Establish Effective Security Governance & Management

The key is in stakeholder interactions, not policy and process.

Analyst Perspective

It's about stakeholder interactions, not policy and process.

Many security leaders complain about a lack of governance and management in their organizations. They have policies and processes but find neither have had the expected impact and that the organization is teetering on the edge of lawlessness, with stakeholder groups operating in ways that interfere with each other (usually due to poorly defined accountabilities).

Among the most common examples is security's relationship to the business. When these groups don't align, they tend to see each other as adversaries and make decisions in line with their respective positions: security endorses one standard, the business adopts another.

The consequences of this are vast. Such an organization is effectively opposed to itself. No wonder policy and process have not resolved the issue.

At a practical level, good governance stems from understanding how different stakeholder groups interact, providing inputs and outputs to each other and modeling who is accountable for what. But this implied accountability model needs to be formalized (perhaps even modified) before governance can help all stakeholder groups operate as strategic partners with clearly defined roles, responsibilities, and decision-making power. Only when policies and processes reflect this will they serve as effective tools to support governance.

Logan Rohde
Senior Research Analyst, Security & Privacy
Info-Tech Research Group

Executive Summary

Info-Tech Insight
Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad hoc decision making that undermines governance.

Your challenge

This research is designed to help organizations who need to:

• Establish security governance from scratch.
• Improve security governance despite a lack of cooperation from the business.
• Determine the accountabilities and responsibilities of each stakeholder group.

This blueprint will solve the above challenges by helping you model your organization's governance structure and implement processes to support the essential governance areas: policy, risk, and performance metrics.

Percentage of organizations that have yet to fully advance to a maturity-based approach to security

70%

Source: McKinsey, 2021

Common obstacles

These barriers make this challenge difficult to address for many organizations:

• The business does not wish to be governed and does not seek to align with security on the basis of risk.
• Various stakeholder groups essentially govern themselves, causing business functions to interfere with each other.
• Security teams struggle to differentiate between governance and management and the purpose of each.

Early adopter infrastructure

63%
Security leaders not reporting to the board about risk or incident detection and prevention.
Source: LogRhythm, 2021

46%
Those who report that senior leadership is confident cybersecurity leaders understand business goals.
Source: LogRhythm, 2021

Governance isn't just policy and process

Governance is often mistaken for an organization's formalized policies and processes. While both are important governance supports, they do not provide governance in and of themselves.

For governance to work well, an organization needs to understand how stakeholder groups interact with each other. What inputs and outputs do they provide? Who is accountable? Who is responsible? These are the questions one needs to ask before designing a governance structure. Failing to account for any of these three elements tends to result in overlap, inefficiency, and a lack of accountability, creating flawed governance.

Separate governance from management

Oversight versus operations

• COBIT emphasizes the importance of separating governance from management. These are complementary functions, but they refer to different parts of organizational operation.
• Governance provides a decision-making apparatus based on predetermined requirements to ensure smooth operations. It is used to provide oversight and direction and hinges on established accountabilities
• Simply put, governance refers to what an organization is and is not willing to permit in day-to-day operations, and it tends to make its presence known via the key areas of risk appetite, formal policy and process, and exception handling.
• Note: These key areas do not provide governance in and of themselves. Rather, governance emerges in accordance with the decisions an organization has made regarding these areas. Sometimes, however, these "decisions" have not been formally or consciously made and the current state of the organization's operations becomes the default - even when it is not working well.
• Management, by contrast, is concerned with executing business processes in accordance with the governance model, essentially, governance provides guidance for how to make decisions during daily management.

"Information security governance is the guiding hand that organizes and directs risk mitigation efforts into a business-aligned strategy for the entire organization."

Steve Durbin,
Chief Executive,
Information Security Forum, Forbes, 2023

Models for governance and management

Info-Tech's Governance and Management research uses the logic of COBIT's governance and management framework but distills this guidance into a practical, easy-to-implement series of steps, moving beyond the rudimentary logic of COBIT to provide an actionable and personalized governance model.

Clear accountabilities and responsibilities

Complementary frameworks to simplify governance and management

The distinction that COBIT draws between governance and management is roughly equivalent to that of accountability and responsibility, as seen in the RACI* model.

There can be several stakeholders responsible for something, but only one party can be accountable.

Use this guidance to help determine the accountabilities and responsibilities of your governance and management model.

*Responsible, Accountable, Consulted, Informed

Security governance framework

A security governance framework is a system that will design structures, processes, accountability definitions, and membership assignments that lead the security department toward optimal results for the business.

Governance is performed in three ways:

"Governance specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks. Management recommends security strategies. Governance ensures that security strategies are aligned with business objectives and consistent with regulations."
- EDUCAUSE

SMART metrics

Suggested targets to measure success

Specific

Measurable

Achievable

Relevant

Time-Bound

Info-Tech's methodology for security governance and management

Governance starts with mapping stakeholder inputs, outputs, and throughputs

The key is in stakeholder interactions, not policy and process
Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad hoc decision making that undermines governance.

Policy, process, and org. charts support governance but do not produce it on their own
To be effective, these things need to be developed with the accountabilities and influence of the organizational functions that produce them.

A lack of business alignment does not mean you're doomed to fail
While the highest levels of governance maturity depend on strong security-business alignment, there are still tactics one can use to improve governance.

All organizations have governance
Sometimes it is poorly defined, ineffective, and occurs in the same place as management, but it exists at some level, acting as the decision-making apparatus for an organization (i.e. what can and cannot occur).

Risk tolerances are variable across lines of business
This can lead to misalignments between security and the business, as each may have their own tolerance for particular risks. The remedy is to understand the risk appetite of the business and allow this to inform security risk management decisions.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Security Governance Model Tool

Security Governance Organizational Structure Template

Information Security Steering Committee Charter & RACI

Policy Exceptions-Handling Workflow

Policy Exception Tracker and Request Form

Key deliverable:

Security Governance Model

By the end of this blueprint, you will have created a personalized governance model to map your stakeholders' accountabilities, responsibilities, and key interactions.

Blueprint benefits

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 4 to 8 calls over the course of 2 to 3 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Customize your journey

The security governance and management blueprint pairs well with security design and security strategy.

• The governance and management model you create in this blueprint will inform efforts to improve security, like revisiting security program design and your security strategy.
• Work with your member services director, executive advisor, or technical counselor to scope the journey you need. They will work with you to align the subject matter experts to support your roadmap and workshops.

Workshop Day 1 and Day 2
Security Governance and Management

Workshop Day 3 and Day 4
Security Strategy Gap Analysis or Security Program Design Factors

Phase 1

Design Your Governance Model

Phase 1
1.1 Evaluate
1.2 Direct
1.3 Monitor

Phase 2
2.1 Implement Oversight
2.2 Set Risk Appetite
2.3 Implement Policy lifecycle

Establish Security Governance & Management

This phase will walk you through the following activities:

• Prioritize governance accountabilities
• Prioritize management responsibilities
• Evaluate current organizational structure
• Align with the business
• Build security governance and management model
• Finalize governance and management model
• Develop governance and management KPIs

This phase involves the following participants:

• CISO
• CIO
• Business representative

Step 1.1

Evaluate

Activities
1.1.1 Prioritize governance accountabilities
1.1.2 Prioritize management responsibilities
1.1.3 Evaluate current organizational structure

This step involves the following participants:

• CISO
• CIO
• Business representative

Outcomes of this step

• Defined governance accountabilities
• Defined management responsibilities

Design Your Governance Model

Step 1.1 > Step 1.2 > Step 1.3

Evaluate: Getting started

The above is a summary of COBIT 2019 EDM01.01 Evaluate the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

1.1.1 Prioritize governance accountabilities

1-2 hours

Using the example on the next slide, complete the following steps.

1. Download Info-Tech's Security Governance Model Tool using the link below and customize the stakeholder groups on tab 1 to reflect the makeup of your organization.
2. Using the previous slide as a guide, evaluate your organization's internal and external pressures and discuss their possible impacts your governance and management model.
3. Complete tab 2, Governance Prioritization, indicating your response to each prompt using the drop-down menus. The tool will score your responses and provide you with a prioritized list of governance accountabilities based on greatest need on tab 4, Governance Model Builder.
4. Review the list and make any desired modifications to the prompts on tab 2 and then move on to Activity 1.1.2. (We will return to tab 4 in Step 2.1.) Remember to evaluate the results against the internal/external pressure analysis to ensure these details are reflected.

Download the Security Governance Model Tool

Security Governance and Management Model Tool

Tabs 2 and 3

1.1.2 Prioritize management responsibilities

1 hours

Using the examples on the previous slide, complete the following steps.

1. Complete tab 3, Management Prioritization, indicating your response to each prompt using the drop-down menus. The tool will score your responses and provide you with a prioritized list of governance accountabilities based on greatest need on tab 4, Governance Model Builder.
2. Review the list and make any desired modifications to the prompts on tab 3 and then move on to Activity 1.1.3. (We will return to tab 4 in Step 2.1.) Remember to evaluate the results against the internal/external pressure analysis to ensure these details are reflected.

Download Security Governance Model Tool

Security Governance and Management Model Tool

Tab 4

1.1.3 Evaluate current organizational structure

1-3 hours

1. Download and modify Info-Tech's Security Governance Organizational Structure Template to reflect the reporting structure at your organization. If such a document already exists, simply review it and move on to the next step below.
2. Determine if the current organizational structure will negatively affect your ability to pursue the items in your prioritized lists from governance accountabilities and management responsibilities (e.g. conflicts of interest related to oversight or reporting), and discuss the feasibility of changing the current governance structure.
3. Record these recommended changes and any other key points you'd like the business or other stakeholders to be aware of. We'll use this information in the business alignment exercise in Step 2.1

Download the Security Governance Organizational Structure Template

Info-Tech resources

Locate structural problems in advance

• If you do not already have a diagram of your organization's reporting structure, use this template to create one. Examples are provided for high, medium, and low maturity.
• The existing reporting structure will likely affect the governance model you create, as it may not be feasible to assign certain governance accountabilities and management responsibilities to certain stakeholders.
• For example, it may make sense for the head of security to approve the security budget, but if they report to a CIO with greater authority that accountability will likely have to sit with the CIO instead.

Download the Security Governance Organizational Structure Template

Step 1.2

Direct

Activities
1.2.1 Align with the business
1.2.2 Build security governance and management model
1.2.3 Finalize governance and management model

This step involves the following participants:

CISO

CIO

Business representative

Outcomes of this step

• Record of key stakeholder interactions
• Visual governance model

Design Your Governance Model

Step 1.1 > Step 1.2 > Step 1.3

Direct: Getting started

The above is a summary of COBIT 2019 EDM01.02 Direct the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

Embed security governance within enterprise governance

Design structures, processes, authority definitions, and steering committee assignments to drive optimal business results.

1.2.1 Align with the business

1-3 hours

1. Request a meeting with the business to present your findings from the previous activities in Step 1.1. As you prepare for the meeting, remember to following points:

• The goal here is to align, not to command. You want the business to see the security team as a strategic ally that supports the pursuit of business goals.
• Make recommendations and explain any security risks associated with the direction the business wants to take, but the goal is not to strongarm the business into adopting your perspective.
• Above all, listen to the business to learn more about how they relate to governance and what their priorities are. This will help you adapt your governance model to better support business needs.

Info-Tech Insight
A lack of business participation does not mean your governance initiative is doomed. From this lack, we can still infer their attitudes toward security governance, and we can account for this in our governance model. This may limit the maturity your program can reach, but it doesn't prevent improvements from being made to your current security governance.

1.2.2 Build security governance and management model

1-2 hours

Using the example on the next slide, complete the following steps:

1. On tab 4, review the prioritized lists for governance accountabilities and management responsibilities and begin assigning them to the appropriate stakeholder groups.

• Remember: Responsibilities can be assigned to up to four stakeholders, but there can be only one party listed as accountable.

• Documenting these interactions will help you ensure your governance program accounts for inputs and outputs that are required by, or that otherwise affect, your various stakeholder groups.

Note: You may wish to review Info-Tech's governance model templates before completing this activity to get an idea of what you'll be working toward in this step. See slides 37-38.

Download Security Governance Model Tool

Security Governance and Management Model Tool

Tab 5

Security Governance and Management Model Tool continued

Tab 6

1.2.3 Visualize your security governance and management model

1-2 hours

1. Download the Security Governance Model Templates using the link below and determine which of the three example models most closely resembles your own.
2. Once you have chosen an example to work from, begin customizing it to reflect the governance model completed in Activity 1.2.2. See next slide for example.

Note: You do not have to use these templates. If you prefer, you can use them as inspiration and design your own model.

Download Security Governance Model Templates

Customize the template

Step 1.3

Monitor

Activities
1.3.1 Develop governance and management KPIs

This step involves the following participants:

• CISO
• CIO
• Security team
• Business representative

Outcomes of this step

Key performance indicators

Design Your Governance Model

Step 1.1 > Step 1.2 > Step 1.3

Monitor: Getting started

The above is a summary of COBIT 2019 EDM01.03 Monitor the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

1.3.1 Develop governance and management KPIs

1-2 hours

This activity is meant to provide a starting point for key governance metrics. To develop a comprehensive metrics program, see Info-Tech's Build a Security Metrics Program to Drive Maturity blueprint.

1. Create a list of four to six outcomes you'd like to see as the result of your new governance model. Be as specific as you can; the better defied the outcome, the easier it will be to determine suitable KPI.
2. For each desired outcome, determine what would best indicate that progress is being made toward that state.

• Desired outcome: security team is consulted before critical business decisions are made.
• Success criteria: the business evaluates Security's recommendations before starting new projects
• Possible KPI: % of critical business decisions made with security consultation
• See next slide for additional examples

Note: Try to phrase each KPI using percents, which helps to add context to the metric and will make it easier to explain when reporting metrics in the future.

Example KPIs

Establish Baseline Metrics

Baseline metrics will be improved through:

1. Improved business alignment
2. Developing formal process to manage security risks
3. Separating governance from management

Phase 2

Implement Essential Governance Processes

Phase 1
1.1 Evaluate
1.2 Direct
1.3 Monitor

Phase 2
2.1 Implement Oversight
2.2 Set Risk Appetite
2.3 Implement Policy Lifecycle

This phase will walk you through the following activities:

• Draft Steering Committee Charter
• Complete Steering Committee RACI
• Draft qualitative risk statements
• Model policy lifecycle
• Establish exceptions-handling process

This phase involves the following participants:

• CISO
• CRO
• CIO
• HR
• Internal Audit
• Business representative
• Legal

Establish Security Governance & Management

Step 2.1

Implement Oversight

Activities
2.1.1 Draft steering committee charter
2.1.2 Complete steering committee RACI

This step involves the following participants:

• CISO
• CRO
• CIO
• HR
• Internal Audit
• Business representative
• Legal

Outcomes of this step

Steering Committee Charter and RACI

Implement Essential Governance Processes

Step 2.1 > Step 2.2 > Step 2.3

2.1.1 Draft steering committee charter

1-3 hours

This activity is meant to provide a starting point for your steering committee. If a more comprehensive approach is desired, see Info-Tech's Improve Security Governance With a Security Steering Committee blueprint.

