 using your criteria.
      Screenshot from tab 3 of Info-Tech’s Project Value Scorecard Development Tool.
    Download Info-Tech’s Project Value Scorecard Development Tool.

    Visualize where investments add value through an initiative portfolio map

    An initiative portfolio map is a graphic visualization of strategic initiatives overlaid on a business capability map.

    Leverage the initiative portfolio map to communicate the value of what IT is working on to your stakeholders.

    Info-Tech Insight

    Projects will often impact one or more capabilities. As such, your portfolio map will help you identify cross-dependencies when scaling up or scaling down initiatives.

    Example initiative portfolio map


    Example initiative portfolio map with initiatives in categories like 'Marketing Strategy' and 'Brand Mgmt.'. Certain groups of initiatives have labels detailing when they achieve collectively.

    5.3 Create a portfolio investment map (optional activity)

    Input: Business capability map

    Output: Portfolio investment map

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Build a capability map, outlining the value streams that support your organization’s goals and the high-level capabilities (level 1) that support the value stream (and goals).
      For more support in establishing the capability map, see Document Your Business Architecture.
      Example table for outlining 'Value Streams' and 'Level 1 Capabilities' through 'Goals'.
    2. Identify high-value capabilities for the organization.
    3. What are the projects and initiatives that will address the critical capabilities? Add these under the high-value capabilities.
    4. This process will help you demonstrate how projects align to business goals. Enter your capabilities and projects in Info-Tech’s Initiative Portfolio Map Template.
    Download Info-Tech’s Initiative Portfolio Map Template.

    Establish your annual BRM plan

    To support the BRM capability at your organization, you’ll want to communicate your plan. This will include:
    • Business Feedback and Engagement
      • Engaging with your partners includes meeting with them on a regular basis. Establish this frequency and capture it in your plan. This engagement must include an understanding of their goals and challenges.
      • As Bill Gates said, “We all need people who will give us feedback. That’s how we improve” (Inc.com, 2013). There are various points in the year which will provide you with the opportunity to understand your business partners’ views of IT or the BRM role. List the opportunities to reflect on this feedback in your plan.
    • Business-IT Alignment
      • Bring together the views and perspectives of IT and the business.
      • List the activities that will be required to reflect business goals in IT. These include IT goals, budget, and planning.
    • BRM Improvement
      • The practices put in place to support the BRM practice need to continuously evolve to support a maturing organization. The feedback from stakeholders throughout the organization will provide input into this. Ensure there are activities and time put aside to evaluate the improvements required.
    Stock image of someone discovering a calendar in a jungle with a magnifying glass.

    5.4 Establish your year-in-the-life plan

    Input: Engagement plan, BRM goals

    Output: Annual BRM plan

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Start with your business planning activities – what will you as a BRM be doing as your business establishes their plans and strategies? These could include:
      • Listening and feedback sessions
      • Third-party explorations
    2. Then look at your activities required to integrate within IT – what activities are required to align business directives within your IT groups? Examples can include:
      • Business strategy review
      • Capability map creation
      • Input into the Business-aligned IT strategy
      • IT budget input
    3. What activities are required to continuously improve the BRM role? This may consist of:
      • Feedback discussions with business partners
      • Roadshow with colleagues to communicate and refine the practice
    4. Map these on your annual calendar that can be shared with your colleagues.
    Capture in the BRM Workbook

    Communicate using the Executive Buy-In and Communication Template

    Sample of a slide titled 'BRM Annual Cycle'.

    Sample BRM annual cycle

    Sample BRM annual cycle with row headers 'Business Feedback and Engagement', 'Business-IT Alignment', and 'BRM Improvement' mapped across a Q1 to Q4 timeline with individual tasks in each category.

    5.5 Build your transformation roadmap

    Input: SWOT analysis

    Output: Transformation roadmap

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Brainstorm and discuss the key enablers that are needed to help promote and ease your BRM program.
    2. Brainstorm and discuss the key blockers (or risks) that may interrupt or derail your BRM program.
    3. Brainstorm mitigation activities for each blocker.
    4. Enablers and mitigation activities can be listed on your transformation roadmap.

    Example:

    Enablers

    • High business engagement and buy-in
    • Supportive BRM leadership
    • Organizational acceptance for change
    • Development process awareness by development teams
    • Collaborative culture
    • Existing tools can be customized for BRM

    Blockers

    • Pockets of management resistance
    • Significant time is required to implement BRM and train resources
    • Geographically distributed resources
    • Difficulty injecting customers in demos

    Mitigation

    • BRM workshop training with all teams and stakeholders to level set expectations
    • Limit the scope for pilot project to allow time to learn
    • Temporarily collocate all resources and acquire virtual communication technology

    Capture in the BRM Workbook

    5.5 Build your transformation roadmap (cont’d)

    1. Roadmap Elements:
      • List the artifacts, changes, or actions needed to implement the new BRM program.
      • For each item, identify how long it will take to implement or change by moving it into the appropriate swim lane. Use timing that makes sense for your organization: Quick Wins, Short Term, and Long Term; Now, Next, and Later; or Q1, Q2, Q3, and Q4.

    Example transformation roadmap with BRM programs arranged in columns 'Now', 'Next (3-6 months)', 'Later (6+ months)', and 'Deferred'.

    Communicate the BRM changes to set your practice up for success

    Leaders of successful change spend considerable time developing a powerful change message, i.e. a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

    The change message should:

    • Explain why the change is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed.
    • Explain how change will be implemented.
    • Address how change will affect various roles in the organization.
    • Discuss the staff’s role in making the change successful.
    Five elements of communicating change
    Diagram titled 'COMMUNICATING THE CHANGE' surrounded by useful questions: 'What is the change?', 'What will the role be for each department and individual?', 'Why are we doing it?', 'How long will it take us to do it?', and 'How are we going to go about it?'.
    (Source: The Qualities of Leadership: Leading Change)

    Apply the following communication principles to make your BRM changes relevant to stakeholders

    “We tend to use a lot of jargon in our discussions, and that is a sure fire way to turn people away. We realized the message wasn’t getting out because the audience wasn’t speaking the same language. You have to take it down to the next level and help them understand where the needs are.” (Jeremy Clement, Director of Finance, College of Charleston, Info-Tech Interview, 2018)

    Be Relevant

    • Talk about what matters to the stakeholder. Think: “what’s in it for them?
    • Tailor the details of the message to each stakeholder’s specific concerns.
    • Often we think in processes but stakeholders only care about results: talk in terms of results.

    Be Clear

    • Don’t use jargon.
    • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”

    Be Concise

    • Keep communication short and to the point so key messages are not lost in the noise.
    • There is a risk of diluting your key message if you include too many other details.

    Be Consistent

    • The core message must be consistent regardless of audience, channel, or medium. A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.
    • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.

    5.6 Create a communications plan tailored to each of your stakeholders

    Input: Prioritized list of stakeholders

    Output: Communication Plan

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. List stakeholders in order of importance in the first column.
    2. Identify the frequency with which you will communicate to each group.
    3. Determine the scope of the communication:
      • What key information needs to be included in the message to ensure they are informed and on board?
      • Which medium(s) will you use to communicate to that specific group?
    4. Develop a concrete timeline that will be followed to ensure that support is maintained from the key stakeholders.

    Audience

    All BRM Staff

    Purpose

    • Introduce and explain operating model
    • Communicate structural changes

    Communication Type

    • Team Meeting

    Communicator

    CIO

    Timing

    • Sept 1 – Introduce new structure
    • Sept 15 – TBD
    • Sept 29 – TBD

    Related Blueprints

    Business Value
    Service Catalog
    Intake Management
    Sample of Info-Tech's 'Document Your Business Architecture' blueprint.
    Sample of Info-Tech's 'Design and Build a User-Facing Service Catalog' blueprint.
    Sample of Info-Tech's 'Manage Stakeholder Relations' blueprint.
    Sample of Info-Tech's 'Document Business Goals and Capabilities for Your IT Strategy' blueprint.
    Sample of Info-Tech's 'Fix Your IT Culture' blueprint.

    Selected Bibliography

    “Apple Mission and Vision Analysis.” Mission Statement Academy, 23 May 2019. Accessed 5 November 2020.

    Barnes, Aaron. “Business Relationship Manager and Plan Build Run.” BRM Institute, 8 April 2014.

    Barnes, Aaron. “Starting a BRM Team - Business Relationship Management Institute.” BRM Institute, 5 June 2013. Web.

    BRM Institute. “Business Partner Maturity Model.” Member Templates and Examples, Online Campus, n.d. Accessed 3 December 2021.

    BRM Institute. “BRM Assessment Templates and Examples.” Member Templates and Examples, Online Campus, n.d. Accessed 24 November 2021.

    Brusnahan, Jim, et al. “A Perfect Union: BRM and Agile Development and Delivery.” BRM Institute, 8 December 2020. Web.

    Business Relationship Management: The BRMP Guide to the BRM Body of Knowledge. Second printing ed., BRM Institute, 2014.

    Chapman, Chuck. “Building a Culture of Trust - Remote Leadership Institute.” Remote Leadership Institute, 10 August 2021. Accessed 27 January 2022.

    “Coca Cola Mission and Vision Analysis.” Mission Statement Academy, 4 August 2019. Accessed 5 November 2020.

    Colville, Alan. “Shared Vision.” UX Magazine, 31 October 2011. Web.

    Cooper, Robert, G. “Effective Gating: Make product innovation more productive by using gates with teeth.” Stage-Gate International and Product Development Institute, March/April 2009. Web.

    Heller, Martha. “How CIOs Can Make Business Relationship Management (BRM) Work.” CIO, 1 November 2016. Accessed 27 January 2022.

    “How Many Business Relationship Managers Should You Have.” BRM Institute, 20 March 2013. Web.

    Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 January 2013. Web.

    Kasperkevic, Jana. “Bill Gates: Good Feedback Is the Key to Improvement.” Inc.com, 17 May 2013. Web.

    Merlyn, Vaughan. “Relationships That Matter to the BRM.” BRM Institute, 19 October 2016. Web.

    “Modernizing IT’s Business Relationship Manager Role.” The Hackett Group, 22 November 2019. Web.

    Monroe, Aaron. “BRMs in a SAFe World...That Is, a Scaled Agile Framework Model.” BRM Institute, 5 January 2021. Web.

    Selected Bibliography

    “Operational, adj." OED Online, Oxford University Press, December 2021. Accessed 29 January 2022.

    Sinek, Simon. “Transcript of ‘How Great Leaders Inspire Action.’” TEDxPuget Sound, September 2009. Accessed 7 November 2020.

    “Strategic, Adj. and n.” OED Online, Oxford University Press, December 2016. Accessed 27 January 2022.

    “Tactical, Adj.” OED Online, Oxford University Press, September 2018. Accessed 27 January 2022.

    “The Qualities of Leadership: Leading Change.” Cornelius & Associates, 23 September 2013. Web.

    “Twice the Business Value in Half the Time: When Agile Methods Meet the Business Relationship Management Role.” BRM Institute, 10 April 2015. Web.

    “Value Streams.” Scaled Agile Framework, 30 June 2020. Web.

    Ward, John. “Delivering Value from Information Systems and Technology Investments: Learning from Success.” Information Systems Research Centre, August 2006. Web.

    Appendix

    • Business Value Drivers
    • Service Blueprint
    • Stakeholder Communications
    • Job Descriptions

    Understand business value drivers for ROI and cost

    Make Money

    This value driver is specifically related to the impact a product or service has on your organization’s ability to show value for the investments. This is usually linked to the value for money for an organization.

    Return on Investment can be derived from:

    • Sustaining or increasing funding.
    • Enabling data monetization.
    • Improving the revenue generation of an existing service.
    • Preventing the loss of a funding stream.

    Be aware of the difference among your products and services that enable a revenue source and those which facilitate the flow of funding.

    Save Money

    This value driver relates to the impact of a product or service on cost and budgetary constraints.

    Reduce costs value can be derived from:

    • Reducing the cost to provide an existing product or service.
    • Replacing a costly product or service with a less costly alternative.
    • Bundling and reusing products or services to reduce overhead.
    • Expanding the use of shared services to generate more value for the cost of existing investment.
    • Reducing costs through improved effectiveness and reduction of waste.

    Budgetary pressures tied to critical strategic priorities may defer or delay implementation of initiatives and revision of existing products and services.

    Understand Business Value Drivers that Enhance Your Services

    Operations

    Some products and services are in place to facilitate and support the structure of the organization. These vary depending on what is important to your organization, but should be assessed in relation to the organizational culture and structure you have identified.

    • Adds or improves effectiveness for a particular service or the process and technology enabling its success.

    Risk and Compliance

    A product or service may be required in order to meet a regulatory requirement. In these cases, you need to be aware of the organizational risk of NOT implementing or maintaining a service in relation to those risks.

    In this case, the product or service is required in order to:

    • Prevent fines.
    • Allow the organization to operate within a specific jurisdiction.
    • Remediate audit gaps.
    • Provide information required to validate compliance.

    Internal Information

    Understanding internal operations is also critical for many organizations. Data captured through your operations provides critical insights that support efficiency, productivity, and many other strategic goals.

    Internal information value can be derived by:

    • Identifying areas of improvement in the development of core offerings.
    • Monitoring and tracking employee behavior and productivity.
    • Monitoring resource levels.
    • Monitoring inventory levels.

    Collaboration and Knowledge Transfer

    Communication is integral and products and services can be the link that ties your organization together.

    In this case, the value generated from products and services can be to:

    • Align different departments and multiple locations.
    • Enable collaboration.
    • Capture trade secrets and facilitate organizational learning.

    Understand Business Value Drivers that Connect the Business to Your Customers

    Policy

    Products and services can also be assessed in relation to whether they enable and support the required policies of the organization. Policies identify and reinforce required processes, organizational culture, and core values.

    Policy value can be derived from:

    • The service or initiative will produce outcomes in line with our core organizational values.
    • It will enable or improve adherence and/or compliance to policies within the organization.

    Customer Relations

    Products and services are often designed to facilitate goals of customer relations; specifically, improve satisfaction, retention, loyalty, etc. This value type is most closely linked to brand management and how a product or service can help execute brand strategy. Customers, in this sense, can also include any stakeholders who consume core offerings.