1. Download the template using the link below and review the various sections of the document
2. Review slides 50-51 to help determine the scope of your steering committee's role. Discuss with other stakeholder groups, as necessary, to determine the steering committee's duties, how often the group will meet, and what the regular meeting agenda will be.
3. Customize the template to suit your organization's needs.

Download Information Security Steering Committee Charter

Steering committee membership

Representation is key, but don't try to please everyone

• For your steering committee to be effective, it should include representatives from across the organization. However, it is important not to overextend committee membership, which can interfere with decision making.
• Participants should be selected based on the identified responsibilities of the security steering committee, and the number of people should be appropriate to the size and complexity of the organization.

Example steering committee

CISO
CRO
Internal Audit
CIO
Business Leaders
HR
Legal

Download Information Security Steering Committee Charter

Typical steering committee duties

Typical steering committee duties

2.1.2 Complete steering committee RACI

1-3 hours

1. Download the RACI template and review the membership roles. Customize the template to match the makeup of your steering committee.
2. Read through each task in the left-hand column and determine who will be involved:

• R - responsible: the person doing the action (can be multiple)
• A - accountable: the owner of the task, usually a department head who delegates the execution of the task (only assigned to one stakeholder)
• C - consulted: stakeholders that offer some kind of guidance, advice, or recommendation (can be multiple)
• I - Informed: stakeholders that receive status updates about the task (can be multiple)

Note: All tasks must have accountability and responsibility assigned (sometimes a single stakeholder is accountable and responsible). However, not all tasks will have someone consulted or informed.

Download Information Security Steering Committee RACI Chart

Step 2.2

Set Risk Appetite

Activities
2.2.1 Draft qualitative risk statements

This step involves the following participants:

• CISO
• CIO
• Business representative

Outcomes of this step

Qualitative risk appetite

Implement Essential Governance Processes

Step 2.1 > Step 2.2 > Step 2.3

Know your appetite for risk

What is an organizational risk appetite?

Setting risk appetite is a key governance function, as it structures how your organization will deal with the risks it will inevitably face - when they can be accepted, when they need to be mitigated, and when they must be rejected entirely.

It is important to note that risk appetite and risk tolerance are not the same. Risk appetite refers to the amount of risk the organization is willing to accept as part of doing business, whereas risk tolerance has more to do with individual risks affecting one or more lines of business that exceed that appetite. Such risks are often tolerated as individual cases that can be mitigated to an acceptable level of risk even though it exceeds the risk-appetite threshold.

2.1.2 Draft qualitative risk-appetite statements

1-3 hours

This activity is meant to provide a starting point for risk governance. To develop a comprehensive risk-management program, see Info-Tech's Combine Security Risk Management Components Into One Program blueprint.

1. Draft statements that express your attitudes toward the kinds of risks your organization faces. The point is to set boundaries to better understand when risk mitigation may be necessary.
Examples:

• We will not accept risks that may cause us to violate SLAs.
• We will avoid risks that may prevent the organization from operating normally.
• We will not accept risks that may result in exposure of confidential information.
• We will not accept risks that may cause significant brand damage.
• We will not accept risks that pose undue risk to human life or safety.

Step 2.3

Implement Policy Lifecycle

Activities
2.3.1 Model your policy lifecycle
2.3.2 Establish exception-approval process

This step involves the following participants:

• CISO
• CIO

Outcomes of this step

Policy lifecycle

Exceptions-handling process

Implement Essential Governance Processes

Step 2.1 > Step 2.2 > Step 2.3

2.3.1 Model your policy lifecycle

1-3 hours

This activity is meant to provide a starting point for policy governance. To develop a comprehensive policy-management program, see Info-Tech's Develop and Deploy Security Policies blueprint.

1. Review the sections within the Security Policy Lifecycle Template and delete any sections or subsections that do not apply to your organization.
2. As necessary, modify the lifecycle and receive approved sign-off by your organization's leadership.
3. Solicit feedback from stakeholders, specifically, IT department management and business stakeholders.

Download the Security Policy Lifecycle Template

Develop the security policy lifecycle

The security policy lifecycle is an integral component of the security policy program and adds value by:

• Setting out a roadmap to define needs, develop required documentation, and implement, communicate, and measure your policy program.
• Defining roles and responsibilities for the security policy suite.
• Aligning the business goals, security program goals, and policy objectives.

Diagram inspired by: ComplianceBridge, 2021

2.3.2 Establish exception-approval process

1-3 hours

1. Download the Security Policy Exception Approval Template and customize it to match your exception-handling process. Be sure to account for the recommendations on the next slide.
2. Use the Policy Exception Tracker to record and monitor granted exceptions.

Download the Security Policy Exception Approval Workflow

Download the Security Policy Exception Tracker

Determine criteria to grant policy exception

A key part of security risk and policy governance

• Not all policies can be complied with all the time. As technology and business needs change, sometimes exceptions must be granted for operations to continue smoothly.
• Exceptions can be either short or long term.
• Short-term exceptions are often granted until a particular security gap can be closed, such as allowing staff to temporarily use new laptops that have yet to receive a required VPN for remote access.
• Long-term exceptions usually occur when closing the gap entirely is not feasible. For example, a legacy system may be unable to meet evolving security standards, but there is no room in the budget to replace it.
• Having a formal approval process for exceptions and a record of granted exceptions will help you to stay on top of security risk governance.

Before granting an exception:

1. Assess security risks associated with doing so: are they acceptable?
2. Look for another way to resolve the issue: is a suitable workaround possible?
3. Evaluate mitigating controls: is it possible to provide an equivalent level of security via other means?
4. Assign risk ownership: who will be accountable if an incident arises from the exception?
5. Determine appeals process: when disagreements arise, how will the final decision be made?

Sources: University of Virginia; CIS

Summary of Accomplishment

Problem Solved

You have now established a formal governance model for your organization - congratulations! Building this model and determining stakeholders' accountabilities and responsibilities is a big step.

Remember to continue to use the evaluate-direct-monitor framework to make sure your governance model evolves as organizational governance matures and priorities shift.

If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

Contact your account representative for more information.
workshops@infotech.com
1-888-670-8889

Additional Support

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

The following are sample activities that will be conducted by Info-Tech analysts with your team:

Build Governance Model
Build a customized security governance model for your organization.

Develop policy lifecycle
Develop a policy lifecycle and exceptions-handling process.

Related Info-Tech Research

Build an Information Security Strategy

Design a Business-Focused Security Program

Combine Security Risk Management Components Into One Program

Research contributors and experts

Michelle Tran
Consulting Industry

One anonymous contributor

Bibliography

Durbin, Steve. "Achieving The Five Levels Of Information Security Governance." Forbes, 4 Apr. 2023. Accessed 4 Apr. 2023.

Eiden, Kevin, et al. "Organizational Cyber Maturity: A Survey of Industries." McKinsey & Company, 4 Aug. 2021. Accessed 25 Apr. 2023.

"Information Security Exception Policy." Center for Internet Security, 2020. Accessed 14 Apr. 2023.

"Information Security Governance." EDUCAUSE, n.d. Accessed 27 Apr. 2023.

ISACA. COBIT 2019 Framework: Governance and Management Objectives. GF Books, 2018.

Policies & Procedures Team. "Your Policy for Policies: Creating a Policy Management Framework." ComplianceBridge, 30 Apr. 2021. Accessed 27 Apr. 2023.

"Security and the C-Suite: Making Security Priorities Business Priorities." LogRhythm, Feb. 2021. Accessed 25 Apr 2023.

University of Virginia. "Policy, Standards, and Procedures Exceptions Process." Information Security at UVA, 1 Jun. 2022. Accessed 14 Apr. 2023

Adopt an Exponential IT Mindset

Thrive through the next paradigm shift

Executive Summary

For more than 40 years, information technology has significantly transformed businesses, from the computerization of operations to the digital transformation of business models. As technological disruption accelerates exponentially, a world of exponential business opportunity is within reach.

Newly emerging technologies such as generative AI, quantum computing, 5G cellular networks, and next-generation robotics are enabling autonomous business capabilities.

The role of IT has evolved throughout the past couple generations to enable business transformations. In the autonomization era, it will have to evolve again. IT will have a new mission, an adapted governance structure, innovative capabilities, and an advanced partnership model.

CIOs embracing exponential IT require a new mindset. Their IT practices will need to progress to the top of the maturity ladder as they make business outcomes their own.

Over the past two generations, we have witnessed major technology-driven business transformations

1980s

Computerization

The use of computer devices, networks, and applications became widespread in the enterprise. The focus was on improving the efficiency of back-office tasks.

2000s

Digitalization

As the world became connected through the internet, new digitally enabled business models emerged in the enterprise. Orders were now being received online, and many products and services were partially or fully digitized for online fulfillment.

Recent pandemic measures contributed to a marked acceleration in the digitalization of organizations

The massive disruption resulting from pandemic measures led businesses to shift to more digital interactions with customers.

The global average share of customer interactions that are digital went from 36% to 58% in less than a year.*

Moreover, companies across business areas have accelerated the digitization of their offerings.

The global average share of partially or fully digitized products went from 35% to 55% in the same period.*

The adoption of digitalized business models has accelerated during the pandemic. Post-pandemic, it is unlikely for adoption to recede.

With more business applications ported to the cloud and more data available online, “digital-first” organizations started to envisage a next wave of automation.

*Source: “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever,” McKinsey & Company, 2020

A majority of IT leaders plan to use artificial intelligence within their organizations in 2023

In August 2022, Info-Tech surveyed 506 IT leaders and asked which tasks would involve AI in their organizations in 2023.

We found that 63% of IT leaders plan to use AI within their organizations to automate repetitive, low-level tasks by the end of 2023.

With the release of the ChatGPT prototype in November 2022, setting a record for the fastest user growth (reaching 100 million active users just two months after launch), we foresee that AI adoption will accelerate significantly and its use will extend to more complex tasks.

Newly emerging technologies and business realities are ushering in the next business transformation

1980s

Computerization

2000s

Digitalization

2020s

Autonomization

As digitalization accelerates, a post-pandemic world with a largely online workforce and digitally transformed enterprise business models now enters an era where more business capabilities become autonomous, with humans at the center of a loop* that is gradually becoming larger.

Deep Learning, Quantum Computing, 5G Networks, Robotics

* Download Info-Tech’s CIO Trend Report 2019 – Become a Leader in the Loop

The role of IT needs to evolve as it did through the previous two generations

The autonomization era brings enormous opportunity for organizations, coupled with enormous risk

While some analysts have been quick to announce the demise of the IT department and the transition of the role of IT to the business, the budgets that CIOs control have continued to rise steadily over time.

In a high-risk, high-reward endeavor to make business processes autonomous, the role of IT will continue to be pivotal, because while everyone in the organization will rush to seize the value opportunity, the technology risk will be left for IT to manage.

Exponential IT represents a necessary change in a CIO’s focus to lead through the next paradigm shift

EXPONENTIAL RISK

Autonomous processes will integrate with human-led processes, creating risks to business continuity, information security, and quality of delivery. Supplier power will exacerbate business risks.

EXPONENTIAL REWARD

The efficiency gains and new value chains created through artificial intelligence, robotics, and additive manufacturing will be very significant. Most of this value will be realized through the augmentation of human labor.

EXPONENTIAL DEMAND

Autonomous solutions for productivity and back-office applications will eventually become commoditized and provided by a handful of large vendors. There will, however, be a proliferation of in-house algorithms and workflows to autonomize the middle and front office, offered by a busy landscape of industry-centric capability vendors.

EXPONENTIAL IT

Exponential IT involves IT leading the cognitive reengineering of the organization with evolved practices for:

• IT governance
• Asset management
• Vendor management
• Data management
• Business continuity management
• Information security management

To succeed, IT will have to adopt different priorities in its mission, governance, capabilities, and partnerships

Digitalization

A Connected World

Progressive IT

• Mission

  Enable the digital transformation of the business

• Governance

  Service metrics, security perimeters, business intelligence, compliance management

• Capabilities

  Service management, business analysis, application portfolio management, data management

• Partnerships

  Management of technology service agreements

Autonomization

An Exponential World

Exponential IT

• Mission

  Lead the business through autonomization.

• Governance

  Outcome-based metrics, zero trust, ESG reporting, digital trust

• Capabilities

  Experience management, business advisory, enterprise innovation, data differentiation

• Partnerships

  Management of business capability agreements

Fortune favors the bold: The CIO now has an opportunity to cement their role as business leader

Research has shown that companies that are more digitally mature have higher growth than the industry average. In these companies, the CIO is part of the executive management team.

And while the role of the CIO is generally tied to their mandate within the organization, we have seen their role progress from doer to leader as IT climbs the maturity ladder.

As companies strive to succeed in the next phase of technology-driven transformation, CIOs have an opportunity to demonstrate their business leadership. To do so, they will have to provide exceptionally mature services while owning business targets.

Domino – Maintain, Commit to, or Vacate?

Lotus Domino still lives, and you have options for migrating away from or remaining with the platform.

Executive Summary

Info-Tech Insight

“HCL announced that they have somewhere in the region of 15,000 Domino customers worldwide, and also claimed that that number is growing. They also said that 42% of their customers are already on v11 of Domino, and that in the year or so since that version was released, it’s been downloaded 78,000 times. All of which suggests that the Domino platform is, in fact, alive and well.”
– Nigel Cheshire in Team Studio

Your Challenge

You have a Domino/Notes footprint embedded within your business units and business processes. This is taxing your support organization; you are meeting resistance from the business, and you are now asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses as a multipurpose solution that, over the years, became embedded within core business applications and processes.

Common Obstacles

For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

Info-Tech Approach

The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

Review

Is “Lotus” Domino still alive?

Problem statement

The number of member engagements with customers regarding the Domino platform has, as you might imagine, dwindled in the past couple of years. While many members have exited the platform, there are still many members and organizations that have entered a long exit program, but with how embedded Domino is in business processes, the migration has slowed and been met with resistance. Some organizations had replatformed the applications but found that the replacement target state was inadequate and introduced friction because the new solution was not a low-code/business-user-driven environment. This resulted in returning the Domino platform to production and working through a strategy to maintain the environment.

This research is designed for:

• IT strategic direction decision-makers
• IT managers responsible for an existing Domino platform
• Organizations evaluating migration options for mission-critical applications running on Domino

This research will help you:

1. Evaluate migration options.
2. Assess the fit and purpose.
3. Consider strategies for overcoming potential challenges.
4. Determine the future of this platform for your organization.