    Customer satisfaction value can be derived from:

    • Improving the customer experience.
    • Resolving a customer issue or identified pain point.
    • Providing a competitive advantage for your customers.
    • Helping to retain customers or prevent them from leaving.

    Market Information

    Understanding demand and market trends is a core driver for all organizations. Data provided through understanding the ways, times, and reasons that consumers use your services is a key driver for growth and stability.

    Market information value can be achieved when an app:

    • Addresses strategic opportunities or threats identified through analyzing trends.
    • Prevents failures due to lack of capacity to meet demand.
    • Connects resources to external sources to enable learning and growth within the organization.

    Market Share

    Market share represents the percentage of a market or market segment that your business controls. In essence, market share can be viewed as the potential for more or new revenue sources.

    Assess the impact on market share. Does the product or service:

    • Increase your market share?
    • Open access to a new market?
    • Help you maintain your market share?

    Service Blueprint

    Service design involves an examination of the people, process and technology involved in delivering a service to your customers.

    Service blueprinting provides a visual of how these are connected together. It enables you to identify and collaborate on improvements to an existing service.

    The main components of a service blueprint are:

    Customer actions – this anchors the service in the experiences of the customer

    Front-stage – this shows the parts of the service that are visible to the customer

    Back-stage – this is the behind-the-scenes actions necessary to deliver the experience to the customer

    Support processes – this is what’s necessary to deliver the back-stage (and front-stage/customer experience), but is not aligned from a timing perspective (e.g. it doesn’t matter if the fridge is stocked when the order is put in, as long as the supplies are available for the chef to use)

    Example service blueprint with the main components listed above as row headers.

    Physical Evidence and Time are blueprint components can be added in to provide additional context & support

    Example service blueprint with the main components plus added components 'Physical Evidence' and 'Time'.

    Stakeholder Communications

    Personalize
    • “What’s in it for me” & Persona development – understanding what the concerns are from the community that you will want to communicate about
    • Get to know the cultures of each persona to identify how they communicate. For the faculty, Teams might not be the answer, but faculty meetings might be, or sending messages via email. Each persona group may have unique/different needs
    • Meet them “where they are”: Be prepared to provide 5-minute updates (with “what’s in it for me” and personas in mind) at department meetings in cases where other communications (Teams etc.) aren’t reaching the community
    • Review the business vision diagnostic report to understand what’s important to each community group and what their concerns are with IT. Definitely review the comments that users have written.
    Show Proof
    • Share success stories tailored to users needs – e.g. if they have a concern with security, and IT implemented a new secure system to better meet their needs, then telling them about the success is helpful – shows that you’re listening and have responded to meet their concerns. Demonstrates how interacting with IT has led to positive results. People can more easily relate to stories

    Reference
    • Consider establishing a repository (private/unlisted YouTube channel, Teams, etc.) so that the community can search to view the tip/trick they need
    • Short videos are great to provide a snippet of the information you want to share
    Responses
    • Engage in 2-way communications – it’s about the messages IT wants to convey AND the messages you want them to convey to you. This helps to ensure that your messages aren’t just heard but are understood/resonate.
    • Let people know how they should communicate with IT – whether it’s engaging through Teams, via email to a particular address, or through in person sessions
    Test & Learn
    • Be prepared to experiment with the content and mediums, and use analytics to assess the results. For example if videos are posted on a site like SharePoint that already has analytics functionality, you can capture the number of views to determine how much they are viewed
    Multiple Mediums
    • Use a combination of one-on-one interviews/meetings and focus groups to obtain feedback. You may want to start with some of the respondents who provided comments on surveys/diagnostics

    BRM Job Descriptions

    Download the Job Descriptions:

    Build a Winning Business Process Automation Playbook

    • Buy Link or Shortcode: {j2store}407|cart{/j2store}
    • member rating overall impact: 8.3/10 Overall Impact
    • member rating average dollars saved: $8,065 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Business Analysis
    • Parent Category Link: /business-analysis
    • Organizations often have many business processes that rely on manual, routine, and repetitive data collection and processing work. These processes need to be automated to meet strategic priorities.
    • Your stakeholders may have decided to invest in process automation solutions. They may be ready to begin the planning and delivery of their first automated processes.
    • However, if your processes are costly, slow, defective, and do not generate the value end users want, automation will only magnify these inefficiencies.

    Our Advice

    Critical Insight

    • Put the user front and center. Aim to better understand the end user and their operational environment. Use cases, data models, and quality factors allow you to visualize the human-computer interactions from an end-user perspective and initiate a discussion on how technology and process improvements can be better positioned to help your end users.
    • Build for the future. Automation sets the technology foundations and process governance and management building blocks in your organization. Expect that more automation will be done using earlier investments.
    • Manage automations as part of your application portfolio. Automations are add-ons to your application portfolio. Unmanaged automations, like applications, will sprawl and reduce in value over time. A collaborative rationalization practice pinpoints where automation is required and identifies which business inefficiencies should be automated next.

    Impact and Result

    • Clarify the problem being solved. Gain a grounded understanding of your stakeholders’ drivers for business process automation. Discuss current business operations and systems to identify automation candidates.
    • Optimate your processes. Apply good practices to first optimize (opti-) and then automate (-mate) key business processes. Take a user-centric perspective to understand how users interact with technology to complete their tasks.
    • Deliver minimum viable automations (MVAs). Maximize the learning of automation solutions and business operational changes through small, strategic automation use cases. This sets the foundations for a broader automation practice.

    Build a Winning Business Process Automation Playbook Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Business Process Automation Deck – A step-by-step document that walks you through how to optimize and automate your business processes.

    This blueprint helps you develop a repeatable approach to understand your process challenges and to optimize and automate strategic business processes.

    • Build a Winning Business Process Automation Playbook – Phases 1-3

    2. Business Process Automation Playbook – A repeatable set of practices to assess, optimize, and automate your business processes.

    This playbook template gives your teams a step-by-step guide to build a repeatable and standardized framework to optimize and automate your processes.

    • Business Process Automation Playbook

    3. Process Interview Template – A structured approach to interviewing stakeholders about their business processes.

    Info-Tech's Process Interview Template provides a number of sections that you can populate to help facilitate and document your stakeholder interviews.

    • Process Interview Template

    4. Process Mapping Guide – A guide to mapping business processes using BPMN standards.

    Info-Tech's Process Mapping Guide provides a thorough framework for process mapping, including the purpose and benefits, the best practices for facilitation, step-by-step process mapping instructions, and process mapping naming conventions.

    • Process Mapping Guide

    Infographic

    Workshop: Build a Winning Business Process Automation Playbook

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Automation Opportunities

    The Purpose

    Understand the goals and visions of business process automation.

    Develop your guiding principles.

    Build a backlog of automation opportunities

    Key Benefits Achieved

    Business process automation vision, expectations, and objectives.

    High-priority automation opportunities identified to focus on.

    Activities

    1.1 State your objectives and metrics.

    1.2 Build your backlog.

    Outputs

    Business process automation vision and objectives

    Business process automation guiding principles

    Process automation opportunity backlog

    2 Define Your MVAs

    The Purpose

    Assess and optimize high-strategic-importance business process automation use cases from the end user’s perspective.

    Shortlist your automation solutions.

    Build and plan to deliver minimum viable automations (MVAs).

    Key Benefits Achieved

    Repeatable framework to assess and optimize your business process.

    Selection of the possible solutions that best fit the business process use case.

    Maximized learning with a low-risk minimum viable automation.

    Activities

    2.1 Optimize your processes.

    2.2 Automate your processes.

    2.3 Define and roadmap your MVAs.

    Outputs

    Assessed and optimized business processes with a repeatable framework

    Fit assessment of use cases to automation solutions

    MVA definition and roadmap

    3 Deliver Your MVAs

    The Purpose

    Modernize your SDLC to support business process automation delivery.

    Key Benefits Achieved

    An SDLC that best supports the nuances and complexities of business process automation delivery.

    Activities

    3.1 Deliver your MVAs

    Outputs

    Refined and enhanced SDLC

    Establish Effective Data Stewardship

    • Buy Link or Shortcode: {j2store}133|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Data stewardship is a critical function in modern data governance. Every data-driven firm needs stewards who can tackle data issues and challenges rapidly. Data stewards help to reach agreement on data definition, quality, and usage. They direct efforts aimed at completing metadata, improving data quality, and ensuring regulatory compliance.
    • Stewards must also provide recommendations regarding data access, security, distribution, retention, archiving, and disposal.

    Our Advice

    Critical Insight

    • While the data steward role is crucial to establishing and sustaining effective governance of data, it is the role in the data governance operating structure that is often left ambiguous.
    • It is often perceived as requiring incremental IT skills and one with all new or unfamiliar functions.
    • In the ambition and haste to deliver on data governance, the various data governance role titles are communicated out to the wider organization, with data stewards especially left wondering: “Why am I being asked to be a data steward? What is expected of me? How will succeed in this role?”

    Impact and Result

    To establish effective and impactful data stewardship:

    • Clearly articulate the data stewardship value proposition.
    • Formally design and detail the data steward role, including functions, capabilities, etc.
    • Set up your data stewards for success: having a detailed role definition on paper is certainly not enough. Ensure you go the extra mile to deliver relevant training such as data stewardship onboarding, awareness program, etc.

    Establish Effective Data Stewardship Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish Effective Data Stewardship Storyboard – Research that provides a step-by-step approach to aid in the successful establishment of data steward role.

    Use this deck to establish a solid data governance foundation in your organization. Start by defining the value of data stewardship and data governance and demystifying the role.

    • Establish Effective Data Stewardship – Phases 1-3

    2. Data Governance Role Accelerator Kit – A brief deck that defines the clear functions for different roles in data governance.

    This brief guide outlines how to adapt a data governance organizational structure for your organization and defines the roles of data owner, data steward, and data custodian.

    • Data Governance Roles Accelerator Kit
    [infographic]

    Further reading

    Establish Effective Data Stewardship

    Leverage your organization's business subject matter experts to drive impactful data use and handling.

    Analyst perspective

    Leverage your organization's business subject matter experts to drive impactful data use and handling.

    Data stewards bring valuable expertise and knowledge about their business areas: priorities, business capabilities and processes, and challenges and opportunities with respect to data. Because this knowledge cannot be easily replicated, going outside your organization to hire a data steward is not the most effective route.

    While it may seem difficult, organizing internally to harvest the already existing institutional knowledge of your business subject matter experts (SMEs) will give a better – and faster – return when setting up and formalizing data stewardship.

    The role must be well defined and communicated. We cannot expect SMEs to wear a hat without understanding the expectations for their role. They must be set up for success – they must be empowered, recognized, and rewarded.

    Crystal Singh, Director, Research and Advisory, Data and Analytics Practice

    Crystal Singh
    Director, Research and Advisory, Data and Analytics Practice
    Info-Tech Research Group

    Phase breakdown

    Phase 1: Data Stewardship Value Proposition

    • Define the value of data stewardship and data governance, their importance, and the relationship between them.
    • Determine where data stewards fit in the bigger data governance operating structure. The data steward role will not be effective without the other data governance roles.
    • Highlight the gains of effective data stewardship: e.g. data quality management, data definition, data sharing, and the ethical use and handling of data.

    Phase breakdown

    Phase 2: Data Steward Role Design

    • Who makes a good data steward? Important knowledge and skills include subject area expertise, institutional knowledge, collaborative skills, interpersonal, and political skills, an understanding of your organization's culture, and the ability to build good partnerships across business functions and with data management.
    • Seek out SMEs from within your organization. This may require you to mold and shape individuals to step up and into the role. An external hire will give capacity but will be more difficult (and time consuming) to ramp up.
    • Consult internally in your organization. For example, consult and liaise with Human Resources (HR) to determine if job descriptions need to be updated, if there would be any impact to compensation, etc.
    • Determine if this role needs to be a full-time role.
    • Demystify the role. Clarify that this is not an IT role and therefore will not require IT skills.
    • Leverage Info-Tech data governance patterns:
      • Data Stewardship in Action – Sample Data Quality Issue Resolution Process Template and Business Term and Data Definitions
      • Sample Data Steward (and Data Owner) to Data Domain Mapping

    Phase breakdown

    Phase 3: Strategies for Data Stewardship Success

    • Establish a solid data governance foundation in your organization.
    • Develop data stewardship onboarding: e.g. literacy and training, and frequently asked questions (FAQs).
    • Gain support from data owners, the director general (DG) committee, data leadership, and executive leaders/champions.
    • Set up rewards and recognition for the role.
    • Establish a feedback loop/mechanism for data stewards so the stewardship program can be adjusted accordingly.
    • Establish communication and create awareness of the role.

    Establishing effective data stewardship

    Leverage your organization's business SMEs to drive impactful data use and handling.

    Unlock the value of data through people.

    Data Steward Value Proposition
    Clearly articulate the data stewardship value proposition. What's in it for the person, their line of business or mandate, and your organization as a whole.

    Data Steward Role Design
    Formally design and define the role of a data steward, including the functions and capabilities.

    Strategies for Success
    Set up your data stewards for success. Having a detailed role definition on paper is not enough. Ensure that you go the extra mile to deliver the relevant training, such as data stewardship onboarding and an awareness program.

    Executive summary

    Your Challenge Common Obstacles Info-Tech's Approach
    Data stewardship is a critical function in modern data governance. Every data-driven firm needs stewards who can rapidly tackle data issues and challenges. Data stewards help to reach agreement on data definition, quality, and usage. They direct efforts aimed at completing metadata, improving data quality, and ensuring regulatory compliance.
    Stewards must also provide recommendations regarding data access, security, distribution, retention, archiving, and disposal.
    While the data steward role is crucial to establishing and sustaining the effective governance of data, it is the role in the data governance operating structure that is often left unclear, ambiguous, and open to misinterpretation.
    It is often perceived as requiring incremental IT skills and one with all new or unfamiliar functions.
    In the ambition and haste to deliver on data governance, the various data governance role titles are communicated to the wider organization, often leaving data stewards wondering why they are being asked to be a data steward, what is expected of them, and how they will succeed in this role.
    Info-Tech's approach to establish effective and impactful data stewardship:
    • Clearly articulate the data stewardship value proposition.
    • Formally design and define the role of data steward, including the functions and capabilities.
    • Set up your data stewards for success. Having a detailed role definition on paper is not enough. Ensure that you go the extra mile to deliver the relevant training, such as data stewardship onboarding and an awareness program.