The “everything may work” scenario

Adopt and expand

Believe it or not, Domino and Notes are still options to consider when determining a migration strategy. With HCL still committed to the platform, there are options organizations should seek to better understand rather than assuming SharePoint will solve all. In our research, we consider:

Importance to current business processes

• Importance of use
• Complexity in migrations
• Choosing a new platform

Available tools to facilitate

• Talent/access to skills
• Economies of scale/lower cost at scale
• Access to technology

Info-Tech Insight

With multiple options to consider, take the time to clearly understand the application rationalization process within your decision making.

• Archive/retire
• Application migration
• Application replatform
• Stay right where you are

Eliminate your bias – consider the advantages

“There is a lot of bias toward Domino; decisions are being made by individuals who know very little about Domino and more importantly, they do not know how it impacts business environment.”

– Rob Salerno, Founder & CTO, Rivet Technology Partners

Domino advantages include:

Modern Cloud & Application

• No-code/low-code technology

Business-Managed Application

• Business written and supported
• Embrace the business support model
• Enterprise class application

Leverage the Application Taxonomy & Build

• A rapid application development platform
• Develop skill with HCL training

HCL Domino is a supported and developed platform

Why consider HCL?

• Consider scheduling a Roadmap Session with HCL. This is an opportunity to leverage any value in the mission and brand of your organization to gain insights or support from HCL.
• Existing Domino customers are not the only entities seeking certainty with the platform. Software solution providers that support enterprise IT infrastructure ecosystems (backup, for example) will also be seeking clarity for the future of the platform. HCL will be managing these relationships through the channel/partner management programs, but our observations indicate that Domino integrations are scarce.
• HCL Domino should be well positioned feature-wise to support low-code/NoSQL demands for enterprises and citizen developers.

Visualize Your Application Roadmap

1. Focus on the application portfolio and crafting a roadmap for rationalization.
   • The process is intended to help you determine each application’s functional and technical adequacy for the business process that it supports.
2. Document your findings on respective application capability heatmaps.
   • This drives your organization to a determination of application dispositions and provides a tool to output various dispositions for you as a roadmap.
3. Sort the application portfolio into a disposition status (keep, replatform, retire, consolidate, etc.)
   • This information will be an input into any cloud migration or modernization as well as consolidation of the infrastructure, licenses, and support for them.

Our external support perspective

by Darin Stahl

Member Feedback

• Some members who have remaining Domino applications in production – while the retire, replatform, consolidate, or stay strategy is playing out – have concerns about the challenges with ongoing support and resources required for the platform. In those cases, some have engaged external services providers to augment staff or take over as managed services.
• While there could be existing support resources (in house or on retainer), the member might consider approaching an external provider who could help backstop the single resource or even provide some help with the exit strategies. At this point, the conversation would be helpful in any case. One of our members engaged an external provider in a Statement of Work for IBM Domino Administration focused on one-time events, Tier 1/Tier 2 support, and custom ad hoc requests.
• The augmentation with the managed services enabled the member to shift key internal resources to a focus on executing the exit strategies (replatform, retire, consolidate), since the business knowledge was key to that success.
• The member also very aggressively governed the Domino environment support needs to truly technical issues/maintenance of known and supported functionality rather than coding new features (and increasing risk and cost in a migration down the road) – in short, freezing new features and functionality unless required for legal compliance or health and safety.
• There obviously are other providers, but at this point Info-Tech no longer maintains a market view or scan of those related to Domino due to low member demand.

Domino database assessments

Consider the database.

• Domino database assessments should be informed through the lens of a multi-value database, like jBase, or an object system.
• The assessment of the databases, often led by relational database subject matter experts grounded in normalized databases, can be a struggle since Notes databases must be denormalized.

Key/Value		Column
Use case: Heavily accessed, rarely updated, large amounts of data Data Model: Values are stored in a hash table of keys. Fast access to small data values, but querying is slow Processor friendly Based on amazon's Dynamo paper Example: Project Voldemort used by LinkedIn		Use case: High availability, multiple data centers Data Model: Storage blocks of data are contained in columns Handles size well Based on Google's BigTable Example: Hadoop/Hbase used by Facebook and Yahoo
Document		Graph
Use case: Rapid development, Web and programmer friendly Data Model: Stores documents made up of tagged elements. Uses Key/Value collections Better query abilities than Key/Value databases. Inspired by Lotus Notes. Example: CouchDB used by BBC		Use case: Best at dealing with complexity and relationships/networks Data model: Nodes and relationships. Data is processed quickly Inspired by Euler and graph theory Can easily evolve schemas Example: Neo4j

Understand your options

Archive/Retire

Store the application data in a long-term repository with the means to locate and read it for regulatory and compliance purposes.

Migrate

Migrate to a new version of the application, facilitating the process of moving software applications from one computing environment to another.

Replatform

Replatforming is an option for transitioning an existing Domino application to a new modern platform (i.e. cloud) to leverage the benefits of a modern deployment model.

Stay

Review the current Domino platform roadmap and understand HCL’s support model. Keep the application within the Domino platform.

Archive/retire

Retire the application, storing the application data in a long-term repository.

Abstract

The most common approach is to build the required functionality in whatever new application/solution is selected, then archive the old data in PDFs and documents.

Typically this involves archiving the data and leveraging Microsoft SharePoint and the new collaborative solutions, likely in conjunction with other software-as-a-service (SaaS) solutions.

Advantages

• Reduce support cost.
• Consolidate applications.
• Reduce risk.
• Reduce compliance and security concerns.
• Improve business processes.

Considerations

• Application transformation
• eDiscovery costs
• Legal implications
• Compliance implications
• Business process dependencies

Info-Tech Insights

Be aware of the costs associated with archiving. The more you archive, the more it will cost you.

Application migration

Migrate to a new version of the application

Abstract

An application migration is the managed process of migrating or moving applications (software) from one infrastructure environment to another.

This can include migrating applications from one data center to another data center, from a data center to a cloud provider, or from a company’s on-premises system to a cloud provider’s infrastructure.

Advantages

• Reduce hardware costs.
• Leverage cloud technologies.
• Improve scalability.
• Improve disaster recovery.
• Improve application security.

Considerations

• Data extraction, starting from the document databases in NSF format and including security settings about users and groups granted to read and write single documents, which is a powerful feature of Lotus Domino documents.
• File extraction, starting from the document databases in NSF format, which can contain attachments and RTF documents and embedded files.
• Design of the final relational database structure; this activity should be carried out without taking into account the original structure of the data in Domino files or the data conversion and loading, from the extracted format to the final model.
• Design and development of the target-state custom applications based on the new data model and the new selected development platform.

Application replatform

Transition an existing Domino application to a new modern platform

Abstract

This type of arrangement is typically part of an application migration or transformation. In this model, client can “replatform” the application into an off-premises hosted provider platform. This would yield many benefits of cloud but in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.

Two challenges are particularly significant when migrating or replatforming Domino applications:

• The application functionality/value must be reproduced/replaced with not one but many applications, either through custom coding or a commercial-off-the-shelf/SaaS solution.
• Notes “databases” are not relational databases and will not migrate simply to an SQL database while retaining the same business value. Notes databases are essentially NoSQL repositories and are difficult to normalize.

Advantages

• Leverage cloud technologies.
• Improve scalability.
• Align to a SharePoint platform.
• Improve disaster recovery.
• Improve application security.

Considerations

• Application replatform resource effort
• Network bandwidth
• New platform terms and conditions
• Secure connectivity and communication
• New platform security and compliance
• Degree of complexity

Info-Tech Insights

There is a difference between a migration and a replatform application strategy. Determine which solution aligns to the application requirements.

Stay with HCL

Stay with HCL, understanding its future commitment to the platform.

Abstract

Following the announced acquisition of IBM Domino and up until around December 2019, HCL had published no future roadmap for the platform. The public-facing information/website at the time stated that HCL acquired “the product family and key lab services to deliver professional services.” Again, there was no mention or emphasis on upcoming new features for the platform. The product offering on their website at the time stated that HCL would leverage its services expertise to advise clients and push applications into four buckets:

1. Replatform
2. Retire
3. Move to cloud
4. Modernize

That public-facing messaging changed with release 11.0, which had references to IBM rebranded to HCL for the Notes and Domino product – along with fixes already inflight. More information can be found on HCL’s FAQ page.

Advantages

• Known environment
• Domino is a supported platform
• Domino is a developed platform
• No-code/low-code optimization
• Business developed applications
• Rapid application framework

Understand your tools

Many tools are available to help evaluate or migrate your Domino Platform. Here are a few common tools for you to consider.

• SWING Software
  • Lotus Notes application archiving with Seascape for Notes: Seascape for Notes and Lotus Notes migration
  • Lotus Notes to SharePoint Migration
• Rivit MigrateMe
• SkyBow Notes to SharePoint
• CIMtrek: CIMtrek SharePoint Migrator and Migrating Lotus Notes Applications to the Cloud Using the CIMtrek migration tools [PDF]
• 4WS.Platform

Notes Archiving & Notes to SharePoint

Summary of Vendor

“SWING Software delivers content transformation and archiving software to over 1,000 organizations worldwide. Our solutions uniquely combine key collaborative platforms and standard document formats, making document production, publishing, and archiving processes more efficient.”*

Tools

Lotus Notes Data Migration and Archiving: Preserve historical data outside of Notes and Domino

Lotus Note Migration: Replacing Lotus Notes. Boost your migration by detaching historical data from Lotus Notes and Domino.

Headquarters

Croatia

Best fit

• Application archive and retire
• Migration to SharePoint

* swingsoftware.com

Domino Migration to SharePoint

Summary of Vendor

“Providing leading solutions, resources, and expertise to help your organization transform its collaborative environment.”*

Tools

Notes Domino Migration Solutions: Rivit’s industry-leading solutions and hardened migration practice will help you eliminate Notes Domino once and for all.

Rivive Me: Migrate Notes Domino applications to an enterprise web application

Headquarters

Canada

Best fit

• Application Archive & Retire
• Migration to SharePoint

* rivit.ca

Lotus Notes to M365

Summary of Vendor

“More than 300 organizations across 40+ countries trust skybow to build no-code/no-compromise business applications & processes, and skybow’s community of customers, partners, and experts grows every day.”*

Tools

SkyBow Studio: The low-code platform fully integrated into Microsoft 365

Headquarters:

Switzerland

Best fit

• Application Archive & Retire
• Migration to SharePoint

* skybow.com | About skybow

Notes to SharePoint Migration

Summary of Vendor

“CIMtrek is a global software company headquartered in the UK. Our mission is to develop user-friendly, cost-effective technology solutions and services to help companies modernize their HCL Domino/Notes® application landscape and support their legacy COBOL applications.”*

Tools

CIMtrek SharePoint Migrator: Reduce the time and cost of migrating your IBM® Lotus Notes® applications to Office 365, SharePoint online, and SharePoint on premises.

Headquarters

United Kingdom

Best fit

• Application replatform
• Migration to SharePoint

* cimtrek.com | About CIMtrek

Domino replatform/Rapid application selection framework

Summary of Vendor

“4WS.Platform is a rapid application development tool used to quickly create multi-channel applications including web and mobile applications.”*

Tools

4WS.Platform is available in two editions: Community and Enterprise.
The Platform Enterprise Edition, allows access with an optional support pack.

4WS.Platform’s technical support provides support services to the users through support contracts and agreements.

The platform is a subscription support services for companies using the product which will allow customers to benefit from the knowledge of 4WS.Platform’s technical experts.

Headquarters

Italy

Best fit

• Application replatform

* 4wsplatform.org

Activity

Understand your Domino options

Application Rationalization Exercise

Info-Tech Insight

Application rationalization is the perfect exercise to fully understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

This activity involves the following participants:

• IT strategic direction decision-makers.
• IT managers responsible for an existing Domino platform
• Organizations evaluating platforms for mission-critical applications.

Outcomes of this step:

• Completed Application Rationalization Tool

Application rationalization exercise

Use this Application Rationalization Tool to input the outcomes of your various application assessments

In the Application Entry tab:

• Input your application inventory or subset of apps you intend to rationalize, along with some basic information for your apps.

In the Business Value & TCO Comparison tab, determine rationalization priorities.

• Input your business value scores and total cost of ownership (TCO) of applications.
• Review the results of this analysis to determine which apps should require additional analysis and which dispositions should be prioritized.

In the Disposition Selection tab:

• Add to or adapt our list of dispositions as appropriate.

In the Rationalization Inputs tab:

• Add or adapt the disposition criteria of your application rationalization framework as appropriate.
• Input the results of your various assessments for each application.

In the Disposition Settings tab:

• Add or adapt settings that generate recommended dispositions based on your rationalization inputs.

In the Disposition Recommendations tab:

• Review and compare the rationalization results and confirm if dispositions are appropriate for your strategy.

In the Timeline Considerations tab:

• Enter the estimated timeline for when you execute your dispositions.

In the Portfolio Roadmap tab:

• Review and present your roadmap and rationalization results.

Follow the instructions to generate recommended dispositions and populate an application portfolio roadmap.

Info-Tech Insight

Watch out for misleading scores that result from poorly designed criteria weightings.

Related Info-Tech Research

Build an Application Rationalization Framework

Manage your application portfolio to minimize risk and maximize value.

Embrace Business-Managed Applications

Empower the business to implement their own applications with a trusted business-IT relationship.

Satisfy Digital End Users With Low- and No-Code

Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

Maximize the Benefits from Enterprise Applications with a Center of Excellence

Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

Drive Successful Sourcing Outcomes With a Robust RFP Process

Leverage your vendor sourcing process to get better results.

Research Authors

Darin Stahl, Principal Research Advisor,
Info-Tech Research Group

Darin is a Principal Research Advisor within the Infrastructure practice, leveraging 38+ years of experience. His areas of focus include IT operations management, service desk, infrastructure outsourcing, managed services, cloud infrastructure, DRP/BCP, printer management, managed print services, application performance monitoring, managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).

Troy Cheeseman, Practice Lead,
Info-Tech Research Group

Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.

Research Contributors

Rob Salerno, Founder & CTO, Rivit Technology Partners

Rob is the Founder and Chief Technology Strategist for Rivit Technology Partners. Rivit is a system integrator that delivers unique IT solutions. Rivit is known for its REVIVE migration strategy which helps companies leave legacy platforms (such as Domino) or move between versions of software. Rivit is the developer of the DCOM Application Archiving solution.

Bibliography

Cheshire, Nigel. “Domino v12 Launch Keeps HCL Product Strategy On Track.” Team Studio, 19 July 2021. Web.

“Is LowCode/NoCode the best platform for you?” Rivit Technology Partners, 15 July 2021. Web.

McCracken, Harry. “Lotus: Farewell to a Once-Great Tech Brand.” TIME, 20 Nov. 2012. Web.

Sharwood, Simon. “Lotus Notes refuses to die, again, as HCL debuts Domino 12.” The Register, 8 June 2021. Web.

Woodie, Alex. “Domino 12 Comes to IBM i.” IT Jungle, 16 Aug. 2021. Web.

Implement a Transformative IVR Experience That Empowers Your Customers

Learn the strategies that will allow you to develop an effective interactive voice response (IVR) framework that supports self-service and improves customer experience.

Stop! Are you ready for this project?

This Research Is Designed For:

• Business analysts, application directors/managers, and customer service leaders tasked with developing and executing a technology enablement strategy for optimizing their contact center approach.
• Any organization aiming to improve its customer experience by implementing a customer-centric approach to over-the-phone service via an IVR system.

This Research Will Help You:

• Adopt the best strategies for outlining an effective IVR approach and for transforming an existing IVR system.
• Improve customer experience and ultimately customer satisfaction by enabling you to create a more efficient IVR call flow tree.
• Select the proper IVR strategies to focus on based on the maturity level of your organization's call center.
• Review the "art of the possible" and learn of the latest developments in successful IVR execution.
• Learn IT's role in developing a successful IVR system and in developing a technology strategy that optimizes your IVR approach.

Executive Summary

Your Challenge

• Today's customers expect a top-tier experience when interacting with businesses.
• The advancements in IVR technology mean that IT departments are managing added complexity in drafting a strategy for a top-tier IVR approach.
• Implementing best practices and the right enabling technology stack is critical to supporting world-class customer experience through IVR.

Common Obstacles

• Many organizations do not have a clear understanding of customers' drivers for contacting their IVR.
• As many contact centers look to improve the customer experience, the need for an impactful IVR system has markedly increased. The proliferation of recommendations for IVR best practices and related technologies has made it difficult to identify and implement the right approach.
• With a growing number of IVR-related requests, IT must be prepared to speak intelligently about requirements and the "art of the possible."

Info-Tech's Approach

• Before selecting and deploying technology solutions, create a database of common customer call drivers to act as an outline for the call flow tree.
• Understand and apply operational best practices, such as ensuring proper call menu organization and using self-service applications, to improve IVR metrics and, ultimately, the customer experience.
• Understand evolving trends and emerging technologies in the IVR space, including offering personalized service and using natural language processing/conversational AI.

Info-Tech Insight

Tailor your IVR system specifically for your customers. There is no one-size-fits-all approach. Understand your key customers and support their experience by implementing the most effective strategies for them.

Voice is still the dominant way in which customers choose to receive support

Despite the contrary beliefs that the preference for phone support and IVR systems is declining, studies have consistently shown that consumers still prefer receiving customer service over the phone.

Your IVR approach can make or break your customers' experience

The feelings that customers are left with after interacting with contact centers and support lines has a major impact on their future purchase decisions

Effective IVR systems provide customers with positive experiences, keeping them happy and satisfied. Poorly executed IVR systems leave customers feeling frustrated and contribute to an overall negative experience. Negative experiences with your IVR system could lead to your customers taking their business elsewhere.

In fact, research by Haptik shows that an average of $262 per customer is lost each year due to poor IVR experiences ("7 Conversational IVR Trends for 2021 and Beyond," Haptik, 2021).

IVR systems only improve your customers' experience when done properly

There are many common mistakes that organizations make when implementing their own IVR strategies:

1. Offering too many menu options. IVR systems are supposed to allow customers to resolve their inquiries quickly, so it is integral that you organize your menu effectively. Less is more when it comes to your IVR call flow tree.
2. A lack of self-service capabilities. IVR systems are meant to maximize customer service and improve the customer experience by offering self-service functionality. If resolutions for common issues can't be found through IVR, your return on investment (ROI) is limited.
   
3. Having callers get stuck in an "IVR loop." Customers caught hearing the same information repeatedly will often abandon their call. Don't allow customers to get "tangled" in your call flow tree; always make human contact an option.
   
4. Not offering personalized service. The inability to identify customers by their number or other identifying features leads to poor personalization and time wasted repeating information, contributing to an overall negative experience.
   
5. Not updating the IVR system. By not taking advantage of new developments in IVR technology and by not using customer and employee feedback to upgrade your offering, you are missing out on the potential to improve your customers' experience. Complacency kills, and your organization will be at a competitive disadvantage because of it.

Implement a transformative IVR approach that empowers your customers

Call flow trees don't grow overnight; they require commitment, nurturing, and care

1. Focus on the Roots of Your Call Flow Tree
   • Your call flow tree will only grow as strong as the roots allow it; begin beneath the surface by understanding the needs of your customers and the goals of your organization first, before building your initial IVR menu.
2. Allow Customers the Opportunity to Branch Out
   • Empower your customers by directing your call flow tree to self-service applications where possible and to live agents when necessary.
3. Let Your Call Flow Tree Flourish
   • Integrate your IVR with other relevant business applications and apply technological developments that align with the needs of your customers and the goals of your organization.
4. Keep Watering Your Call Flow Tree
   • Don't let your call flow tree die! Elicit feedback from relevant stakeholders and develop an iterative review cycle to identify and implement necessary changes to your call flow tree, ensuring continued growth.

IT plays an integral role in supporting the IVR approach

IT is responsible for providing technology enablement of the IVR strategy

While IT may not be involved in organizing the call flow tree itself, their impact on an organization's IVR approach is undeniable. Not only will IT assist with the implementation and integration of your IVR system, they will also be responsible for maintaining the technology on an ongoing basis. As such, IT should be a part of your organization's software selection team, following Info-Tech's methodology for optimizing your software selection process.

• With an understanding of the organization's customer experience management strategy and business goals, IT should be looked toward to:
• Provide insight into the "art of the possible" with IVR systems.
• Recommend enabling technologies relative to your call center's maturity (e.g. agent assist and natural language processing).
• Outline integration capabilities with your existing application portfolio.
• Highlight any security concerns.
• Assist with vendor engagement.
• Take part in stakeholder feedback groups, consulting with agents about their pain points and attempting to solve their problems.

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series

of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 5 to 7 calls over the course of 4 to 6 months.

Phase 1

Focus on the Roots of Your Call Flow Tree

This phase will walk you through the following activities:

• Building a database of your customers' call drivers
• Developing IVR-related goals and connecting them with your key performance indicators (KPIs)
• Developing the first tier of your IVR menu

This phase involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Implement a Transformative IVR Approach That Empowers Your Customers

Step 1.1

Understand Your Customers

This step will walk you through the following activity:

1.1.1 Build a database of the reasons why your customers call your contact center

Focus on the Roots of Your Call Flow Tree

This step involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Outcomes of this step

• List of your customers' call drivers

Help your customers get to where they need to go

Understand which questions customers need answered the most and organize your IVR menu accordingly

• With any IVR system, your primary focus should be creating a simple, easily navigated call flow. You not only want your customers to be able to find the solutions that they are looking for, but you want them to be able to do so easily and quickly.
• In order to direct customers more efficiently, you need to understand why they're motivated to call your contact center. This will be different for every organization, so it requires a deeper understanding of your customers.
• After understanding the motivators behind your customers' reasons for calling, you'll be able to organize your call flow tree effectively.
• Assign the most popular reasons that customers call first in your IVR call flow. Organizing your call flow in such a way will ensure a quicker turn around time for customer inquiries, providing callers with the immediate resolution that they are seeking.

"Call flows are the structure of a call center's interactive voice response (IVR). They define the path a caller takes to reach a resolution. The more efficient the flow, the quicker a resolution can be – thereby delivering a better caller experience."

Thomas Randall, Ph.D.
Senior Research Analyst
Info-Tech Research Group

1.1.1 Activity: Build a list of the most common reasons that your key customers call your contact center

30 minutes

1. As a group, review the reasons that customers call your contact center. This includes reviewing which questions are asked most frequently, what services are most often inquired about, and what pain points and complaints live agents hear most regularly.
2. Organize each call driver from most to least popular based on how often they are heard.
3. Record your findings.

Info-Tech Insight

To understand why your customers are calling, first you need to know who your customers are. Improve your caller understanding by creating customer personas.

1.1.1 Activity: Build a list of the most common reasons that your key customers call your contact center

Example

Step 1.2

Develop Goals for Your IVR

This step will walk you through the following activity:

1.2.1 Outline IVR-related goals relevant to your organization.

Focus on the Roots of Your Call Flow Tree

This step involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Outcomes of this step

• Goals for your organizational IVR

Create IVR-related goals you wish for your organization to achieve

Organizations across different industries will measure success in a multitude of ways; develop goals that are relevant to your needs and desires

Based on your customer experience strategy and what industry you're in, the goals that you aim to accomplish will look different. A doctor's office will be more concerned with an accurate diagnosis and high first call resolution rate than low average talk time!

Setting business goals relevant to your organization is only half of the battle; it's just as important to hold your organization accountable to those goals and measure your continued progress toward meeting them.

1.2.1 Activity: Brainstorm a list of goals that you would like your organization to achieve when optimizing your IVR approach

30 minutes

1. In two to three groups, brainstorm goals related to your IVR that are relevant to your organization.
2. Classify these goals as being either quick wins or part of a longer-term engagement based on the time they would take to accomplish.
3. Introduce your goals to the entire group, coming to an agreement on the top goals that the organization should aim to achieve through implementing a new/transformed IVR approach.

1.2.1 Activity: Brainstorm a list of goals that you would like your organization to achieve when optimizing your IVR approach

Example

Step 1.3

Align Your Goals With Your KPIs

This step will walk you through the following activity:

1.3.1 Review your organizational IVR goals and connect them with your key performance indicators (KPIs)

Focus on the Roots of Your Call Flow Tree

This step involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Outcomes of this step

• Metrics used to measure organizational success related to your IVR

Ensure you are using the proper metrics for measuring the success of your call flow tree

You won't know if your IVR is operating successfully if you don't know what success looks like for you. It is important to align your contact center KPIs with your business goals so you can hold your IVR system accountable.

Example

1.3.1 Activity: Develop KPIs for your contact center and connect them to your organization's business goals

30 minutes

1. As a group, establish the metrics or KPIs that will be used to measure your progress against the organizational IVR goals created in Activity 1.2.1.
2. Take note of your current score for each of your organizational goals and determine your target score.
3. Attach a deadline or target date by which you would like to reach your target score. Target dates can vary based on whether your goal is classified as a quick win or part of a longer-term engagement.

Step 1.4

Build Your Initial IVR Menu

This step will walk you through the following activity:

1.4.1 Develop the first tier of your IVR menu, determining the initial selections that customers will have to choose from

Focus on the Roots of Your Call Flow Tree

This step involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Outcomes of this step

• Tier one of your IVR call flow tree

Keep your IVR concise – minimize the length of your voice prompts and limit the depth of your menus

You don't want to overload your customers with information. Providing your callers with overly detailed prompts and too many menu options will only lead to frustration, ultimately diminishing both the efficiency and the effectiveness of your IVR. Limiting the length of your voice prompts and the depth of your menus will lay out a clear path for your callers, increasing the likelihood that they are able to navigate your IVR accurately.

Each of your IVR menus should provide your customers with no more than five selections.

Your IVR should offer a maximum of three menu tiers.

Each of your selection "descriptions" or voice prompts should be no longer than four seconds in length.

Info-Tech Insight

According to a study by Telzio (2020), introductory IVR messages that greet your customers and identify your company should be under 7.9 seconds in length. Longer introductions will only bore, frustrate, and overload the customer before the call really even begins.

When developing your voice prompts, it is integral to speak clearly using simple and easily understood language

• Speak clearly and stay away from industry-specific jargon to ensure that your voice prompts are widely understood by your customer base. This will allow callers to digest the information relayed through your IVR more accurately.
• Part of increasing the retention of information communicated through your IVR is also ensuring that sufficient pauses are taken between each of your voice prompts. Just as you want to avoid overloading your customers with voice prompts that are too long and too detailed, you also want to give your callers adequate time to process the information that is being relayed to them.
• Improving the ease of listening to your IVR will reduce the risk of overwhelming your callers and will increase the likelihood that they are able to follow along appropriately, directing themselves down the proper call flow.

Info-Tech Insight

Securing voice talent and be expensive and cumbersome. Consider using an automated voice through a text-to-speech solution for your prompts. This will ensure that all your prompts are consistent throughout your menus, and it also makes it significantly easier to provide crucial updates within your IVR system.

When sufficient pauses are taken between menu options, input errors can be reduced by over…

Source: Ansafone Contact Centers, 2019

1.4.1 Activity: Begin building your call flow tree by developing the initial selections that customers will choose from when dialing into your IVR

30 minutes

1. Review the database of customer call drivers completed in Activity 1.1.1 to create the opening menu of your IVR call flow tree.
2. Limit your selections/prompts to a maximum of five by grouping related questions, services, and complaints/pain points into broad categories.
3. Organize your selections/prompts according to how often customers call in relating to that topic.

Info-Tech Insight

Remember: You don't need five selections! That is the maximum recommended number of prompts to use and will most likely be reserved for more complex call flows. More isn't always better. If you can limit your initial menu to fewer selections, then do so.

1.4.1 Activity: Begin building your call flow tree by developing the initial selections that customers will choose from when dialing into your IVR

Example

Phase 2

Allow Customers the Opportunity to Branch Out

This phase will walk you through the following activities:

• Completing the second tier of your call flow tree
• Completing the third and final tier of your call flow tree

This phase involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Implement a Transformative IVR Approach That Empowers Your Customers

Step 2.1

Build the Second Tier of Your IVR Menu

This step will walk you through the following activity:

• 2.1.1 Complete the second tier of your call flow tree, branching out from your initial menu

Allow Customers the Opportunity to Branch Out

This step involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Outcomes of this step

• Tier 2 of your IVR call flow tree

An IVR system should empower your customers to solve problems on their own

Integrate business applications into your IVR menus to enable self-service capabilities and automate processes where possible

• An IVR system should assist your customer service team while also empowering your customers. This can be accomplished through offering self-service and using automated messaging via a broadcast messaging system.
• Some common self-service practices include providing callers with the ability to check credit card statements, pay bills, and track shipments.
• Automated messaging can be used to address common customer questions. For instance, if a company-wide issue exists, an automated message can outline the issue and highlight the approximate time for resolution, providing customers with the answer they were seeking while eliminating the need to speak to a live agent. This technique is commonly practiced by internet providers during outages.
• Providing callers with the opportunity to find a resolution for themselves through self-service and automated messaging not only improves the customer experience but also frees up your customer service team for more pressing matters.