    Info-Tech Insight
    Effective data governance requires a solid foundation. Data stewards provide the foundation for data governance. The time and effort to define this role properly will yield sound data governance return.

    Phase 1: Data Stewardship Value Proposition

    What is the VALUE of a DATA STEWARD?

    Value of a Data Steward

    Improved Data Quality Management

    Clear and Consistent Data Definition

    Increased Data Sharing and Collaboration

    Ethical Handling of Data

    Define the strategic value of data in your organization

    Harness the value of data to power intelligent and transformative organizational performance.

    Optimize the way you serve your stakeholders.

    Respond to industry disruption.

    Develop products and services to meet ever-evolving needs.

    Manage operations and mitigate risk.

    Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across an organization.

    Data governance is:

    • Executed according to agreed-upon models that describe who can take what actions with what information, when, and using what methods (CIO.com, 2021).
    • True business-IT collaboration that leads to increased consistency and confidence in data to support decision making

    If done correctly, data governance is not:

    • An annoying, finger-waving roadblock in the way of getting things done
    • An inhibitor or impediment to using and sharing data

    Data governance is about putting guard rails in place to better support the use and handling of your organization's data.

    Is there a clear definition of data accountability and responsibility in your organization?

    Develop a Targeted Flexible Work Program for IT

    • Buy Link or Shortcode: {j2store}542|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $18,909 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select
    • Workplace flexibility continues to be top priority for IT employees. Organizations who fail to offer flexibility will have a difficult time attracting, recruiting, and retaining talent.
    • When the benefits of remote work are not available to everyone, this raises fairness and equity concerns.

    Our Advice

    Critical Insight

    IT excels at hybrid location work and is more effective as a business function when location flexibility is an option for its employees. But hybrid work is just a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent.

    Impact and Result

    • Uncover the needs of unique employee segments to shortlist flexible work options that employees want and will use.
    • Assess the feasibility of various flexible work options and select ones that meet employee needs and are feasible for the organization.
    • Equip leaders with the information and tools needed to implement and sustain a flexible work program.

    Develop a Targeted Flexible Work Program for IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess employee and organizational flexibility needs

    Identify prioritized employee segments, flexibility challenges, and the desired state to inform program goals.

    • Develop a Targeted Flexible Work Program for IT – Phases 1-3
    • Talent Metrics Library
    • Targeted Flexible Work Program Workbook
    • Fast-Track Hybrid Work Program Workbook

    2. Identify potential flex options and assess feasibility

    Review, shortlist, and assess the feasibility of common types of flexible work. Identify implementation issues and cultural barriers.

    • Flexible Work Focus Group Guide
    • Flexible Work Options Catalog

    3. Implement selected option(s)

    Equip managers and employees to adopt flexible work options while addressing implementation issues and cultural barriers and aligning HR programs.

    • Guide to Flexible Work for Managers and Employees
    • Flexible Work Time Policy
    • Flexible Work Time Off Policy
    • Flexible Work Location Policy

    Infographic

    Workshop: Develop a Targeted Flexible Work Program for IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare to Assess Flex Work Feasibility

    The Purpose

    Gather information on organizational and employee flexibility needs.

    Key Benefits Achieved

    Understand the flexibility needs of the organization and its employees to inform a targeted flex work program.

    Activities

    1.1 Identify employee and organizational needs.

    1.2 Identify employee segments.

    1.3 Establish program goals and metrics.

    1.4 Shortlist flexible work options.

    Outputs

    Organizational context summary

    List of shortlisted flex work options

    2 Assess Flex Work Feasibility

    The Purpose

    Perform a data-driven feasibility analysis on shortlisted work options.

    Key Benefits Achieved

    A data-driven feasibility analysis ensures your flex work program meets its goals.

    Activities

    2.1 Conduct employee/manager focus groups to assess feasibility of flex work options.

    Outputs

    Summary of flex work options feasibility per employee segment

    3 Finalize Flex Work Options

    The Purpose

    Select the most impactful flex work options and create a plan for addressing implementation challenge

    Key Benefits Achieved

    A data-driven selection process ensures decisions and exceptions can be communicated with full transparency.

    Activities

    3.1 Finalize list of approved flex work options.

    3.2 Brainstorm solutions to implementation issues.

    3.3 Identify how to overcome cultural barriers.

    Outputs

    Final list of flex work options

    Implementation barriers and solutions summary

    4 Prepare for Implementation

    The Purpose

    Create supporting materials to ensure program implementation proceeds smoothly.

    Key Benefits Achieved

    Employee- and manager-facing guides and policies ensure the program is clearly documented and communicated.

    Activities

    4.1 Design employee and manager guide prototype.

    4.2 Align HR programs and policies to support flexible work.

    4.3 Create a communication plan.

    Outputs

    Employee and manager guide to flexible work

    Flex work roadmap and communication plan

    5 Next Steps and Wrap-Up

    The Purpose

    Put everything together and prepare to implement.

    Key Benefits Achieved

    Our analysts will support you in synthesizing the workshop’s efforts into a cohesive implementation strategy.

    Activities

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Outputs

    Completed flexible work feasibility workbook

    Flexible work communication plan

    Further reading

    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    Executive Summary

    Your Challenge

    • IT leaders continue to struggle with workplace flexibility, and it is a top priority for IT employees; as a result, organizations who fail to offer flexibility will have a difficult time attracting, recruiting, and retaining talent.
    • The benefits of remote work are not available to everyone, raising fairness and equity concerns for employees.

    Common Obstacles

    • A one-size-fits-all approach to selecting and implementing flexible work options fails to consider unique employee needs and will not reap the benefits of offering a flexible work program (e.g. higher engagement or enhanced employer brand).
    • Improper structure and implementation of flexible work programs exacerbates existing challenges (e.g. high turnover) or creates new ones.

    Info-Tech's Approach

    • Uncover the needs of unique employee segments to shortlist flexible work options that employees want and will use.
    • Assess the feasibility of various flexible work options and select ones that meet employee needs and are feasible for the organization.
    • Equip leaders with the information and tools needed to implement and sustain a flexible work program.

    Info-Tech Insight

    IT excels at hybrid location work and is more effective as a business function when location flexibility is an option for its employees. But hybrid work is just a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent.

    Flexible work arrangements are a requirement in today's world of work

    Flexible work continues to gain momentum…

    A 2022 LinkedIn report found that the following occurred between 2019 and 2021:

    +362%

    Increase in LinkedIn members sharing content with the term "flexible work."

    +83%

    Increase in job postings that mention "flexibility."
    (LinkedIn, 2022)

    In 2022, Into-Tech found that hybrid was the most commonly used location work model for IT across all industries.

    ("State of Hybrid Work in IT," Info-Tech Research Group, 2022)

    …and employees are demanding more flexibility

    90%

    of employees said they want schedule and location flexibility ("Global Employee Survey," EY, 2021).

    17%

    of resigning IT employees cited lack of flexible work options as a reason ("IT Talent Trends 2022," Info-Tech Research Group, 2022).

    71%

    of executives said they felt "pressure to change working models and adapt workplace policies to allow for greater flexibility" (LinkedIn, 2021).

    Therefore, organizations who fail to offer flexibility will be left behind

    Difficulty attracting and retaining talent

    98% of IT employees say flexible work options are important in choosing an employer ("IT Talent Trends 2022," Info-Tech Research Group, 2022).

    Worsening employee wellbeing and burnout

    Knowledge workers with minimal to no schedule flexibility are 2.2x more likely to experience work-related stress and are 1.4x more likely to suffer from burnout (Slack, 2022; N=10,818).

    Offering workplace flexibility benefits organizations and employees

    Higher performance

    IT departments that offer some degree of location flexibility are more effective at supporting the organization than those who do not.

    35% of service desk functions report improved service since implementing location flexibility.
    ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

    Enhanced employer brand

    Employees are 2.1x more likely to recommend their employer to others when they are satisfied with their organization's flexible work arrangements (LinkedIn, 2021).

    Improved attraction

    41% of IT departments cite an expanded hiring pool as a key benefit of hybrid work.

    Organizations that mention "flexibility" in their job postings have 35% more engagement with their posts (LinkedIn, 2022).

    Increased job satisfaction

    IT employees who have more control over their working arrangement experience a greater sense of contribution and trust in leadership ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

    Better work-life balance

    81% of employees say flexible work will positively impact their work-life balance (FlexJobs, 2021).

    Boosted inclusivity

    • Caregivers regardless of gender, supporting them in balancing responsibilities
    • Individuals with disabilities, enabling them to work from the comfort of their homes
    • Women who may have increased responsibilities
    • Women of color to mitigate the emotional tax experienced at work

    Info-Tech Insight

    Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.

    Despite the popularity of flexible work options, not all employees can participate

    IT organizations differ on how much flexibility different roles can have.

    IT employees were asked what percentage of IT roles were currently in a hybrid or remote work arrangement ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

    However, the benefits of remote work are not available to all, which raises fairness and equity concerns between remote and onsite employees.

    45%

    of employers said, "one of the biggest risks will be their ability to establish fairness and equity among employees when some jobs require a fixed schedule or location, creating a 'have and have not' dynamic based on roles" ("Businesses Suffering," EY, 2021).

    Offering schedule flexibility to employees who need to be fully onsite can be used to close the fairness and equity gap.

    When offered the choice, 54% of employees said they would choose schedule flexibility over location flexibility ("Global Employee Survey," EY, 2021).

    When employees were asked "What choice would you want your employer to provide related to when you have to work?" The top three choices were:

    68%

    Flexibility on when to start and finish work

    38%

    Compressed or four-day work weeks

    33%

    Fixed hours (e.g. 9am to 5pm)

    Disclaimer: "Percentages do not sum to 100%, as each respondent could choose up to three of the [five options provided]" ("Global Employee Survey," EY, 2021).

    Beware of the "all or nothing" approach

    There is no one-size-fits-all approach to workplace flexibility.

    Understanding the needs of various employee segments in the organization is critical to the success of a flexible work program.

    Working parents want more flexibility

    82%

    of working mothers desire flexibility in where they work.

    48%

    of working fathers "want to work remotely 3 to 5 days a week."

    Historically underrepresented groups value more flexibility

    38%

    "Thirty-eight percent of Black male employees and 33% of Black female employees would prefer a fully flexible schedule, compared to 25% of white female employees and 26% of white male employees."
    (Slack, 2022; N=10,818)

    33%

    Workplace flexibility must be customized to the organization to avoid longer working hours and heavy workloads that impact employee wellbeing

    84%

    of remote workers and 61% of onsite workers reported working longer hours post pandemic. Longer working hours were attributed to reasons such as pressure from management and checking emails after working hours (Indeed, 2021).

    2.6x

    Respondents who either agreed or strongly agreed with the statement "Generally, I find my workload reasonable" were 2.6x more likely to be engaged compared to those who stated they disagreed or strongly disagreed (McLean & Company Engagement Survey Database;2022; N=5,615 responses).

    Longer hours and unsustainable workloads can contribute to stress and burnout, which is a threat to employee engagement and retention. With careful management (e.g. setting clear expectations and establishing manageable workloads), flexible work arrangement benefits can be preserved.

    Info-Tech Insight

    Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.

    Develop a flexible work program that meets employee and organizational needs

    This is an image of a sample flexible work program which meets employee and organizational needs.

    Insight summary

    Overarching insight: IT excels at hybrid location work and is more effective as a business function when location, time, and time-off flexibility are an option for its employees.

    Introduction

    Step 1 insight

    Step 2 insight

    Step 3 insight

    • Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.
    • Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.
    • Flexible work benefits everyone. IT employees experience greater engagement, motivation, and company loyalty. IT organizations realize benefits such as better service coverage, reduced facilities costs, and increased productivity.
    • Hybrid work is a start. A comprehensive flex work program extends beyond flexible location to flexible time and time off. Organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.
    • No two employee segments are the same. To be effective, flexible work options must align with the expectations and working processes of each segment.
    • Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future proofing your organization.
    • Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization, or if the cost of the option is too high, it will not support the long-term success of the organization.
    • Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.
    • Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.
    • Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.
    • A set of formal guidelines for IT ensures flexible work is:
      1. Administered fairly across all IT employees.
      2. Defensible and clear.
      3. Scalable to the rest of the organization.

    Case Study

    Expanding hybrid work at Info-Tech

    Challenge

    In 2020, Info-Tech implemented emergency work-from-home for its IT department, along with the rest of the organization. Now in 2023, hybrid work is firmly embedded in Info-Tech's culture, with plans to continue location flexibility for the foreseeable future.

    Adjusting to the change came with lessons learned and future-looking questions.

    Lessons Learned

    Moving into remote work was made easier by certain enablers that had already been put in place. These included issuing laptops instead of desktops to the user base and using an existing cloud-based infrastructure. Much support was already being done remotely, making the transition for the support teams virtually seamless.

    Continuing hybrid work has brought benefits such as reduced commuting costs for employees, higher engagement, and satisfaction among staff that their preferences were heard.

    Looking Forward

    Every flexible work implementation is a work in progress and must be continually revisited to ensure it continues to meet organizational and employee needs. Current questions being explored at Info-Tech are:

    • The concept of the "office as a tool" – how does use of the office change when it is used for specific collaboration-related tasks, rather than everything? How should the physical space change to support this?
    • What does a viable replacement for quick hallway meetings look like in a remote world where communication is much more deliberate? How can managers adjust their practices to ensure the benefits of informal encounters aren't lost?

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Preparation

    Step 1

    Step 2

    Step 3

    Follow-up

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Assess employee and organizational needs.

    Call #3: Shortlist flex work options and assess feasibility.

    Call #4: Finalize flex work options and create rollout plan.