Source: Raffle, 2020

2.1.1 Activity: Grow your call flow tree! Begin branching out from your initial menu options and develop the second tier of your IVR system

30 minutes

1. Branch out from your initial IVR menu created in Activity 1.4.1. Get more specific in your prompts, branching out from the general groupings you have created.
2. Consult with your database of customer call drivers created in Activity 1.1.1 to organize your subgroupings, again prioritizing the services most sought and the questions, complaints, and pain points most frequently heard.
3. Limit each subsection to a maximum of five prompts.

Info-Tech Insight

Always provide your callers with the option to go back to a previous menu or to have menu options repeated.

2.1.1 Activity: Grow your call flow tree! Begin branching out from your initial menu options and develop the second tier of your IVR system

Example

Step 2.2

Build the Third Tier of Your IVR Menu

This step will walk you through the following activity:

2.2.1 Complete your call flow tree by branching out your third and final tier of menu options.

Allow Customers the Opportunity to Branch Out

This step involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Outcomes of this step

• Third and final tier of your IVR call flow tree

Provide your callers with the option to speak to a live agent – but not too soon

While promoting self-service and automating certain processes will improve the functionality of your IVR, it is also important to realize that some issues will ultimately require human intervention. An effective IVR system harmonizes these concepts by making human contact an option, but not too early in the process. You need to find the right balance!

When organizing your IVR call flow tree, you need to be conscious of sending clients in an endless "IVR loop." You should never have your IVR continually repeat its menu options. Customers will abandon an IVR if they are stuck in an IVR loop, being forced to listen to the same information repeatedly without having a way to reach an agent.

If a problem cannot be solved within three steps or by the third tier of your IVR menus, callers should be provided with the option to speak to a live agent, if not automatically routed to one. By providing your callers with the option to speak to a live agent on the third tier of your IVR, you are still offering ample time for customers to discover an avenue to solve their issue on their own through self-service, without frustrating them by losing them in an endless loop of IVR options.

Source: ProProfs Chat, 2022

Info-Tech Insight

Consider routing callers to a live agent not only on the third tier of your IVR menus but also after three input errors. Multiple input errors can show an eagerness to speak to a representative or a strong misunderstanding of the IVR offering.

How you direct a customer to a live agent can make all the difference

Don't think that just offering your customers the option to speak to a live agent is enough. When aiming to significantly improve your customers' experience, how you direct calls to your live agents plays a major role. When a call is being directed to a live agent, be sure to:

• Optimize your call routing and minimize call transfers. Use skills-based routing to direct your incoming client calls to the most suitable agent to resolve their issue. Inaccurately routing callers through your IVR leads to having to transfer the customer to another agent, which is a major contributor to a negative customer experience.
• Include wait-time expectations and call-back functionality. There is no denying it: Waiting on hold can be a real pain. If a customer needs to go on hold, inform them of where they are in the queue and what the approximate wait time is. A little transparency can go a long way. You should also provide customers with the option to have a representative call them back. This greatly improves the customer experience, particularly when wait times are long.
• Play useful on-hold messages. If a customer does decide to wait on the line to speak to a representative, ensure your on-hold messaging doesn't negatively impact their experience. Always have multiple songs and messages available to cycle through to limit customer annoyance. For on-hold messages, consider mentioning self-service capabilities available on other channels or providing company news and information on special promotions. Know your key customer demographics and plan your on-hold messaging accordingly.

2.2.1 Activity: Complete your call flow tree!

30 minutes

1. Branch out from the second tier of your IVR call flow tree created in Activity 2.1.1, connecting relevant prompts with self-service applications and automated responses. Keep in mind, most of your frequently asked questions can and should be directed toward an automated response.
2. Direct all remaining prompts to a live agent, ensuring each selection from your second-tier menu is capped off appropriately.

Info-Tech Insight

Remember: Your IVR system doesn't live in isolation. The information offered by your IVR, particularly from automated messages, should be consistent with information found within other resources (e.g. online knowledge bases).

2.2.1 Activity: Complete your call flow tree!

Example

Phase 3

Let Your IVR Call Flow Tree Flourish

This phase will walk you through the following activities:

• Reviewing the benefits of offering personalized service
• Reviewing new technologies offered in the IVR space

This phase involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Implement a Transformative IVR Approach That Empowers Your Customers

Step 3.1

Learn the Benefits of a Personalized IVR

This step will walk you through the following activity:

3.1.1 Review the benefits of offering personalized service, namely by connecting your IVR system with your customer knowledge base

Let Your IVR Call Flow Tree Flourish

This step involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Outcomes of this step

• Understanding the importance of offering personalized service

Personalizing service is integral for improving your customer experience

Integrate your IVR system with your customer relationship management (CRM) system or customer knowledge base of choice to provide support to your customers on a personal level.

The integration of your IVR system with your CRM or other applicable knowledge base allows for customer data (e.g. customer history and previous interactions) to be accessible to your staff during calls. Access to this data allows for a deeper understanding of your customers and for personalization of service. This provides immediate benefits to your contact center that will improve your customer experience.

When you inevitably do need to transfer a customer to another agent, they won't have to repeat their issue to a new representative, as all their information will now be easily accessible. Being forced to repeat themselves to multiple agents is a major cause of frustration for customers. This integration would also allow you to route callers to the previous agent that they dealt with whenever possible for the purpose of continuity, and it would enable you to implement other beneficial technologies as well.

One such example is "agent assist." Agent assist is an AI bot that listens in on calls, learning customer context and automatically searching knowledge bases to help resolve queries without the agent having to put the caller on hold to manually perform that work themselves. Not only does agent assist improve customer resolution times, but it also ramps up onboarding time, allowing for new agents to enter the workforce and perform with confidence earlier.

Personalization can empower your IVR in many ways

Personalizing your IVR does much more than just provide your customer service representatives with conversational context. Personalization enables your IVR to recognize callers by their phone number, or even by voice via biometric authentication technologies.

This advanced level of recognition allows your IVR to greet your callers by name, speak to them in their preferred language, send follow-up correspondence to their preferred method of communication (i.e. email or SMS), and even provide them with contact numbers and addresses for your organization's physical locations that are closest to them.

An example of a more advanced functionality is having your IVR call flow personalized for each customer based on their call history. As customers call in, their data is collected, ultimately improving your IVR's ability to predict and understand caller intent. This makes personalized call flows possible. If customers typically call in to make payments, your IVR can logically deduce that their next call will be for the same reason, and it will alter the call menu to direct them to that functionality more efficiently.

Step 3.2

Review New Technology to Apply to Your IVR

This step will walk you through the following activity:

3.2.1 Review new technologies offered in the IVR space and understand their impact

Let Your IVR Call Flow Tree Flourish

This step involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Outcomes of this step

• Understanding of key technologies

Let your customers tell you exactly what they need

Use natural language processing and conversational AI to further advance your IVR offering

Instead of making your customers work their way through your call flow tree to find out what they need, why not just ask them? Conversational IVR, also known as an "intuitive IVR system," makes this possible.

Think Google Assistant, Siri, and Alexa. Your customers can simply tell you what they need and your conversational IVR, using the advancements in natural language processing and conversational AI, will take it from there, directing callers to the resources needed to resolve their issues.

Powerful enough to understand full sentences and not just select words or phrases, the increased intelligence of a conversational IVR system allows it to handle complex customer inquiries. Leveraging machine learning capabilities, the system will only continue to improve its ability to understand caller intent, ultimately leading to increased call routing accuracy as it fields more and more calls.

Info-Tech Insight

Remember: Your customers want fast and easy, not overwhelming and confusing. Some customers who are greeted with an open-ended question from a conversational IVR may not be sure how to respond.

Understand your key customer demographics and act accordingly. It may be beneficial to provide your callers with guidelines of what to say. Outlining appropriate responses that will guide your customers to their desired department quicker will boost their experience with your conversational IVR.

There are a lot of benefits to implementing a conversational IVR

• Putting your callers in control and offering a more humanized approach, conversational IVRs are the preferred first point of contact for customers.
• Conversational IVRs reduce the time required to reach resolution and can handle more calls than a standard IVR.
• Conversational IVRs allow for the collection of more relevant data. By not limiting callers to predetermined menu options, you can track the reasons behind customers' calls with more accuracy, using this data to drive future IVR developments.
• Conversational IVRs are more cost-effective than standard IVRs. According to a report by IBM, companies world-wide spend over $1.3 trillion to address 256 billion customer calls annually. This means that each call a live agent addresses costs an average of $30 (Cognigy, 2020). With a conversational IVR, that cost can be reduced to one-eighth (ETCIO.com, 2020).
• Conversational IVRs can be handle calls in multiple languages, offering improved scalability for companies operating multi-nationally.

How do you know if a conversational IVR is right for your organization?

Large, enterprise-level organizations that field a high volume of customer calls are more likely to receive the benefits and higher ROI from implementing a conversational IVR

Instead of updating the entire IVR system and implementing a conversational IVR, smaller and mid-level organizations should consider attaching a natural language processing front-end to their existing IVR. Through this, you will be able to reap a lot of the same benefits you would if you were to upgrade to a conversational IVR.

You can attach a natural language processing front-end to your existing IVR in two ways.

1. Use an API to recognize your customer's voice prompts. Greet your customers with a question, such as "what is your reason for calling," as your initial IVR menu, and when your customer answers, their response will be sent to your selected API (Amazon Lex, IBM Watson, Google Dialogflow, etc.). The API will then process the customer's input and direct the caller to the appropriate branch of your call flow tree.
2. Use a conversational AI platform to field your calls. Implement a conversational AI platform to be the first point of contact for your customers. After receiving and analyzing the input from your customers, the platform would then route your callers to your current IVR system and to the appropriate menu, whether that be to an automated message, a self-service application, or a live agent.

Phase 4

Keep Watering Your IVR Call Flow Tree

This phase will walk you through the following activities:

• Understanding the importance of receiving feedback from relevant stakeholders and the best practices for obtaining feedback
• Understanding the best practices for developing an ongoing review cycle

This phase involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Implement a Transformative IVR Approach That Empowers Your Customers

Step 4.1

Gather Insights on Your IVR's Performance

This step will walk you through the following activity:

4.1.1 Understand the importance of receiving feedback and review the best methods for obtaining it from your clients.

Keep Watering Your IVR Call Flow Tree

This step involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Outcomes of this step

• Understanding of the importance of receiving feedback and how to obtain it from customers

Elicit feedback from your employees and from your customers

Your live agents are on the proverbial front lines, fielding calls from customers daily. As such, they are the prime stakeholders for knowing what kinds of calls the organization receives and how often. Their input on the most frequent reasons that customers call, whether it be to address common pain points or to have FAQs answered, is invaluable. Ask them regularly for their feedback on how the IVR system is performing and which updates should be implemented.

While improving the agent experience is a driver behind adopting an IVR system, the focus should always be improving your customer experience. So why wouldn't you ask your customers for their feedback on your IVR offering? Most customers don't only want to be asked to provide feedback, they expect to be asked. Have your agents ask your customers directly about their experience with your IVR or use the functions of your IVR to offer automated end-of-call surveys.

Info-Tech Insight

Many IVR systems are capable of recording calls. Listening back on previous calls is another great way to further understand how your IVR is performing, and it also can provide a glimpse into your customers' experience.

Surveys provide great insight into your customers' level of satisfaction – not only with your IVR but also with your live agents

Customer satisfaction score (CSAT) is a great way to determine how happy callers are with their experiences with your organization. CSAT surveys ask your clients outright how satisfied they are with their recent interaction and have them rate your service on a scale. While straightforward, the feedback received from CSAT surveys is more general and can lack depth.

For more detailed responses, consider asking your clients an open-ended question as opposed to using a rating scale. This will provide you with a more specific understanding of your customers' experience. For this, an IVR system that supports voice transcription is best. Automated speech-to-text functionality will ensure rapid results.

Another option is to offer a survey that includes skip logic. These multi-tiered surveys, much like an IVR call flow tree, direct your callers to different follow-up questions based on their previous answers. While capable of providing more insight into the customer experience, these surveys are only recommended for more complex service offerings.

Customer feedback is vitally important

Asking for feedback makes your callers feel valued, and it also provides your organization with extremely useful information – including an understanding of what you may need to change within your IVR

Step 4.2

Create an Agile Review Method

This step will walk you through the following activity:

4.2.1 Understand the best practices for developing an ongoing review cycle for your IVR approach

Keep Watering Your IVR Call Flow Tree

This step involves the following participants:

• Business stakeholders (business analysts, application director/manager, customer service leaders)
• IT project team

Outcomes of this step

• Understanding of the importance of IVR maintenance and of the development of an iterative review cycle

Create an agile review method to continually enhance your call flows

• Track items
  • Elicit feedback from your key stakeholders (i.e. live agents) as part of a regular review – every month, two months, six months, or year – of your call flow tree's efficiency. Delve into the feedback elicited from your customers at the same intervals. Look for patterns and trends and record items accordingly.
• Manage backlog
  • Store and organize your recorded items into a backlog, prioritizing items to implement in order of importance. This could be structured by way of identifying which items are a quick win vs. which items are part of a more strategic and long-term implementation.
• Perform iteration
  • Record key metric scores and communicate the changes you have planned to stakeholders before you implement items. Then, make the change.
• Be retrospective
  • Examine the success of the implementation by comparing your metric scores from before and after the change. Record instances where performing similar changes could be carried out better in future iterations.

Summary of Accomplishment

• Knowledge Gained
  • Benefits of enabling personalized service
  • IVR-enabling technologies
  • Methods of eliciting feedback
• Processes Optimized
  • IVR voice prompt creation
  • IVR voice prompt organization
  • IVR review cycles
• Deliverables Completed
  • Database of customer call drivers
  • Organizational IVR goals and KPIs
  • IVR call flow tree

Related Info-Tech Research

	Choose a Right-Sized Contact Center Solution	IT needs a method to pinpoint which contact center solution best aligns with business objectives, adapting to a post-COVID-19 world of remote work, flexibility, and scalability.
	Build a Strong Technology Foundation for Customer Experience Management	Customer expectations around personalization, channel preferences, and speed-to-resolution are at an all-time high. Your customers are willing to pay more for high-value experiences, and having a strong customer experience management (CXM) strategy is a proven path to creating sustainable value for the organization.
	IT Strategy Research Center	Create an IT strategy based on business needs, not just intuition.
	SoftwareReviews	Accelerate and improve your software selection process with enterprise software reviews. Focus on available resources for communications platform as a service providers and conversational intelligence software.

Bibliography

"7 Conversational IVR Trends for 2021 and Beyond." Haptik, 25 March 2021. Accessed 16 June 2022.
"7 Remarkable IVR Trends For the Year 2022 And Beyond." Haptik, 30 Dec. 2021. Accessed 27 April 2022.
"8 IVR Strategies that Keep Customers Happy." Ansafone Contact Centers, 31 May 2019. Accessed 25 April 2022.
"Agent Assist." Speakeasy AI, 19 April 2022. Accessed 27 April 2022.
"AI chatbot that's easy to use." IBM, n.d. Accessed 21 June 2022.
"IVR Trends to Watch in 2020 and Beyond: Inside CX." Intrado, 1 May 2020. Accessed 27 April 2022.
"RIP IVR: 1980-2020." Vonage, 2 June 2020. Accessed 16 June 2022.
Andrea. "What do Customers Want? – 37 Customer Service Statistics." SmallBizGenius, 17 March 2022. Accessed 24 May 2022.
Anthony, James. "106 Customer Service Statistics You Must See: 2021/2022 Data & Analysis." FinancesOnline, 14 Jan. 2022. Accessed 27 April 2022.
Brown, James. "14 stats that prove the importance of self-service in customer service." raffle, 13 Oct. 2020. Accessed 17 June 2022.
Buesing, Eric, et al. "Getting the best customer service from your IVR: Fresh eyes on an old problem." McKinsey & Company, 1 Feb. 2019. Accessed 25 April 2022.
Callari, Ron. "IVR Menus and Best Practices." Telzio, 4 Sep. 2020. Accessed 27 April 2022.
Cornell, Jared. "104 Customer Service Statistics & Facts of 2022." ProProfs Chat, 6 April 2022. Accessed 16 June 2022.
DeCarlo, Matthew. "18 Common IVR Mistakes & How To Configure Effective IVR." GetVoIP, 13 June 2019. Accessed 27 April 2022.
DeMers, Jayson. "77 Customer Service Statistics to Know." EmailAnalytics, 23 March 2022. Accessed 27 April 2022.
Frants, Valeriy. Interview. Conducted by Austin Wagar, 22 June 2022.
Grieve, Patrick. "Personalized customer service: what it is and how to provide it." Zendesk, 28 June 2019. Accessed 27 April 2022.
"How Natural Language Processing Can Help Your Interactive Voice Response System Meet Best Practice." Hostcomm, 15 July 2019. Accessed 25 April 2022.
"IVR and customer experience: get the best UX for your clients." Kaleyra, 14 Dec. 2020. Accessed 25 April 2022.
Irvine, Bill. "Selecting an IVR System for Customer Satisfaction Surveys." IVR Technology Group, 14 April 2020. Accessed 22 June 2022.
Kulbyte, Toma. "Key Customer Experience Statistics to Know." SuperOffice, 24 June 2021. Accessed 24 May 2022.
Leite, Thiago. "What's the Difference Between Standard & Conversational IVR?" Cognigy, 27 Oct. 2020. Accessed 24 May 2022.
Maza, Cristina. "What is IVR? The ultimate guide." Zendesk, 30 Sep. 2020. Accessed 25 April 2022.
McCraw, Corey. "What is IVR Call Flow? Benefits, Features, Metrics & More." GetVoIP, 30 April 2020. Accessed 25 April 2022.
Mircevski, Bruno. "Smart IVR Introduction – What Is It and Why You Should Use It." Ideta, 7 March 2022. Accessed 28 April 2022.
Oriel, Astha. "Artificial Intelligence in IVR: A Step Towards Faster Customer Services." Analytics Insight, 19 Aug. 2020. Accessed 24 May 2022.
Perzynska, Kasia. "What is CSAT & How to Measure Customer Satisfaction?" Survicate, 9 March 2022. Accessed 22 June 2022.
Pratt, Mary K. "How to set business goals, step by step." TechTarget, 27 April 2022. Accessed 21 June 2022.
Robinson, Kerry. "Insight of the Week: Make Your IVR More Like Alexa." Waterfield Tech, 20 April 2022. Accessed 25 April 2022.
Sehgal, Karishma. "Exclusive Research – 76% of customer service teams offer support outside of business hours." Hiver, 4 May 2022. Accessed 22 June 2022.
Smith, Mercer. "111 Customer Service Statistics and Facts You Shouldn't Ignore." Help Scout, 23 May 2022. Accessed 24 June 2022.
Thompson, Adrian. "A Guide to Conversational IVR." The Bot Forge, 27 Jan. 2021. Accessed 21 June 2022.
Tolksdorf, Juergen. " 5 Ways to Leverage AI and Agent-Assist to Improve Customer Experience." Genesys, 19 May 2020. Accessed 27 April 2022.
Vaish, Aakrit. "5 ways conversational IVR is helping businesses revolutionize customer service." ETCIO.com, 20 March 2020. Web.
Westfall, Leah. "Improving customer experience with the right IVR strategy." RingCentral, 23 July 2021. Accessed 25 April 2022.

Manage Your Chromebooks and MacBooks

Financial constraints, strategy, and your user base dictate the need for Chromebooks and MacBooks – now you have to manage them in your environment.

Analyst Perspective

Managing MacBooks and Chromebooks is similar to managing Windows devices in many ways and different in others. The tools have many common features, yet they struggle to achieve the same goals.

Until recently, Windows devices dominated the workplace globally. Computing devices were also rare in many industries such as education. Administrators and administrative staff may have used Windows-based devices, but Chromebooks were not yet in use. Most universities and colleges were Windows-based in offices with some flavor of Unix in other areas, and Apple devices were gaining some popularity in certain circles.

That is a stark contrast compared to today, where Chromebooks dominate the classrooms and MacBooks and Chromebooks are making significant inroads into the enterprise environment. MacBooks are also a common sight on many university campuses. There is no doubt that while Windows may still be the dominant player, it is far from the only one in town.

Now that Chromebooks and MacBooks are a notable, if not significant, part of the education and enterprise environments, they must be afforded the same considerations as Windows devices in those environments when it comes to management. The good news is that there is no lack of available solutions for managing these devices, and the endpoint management landscape is continually evolving and improving.

P.J. Ryan
Research Director, Infrastructure & Operations
Info-Tech Research Group

Executive Summary

Your Challenge

• You modernized your end-user computing strategy and now have Windows 10 devices as well as MacBooks.
• Virtual desktop infrastructure (VDI) and desktop as a service (DaaS) are becoming popular. Chromebooks would be ideal as a low-cost interface into DaaS for your employees.
• You are responsible for the management of all the new Chromebooks in your educational district.
• Windows is no longer the only option. MacBooks and Chromebooks are justified, but now you have to manage them.

Common Obstacles

• Endpoint management solutions typically do a great job at managing one category of devices, like Windows or MacBooks, but they struggle to fully manage alternative endpoints.
• Multiple solutions to manage multiple devices will result in multiple dashboards. A single view would be better.
• One solution may not fit all, but multiple solutions is not desirable either, especially if you have Windows devices, MacBooks, and Chromebooks.

Info-Tech's Approach

• Use the tools at your disposal first – don't needlessly spend money if you don't have to. Many solutions can already manage other types of devices to some degree.
• Use the integration capabilities of endpoint management tools. Many of them can integrate with each other to give you a single interface to manage multiple types of devices while taking advantage of additional functionality.
• Don't purchase capabilities you will never use. Using 80% of a less expensive tool is economically smarter than using 10% of a more expensive tool.

Info-Tech Insight

Managing end-user devices may be accomplished with a variety of solutions, but many of those solutions advocate integration with a Microsoft-friendly solution to take advantage of features such as conditional access, security functionality, and data governance.

Insight Summary

Insight 1

Google Admin Console is necessary to manage Chromebooks, but it can be paired with other tools. Implementation partnerships provide solutions to track the device lifecycle, track the repair lifecycle, sync with Google Admin Console as well as PowerSchool to provide a more complete picture of the user and device, and facilitate reminders to return the device, pay fees if necessary, pick up a device when a repair is complete, and more.

Insight 2

The Google Admin Console allows admins to follow an organizational unit (OU) structure very similar to what they may have used in Microsoft's Active Directory environment. This familiarity makes the task of administering Chromebooks easier for admins.

Insight 3

Chromebook management goes beyond securing and manipulating the device. Controls to protect the students while online, such as Safe Search and Safe Browsing, should also be implemented.

Insight 4

Most companies choose to use a dedicated MacBook management tool. Many unified endpoint management (UEM) tools can manage MacBooks to some extent, but admins tend to agree that a MacBook-focused endpoint management tool is best for MacBooks while a Windows-based endpoint management tool is best for Windows devices.

Insight 5

Some MacBook management solutions advocate integration with Windows UEM solutions to take advantage of Microsoft features such as conditional access, security functionality, and data governance. This approach can also be applied to Chromebooks.

Chromebooks

Chromebooks had a respectable share of the education market before 2020, but the COVID-19 pandemic turbocharged the penetration of Chromebooks in the education industry.

Chromebooks are also catching the attention of some decision makers in the enterprise environment.

"In 2018, Chromebooks represented an incredible 60 percent of all laptop or tablet devices in K-12 -- up from zero percent when the first Chromebook launched during the summer break in 2011."
– "Will Chromebooks Rule the Enterprise?" Computerworld

"Chromebooks were the best performing PC products in Q3 2020, with shipment volume increasing to a record-high 9.4 million units, up a whopping 122% year-on-year."
– Android Police

"Until the pandemic, Chrome OS' success was largely limited to U.S. schools. Demand in 2020 appears to have expanded beyond that small but critical part of the U.S. PC market."
– Geekwire

"In addition to running a huge number of Chrome Extensions and Apps at once, Chromebooks also run Android, Linux and Windows apps."
– "Will Chromebooks Rule the Enterprise?" Computerworld

Managing Chromebooks

Start with the Google Admin Console (GAC)

GAC is necessary to initially manage Chrome OS devices.

GAC gives you a centralized console that will allow you to:

• Create organizational units
• Add your Chromebook devices
• Add users
• Assign users to devices
• Create groups
• Create and assign policies
• Plus more

GAC can facilitate device management with features such as:

• Control admin permissions
• Encryption and update settings
• App deployment, screen timeout settings
• Perform a device wipe if required
• Audit user activity on a device
• Plus more

Device and user addition, group and organizational unit creation and administration, applying policies to devices and users – does all this remind you of your Active Directory environment?

GAC lets you administer users and devices with a similar approach.

Managing Chromebooks

Use Active Directory to manage Chromebooks.

• Enable Active Directory (AD) management from within GAC and you will be able to integrate your Chromebook devices with your AD environment.
• Devices will be visible in both the GAC and AD environment.
• Use Windows Group Policy to manage devices and to push policies to users and devices.
• Users can use their AD username and password to sign into Chromebook devices.
• GAC can still be used for devices that are not synced with AD.

Chromebooks can also be managed through these approved partners:

• Cisco Meraki
• Citrix XenMobile
• IBM MaaS360
• ManageEngine Mobile Device Manager Plus
• VMware Workspace ONE

Source: Google

You must be running the Chrome Enterprise Upgrade and have any licenses required by the approved partner to take advantage of this management option. The partner admin policies supersede GAC.

If you stop using the approved partner admin console to manage your devices, the polices and settings in GAC will immediately take over the devices.

Microsoft still has the market share when it comes to device sales, and many administrators are already familiar with Microsoft's Active Directory. Google took advantage of that familiarity when it designed the Google Admin Console structure for users, groups, and organizational units.

Chromebook Deployment

Chromebook deployment becomes a challenge when device quantities grow. The enrollment process can be time consuming, and every device must be enrolled before it can be used by an employee or a student. Many admins enlist their full IT teams to assist in the short term. Some vendor partners may assist with distribution options if staffing levels permit. Recent developments from Google have opened additional options for device enrollment beyond the manual enrollment approach.

Enrolling Chromebooks comes down to one of two approaches:

1. Manually enrolling one device at a time
   • Users can assist by entering some identifying details during the enrollment if permitted.
   • Some third-party solutions exist, such as USB drives to reduce repetitive keystrokes or hubs to facilitate manually enrolling multiple Chromebooks simultaneously.
2. Google's Chrome Enterprise Upgrade or the Chrome Education Upgrade
   • This allows you to let your users enroll devices after they accept the end-user license agreement.
   • You can take advantage of Google's vendor partner program and use a zero-touch deployment method where the Chromebook devices automatically receive the assigned policies, apps, and settings as soon as the device is powered on and an authorized user signs in.
   • The Enterprise Upgrade and the Education Upgrade do come with an annual cost per device, which is currently less than US$50.
   • The Enterprise and Education Upgrades come with other features as well, such as enhanced security.

Chromebooks are automatically assigned to the top-level organizational unit (OU) when enrolled. Devices can be manually moved to another OU, but admins can also create enrollment policies to place newly enrolled devices in a specific OU or have the device locate itself in the same OU as the user.

Chromebooks in Education

GAC is also used with Education-licensed devices

Most of the settings and features previously mentioned are also available for Education-licensed devices and users. Enterprise-specific features will not be available to Education licenses. (Active Directory integration with Education licenses, for example, is accomplished using a different approach)

• Groups, policies, administrative controls, app deployment and management, adding devices and users, creating organizational units, and more features are all available to Education Admins to use.

Education device policies and settings tend to focus more on protecting the students with controls such as:

• Disable incognito mode
• Disable location tracking
• Disable external storage devices
• Browser based protections such as Safe Search or Safe Browsing
• URL blocking
• Video input disable for websites
• App installation prevention, auto re-install, and app blocking
• Forced re-enrollment to your domain after a device is wiped
• Disable Guest Mode
• Restrict who can sign in
• Audit user activity on a device

When a student takes home a Chromebook assigned to them, that Chromebook may be the only computer in the household. Administrative polices and settings must take into account the fact that the device may have multiple users accessing many different sites and applications when the device is outside of the school environment.

Chromebook Management Extended

An online search for Chromebook management solutions will reveal several software solutions that augment the capabilities of the Google Admin Console. Many of these solutions are focused on the education sector and classroom and student options, although the features would be beneficial to enterprises and educational organizations alike.

These solutions assist or augment Chromebook management with features such as:

• Ability to sync with Google Admin Console
• Ability to sync with student information systems, such as PowerSchool
• Financial management, purchase details, and chargeback
• Asset lifecycle management
• 1:1 Chromebook distribution management
• Repair programs and repair process management
• Check-out/loan program management
• Device distribution/allocation management, including barcode reader integration
• Simple learning material distribution to the classroom for teachers
• Facilitate GAC bulk operations
• Manage inventory of non-IT assets such as projectors, TVs, and other educational assets
• Plus more

"There are many components to managing Chromebooks. Schools need to know which student has which device, which school has which device, and costs relating to repairs. Chromebook Management Software … facilitates these processes."
– VIZOR

MacBooks

• MacBooks are gaining popularity in the Enterprise world.
• Some admins claim MacBooks are less expensive in the long run over Windows-based PCs.
• Users claim less issues when using a MacBook, and overall, companies report increased retention rates when users are using MacBooks.