    Call #5: (Optional) Review rollout progress or evaluate pilot success.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 3 to 5 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Activities

    Prepare to assess flex work feasibility

    Assess flex work feasibility

    Finalize flex work options

    Prepare for implementation

    Next Steps and Wrap-Up (offsite)

    1.1 Identify employee and organizational needs.

    1.2 Identify employee segments.

    1.3 Establish program goals and metrics.

    1.4 Shortlist flex work options.

    2.1 Conduct employee/manager focus groups to assess feasibility of flex work options.

    3.1 Finalize list of approved flex work options.

    3.2 Brainstorm solutions to implementation issues.

    3.2 Identify how to overcome cultural barriers.

    4.1 Design employee and manager guide prototype.

    4.2 Align HR programs and policies to support flexible work.

    4.3 Create a communication plan.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Organizational context summary
    2. List of shortlisted flex work options
    1. Summary of flex work options' feasibility per employee segment
    1. 1.Final list of flex work options
    2. 2.Implementation barriers and solutions summary
    1. Employee and manager guide to flexible work
    2. Flex work roadmap and communication plan
    1. Completed flexible work feasibility workbook
    2. Flexible work communication plan

    Step 1

    Assess employee and organizational needs

    1. Assess employee and organizational flexibility needs
    2. Identify potential flex options and assess feasibility
    3. Implement selected option(s)

    After completing this step you will have:

    • Identified key stakeholders and their responsibilities
    • Uncovered the current and desired state of the organization
    • Analyzed feedback to identify flexibility challenges
    • Identified and prioritized employee segments
    • Determined the program goals
    • Identified the degree of flexibility for work location, timing, and deliverables

    Identify key stakeholders

    Organizational flexibility requires collaborative and cross-functional involvement to determine which flexible options will meet the needs of a diverse workforce. HR leads the project to explore flexible work options, while other stakeholders provide feedback during the identification and implementation processes.

    HR

    • Assist with the design, implementation, and maintenance of the program.
    • Provide managers and employees with guidance to establish successful flexible work arrangements.
    • Help develop communications to launch and maintain the program.

    Senior Leaders

    • Champion the project by modeling and promoting flexible work options
    • Help develop and deliver communications; set the tone for flexible work at the organization.
    • Provide input into determining program goals.

    Managers

    • Model flexible work options and encourage direct reports to request and discuss options.
    • Use flexible work program guidelines to work with direct reports to select suitable flexible work options.
    • Develop performance metrics and encourage communication between flexible and non-flexible workers.

    Flexible Workers

    • Indicate preferences of flexible work options to the manager.
    • Identify ways to maintain operational continuity and communication while working flexibly.
    • Flag issues and suggest improvements to the manager.
    • Develop creative ways to work with colleagues who don't work flexibly.

    Non-Flexible Workers

    • Share feedback on issues with flexible arrangements and their impact on operational continuity.

    Info-Tech Insight

    Flexible work is a holistic team effort. Leaders, flexible workers, teammates, and HR must clearly understand their roles to ensure that teams are set up for success.

    Uncover the current and desired state of flexibility in the organization

    Current State

    Target State

    Review:

    • Existing policies related to flexibility (e.g. vacation, work from anywhere)
    • Existing flexibility programs (e.g. seasonal hours) and their uptake
    • Productivity of employees
    • Current culture at the organization. Look for:
      • Employee autonomy
      • Reporting structure and performance management processes
      • Trust and psychological safety of employees
      • Leadership behavior (e.g. do leaders model work-life balance, or does the organization have a work 24/7 mentality?)

    Identify what is driving the need for flexible work options. Ask:

    • Why does the organization need flexible options?
      • For example, the introduction of flexibility for some employees has created a "have and have not" dynamic between roles that must be addressed.
    • What does the organization hope to gain from implementing flexible options? For example:
      • Improved retention
      • Increased attraction, remaining competitive for talent
      • Increased work-life balance for employees
      • Reduced burnout
    • What does the organization aspire to be?
      • For example, an organization that creates an environment that values output, not face time.

    These drivers identify goals for the organization to achieve through targeted flexible work options.

    Info-Tech Insight

    Hybrid work is a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.

    Identify employee segments

    Using the data, feedback, and challenges analyzed and uncovered so far, assess the organization and identify employee segments.

    Identify employee segments with common characteristics to assess if they require unique flexible work options. Assess the feasibility options for the segments separately in Step 2.

    • Segments' unique characteristics include:
      • Role responsibilities (e.g. interacting with users, creating reports, development and testing)
      • Work location/schedule (e.g. geographic, remote vs. onsite, 9 to 5)
      • Work processes (e.g. server maintenance, phone support)
      • Group characteristics (e.g. specific teams, new hires)

    Identify employee segments and sort them into groups based on the characteristics above.

    Examples of segments:

    • Functional area (e.g. Service Desk, Security)
    • Job roles (e.g. desktop support, server maintenance)
    • Onsite, remote, or hybrid
    • Full-time or part-time
    • Job level (e.g. managers vs. independent contributors)
    • Employees with dependents

    Prioritize employee segments

    Determine whether the organization needs flexible work options for the entire organization or specific employee segments.
    For specific employee segments:

    • Answer the questions on the right to identify whether an employee segment is high, medium, or low priority. Complete slides 23 to 25 for each high-priority segment, repeating the process for medium-priority segments when resources allow.

    For the entire organization:

    • When identifying an option for the entire organization, consider all segments. The approach must create consistency and inclusion; keep this top of mind when identifying flexibility on slides 23 to 25. For example, the work location flexibility would be low in an organization where some segments can work remotely and others must be onsite due to machinery requirements.

    High priority: The employee segment has the lowest engagement scores or highest turnover within the organization. Segment sentiment is that current flexibility is nonexistent or not sufficiently meeting needs.
    Medium priority: The employee segment has low engagement or high turnover. Segment sentiment is that currently available flexibility is minimal or not sufficiently meeting needs.
    Low priority: The segment does not have the lowest engagement or the highest turnover rate. Segment sentiment is that currently available flexibility is sufficiently meeting needs.

    1. What is the impact on the organization if this segment's challenges aren't addressed (e.g. if low engagement and high turnover are not addressed)?
    2. How critical is flexibility to the segment's needs/engagement?
    3. How time sensitive is it to introduce flexibility to this segment (e.g. is the organization losing employees in this segment at a high rate)?
    4. Will providing flexibility to this segment increase organizational productivity or output

    Identify challenges to address with flexibility

    Uncover the lived experiences and expectations of employees to inform selection of segments and flexible options.

    1. Collect data from existing sources, such as:
      • Engagement surveys
      • New hire/exit surveys
      • Employee experience monitor surveys
      • Employee retention pulse surveys
      • Burnout surveys
      • DEI pulse surveys
    2. Analyze employee feedback on experiences with:
      • Work duties
      • Workload
      • Work-life balance
      • Operating processes and procedures
      • Achieving operational outcomes
      • Collaboration and communication
      • Individual experience and engagement
    3. Evaluate the data and identify challenges

    Example challenges:

    • Engagement: Low average score on work-life balance question; flexible work suggested in open-ended responses.
    • Retention: Exit survey indicating that lack of work-life balance is consistently a reason employees leave. Include the cost of turnover (e.g. recruitment, training, severance).
    • Burnout: Feedback from employees through surveys or HR business partner anecdotes indicating high burnout; high usage of wellness services or employee assistance programs.
    • Absenteeism: High average number of days employees were absent in the past year. Include the cost of lost productivity.
    • Operational continuity: Provide examples of when flexible work would have enabled operational continuity in the case of disaster or extended customer service coverage.
    • Program uptake: If the organization already has a flexible work program, provide data on the low proportion of eligible employees using available options.

    1.1 Prepare to evaluate flexible work options

    1-3 hours

    Follow the guidance on preceding slides to complete the following activities.
    Note: If you are only considering remote or hybrid work, use the Fast-Track Hybrid Work Program Workbook. Otherwise, proceed with the Targeted Flexible Work Program Workbook.

    1. Identify key stakeholders. Be sure to record the level of involvement and responsibility expected from each stakeholder. Use the "Stakeholders" tab of the workbook.
    2. Uncover current and desired state. Review and record your current state with respect to culture, productivity, and current flexible work options, if any. Next, record your desired future state, including reasons for implementing flexible work, and goals for the program. Record this in the "Current and Desired State" tab of the workbook.
    3. Identify and prioritize employee segments. Identify and record employee segments. Depending on the size of your department, you may identify a few or many. Be as granular as necessary to fully separate employee groups with different needs. If your resources or needs prevent you from rolling out flexible work to the entire department, record the priority level of each segment so you can focus on the highest priority first.
    4. Identify challenges with flexibility. With each employee segment in mind, analyze your available data to identify and record each segment's main challenges regarding flexible work. These will inform your program goals and metrics.

    Download the Targeted Flexible Work Program Workbook

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • List of departmental roles
    • Data on employee engagement, productivity, sentiment regarding flexible work, etc.

    Output

    • List of stakeholders and responsibilities
    • Flexible work challenges and aims
    • Prioritized list of employee segments

    Materials

    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • IT department head
    • HR business partner
    • Flexible work program committee

    Determine goals and metrics for the flexible work program

    Sample program goals

    Sample metrics

    Increase productivity

    • Employee, team, and department key performance indicators (KPIs) before and after flexible work implementation
    • Absenteeism rate (% of lost working days due to all types of absence)

    Improve business satisfaction and perception of IT value

    Increase retention

    • % of exiting employees who cite lack of flexible work options or poor work-life balance as a reason they left
    • Turnover and retention rates

    Improve the employee value proposition (EVP) and talent attraction

    • # of responses on the new hire survey where flexible work options or work-life balance are cited as a reason for accepting an employment offer
    • # of views of career webpage that mentions flexible work program
    • Time-to-fill rates

    Improve engagement and work-life balance

    • Overall engagement score – deploy Info-Tech's Employee Engagement Diagnostics
    • Score for questions about work-life balance on employee engagement or pulse survey, including:
      • "I am able to maintain a balance between my work and personal life."
      • "I find my stress levels at work manageable."

    Info-Tech Insight

    Implementing flex work without solid performance metrics means you won't have a way of determining whether the program is enabling or hampering your business practices.

    1.2 Determine goals and metrics

    30 minutes

    Use the examples on the preceding slide to identify program goals and metrics:

    1. Brainstorm program goals. Be sure to consider both the business benefits (e.g. productivity, retention) and the employee benefits (work-life balance, engagement). A successful flexible work program benefits both the organization and its employees.
    2. Brainstorm metrics for each goal. Identify metrics that are easy to track accurately. Use Info-Tech's IT and HR metrics libraries for reference. Ideally, the metrics you choose should already exist in your organization so no extra effort will be necessary to implement them. It is also important to have a baseline measure of each one before flexible work is rolled out.
    3. Record your outputs on the "Goals and Metrics" tab of the workbook.

    Download the Targeted Flexible Work Program Workbook

    Download the IT Metrics Library

    Download the HR Metrics Library

    Input

    • Organizational and departmental strategy

    Output

    • List of program goals and metrics

    Materials

    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee

    Determine work location flexibility for priority segments

    Work location looks at where a segment can complete all or some of their tasks (e.g. onsite vs. remote). For each prioritized employee segment, evaluate the amount of location flexibility available.

    Work Duties

    Processes

    Operational Outcomes

    High degree of flexibility

    • Low dependence on onsite equipment
    • Work easily shifts to online platforms
    • Low dependence on onsite external interactions (e.g. clients, customers, vendors)
    • Low interdependence of work duties internally (most work is independent)
    • Work processes and expectations are or can be formally documented
    • Remote work processes are sustainable long term

    Most or all operational outcomes can be achieved offsite (e.g. products/service delivery not impacted by WFH)

    • Some dependence on onsite equipment
    • Some work can shift to online platforms
    • Some dependence on onsite external interactions
    • Some interdependence of work duties internally (collaboration is critical)
    • Most work processes and expectations have been or can be formally documented
    • Remote work processes are sustainable (e.g. workarounds can be supported and didn't add work)

    Some operational outcomes can be achieved offsite (e.g. some impact of WFH on product/service delivery)

    Low degree of flexibility

    • High dependence on onsite equipment
    • Work cannot shift to online platforms
    • High dependence on onsite external interactions
    • High interdependence of work duties internally (e.g. line work)
    • Few work processes and expectations can be formally documented
    • Work processes cannot be done remotely, and workarounds for remote work are not sustainable long term

    Operational outcomes cannot be achieved offsite (e.g. significant impairment to product/service delivery)

    Note

    If roles within the segment have differing levels of location flexibility, use the lowest results (e.g. if role A in the segment has a high degree of flexibility for work duties and role B has a low degree of flexibility, use the results for role B).

    Identify work timing for priority segments

    Work timing looks at when work can or needs to be completed (e.g. Monday to Friday, 9am to 5pm).

    Work Duties

    Processes

    Operational Outcomes

    High degree of flexibility

    • No need to be available to internal and/or external customers during standard work hours
    • Equipment is available at any time
    • Does not rely on synchronous (occurring at the same time) work duties internally
    • Work processes and expectations are or can be formally documented
    • Low reliance on collaboration
    • Work is largely asynchronous (does not occur at the same time)

    Most or all operational outcomes are not time sensitive

    • Must be available to internal and/or external customers during some standard work hours
    • Some reliance on synchronous work duties internally (collaboration is critical)
    • Most work processes and expectations have been or can be formally documented
    • Moderate reliance on collaboration
    • Some work is synchronous

    Some operational outcomes are time sensitive and must be conducted within set date or time windows

    Low degree of flexibility

    • Must be available to internal and/or external customers during all standard work hours (e.g. Monday to Friday 9 to 5)
    • High reliance on synchronous work duties internally (e.g. line work)
    • Few work processes and expectations can be formally documented
    • High reliance on collaboration
    • Most work is synchronous

    Most or all operational outcomes are time sensitive and must be conducted within set date or time windows

    Note

    With additional coordination, flex time or flex time off options are still possible for employee segments with a low degree of flexibility. For example, with a four-day work week, the segment can be split into two teams – one that works Monday to Thursday and one that works Tuesday to Friday – so that employees are still available for clients five days a week.

    Examine work deliverables for priority segments

    Work deliverables look at the employee's ability to deliver on their role expectations (e.g. quota or targets) and whether reducing the time spent working would, in all situations, impact the work deliverables (e.g. constrained vs. unconstrained).

    Work Duties

    Operational Outcomes

    High degree of flexibility

    • Few or no work duties rely on equipment or processes that put constraints on output (unconstrained output)
    • Employees have autonomy over which work duties they focus on each day
    • Most or all operational outcomes are unconstrained (e.g. a marketing analyst who builds reports and strategies for clients can produce more reports, produce better reports, or identify new strategies)
    • Work quota or targets are achievable even if working fewer hours
    • Some work duties rely on equipment or processes that put constraints on output
    • Employees have some ability to decide which work duties they focus on each day
    • Some operational outcomes are constrained or moderately unconstrained (e.g. an analyst build reports based on client data; while it's possible to find efficiencies and build reports faster, it's not possible to attain the client data any faster)
    • Work quota or targets may be achievable if working fewer hours

    Low degree of flexibility

    • Most or all work duties rely on equipment or processes that put constraints on output (constrained output)
    • Daily work duties are prescribed (e.g. a telemarketer is expected to call a set number of people per day using a set list of contacts and a defined script)
    • Most or all operational outcomes are constrained (e.g. a machine operator works on a machine that produces 100 parts an hour; neither the machine nor the worker can produce more parts)
    • Work quota or targets cannot be achieved if fewer hours are worked

    Note

    For segments with a low degree of work deliverable flexibility (e.g. very constrained output), flexibility is still an option, but maintaining output would require additional headcount.

    1.3 Determine flexibility needs and constraints

    1-2 hours

    Use the guidelines on the preceding slides to document the parameters of each work segment.

    1. Determine work location flexibility. Work location looks at where a segment can complete all or some of their tasks (e.g. onsite vs. remote). For each prioritized employee segment, evaluate the amount of location flexibility available.
    2. Identify work timing. Work timing looks at when work can or needs to be completed (e.g. Monday to Friday, 9am to 5pm).
    3. Examine work deliverables. Work deliverables look at the employee's ability to deliver on their role expectations (e.g. quota or targets) and whether reducing the time spent working would, in all situations, impact the work deliverables (e.g. constrained vs. unconstrained).
    4. Record your outputs on the "Current and Desired State" tab of the workbook.

    Download the Targeted Flexible Work Program Workbook

    Input

    • List of employee segments

    Output

    • Summary of flexibility needs and constraints for each employee segment

    Materials

    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Step 2

    Identify potential flex options and assess feasibility

    1. Assess employee and organizational flexibility needs
    2. Identify potential flex options and assess feasibility
    3. Implement selected option(s)

    After completing this step you will have:

    • Created a shortlist of potential options for each prioritized employee segment
    • Evaluated the feasibility of each potential option
    • Determined the cost and benefit of each potential option
    • Gathered employee sentiment on potential options
    • Finalized options with senior leadership

    Prepare to identify and assess the feasibility of potential flexible work options

    First, review the Flexible Work Solutions Catalog

    Before proceeding to the next slide, review the Flexible Work Options Catalog to identify and shortlist five to seven flexible work options that are best suited to address the challenges faced for each of the priority employee segments identified in Step 1.

    Then, assess the feasibility of implementing selected options using slides 29 to 32

    Assess the feasibility of implementing the shortlisted solutions for the prioritized employee segments against the feasibility factors in this step. Repeat for each employee segment. Use the following slides to consult with and include leaders when appropriate.

    • Document your analysis in tabs 6 to 8 of the Targeted Flexible Work Program Workbook.
    • Note implementation issues throughout the assessment and record them in the tool. They will be addressed in Step 3: Implement Selected Program(s). Don't rule out an option simply because it presents some challenges; careful implementation can overcome many challenges.
    • At the end of this step, determine the final list of flexible work options and gain approval from senior leaders for implementation.

    Evaluate feasibility by reviewing the option's impact on continued operations and job performance

    Operational coverage

    Synchronous communication

    Time zones

    Face-to-face

    communication

    To what extent are employees needed to deliver products or services?

    • If constant customer service is required, stagger employees' schedules (e.g. one team works Monday-Thursday while another works Tuesday-Friday).

    To what extent do employees need to communicate with each other synchronously?

    • Break the workflow down and identify times when employees do and do not have to work at the same time to communicate with each other.

    To what extent do employees need to coordinate work across time zones?

    • If the organization already operates in different time zones, ensure that the option does not impact operations requiring continuous coverage.
    • When employees are located in different time zones, coordinate schedules based on the other operational factors.

    When do employees need to interact with each other or clients in person?

    • Examine the workflow closely to identify times when face-to-face communication is not required. Schedule "office days" for employees to work together when in-person interaction is needed.
    • When the interaction is only required with clients, determine whether employees are able to meet clients offsite.

    Info-Tech Insight

    Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future-proof your organization.

    Assess the option's alignment with organizational culture

    Symbols

    Values

    Behaviors

    How supportive of flexible work are the visible aspects of the organization's culture?

    • For example, the mission statement, newsletters, or office layout.
    • Note: Visible elements will need to be adapted to ensure they reinforce the value of the flexible work option.

    How supportive are both the stated and lived values of the organization?

    • When the flexible work option includes less direct supervision, assess how empowered employees feel to make decisions.
    • Assess whether all types of employees (e.g. virtual) are included, valued, and supported.

    How supportive are the attitudes and behaviors, especially of leaders?

    • Leaders set the expectations for acceptable behaviors in the organization. Determine how supportive leaders are toward flexible workers by examining their attitudes and perceptions.
    • Identify if employees are open to different ways of doing work.

    Determine the resources required for the option

    People

    Process

    Technology

    Do employees have the knowledge, skills, and abilities to adopt this option?

    • Identify any areas (e.g. process, technology) employees will need to be trained on and assess the associated costs.
    • Determine whether the option will require additional headcount to ensure operational continuity (e.g. two part-time employees in a job-sharing arrangement) and calculate associated costs (e.g. recruitment, training, benefits).

    How much will work processes need to change?

    • Interview organizational leaders with knowledge of the employee segment's core work processes. Determine whether a significant change will be required.
    • If a significant change is required, evaluate whether the benefits of the option outweigh the costs of the process and behavioral change (see the "net benefit" factor on slide 33).

    What new technologies will be required?

    • Identify the technology (e.g. that supports communication, work processes) required to enable the flexible work option.
    • Note whether existing technology can be used or additional technology will be required, and further investigate the viability and costs of these options.

    Examine the option's risks

    Data

    Health & Safety

    Legal

    How will data be kept secure?

    • Determine whether the organization's data policy and technology covers employees working remotely or other flexible work options.
    • If the employee segment handles sensitive data (e.g. personal employee information), consult relevant stakeholders to determine how data can be kept secure and assess any associated costs.

    How will employees' health and safety be impacted?

    • Consult your organization's legal counsel to determine whether the organization will be liable for the employees' health and safety while working from home or other locations.
    • Determine whether the organization's policies and processes will need to be modified.

    What legal risks might be involved?

    • Identify any policies in place or jurisdictional requirements to avoid any legal risks. Consult your organization's legal counsel about the situations below.
      • If the option causes significant changes to the nature of jobs, creating the risk of constructive dismissal.
      • If there are any risks to providing less supervision (e.g. higher chance of harassment).
      • When only some employee segments are eligible for the option, determine whether there is a risk of inequitable access.
      • If the option impacts any unionized employees or collective agreements.

    Determine whether the benefits of the option outweigh the costs

    Include senior leadership in the net benefit process to ensure any unfeasible options are removed from consideration before presenting to employees.

    1. Document the employee and employer benefits of the option from the previous feasibility factors on slides 29 to 32.
    • Include the benefits of reaching program goals identified in Step 1.
    • Quantify the benefits in dollar value where possible.
  • Document the costs and risks of the option, referring to the costs noted from previous feasibility factors.
    • Quantify the costs in dollar value where possible.
  • Compare the benefits and costs.
    • Add an option to your final list if the benefits are greater than the costs.
  • This is an image of a table with the main heading being Net Benefit, with the following subheadings: Benefits to organization; Benefits to employees; Costs.

    Info-Tech Insight

    Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization as a whole, or if the cost of the option is too high, it will not support the long-term success of the organization.

    2.1a Identify and evaluate flexible work options

    30 minutes per employee segment per work option

    If you are only considering hybrid or remote work, skip to activity 2.1b. Use the guidelines on the preceding slides to conduct feasibility assessments.

    1. Shortlist flexible work options. Review the Flexible Work Options Catalog to identify and shortlist five to seven flexible work options that are best suited to address the challenges faced for each of the priority employee segments. Record these on the "Options Shortlist" tab of the workbook. Even if the decision is simple, ensure you record the rationale to help communicate your decision to employees. Transparent communication is the best way to avoid feelings of unfairness if desired work options are not implemented.
    2. Evaluate option feasibility. For each of the shortlisted options, complete one "Feasibility - Option" tab in the workbook. Make as many copies of this tab as needed.
      • When evaluating each option, consider each employee segment individually as you work through the prompts in the workbook. You may find that segments differ greatly in the feasibility of various types of flexible work. You will use this information to inform your overall policy and any exceptions to it.
      • You may need to involve each segment's management team to get an accurate picture of day-to-day responsibilities and flexible work feasibility.
    3. Weigh benefits and costs. At the end of each flexible work option evaluation, record the anticipated costs and benefits. Discuss whether this balance renders the option viable or rules it out.

    Download the Targeted Flexible Work Program Workbook

    Download the Flexible Work Options Catalog

    Input

    • List of employee segments

    Output

    • Shortlist of flexible work options
    • Feasibility analysis for each work option

    Materials

    • Targeted Flexible Work Program Workbook
    • Flexible Work Options Catalog

    Participants

    • Flexible work program committee
    • Employee segment managers

    2.1b Assess hybrid work feasibility

    30 minutes per employee segment

    Use the guidelines on the preceding slides to conduct a feasibility assessment. This exercise relies on having trialed hybrid or remote work before. If you have never implemented any degree of remote work, consider completing the full feasibility assessment in activity 2.1a.

    1. Evaluate hybrid work feasibility. Review the feasibility prompts on the "Work Unit Remote Work Assessment" tab and record your insight for each employee segment.
      • When evaluating each option, consider each employee segment individually as you work through the prompts in the workbook. You may find that segments differ greatly in their ability to accommodate hybrid work. You will use this information to inform your overall policy and any exceptions to it.
      • You may need to involve each segment's management team to get an accurate picture of day-to-day responsibilities and hybrid work feasibility.

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • List of employee segments

    Output

    • Feasibility analysis for each work option

    Materials

    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Ask employees which options they prefer and gather feedback for implementation

    Deliver a survey and/or conduct focus groups with a selection of employees from all prioritized employee segments.

    Share

    • Present your draft list of options to select employees.
    • Communicate that the organization is in the process of assessing the feasibility of flexible work options and would like employee input to ensure flex work meets needs.
    • Be clear that the list is not final or guaranteed.

    Ask

    • Ask which options are preferred more than others.
    • Ask for feedback on each option – how could it be modified to meet employee needs better? Use this information to inform implementation in Step 3.

    Decide

    • Prioritize an option if many employees indicated an interest in it.
    • If employees indicate no interest in an option, consider eliminating it from the list, unless it will be required. There is no value in providing an option if employees won't use it.

    Survey

    • List the options and ask respondents to rate each on a Likert scale from 1 to 5.
    • Ask some open-ended questions with comment boxes for employee suggestions.

    Focus Group

    • Conduct focus groups to gather deeper feedback.
    • See Appendix I for sample focus group questions.

    Info-Tech Insight

    Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.

    Finalize options list with senior leadership

    1. Select one to three final options and outline the details of each. Include:
      • Scope: To what extent will the option be applied? E.g. work-from-home one or two days a week.
      • Eligibility: Which employee segments are eligible?
      • Cost: What investment will be required?
      • Critical implementation issues: Will any of the implementation issues identified for each feasibility factor impact whether the option will be approved?
      • Resources: What additional resources will be required (e.g. technology)?
    2. Present the options to stakeholders for approval. Include:
      • An outline of the finalized options, including what the option is and the scope, eligibility, and critical implementation issues.
      • The feasibility assessment results, including benefits, costs, and employee preferences. Have more detail from the other factors ready if leaders ask about them.
      • The investment (cost) required to implement the option.
    3. Proceed to Step 3 to implement approved options.

    Running an IT pilot of flex work

    • As a technology department, IT typically doesn't own flexible work implementation for the entire organization. However, it is common to trial flexible work options for IT first, before rolling out to the entire organization.
    • During a flex work pilot, ensure you are working closely with HR partners, especially regarding regulatory and compliance issues.
    • Keep the rest of the organizational stakeholders in the loop, especially regarding their agreement on the metrics by which the pilot's success will be evaluated.

    2.2a Finalize flexible work options

    2-3 hours + time to gather employee feedback

    If you are only considering hybrid or remote work, skip to activity 2.2b. Use the guidelines on the preceding slides to gather final feedback and finalize work option selections.

    1. Gather employee feedback. If employee preferences are already known, skip this step. If they are not, gather feedback to ascertain whether any of the shortlisted options are preferred. Remember that a successful flexible work program balances the needs of employees and the business, so employee preference is a key determinant in flexible work program success. Document this on the "Employee Preferences" tab of the workbook.
    2. Finalize flexible work options. Use your notes on the cost-benefit balance for each option, along with employee preferences, to decide whether the move forward with it. Record this decision on the "Options Final List" tab. Include information about eligible employee segments and any implementation challenges that came up during the feasibility assessments. This is the final decision summary that will inform your flexible program parameters and policies.

    Download the Targeted Flexible Work Program Workbook

    Input

    • Flexible work options shortlist

    Output

    • Final flexible work options list

    Materials

    • Targeted Flexible Work Program Workbook

    Participants

    • Flexible work program committee

    2.2b Finalize hybrid work parameters

    2-3 hours + time to gather employee feedback

    Use the guidelines on the preceding slides to gather final feedback and finalize work option selections.

    1. Summarize feasibility analysis. On the "Program Parameters" tab, record the main insights from your feasibility analysis. Finalize important elements, including eligibility for hybrid/remote work by employee segment. Additionally, record the standard parameters for the program (i.e. those that apply to all employee segments) and variable parameters (i.e. ones that differ by employee segment).

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • Hybrid work feasibility analysis

    Output

    • Final hybrid work program parameters

    Materials

    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee

    Step 3

    Implement selected option(s)

    1. Assess employee and organizational flexibility needs
    2. Identify potential flex options and assess feasibility
    3. Implement selected option(s)

    After completing this step, you will have:

    • Addressed implementation issues and cultural barriers
    • Equipped the organization to adopt flexible work options successfully
    • Piloted the program and assessed its success
    • Developed a plan for program rollout and communication
    • Established a program evaluation plan
    • Aligned HR programs to support the program

    Solve the implementation issues identified in your feasibility assessment

    1. Identify a solution for each implementation issue documented in the Targeted Flexible Work Program Workbook. Consider the following when identifying solutions:
      • Scope: Determine whether the solution will be applied to one or all employee segments.
      • Stakeholders: Identify stakeholders to consult and develop a solution. If the scope is one employee segment, work with organizational leaders of that segment. When the scope is the entire organization, consult with senior leaders.
      • Implementation: Collaborate with stakeholders to solve implementation issues. Balance the organizational and employee needs, referring to data gathered in Steps 1 and 2.

    Example:

    Issue

    Solution

    Option 1: Hybrid work

    Brainstorming at the beginning of product development benefits from face-to-face collaboration.

    Block off a "brainstorming day" when all team members are required in the office.

    Employee segment: Product innovation team

    One team member needs to meet weekly with the implementation team to conduct product testing.

    Establish a schedule with rotating responsibility for a team member to be at the office for product testing; allow team members to swap days if needed.

    Address cultural barriers by involving leaders

    To shift a culture that is not supportive of flexible work, involve leaders in setting an example for employees to follow.

    Misconceptions

    Tactics to overcome them

    • Flexible workers are less productive.
    • Flexible work disrupts operations.
    • Flexible workers are less committed to the organization.
    • Flexible work only benefits employees, not the organization.
    • Employees are not working if they aren't physically in the office.

    Make the case by highlighting challenges and expected benefits for both the organization and employees (e.g. same or increased productivity). Use data in the introductory section of this blueprint.

    Demonstrate operational feasibility by providing an overview of the feasibility assessment conducted to ensure operational continuity.

    Involve most senior leadership in communication.

    Encourage discovery and exploration by having managers try flexible work options themselves, which will help model it for employees.

    Highlight success stories within the organization or from competitors or similar industries.

    Invite input from managers on how to improve implementation and ownership, which helps to discover hidden options.

    Shift symbols, values, and behaviors

    • Work with senior leaders to identify symbols, values, and behaviors to modify to align with the selected flexible work options.
    • Validate that the final list aligns with your organization's mission, vision, and values.

    Info-Tech Insight

    Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.

    Equip the organization for successful implementation

    Info-Tech recommends providing managers and employees with a guide to flexible work, introducing policies, and providing training for managers.

    Provide managers and employees with a guide to flexible work

    Introduce appropriate organization policies

    Equip managers with the necessary tools and training

    Use the guide to:

    • Familiarize employees and managers with the flexible work program.
    • Gain employee and manager buy-in and support for the program.
    • Explain the process and give guidance on selecting flexible work options and working with their colleagues to make it a success.

    Use Info-Tech's customizable policy templates to set guidelines, outline arrangements, and scope the organization's flexible work policies. This is typically done by, or in collaboration with, the HR department.

    Download the Guide to Flexible Work for Managers and Employees

    Download the Flex Location Policy

    Download the Flex Time-Off Policy

    Download the Flex Time Policy

    3.1 Prepare for implementation

    2-3 hours

    Use the guidelines on the preceding slides to brainstorm solutions to implementation issues and prepare to communicate program rollout to stakeholders.

    1. Solve implementation issues.
      • If you are working with the Targeted Flexible Work Program Workbook: For each implementation challenge identified on the "Final Options List" tab, brainstorm solutions. If you are working with the Fast-Track Hybrid Work Program Workbook: Work through the program enablement prompts on the "Program Enablement" tab.
      • You may need to involve relevant stakeholders to help you come up with appropriate solutions for each employee segment.
      • Ensure that any anticipated cultural barriers have been documented and are addressed during this step. Don't underestimate the importance of a supportive organizational culture to the successful rollout of flexible work.
    2. Prepare the employee guide. Modify the Guide to Flexible Work for Managers and Employees template to reflect your final work options list and the processes and expectations employees will need to follow.
    3. Create a communication plan. Use Info-Tech's Communicate Any IT Initiative blueprint and Appendix II to craft your messaging.

    Download the Guide to Flexible Work for Managers and Employees

    Download the Targeted Flexible Work Program Workbook

    Input

    • Flexible work options final list

    Output

    • Employee guide to flexible work
    • Flexible work rollout communication plan

    Materials

    • Guide to Flexible Work for Managers and Employees
    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Run an IT pilot for flexible work

    Prepare for pilot

    Launch Pilot

    Identify the flexible work options that will be piloted.

    • Refer to the final list of selected options for each priority segment to determine which options should be piloted.

    Select pilot participants.

    • If not rolling out to the entire IT department, look for the departments and/or team(s) where there is the greatest need and the biggest interest (e.g. team with lowest engagement scores).
    • Include all employees within the department, or team if the department is too large, in the pilot.
    • Start with a group whose managers are best equipped for the new flexibility options.

    Create an approach to collect feedback and measure the success of the pilot.

    • Feedback can be collected using surveys, focus groups, and/or targeted in-person interviews.

    The length of the pilot will greatly vary based on which flexible work options were selected (e.g. seasonal hours will require a shorter pilot period compared to implementing a compressed work week). Use discretion when deciding on pilot length and be open to extending or shortening the pilot length as needed.

    Launch pilot.

    • Launch the program through a town hall meeting or departmental announcement to build excitement and buy-in.
    • Develop separate communications for employee segments where appropriate. See Appendix II for key messaging to include.

    Gather feedback.

    • The feedback will be used to assess the pilot's success and to determine what modifications will be needed later for a full-scale rollout.
    • When gathering feedback, tailor questions based on the employee segment but keep themes similar. For example:
      • Employees: "How did this help your day-to-day work?"
      • Managers: "How did this improve productivity on your team?"

    Track metrics.

    • The success of the pilot is best communicated using your department's unique KPIs.
    • Metrics are critical for:
      • Accurately determining pilot success.
      • Getting buy-in to expand the pilot beyond IT.
      • Justifying to employees any changes made to the flexible work options.

    Assess the pilot's success and determine next steps

    Review the feedback collected on the previous slide and use this decision tree to decide whether to relaunch a pilot or proceed to a full-scale rollout of the program.

    This is an image of the flow chart used to assess the pilot's success and determine the next steps.  It will help you to determine whether you will Proceed to full-scale rollout on next slide, Major modifications to the option/launch (e.g. change operating time) – adjust and relaunch pilot or select a new employee segment and relaunch pilot, Minor modifications to the option/launch (e.g. introduce additional communications) – adjust and proceed to full scale rollout, or Return to shortlist (Step 2) and select a different option or launch pilot with a different employee segment.

    Prepare for full-scale rollout

    If you have run a team pilot prior to rolling out to all of IT, or run an IT pilot before an organizational rollout, use the following steps to transition from pilot to full rollout.

    1. Determine modifications
      • Review the feedback gathered during the pilot and determine what needs to change for a full-scale implementation.
      • Update HR policies and programs to support flexible work. Work closely with your HR business partner and other organizational leaders to ensure every department's needs are understood and compliance issues are addressed.
    2. Roll out and evaluate
      • Roll out the remainder of the program (e.g. to other employee segments or additional flexible work options) once there is significant uptake of the pilot by the target employee group and issues have been addressed.
      • Determine how feedback will be gathered after implementation, such as during engagement surveys, new hire and exit surveys, stay interviews, etc., and assess whether the program continues to meet employee and organizational needs.

    Rolling out beyond IT

    For a rollout beyond IT, HR will likely take over.

    However, this is your chance to remain at the forefront of your organization's flexible work efforts by continuing to track success and gather feedback within IT.

    Align HR programs and organizational policies to support flexible work

    Talent Management

    Learning & Development

    Talent Acquisition

    Reinforce managers' accountability for the success of flexible work in their teams:

    • Include "managing virtual teams" in the people management leadership competency.
    • Recognize managers who are modeling flexible work.

    Support flexible workers' career progression:

    • Monitor the promotion rates of flexible workers vs. non-flexible workers.
    • Make sure flexible workers are discussed during talent calibration meetings and have access to career development opportunities.

    Equip managers and employees with the knowledge and skills to make flexible work successful.

    • Provide guidance on selecting the right options and maintaining workflow.
    • If moving to a virtual environment, train managers on how to make it a success.

    Incorporate the flexible work program into the organization's employee value proposition to attract top talent who value flexible work options.

    • Highlight the program on the organization's career site and in job postings.

    Organizational policies

    Determine which organizational policies will be impacted as a result of the new flexible work options. For example, the introduction of flex time off can result in existing vacation policies needing to be updated.

    Plan to re-evaluate the program and make improvements

    Collect data

    Collect data

    Act on data

    Uptake

    Gather data on the proportion of employees eligible for each option who are using the option.

    If an option is tracking positively:

    • Maintain or expand the program to more of the organization.
    • Conduct a feasibility assessment (Step 2) for new employee segments.

    Satisfaction

    Survey managers and employees about their satisfaction with the options they are eligible for and provide an open box for suggestions on improvements.

    If an option is tracking negatively:

    • Investigate why. Gather additional data, interview organizational leaders, and/or conduct focus groups to gain deeper insight.
    • Re-assess the feasibility of the option (Step 2). If the costs outweigh the benefits based on new data, determine whether to cancel the option.
    • Take appropriate action based on the outcome of the evaluation, such as modifying or cancelling the option or providing employees with more support.
      • Note: Cancelling an option can impact the engagement of employees using the option. Ensure that the data, reasons for cancelling the option, and potential substitute options are communicated to employees in advance.

    Program goal progress

    Monitor progress against the program goals and metrics identified in Step 1 to evaluate the impact on issues that matter to the organization (e.g. retention, productivity, diversity).

    Career progression

    Evaluate flexible workers' promotion rates and development opportunities to determine if they are developing.

    Info-Tech Insight

    Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.

    Insight summary

    Overarching insight: IT excels at hybrid location work and is more effective as a business function when location, time, and time-off flexibility are an option for its employees.

    Introduction

    • Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.
    • Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.
    • Flexible work benefits everyone. IT employees experience greater engagement, motivation, and company loyalty. IT organizations realize benefits such as better service coverage, reduced facilities costs, and increased productivity.

    Step 1 insight

    • Hybrid work is a start. A comprehensive flex work program extends beyond flexible location to flexible time and time off. Organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.
    • No two employee segments are the same. To be effective, flexible work options must align with the expectations and working processes of each segment.

    Step 2 insight

    • Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future proofing your organization.
    • Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization, or if the cost of the option is too high, it will not support the long-term success of the organization.
    • Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.

    Step 3 insight

    • Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.
    • Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.
    • A set of formal guidelines for IT ensures flexible work is:
      1. Administered fairly across all IT employees.
      2. Defensible and clear.
      3. Scalable to the rest of the organization.

    Research Contributors and Experts

    Quinn Ross
    CEO
    The Ross Firm Professional Corporation

    Margaret Yap
    HR Professor
    Ryerson University

    Heather Payne
    CEO
    Juno College

    Lee Nguyen
    HR Specialist
    City of Austin

    Stacey Spruell
    Division HR Director
    Travis County

    Don MacLeod
    Chief Administrative Officer
    Zorra Township

    Stephen Childs
    CHRO
    Panasonic North America

    Shawn Gibson
    Sr. Director
    Info Tech Research Group

    Mari Ryan
    CEO/Founder
    Advancing Wellness

    Sophie Wade
    Founder
    Flexcel Networks

    Kim Velluso
    VP Human Resources
    Siemens Canada

    Lilian De Menezes
    Professor of Decision Sciences
    Cass Business School, University of London

    Judi Casey
    WorkLife Consultant and former Director, Work and Family Researchers Network
    Boston College

    Chris Frame
    Partner – Operations
    LiveCA

    Rose M. Stanley, CCP, CBP, WLCP, CEBS
    People Services Manager
    Sunstate Equipment Co., LLC

    Shari Lava
    Director, Vendor Research
    Info-Tech Research Group

    Carol Cochran
    Director of People & Culture
    FlexJobs

    Kidde Kelly
    OD Practitioner

    Dr. David Chalmers
    Adjunct Professor
    Ted Rogers School of Management, Ryerson University

    Kashmira Nagarwala
    Change Manager
    Siemens Canada

    Dr. Isik U. Zeytinoglu
    Professor of Management and Industrial Relations McMaster University, DeGroote School of Business

    Claire McCartney
    Diversity & Inclusion Advisor
    CIPD

    Teresa Hopke
    SVP of Client Relations
    Life Meets Work – www.lifemeetswork.com

    Mark Tippey
    IT Leader and Experienced Teleworker

    Dr. Kenneth Matos
    Senior Director of Research
    Families and Work Institute

    1 anonymous contributor

    Appendix I: Sample focus group questions

    See Info-Tech's Focus Group Guidefor guidance on setting up and delivering focus groups. Customize the guide with questions specific to flexible work (see sample questions below) to gain deeper insight into employee preferences for the feasibility assessment in Step 2 of this blueprint.

    Document themes in the Targeted Flexible Work Program Workbook.

    • What do you need to balance/integrate your work with your personal life?
    • What challenges do you face in achieving work-life balance/integration?
    • What about your job is preventing you from achieving work-life balance/integration?
    • How would [flexible work option] help you achieve work-life balance/integration?
    • How well would this option work with the workflow of your team or department? What would need to change?
    • What challenges do you see in adopting [flexible work option]?
    • What else would be helpful for you to achieve work-life balance/integration?
    • How could we customize [flexible work option] to ensure it meets your needs?
    • If this program were to fail, what do you think would be the top reasons and why?

    Appendix II: Communication key messaging

    1. Program purpose

    Start with the name and high-level purpose of the program.

    2. Business reasons for the program

    Share data you gathered in Step 1, illustrating challenges causing the need for the program and the benefits.

    3. Options selection process

    Outline the process followed to select options. Remember to share the involvement of stakeholders and the planning around employees' feedback, needs, and lived experiences.

    4. Options and eligibility

    Provide a brief overview of the options and eligibility. Specify that the organization is piloting these options and will modify them based on feedback.

    5. Approval not guaranteed

    Qualify that employees need to be "flexible about flexible work" – the options are not guaranteed and may sometimes be unavailable for business reasons.

    6. Shared responsibility

    Highlight the importance of everyone (managers, flexible workers, the team) working together to make flexible work achievable.

    7. Next steps

    Share any next steps, such as where employees can find the organization's Guide to Flexible Work for Managers and Employees, how to make flexible work a success, or if managers will be providing further detail in a team meeting.

    8. Ongoing communications

    Normalize the program and embed it in organizational culture by continuing communications through various media, such as the organization's newsletter or announcements in town halls.

    Works Cited

    Baziuk, Jennifer, and Duncan Meadows. "Global Employee Survey - Key findings and implications for ICMIF." EY, June 2021. Accessed May 2022.
    "Businesses suffering 'commitment issues' on flexible working," EY, 21 Sep. 2021. Accessed May 2022.
    "IT Talent Trends 2022". Info-Tech Research Group, 2022.
    "Jabra Hybrid Ways of Working: 2021 Global Report." Jabra, Aug. 2021. Accessed May 2022.
    LinkedIn Talent Solutions. "2022 Global Talent Trends." LinkedIn, 2022. Accessed May 2022.
    Lobosco, Mark. "The Future of Work is Flexible: 71% of Leaders Feel Pressure to Change Working Models." LinkedIn, 9 Sep. 2021. Accessed May 2022.
    Ohm, Joy, et al. "Covid-19: Women, Equity, and Inclusion in the Future of Work." Catalyst, 28 May 2020. Accessed May 2022.
    Pelta, Rachel. "Many Workers Have Quit or Plan to After Employers Revoke Remote Work." FlexJobs, 2021. Accessed May 2022.
    Slack Future Forum. "Inflexible return-to-office policies are hammering employee experience scores." Slack, 19 April 2022. Accessed May 2022.
    "State of Hybrid Work in IT: A Trend Report". Info-Tech Research Group, 2023.
    Threlkeld, Kristy. "Employee Burnout Report: COVID-19's Impact and 3 Strategies to Curb It." Indeed, 11 March 2021. Accessed March 2022.

    Data Protection Notice

    Tymans Group BV processes personal information in compliance with this privacy statement. For further information, questions or comments on our privacy policy, please contact Gert Taeymans at https://tymansgroup.com/gdpr-contact.

    Purposes of the processing

    Tymans Group BV collects and processes customers’ personal data for customer and order management (customer administration, order / delivery follow-up, invoicing, solvency follow-up, profiling and the sending of marketing and personalised advertising).

    Legal foundation for the processing

    Personal data is processed based on several provisions of Article 6.1.

    (a)  consent, which you can revoke at any time,

    (b) required for the implementation of an agreement between you and Tymans Group BV, eg. when you enter into a contract with us,

    (c)  required to satisfy a legal obligation

    (f)  (required for the protection of our legitimate interest in entrepreneurship)] of the General Data Protection Regulation. An actual data item may be subject to multiple provisions.

    Insofar as the processing of personal data takes place based on Article 6.1. a) (consent), customers always have the right to withdraw the given consent.

    Transfer to third parties

    If required to achieve the set purposes, your personal data will be shared with other companies within the European Economic Area, which are linked directly or indirectly with Gert Taeymans BV or with any other partner of Tymans Group BV

    Tymans Group BV guarantees that these recipients will take the necessary technical and organisational measures for the protection of personal data.

    Third party categories that are subject to this provision are:

        Accounting
        Hosting
        Software Engineering (when you order websites or custom development with us)
        Social Media (only as part of Social Media Marketing contracted services by you)

    Due to the ECJ striking down the  EU-US Privacy Shield agreement, this leaves us with a open gap. The resulting implications and actions to take are not yet clear. You must be aware that one can argue that any data transfer from the EU towards the US is now in breach of the law. Other argue that necessary transfers are still allowed, whithout however defining, as far as we know, what "necessary" actually means. This website runs on servers within the EU. We also closely follow the opinions by the scholars and our regulator.

    Retention period

    Personal data processed for customer management will be stored for the time necessary to satisfy legal requirements (in terms of bookkeeping, among others).

    Right to inspection, improvement, deletion, limitation, objection and transferability of personal data

    You have at all times the right to inspect your personal data and can have it improved should it be incorrect or incomplete, have it removed, limit its processing an object to the processing of their personal data based on Article 6.1 (f), including profiling based on said provisions. Any personal data however that is needed for the legal processing of your order cannot be removed after you placed an order, as we need to keep it for legal purposes.

    Furthermore, you are entitled to obtain a copy of your personal data and to have said personal data forwarded to another company.

    In order to exercise the aforementioned rights, you are requested to send an e-mail the following address: dataprivacy@tymansgroup.com.

    Direct marketing

    You are entitled to object free of charge to the processing of any processing of their personal data aimed at direct marketing.

    Complaint

    You have the right to file a complaint with the Belgian Privacy Protection Commission (35 Rue de la Presse, 1000 Brussels - contact@adp-gba.be - 02/ 274 48 00 or 02/ 274 48 35).

    Mitigate the Risk of Cloud Downtime and Data Loss

    • Buy Link or Shortcode: {j2store}412|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Senior leadership is asking difficult questions about the organization’s dependency on third-party cloud services and the risk that poses.
    • IT leaders have limited control over third-party incidents and that includes cloud services. Yet they are on the hot seat when cloud services go down.
    • While vendors have swooped in to provide resilience options for the more-common SaaS solutions, it is not the case for all cloud services.

    Our Advice

    Critical Insight

    • No control over the software does not mean no recovery options. Solutions range from designing an IT workaround using alternate technologies to pre-defined third-party service continuity options (e.g. see options for O365) to business workarounds.
    • Even where there is limited control, you can at least define an incident response plan to streamline notification, assessment, and implementation of workarounds. Leadership wants more options than simply waiting for the service to come back online.
    • At a minimum, IT’s responsibility is to identify and communicate risk to senior leadership. That starts with a vendor review to identify SLA issues and overall resilience gaps.

    Impact and Result

    • Follow a structured process to assess cloud resilience risk.
    • Identify opportunities to mitigate risk – at the very least, ensure critical data is protected.
    • Summarize cloud services risk, mitigation options, and incident response for senior leadership.

    Mitigate the Risk of Cloud Downtime and Data Loss Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Mitigate the Risk of Cloud Downtime and Data Loss – Step-by-step guide to assess risk, identify risk mitigation options, and create an incident response plan.

    Even where there is limited control, you can define an incident response plan to streamline notification, assessment, and implementation of workarounds.

    • Mitigate the Risk of Cloud Downtime and Data Loss Storyboard

    2. Cloud Services Incident Risk and Mitigation Review – Review your key cloud vendors’ SLAs, incident preparedness, and data protection strategy.

    At a minimum, IT’s responsibility is to identify and communicate risk to senior leadership. That starts with a vendor review to identify SLA and overall resilience gaps.

    • Cloud Services Incident Risk and Mitigation Review Tool

    3. SaaS Incident Response Workflows – Use these examples to guide your efforts to create cloud incident response workflows.

    The examples illustrate different approaches to incident response depending on the criticality of the service and options available.

    • SaaS Incident Response Workflows (Visio)
    • SaaS Incident Response Workflows (PDF)

    4. Cloud Services Resilience Summary – Use this template to capture your results.

    Summarize cloud services risk, mitigation options, and incident response for senior leadership.

    • Cloud Services Resilience Summary
    [infographic]

    Further reading

    Mitigate the Risk of Cloud Downtime and Data Loss

    Resilience and disaster recovery in an increasingly Cloudy and SaaSy world.

    Analyst Perspective

    If you think cloud means you don’t need a response plan, then get your resume ready.

    Frank Trovato

    Most organizations are now recognizing that they can’t ignore the risk of a cloud outage or data loss, and the challenge is “what can I do about it?” since there is limited control.

    If you still think “it’s in the cloud, so I don’t need to worry about it,” then get your resume ready. When O365 goes down, your executives are calling IT, not Microsoft, for an answer of what’s being done and what can they do in the meantime to get the business up and running again.

    The key is to recognize what you can control and what actions you can take to evaluate and mitigate risk. At a minimum, you can ensure senior leadership is aware of the risk and define a plan for how you will respond to an incident, even if that is limited to monitoring and communicating status.

    Often you can do more, including defining IT workarounds, backing up your SaaS data for additional protection, and using business process workarounds to bridge the gap, as illustrated in the case studies in this blueprint.

    Frank Trovato
    Research Director, Infrastructure & Operations

    Info-Tech Research Group

    Use this blueprint to expand your DRP and BCP to account for cloud services

    As more applications are migrated to cloud-based services, disaster recovery (DR) and business continuity plans (BCP) must include an understanding of cloud risks and actions to mitigate those risks. This includes evaluating vendor and service reliability and resilience, security measures, data protection capabilities, and technology and business workarounds if there is a cloud outage or incident.

    Use the risk assessments and cloud service incident response plans developed through this blueprint to supplement your DRP and BCP as well as further inform your crisis management plans (e.g. account for cloud risks in your crisis communication planning).

    Overall Business Continuity Plan

    IT Disaster Recovery Plan

    A plan to restore IT application and infrastructure services following a disruption.

    Info-Tech’s Disaster Recovery Planning blueprint provides a methodology for creating the IT DRP. Leverage this blueprint to validate and provide inputs for your IT DRP.

    BCP for Each Business Unit

    A set of plans to resume business processes for each business unit.

    Info-Tech’s Develop a Business Continuity Plan blueprint provides a methodology for creating business unit BCPs as part of an overall BCP for the organization.

    Crisis Management Plan

    A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage.

    Info-Tech’s Implement Crisis Management Best Practices blueprint provides a framework for planning a response to any crisis, from health and safety incidents to reputational damage.

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • Senior leadership is asking difficult questions about the organization’s dependency on third-party cloud services and the risk that poses.
    • Migrating to cloud services transfers much of the responsibility for day-to-day platform maintenance but not accountability for resilience.
    • IT leaders are often responsible for not just the organization’s IT DRP but also BCP and other elements of overall resilience. Cloud risk adds another element IT leaders need to consider.
    • IT leaders have limited control over third-party incidents and that includes cloud services. With SaaS services in particular, recovery or continuity options may be limited.
    • While vendors have swooped in to provide resilience options for the more common SaaS solutions, that is not the case for all cloud services.
    • Part of the solution is defining business process workarounds and that depends on cooperation from business leaders.
    • At a minimum, IT’s responsibility is to identify and communicate risk to senior leadership. That starts with a vendor review to identify SLA and overall resilience gaps.
    • Adapt how you approach downtime and data loss risk, particularly for SaaS solutions where there is limited or no control over the system.
    • Even where there is limited control, you can define an incident response plan to streamline notification, assessment, and implementation of workarounds. Leadership wants more options than simply waiting for the service to come back online.

    Info-Tech Insight

    Asking vendors about their DRP, BCP, and overall resilience has become commonplace. Expect your vendors to provide answers so you can assess risk. Furthermore, your vendor may have additional offerings to increase resilience or recommendations for third parties who can further assist your goals of improving cloud service resilience.

    Key deliverable

    Cloud Services Resilience Summary

    Provide leadership with a summary of cloud risk, downtime workarounds implemented, and additional data protection.

    The image contains a screenshot of the Cloud Services Resilience Summary.

    Additional tools and templates in this blueprint

    Cloud Services Incident Risk and Mitigation Review Tool

    Use this tool to gather vendor input, evaluate vendor SLAs and overall resilience, and track your own risk mitigation efforts.

    The image contains a screenshot of the Cloud Services Incident Risk and Mitigation Review Tool.

    SaaS Incident Response Workflows

    Use the examples in this document as a model to develop your own incident response workflows for cloud outages or data loss.

    The image contains a screenshot of the SaaS Incident Response Workflows.

    This blueprint will step you through the following actions to evaluate and mitigate cloud services risk

    1. Assess your cloud risk
    • Review your cloud services to determine potential impact of downtime/data loss, vendor SLA gaps, and vendor’s current resilience.
  • Identify options to mitigate risk
    • Explore your cloud vendor’s resilience offerings, third-party solutions, DIY recovery options, and business workarounds.
  • Create an incident response plan
    • Document your cloud risk mitigation strategy and incident response plan, which might include a failover strategy, data protection, and/or business continuity.

    Cloud Risk Mitigation

    Identify options to mitigate risk

    Create an incident response plan

    Assess risk

    Phase 1: Assess your cloud risk

    Phase 1

    Phase 2

    Phase 3

    Assess your cloud risk

    Identify options to mitigate risk

    Create an incident response plan

    Cloud does not guarantee uptime

    Public cloud services (e.g. Azure, GCP, AWS) and popular SaaS solutions experience downtime every year.

    A few cloud outage examples:

    • Microsoft Azure AD outage, March 15, 2022:
      Many users could not log into O365, Dynamics, or the Azure Portal.
      Cause: software change.
    • Three AWS outages in December 2021: December 7 (Netflix and others impacted), December 15 (Duo, Zoom, Slack, others), December 20 (Slack, Epic Games, others). Cause: network issues, power outage.
    • Salesforce outage, May 12, 2022: Users could not access the Lightning platform. Cause: expired certificate.

    Cloud availability

    • Migrating to cloud services can improve availability, as they typically offer more resilience than most organizations can afford to implement themselves.
    • However, having multiple data centers, zones, and regions doesn’t prevent all outages, as we see every year with even the largest cloud vendors.

    DR challenges for IaaS, PaaS, and cloud-native

    While there are limits to what you control, often traditional “failover” DR strategy can apply.

    High-level challenges and resilience options:

    • IaaS: No control over the hardware, but you can failover to another region. This is fairly similar to traditional DR.
    • PaaS: No control over the software platform (e.g. SQL server as a service), but you can back up your data and explore vendor options to replicate your environment.
    • Cloud-native applications: As with PaaS, you can back up your data and explore vendor options to replicate your environment.

    Plan for resilience

    • Include DR requirements when designing cloud service implementation. For example, for IaaS solutions, identify what data would need to be replicated and what services may need to be “always on” (e.g. database services where high-availability is demanded).
    • Similarly, for PaaS and cloud-native solutions, consult your vendor regarding options to build in resilience options (e.g. ability to failover to another environment).

    DR challenges for SaaS solutions

    SaaS is the biggest challenge because you have no control over any part of the base application stack.

    High-level challenges and resilience options:

    • No control over the hardware (or the facility, maintenance processes, and so on).
    • No control over the base application (control is limited to configuration settings and add-on customizations or integrations).
    • Options to back up your data will depend on the service.

    Note: The rest of this blueprint is focused primarily on SaaS resilience due to the challenges listed here. For other cloud services, leverage traditional DR strategies and vendor management to mitigate risk (as summarized on the previous slides).

    Focus on what you can control

    • For SaaS solutions in particular, you must toss out traditional DR. If Salesforce has an outage, you won’t be involved in recovering the system.
    • Instead, DR for SaaS needs to focus on improving resilience where you do have control and implementing business workarounds to bridge the gap.

    Evaluate your cloud services to clarify your specific risks

    Time and money is limited, so focus first on cloud services that are most critical and evaluate the vendors’ SLA and existing resilience capabilities.

    The activities on the next two slides will evaluate risk through two approaches:

    Activity 1: Estimate potential impact of downtime and data loss to quantify the risk and determine which cloud services are most critical and need to be prioritized. This is done through a business impact analysis that assesses:

    • Impact on revenue or costs (if applicable).
    • Impact on reputation (e.g. customer impact).
    • Impact on regulatory compliance and health and safety (if applicable).

    Activity 2: Review the vendor to identify risks and gaps. Specifically, evaluate the following:

    • Incident Management SLAs (e.g. does the SLA include RTO/RPO commitments? Do they meet your requirements?)
    • Incident Response Preparedness (e.g. does the vendor have a DRP, BCP, and security incident response plan?)
    • Data Protection (e.g. does their backup strategy and data security meet your standards?)

    Activity 1: Quantify potential impact and prioritize cloud services using a business impact analysis (BIA)

    1-3 hours

    1. Download the latest version of our DRP BIA: DRP Business Impact Analysis Tool. The tool includes instructions.
    2. Include the cloud services you want to assess in the list of applications/systems (see the tool excerpt below), and follow the BIA methodology outlined in the Create a Right-Sized Disaster Recovery Plan blueprint.
    3. Use the results to quantify potential impact and prioritize your efforts on the most-critical cloud services.

    The image contains a screenshot of the DRP Business Impact Analysis Tool.

    Materials
    • DRP BIA Tool
    Participants
    • Core group of IT management and staff who can provide a well-rounded perspective on potential impact. They will create the first draft of the BIA.
    • Review the draft BIA with relevant business leaders to refine and validate the results.

    Activity 2: Review your key cloud vendors’ SLAs, incident preparedness, and data protection strategy

    1-3 hours

    Use the Cloud Services Incident Risk and Mitigation Review Tool as follows:

    1. Send the Vendor Questionnaire tab to your cloud vendors to gather input, and review your existing agreements.
    2. Copy the vendor responses into the tool (see the instructions in the tool) and evaluate. See the example excerpt below.
    3. Identify action items to clarify gaps or address risks. Some action items might not be defined yet and will need to wait until you have had a chance to further explore risk mitigation options.

    The image contains a screenshot of the Cloud Services Incident Risk and Mitigation Review Tool.

    Materials
    • Cloud Services Incident Risk and Mitigation Review Tool
    Participants
    • Core group of IT management and staff tasked with evaluating and improving cloud services’ resilience.

    Phase 2: Identify options to mitigate risk

    Phase 1

    Phase 2

    Phase 3

    Assess your cloud risk

    Identify options to mitigate risk

    Create an incident response plan

    Consult your vendor to identify options to improve resilience, as a starting point

    Your vendor might also be able to suggest third parties that offer additional support, backup, or service continuity options.

    • The Vendor Questionnaire tab in the Cloud Services Incident Risk and Mitigation Review Tool includes a section at the bottom where your vendor can name additional options to improve resilience (e.g. premium support packages, potentially their own DR services).
    • If your vendor has not completed that part of the questionnaire, meet with them to discuss this. Asking service vendors about resilience has become commonplace, so they should be prepared to answer questions about their own offerings and potentially can name trusted third-party vendors who can further assist you.
    • Leverage Info-Tech’s advisory services to evaluate options outlined by your vendor and potential third-party options (e.g. enterprise backup solutions that support backing up SaaS data).

    Some SaaS solutions have plenty of resilience options; others not so much

    • The pervasiveness of O365 has led vendors to close the service continuity gap, with options to send and receive email during an outage and back up your data.
    • With many SaaS solutions, there isn’t going to be a third-party service continuity option, but you might still be able to at least back up your data and implement business process workarounds to close the service gap.

    Example SaaS risk and mitigation: O365

    Risk

    • Several outages every year (e.g. MS Teams July 20, 2022).
    • SLA exceptions include “Scheduled Downtime,” which can occur with just five days’ notice.
    • The Recycling Bin is your data backup, depending on your setup.

    Options to mitigate risk (not an exhaustive list):

    • Third-party solutions for email service continuity.
    • Several backup vendors (e.g. Veeam, Rubrik) can protect most of your O365 suite.
    • Business continuity workarounds leveraging synced OneDrive, SharePoint, and Outlook (access to calendar invites).

    Example SaaS risk and mitigation: Salesforce

    Risk

    • Downtime has been infrequent, but Salesforce did have a major outage in May 2021 (DNS issue) and May 2022 (expired certificate).
    • At the time of this writing, the Main Services Agreement does not commit to a specific uptime value and specifies the usual exclusions.
    • Similarly, there are limited commitments regarding data protection.

    Options to mitigate risk (not an exhaustive list):

    • Salesforce provides a backup and restore service offering.
    • In addition, some third-party vendors support backing up Salesforce data for additional protection against data corruption or data loss.
    • Business continuity workarounds can further reduce the impact of downtime (e.g. record updates in MS Word and leverage Outlook for contact info until Salesforce is recovered).

    Establish a baseline standard for risk mitigation, regardless of cloud service

    At a minimum, set a goal to review vendor risk at least annually, define standard processes for monitoring outages, and review options to back up your SaaS data.

    Example baseline standard for cloud risk mitigation

    • Review vendor risk at least annually. This includes reviewing SLAs, vendor’s incident preparedness (e.g. do they have a current DRP, BCP, and Security IRP?), and the vendor’s data protection strategy.
    • Incident response plans must include, at a minimum, steps to monitor vendor outage and communicate status to relevant stakeholders. Where possible, business process workarounds are defined to bridge the service gap.
    • For critical data (based on your BIA and an evaluation of risk), maintain your own backups of SaaS data for additional protection.

    Embed risk mitigation standards into existing IT operations

    • Include specific SLA requirements, including incident management processes, in your RFP process and annual vendor review.
    • Define cloud incident response in your incident management procedures.
    • Include cloud data considerations in your backup strategy reviews.

    Phase 3: Create an incident response plan

    Phase 1

    Phase 2

    Phase 3

    Assess your cloud risk

    Identify options to mitigate risk

    Create an incident response plan

    Activity 1: Review the example incident response workflows and case studies as a starting point

    1-3 hours

    1. Review the SaaS Incident Response Workflows examples. The examples illustrate different approaches to incident response depending on the criticality of the service and options available.
    2. Review the case studies on the next few slides, which further illustrate the resilience and incident response solutions implemented.
    3. Note the key elements:
    • Detection
    • Assessment
    • Monitoring status / contacting the vendor
    • Communication with key stakeholders
    • Invoking workarounds, if applicable

    Example SaaS Incident Response Workflow Excerpt

    The image contains a screenshot of an example of the SaaS Incident Response Workflow Excerpt.
    Materials
    • SaaS Incident Response Workflows examples
    Participants
    • Core group of IT management and staff tasked with evaluating and improving cloud services’ resilience.
    • Relevant business process owners to provide input and define business workarounds, where applicable.

    Case Study 1: Recovery plan for critical fundraising event

    If either critical SaaS dependency fails, the following plan is executed:

    1. Donors are redirected to a predefined alternate donation page hosted by a different service. The alternate page connects to the backup payment processing service (with predefined integrations).
    2. Marketing communications support the redirect.
    3. While the backup solution doesn’t gather as much data, the payment details provide enough information to follow up with donors where necessary.

    Criticality justified a failover option

    The Annual Day of Giving generates over 50% of fundraising for the year. It’s critically dependent on two SaaS solutions that host the donation page and payment processing.

    To mitigate the risk, the organization implemented the ability to failover to an alternate “environment” – much like a traditional DR solution – supported by workarounds to manage data collection.

    Case Study 2: Protecting customer data

    Daily exports from a SaaS-hosted donations site reduce potential data loss:

    1. Daily exports to a CRM support donor profile updates and follow-ups (tax receipts, thank-you letters, etc.).
    2. The exports also mitigate the risk of data loss due to an incident with the SaaS-hosted donation site.
    3. This company is exploring more-frequent exports to further reduce the risk of data loss.

    Protecting your data gives you options

    For critical data, do you want to rely solely on the vendor’s default backup strategy?

    If your SaaS vendor is hit by ransomware or if their backup frequency doesn’t meet your needs, having your own data backup gives you options.

    It can also support business process workarounds that need to access that data while waiting for SaaS recovery.

    Case Study 3: Recovery plan for payroll

    To enable a more accurate payroll workaround, the following is done:

    1. After each payroll run, export the payroll data from the SaaS solution to a secure location.
    2. If there is a SaaS outage when payroll must be submitted, the exported data can be modified and converted to an ACH file.
    3. The ACH file is submitted to the bank, which has preapproved this workaround.

    BCP can bridge the gap

    When leadership looks to IT to mitigate cloud risk, include BCP in the discussion.

    Payroll is a good example where the best recovery option might be a business continuity workaround.

    IT often still has a role in business continuity workarounds, as in this case study: specifically, providing a solution to modify and convert the payroll data to an ACH file.

    Activity 2: Run tabletop planning exercises as a starting point to build your incident response plan

    1-3 hours

    1. Follow the tabletop planning instructions provided in the Create a Right-Sized Disaster Recovery Plan blueprint.
    2. Run the exercise for each cloud service. Keep the scenario generic at first (e.g. cloud service is down with no reported root cause) so you can focus on your response. Capture response steps and gaps.
    3. Add complexity in subsequent exercises (e.g. data loss plus downtime), and use that to expand and refine the workflow as needed.
    4. Use the resulting workflows as the core piece of your incident response plan.
    5. Supplement the workflow with relevant checklists or procedures. At this point you can choose to incorporate this into your DRP or BCP or maintain these documents as supplements to those plans.
      See the DRP Case Study and BCP Case Study for an example of DRP-BCP documentation.

    Example tabletop planning results excerpt with gaps identified

    The image contains an example tabletop planning results excerpt with gaps identified.

    Materials
    • SaaS Incident Response Workflows examples
    Participants
    • Core group of IT management and staff tasked with evaluating and improving cloud services’ resilience.
    • Review results with relevant business process owners to provide input and define business workarounds where applicable.

    Activity 3: Summarize cloud services resilience to inform senior leadership of current risks and mitigation efforts

    1-3 hours

    1. Use the Cloud Services Resilience Summary example as a template to capture the following:
    • The results of your vendor review (i.e. incident management SLAs, incident response preparedness, data protections strategy).
    • The current state of your downtime workarounds and additional data loss protection.
    • Your baseline standard for cloud services risk mitigation.
    • Summary of resilience, risks, workarounds, and data loss protection for each individual cloud service that you have reviewed.
  • Present the results to senior leadership to:
    • Highlight risks to inform business decisions to mitigate or accept those risks.
    • Summarize actions already taken to mitigate risks.
    • Communicate next steps (e.g. action items to address remaining risks).

    Cloud Services Resilience Summary – Table of Contents

    The image contains a screenshot of Cloud Services Resilience Summary – Table of Contents.
    Materials
    • Cloud Services Resilience Summary
    Participants
    • Core group of IT management and staff tasked with evaluating and improving cloud services’ resilience.
    • Review results with relevant business process owners to provide input and define business workarounds where applicable.

    Summary: For cloud services, after evaluating risk, IT must adapt how they approach risk mitigation

    1. Identify failover options where possible
    • A failover strategy is possible for many cloud services (e.g. IaaS replication to another region, or failing over SaaS to an alternate solution as in case study 1).
  • At least protect your data
    • Explore supplementary backup options to protect against ransomware, data corruption, or data loss and support business continuity workarounds (see case study 2).
  • Leverage BCP to close the gap
    • This doesn’t absolve IT of its role in mitigating cloud incident risk, but business process workarounds can bridge the gap where IT options are limited (see case study 3).

    Related Info-Tech Research

    IT DRP Maturity Assessment

    Get an objective assessment of your DRP program and recommendations for improvement.

    Create a Right-Sized Disaster Recovery Plan

    Close the gap between your DR capabilities and service continuity requirements.

    Develop a Business Continuity Plan

    Streamline the traditional approach to make BCP development manageable and repeatable.

    Implement Crisis Management Best Practices

    Don’t be another example of what not to do. Implement an effective crisis response plan to minimize the impact on business continuity, reputation, and profitability.