"Macs now make up 23% of endpoints in enterprises."
– ComputerWeekly.com

"When given the choice, no less than 72% of employees choose Macs over PCs."
– "5 Reasons Mac is a must," Jamf

"IBM says it is 3X more expensive to manage PCs than Macs."
– Computerworld

"74% of those who previously used a PC for work experienced fewer issues now that they use a Mac"
– "Global Survey: Mac in the Enterprise," Jamf

"When enterprise moves to Mac, staff retention rates improve by 20%. That's quite a boost! "
– "5 Reasons Mac is a must," Jamf

Managing MacBooks

Can your existing UEM keep up?

Many Windows unified endpoint management (UEM) tools can manage MacBooks, but most companies choose to use a dedicated MacBook management tool.

• UEM tools that are primarily Windows focused do not typically go deep enough into the management capabilities of non-Windows devices.
• Admins have noted limitations when it comes to using Windows UEM tools, and reasons they prefer a dedicated MacBook management solution include:
  • Easier to use
• Faster response times when deploying settings and policies
• Better control over notification settings and lock screen settings.
• Easier Apple Business Manager (ABM) integration and provisioning.
• Note that not every UEM will have the same limitations or advantages. Functionality is different between vendor products.

Info-Tech Insight

Most Windows UEM tools are constantly improving, and it is only a matter of time before they rival many of the dedicated MacBook management tools out there.

Admins tend to agree that a Windows UEM is best for Windows while an Apple-based UEM is best for Apple devices.

Managing MacBooks

The market for "MacBook-first" management solutions includes a variety of players of varying ages such as:

• Jamf
• Kandji
• Mosyle
• SimpleMDM
• Others

MacBook-focused management tools can provide features such as:

• Encryption and update settings
• App deployment and lifecycle management
• Remote device wipe, scan, shutdown, restart, and lock
• Zero touch deployment and support
• Location tracking
• Browser content filtering
• Enable, hide/block, or disable built-in features
• Configure Wi-Fi, VPN, and certificate-based settings
• Centralized dashboard with device and app listings as well as individual details
• Data restrictions
• Plus more

Unified endpoint management (UEM) solutions that can provide MacBook management to some degree include (but are not limited to):

• Intune
• Ivanti
• Endpoint Central
• WorkspaceOne

Dedicated solutions advocate integration with UEM solutions to take advantage of conditional access, security functionality, and data governance features.

Jamf and Microsoft entered into a collaboration several years ago with the intention of making the MacBook management process easier and more secure.

Microsoft Intune and Jamf Pro: Better together to manage and secure Macs
Microsoft Conditional Access with Jamf Pro ensures that company data is only accessed by trusted users, on trusted devices, using trusted apps. Jamf extends this Enterprise Mobile + Security (EMS) functionality to Mac, iPhone and iPad.
– "Microsoft Intune and Jamf Pro," Jamf

Endpoint Management Selection Tool
Activity

There are many solutions available to manage end-user devices, and they come with a long list of options and features. Clarify your needs and define your requirements before you purchase another endpoint management tool. Don't purchase capabilities that you may never use.

Use the Endpoint Management Selection Tool to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.

1. List out the desired features you want in an endpoint solution for your devices and record those features in the first column. Use the features provided, or add your own and edit or delete the existing ones if necessary.
2. List your selected endpoint management solution vendors in each of the columns in place of "Vendor 1," "Vendor 2," etc.
3. Fill out the spreadsheet by changing the corresponding desired feature cell under each vendor to a "yes" or "no" based on your findings while investigating each vendor solution.
4. When you have finished your investigation, review your spreadsheet to compare the various offerings and pros and cons of each vendor.
5. Select your endpoint management solution.

Related Info-Tech Research

Modernize and Transform Your End-User Computing Strategy
This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?

Best Unified Endpoint Management (UEM) Software 2022 | SoftwareReviews
Compare and evaluate unified endpoint management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best unified endpoint management software for your organization.

Best Enterprise Mobile Management (EMM) Software 2022 | (softwarereviews.com)
Compare and evaluate enterprise mobile management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best enterprise mobile management software for your organization.

Bibliography

Bridge, Tom. "Macs in the enterprise – what you need to know". Computerweekly.com, TechTarget. 27 May 2022. Accessed 12 Aug. 2022.
Copley-Woods, Haddayr. "5 reasons Mac is a must in the enterprise". Jamf.com, Jamf. 28 June 2022. Accessed 16 Aug. 2022.
Duke, Kent. "Chromebook sales skyrocketed in Q3 2020 with online education fueling demand." androidpolice.com, Android Police. 16 Nov 2020. Accessed 10 Aug. 2022.
Elgin, Mike. "Will Chromebooks Rule the Enterprise? (5 Reasons They May)". Computerworld.com, Computerworld. 30 Aug 2019. Accessed 10 Aug. 2022.
Evans, Jonny. "IBM says it is 3X more expensive to manage PCs than Macs". Computerworld.com, Computerworld. 19 Oct 2016. Accessed 23 Aug. 2022.
"Global Survey: Mac in the Enterprise". Jamf.com, Jamf. Accessed 16 Aug. 2022.
"How to Manage Chromebooks Like a Pro." Vizor.cloud, VIZOR. Accessed 10 Aug. 2022.
"Manage Chrome OS Devices with EMM Console". support.google.com, Google. Accessed 16 Aug. 2022.
Protalinski, Emil. "Chromebooks outsold Macs worldwide in 2020, cutting into Windows market share". Geekwire.com, Geekwire. 16 Feb 2021. Accessed 22 Aug. 2022.
Smith, Sean. "Microsoft Intune and Jamf Pro: Better together to manage and secure Macs". Jamf.com, Jamf. 20 April 2022. Accessed 16 Aug. 2022.

Manage Poor Performance While Working From Home

Assess and improve remote work performance with our ready-to-use tools.

Executive Summary

McLean & Company Insight

Poor performance must be managed, despite the pandemic. Evaluating root causes of performance issues is more important than ever now that personal factors such as lack of childcare and eldercare for those working from home are complicating the issue.

Situation

COVID-19 has led to a sudden shift to working from home (WFH), resulting in a 72% decline in in-office work (Ranosa, 2020). While these uncertain times have disrupted traditional work routines, employee performance remains critical, as it plays a role in determining how organizations recover. Managers must not turn a blind eye to performance issues but rather must act quickly to support employees who may be struggling.

Complication

For many, emergency WFH comes with several new challenges such as additional childcare responsibilities, sudden changes in role expectations, and negative impacts on wellbeing. These new challenges, coupled with previously existing ones, can result in poor performance. Owing to the lack of physical presence and cues, managers may struggle to identify that an employee’s performance is suffering. Even after identifying poor performance, it can be difficult to address remotely when such conversations would ideally be held in person.

Solution

Organizations need to have a clear process for improving performance for employees working remotely during the COVID-19 pandemic. Provide managers with resources to help them identify performance issues and uncover their root causes as part of addressing overall performance. This will allow managers to connect employees with the required support while working with them to improve performance.

Manage Poor Performance While Working From Home is made up of the following resources:

In this blueprint, “WFH” and “remote working” are used interchangeably.

This blueprint will not cover the performance management framework; it is solely focused on managing performance issues.

For information on adjusting the regular performance management process during the pandemic, see Performance Management for Emergency Work-From-Home.

Identify how low performance is normally addressed

A process for performance improvement is not akin to outlining the steps of a performance improvement plan (PIP). The PIP is a development tool used within a larger process for performance improvement. Guidance on how to structure and use a PIP will be provided later in this blueprint.

For information on adjusting performance expectations during the pandemic, see Performance Management for Emergency Work-From-Home.

The process for non-union and union employees will likely differ. Make sure your process for unionized employees aligns with collective agreements.

Determine how managers can identify poor performance of staff working remotely

While it’s important for managers to keep an eye out for decreased performance, discourage them from over-monitoring employees, as this can lead to a damaging environment of distrust.

Support managers in initiating performance conversations and uncovering root causes

Ensure managers continue to conduct frequent performance conversations

Once an informal conversation has been initiated, the manager should schedule frequent one-on-one performance conversations (above and beyond performance management check-ins).

Help managers use formal performance improvement tools with remote workers

Clarify remote PIP stages and best practices

Managers, HR, and employees all have a role to play in performance improvement

Managers

• Identify the outcomes the organization is looking for and clearly outline and communicate the expectations for the employee’s performance.
• Diagnose root cause(s) of the performance issue.
• Support employee through frequent conversations and feedback.
• Coach for improved performance.
• Visibly recognize and broadcast employee achievements.

Employees

• Have open and honest conversations with their manager, acknowledge their accountability, and be receptive to feedback.
• Set performance goals to meet expectations of the role.
• Prepare for frequent check-ins regarding improvement.
• Seek support from HR as required.

HR

• Provide managers with a process, training, and support to improve employee performance.
• Coach managers to ensure employees have been made aware of their role expectations and current performance and given specific recommendations on how to improve.
• Reinforce the process for improving employee performance to ensure that adequate coaching conversations have taken place before the formal PIP.
• Coach employees on how to approach their manager to discuss challenges in meeting expectations.

HR should conduct checkpoints with both managers and employees in cases where a formal PIP was initiated to ensure the process for performance improvement is being followed and to support both parties in improving performance.

Email templates

Use the templates found on the next slides to draft communications to employees who are underperforming while working from home.

Customize all templates with relevant information and use them as a guide to further tailor your communication to a specific employee.

Customization Recommendations

Review all slides and adjust the language or content as needed to suit the needs of the employee, the complexity of their role, and the performance issue.

• The pencil icon to the left denotes slides requiring customization of the text. Customize text in grey font and be sure to convert all font to black when you are done.

Included Templates

1. Performance Discussion Follow-Up
2. PIP Cover Letter

This template is not a substitute for legal advice. Ensure you consult with your legal counsel, labor relations representative, and union representative to align with collective agreements and relevant legislation.

Sample Performance Discussion Follow-Up

Hello [name],

Thank you for the commitment and eagerness in our meeting yesterday.

I wanted to recap the conversation and expectations for the month of [insert month].

As discussed, you have been advised about your recent [behavior, performance, attendance, policy, etc.] where you have demonstrated [state specific issue with detail of behavior/performance of concern]. As per our conversation, we’ll be working on improvement in this area in order to meet expectations set out for our employees.

It is expected that employees [state expectations]. Please do not hesitate to reach out to me if there is further clarification needed or you if you have any questions or concerns. The management team and I are committed to helping you achieve these goals.

We will do a formal check-in on your progress every [insert day] from [insert time] to review your progress. I will also be available for daily check-ins to support you on the right track. Additionally, you can book me in for desk-side coaching outside of my regular desk-side check-ins. If there is anything else I can do to help support you in hitting these goals, please let me know. Other resources we discussed that may be helpful in meeting these objectives are [summarize available support and resources]. By working together through this process, I have no doubt that you can be successful. I am here to provide support and assist you through this.

If you’re unable to show improvements set out in our discussion by [date], we will proceed to a formal performance measure that will include a performance improvement plan. Please let me know if you have any questions or concerns; I am here to help.

Please acknowledge this email and let me know if you have any questions.

Thank you,

PIP Cover Letter

Hello [name] ,

This is to confirm our meeting on [date] in which we discussed your performance to date and areas that need improvement. Please find the attached performance improvement plan, which contains a detailed action plan that we have agreed upon to help you meet role expectations over the next [XX days]. The aim of this plan is to provide you with a detailed outline of our performance expectations and provide you the opportunity to improve your performance, with our support.

We will check in every [XX days] to review your progress. At the end of the [XX]-day period, we will review your performance against the role expectations set out in this performance improvement plan. If you don’t meet the performance requirements in the time allotted, further action and consequences will follow.

Should you have any questions about the performance improvement plan or the process outlined in this document, please do not hesitate to discuss them with me.

[Employee name], it is my personal objective to help you be a fully productive member of our team. By working together through this performance improvement plan, I have no doubt that you can be successful. I am here to provide support and assist you through the process. At this time, I would also like to remind you about the [additional resources available at your organization, for example, employee assistance program or HR].

Please acknowledge this email and let me know if you have any questions.

Thank you,

Prepare and customize manager guide and resources

	Manage Poor Performance While Working From Home: Manager Guide This tool for managers provides advice on navigating the process and focuses on the content of remote performance discussions.		Set Meaningful Employee Performance Measures See this blueprint for information on setting holistic measures to inspire employee performance.
	Manage Poor Performance While Working From Home: Infographic This tool illustrates the high-level steps of the performance improvement process.		Wellness and Working From Home: Infographic This tool highlights tips to manage physical and mental health while working from home.
	Build a Better Manager: Team Essentials See this solution set for more information on kick-starting the effectiveness of first-time IT managers with essential management skills.		Leverage Agile Goal Setting for Improved Employee Engagement & Performance See this blueprint for information on dodging the micromanaging foul and scoring with agile short-term goal setting.

Bibliography

Arringdale, Chris. “6 Tips For Managers Trying to Overcome Performance Appraisal Anxiety.” TLNT. 18 September 2015. Accessed 2018.

Borysenko, Karlyn. “What Was Management Thinking? The High Cost of Employee Turnover.” Talent Management and HR. 22 April 2015. Accessed 2018.

Cook, Ian. “Curbing Employee Turnover Contagion in the Workplace.” Visier. 20 February 2018. Accessed 2018.

Cornerstone OnDemand. Toxic Employees in the Workplace. Santa Monica, California: Cornerstone OnDemand, 2015. Web.

Dewar, Carolyn and Reed Doucette. “6 elements to create a high-performing culture.” McKinsey & Company. 9 April 2018. Accessed 2018.

Eagle Hill. Eagle Hill National Attrition Survey. Washington, D.C.: Eagle Hill, 2015. Web.

ERC. “Performance Improvement Plan Checklist.” ERC. 21 June 2017. Accessed 2018.

Foster, James. “The Impact of Managers on Workplace Engagement and Productivity.” Interact. 16 March 2017. Accessed 2018.

Godwins Solicitors LLP. “Employment Tribunal Statistics for 2015/2016.” Godwins Solicitors LLP. 8 February 2017. Accessed 2018.

Mankins, Michael. “How to Manage a Team of All-Stars.” Harvard Business Review. 6 June 2017. Accessed 2018.

Maxfield, David, et al. The Value of Stress-Free Productivity. Provo, Utah: VitalSmarts, 2017. Web.

Murphy, Mark. “Skip Your Low Performers When Starting Performance Appraisals.” Forbes. 21 January 2015. Accessed 2018.

Quint. “Transforming into a High Performance Organization.” Quint Wellington Redwood. 16 November 2017. Accessed 2018.

Ranosa, Rachel. "COVID -19: Canadian Productivity Booms Despite Social Distancing." Human Resources Director, 14 April 2020. Accessed 2020.

The Small Enterprise Guide to People and Resource Management

Quickly start getting the right people, with the right skills, at the right time

Is this research right for you?

Research Navigation

Managing the people in your department is essential, whether you have three employees or 300. Depending on your available time, resources, and current workforce management maturity, you may choose to focus on the overall essentials, or dive deep into particular areas of talent management. Use the questions below to help guide you to the right Info-Tech resources that best align with your current needs.

Analyst Perspective

Workforce planning is even more important for small enterprises than large organizations.

It can be tempting to think of workforce planning as a bureaucratic exercise reserved for the largest and most formal of organizations. But workforce planning is never more important than in small enterprises, where every individual accounts for a significant portion of your overall productivity.

Without workforce planning, organizations find themselves in reactive mode, hiring new staff as the need arises. They often pay a premium for having to fill a position quickly or suffer productivity losses when a critical role goes unexpectedly vacant.

A workforce plan helps you anticipate these challenges, come up with solutions to mitigate them, and allocate resources for the most impact, which means a greater return on your workforce investment in the long run.

This blueprint will help you accomplish this quickly and efficiently. It will also provide you with the essential development and knowledge transfer tools to put your plan into action.

Jane Kouptsova
Senior Research Analyst, CIO Advisory
Info-Tech Research Group

Executive Summary

Your Challenge

52% of small business owners agree that labor quality is their most important problem.¹

Almost half of all small businesses face difficulty due to staff turnover.

76% of executives expect the talent market to get even more challenging.²

Common Obstacles

76% of executives expect workforce planning to become a top strategic priority for their organization.²

But…

30% of small businesses do not have a formal HR function.³

Small business leaders are often left at a disadvantage for hiring and retaining the best talent, and they face even more difficulty due to a lack of support from HR.

Small enterprises must solve the strategic workforce planning problem, but they cannot invest the same time or resources that large enterprises have at their disposal.

Info-Tech's Approach

A modular, lightweight approach to workforce planning and talent management, tailored to small enterprises

Clear activities that guide your team to decisive action

Founded on your IT strategy, ensuring you have not just good people, but the right people

Concise yet comprehensive, covering the entire workforce lifecycle from competency planning to development to succession planning and reskilling

Info-Tech Insight

Every resource counts. When one hire represents 10% of your workforce, it is essential to get it right.

¹CNBC & SurveyMonkey. ²ADP. ³Clutch.

Labor quality is small enterprise's biggest challenge

The key to solving it is strategic workforce planning

Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in today's workforce, including pinpointing the human capital needs of the future.

Linking workforce planning with strategic planning ensures that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

¹CNBC & SurveyMonkey. ²Clutch. ³ADP.

Workforce planning matters more for small enterprises

You know that staffing mistakes can cost your department dearly. But did you know the costs are greater for small enterprises?

The price of losing an individual goes beyond the cost of hiring a replacement, which can range from 0.5 to 2 times that employee's salary (Gallup, 2019). Additional costs include loss of productivity, business knowledge, and team morale.

This is a major challenge for large organizations, but the threat is even greater for small enterprises, where a single individual accounts for a large proportion of IT's productivity. Losing one of a team of 10 means 10% of your total output. If that individual was solely responsible for a critical function, your department now faces a significant gap in its capabilities. And the effect on morale is much greater when everyone is on the same close-knit team.

And the threat continues when the staffing error causes you not to lose a valuable employee, but to hire the wrong one instead. When a single individual makes up a large percentage of your workforce, as happens on small teams, the effects of talent management errors are magnified.

Info-Tech Insight

One bad hire on a team of 100 is a problem. One bad hire on a team of 10 is a disaster.

Blueprint pre-step: Determine your starting point

People and Resource management is essential for any organization. But depending on your needs, you may want to start at different stages of the process. Use this slide as a quick reference for how the activities in this blueprint fit together, how they relate to other workforce management resources, and the best starting point for you.

Your IT strategy is an essential input to your workforce plan. It defines your destination, while your workforce is the vessel that carries you there. Ensure you have at least an informal strategy for your department before making major workforce changes, or review Info-Tech's guidance on IT strategy.

This blueprint covers the parts of workforce management that occur to some extent in every organization:

• Workforce planning
• Knowledge transfer
• Development planning

You may additionally want to seek guidance on contract and vendor management, if you outsource some part of your workload outside your core IT staff.

Track metrics

Consider these example metrics for tracking people and resource management success

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 4 to 6 calls over the course of 3 to 4 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Each onsite day is structured with group working sessions from 9-11 a.m. and 1:30-3:30 p.m. and includes Open Analyst Timeslots, where our facilitators are available to expand on scheduled activities, capture and compile workshop results, or review additional components from our comprehensive approach.

Phase 1

Workforce Planning

The Small Enterprise Guide to People and Resource Management

Phase Participants

• Leadership team
• Managers
• Human resource partner (if applicable)

Additional Resources

Workforce Planning Workbook for Small Enterprises

Phase pre-step: Gather resources and participants

1. Ensure you have an up-to-date IT strategy. If you don't have a formal strategy in place, ensure you are aware of the main organizational objectives for the next 3-5 years. Connect with executive stakeholders if necessary to confirm this information.
   If you are not sure of the organizational direction for this time frame, we recommend you consult Info-Tech's material on IT strategy first, to ensure your workforce plan is fully positioned to deliver value to the organization.
2. Consult with your IT team and gather any documentation pertaining to current roles and skills. Examples include an org chart, job descriptions, a list of current tasks performed/required, a list of company competencies, and a list of outsourced projects.
3. Gather the right participants. Most of the decisions in this section will be made by senior leadership, but you will also need input from front-line managers. Ensure they are available on an as-needed basis. If your organization has an HR partner, it can also be helpful to involve them in your workforce planning process.

Formal workforce planning benefits even small teams

Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in your workforce today and plan for the human capital needs of the future.

Your workforce plan is an extension of your IT strategy, ensuring that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

The smaller the business, the more impact each individual's performance has on the overall success of the organization. When a given role is occupied by a single individual, the organization's performance in that function is determined wholly by one employee. Creating a workforce plan for a small team may seem excessive, but it ensures your organization is not unexpectedly hit with a critical competency gap.

Right-size your workforce planning process to the size of your enterprise

Small organizations are 2.2 times more likely to have effective workforce planning processes.¹ Be mindful of the opportunities and risks for organizations of your size as you execute the project. How you build your workforce plan will not change drastically based on the size of your organization; however, the scope of your initiative, the size of your team, and the tactics you employ may vary.

¹ McLean & Company Trends Report 2014

1.1 Set project outcomes and success metrics

1-3 hours

1. As a group, brainstorm key pain points that the IT department experiences due to the lack of a workforce plan. Ask them to consider turnover, retention, training, and talent acquisition.
2. Discuss any key themes that arise and brainstorm your desired project outcomes. Keep a record of these for future reference and to aid in stakeholder communication.
3. Break into smaller groups (or if too small, continue as a single group):
   1. For each desired outcome, consider what metrics you could use to track progress. Keep your initial list of pain points in mind as you brainstorm metrics.
   2. Write each of the metric suggestions on a whiteboard and agree to track 3-5 metrics. Set targets for each metric. Consider the effort required to obtain and track the metric, as well as its reliability.
   3. Assign one individual for tracking the selected metrics. Following the meeting, that individual will be responsible for identifying the baseline and targets, and reporting on metrics progress.

1.2 Identify key roles and competency gaps

1-3 hours

1. As a group, identify all strategic, core, and supporting roles by reviewing the organizational chart:
   1. Strategic: What are the roles that must be filled by top performers and cannot be left vacant in order to meet strategic objectives?
   2. Core: What roles are important to drive operational excellence?
   3. Supporting: What roles are required for day-to-day work, but are low risk if the role is vacant for a period of time?
2. Working individually or in small groups, have managers for each identified role define the level of competence required for the job. Consider factors such as:
   1. The difficulty or criticality of the tasks being performed
   2. The impact on job outcomes
   3. The impact on the performance of other employees
   4. The consequence of errors if the competency is not present
   5. How frequently the competency is used on the job
   6. Whether the competency is required when the job starts or can be learned or acquired on the job within the first six months
3. Continue working individually and rate the level of proficiency of the current incumbent.
4. As a group, review the assessment and make any adjustments.

Record this information in the Workforce Planning Workbook for Small Enterprises.

Download the Workforce Planning Workbook for Small Enterprises

1.2 Identify key roles and competency gaps

Conduct a risk-of-departure analysis

A risk-of-departure analysis helps you plan for future talent needs by identifying which employees are most likely to leave the organization (or their current role).

A risk analysis takes into account two factors: an employee's risk for departure and the impact of departure:

Employees are high risk for departure if they:

• Have specialized or in-demand skills (tenured employees are more likely to have this than recent hires)
• Are nearing retirement
• Have expressed career aspirations that extend outside your organization
• Have hit a career development ceiling at your organization
• Are disengaged
• Are actively job searching
• Are facing performance issues or dismissal OR promotion into a new role

Employees are low risk for departure if they:

• Are a new hire or new to their role
• Are highly engaged
• Have high potential
• Are 5-10 years out from retirement

If you are not sure where an employee stands with respect to leaving the organization, consider having a development conversation with them. In the meantime, consider them at medium risk for departure.

To estimate the impact of departure, consider:

• The effect of losing the employee in the near- and medium-term, including:
  • Impact on the organization, department, unit/team and projects
  • The cost (in time, resources, and productivity loss) to replace the individual
  • The readiness of internal successors for the role

1.3 Conduct a risk analysis to identify future needs

1-3 hours

Preparation: Your estimation of whether key employees are at risk of leaving the organization will depend on what you know of them objectively (skills, age), as well as what you learn from development conversations. Ensure you collect all relevant information prior to conducting this activity. You may need to speak with employees' direct managers beforehand or include them in the discussion.

• As a group, list all your current employees, and using the previous slide for guidance, rank them on two parameters: risk of departure and impact of departure, on a scale of low to high. Record your conclusions in a chart like the one on the right. (For a more in-depth risk assessment, use the "Risk Assessment Results" tab of the Key Roles Succession Planning Tool.)
• Employees that fall in the "Mitigate" quadrant represent key at-risk roles with at least moderate risk and moderate impact. These are your succession planning priorities. Add these roles to your list of key roles and competency gaps, and include them in your workforce planning analysis.
• Employees that fall in the "Manage" quadrants represent secondary priorities, which should be looked at if there is capacity after considering the "Mitigate" roles.

Record this information in the Workforce Planning Workbook for Small Enterprises.

Info-Tech Insight

Don't be afraid to rank most or all your staff as "high impact of departure." In a small enterprise, every player counts, and you must plan accordingly.

1.3 Conduct a risk analysis to identify future needs

Determine your skill sourcing route

The characteristics of need steer hiring managers to a preferred choice, while the marketplace analysis will tell you the feasibility of each option.

Sourcing Options		Preferred Options		Final Choice
	State of the Marketplace		State of the Marketplace
	Urgency: How soon do we need this skill? What is the required time-to-value? Criticality: How critical, i.e. core to business goals, are the services or systems that this skill will support? Novelty: Is this skill brand new to our workforce? Availability: How often, and at what hours, will the skill be needed? Durability: For how long will this skill be needed? Just once, or indefinitely for regular operations?		Scarcity: How popular or desirable is this skill? Do we have a large enough talent pool to draw from? What competition are we facing for top talent? Cost: How much will it cost to hire vs. contract vs. outsource vs. train this skill? Preparedness: Do we have internal resources available to cultivate this skill in house?

1.4 Determine your skill sourcing route

1-3 hours

1. Identify the preferred sourcing method as a group, starting with the most critical or urgent skill need on your list. Use the characteristics of need to guide your discussion. If more than one option seems adequate, carry several over to the next step.
2. Consider the marketplace factors applicable to the skill in question and use these to narrow down to one final sourcing decision.
   1. If it is not clear whether a suitable internal candidate is available or ready, refer to the next activity for a readiness assessment.
3. Be sure to document the rationale supporting your decision. This will ensure the decision can be clearly communicated to any stakeholders, and that you can review on your decision-making process down the line.

Record this information in the Workforce Planning Workbook for Small Enterprises.

Info-Tech Insight

Consider developing a pool of successors instead of pinning your hopes on just one person. A single pool of successors can be developed for either one key role that has specialized requirements or even multiple key roles that have generic requirements.

1.5 Determine readiness of internal successors

1-3 hours

1. As a group, and ensuring you include the candidates' direct managers, identify potential successors for the first role on your list.
2. Ask how effectively the potential successor would serve in the role today. Review the competencies for the key role in terms of:
   1. Relationship-building skills
   2. Business skills
   3. Technical skills
   4. Industry-specific skills or knowledge
3. Determine what competencies the succession candidate currently has and what must be learned. Be sure you know whether the candidate is open to a career change. Don't assume – if this is not clear, have a development conversation to ensure everyone is on the same page.
4. Finally, determine how difficult it will be for the successor to acquire missing skills or knowledge, whether the resources are available to provide the required development, and how long it will take to provide it.
5. As a group, decide whether training an internal successor is a viable option for the role in question, considering the successor's readiness and the characteristics of need for the role. If a clear successor is not readily apparent, consider:
   1. If the development of the successor can be fast-tracked, or if some requirements can be deprioritized and the successor provided with temporary support from other employees.
   2. If the role in question is being discussed because the current incumbent is preparing to leave, consider negotiating an arrangement that extends the incumbent's employment tenure.
6. Record the decision and repeat for the next role on your list.

Info-Tech Insight

A readiness assessment helps to define not just development needs, but also any risks around the organization's ability to fill a key role.

Use alternative work arrangements to gain time to prepare successors

Alternative work arrangements are critical tools that employers can use to achieve a mutually beneficial solution that mitigates the risk of loss associated with key roles.

Alternative work arrangements not only support employees who want to keep working, but more importantly, they allow the business to retain employees that are needed in key roles who are departure risks due to retirement.

Viewing retirement as a gradual process can help you slow down skill loss in your organization and ensure you have sufficient time to train successors. Retiring workers are becoming increasingly open to alternative work arrangements. Among employed workers aged 50-75, more than half planned to continue working part-time after retirement.
Source: Statistics Canada.

Flexible work options are the most used form of alternative work arrangement

Source: McLean & Company, N=44

Choose the alternative work arrangement that works best for you and the employee

Choose the alternative work arrangement that works best for you and the employee

Phase 2

Knowledge Transfer

The Small Enterprise Guide to People and Resource Management

Phase Participants

• Leadership/management team
• Incumbent & successor

Additional Resources

IT Knowledge Identification Interview Guide Template

Knowledge Transfer Plan Template

Determine your skill sourcing route

Knowledge transfer plans have three key components that you need to complete for each knowledge source: