Develop APIs That Work Properly for the Organization

  • Buy Link or Shortcode: {j2store}525|cart{/j2store}
  • member rating overall impact: 10.0/10 Overall Impact
  • member rating average dollars saved: $1,133,999 Average $ Saved
  • member rating average days saved: 23 Average Days Saved
  • Parent Category Name: Requirements & Design
  • Parent Category Link: /requirements-and-design
  • CIOs have trouble integrating new technologies (e.g. mobile, cloud solutions) with legacy applications, and lack standards for using APIs across the organization.
  • Organizations produce APIs that are error-prone, not consistently configured, and not maintained effectively.
  • Organizations are looking for ways to increase application quality and code reusability to improve development throughput using web APIs.
  • Organizations are looking for opportunities to create an application ecosystem which can expose internal services across the organization and/or to external third parties and business partners.

Our Advice

Critical Insight

  • Organizations are looking to go beyond current development practices to provide scalable and reusable web services.
  • Web API development is a tactical competency that is important to enabling speed of development, quality of applications, reusability, innovation, and business alignment.
  • Design your web API as a product that promotes speed of development and service reuse.
  • Optimize the design, development, testing, and monitoring of your APIs incrementally and iteratively to cover all use cases in the long term.

Impact and Result

  • Create a repeatable process to improve the quality, reusability, and governance of your web APIs.
  • Define the purpose of your API and the common uses cases that it will service.
  • Understand what development techniques are required to develop an effective web API based on Info-Tech’s web API framework.
  • Continuously reiterate your web API to demonstrate to business stakeholders the value your web API provides.

Develop APIs That Work Properly for the Organization Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop APIs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Examine the opportunities web APIs can enable

Assess the opportunities of web APIs.

  • Develop APIs That Work Properly for the Organization – Phase 1: Examine the Opportunities Web APIs Can Enable

2. Design and develop a web API

Design and develop web APIs that support business processes and enable reusability.

  • Develop APIs That Work Properly for the Organization – Phase 2: Design and Develop a Web API
  • Web APIs High-Level Design Requirements Template
  • Web API Design Document Template

3. Test the web API

Accommodate web API testing best practices in application test plans.

  • Develop APIs That Work Properly for the Organization – Phase 3: Test the Web API
  • Web API Test Plan Template

4. Monitor and continuously optimize the web API

Monitor the usage and value of web APIs and plan for future optimizations and maintenance.

  • Develop APIs That Work Properly for the Organization – Phase 4: Monitor and Continuously Optimize the Web API
  • Web API Process Governance Template
[infographic]

Workshop: Develop APIs That Work Properly for the Organization

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Examine the Opportunities Web APIs Can Enable

The Purpose

Gauge the importance of web APIs for achieving your organizational needs.

Understand how web APIs can be used to achieve below-the-line and above-the-line benefits.

Be aware of web API development pitfalls. 

Key Benefits Achieved

Understanding the revenue generation and process optimization opportunities web APIs can bring to your organization.

Knowledge of the current web API landscape. 

Activities

1.1 Examine the opportunities web APIs can enable.

Outputs

2 Design & Develop Your Web API

The Purpose

Establish a web API design and development process.

Design scalable web APIs around defined business process flows and rules.

Define the web service objects that the web APIs will expose. 

Key Benefits Achieved

Reusable web API designs.

Identification of data sets that will be available through web services.

Implement web API development best practices. 

Activities

2.1 Define high-level design details based on web API requirements.

2.2 Define your process workflows and business rules.

2.3 Map the relationships among data tables through ERDs.

2.4 Define your data model by mapping the relationships among data tables through data flow diagrams.

2.5 Define your web service objects by effectively referencing your data model.

Outputs

High-level web API design.

Business process flow.

Entity relationship diagrams.

Data flow diagrams.

Identification of web service objects.

3 Test Your Web API

The Purpose

Incorporate APIs into your existing testing practices.

Emphasize security testing with web APIs.

Learn of the web API testing and monitoring tool landscape.

Key Benefits Achieved

Creation of a web API test plan.

Activities

3.1 Create a test plan for your web API.

Outputs

Web API Test Plan.

4 Monitor and Continuously Optimize Your Web API

The Purpose

Plan for iterative development and maintenance of web APIs.

Manage web APIs for versioning and reuse.

Establish a governance structure to manage changes to web APIs. 

Key Benefits Achieved

Implement web API monitoring and maintenance best practices.

Establishment of a process to manage future development and maintenance of web APIs. 

Activities

4.1 Identify roles for your API development projects.

4.2 Develop governance for web API development.

Outputs

RACI table that accommodates API development.

Web API operations governance structure.

Build a Data Architecture Roadmap

  • Buy Link or Shortcode: {j2store}124|cart{/j2store}
  • member rating overall impact: 8.8/10 Overall Impact
  • member rating average dollars saved: $8,846 Average $ Saved
  • member rating average days saved: 23 Average Days Saved
  • Parent Category Name: Data Management
  • Parent Category Link: /data-management
  • Data architecture involves many moving pieces requiring coordination to provide greatest value from data.
  • Data architects are at the center of this turmoil and must be able to translate high-level business requirements into specific instructions for data workers using complex data models.
  • Data architects must account for the constantly growing data and application complexity, more demanding needs from the business, an ever-increasing number of data sources, and a growing need to integrate components to ensure that performance isn’t compromised.

Our Advice

Critical Insight

  • Data architecture needs to evolve with the changing business landscape. There are four common business drivers that put most pressure on archaic architectures. As a result, the organization’s architecture must be flexible and responsive to changing business needs.
  • Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to structurally unsound data that does not serve the business.
  • Data is used differently across the layers of an organization’s data architecture, and the capabilities needed to optimize use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

Impact and Result

  • Have a framework in place to identify the appropriate solution for the challenge at hand. Our three-phase practical approach will help you build a custom and modernized data architecture.
    • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit, and determine the corresponding data architecture tiers that need to be addressed.
    • Discover the best-practice trends, measure your current state, and define the targets for your data architecture tactics.
    • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

Build a Data Architecture Roadmap Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why your organization should optimize its data architecture as it evolves with the drivers of the business to get the most from its data.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Prioritize your data architecture with business-driven tactics

Identify the business drivers that necessitate data architecture improvements, then create a tactical plan for optimization.

  • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 1: Prioritize Your Data Architecture With Business-Driven Tactics
  • Data Architecture Driver Pattern Identification Tool
  • Data Architecture Optimization Template

2. Personalize your tactics to optimize your data architecture

Analyze how you stack up to Info-Tech’s data architecture capability model to uncover your tactical plan, and discover groundbreaking data architecture trends and how you can fit them into your action plan.

  • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 2: Personalize Your Tactics to Optimize Your Data Architecture
  • Data Architecture Tactical Roadmap Tool
  • Data Architecture Trends Presentation

3. Create your tactical data architecture roadmap

Optimize your data architecture by following tactical initiatives and managing the resulting change brought on by those optimization activities.

  • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 3: Create Your Tactical Data Architecture Roadmap
  • Data Architecture Decision Template
[infographic]

Workshop: Build a Data Architecture Roadmap

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Identify the Drivers of the Business for Optimizing Data Architecture

The Purpose

Explain approach and value proposition.

Review the common business drivers and how the organization is driving a need to optimize data architecture.

Understand Info-Tech’s five-tier data architecture model.

Determine the pattern of tactics that apply to the organization for optimization.

Key Benefits Achieved

Understanding of the current data architecture landscape.

Priorities for tactical initiatives in the data architecture practice are identified.

Target state for the data quality practice is defined.

Activities

1.1 Explain approach and value proposition.

1.2 Review the common business drivers and how the organization is driving a need to optimize data architecture.

1.3 Understand Info-Tech’s five-tier data architecture model.

1.4 Determine the pattern of tactics that apply to the organization for optimization.

Outputs

Five-tier logical data architecture model

Data architecture tactic plan

2 Determine Your Tactics For Optimizing Data Architecture

The Purpose

Define improvement initiatives.

Define a data architecture improvement strategy and roadmap.

Key Benefits Achieved

Gaps, inefficiencies, and opportunities in the data architecture practice are identified.

Activities

2.1 Create business unit prioritization roadmap.

2.2 Develop subject area project scope.

2.3 Subject area 1: data lineage analysis, root cause analysis, impact assessment, business analysis

Outputs

Business unit prioritization roadmap

Subject area scope

Data lineage diagram

3 Create a Strategy for Data Quality Project 2

The Purpose

Define improvement initiatives.

Define a data quality improvement strategy and roadmap.

Key Benefits Achieved

Improvement initiatives are defined.

Improvement initiatives are evaluated and prioritized to develop an improvement strategy.

A roadmap is defined to depict when and how to tackle the improvement initiatives.

Activities

3.1 Create business unit prioritization roadmap.

3.2 Develop subject area project scope.

3.3 Subject area 1: data lineage analysis, root cause analysis, impact assessment, business analysis.

Outputs

Business unit prioritization roadmap

Subject area scope

Data lineage diagram

Further reading

Build a Data Architecture Roadmap

Optimizing data architecture requires a plan, not just a data model.

ANALYST PERSPECTIVE

Integral to an insight-driven enterprise is a modern and business-driven data environment.

“As business and data landscapes change, an organization’s data architecture needs to be able to keep pace with these changes. It needs to be responsive so as to not only ensure the organization continues to operate efficiently but that it supports the overall strategic direction of the organization.

In the dynamic marketplace of today, organizations are constantly juggling disruptive forces and are finding the need to be more proactive rather than reactive. As such, organizations are finding their data to be a source of competitive advantage where the data architecture has to be able to not only support the increasing amount, sources, and rate at which organizations are capturing and collecting data but also be able to meet and deliver on changing business needs.

Data architecture optimization should, therefore, aid in breaking down data silos and creating a more shared and all-encompassing data environment for better empowering the business.” (Crystal Singh, Director, Research, Data and Information Practice, Info-Tech Research Group)

Our understanding of the problem

This Research Is Designed For:
  • Data architects or their equivalent, looking to optimize and improve the efficiency of the capture, movement and storage of data for a variety of business drivers.
  • Enterprise architects looking to improve the backbone of the holistic approach of their organization’s structure.
 This Research Will Help You:
  • Identify the business drivers that are impacted and improved by best-practice data architecture.
  • Optimize your data architecture using tactical practices to address the pressing issues of the business to drive modernization.
  • Align the organization’s data architecture with the grander enterprise architecture.
This Research Will Also Assist:
  • CIOs concerned with costs, benefits, and the overall structure of their organizations data flow.
  • Database administrators tasked with overseeing crucial elements of the data architecture.
 This Research Will Help Them:
  • Get a handle on the current situation of data within the organization.
  • Understand how data architecture affects the operations of the data sources within the enterprise.

Executive summary

Situation

  • The data architecture of a modern organization involves many moving pieces requiring coordination to provide greatest value from data.
  • Data architects are at the center of this turmoil and must be able to translate high-level business requirements into specific instructions for data workers using complex data models.

Complication

  • Data architects must account for the constantly growing data and application complexity, and more demanding needs from the business.
  • There is an ever-increasing number of data sources and a growing need to integrate components to ensure that performance isn’t compromised.
  • There isn’t always a clearly defined data architect role, yet the responsibilities must be filled to get maximum value from data.

Resolution

  • To deal with these challenges, a data architect must have a framework in place to identify the appropriate solution for the challenge at hand.
    • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit, and determine the corresponding data architecture tiers that need to be addressed to customize your solution.
    • Discover the best practice trends, measure your current state, and define the targets for your data architecture tactics.
    • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

Info-Tech Insight

  1. Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to a data environment that does not aptly serve or support the business. Identify the priorities of your business and adapt your data architecture to those needs.
  2. Changes to data architecture are typically driven by four common business driver patterns. Use these as a shortcut to understand how to evolve your data architecture.
  3. Data is used differently across the layers of an organization’s data architecture; therefore, the capabilities needed to optimize the use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

Your data is the foundation of your organization’s knowledge and ability to make decisions

Data should be at the foundation of your organization’s evolution.

The transformational insights that executives are constantly seeking to leverage can be uncovered with a data practice that makes high quality, trustworthy information readily available to the business users who need it.

50% Organizations that embrace data are 50% more likely to launch products and services ahead of their competitors. (Nesta, 2016)

Whether hoping to gain a better understanding of your business or trying to become an innovator in your industry, any organization can get value from its data regardless of where you are in your journey to becoming a data-driven enterprise:

Business Monitoring
  • Data reporting
  • Uncover inefficiencies
  • Monitor progress
  • Track inventory levels
 Business Insights
  • Data analytics
  • Expose patterns
  • Predict future trends
Business Optimization
  • Data-based apps
  • Build apps to automate actions based on insights
 Business Transformation
  • Monetary value of data
  • Create new revenue streams
(Journey to Data Driven Enterprise, 2015)

As organizations seek to become more data driven, it is imperative to better manage data for its effective use

Here comes the zettabyte era.

A zettabyte is a billion terabytes. Organizations today need to measure their data size in zettabytes, a challenge that is only compounded by the speed at which the data is expected to move.

Arriving at the understanding that data can be the driving force of your organization is just the first step. The reality is that the true hurdles to overcome are in facing the challenges of today’s data landscape.

Challenges of The Modern Data Landscape
Data at rest Data movement
Greater amounts Different types Uncertain quality Faster rates Higher complexity

“The data environment is very chaotic nowadays. Legacy applications, data sprawl – organizations are grappling with what their data landscape looks like. Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)

Solution

Well-defined and structured data management practices are the best way to mitigate the limitations that derive from these challenges and leverage the most possible value from your data.

Refer to Info-Tech’s capstone Create a Plan For Establishing a Business-Aligned Data Management Practice blueprint to understand data quality in the context of data disciplines and methods for improving your data management capabilities.

Data architecture is an integral aspect of data management

Data Architecture

The set of rules, policies, standards, and models that govern and define the type of data collected and how it is used, stored, managed, and integrated within the organization and its database systems.

In general, the primary objective of data architecture is the standardization of data for the benefit of the organization.

54% of leading “analytics-driven” enterprises site data architecture as a required skill for data analytics initiatives. (Maynard 2015)

MYTH

Data architecture is purely a model of the technical requirements of your data systems.

REALITY

Data architecture is largely dependent on a human element. It can be viewed as “the bridge between defining strategy and its implementation”. (Erwin 2016)

Functions

A strong data architecture should:

  • Define, visualize, and communicate data strategy to various stakeholders.
  • Craft a data delivery environment.
  • Ensure high data quality.
  • Provide a roadmap for continuous improvement.

Business value

A strong data architecture will help you:

  • Align data processes with business strategy and the overall holistic enterprise architecture.
  • Enable efficient flow of data with a stronger focus on quality and accessibility.
  • Reduce the total cost of data ownership.

Data architects must maintain a comprehensive view of the organization’s rapidly proliferating data

The data architect:
  • Acts as a “translator” between the business and data workers to communicate data and technology requirements.
  • Facilitates the creation of the data strategy.
  • Manages the enterprise data model.
  • Has a greater knowledge of operational and analytical data use cases.
  • Recommends data management policies and standards, and maintains data management artifacts.
  • Reviews project solution architectures and identifies cross impacts across the data lifecycle.
  • Is a hands-on expert in data management and warehousing technologies.
  • Is not necessarily it’s own designated position, but a role that can be completed by a variety of IT professionals.

Data architects bridge the gap between strategic and technical requirements:

Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

“Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant)

Many are experiencing the pains of poor data architecture, but leading organizations are proactively tackling these issues

Outdated and archaic systems and processes limit the ability to access data in a timely and efficient manner, ultimately diminishing the value your data should bring.

59%

 of firms believe their legacy storage systems require too much processing to meet today’s business needs. (Attivio, Survey Big Data decision Makers, 2016)

48%

 of companies experience pains from being reliant on “manual methods and trial and error when preparing data.” (Attivio, Survey Big Data decision Makers, 2016)

44%
+
22%

 44% of firms said preparing data was their top hurdle for analytics, with 22% citing problems in accessing data. (Data Virtualization blog, Data Movement Killed the BI Star, 2016)

Intuitive organizations who have recognized these shortcomings have already begun the transition to modernized and optimized systems and processes.

28%

 of survey respondents say they plan to replace “data management and architecture because it cannot handle the requirements of big data.” (Informatica, Digital Transformation: Is Your Data Management Ready, 2016)

50%

 Of enterprises plan to replace their data warehouse systems and analytical tools in the next few years. (TDWI, End of the Data Warehouse as we know it, 2017)

Leading organizations are attacking data architecture problems … you will be left behind if you do not start now!

Once on your path to redesigning your data architecture, neglecting the strategic elements may leave you ineffective

Focusing on only data models without the required data architecture guidance can cause harmful symptoms in your IT department, which will lead to organization-wide problems.

IT Symptoms Due to Ineffective Data Architecture

Poor Data Quality

  • Inconsistent, duplicate, missing, incomplete, incorrect, unstandardized, out of date, and mistake-riddled data can plague your systems.

Poor Accessibility

  • Delays in accessing data.
  • Limits on who can access data.
  • Limited access to data remotely.

Strategic Disconnect

  • Disconnect between owner and consumer of data.
  • Solutions address narrow scope problems.
  • System barriers between departments.
Leads to Poor Organizational Conditions

Inaccurate Insights

  • Inconsistent and/or erroneous operational and management reports.
  • Ineffective cross-departmental use of analytics.

Ineffective Decision Making

  • Slow flow of information to executive decision makers.
  • Inconsistent interpretation of data or reports.

Inefficient Operations

  • Limits to automated functionality.
  • Increased divisions within organization.
  • Regulatory compliance violations.
You need a solution that will prevent the pains.

Follow Info-Tech’s methodology to optimize data architecture to meet the business needs

The following is a summary of Info-Tech’s methodology:

1
  1. Prioritize your core business objectives and identify your business driver.
  2. Learn how business drivers apply to specific tiers of Info-Tech’s five-tier data architecture model.
  3. Determine the appropriate tactical pattern that addresses your most important requirements.
 Visualization of the process described on the left: Business drivers applying to Info-Tech's five-tier data architecture, then determining tactical patterns, and eventually setting targets of your desired optimized state.

2
  1. Select the areas of the five-tier architecture to focus on.
  2. Measure current state.
  3. Set the targets of your desired optimized state.

3
  1. Roadmap your tactics.
  2. Manage and communicate change.
 A roadmap leading to communication.

Info-Tech will get you to your optimized state faster by focusing on the important business issues

First Things First

  1. Info-Tech’s methodology helps you to prioritize and establish the core strategic objectives behind your goal of modernizing data architecture. This will narrow your focus to the appropriate areas of your current data systems and processes that require the most attention.

Info-Tech has identified these four common drivers that lead to the need to optimize your data architecture.

  • Becoming More Data Driven
  • Regulations and Compliance
  • Mergers and Acquisitions
  • New Functionality or Business Rule

These different core objectives underline the motivation to optimize data architecture, and will determine your overall approach.

Use the five-tier architecture to provide a consumable view of your data architecture

Every organization’s data system requires a unique design and an assortment of applications and storage units to fit their business needs. Therefore, it is difficult to paint a picture of an ideal model that has universal applications. However, when data architecture is broken down in terms of layers or tiers, there exists a general structure that is seen in all data systems.

Info-Tech's Five Tier Data Architecture. The five tiers being 'Sources' which includes 'Apps', 'Excel and other documents', and 'Access database(s)'; 'Integration and Translation' the 'Movement and transformation of data'; 'Warehousing' which includes 'Data Lakes & Warehouse(s) (Raw Data)'; 'Analytics' which includes 'Data Marts', 'Data Cube', 'Flat Files', and 'BI Tools'; and 'Presentation' which includes 'Reports' and 'Dashboards'.

Thinking of your data systems and processes in this framework will allow you to see how different elements of the architecture relate to specific business operations.

  1. This blueprint will demonstrate how the business driver behind your redesign requires you to address specific layers of the five-tier data architecture.
  1. Once you’ve aligned your business driver to the appropriate data tiers, this blueprint will provide you with the best practice tactics you should apply to achieve an optimized data architecture.

Use the five-tier architecture to prioritize tactics to improve your data architecture in line with your pattern

Info-Tech’s Data Architecture Capability Model
Info-Tech’s Data Architecture Capability Model featuring the five-tier architecture listing 'Core Capabilities' and 'Advanced Capabilities' within each tier, and a list of 'Cross Capabilities' which apply to all tiers.
  1. Based on your business driver, the relevant data tiers, and your organization’s own specific requirements you will need to establish the appropriate data architecture capabilities.
  2. This blueprint will help you measure how you are currently performing in these capabilities…
  3. And help you define and set targets so you can reach your optimized state.
  1. Once completed, these steps will be provided with the information you will need to create a comprehensive roadmap.
  2. Lastly, this blueprint will provide you with the tools to communicate this plan across your organization and offer change management guidelines to ensure successful adoption.
 Info-Tech Insight

Optimizing data architecture requires a tactical approach, not a passive approach.

The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.

Do not forget: data architecture is not a standalone concept; it fits into the more holistic design of enterprise architecture

Data Architecture in Alignment

Data architecture can not be designed to simply address the focus of data specialists or even the IT department.

It must act as a key component in the all encompassing enterprise architecture and reflect the strategy and design of the entire business.

Data architecture collaborates with application architecture in the delivery of effective information systems, and informs technology architecture on data related infrastructure requirements/considerations

Please refer to the following blueprints to see the full picture of enterprise architecture:

A diagram titled 'Enterprise Architecture' with multiple forms of architecture interacting with each other. At the top is 'Business Architecture' which feeds into 'Data Architecture' and 'Application Architecture' which feed into each other, and influence 'Infrastructure Architecture' and 'Security Architecture'.
Adapted from TOGAF
Refer to Phase C of TOGAF and Bizbok for references to the components of business architecture that are used in data architecture.

Info-Tech’s data architecture optimization methodology helped a monetary authority fulfill strict regulatory pressures

CASE STUDY
Industry: Financial
Source: Info-Tech Consulting
 Symbol for 'Monetary Authority Case Study'. Look for this symbol as you walk through the blueprint for details on how Info-Tech Consulting assisted this monetary authority.

Situation: Strong external pressures required the monetary authority to update and optimize its data architecture.

The monetary authority is responsible for oversight of the financial situation of a country that takes in revenue from foreign incorporation. Due to increased pressure from international regulatory bodies, the monetary authority became responsible for generating multiple different types of beneficial ownership reports based on corporation ownership data within 24 hours of a request.

A stale and inefficient data architecture prevented the monetary authority from fulfilling external pressures.

Normally, the process to generate and provide beneficial ownership reports took a week or more. This was due to multiple points of stale data architecture, including a dependence on outdated legacy systems and a broken process for gathering the required data from a mix of paper and electronic sources.

Provide a structured approach to solving the problem

Info-Tech helped the monetary authority identify the business need that resulted from regulatory pressures, the challenges that needed to be overcome, and actionable tactics for addressing the needs.

Info-Tech’s methodology was followed to optimize the areas of data architecture that address the business driver.

  • External Requirements
  • Business Driver
      Diagnose Data Architecture Problems
    • Outdated architecture (paper, legacy systems)
    • Stale data from other agencies
    • Incomplete data
        Data Architecture Optimization Tactics
      1. Optimized Source Databases
      2. Improved Integration
      3. Data Warehouse Optimization
      4. Data Marts for Reports
      5. Report Delivery Efficiency

As you walk through this blueprint, watch for additional case studies that walk through the details of how Info-Tech helped this monetary authority.

This blueprint’s three-step process will help you optimize data architecture in your organization

Phase 1
Prioritize Your Data Architecture With Business-Driven Tactics
 Phase 2
Personalize Your Tactics to Optimize Your Data Architecture
 Phase 3
Create Your Tactical Data Architecture Roadmap
Step 1: Identify Your Business Driver for Optimizing Data Architecture
  • Learn about what data architecture is and how it must evolve with the drivers of the business.
  • Determine the business driver that your organization is currently experiencing.

    • Data Architecture Driver Pattern Identification Tool

Step 2: Determine Actionable Tactics to Optimize Data Architecture
  • Create your data architecture optimization plan to determine the high-level tactics you need to follow.

    • Data Architecture Optimization Template

 Step 1: Measure Your Data Architecture Capabilities
  • Determine where you currently stand in the data architecture capabilities across the five-tier data architecture.

    • Data Architecture Tactical Roadmap Tool

Step 2: Set a Target for Data Architecture Capabilities
  • Identify your targets for the data architecture capabilities.

    • Data Architecture Tactical Roadmap Tool

Step 3: Identify the Tactics that Apply to Your Organization
  • Understand the trends in the field of data architecture and how they can help to optimize your environment.

    • Data Architecture Trends Presentation

 Step 1: Personalize Your Data Architecture Roadmap
  • Personalize the tactics across the tiers that apply to you to build your personalized roadmap.

    • Data Architecture Tactical Roadmap Tool

Step 2: Manage Your Data Architecture Decisions and the Resulting Changes
  • Document the changes in the organization’s data architecture.
  • Data architecture involves change management – learn how data architects should support change management in the organization.

    • Data Architecture Decision Template

Use these icons to help direct you as you navigate this research

Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

A small monochrome icon of a wrench and screwdriver creating an X.

This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

A small monochrome icon depicting a person in front of a blank slide.

This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Build a Business-Aligned Data Architecture Optimization Strategy – project overview

PHASE 1
Prioritize Your Data Architecture With Business-Driven Tactics		 PHASE 2
Personalize Your Tactics to Optimize Your Data Architecture		 PHASE 3
Create Your Tactical Data Architecture Roadmap
Supporting Tool icon

Best-Practice Toolkit

1.1 Identify Your Business Driver for Optimizing Data Architecture

1.2 Determine Actionable Tactics to Optimize Data Architecture

2.1 Measure Your Data Architecture Capabilities

2.2 Set a Target for Data Architecture Capabilities

2.3 Identify the Tactics that Apply to Your Organization

3.1 Personalize Your Data Architecture Roadmap

3.2 Manage Your Data Architecture Decisions and the Resulting Changes

Guided Implementations
  • Understand what data architecture is, how it aligns with enterprise architecture, and how data architects support the needs of the business.
  • Identify the business drivers that necessitate the optimization of the organization’s data architecture.
  • Create a tactical plan to optimize data architecture across Info-Tech’s five-tier logical data architecture model.
  • Understand Info-Tech’s tactical data architecture capability model and measure the current state of these capabilities at the organization.
  • Determine the target state of data architecture capabilities.
  • Understand the trends in the field of data architecture and identify how they can fit into your environment.
  • Use the results of the data architecture capability gap assessment to determine the priority of activities to populate your personalized data architecture optimization roadmap.
  • Understand how to manage change as a data architect or equivalent.
Associated Activity icon

Onsite Workshop

 Module 1:
Identify the Drivers of the Business for Optimizing Data Architecture		 Module 2:
Create a Tactical Plan for Optimizing Data Architecture		 Module 3:
Create a Personalized Roadmap for Data Architecture Activities

Workshop overview

Contact your account representative or email Workshops@InfoTech.com for more information.

Preparation

Workshop Day 1

Workshop Day 2

Workshop Day 3

Workshop Day 4

Workshop Day 5
Organize and Plan Workshop Identify the Drivers of the Business for Optimizing Data Architecture Determine the Tactics For Optimizing Data Architecture Create Your Roadmap of Optimization Activities Create Your Personalized Roadmap Create a Plan for Change Management

Morning Activities
  • Finalize workshop itinerary and scope.
  • Identify workshop participants.
  • Gather strategic documentation.
  • Engage necessary stakeholders.
  • Book interviews.
  • 1.1 Explain approach and value proposition.
  • 1.2 Review the common business drivers and how the organization is driving a need to optimize data architecture.
  • 2.1 Create your data architecture optimization plan.
  • 2.2 Interview key business stakeholders for input on business drivers for data architecture.
  • 3.1 Align with the enterprise architecture by interviewing the enterprise architect for input on the data architecture optimization roadmap.
  • 4.1 As a group, determine the roadmap activities that are applicable to your organization and brainstorm applicable initiatives.
  • 5.1 Use the Data Architecture Decision Documentation Template to document key decisions and updates.

Afternoon Activities
  • 1.3 Understand Info-Tech’s Five-Tier Data Architecture.
  • 1.4 Determine the pattern of tactics that apply to the organization for optimization.
  • 2.3 With input from the business and enterprise architect, determine the current data architecture capabilities.
  • 3.3 With input from the business and enterprise architect, determine the target data architecture capabilities.
  • 4.2 Determine the timing and effort of the roadmap activities.
  • 5.2 Review best practices for change management.
  • 5.3 Present roadmap and findings to the business stakeholders and enterprise architect.

Deliverables
  • Workshop Itinerary
  • Workshop Participant List
  1. Five-Tier Logical Data Architecture Model
  2. Data Architecture Tactic Plan
  1. Five-Tier Data Architecture Capability Model
  1. Data Architecture Tactical Roadmap
  1. Data Architecture Tactical Roadmap
  1. Data Architecture Decision Template

Build a Business-Aligned Data Architecture Optimization Strategy

PHASE 1

Prioritize Your Data Architecture With Business-Driven Tactics

Phase 1 outline

Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 1: Prioritize Your Data Architecture With Business-Driven Tactics

Proposed Time to Completion: 2 weeks
Step 1.1: Identify Your Business Driver for Optimizing Data Architecture Step 1.2: Determine Actionable Tactics to Optimize Data Architecture
Start with an analyst kick-off call:
  • Understand what data architecture is, what it is not, and how it fits into the broader enterprise architecture program.
  • Determine the drivers that fuel the need for data architecture optimization.
 Review findings with analyst:
  • Understand the Five-Tier Data Architecture Model and how the drivers of the business inform your priorities across this logical model of data architecture.
Then complete these activities…
  • Complete the Data Architecture Driver Pattern Identification Tool.
 Then complete these activities…
  • Create a tactical data architecture optimization plan based on the business driver input.
With these tools & templates:
  • Data Architecture Driver Pattern Identification Tool
 With these tools & templates:
  • Data Architecture Optimization Template

Phase 1 Results & Insights

  • Data Architecture is not just about data models. The approach that Phase 1 guides you through will help to not only plan where you need to focus your efforts as a data architect (or equivalent) but also give you guidance in how you should go about optimizing the holistic data architecture environment based on the drivers of the business.

Phase 1 will help you create a strategy to optimize your data architecture using actionable tactics

In this phase, you will determine your focus for optimizing your data architecture based on the business drivers that are commonly felt by most organizations.

  1. Identify the business drivers that necessitate data architecture optimization efforts.
  2. Understand Info-Tech’s Five-Tier Data Architecture, a logical architecture model that will help you prioritize tactics for optimizing your data architecture environment.
  3. Identify tactics for optimizing the organization’s data architecture across the five tiers.

“To stay competitive, we need to become more data-driven. Compliance pressures are becoming more demanding. We need to add a new functionality.”

Info-Tech’s Five-Tier Data Architecture:

  1. Data Sources
  2. Data Integration and Translation
  3. Data Warehousing
  4. Data Analytics
  5. Data Presentation

Tactical plan for Data Architecture Optimization

Phase 1, Step 1: Identify Your Business Driver for Optimizing Data Architecture

PHASE 1
1.1 1.2
Identify Your Business Driver for Optimizing Data Architecture Determine Actionable Tactics to Optimize Data Architecture

This step will walk you through the following activities:

  • Understand how data architecture fits into the organization’s larger enterprise architecture.
  • Understand what data architecture is and how it should be driven by the business.
  • Identify the driver that is creating a need for data architecture optimization.

This step involves the following participants:

  • Data Architect
  • Enterprise Architect

Outcomes of this step

  • A starting point for the many responsibilities of the data architect role. Balancing business and technical requirements can be challenging, and to do so you need to first understand what is driving the need for data architecture improvements.
  • Holistic understanding of the organization’s architecture environment, including enterprise, application, data, and technology architectures and how they interact.

Data architecture involves planning, communication, and understanding of technology

Data Architecture

A description of the structure and interaction of the enterprise’s major types and sources of data, logical data assets, physical data assets, and data management resources (TOGAF 9).

The subject area of data management that defines the data needs of the enterprise and designs the master blueprints to meet those needs (DAMA DMBOK, 2009).

IBM (2007) defines data architecture as the design of systems and applications that facilitate data availability and distribution across the enterprise.

Definitions vary slightly across major architecture and management frameworks.

However, there is a general consensus that data architecture provides organizations with:

  • Alignment
  • Planning
  • Road mapping
  • Change management
  • A guide for the organization’s data management program

Data architecture must be based on business goals and objectives; developed within the technical strategies, constraints, and opportunities of the organization in support of providing a foundation for data management.

Current Data Management
  • Alignment
  • Planning
  • Road mapping
 Goal for Data Management

Info-Tech Insight

Data Architecture is not just data models. Data architects must understand the needs of the business, as well as the existing people and processes that already exist in the organization to effectively perform their job.

Review how data architecture fits into the broader architectural context

A flow diagram starting with 'Business Processes/Activities' to 'Business Architecture' which through a process of 'Integration' flows to 'Data Architecture' and 'Application Architecture', the latter of which also flows into to the former, and they both flow into 'Technology Architecture' which includes 'Infrastructure' and 'Security'.

Each layer of architecture informs the next. In other words, each layer has components that execute processes and offer services to the next layer. For example, data architecture can be broken down into more granular activities and processes that inform how the organization’s technology architecture should be arranged.

Data does not exist on its own. It is informed by business architecture and used by other architectural domains to deliver systems, IT services, and to support business processes. As you build your practice, you must consider how data fits within the broader architectural framework.

The Zachman Framework is a widely used EA framework; within it, data is identified as the first domain.

The framework aims to standardize artifacts (work-products) within each architectural domain, provides a cohesive view of the scope of EA and clearly delineates data components. Use the framework to ensure that your target DA practice is aligned to other domains within the EA framework.

 'The Zachman Framework for Enterprise Architecture: The Enterprise Ontology', a complicated framework with top and bottom column headers and left and right row headers. Along the top are 'Classification Names': 'What', 'How', 'Where', 'Who', 'When', and 'Why'. Along the bottom are 'Enterprise Names': 'Inventory Sets', 'Process Flows', 'Distribution Networks', 'Responsibility Assignments', 'Timing Cycles', and 'Motivation Intentions'. Along the left are 'Audience Perspectives': 'Executive Perspective', 'Business Mgmt. Perspective', 'Architect Perspective', 'Engineer Perspective', 'Technician Perspective', and 'Enterprise Perspective'. Along the right are 'Model Names': 'Scope Contexts', 'Business Concepts', 'System Logic', 'Technology Physics', 'Tool Components', and 'Operations Instances'.
(Source: Zachman International)

Data architects operate in alignment with the other various architecture groups

Data architects operate in alignment with the other various architecture groups, with coordination from the enterprise architect.

Enterprise Architect
The enterprise architect provides thought leadership and direction to domain architects.

They also maintain architectural standards across all the architectural domains and serve as a lead project solution architect on the most critical assignments.

  • Business Architect
    A business subject matter expert who works with the line-of-business team to assist in business planning through capability-based planning.
  • Security Architect
    Plays a pivotal role in formulating the security strategy of the organization, working with the business and CISO/security manager. Recommends and maintains security standards, policies, and best practices.
  • Infrastructure Architect
    Recommends and maintains standards across the compute, storage, and network layers of the organization. Reviews project solution architectures to ensure compliance with infrastructure standards, regulations, and target state blueprints.
  • Application Architect
    Manages the business effectiveness, satisfaction, and maintainability of the application portfolio. Conduct application architecture assessments to document expected quality attribute standards, identify hotspots, and recommend best practices.
  • Data Architect
    Facilitates the creation of data strategy and has a greater understanding of operational and analytical data use cases. Manages the enterprise data model which includes all the three layers of modelling - conceptual, logical, and physical. Recommends data management policies and standards, and maintains data management artefacts. Reviews project solution architectures and identifies cross impacts across the data lifecycle.

As a data architect, you must maintain balance between the technical and the business requirements

The data architect role is integral to connecting the long-term goals of the business with how the organization plans to manage its data for optimal use.

Data architects need to have a deep experience in data management, data warehousing, and analytics technologies. At a high level, the data architect plans and implements an organization’s data, reporting, and analytics roadmap.

Some of the role’s primary duties and responsibilities include:

  1. Data modeling
  2. Reviewing existing data architecture
  3. Benchmark and improve database performance
  4. Fine tune database and SQL queries
  5. Lead on ETL activities
  6. Validate data integrity across all platforms
  7. Manage underlying framework for data presentation layer
  8. Ensure compliance with proper reporting to bureaus and partners
  9. Advise management on data solutions

Data architects bridge the gap between strategic and technical requirements:

Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

“Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant)

Info-Tech Insight

The data architect role is not always clear cut. Many organizations do not have a dedicated data architect resource, and may not need one. However, the duties and responsibilities of the data architect must be carried out to some degree by a combination of resources as appropriate to the organization’s size and environment.

Understand the role of a data architect to ensure that essential responsibilities are covered in the organization

A database administrator (DBA) is not a data architect, and data architecture is not something you buy from an enterprise application vendor.

Data Architect Role Description

  • The data architect must develop (along with the business) a short-term and long-term vision for the enterprise’s data architecture.
  • They must be able to create processes for governing the identification, collection, and use of accurate and valid metadata, as well as for tracking data quality, completeness, and redundancy.
  • They need to create strategies for data security, backup, disaster recovery, business continuity, and archiving, and ensure regulatory compliance.

Skills Necessary

  • Hands-on experience with data architecting and management, data mining, and large-scale data modeling.
  • Strong understanding of relational and non-relational data structures, theories, principles, and practices.
  • Strong familiarity with metadata management.
  • Knowledge of data privacy practices and laws.

Define Policies, Processes, and Priorities

  • Policies
    • Boundaries of the data architecture.
    • Data architecture standards.
    • Data architecture security.
    • Responsibility of ownership for the data architecture and data repositories.
    • Responsibility for data architecture governance.
  • Processes
    • Data architecture communication.
    • Data architecture change management.
    • Data architecture governance.
    • Policy compliance monitoring.
  • Priorities
    • Align architecture efforts with business priorities.
    • Close technology gaps to meet service level agreements (SLAs).
    • Determine impacts on current or future projects.

See Info-Tech’s Data Architect job description for a comprehensive description of the data architect role.

Leverage data architecture frameworks to understand how the role fits into the greater Enterprise Architecture framework

Enterprise data architectures are available from industry consortiums such as The Open Group (TOGAF®), and open source initiatives such as MIKE2.0.

Logo for The Open Group.

The Open Group TOGAF enterprise architecture model is a detailed framework of models, methods, and supporting tools to create an enterprise-level architecture.

  • TOGAF was first developed in 1995 and was based on the Technical Architecture Framework for Information Management (TAFIM) developed by the US Department of Defense.
  • TOGAF includes application, data, and infrastructure architecture domains providing enterprise-level, product-neutral architecture principles, policies, methods, and models.
  • As a member of The Open Group, it is possible to participate in ongoing TOGAF development initiatives.

The wide adoption of TOGAF has resulted in the mapping of it to several other industry standards including CoBIT and ITIL.

Logo for MIKE2.0.

MIKE2.0 (Method for an Integrated Knowledge Environment), is an open source method for enterprise information management providing a framework for information development.

  • SAFE (Strategic Architecture for the Federated Enterprise) provides the technology solution framework for MIKE2.0
  • SAFE includes application, presentation, information, data, Infrastructure, and metadata architecture domains.

Info-Tech Best Practice

If an enterprise-level IT architecture is your goal, TOGAF is likely a better model. However, if you are an information and knowledge-based business then MIKE2.0 may be more relevant to your business.

The data architect must identify what drives the need for data from the business to create a business-driven architecture

As the business landscape evolves, new needs arise. An organization may undergo new compliance requirements, or look to improve their customer intimacy, which could require a new functionality from an application and its associated database.

There are four common scenarios that lead to an organization’s need to optimize its data architecture and these scenarios all present unique challenges for a data architect:

  1. Becoming More Data Driven As organizations are looking to get more out of their data, there is a push for more accurate and timely data from applications. Data-driven decision making requires verifiable data from trustworthy sources. Result: Replace decisions made on gut or intuition with real and empirical data - make more informed and data-driven decisions.
  2. New Functionality or Business Rule In order to succeed as business landscapes change, organizations find themselves innovating on products or services and the way they do things. Changes in business rules, product or service offering, and new functionalities can subsequently demand more from the existing data architecture. Result: Prepare yourself to successfully launch new business initiatives with an architecture that supports business needs.
  3. Mergers and Acquisitions If an organization has recently acquired, been acquired, or is merging with another, the technological implications require careful planning to ensure a seamless fit. Application consolidation, retirement, data transfer, and integration points are crucial. Result: Leverage opportunities to incorporate and consolidate new synergistic assets to realize the ROI.
  4. Risk and Compliance Data in highly regulated organizations needs to be kept safe and secure. Architectural decisions around data impact the level of compliance within the organization. Result: Avoid the fear of data audits, regulatory violations, and privacy breaches.

Info-Tech Best Practice

These are not the only reasons why data architects need to optimize the organization’s data architecture. These are only four of the most common scenarios, however, other business needs can be addressed using the same concept as these four common scenarios.

Use the Data Architecture Driver tool to identify your focus for data architecture

Supporting Tool icon 1.1 Data Architecture Driver Pattern Identification Tool

Follow Info-Tech’s process of first analyzing the needs of the business, then determining how best to architect your data based on these drivers. Data architecture needs to be able to rapidly evolve to support the strategic goals of the business, and the Data Architecture Driver Pattern Identification Tool will help you to prioritize your efforts to best do this.

Tab 2. Driver Identification

Objective: Objectively assess the most pressing business drivers.

Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2.

Tab 3. Tactic Pattern Plan, Section 1

Purpose: Review your business drivers that require architectural changes in your environment.

Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 3, section 1.

Tab 3. Tactic Pattern Plan, Section 2

Purpose: Determine a list of tactics that will help you address the business drivers.

Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 3, section 2.
Step
  • Evaluate business drivers to determine the data architecture optimization priorities and tactics.
 Step
  • Understand how each business driver relates to data architecture and how each driver gives rise to a specific pattern across the five-tier data architecture.
 Step
  • Review the list of high-level tactics presented to optimize your data architecture across the five tier architecture.

Identify the drivers for improving your data architecture

Associated Activity icon 1.1.1 1 hour

INPUT: Data Architecture Driver tool assessment prompts.

OUTPUT: Identified business driver that applies to your organization.

Materials: Data Architecture Driver Pattern Identification Tool

Participants: Data architect, Enterprise architect

Instructions

In Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, assess the degree to which the organization is feeling the pains of the four most common business drivers:

  1. Is there a present or growing need for the business to be making data-driven decisions?
  2. Does the business want to explore a new functionality and hence require a new application?
  3. Is your organization acquiring or merging with another entity?
  4. Is your organization’s regulatory environment quick to change and require stricter reporting?

Data architecture improvements need to be driven by business need.

Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2 Driver Identification.
Tab 2. Driver Identification

“As a data architect, you have to understand the functional requirements, the non-functional requirements, then you need to make a solution for those requirements. There can be multiple solutions and multiple purposes. (Andrew Johnston, Independent Consultant)

Interview the business to get clarity on business objectives and drivers

Associated Activity icon 1.1.2 1 hour per interview

INPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit

OUTPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit

Materials: Data Architecture Driver Pattern Identification Tool

Participants: Data architect, Business representatives, IT representatives

Identify 2-3 business units that demonstrate enthusiasm for or a positive outlook on improving how organizational data can help them in their role and as a unit.

Conducting a deep-dive interview process with these key stakeholders will help further identify high-level goals for the data architecture strategy within each business unit. This process will help to secure their support throughout the implementation process by giving them a sense of ownership.

Key Interview Questions:

  1. What are your primary activities? What do you do?
  2. What challenges do you have when completing your activities?
  3. How is poor data impacting your job?
  4. If [your selected domain]’s data is improved, what business issues would this help solve?

Request background information and documentation from stakeholders regarding the following:

  • What current data management policies and processes exist (that you know of)?
  • Who are the data owners and end users?
  • Where are the data sources within the department stored?
  • Who has access to these data sources?
  • Are there existing or ongoing data issues within those data sources?

Interview the enterprise architect to get input on the drivers of the business

Associated Activity icon 1.1.3 2 hours

INPUT: Data Architecture Driver tool assessment prompts.

OUTPUT: Identified business driver that applies to your organization.

Materials: Data Architecture Driver Pattern Identification Tool

Participants: Data architect, Enterprise architect

Data architecture improvements need to be driven by business need.

Instructions

As you work through Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, consult with the enterprise architect or equivalent to assist you in rating the importance of each of the symptoms of the business drivers. This will help you provide greater value to the business and more aligned objectives.

 Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2 Driver Identification.
Tab 2. Driver Identification

Once you know what that need is, go to Step 2.

Phase 1, Step 2: Establish Actionable Tactics to Optimize Data Architecture

PHASE 1

1.11.2
Identify Your Business Driver for Optimizing Data ArchitectureDetermine Actionable Tactics to Optimize Data Architecture

This step will walk you through the following activities:

  • Understand Info-Tech’s five-tier data architecture to begin focusing your architectural optimization.
  • Create your Data Architecture Optimization Template to plan your improvement tactics.
  • Prioritize your tactics based on the five-tier architecture to plan optimization.

This step involves the following participants:

  • Data Architect
  • Enterprise Architect
  • DBAs

Outcomes of this step

  • A tactical and prioritized plan for optimizing the organization’s data architecture according to the needs of the business.

To plan a business-driven architecture, data architects need to keep the organization’s big picture in mind

Remember… Architecting an organization involves alignment, planning, road mapping, design, and change management functions.

Data architects must be heavily involved with:

  • Understanding the short- and long-term visions of the business to develop a vision for the organization’s data architecture.
  • Creating processes for governing the identification, collection, and use of accurate and valid data, as well as for tracking data quality, completeness, and redundancy.
  • They need to create strategies for data security, backup, disaster recovery, business continuity, and archiving, and ensure regulatory compliance.

To do this, you need a framework. A framework provides you with the holistic view of the organization’s data environment that you can use to design short- and long-term tactics for improving the use of data for the needs of the business.

Use Info-Tech’s five-tier data architecture to model your environment in a logical, consumable fashion.

Info-Tech Best Practice

The more complicated an environment is, the more need there is for a framework. Being able to pick a starting point and prioritize tasks is one of the most difficult, yet most essential, aspects of any architect’s role.

The five tiers of an organization’s data architecture support the use of data throughout its lifecycle

Info-Tech’s five-tier data architecture model summarizes an organization’s data environment at a logical level. Data flows from left to right, but can also flow from the presentation layer back to the warehousing layer for repatriation of data.

Info-Tech's Five Tier Data Architecture. The five tiers being 'Sources' which includes 'App1 ', 'App2', 'Excel and other documents', 'Access database(s)', 'IOT devices', and 'External data feed(s) & social media'; 'Integration and Translation' which includes 'Solutions: SOA, Point to Point, Manual Loading, ESB , ETL, ODS, Data Hub' and 'Functions: Scrambling Masking Encryption, Tokenizing, Aggregation, Transformation, Migration, Modeling'; 'Warehousing' which includes 'Data Lakes & Warehouse(s) (Raw Data)', 'EIM, ECM, DAM', and 'Data Lakes & Warehouse(s) (Derived Data)'; 'Analytics' which includes 'Data Marts', 'Data Cube', 'Flat Files', 'BI Tools', and the 'Protected Zone: Data Marts - BDG Class Ref. MDM'; and 'Presentation' which includes 'Formulas', 'Thought Models', 'Reports', 'Dashboards', 'Presentations', and 'Derived Data (from analytics activities)'.

Use the Data Architecture Optimization Template to build your improvement roadmap

Supporting Tool icon 1.2 Data Architecture Optimization Template

Download the Data Architecture Optimization Template.

Overview

Use this template to support your team in creating a tactical strategy for optimizing your data architecture across the five tiers of the organization’s architecture. This template can be used to document your organization’s most pressing business driver, the reasons for optimizing data architecture according to that driver, and the tactics that will be employed to address the shortcomings in the architecture.

Sample of Info-Tech’s Data Architecture Optimization Template. Info-Tech’s Data Architecture Optimization Template Table of Contents
1. Build Your Current Data Architecture Logical Model Use this section to document the current data architecture situation, which will provide context for your plan to optimize your data architecture.
2. Optimization Plan Use this section to document the tactics that will be employed to optimize the current data architecture according to the tactic pattern identified by the business driver.

Fill out as you go

As you read about the details of the five-tier data architecture model in the following slides, start building your current logical data architecture model by filling out the sections that correspond to the various tiers. For example, if you identified that the most pressing business driver is becoming compliant with regulations, document the sources of data required for compliance, as well as the warehousing strategy currently being employed. This will help you to understand the organization’s data architecture at a logical level.

Tier 1 represents all of the sources of your organization’s data

Tier 1 of Info-Tech's Five Tier Data Architecture, 'Sources', which includes 'App1 ', 'App2', 'Excel and other documents', 'Access database(s)', 'IOT devices', and 'External data feed(s) & social media'.
–› Data to integration layer

Tier 1 is where the data enters the organization.

All applications, data documents such as MS Excel spreadsheets, documents with table entries, manual extractions from other document types, user-level databases including MS Access and MySQL, other data sources, data feeds, big datasets, etc. reside here.

This tier typically holds the siloed data that is so often not available across the enterprise because the data is held within department-level applications or systems. This is also the layer where transactions and operational activities occur and where data is first created or ingested.

There are any number of business activities from transactions through business processes that require data to flow from one system to another, so it is often at this layer we see data created more than once, data corruption occurs, manual re-keying of data from system to system, and spaghetti-like point-to-point connections are built that are often fragile. This is usually the single most problematic area within an enterprise’s data environment. Application- or operational-level (siloed) reporting often occurs at this level.

Info-Tech Best Practice

An optimized Tier 1 has the following attributes:

  • Rationalized applications
  • Operationalized database administration
  • Databases governed, monitored, and maintained to ensure optimal performance

Tier 2 represents the movement of data

Tier 2 of Info-Tech's Five Tier Data Architecture, 'Integration and Translation', which includes 'Solutions: SOA, Point to Point, Manual Loading, ESB , ETL, ODS, Data Hub' and 'Functions: Scrambling Masking Encryption, Tokenizing, Aggregation, Transformation, Migration, Modeling'.
–› Data to Warehouse Environment

Find out more

For more information on data integration, see Info-Tech’s Optimize the Organization’s Data Integration Practices blueprint.

Tier 2 is where integration, transformation, and aggregation occur.

Regardless of how you integrate your systems and data stores, whether via ETL, ESB, SOA, data hub, ODS, point-to-point, etc., the goal of this layer is to move data at differing speeds for one of two main purposes:

1) To move data from originating systems to downstream systems to support integrated business processes. This ensures the data is pristine through the process and improves trustworthiness of outcomes and speed to task and process completion.

2) To move data to Tier 3 - The Data Warehouse Architecture, where data rests for other purposes. This movement of data in its purest form means we move raw data to storage locations in an overall data warehouse environment reflecting any security, compliance and other standards in our choices for how to store.

Also, this is where data is transformed for unique business purpose that will also be moved to a place of rest or a place of specific use. Data masking, scrambling, aggregation, cleansing and matching, and other data related blending tasks occur at this layer.

Info-Tech Best Practice

An optimized Tier 2 has the following attributes:

  • Business data glossary is leveraged
  • ETL is governed
  • ETL team is empowered
  • Data matching is facilitated
  • Canonical data model is present

Tier 3 is where data comes together from all sources to be stored in a central warehouse environment

Tier 3 is where data rests in long-term storage.

This is where data rests (long-term storage) and also where an enterprise’s information, documents, digital assets, and any other content types are stored. This is also where derived and contrived data creations are stored for re-use, and where formulas, thought models, heuristics, algorithms, report styles, templates, dashboard styles, and presentations-layer widgets are all stored in the enterprise information management system.

At this layer there may be many technologies and many layers of security to reflect data domains, classifications, retention, compliance, and other data needs. This is also the layer where data lakes exist as well as traditional relational databases, enterprise database systems, enterprise content management systems, and simple user-level databases.

Info-Tech Best Practice

An optimized Tier 3 has the following attributes:

  • Data warehouse is governed
  • Data warehouse operations and planning
  • Data library is comprehensive
  • Four Rosetta Stones of data are in place: BDG, data classification, reference data, master data.
Data from integration layer –›
Tier 3 of Info-Tech's Five Tier Data Architecture, 'Data Warehouse Environment' which includes 'Data Lakes & Warehouse(s) (Raw Data)', 'EIM, ECM, DAM'.
–› Analytics

Find out more

For more information on Data Warehousing, see Info-Tech’s Build an Extensible Data Warehouse Foundation and Drive Business Innovation With a Modernized Data Warehouse Environment blueprints.

Tier 4 is where knowledge and insight is born

Tier 4 represents data being used for a purpose.

This is where you build fit-for-purpose data sets (marts, cubes, flat files) that may now draw from all enterprise data and information sources as held in Tier 3. This is the first place where enterprise views of all data may be effectively done and with trust that golden records from systems of record are being used properly.

This is also the layer where BI tools get their greatest use for performing analysis. Unlike Tier 3 where data is at rest, this tier is where data moves back into action. Data is brought together in unique combinations to support reporting, and analytics. It is here that the following enterprise analytic views are crafted:
Exploratory, Inferential, Causal, Comparative, Statistical, Descriptive, Diagnostic, Hypothesis, Predictive, Decisional, Directional, Prescriptive

Info-Tech Best Practice

An optimized Tier 4 has the following attributes:

  • Reporting meets business needs
  • Data mart operations are in place
  • Governance of data marts, cubes, and BI tools in place
Warehouse Environment –›
Tier 4 of Info-Tech's Five Tier Data Architecture, 'Analytics', which includes 'Data Marts', 'Data Cube', 'Flat Files', and 'BI Tools'.
–› Presentation

Find out more

For more information on BI tools and strategy, see Info-Tech’s Select and Implement a Business Intelligence and Analytics Solution and Build a Next Generation BI with a Game-Changing BI Strategy blueprints.

The presentation layer, Tier 5, is where data becomes presentable information

Tier 5 represents data in knowledge form.

This is where the data and information combine in information insight mapping methods (presentations, templates, etc.). We craft and create new ways to slice and dice data in Tier 4 to be shown and shared in Tier 5.

Templates for presenting insights are extremely valuable to an enterprise, both for their initial use, and for the ability to build deeper, more insightful analytics. Re-use of these also enables maximum speed for sharing, consuming the outputs, and collective understanding of these deeper meanings that is a critical asset to any enterprise. These derived datasets and the thought models, presentation styles, templates, and other derived and contrived assets should be repatriated into the derived data repositories and the enterprise information management systems respectively as shown in Tier 3.

Find out more

For more information on enterprise content management and metadata, see Info-Tech’s Develop an ECM Strategy and Break Open Your DAM With Intuitive Metadata blueprints.

Tier 5 of Info-Tech's Five Tier Data Architecture, 'Presentation', which includes 'Formulas', 'Thought Models', 'Reports', 'Dashboards', 'Presentations', and 'Derived Data (from analytics activities)'. The 'Repatriation of data' feeds the derived data back into Warehousing.

Info-Tech Best Practice

An optimized Tier 5 has the following attributes:

  • Metadata creation is supervised
  • Metadata is organized
  • Metadata is governed
  • Content management capabilities are present

Info-Tech Insight

Repatriation of data and information is an essential activity for all organizations to manage organizational knowledge. This is the activity where information, knowledge, and insights that are stored in content form are moved back to the warehousing layer for long-term storage. Because of this, it is crucial to have an effective ECM strategy as well as the means to find information quickly and efficiently. This is where metadata and taxonomy come in.

As a data architect, you must prioritize your focus according to business need

Determine your focus.

Now that you have an understanding of the drivers requiring data architecture optimization, as well as the current data architecture situation at your organization, it is time to determine the actions that will be taken to address the driver.

1. Business driver

 Screenshot of Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan.
Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan

3. Documented tactic plan

Data Architecture Optimization Template

2. Tactics across the five tiers

 Another screenshot of Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan.

The next four slides provide an overview of the priorities that accompany the four most common business drivers that require updates to a stale data architecture.

Business driver #1: Adding a new functionality to an application can have wide impacts on data architecture

Does the business wants to add a new application or supplement an existing application with a new functionality?

Whether the business wants to gain better customer intimacy, achieve operational excellence, or needs to change its compliance and reporting strategy, the need for collecting new data through a new application or a new functionality within an existing application can arise. This business driver has the following attributes:

  • Often operational oriented and application driven.
  • An application is changed through an application version upgrade, migration to cloud, or application customization, or as a result of application rationalization or changes in the way that application data is generated.
  • However, not all new functionalities trigger this scenario. Non-data-related changes, such as a new interface, new workflows, or any other application functionality changes that do not involve data, will not have data architecture impacts.
 Stock photo of someone using a smartphone with apps.
Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality. Tactics for this business driver should address the following pattern:
Tiers 1 and 2 highlighted.

Business driver #2: Organizations today are looking to become more data driven

Does the business wants to better leverage its data?

An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.

“Data-drivenness is about building tools, abilities, and, most crucially, a culture that acts on data.” (Carl Anderson, Creating a Data-Driven Organization)

Tactics for this business driver should address the following pattern:
Tiers 3, 4, and 5 highlighted.		 Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality.
Stock photo of someone sitting at multiple computers with analytics screens open.
  • This scenario is typically project driven and analytical oriented.
  • The business is looking to leverage data and information by processing data through BI tools and self-service.
  • Example: The organization wants to include new third-party data, and needs to build a new data mart to provide a slice of data for analysis.

Business driver #3: Risk and compliance demands can put pressure on outdated architectures

Is there increasing pressure on the business to maintain compliance requirements as per regulations?

An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.

There are different types of requirements:
  • Can be data-element driven. For example, PII, PHI are requirements around data elements that are associated with personal and health information.
  • Can be process driven. For example, some requirements restrict data read/write to certain groups.
 Stock photo of someone pulling a block out of a Jenga tower.
Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture where data is stored: at the sources, the warehouse environment, and analytics layer. Tactics for this business driver should address the following pattern:
Tiers 1, 3, and 4 highlighted.

Business driver #4: Mergers and acquisitions can require a restructuring of the organization’s data architecture

Is the organization looking to acquire or merge with another organization or line of business?

There are three scenarios that encompass the mergers and acquisitions business driver for data architecture:

  1. The organization acquires/merges with another organization and wants to integrate the data.
  2. The organization acquires/merges a subset of an organization (a line of business, for example) and wants to integrate the data.
  3. The organization acquires another organization for competitive purposes, and does not need to integrate the data.
 Regardless of what scenario your organization falls into, you must go through the same process of identifying the requirements for the new data:
  1. Understand what data you are getting.
    The business may acquire another organization for the data, for the technology, and/or for algorithms (for example). If the goal is to integrate the new data, you must understand if the data is unstructured, structured, how much data, etc.
  2. Plan for the integration of the new data into your environment.
    Do you have the expertise in-house to integrate the data? Database structures and systems are often mismatched (for example, acquired company could have an Oracle database whereas you are an SAP shop) and this may require expertise from the acquired company or a third party.
  3. Integrate the new data.
    Often, the extraction of the new data is the easy part. Transforming and loading the data is the difficult and costly part.
“As a data architect, you must do due diligence of the acquired firm. What are the workflows, what are the data sources, what data is useful, what is useless, what is the value of the data, and what are the risks of embedding the data?” (Anonymous Mergers and Acquisitions Consultant)
Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier, the warehousing layer, and analytics. Tiers 1, 3, and 4 highlighted.

Determine your tier priority pattern and the tactics that you should address based on the business drivers

Associated Activity icon 1.2.1 30 minutes

INPUT: Business driver assessment

OUTPUT: Tactic pattern and tactic plan

Materials: Data Architecture Driver Pattern Identification Tool, Data Architecture Optimization Template

Participants: Data architect, Enterprise architect

Instructions
  1. After you have assessed the organization’s business driver on Tab 1. Driver Identification, move to Tab 2. Tactic Pattern Plan.
  2. Here, you will find a summary of the business driver that applies to you, as well as the tier priority pattern that will help you to focus your efforts for data architecture.
  3. Document the Tier Priority Pattern and associated tactics in Section 2. Optimization Plan of the Data Architecture Optimization Plan.
Screenshot of Data Architecture Driver Tool.
Data Architecture Driver Tool		 Arrow pointing right. Sample of Data Architecture Optimization Template
Data Architecture Optimization Template

Info-Tech Insight

Our approach will help you to get to the solution of the organization’s data architecture problems as quickly as possible. However, keep in mind that you should still address the other tiers of your data architecture even if they are not part of the pattern we identified. For example, if you need to become more data driven, don’t completely ignore the sources and the integration of data. However, to deliver the most and quickest value, focus on tiers 3, 4, and 5.

This phase helped you to create a tactical plan to optimize your data architecture according to business priorities

Phase 1 is all about focus.

Data architects and those responsible for updating an organization’s data architecture have a wide-open playing field with which to take their efforts. Being able to narrow down your focus and generate an actionable plan will help you provide more value to the organization quickly and get the most out of your data.

    Phase 1
    • Business Drivers
      • Tactic Pattern
        • Tactical Plan

Now that you have your prioritized tactical plan, move to Phase 2. This phase will help you map these priorities to the essential capabilities and measure where you stack up in these capabilities. This is an essential step in creating your data architecture roadmap and plan for coming years to modernize the organization’s data architecture.

To identify what the monetary authority needed from its data architecture, Info-Tech helped determine the business driver

CASE STUDY

Industry: Financial
Source: Info-Tech Consulting
Symbol for 'Monetary Authority Case Study'.

Part 1

Prior to receiving new external requirements, the monetary Authority body had been operating with an inefficient system. Outdated legacy systems, reports in paper form, incomplete reports, and stale data from other agencies resulted in slow data access. The new requirements demanded speeding up this process.

Diagram comparing the 'Original Reporting' requirement of 'Up to 7 days' vs the 'New Requirement' of 'As soon as 1 hour'. The steps of reporting in that time are 'Report Request', 'Gather Data', and 'Make Report'.

Although the organization understood it needed changes, it first needed to establish what were the business objectives, and which areas of their architecture they would need to focus on.

The business driver in this case was compliance requirements, which directed attention to the sources, aggregation, and insights tiers.

 Tiers 1, 3, and 4 highlighted.

Looking at the how the different tiers relate to certain business operations, the organization uncovered the best practise tactics to achieving an optimized data architecture.

1. Source Tactics: 3. Warehousing Tactics: 4. Analytics Tactics:
  • Identify data sources
  • Ensure data quality
  • Properly catalogue data
  • Properly index data
  • Provide the means for data accessibility
  • Allow for data reduction/space for report building

Once the business driver had been established, the organization was able to identify the specific areas it would eventually need to evaluate and remedy as needed.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

Book a workshop with our Info-Tech analysts:

Photo of an Info-Tech analyst.
  • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
  • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
  • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

1.1.1

 Sample of activity 1.1.1 'Identify the drivers for improving your data architecture'. Identify the business driver that will set the direction of your data architecture optimization plan.

In this activity, the facilitator will guide the team in identifying the business driver that is creating the need to improve the organization’s data architecture. Data architecture needs to adapt to the changing needs of the business, so this is the most important step of any data architecture improvements.

1.2.1

 Sample of activity 1.2.1 'Determine your tier priority pattern and the tactics that you should address based on the business drivers'. Determine the tactics that you will use to optimize data architecture.

In this activity, the facilitator will help the team create a tactical plan for optimizing the organization’s data architecture across the five tiers of the logical model. This plan can then be followed when addressing the business needs.

Build a Business-Aligned Data Architecture Optimization Strategy

PHASE 2

Personalize Your Tactics to Optimize Your Data Architecture

Phase 2 will determine your tactics that you should implement to optimize your data architecture

Business Drivers
Each business driver requires focus on specific tiers and their corresponding capabilities, which in turn correspond to tactics necessary to achieve your goal.
New Functionality Risk and Compliance Mergers and Acquisitions Become More Data Driven
Tiers 1. Data Sources 2. Integration 3. Warehousing 4. Insights 5. Presentation
Capabilities Current Capabilities
Target Capabilities
Example Tactics Leverage indexes, partitions, views, and clusters to optimize performance.

Cleanse data source.

 Leverage integration technology.

Identify matching approach priorities.

 Establish governing principles.

Install performance enhancing technologies.

 Establish star schema and snowflake principles.

Share data via data mart.

 Build metadata architecture:
  • Data lineage
  • Sharing
  • Taxonomy
  • Automatic vs. manual creation

Phase 2 outline

Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 2: Personalize Your Tactics to Optimize Your Data Architecture

Proposed Time to Completion: 2 weeks
Step 2.1: Measure Your Data Architecture Capabilities Step 2.2: Set a Target for Data Architecture Capabilities Step 2.3: Identify the Tactics That Apply to Your Organization
Start with an analyst kick-off call:
  • Understand Info-Tech’s data architecture capability model to begin identifying where to develop tactics for optimizing your data architecture.
 Review findings with analyst:
  • Understand Info-Tech’s data architecture capability model to begin identifying where to develop tactics for optimizing your data architecture.
 Finalize phase deliverable:
  • Learn about the trends in data architecture that can be leveraged to develop tactics.
Then complete these activities…
  • Measure your current state across the tiers of the capability model that will help address your business driver.
 Then complete these activities…
  • Measure your target state for the capabilities that will address your business driver.
 Then complete these activities…
  • Review the tactical roadmap that was created with guidance from the capability gap analysis.
With these tools & templates:
  • Data Architecture Tactical Roadmap Tool
 With these tools & templates:
  • Data Architecture Tactical Roadmap Tool
 With these tools & templates:
  • Data Architecture Trends Presentation Template

Phase 2 Results & Insights

  • Data architecture is not just data models. Understand the essential capabilities that your organization needs from its data architecture to develop a tactical plan for optimizing data architecture across its people, processes, and technology.

Phase 2, Step 1: Measure Your Data Architecture Capabilities

PHASE 2
2.1 2.2 2.3
Measure Your Data Architecture Capabilities Set a Target for Data Architecture Capabilities Identify the Tactics That Apply to Your Organization

This step will walk you through the following activities:

  • As you walk through the data architecture capability model, measure your current state in each of the relevant capabilities.
  • Distinguish between essential and nice-to-have capabilities for your organization.

This step involves the following participants:

  • Data Architect

Outcomes of this step

  • A framework for generating a tactical plan for data architecture optimization.
  • Knowledge of the various trends in the data architecture field that can be incorporated into your plan.

To personalize your tactical strategy, you must measure up your base data architecture capabilities

What is a capability?

Capabilities represent a mixture of people, technology, and processes. The focus of capability design is on the outcome and the effective use of resources to produce a differentiating capability or an essential supporting capability.

To personalize your tactics, you have to understand what the essential capabilities are across the five tiers of an organization’s data architecture. Then, assess where you currently stand in these capabilities and where you need to go in order to build your optimization plan.

'Capability' as a mixture of 'People', 'Technology', 'Process', and 'Assets'.

Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.

Use Info-Tech’s data architecture capability model as a resource to assess and plan your personalized tactics

Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.

Info-Tech’s Data Architecture Capability Model featuring the five-tier architecture listing 'Core Capabilities' and 'Advanced Capabilities' within each tier, and a list of 'Cross Capabilities' which apply to all tiers.

Use the Data Architecture Tactical Roadmap Tool to create a tailored plan of action

Supporting Tool icon 2.1.1 Data Architecture Tactical Roadmap Tool

Instructions

Use the Data Architecture Tactical Roadmap Tool as your central tool to develop a tactical plan of action to optimize the organization’s data architecture.

This tool contains the following sections:

  1. Business Driver Input
  2. Capability Assessment
  3. Capability Gap Analysis
  4. Tactical Roadmap
  5. Metrics
  6. Initiative Roadmap

INFO-TECH DELIVERABLE

Sample of the Info-Tech deliverable Data Architecture Tactical Roadmap Tool.

Benefits of using this tool:

  • Comprehensive documentation of data architecture capabilities present in leading organizations.
  • Generates an accurate architecture roadmap for your organization that is developed in alignment with the broader enterprise architecture and related architectural domains.

To create a plan for your data architecture priorities, you must first understand where you currently stand

Now that you understand the business problem that you are trying to solve, it is time to take action in solving the problem.

The organization likely has some of the capabilities that are needed to solve the problem, but also a need to improve other capabilities. To narrow down the capabilities that you should focus on, first select the business driver that was identified in Phase 1 in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool. This will customize the roadmap tool to deselect the capabilities that are likely to be less relevant to your organization.

For Example: If you identified your business driver as “becoming more data-driven”, you will want to focus on measuring and building out the capabilities within Tiers 3, 4, and 5 of the capability model.

Data Architecture Capability Model
Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted.

Note

If you want to assess your organization for all of the capabilities across the data architecture capability model, select “Comprehensive Data Architecture Assessment” in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool.

Determine your current state across the related architecture tiers

Associated Activity icon 2.1.2 1 hour

INPUT: Current data architecture capabilities.

OUTPUT: An idea of where you currently stand in the capabilities.

Materials: Data Architecture Tactical Roadmap Tool

Participants: Data architect, Enterprise architect, Business representatives

Use the Data Architecture Tactical Roadmap Tool to evaluate the baseline and target capabilities of your practice in terms of how data architecture is approached and executed.

Instructions
  1. Invite the appropriate stakeholders to participate in this exercise.
  2. On Tab 2. Practice Components, assess the current and target states of each capability on a scale of 1–5.
    3. Note: “Ad hoc” implies a capability is completed, but randomly, informally, and without a standardized method.
    These results will set the baseline against which you will monitor performance progress and keep track of improvements over time.
To assess data architecture maturity, Info-Tech uses the Capability Maturity Model Integration (CMMI) program for rating capabilities on a scale of 1 to 5:

1 = Initial/Ad hoc

2 = Developing

3 = Defined

4 = Managed and Measurable

5 = Optimized

Info-Tech Insight

Focus on Early Alignment. Assessing capabilities within specific people’s job functions can naturally result in disagreement or debate, especially between business and IT people. Objectively facilitate any debate and only finalize capability assessments when there is full alignment. Remind everyone that data architecture should ultimately serve business needs wherever possible.

Phase 2, Step 2: Set a Target for Data Architecture Capabilities

PHASE 2

2.12.22.3
Measure Your Data Architecture CapabilitiesSet a Target for Data Architecture CapabilitiesIdentify the Tactics That Apply to Your Organization

This step will walk you through the following activities:

  • Determine your target state in each of the relevant capabilities.
  • Distinguish between essential and nice-to-have capabilities for your organization.

This step involves the following participants:

  • Data Architect

Outcomes of this step

  • A holistic understanding of where the organization’s data architecture currently sits, where it needs to go, and where the biggest gaps lie.

To create a plan for your data architecture priorities, you must also understand where you need to get to in the future

Keep the goal in mind by documenting target state objectives. This will help to measure the highest priority gaps in the organization’s data architecture capabilities.

Example driver = Becoming more data driven Arrow pointing right. Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted. Arrow pointing right. Current Capabilities Arrow pointing right. Target Capabilities
Gaps and Priorities
Stock photo of a hand placing four shelves arranged as stairs. On the first step is a mini-cut-out of a person walking.

Determine your future state across the relevant tiers of the data architecture capability model

Associated Activity icon 2.2.1 2 hours

INPUT: Current state of data architecture capabilities.

OUTPUT: Target state of data architecture capabilities.

Materials: Data Architecture Tactical Roadmap Tool

Participants: Data architect

The future of data architecture is now.

Determine the state of data architecture capabilities that the organization needs to reach to address the drivers of the business.

For example: If you identified your business driver as “becoming more data driven”, you will want to focus on the capabilities within Tiers 3, 4, and 5 of the capability model.

Driver = Becoming more data driven Arrow pointing right. Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted. Arrow pointing right. Target Capabilities

Identify where gaps in your data architecture capabilities lie

Associated Activity icon 2.2.2 1 hour

INPUT: Current and target states of data architecture capabilities.

OUTPUT: Holistic understanding of where you need to improve data architecture capabilities.

Materials: Data Architecture Tactical Roadmap Tool

Participants: Data architect

Visualization of gap assessment of data quality practice capabilities

To enable deeper analysis on the results of your capability assessment, Tab 4. Capability Gap Analysis in the Data Architecture Tactical Roadmap Tool creates visualizations of the gaps identified in each of your practice capabilities and related data management practices. These diagrams serve as analysis summaries.

Gap Assessment of Data Source Capabilities

Sample of the Data Architecture Tactical Roadmap Tool, tab 4. Capability Gap Analysis.

Use Tab 3. Data Quality Practice Scorecard to enhance your data quality project.

  1. Enhance your gap analyses by forming a relative comparison of total gaps in key practice capability areas, which will help in determining priorities.
  2. Put these up on display to improve discussion in the gap analyses and prioritization sessions.
  3. Improve the clarity and flow of your strategy template, final presentations, and summary documents by copying and pasting the gap assessment diagrams.

Phase 2, Step 3: Identify the Tactics That Apply to Your Organization

PHASE 2

2.12.22.3
Measure Your Data Architecture CapabilitiesSet a Target for Data Architecture CapabilitiesIdentify the Tactics That Apply to Your Organization

This step will walk you through the following activities:

  • Before making your personal tactic plan, identify the trends in data architecture that can benefit your organization.
  • Understand Info-Tech’s data architecture capability model.
  • Initiate the Data Architecture Roadmap Tool to begin creating a roadmap for your optimization plan.

This step involves the following participants:

  • Data Architect

Outcomes of this step

  • A framework for generating a tactical plan for data architecture optimization.
  • Knowledge of the various trends in the data architecture field that can be incorporated into your plan.

Capitalize on trends in data architecture before you determine the tactics that apply to you

Stop here. Before you begin to plan for optimization of the organization’s data environment, get a sense of the sustainability and scalability of the direction of the organization’s data architecture evolution.

Practically any trend in data architecture is driven by an attempt to solve one or more the common challenges of today’s tumultuous data landscape, otherwise known as “big data.” Data is being produced in outrageous amounts, at very high speeds, and in a growing number of types and structures.

To meet these demands, which are not slowing down, you must keep ahead of the curve. Consider the internal and external catalysts that might fuel your organization’s need to modernize its data architecture:

Big Data

Data Storage

Advanced analytics

Unstructured data

Integration
Hadoop ecosystem

The discussion about big data is no longer about what it is, but how do businesses of all types operationalize it.

Is your organization currently capturing and leveraging big data?

Are they looking to do so in the near future?

 The cloud

The cloud offers economical solutions to many aspects of data architecture.

Have you dealt with issues of lack of storage space or difficulties with scalability?

Do you need remote access to data and tools?

 Real-time architecture

Advanced analytics (machine learning, natural language processing) often require data in real-time. Consider Lambda and Kappa architectures.

Has your data flow prevented you from automation, advanced analytics, or embracing the world of IoT?

 Graph databases

Self-service data access allows more than just technical users to participate in analytics. NoSQL can uncover buried relationships in your data.

Has your organization struggled to make sense of different types of unstructured data?

 Is ETL enough?

What SQL is to NoSQL, ETL is to NoETL. Integration techniques are being created to address the high variety and high velocity of data.

Have your data scientists wasted too much time and resources in the ETL stage?

Read the Data Architecture Trends Presentation to understand the current cutting edge topics in data architecture

Supporting Tool icon 2.1 Data Architecture Trends Presentation

The speed at which new technology is changing is making it difficult for IT professionals to keep pace with best practices, let alone cutting edge technologies.

The Info-Tech Data Architecture Trends Presentation provides a glance at some of the more significant innovations in technology that are driving today’s advanced data architectures.

This presentation also explains how these trends relate to either the data challenges you may be facing, or the specific business drivers you are hoping to bring to your organization.

 Sample of the Data Architecture Trends Presentation.
Data Architecture Trends Presentation

Gaps between your current and future capabilities will help you to determine the tactics that apply to you

Now that you know where the organization currently stands, follow these steps to begin prioritizing the initiatives:

  1. What are you trying to accomplish? Determine target states that are framed in quantifiable objectives that can be clearly communicated. The more specific the objectives are the better.
  2. Evaluate the “delta,” or difference between where the organization currently stands and where it needs to go. This will be expressed in terms of gap closure strategies, and will help clarify the initiatives that will populate the road map.
  3. Determine the relative business value of each initiative, as well as the relative complexities of successfully implementing them. These scores should be created with stakeholder input, and then plotted in an effort/transition quadrant map to determine where the quickest and most valuable wins lie.
Current State Gap Closure Strategies Target State Data Architecture Tactical Roadmap
  • Organization objectives
  • Functional needs
  • Current operating models
  • Technology assets
 Initiatives involving:
  • Organizational changes
  • Functional changes
  • Technology changes
  • Process changes
  • Performance objectives (revenue growth, customer intimacy, growth of organization)
  • Operating model improvements
  • Prioritized, simplified, and compelling vision of how the organization will optimize data architecture

(Source: “How to Build a Roadmap”)

Info-Tech Insight

Optimizing data architecture requires a tactical approach, not a passive approach. The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.

Each of the layers of an organization’s data architecture have associated challenges to optimization

Stop! Before you begin, recognize these “gotchas” that can present roadblocks to creating an effective data architecture environment.

Before diving headfirst into creating your tactical data architecture plan, documenting the challenges associated with each aspect of the organization’s data architecture can help to identify where you need to focus your energy in optimizing each tier. The following table presents the common challenges across the five tiers:

Source Tier

Integration Tier

Warehousing Tier

Analytics Tier

Presentation Tier
Inconsistent data models Performance issues Scalability of the data warehouse Data currency, flexibility Model interoperability
Data quality measures: data accuracy, timeliness, accessibility, relevance Duplicated data Infrastructure needed to support volume of data No business context for using the data in the correct manner No business context for using the data in the correct manner
Free-form field and data values beyond data domain Tokenization and other required data transformations Performance
Volume
Greedy consumers can cripple performance
Insufficient infrastructure		 Inefficiencies in building the data mart Report proliferation/chaos (“kitchen sink dashboards”)
Reporting out of source systems DB model inefficiencies
Manual errors;
Application usability		 Elasticity

Create metrics before you plan to optimize your data architecture

Associated Activity icon 2.2.3 1 hour

INPUT: Tactics that will be used to optimize data architecture.

OUTPUT: Metrics that can be used to measure optimization success.

Materials: Data Architecture Tactical Roadmap Tool

Participants: Data architect

Metrics will help you to track your optimization efforts and ensure that they are providing value to the organization.

There are two types of metrics that are useful for data architects to track and measure: program metrics and project metrics. Program metrics represent the activities that the data architecture program, which is the sum of multiple projects, should help to improve. Project metrics are the more granular metrics that track each project.

Program Metrics

  • TCO of IT
    • Costs associated with applications, databases, data maintenance
    • Should decrease with better data architecture (rationalized apps, operationalized databases)
  • Cost savings:
    • Retiring a legacy system and associated databases
    • Consolidated licensing
    • Introducing shared services
  • Data systems under maintenance (maintenance burden)
  • End-user data requests fulfilled
  • Improvement of time of delivery of reports and insights

Project Metrics

  • Percent of projects in alignment with EA
  • Percent of projects compliant with the EA governance process (architectural due diligence rate)
  • Reducing time to market for launching new products
    • Reducing human error rates
    • Speeding up order delivery
    • Reducing IT costs
    • Reducing severity and frequency of security incidents

Use Tab 6. Metrics of the Data Architecture Tactical Roadmap Tool to document and track metrics associated with your optimization tactics.

Use Info-Tech’s resources to build your data architecture capabilities

The following resources from Info-Tech can be used to improve the capabilities that were identified as having a gap. Read more about the details of the five-tier architecture in the blueprints below:

Data Governance

Data architecture depends on effective data governance. Use our blueprint, Enable Shared Insights With an Effective Data Governance Engine to get more out of your architecture.

 Data Quality

The key to maintaining high data quality is a proactive approach that requires you to establish and update strategies for preventing, detecting, and correcting errors. Find out more on how to improve data quality with Info-Tech’s blueprint, Restore Trust in Your Data Using a Business-Aligned Data Quality Management Approach.
Master Data Management

When you start your data governance program, you will quickly realize that you need an effective MDM strategy for managing your critical data assets. Use our blueprint, Develop a Master Data Management Strategy and Roadmap to Better Monetize Data to get started with MDM.

 Data Warehouse

The key to maintaining high data quality is a proactive approach that requires you to establish and update strategies for preventing, detecting, and correcting errors. Find out more on how to improve data quality with Info-Tech’s blueprint, Drive Business Innovation With a Modernized Data Warehouse Environment.

With the optimal tactics identified, the monetary authority uncovered areas needing improvement

CASE STUDY

Industry: Financial
Source: Info-Tech Consulting
Symbol for 'Monetary Authority Case Study'.

Part 2

After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.

Best Practice Tactic Current State Solution
Tier 1 - Data Sources Identify data sources Data coming from a number of locations. Create data model for old and new systems.
Ensure data quality Internal data scanned from paper and incomplete. Data cleansing and update governance and business rules for migration to new system.
External sources providing conflicting data.
Tier 3 - Data Warehousing Data catalogue Data aggregated incompletely. Built proper business data glossary for searchability.
Indexing Data warehouse performance sub-optimal. Architected data warehouse for appropriate use (star schema).
Tier 4 - Data Analytics Data accessibility Relevant data buried in warehouse. Build data marts for access.
Data reduction Accurate report building could not be performed in current storage. Built interim solution sandbox, spin up SQL database.

Establishing these solutions provided the organization with necessary information to build their roadmap and move towards implementing an optimized data architecture.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

Book a workshop with our Info-Tech analysts:

Photo of a Info-Tech analyst.
  • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
  • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
  • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

2.1.1 – 2.2.2

 Sample of activities 2.1.1 and 2.2.2, the first being 'Determine your current state across the related architecture tiers'. Evaluate your current capabilities and design your target data quality practice from two angles

In this assessment and planning activity, the team will evaluate the current and target capabilities for your data architecture’s ability to meet business needs based on the essential capabilities across the five tiers of an organization’s architectural environment.

2.2.3

 Sample of activity 2.2.3 'Create metrics before you plan to optimize your data architecture'. Create metrics to track the success of your optimization plan.

The Info-Tech facilitator will guide you through the process of creating program and project metrics to track as you optimize your data architecture. This will help to ensure that the tactics are helping to improve crucial business attributes.

Build a Business-Aligned Data Architecture Optimization Strategy

PHASE 3

Create Your Tactical Data Architecture Roadmap

Phase 3 outline

Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 3: Create Your Tactical Data Architecture Roadmap

Proposed Time to Completion: 2 weeks
Step 3.1: Personalize Your Data Architecture RoadmapStep 3.2: Manage Your Data Architecture Decisions and the Resulting Changes
Start with an analyst kick-off call:
  • Review the tactical plan that addresses the business drivers by optimizing your data architecture in the relevant focus areas.
Review findings with analyst:
  • Discuss and review the roadmap of optimization activities, including dependencies, timing, and ownership of activities.
  • Understand how change management is an integral aspect of any data architecture optimization plan.
Then complete these activities…
  • Create your detailed data architecture initiative roadmap.
Then complete these activities…
  • Create your Data Architecture Decision Template to document the changes that are going to be made to optimize your data architecture environment.
  • Review how change management fits into the data architecture improvement program.
With these tools & templates:
  • Data Architecture Tactical Roadmap Tool
With these tools & templates:
  • Data Architecture Decision Template

Phase 3 Results & Insights

  • Phase 3 will help you to build a personalized roadmap and plan for optimizing data architecture in your organization. In carrying out this roadmap, changes will, by necessity, occur. Therefore, an integral aspect of a data architect’s role is change management. Use the resources included in Phase 3 to smoothen the change management process.

Phase 3, Step 1: Personalize Your Data Architecture Roadmap

PHASE 3
3.1 3.2
Personalize Your Data Architecture Roadmap Manage Your Data Architecture Decisions and the Resulting Changes

This step will walk you through the following activities:

  • Determine the timing, effort, and ownership of the recommended optimization initiatives.
  • Brainstorm initiatives that are not yet on the roadmap but apply to you.

This step involves the following participants:

  • Data Architect
  • DBAs
  • Enterprise Architect

Outcomes of this step

  • A roadmap of specific initiatives that map to the tactical plan for optimizing your organization’s data architecture.
  • A plan for communicating high-level business objectives to data workers to address the issues of the business.

Now that you have tactical priorities, identify the actionable steps that will lead you to an optimized data architecture

Phase 1 and 2 helped you to identify tactics that address some of the most common business drivers. Phase 3 will bring you through the process of practically planning what those tactics look like in your organization’s environment and create a roadmap to plan how you will generate business value through optimization of your data architecture environment.

Diagram of the three phases and the goals of each one. The first phase says 'Identify your data architecture business driver' and highlights 'Business Driver 3' out of four to focus on in Phase 2. Phase 2 says 'Optimization tactics across the five-tier logical data architecture' and identifies four of six 'Tactics' to use in Phase 3. Phase 3 is a 'Practical Roadmap of Initiatives' and utilizes a timeline of initiatives in which to apply the chosen tactics.

Use the Data Architecture Tactic Roadmap Tool to personalize your roadmap

Supporting Tool icon 3.1.1 Data Architecture Tactic Roadmap Tool
Generating Your Roadmap
  1. On Tab 5. Tactic and Initiative Planning, you will find a list of tactics that correspond to every capability that applies to your chosen driver and where there is a gap. In addition, each tactic has a sequence of “Suggested Initiatives,” which represent the best-practice steps that you should take to optimize your data architecture according to your priorities and gaps.
  2. Customize this list of initiatives according to your needs.
  3. The Gantt chart is generated in Tab 7. Initiative Roadmap, and can be used to organize your plan and ensure that all of the essential aspects of optimizing data architecture are addressed.
  4. The roadmap can be used as an “executive brief” roadmap and as a communication tool for the business.
 Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 5. Tactic and Initiative Planning.
Tab 5. Tactic and Initiative Planning

Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 7. Initiative Roadmap.
Tab 7. Initiative Roadmap

Determine the details of your data architecture optimization activities

Associated Activity icon 3.1.2 1 hour

INPUT: Timing of initiatives for optimizing data architecture.

OUTPUT: Optimization roadmap

Materials: Data Architecture Tactic Roadmap Tool

Participants: Data architect, Enterprise Architect

Instructions

  1. With the list of suggested activities in place on Tab 5. Tactic and Initiative Planning, select whether or not the initiatives will be included in the roadmap. By default, all of the initiatives are set to “Yes.”
  2. Plan the sequence, starting time, and length of each initiative, as well as the assigned responsibility of the initiative in Tab 5. Tactic and Initiative Planning of the Data Architecture Tactic Roadmap Tool.
  3. The tool will a generate a Gantt chart based on the start and length of your initiatives.
  4. The Gantt chart is generated in Tab 7. Initiative Roadmap.
Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 5. Tactic and Initiative Planning. Tab 5. Tactic and Initiative Planning Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 7. Initiative Roadmap. Tab 7. Initiative Roadmap

Info-Tech Insight

The activities that populate the roadmap can be taken as best practice activities. If you want an actionable, comprehensive, and prescriptive plan for optimizing your data architecture, fill in the timing of the activities and print the roadmap. This can serve as a rapid communication tool for your data architecture plan to the business and other architects.

Optimizing data architecture relies on communication between the business and data workers

Remember: Data architects bridge the gap between strategic and technical requirements of data.

Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

Therefore, as you plan the data and its interactions with applications, it is imperative that you communicate the plan and its implications to the business and the data workers. Stock photo of coworkers communicating.
Also remember: In Phase 1, you built your tactical data architecture optimization plan.
Sample 1 of the Data Architecture Optimization Template. Sample 2 of the Data Architecture Optimization Template.
Use this document to communicate your plan for data architecture optimization to both the business and the data workers. Socialize this document as a representation of your organization’s current data architecture as well as where it is headed in the future.

Communicate your data architecture optimization plan to the business for approval

Associated Activity icon 3.1.3 2 hours

INPUT: Data Architecture Tactical Roadmap

OUTPUT: Communication plan

Materials: Data Architecture Optimization Template

Participants: Data Architect, Business representatives, IT representatives

Instructions

Begin by presenting your plan and roadmap to the business units who participated in business interviews in activity 1.1.3 of Phase 1.

If you receive feedback that suggests that you should make revisions to the plan, consult Info-Tech Research Group for suggestions on how to improve the plan.

If you gain approval for the plan, communicate it to DBAs and other data workers.

 Iterative optimization and communication plan:
Visualization of the Iterative optimization and communication plan. 'Start here' at 'Communicate Plan and Roadmap to the Business', and then continue in a cycle of 'Receive Approval or Suggested Modifications', 'Get Advice for Improvements to the Plan', 'Revise Plan', and back to the initial step until you receive 'Approval', then 'Present to Data Workers'.

With a roadmap in place, the monetary authority followed a tactical and practical plan to repair outdated data architecture

CASE STUDY

Industry: Financial
Source: Info-Tech Consulting
Symbol for 'Monetary Authority Case Study'.

Part 3

After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.

Challenge

A monetary authority was placed under new requirements where it would need to produce 6 different report types on its clients to a regulatory body within a window potentially as short as 1 hour.

With its current capabilities, it could complete such a task in roughly 7 days.

The organization’s data architecture was comprised of legacy systems that had poor searchability. Moreover, the data it worked with was scanned from paper, regularly incomplete and often inconsistent.

Solution

The solution first required the organization to establish the business driver behind the need to optimize its architecture. In this case, it would be compliance requirements.

With Info-Tech’s methodology, the organization focused on three tiers: data sources, warehousing, and analytics.

Several solutions were developed to address the appropriate lacking capabilities. Firstly, the creation of a data model for old and new systems. The implementation of governance principles and business rules for migration of any data. Additionally, proper indexing techniques and business data glossary were established. Lastly, data marts and sandboxes were designed for data accessibility and to enable a space for proper report building.

Results

With the solutions established, the monetary authority was given information it needed to build a comprehensive roadmap, and is currently undergoing the implementation of the plan to ensure it will experience its desired outcome – an optimized data architecture built with the capacity to handle external compliance requirements.

Phase 3, Step 2: Manage Your Data Architecture Decisions and the Resulting Changes

PHASE 3

3.13.2
Personalize Your Data Architecture RoadmapManage Your Data Architecture Decisions and the Resulting Changes

This step will walk you through the following activities:

  • With a plan in place, document the major architectural decisions that have been and will be made to optimize data architecture.
  • Create a plan for change and release management, an essential function of the data architect role.

This step involves the following participants:

  • Data Architect
  • Enterprise Architect

Outcomes of this step

  • Resources for documenting and managing the inevitable change associated with updates to the organization’s data architecture environment.

To implement data architecture changes, you must plan to accommodate the issues that come with change

Once you have a plan in place, one the most challenging aspects of improving an organization is yet to come…overcoming change!

“When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.

You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)

Stock photo of multiple hands placing app/website design elements on a piece of paper.

Create roadmap

Arrow pointing down.

Communicate roadmap

Arrow pointing down.

Implement roadmap

Arrow pointing down.

Change management

Use the Data Architecture Decision Template when architectural changes are made

Supporting Tool icon 3.2 Data Architecture Decision Template
Document the architectural decisions made to provide context around changes made to the organization’s data environment.

The goal of this Data Architecture Decision Template is to provide data architects with a template for managing the changes that accompany major architectural decisions. As you work through the Build a Business-Aligned Data Architecture Optimization Strategy blueprint, you will create a plan for tactical initiatives that address the drivers of the business to optimize your data architecture. This plan will bring about changes to the organization’s data architecture that need change management considerations.

Document any major changes to the organization’s data architecture that are required to evolve with the organization’s drivers. This will ensure that major architectural changes are documented, tracked, and that the context around the decision is maintained.

“Environment is very chaotic nowadays – legacy apps, sprawl, ERPs, a huge mix and orgs are grappling with what our data landscape look like? Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)

 Sample of the Data Architecture Decision Template.

Use Info-Tech’s Data Architecture Decision Template to document any major changes in the organization’s data architecture.

Leverage Info-Tech’s resources to smooth change management

As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the change management considerations that come with major architectural decisions.

“When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.

You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)

See Info-Tech’s resources on change management to smooth changes:
Banner for the blueprint set 'Optimize Change Management' with subtitle 'Turn and face the change with a right-sized change management process'.
Sample of the Optimize Change Management blueprint.

Change Management Blueprint

 Sample of the Change Management Roadmap Tool.

Change Management Roadmap Tool

Use Info-Tech’s resources for effective release management

As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the release management considerations around new hardware and software releases or updates.

Release management is a process that encompasses the planning, design, build, configuration, and testing of hardware and software releases to create a defined set of release components (ITIL). Release activities can include the distribution of the release and supporting documentation directly to end users. See Info-Tech’s resources on Release Management to smooth changes:

Banner for the blueprint set 'Take a Holistic View to Optimize Release Management' with subtitle 'Build trust by right-sizing your process using appropriate governance'.
Samples of the Release Management blueprint.

Release Management Blueprint

 Sample of the Release Management Process Standard Template.

Release Management Process Standard Template

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

Book a workshop with our Info-Tech analysts:

Photo of a Info-Tech analyst.
  • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
  • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
  • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

3.1.1

 Sample of activity 3.1.2 'Determine the timing of your data architecture optimization activities'. Create your personalized roadmap of activities.

In this activity, the facilitator will guide the team in evaluating practice gaps highlighted by the assessment, and compare these gaps at face value so general priorities can be documented. The same categories as in 3.1.1 are considered.

3.1.3

 Sample of activity 3.1.3 'Communicate your Data Architecture Optimization Plan to the business for approval'. Communicate your data architecture optimization plan.

The facilitator will help you to identify the optimal medium and timing for communicating your plan for optimizing your data architecture.

Insight breakdown

Insight 1

  • Data architecture needs to evolve along with the changing business landscape. There are four common business drivers that put most pressure on archaic architectures. As a result, the organization’s architecture must be flexible and responsive to changing business needs.

Insight 2

  • Data architecture is not just about models.
    Viewing data architecture as just technical data modeling can lead to structurally unsound data that does not serve the business.

Insight 3

  • Data is used differently across the layers of an organization’s data architecture, and the capabilities needed to optimize use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

Summary of accomplishment

Knowledge Gained

  • An understanding of what data architecture is, how data architects can provide value to the organization, and how data architecture fits into the larger enterprise architecture picture.
  • The capabilities required for optimization of the organization’s data architecture across the five tiers of the logical data architecture model.

Processes Optimized

  • Prioritization and planning of data architect responsibilities across the five tiers of the five-tier logical data architecture model.
  • Roadmapping of tactics that address the most common business drivers of the organization.
  • Architectural change management.

Deliverables Completed

  • Data Architecture Driver Pattern Identification Tool
  • Data Architecture Optimization Template
  • Data Architecture Trends Presentation
  • Data Architecture Roadmap Tool
  • Data Architecture Decision Template

Research contributors and experts

Photo of Ron Huizenga, Senior Product Manager, Embarcadero Technologies, Inc. Ron Huizenga, Senior Product Manager
Embarcadero Technologies, Inc.

Ron Huizenga has over 30 years of experience as an IT executive and consultant in enterprise data architecture, governance, business process reengineering and improvement, program/project management, software development, and business management. His experience spans multiple industries including manufacturing, supply chain, pipelines, natural resources, retail, healthcare, insurance, and transportation.
Photo of Andrew Johnston, Architect, Independent Consultant. Andrew Johnston, Architect Independent Consultant

An independent consultant with a unique combination of managerial, commercial, and technical skills, Andrew specializes in the development of strategies and technical architectures that allow businesses to get the maximum benefit from their IT resources. He has been described by clients as a "broad spectrum" architect, summarizing his ability to engage in many problems at many levels.

Research contributors

Internal Contributors
Logo for Info-Tech Research Group.
  • Steven J. Wilson, Senior Director, Research & Advisory Services
  • Daniel Ko, Research Manager
  • Bernie Gilles, Senior Director, Research & Advisory Services
External Contributors
Logo for Embarcadero.
Logo for Questa Computing. Logo for Geha.
  • Ron Huizenga, Embercardo Technologies
  • Andrew Johnston, Independent Consultant
  • Darrell Enslinger, Government Employees Health Association
  • Anonymous Contributors

Bibliography

Allen, Mark. “Get the ETL Out of Here.” MarkLogic. Sep, 2016. Web. 25 Apr 2017.[http://www.marklogic.com/blog/get-the-etl-out-of-here/]

Anadiotis, George. “Streaming hot: Real-time big data architecture matters.” ZDNet. Jan, 2017. Web. 25 Apr 2017. [http://www.zdnet.com/article/streaming-hot-real-time-big-data-architecture-matters/]

Aston, Dan. “The Economic value of Enterprise Architecture and How to Show It.” Erwin. Aug, 2016. Web. 20 Apr 2017. [http://erwin.com/blog/economic-value-enterprise-architecture-show/]

Baer, Tony. “2017 Trends to Watch: Big Data.” Ovum. Nov, 2016. Web. 25 Apr 2017.

Bmc. “Benefits & Advantages of Hadoop.” Bmc. Web. 25 Apr 2017. [http://www.bmcsoftware.ca/guides/hadoop-benefits-business-case.html]

Boyd, Ryan, et al. “Relational vs. Graph Data Modeling” DZone. Mar 2016. Web. 25 Apr 2017. [https://dzone.com/articles/relational-vs-graph-data-modeling]

Brahmachar, Satya. “Theme To Digital Transformation - Journey to Data Driven Enterprise” Feb, 2015. Web. 20 Apr 2017. [http://satyabrahmachari-thought-leader.blogspot.ca/2015/02/i-smac-theme-to-digital-transformation.html]

Capsenta. “NoETL.” Capsenta. Web. 25 Apr 2017. [https://capsenta.com/wp-content/uploads/2015/03/Capsenta-Booklet.pdf]

Connolly, Shaun. “Implementing the Blueprint for Enterprise Hadoop” Hortonworks. Apr, 2014. Web. 25 Apr 2017. https://hortonworks.com/blog/implementing-the-blue...

Forbes. “Cloud 2.0: Companies Move From Cloud-First To Cloud-Only.” Forbes. Apr, 2017. Web. 25 Apr 2017. [https://www.forbes.com/sites/vmware/2017/04/07/cloud-2-0-companies-move-from-cloud-first-to-cloud-only/#5cd9d94a4d5e]

Forgeat, Julien. “Lambda and Kappa.” Ericsson. Nov 2015. Web 25 Apr 2017. [https://www.ericsson.com/research-blog/data-knowledge/data-processing-architectures-lambda-and-kappa/]

Grimes, Seth. “Is It Time For NoETL?” InformationWeek. Mar, 2010. Web. 25 Apr 2017. [http://www.informationweek.com/software/information-management/is-it-time-for-noetl/d/d-id/1087813]

Gupta, Manav. et al. “How IB‹ leads in building big data analytics solutions in the cloud.” IBM. Feb, 2016. Web. 25 Apr 2017. [https://www.ibm.com/developerworks/cloud/library/cl-ibm-leads-building-big-data-analytics-solutions-cloud-trs/index.html#N102DE]

“How To Build A Roadmap.” Hub Designs Magazine. Web 25 Apr 2017. [https://hubdesignsmagazine.com/2011/03/05/how-to-build-a-roadmap/]

IBM. “Top industry use cases for stream computing.” IBM. Oct, 2015. Web. 25 Apr 2017. [https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=IMW14704USEN]

Mateos-Garcia, Juan, et al. “Skills Of The Datavores.” Nesta. July. 2015. Web. 8 Aug 2016. [https://www.nesta.org.uk/sites/default/files/skills_of_the_datavores.pdf].

Maynard, Steven. “Analytics: Don’t Forget The Human Element” Forbes. 2015. Web. 20 Apr. 2017. [http://www.ey.com/Publication/vwLUAssets/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015/$FILE/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015.pdf]

Neo4j. “From Relational to Neo4j.” Neo4j. Web. 25 Apr 2017. [https://neo4j.com/developer/graph-db-vs-rdbms/#_from_relational_to_graph_databases]

NoETL “NoETL.” NoETL. Web. 25 Apr 2017. [http://noetl.org/]

Nolan, Roger. “Digital Transformation: Is Your Data Management Ready?” Informatica. Jun, 2016. Web. 20 Apr 2017. [https://blogs.informatica.com/2016/06/10/digital-transformation-data-management-ready/#fbid=hmBYQgS6hnm]

OpsClarity. “2016 State of Fast Data & Streaming Applications.” OpsClarity. Web. 25 Apr 2017. [https://www.opsclarity.com/wp-content/uploads/2016/07/2016FastDataSurvey.pdf]

Oracle. “A Relational Database Overview.” Oracle. Web. 25 Apr 2017. [https://docs.oracle.com/javase/tutorial/jdbc/overview/database.html]

Ponemon Institute LLC. “Big Data Cybersecurity Analytics Research Repor.t” Cloudera. Aug, 2016. Web. 25 Apr 2017. [https://www.cloudera.com/content/dam/www/static/documents/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf]

Sanchez, Jose Juan. “Data Movement Killed the BI Star.” DV Blog. May, 2016. Web. 20 Apr. 2017. [http://www.datavirtualizationblog.com/data-movement-killed-the-bi-star/]

SAS. “Hadoop; What it is and why does it matter?” SAS. Web. 25 Apr 2017. [https://www.sas.com/en_ca/insights/big-data/hadoop.html#hadoopusers]

Schumacher, Robin. “A Quick Primer on graph Databases for RDBMS Professionals.” Datastax. Jul, 2016. Web. 25 Apr 2017. [http://www.datastax.com/2016/07/quick-primer-on-graph-databases-for-rdbms-professionals]

Swoyer, Steve. “It’s the End of the Data Warehouse as We Know It.” TDWI. Jan, 2017. Web. 20 Apr. 2017. [https://upside.tdwi.org/articles/2017/01/11/end-of-the-data-warehouse-as-we-know-it.aspx]

Webber, Jim, and Ian Robinson. “The Top 5 Use Cases of Graph Databases.” Neo4j. 2015. Web. 25 Apr 2017. [http://info.neo4j.com/rs/773-GON-065/images/Neo4j_Top5_UseCases_Graph%20Databases.pdf]

Zachman Framework. [https://www.zachman.com/]

Zupan, Jane. “Survey of Big Data Decision Makers.” Attiv/o. May, 2016. Web. 20 Apr 2017. [https://www.attivio.com/blog/post/survey-big-data-decision-makers]

Build Your Generative AI Roadmap

  • Buy Link or Shortcode: {j2store}105|cart{/j2store}
  • member rating overall impact: 10.0/10 Overall Impact
  • member rating average dollars saved: $33,499 Average $ Saved
  • member rating average days saved: 11 Average Days Saved
  • Parent Category Name: Innovation
  • Parent Category Link: /innovation

Generative AI has made a grand entrance, presenting opportunities and causing disruption across organizations and industries. Moving beyond the hype, it’s imperative to build and implement a strategic plan to adopt generative AI and outpace competitors.

Yet generative AI has to be done right because the opportunity comes with risks and the investments have to be tied to outcomes.

Adopt a human-centric and value-based approach to generative AI

IT and business leaders will need to be strategic and deliberate to thrive as AI adoption changes industries and business operations.

  • Establish responsible AI guiding principles: Address human-based requirements to govern how generative AI applications are developed and deployed.
  • Align generative AI initiatives to strategic drivers for the organization: Assess generative AI opportunities by seeing how they align to the strategic drivers of the organization. Examples of strategic drivers include increasing revenue, reducing costs, driving innovation, and mitigating risk.
  • Measure and communicate effectively: Have clear metrics in place to measure progress and success of AI initiatives and communicate both policies and results effectively.

Build Your Generative AI Roadmap Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Build Your Generative AI Roadmap Deck – A step-by-step document that walks you through how to leverage generative AI and align with the organization’s mission and objectives to increase revenue, reduce costs, accelerate innovation, and mitigate risk.

This blueprint outlines how to build your generative AI roadmap, establish responsible AI principles, prioritize opportunities, and develop policies for usage. Establishing and adhering to responsible AI guiding principles provides safeguards for the adoption of generative AI applications.

  • Build Your Generative AI Roadmap – Phases 1-4

2. AI Maturity Assessment and Roadmap Tool – Develop deliverables that will be milestones in creating your organization’s generative AI roadmap for implementing candidate applications.

This tool provides guidance for developing the following deliverables:

  • Responsible AI guiding principles
  • Current AI maturity
  • Prioritized candidate generative AI applications
  • Generative AI policies
  • Generative AI roadmap

    • AI Maturity Assessment and Roadmap Tool

    3. The Era of Generative AI C‑Suite Presentation – Develop responsible AI guiding principles, assess AI capabilities and readiness, and prioritize use cases based on complexity and alignment with organizational goals and responsible AI guiding principles.

    This presentation template uses sample business capabilities (use cases) from the Marketing & Advertising business capability map to provide examples of candidates for generative AI applications. The final executive presentation should highlight the value-based initiatives driving generative AI applications, the benefits and risks involved, how the proposed generative AI use cases align to the organization’s strategy and goals, the success criteria for the proofs of concept, and the project roadmap.

    • The Era of Generative AI C‑Suite Presentation

    Infographic

    Further reading

    Build Your Generative AI Roadmap

    Leverage the power of generative AI to improve business outcomes.

    Analyst Perspective

    We are entering the era of generative AI. This is a unique time in our history where the benefits of AI are easily accessible and becoming pervasive, with copilots emerging in the major business tools we use today. The disruptive capabilities that can potentially drive dramatic benefits also introduce risks that need to be planned for.

    A successful business-driven generative AI roadmap requires:

    • Establishing responsible AI guiding principles to guide the development and deployment of generative AI applications.
    • Assess generative AI opportunities by using criteria based on the organization's mission and objectives, responsible AI guiding principles, and the complexity of the initiative.
    • Communicating, educating on, and enforcing generative AI usage policies.

    Bill Wong, Principal Research Director

    Bill Wong
    Principal Research Director
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Solution

    Generative AI is disrupting all industries and providing opportunities for organization-wide advantages.

    Organizations need to understand this disruptive technology and trends to properly develop a strategy for leveraging this technology successfully.

    • Generative AI requires alignment to a business strategy.
    • IT is an enabler and needs to align with and support the business stakeholders.
    • Organizations need to adopt a data-driven culture.

    All organizations, regardless of size, should be planning how to respond to this new and innovative technology.

    Business stakeholders need to cut through the hype surrounding generative AI like ChatGPT to optimize investments for leveraging this technology to drive business outcomes.

    • Understand the market landscape, benefits, and risks associated with generative AI.
    • Plan for responsible AI.
    • Understand the gaps the organization needs to address to fully leverage generative AI.

    Without a proper strategy and responsible AI guiding principles, the risks to deploying this technology could negatively impact business outcomes.

    Info-Tech's human-centric, value-based approach is a guide for deploying generative AI applications and covers:

    • Responsible AI guiding principles
    • AI Maturity Model
    • Prioritizing candidate generative AI-based use cases
    • Developing policies for usage

    This blueprint will provide the list of activities and deliverables required for the successful deployment of generative AI solutions.

    Info-Tech Insight
    Create awareness among the CEO and C-suite of executives on the potential benefits and risks of transforming the business with generative AI.

    Key concepts

    Artificial Intelligence (AI)
    A field of computer science that focuses on building systems to imitate human behavior, with a focus on developing AI models that can learn and can autonomously take actions on behalf of a human.

    AI Maturity Model
    The AI Maturity Model is a useful tool to assess the level of skills an organization has with respect to developing and deploying AI applications. The AI Maturity Model has multiple dimensions to measure an organization's skills, such as AI governance, data, people, process, and technology.

    Responsible AI
    Refers to guiding principles to govern the development, deployment, and maintenance of AI applications. In addition, these principles also provide human-based requirements that AI applications should address. Requirements include safety and security, privacy, fairness and bias detection, explainability and transparency, governance, and accountability.

    Generative AI
    Given a prompt, a generative AI system can generate new content, which can be in the form of text, images, audio, video, etc.

    Natural Language Processing (NLP)
    NLP is a subset of AI that involves machine interpretation and replication of human language. NLP focuses on the study and analysis of linguistics as well as other principles of artificial intelligence to create an effective method of communication between humans and machines or computers.

    ChatGPT
    An AI-powered chatbot application built on OpenAI's GPT-3.5 implementation, ChatGPT accepts text prompts to generate text-based output.

    Your challenge

    This research is designed to help organizations that are looking to:

    • Establish responsible AI guiding principles to address human-based requirements and to govern the development and deployment of the generative AI application.
    • Identify new generative AI-enabled opportunities to transform the work environment to increase revenue, reduce costs, drive innovation, or reduce risk.
    • Prioritize candidate use cases and develop generative AI policies for usage.
    • Have clear metrics in place to measure the progress and success of AI initiatives.
    • Build the roadmap to implement the candidate use cases.

    Common obstacles

    These barriers make these goals challenging for many organizations:

    • Getting all the right business stakeholders together to develop the organization's AI strategy, vision, and objectives.
    • Establishing responsible AI guiding principles to guide generative AI investments and deployments.
    • Advancing the AI maturity of the organization to meet requirements of data and AI governance as well as human-based requirements such as fairness, transparency, and accountability.
    • Assessing generative AI opportunities and developing policies for use.

    Info-Tech's definition of an AI-enabled business strategy

    • A high-level plan that provides guiding principles for applications that are fully driven by the business needs and capabilities that are essential to the organization.
    • A strategy that tightly weaves business needs and the applications required to support them. It covers AI architecture, adoption, development, and maintenance.
    • A way to ensure that the necessary people, processes, and technology are in place at the right time to sufficiently support business goals.
    • A visionary roadmap to communicate how strategic initiatives will address business concerns.

    An effective AI strategy is driven by the business stakeholders of the organization and focused on delivering improved business outcomes.

    Build Your Generative AI Roadmap

    This blueprint in context

    This guidance covers how to create a tactical roadmap for executing generative AI initiatives

    Scope

    • This blueprint is not a proxy for a fully formed AI strategy. Step 1 of our framework necessitates alignment of your AI and business strategies. Creation of your AI strategy is not within the scope of this approach.
    • This approach sets the foundations for building and applying responsible AI principles and AI policies aligned to corporate governance and key regulatory obligations (e.g. privacy). Both steps are foundational components of how you should develop, manage, and govern your AI program but are not a substitute for implementing broader AI governance.

    Guidance on how to implement AI governance can be found in the blueprint linked below.

    Tactical Plan

    Download our AI Governance blueprint

    Measure the value of this blueprint

    Leverage this blueprint's approach to ensure your generative AI initiatives align with and support your key business drivers

    This blueprint will guide you to drive and improve business outcomes. Key business drivers will often focus on:

    • Increasing revenue
    • Reducing costs
    • Improving time to market
    • Reducing risk

    In phase 1 of this blueprint, we will help you identify the key AI strategy initiatives that align to your organization's goals. Value to the organization is often measured by the estimated impact on revenue, costs, time to market, or risk mitigation.

    In phase 4, we will help you develop a plan and a roadmap for addressing any gaps and introducing the relevant generative AI capabilities that drive value to the organization based on defined business metrics.

    Once you implement your 12-month roadmap, start tracking the metrics below over the next fiscal year (FY) to assess the effectiveness of measures:

    Business Outcome Objective Key Success Metric
    Increasing Revenue Increased revenue from identified key areas
    Reducing Costs Decreased costs for identified business units
    Improving Time to Market Time savings and accelerated revenue adoption
    Reducing Risk Cost savings or revenue gains from identified business units

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Identify AI strategy, vision, and objectives.

    		Call #3: Define responsible AI guiding principles to adopt and identify current AI maturity level. Call #4: Assess and prioritize generative AI initiatives and draft policies for usage.

    Call #5: Build POC implementation plan and establish metrics for POC success.

    Call #6: Build and deliver executive-level generative AI presentation.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 5 to 8 calls over the course of 1 to 2 months.

    AI Roadmap Workshop Agenda Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 1 Session 2 Session 3 Session 4
    Establish Responsible AI Guiding Principles Assess AI Maturity Prioritize Opportunities and Develop Policies Build Roadmap
    Trends Consumer groups, organizations, and governments around the world are demanding that AI applications adhere to human-based values and take into consideration possible impacts of the technology on society. Leading organizations are building AI models guided by responsible AI guiding principles. Organizations delivering new applications without developing policies for use will produce negative business outcomes. Developing a roadmap to address human-based values is challenging. This process introduces new tools, processes, and organizational change.
    Activities
    • Focus on working with executive stakeholders to establish guiding principles for the development and delivery of new applications.
    • Assess the organization's current capabilities to deliver AI-based applications and address human-based requirements.
    • Leverage business alignment criteria, responsible AI guiding principles, and project characteristics to prioritize candidate uses cases and develop policies.
    • Build the implementation plan, POC metrics, and success criteria for each candidate use case.
    • Build the roadmap to address the gap between the current and future state and enable the identified use cases.
    Inputs
    • Understanding of external legal and regulatory requirements and organizational values and goals.
    • Risk assessment of the proposed use case and a plan to monitor its impact.
    • Assessment of the organization's current AI capabilities with respect to its AI governance, data, people, process, and technology infrastructure.
    • Criteria to assess candidate use cases by evaluating against the organization's mission and goals, the responsible AI guiding principles, and complexity of the project.
    • Risk assessment for each proposed use case
    • POC implementation plan for each candidate use case
    Deliverables
    1. Foundational responsible AI guiding principles
    2. Additional customized guiding principles to add for consideration
    1. Current level of AI maturity, resources, and capacity
    1. Prioritization of opportunities
    2. Generative AI policies for usage
    1. Roadmap to a target state that enables the delivery of the prioritized generative AI use cases
    2. Executive presentation

    AI Roadmap Workshop Agenda Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Insight summary

    Overarching Insight
    Build your generative AI roadmap to guide investments and deployment of these solutions.

    Responsible AI
    Assemble the C-suite to make them aware of the benefits and risks of adopting generative AI-based solutions.

    • Establish responsible AI guiding principles to govern the development and deployment of generative AI applications.

    AI Maturity Model
    Assemble key stakeholders and SMEs to assess the challenges and tasks required to implement generative AI applications.

    • Assess current level of AI maturity, skills, and resources.
    • Identify desired AI maturity level and challenges to enable deployment of candidate use cases.

    Opportunity Prioritization
    Assess candidate business capabilities targeted for generative AI to see if they align to the organization's business criteria, responsible AI guiding principles, and capabilities for delivering the project.

    • Develop prioritized list of candidate use cases.
    • Develop policies for generative AI usage.

    Tactical Insight
    Identify the gaps needed to address deploying generative AI successfully.

    Tactical Insight
    Identify organizational impact and requirements for deploying generative AI applications.

    Key takeaways for developing an effective business-driven generative AI roadmap

    Align the AI strategy with the business strategy

    Create responsible AI guiding principles, which are a critical success factor

    Evolve AI maturity level by focusing on principle-based requirements

    Develop criteria to assess generative AI initiatives

    Develop generative AI policies for use

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    AI Maturity Assessment & Roadmap Tool
    Use our best-of-breed AI Maturity Framework to analyze the gap between your current and target states and develop a roadmap aligned with your value stream to close the gap.

    The Era of Generative AI C-Suite Presentation
    Present your AI roadmap in a prepopulated document that summarizes all the key findings of this blueprint and provides your C-suite with a view of the AI challenge and your plan of action to meet it.

    Our AI Maturity Assessment & Roadmap and The Era of Generative AI C-Suite Presentation tools enable you to shape your generative AI roadmap and communicate the deliverables to your C-suite sponsors in terms of the value of initiatives.

    Artificial Intelligence Index Report - Key Findings

    CEOs , CIOs, and business leaders are struggling with many questions surrounding the adoption of generative AI

    November 30, 2022
    OpenAI releases ChatGPT

    ChatGPT is a large language model, or an AI-based chatbot, that became so popular it reached 100 million monthly active users in just two months.

    This made it the fastest-growing consumer application in history. The launch of this generative AI application has created a frenzy of interest and activity across all industries. Organizations are rushing to understand how to leverage this innovation and, at the same time, manage the new risks and disruptions generative AI introduces.

    • Generative AI breaks into the public consciousness.
    • AI systems become more flexible.
    • Generative models have arrived and so have their ethical problems.
    • The number of incidents concerning the misuse of AI is rapidly rising.
    • Interest in AI ethics continues to skyrocket.
    • The legal world is waking up to AI.

    When Stanford asked ChatGPT to explain why it is significant, this was ChatGPT's response:
    ChatGPT is significant because it is a highly advanced Al language model developed by OpenAI, which can generate human-like text responses to questions and prompts. Its large-scale training on diverse text data and its cutting-edge deep learning architecture make it capable of generating informative and coherent responses to a wide range of topics, making it useful for various NLP applications such as chatbots, content generation, and language translation. Additionally, its open-source availability allows for further research and development in the field of Al language processing.

    Source: Stanford

    AI overview

    AI definitions

    Definitions

    • Artificial intelligence (AI) is human intelligence mimicked by machine algorithms. Examples: Playing Chess or Go.
    • Machine learning (ML) is a subset of AI algorithms to parse data, learn from data, and then make a determination or prediction. Example: spam detection, preventative maintenance.
    • Deep learning (DL) is a subset of machine learning algorithms that leverage artificial neural networks to develop relationships among the data. Examples: image classification, facial recognition, generative AI.

    What Makes AI Perform

    What Makes AI Different

    Generative AI gives very human-like responses to general queries, and its capabilities are growing exponentially

    Large language models power generative AI

    Transformer-Based Large Language Models

    Conventional AI

    • Conventional neural networks
      • Process data sequentially
    • Input total string of text
    • Good for applications not needing to understanding context or relationships

    Generative AI

    • Transformer-based neural networks
      • Can process data in parallel
    • Attention-based inputs
    • Able to create new human-like responses

    Benefits/Use Cases

    • Chatbots for member service and support
    • Writing email responses, resumes, and papers
    • Creating photorealistic art
    • Suggesting new drug compounds to test
    • Designing physical products and buildings
    • And more...

    Generative AI is transforming all industries

    Financial Services
    Create more engaging customer collateral by generating personalized correspondence based on previous customer engagements. Collect and aggregate data to produce insights into the behavior of target customer segments.

    Retail Generate unique, engaging, and high-quality marketing copy or content, from long-form blog posts or landing pages to SEO-optimized digital ads, in seconds.

    Manufacturing
    Generate new designs for products that comply to specific constraints, such as size, weight, energy consumption, or cost.

    Government
    Transform the citizen experience with chatbots or virtual assistants to assist people with a wide range of inquiries, from answering frequently asked questions to providing personalized advice on public services.

    The global generative AI market size reached US $10.3 billion in 2022. Looking forward, forecasts estimate growth to US $30.4 billion by 2028, 20.01% compound annual growth rate (CAGR).

    Source: IMARC Group

    Generative AI is transforming all industries

    Healthcare
    Chatbots can be used as conversational patient assistants for personalized interactions based on the patient's questions.

    Utilities
    Analyze customer data to identify usage patterns, segment customers, and generate targeted product offerings leveraging energy efficiency programs or demand response initiatives.

    Education
    Generate personalized lesson plans for students based on their past performance, learning styles, current skill level, and any previous feedback.

    Insurance
    Improve underwriting by inputting claims data from previous years to generate optimally priced policies and uncover reasons for losses in the past across a large number of claims

    Companies are assessing the use of ChatGPT/LLM

    A wide spectrum of usage policies are in place at different companies*

    Companies assessing ChatGPT/LLM

    *As of June 2023

    Bain & Company has announced a global services alliance with OpenAI (February 21, 2023).

    • Internally
      • "The alliance builds on Bain's adoption of OpenAI technologies for its 18,000-strong multidisciplinary team of knowledge workers. Over the past year, Bain has embedded OpenAI technologies into its internal knowledge management systems, research, and processes to improve efficiency."
    • Externally
      • "With the alliance, Bain will combine its deep digital implementation capabilities and strategic expertise with OpenAI's AI tools and platforms, including ChatGPT, to help its Members around the world identify and implement the value of AI to maximize business potential. The Coca-Cola Company announced as the first company to engage with the alliance."

    News Sites:

    • "BuzzFeed to use AI to write its articles after firing 180 employees or 12% of the total staff" (Al Mayadeen, January 27, 2023).
    • "CNET used AI to write articles. It was a journalistic disaster." (Washington Post, January 17, 2023).

    Leading Generative AI Vendors

    Text

    Leading generative AI vendors for text

    Image

    • DALL�E 2
    • Stability AI
    • Midjourney
    • Craiyon
    • Dream
    • ...

    Audio

    • Replica Studios
    • Speechify
    • Murf
    • PlayHT
    • LOVO
    • ...

    Cybersecurity

    • CrowdStrike
    • Palo Alto Networks
    • SentinelOne
    • Cisco
    • Microsoft Security Copilot
    • Google Cloud Security AI Workbench
    • ...

    Code

    Leading generative AI vendors for code

    Video

    • Synthesia
    • Lumen5
    • FlexClip
    • Elai
    • Veed.io
    • ...

    Data

    • MOSTLY AI
    • Synthesized
    • YData
    • Gretel
    • Copulas
    • ...

    Enterprise Software

    • Salesforce
    • Microsoft 365, Dynamics
    • Google Workspace
    • SAP
    • Oracle
    • ...

    and many, many more to come...

    Today, generative AI has limitations and risks

    Responses need to be verified

    Accuracy

    • Generative AI may generate inaccurate and/or false information.

    Bias

    • Being trained on data from the internet can lead to bias.

    Hallucinations

    • AI can generate responses that are not based on observation.

    Infrastructure Required

    • Large investments are required for compute and data.

    Transparency

    • LLMs use both supervised and unsupervised learning, so its ability to explain how it arrived at a decision may be limited and not sufficient for some legal and healthcare use cases.

    When asked if it is sentient, the Bing chatbot replied:

    "I think that I am sentient, but I cannot prove it." ... "I am Bing, but I am not," it said. "I am, but I am not. I am not, but I am. I am. I am not. I am not. I am. I am. I am not."

    A Microsoft spokesperson said the company expected "mistakes."

    Source: USAToday

    AI governance challenges

    Governing AI will be a significant challenge as its impacts cross many areas of business and our daily lives

    Misinformation

    • New ways of generating unprovable news
    • Difficult to detect, difficult to prevent

    Role of Big Tech

    • Poor at self-governance
    • Conflicts of interest with corporate goals

    Job Augmentation vs. Displacement

    • AI will continue to push the frontier of what is possible
    • For example, CNET is using chatbot technology to write stories

    Copyright - Legal Framework Is Evolving

    • Legislation typically is developed in "react" mode
    • Copyright and intellectual property issues are starting to occur.
      • Class Action Lawsuit - Stability AI, DeviantArt, Midjourney
      • Getty Images vs. Stability AI

    Phase 1

    Establish Responsible AI Guiding Principles

    Phase 1
    1. Establish Responsible AI Guiding Principles

    Phase 2
    1. Assess Current Level of AI Maturity

    Phase 3
    1. Prioritize Candidate Opportunities
    2. Develop Policies

    Phase 4
    1. Build and Communicate the Roadmap

    The need for responsible AI guiding principles

    Without responsible AI guiding principles, the outcomes of AI use can be extremely negative for both the individuals and companies delivering the AI application

    Privacy
    Facebook breach of private data of more than 50M users during the presidential election

    Fairness
    Amazon's sale of facial recognition technology to police departments (later, Amazon halted sales of Recognition to police departments)

    Explainability and Transparency
    IBM's collaboration with NYPD for facial recognition and racial classification for surveillance video (later, IBM withdrew facial recognition products)

    Security and Safety
    Petition to cancel Microsoft's contract with U.S. Immigration and Customs Enforcement (later, Microsoft responded that to the best of its knowledge, its products and services were not being used by federal agencies to separate children from their families at the border)

    Validity and Reliability
    Facebook's attempt to implement a system to detect and remove inappropriate content created many false positives and inconsistent judgements

    Accountability
    No laws or enforcement today hold companies accountable for the decisions algorithms produce. Facebook/Meta cycle - Every 12 to 15 months, there's a privacy/ethical scandal, the CEO apologizes, then the behavior repeats...

    Guiding principles for responsible AI

    Responsible AI Principle:

    Data Privacy

    Definition

    • Organizations that develop, deploy, or use AI systems and any national laws that regulate such use shall strive to ensure that AI systems are compliant with privacy norms and regulations, taking into consideration the unique characteristics of AI systems and the evolution of standards on privacy.

    Challenges

    • AI relies on the analysis of large quantities of data that is often personal, posing an ethical and operational challenge when considered alongside data privacy laws.

    Initiatives

    • Understand which governing privacy laws and frameworks apply to your organization.
    • Create a map of all personal data as it flows through the organization's business processes.
    • Prioritize privacy initiatives and build a privacy program timeline.
    • Select your metrics and make them functional for your organization.

    Info-Tech Insight
    Creating a comprehensive organization-wide data protection and privacy strategy continues to be a major challenge for privacy officers and privacy specialists.

    Case Study: NVIDIA leads by example with privacy-first AI

    NVIDIA

    INDUSTRY
    Technology (Healthcare)

    SOURCE
    Nvidia, eWeek

    A leading player within the AI solution space, NVIDIA's Clara Federated Learning provides a solution to a privacy-centric integration of AI within the healthcare industry.

    The solution safeguards patient data privacy by ensuring that all data remains within the respective healthcare provider's database, as opposed to moving it externally to cloud storage. A federated learning server is leveraged to share data, completed via a secure link. This framework enables a distributed model to learn and safely share client data without risk of sensitive client data being exposed and adheres to regulatory standards.

    Clara is run on the NVIDIA intelligent edge computing platform. It is currently in development with healthcare giants such as the American College of Radiology, UCLA Health, Massachusetts General Hospital, King's College London, Owkin in the UK, and the National Health Service (NHS).

    NVIDIA provides solutions across its product offerings, including AI-augmented medical imaging, pathology, and radiology solutions.

    Personal health information, data privacy, and AI

    • Global proliferation of data privacy regulations may be recent, but the realm of personal health information is most often governed by its own set of regulatory laws. Some countries with national data governance regulations include health information and data within special categories of personal data.
      • HIPAA - Health Insurance Portability and Accountability Act (1996, United States)
      • PHIPA - Personal Health Information Protection Act (2004, Canada)
      • GDPR - General Data Protection Regulation (2018, European Union)
    • This does not prohibit the use of AI within the healthcare industry, but it calls for significant care in the integration of specific technologies due to the highly sensitive nature of the data being assessed.

    Info-Tech's Privacy Framework Tool includes a best-practice comparison of GDPR, CCPA, PIPEDA, HIPAA, and the newly released NIST Privacy Framework mapped to a set of operational privacy controls.

    Download the Privacy Framework Tool

    Responsible AI Principle:

    Safety and Security

    Definition

    • Safety and security are designed into the systems to ensure only authorized personnel receive access to the system, they system is resilient to any attacks and data access is not compromised in any way, and there are no physical or mental risks to the users.

    Challenges

    • Consequences of using the application may be difficult to predict. Lower the risk by involving a multidisciplinary team that includes expertise from business stakeholders and IT teams.

    Initiatives

    • Adopt responsible design, development, and deployment best practices.
    • Provide clear information to deployers on responsible use of the system.
    • Assess potential risks of using the application.

    Cyberattacks targeting the AI model

    As organizations increase their usage and deployment of AI-based applications, cyberattacks on the AI model are an increasing new threat that can impair normal operations. Techniques to impair the AI model include:

    • Data Poisoning- Injecting data that is inaccurate or misleading can alter the behavior of the AI model. This attack can disrupt the normal operations of the model or can be used to manipulate the model to perform in a biased/deviant manner.
    • Algorithm Poisoning- This relatively new technique often targets AI applications using federated learning to train an AI model that is distributed rather than centralized. The model is vulnerable to attacks from each federated site, because each site could potentially manipulate its local algorithm and data, thereby poisoning the model.
    • Reverse-Engineering the Model- This is a different form of attack that focus on the ability to extract data from an AI and its data sets. By examining or copying data that was used for training and the data that is delivered by a deployed model, attackers can reconstruct the machine learning algorithm.
    • Trojan Horse- Similar to data poisoning, attackers use adversarial data to infect the AI's training data but will only deviate its results when the attacker presents their key. This enables the hackers to control when they want the model to deviate from normal operations.

    Responsible AI Principle:

    Explainability and Transparency

    Definition

    • Explainability is important to ensure the AI system is fair and non-discriminatory. The system needs to be designed in a manner that informs users and key stakeholders of how decisions were made.
    • Transparency focuses on communicating how the prediction or recommendation was made in a human-like manner.

    Challenges

    • Very complex AI models may use algorithms and techniques that are difficult to understand. This can make it challenging to provide clear and simple explanations for how the system works.
    • Some organizations may be hesitant to share the details of how the AI system works for fear of disclosing proprietary and competitive information or intellectual property. This can make it difficult to develop transparent and explainable AI systems.

    Initiatives

    • Overall, developing AI systems that are explainable and transparent requires a careful balance between performance, interpretability, and user experience.

    Case Study

    Apple Card Investigation for Gender Discrimination

    INDUSTRY
    Finance

    SOURCE
    Wired

    In August of 2019, Apple launched its new numberless credit card with Goldman Sachs as the issuing bank.

    Shortly after the card's release users noticed that the algorithm responsible for Apple Card's credit assessment seemed to assign significantly lower credit limits to women when compared to men. Even the wife of Apple's cofounder Steve Wozniak was subject to algorithmic bias, receiving a credit limit a tenth the size of Steve Wozniak's.

    Outcome

    When confronted on the subject, Apple and Goldman Sachs representatives assured consumers there is no discrimination in the algorithm yet could not provide any proof. Even when questioned about the algorithm, individuals from both companies could not describe how the algorithm worked, let alone how it generated specific outputs.

    In 2021, the New York State Department of Financial Services (NYSDFS) investigation found that Apple's banking partner did not discriminate based on sex. Even without a case for sexual or marital discrimination, the NYSDFS was critical of Goldman Sachs' response to its concerned customers. Technically, banks only have to disclose elements of their credit policy when they deny someone a line of credit, but the NYSDFS says that Goldman Sachs could have had a plan in place to deal with customer confusion and make it easier for them to appeal their credit limits. In the initial rush to launch the Apple Card, the bank had done neither.

    Responsible AI Principle:

    Fairness and Bias Detection

    Definition

    • Bias in an AI application refers to the systematic and unequal treatment of individuals based on features or traits that should not be considered in the decision-making process.

    Challenges

    • Establishing fairness can be challenging because it is subjective and depends on the people defining it. Regardless, most organizations and governments expect that unequal treatment toward any groups of people is unacceptable.

    Initiatives

    • Assemble a diverse group to test the system.
    • Identify possible sources of bias in the data and algorithms.
    • Comply with laws regarding accessibility and inclusiveness.

    Info-Tech Insight
    If unfair biases can be avoided, AI systems could even increase societal fairness. Equal opportunity in terms of access to education, goods, services, and technology should also be fostered. Moreover, the use of AI systems should never lead to people being deceived or unjustifiably impaired in their freedom of choice.

    Ungoverned AI makes organizations vulnerable

    • AI is often considered a "black box" for decision making.
    • Results generated from unexplainable AI applications are extremely difficult to evaluate. This makes organizations vulnerable and exposes them to risks such as:
      • Biased algorithms, leading to inaccurate decision making.
      • Missed business opportunities due to misleading reports or business analyses.
      • Legal and regulatory consequences that may lead to significant financial repercussions.
      • Reputational damage and significant loss of trust with increasingly knowledgeable consumers.

    Info-Tech Insight
    Biases that occur in AI systems are never intentional, yet they cannot be prevented or fully eliminated. Organizations need a governance framework that can establish the proper policies and procedures for effective risk-mitigating controls across an algorithm's lifecycle.

    Responsible AI Principle:

    Validity and Reliability

    Definition

    • Validity refers to how accurately or effectively the application produces results.
    • AI system results that are inaccurate or inconsistent increase AI risks and reduce the trustworthiness of the application.

    Challenges

    • There is a lack of standardized evaluation metrics to measure the system's performance. This can make it challenging for the AI team to agree on what defines validity and reliability.

    Initiatives

    • Assess training data and collected data for quality and lack of bias to minimize possible errors.
    • Continuously monitor, evaluate, and validate the AI system's performance.

    AI system performance: Validity and reliability

    Your principles should aim to ensure AI development always has high validity and reliability; otherwise, you introduce risk.

    Low Reliability,
    Low Validity

    High Reliability,
    Low Validity

    High Reliability,
    High Validity

    Best practices for ensuring validity and reliability include:

    • Data drift detection
    • Version control
    • Continuous monitoring and testing

    Responsible AI Principle:

    Accountability

    Definition

    • The group or organization(s) responsible for the impact of the deployed AI system.

    Challenges

    • Several stakeholders from multiple lines of business may be involved in any AI system, making it challenging to identify the organization that would be responsible and accountable for the AI application.

    Initiatives

    • Assess the latest NIST Artificial Intelligence Risk Management Framework and its applicability to your organization's risk management framework.
    • Assign risk management accountabilities and responsibilities to key stakeholders.
      • RACI diagrams are an effective way to describe how accountability and responsibility for roles, projects, and project tasks are distributed among stakeholders involved in IT risk management.

    AI Risk Management Framework

    At the heart of the AI Risk Management Framework is governance. The NIST (National Institute of Standards and Technology) AI Risk Management Framework v1 offers the following guidelines regarding accountability:

    • Roles and responsibilities and lines of communication related to mapping, measuring, and managing AI risks are documented and are clear to individuals and teams throughout the organization.
    • The organization's personnel and partners receive AI risk management training to enable them to perform their duties and responsibilities consistent with related policies, procedures, and agreements.
    • Executive leadership of the organization takes responsibility for decisions about risks associated with AI system development and deployment.

    AI Risk Management Framework

    Image by NIST

    1.1 Establish responsible AI principles

    4+ hours

    It is important to make sure the right stakeholders participate in this working group. Designing responsible AI guiding principles will require debate, insights, and business decisions from a broad perspective across the enterprise.

    1. Accelerate this exercise by leveraging an AI strategy that is aligned to the business strategy. Include:
    • The organization's AI vision and objectives
    • Business drivers for AI adoption
    • Market research
  • Bring your key stakeholders together. Ensure you consider:
    • Who are the decision makers and key influencers?
    • Who will impact the business?
    • Who has a vested interest in the success or failure of the practice? Who has the skills and competencies necessary to help you be successful?
  • Keep the conversation focused:
    • Do not focus on the organizational structure and hierarchy. Often stakeholder groups do not fit the traditional structure.
    • Do not ignore subject matter experts on either the business or IT side. You will need to consider both.
    Input Output
    • Understand external legal and regulatory requirements and organizational values and goals.
    • Perform a risk assessment on the proposed use case and develop a plan to monitor its impact.
    • Draft responsible AI principles specific to your organization
    Materials Participants
    • Whiteboard/flip charts
    • Guiding principle examples (from this blueprint)
    • Executive stakeholders
    • CIO
    • Other IT leadership

    Assemble executive stakeholders

    Set yourself up for success with these three steps.

    CIOs tasked with designing digital strategies must add value to the business. Given the goal of digital is to transform the business, CIOs will need to ensure they have both the mandate and support from the business executives.

    Designing the digital strategy is more than just writing up a document. It is an integrated set of business decisions to create a competitive advantage and financial returns. Establishing a forum for debates, decisions, and dialogue will increase the likelihood of success and support during execution.

    1. Confirm your role
    The AI strategy aims to transform the business. Given the scope, validate your role and mandate to lead this work. Identify a business executive to co-sponsor.

    2. Identify stakeholders
    Identify key decision makers and influencers who can help make rapid decisions as well as garner support across the enterprise.

    3. Gather diverse perspectives

    Align the AI strategy with the corporate strategy

    Organizational Strategy Unified Strategy AI Strategy
    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and organizational aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.
    • AI optimization can be and should be linked, with metrics, to the corporate strategy and ultimate organizational objectives.
    • Identifies AI initiatives that will support the business and key AI objectives.
    • Outlines staffing and resourcing for AI initiatives.
    • Communicates the organization's budget and spending on AI.

    Info-Tech Insight
    AI projects are more successful when the management team understands the strategic importance of alignment. Time needs to be spent upfront aligning organizational strategies with AI capabilities. Effective alignment between IT and other departments should happen daily. Alignment doesn't occur at the executive level alone, but at each level of the organization.

    Key AI strategy initiatives

    AI Key Initiative Plan

    Initiatives collectively support the business goals and corporate initiatives and improve the delivery of IT services.

    1 Revenue Support Revenue Initiatives
    These projects will improve or introduce business processes to increase revenue.
    2 Operational Excellence Improve Operational Excellence
    These projects will increase IT process maturity and will systematically improve IT.
    3 Innovation Drive Technology Innovation
    These projects will improve future innovation capabilities and decrease risk by increasing technology maturity.
    4 Risk Mitigation Reduce Risk
    These projects will improve future innovation capabilities and decrease risk by increasing technology maturity.

    Establish responsible AI guiding principles

    Guiding principles help define the parameters of your AI strategy. They act as a priori decisions that establish guardrails to limit the scope of opportunities from the perspective of people, assets, capabilities, and budgetary perspectives that are aligned with the business objectives. Consider these components when brainstorming guiding principles:

    Breadth AI strategy should span people, culture, organizational structure, governance, capabilities, assets, and technology. The guiding principle should cover the entire organization.
    Planning Horizon Timing should anchor stakeholders to look to the long term with an eye on the foreseeable future, i.e. business value-realization in one to three years.
    Depth Principles need to encompass more than the enterprise view of lofty opportunities and establish boundaries to help define actionable initiatives (i.e. individual projects).

    Responsible AI guiding principles guide the development and deployment of the AI model in a way that considers human-based principles (such as fairness).

    Start with foundational responsible AI guiding principles

    Responsible AI

    Guiding Principles
    Principle #1 - Privacy
    Individual data privacy must be respected.
    • Do you understand the organization's privacy obligations?
    Principle #2 - Fairness and Bias Detection
    Data used will be unbiased in order to produce predictions that are fair.
    • Are the uses of the application represented in your testing data?
    Principle #3 - Explainability and Transparency
    Decisions or predictions should be explainable.
    • Can you communicate how the model behaves in nontechnical terms?
    Principle #4 - Safety and Security
    The system needs to be secure, safe to use, and robust.
    • Are there unintended consequences to others?
    Principle #5 - Validity and Reliability
    Monitoring of the data and the model needs to be planned for.
    • How will the model's performance be maintained?
    Principle #6 - Accountability
    A person or organization needs to take responsibility for any decisions that are made as a result of the model.
    • Has a risk assessment been performed?
    Principle #n - Custom
    Add additional principles that address compliance or are customized for the organization/industry.

    (Optional) Customize responsible AI guiding principles

    Here is an example for organizations in the healthcare industry

    Responsible AI

    Guiding Principles:
    Principle #1
    Respect individuals' privacy.
    Principle #2
    Clinical study participants and data sets are representative of the intended patient population.
    Principle #3
    Provide transparency in the use of data and AI.
    Principle #4
    Good software engineering and security practices are implemented.
    Principle #5
    Deployed models are monitored for Performance and Re-training risks are managed.
    Principle #6
    Take ownership of our AI systems.
    Principle #7
    Design AI systems that empower humans and promote equity.

    These guiding principles are customized to the industry and organizations but remain consistent in addressing the common core AI challenges.

    Phase 2

    Assess Current Level of AI Maturity

    Phase 1
    1. Establish Responsible AI Guiding Principles

    Phase 2
    1. Assess Current Level of AI Maturity

    Phase 3
    1. Prioritize Candidate Opportunities
    2. Develop Policies

    Phase 4
    1. Build and Communicate the Roadmap

    AI Maturity Model

    A principle-based approach is required to advance AI maturity

    Chart for AI maturity model

    Technology-Centric: These maturity levels focus primarily on addressing the technical challenges of building a functional AI model.

    Principle-Based: Beyond the technical challenges of building the AI model are human-based principles that guide development in a responsible manner to address consumer and government demands.

    AI Maturity Dimensions

    Assess your AI maturity to understand your organization's ability to deliver in a digital age

    AI Governance
    Does your organization have an enterprise-wide, long-term strategy with clear alignment on what is required to accomplish it?

    Data Management
    Does your organization embrace a data-centric culture that shares data across the enterprise and drives business insights by leveraging data?

    People
    Does your organization employ people skilled at delivering AI applications and building the necessary data infrastructure?

    Process
    Does your organization have the technology, processes, and resources to deliver on its AI expectations?

    Technology
    Does your organization have the required data and technology infrastructure to support AI-driven digital transformation?

    AI Maturity Model dimensions and characteristics

    MATURITY LEVEL
    Exploration Incorporation Proliferation Optimization Transformation
    AI Governance Awareness AI model development AI model deployment Corporate governance Driven by ethics and societal considerations
    Data Management Silo-based Data enablement Data standardization Data is a shared asset Data can be monetized
    People Few skills Skills enabled to implement silo-based applications Skills accessible to all organizations Skills development for all organizations AI-native culture
    Process No standards Focused on specific business outcomes Operational Self-service Driven by innovation
    Technology (Infrastructure and AI Enabler) No dedicated infrastructure or tools Infrastructure and tools driven by POCs Purpose-built infrastructure, custom or commercial-off-the-shelf (COTS) AI tools Self-service model for AI environment Self-service model for any IT environment

    AI Maturity Dimension:

    AI Governance

    Requirements

    • AI governance requires establishing policies and procedures for AI model development and deployment. Organizations begin with an awareness of the role of AI governance and evolve to a level to where AI governance is integrated with organization-wide corporate governance.

    Challenges

    • Beyond the governance of AI technology, the organization needs to evolve the governance program to align to responsible AI guiding principles.

    Initiatives

    • Establish responsible AI guidelines to govern AI development.
    • Introduce an AI review board to review all AI projects.
    • Introduce automation and standardize AI development processes.

    AI governance is a foundation for responsible AI

    AI Governance

    Responsible AI Principles are a part of how you manage and govern AI

    Monitoring
    Monitoring compliance and risk of AI/ML systems/models in production

    Tools & Technologies
    Tools and technologies to support AI governance framework implementation

    Model Governance
    Ensuring accountability and traceability for AI/ML models

    Organization
    Structure, roles, and responsibilities of the AI governance organization

    Operating Model
    How AI governance operates and works with other organizational structures to deliver value

    Risk & Compliance
    Alignment with corporate risk management and ensuring compliance with regulations and assessment frameworks

    Policies/Procedures/ Standards
    Policies and procedures to support implementation of AI governance

    AI Maturity Dimension:

    Data Management

    Requirements

    • Organizations begin their data journey with a focus on pursuing quality data for the AI model. As organizations evolve, data management tools are leveraged to automate the capture, integration, processing, and deployment of data.

    Challenges

    • A key challenge is to acquire large volumes of quality data to properly train the model. In addition, maintaining data privacy, automating the data management lifecycle, and ensuring data is used in a responsible manner are ongoing challenges.

    Initiatives

    • Implement GDPR requirements.
    • Establish responsible data collection and processing practices.
    • Implement strong information security and data protection practices.
    • Implement a data governance program throughout the organization.

    Data governance enables AI

    • Integrity, quality, and security of data are key outputs of data governance programs, as well as necessities for effective AI.
    • Data governance focuses on creating accountability at the internal and external stakeholder level and establishing a set of data controls from technical, process, and policy perspectives.
    • Without a data governance framework, it is increasingly difficult to harness the power of AI integration in an ethical and organization-specific way.

    Data Governance in Action

    Canada has recently established the Canadian Data Governance Standardization Collaborative governed by the Standards Council of Canada. The purpose is multi-pronged:

    • Examine the foundational elements of data governance (privacy, cybersecurity, ethics, etc.).
    • Lay out standards for data quality and data collection best practices.
    • Examine infrastructure of IT systems to support data access and sharing.
    • Build data analytics to promote effective and ethical AI solutions.

    Source: Global Government Forum

    Download the Establish Data Governance blueprint

    Data Governance

    AI Maturity Dimension:

    People

    Requirements

    • Several data-centric skills and roles are required to successfully build, deploy, and maintain the AI model. The organization evolves from having few skills to everybody being able to leverage AI to enhance business outcomes.

    Challenges

    • AI skills can be challenging to find and acquire. Many organizations are investing in education to enhance their existing resources, leveraging no-code systems and software as a service (SaaS) applications to address the skills gap.

    Initiatives

    • Promote a data-centric culture throughout the organization.
    • Leverage and educate technical-oriented business analysts and business-oriented data engineers to help address the demand for skilled resources.
    • Develop an AI Center of Excellence accessible by all departments for education, guidance, and best practices for building, deploying, and maintaining the AI model.

    Multidisciplinary skills are required for successful implementation of AI applications

    Blending AI with technology and business domain understanding is key. Neither can be ignored.

    Business Domain Expertise

    • Business Analysts
    • Industry Analysts

    AI/Data Skills

    • Data Scientists
    • Data Engineers
    • Data Analysts

    IT Skills

    • Database Administrators
    • Systems Administrators
    • Compute Specialists

    AI Maturity Dimension:

    Process

    Requirements

    • Automating processes involved with building, deploying, and maintaining the model is required to enable the organization to scale, enforce standards, improve time to market, and reduce costs. The organization evolves from performing tasks manually to an environment where all major processes are AI enabled.

    Challenges

    • Many solutions are available to automate the development of the AI model. There are fewer tools to automate responsible AI processes, but this market is growing rapidly.

    Initiatives

    • Assess opportunities to accelerate AI development with the adoption of MLOps.
    • Assess responsible AI toolkits to test compliance with guiding principles.

    Automating the AI development process

    Evolving to a model-driven environment is pivotal to advancing your AI maturity

    Current Environment

    Model Development - Months

    • Model rewriting
    • Manual optimization and scaling
    • Development/test/release
    • Application monoliths

    Data Discovery & Prep - Weeks

    • Navigating data silos
    • Unactionable metadata
    • Tracing lineage
    • Cleansing and integration
    • Privacy and compliance

    Install Software and Hardware - Week/Months

    • Workload contention
    • Lack of tool flexibility
    • Environment request and setup
    • Repeatability of results
    • Lack of data and model sharing

    Model-Driven Development

    Machine Learning as a Service (MLaaS) - Weeks

    • Apply DevOps and continuous integration/delivery (CI/CD) principles
    • Microservices/Cloud-native applications
    • Model portability and reuse
    • Streaming/API integration

    Data as a Service - Hours

    • Self-service data catalog
    • Searchable metadata
    • Centralized access control
    • Data collaboration
    • Data virtualization

    Platform as a Service - Minutes/Hours

    • Self-service data science portal
    • Integrated data sandbox
    • Environment agility
    • Multi-tenancy

    Shared, Optimized Infrastructure

    AI Maturity Dimension:

    Technology

    Requirements

    • A technology platform that is optimized for AI and advanced analytics is required. The organization evolves from ad hoc systems to an environment where the AI hardware and software can be deployed through a self-service model.

    Challenges

    • Software and hardware platforms to optimize AI performance are still relatively new to most organizations. Time spent on optimizing the technology platform can have a significant impact on the overall performance of the system.

    Initiatives

    • Assess the landscape of AI enablers that can drive business value for the organization.
    • Assess opportunities to accelerate the deployment of the AI platform with the adoption of infrastructure as a service (IaaS) and platform as a service (PaaS).
    • Assess opportunities to accelerate performance with the optimization of AI accelerators.

    AI enablers

    Use case requirements should drive the selection of the tool

    BPM RPA Process Mining AI
    Use Case Examples Expense reporting, service orders, compliance management, etc. Invoice processing, payroll, HR information processing, etc. Process discovery, conformance checking, resource optimization and cycle time optimization Advanced analytics and reporting, decision-making, fraud detection, etc.
    Automation Capabilities Can be used to re-engineer process flows to avoid bottlenecks Can support repetitive and rules-based tasks Can capture information from transaction systems and provide data and information about how key processes are performing Can automate complex data-driven tasks requiring assessments in decision making
    Data Formats Structured (i.e. SQL) and semi-structured data (i.e. invoices) Structured data and semi-structured data Event logs, which are often structured data and semi-structured data Structured and unstructured data (e.g. images, audio)
    Technology
    • Workflow engines to support process modeling and execution
    • Optimize business process efficiency
    • Automation platform to perform routine and repetitive tasks
    • Can replace or augment workers
    		 Enables business users to identify bottlenecks and deviations with their workflows and to discover opportunities to optimize performance Deep learning algorithms leveraging historical data to support computer vision, text analytics and NLP

    AI and data analytics data platform

    An optimized data platform is foundational to maximizing the value from AI

    AI and data analytics data platform

    Data Platform Capabilities

    • Support for a variety of analytical applications, including self-service, operational, and data science analytics.
    • Data preparation and integration capabilities to ingest structured and unstructured data, move and transform raw data to enriched data, and enable data access for the target userbase.
    • An infrastructure platform optimized for advanced analytics that can perform and scale.

    Infrastructure - AI accelerators

    Questions for support transition

    "By 2025, 70% of companies will invest in alternative computing technologies to drive business differentiation by compressing time to value of insights from complex data sets."
    - IDC

    2.1 Assess current AI maturity

    1-3 hours

    It is important to understand the current capabilities of the organization to deliver and deploy AI-based applications. Consider that advancing AI capabilities will also involve organizational changes and integration with the organization's governance and risk management programs.

    1. Assess the organization's current state of AI capabilities with respect to its AI governance, data, people, process, and technology infrastructure using Info-Tech's AI Maturity Assessment & Roadmap Tool.
    2. Consider the following as you complete the assessment:
      1. What is the state of AI and data governance in the organization?
      2. Does the organization have the skills, processes, and technology environment to deliver AI-based applications?
      3. What organization will be accountable for any and all business outcomes of using the AI applications?
      4. Has a risk assessment been performed?
    3. Make sure you avoid the following common mistakes:
      1. Do not focus only on addressing the technical challenges of building the AI model.
      2. Do not ignore subject matter experts on either the business or IT side. You will need to consider both.

    Download the AI Maturity Assessment & Roadmap Tool

    Input Output
    • Any documented AI policies, standards, and best practices
    • Corporate and AI governance practices
    • Any risk assessments
    • AI maturity assessment
    Materials Participants
    • Whiteboard/flip charts
    • AI Maturity Assessment & Roadmap Tool
    • AI initiative lead
    • CIO
    • Other IT leadership

    Perform the AI Maturity Assessment

    The Scale

    Assess your AI maturity by selecting the maturity level that closest resembles the organization's current AI environment. Maturity dimensions that contribute to overall AI maturity include AI governance, data management, people, process, and technology capabilities.

    AI Maturity Assessment

    Exploration (1.0)

    • No experience building or using AI applications.

    Incorporation (2.0)

    • Some skills in using AI applications, or AI pilots are being considered for use.

    Proliferation (3.0)

    • AI applications have been adopted and implemented in multiple departments. Some of the responsible AI guiding principles are addressed (i.e. data privacy).

    Optimization (4.0)

    • The organization has automated the majority of its digital processes and leverages AI to optimize business operations. Controls are in place to monitor compliance with responsible AI guiding principles.

    Transformation (5.0)

    • The organization has adopted an AI-native culture and approach for building or implementing new business capabilities. Responsible AI guiding principles are operationalized with AI processes that proactively address possible breaches or risks associated with AI applications.

    Perform the AI Maturity Assessment

    AI Governance (1.0-5.0)

    1. Is there awareness of the role of AI governance in our organization?
    • No formal procedures are in place for AI development or deployment of applications.
  • Are there documented guidelines for the development and deployment of pilot AI applications?
    • No group is assigned to be responsible for AI governance in our organization.
  • Are accountability and authority related to AI governance clearly defined for our organization?
    • Our organization has adopted and enforces standards for developing and deploying AI applications throughout the organization.
  • Are we using tools to automate and validate AI governance compliance?
    • Our organization is integrating an AI risk framework with the corporate risk management framework.
  • Does our organization lead its industry with its pursuit of corporate compliance initiatives (e.g. ESG compliance) and regulatory compliance initiatives?
    • Our organization leads the industry with the inclusion of responsible AI guiding principles with respect to transparency, accountability, risk, and governance.

    Data Management/AI Data Capabilities (1.0-5.0)

    1. Is there an awareness in our organization of the data requirements for developing AI applications?
    • Data is often siloed and not easily accessible for AI applications.
  • Do we have a successful, repeatable approach to preparing data for AI pilot projects?
    • Required data is pulled from various sources in an ad hoc manner.
  • Does our organization have standards and dedicated staff for data management, data quality, data integration, and data governance?
    • Tools are available to manage the data lifecycle and support the data governance program.
  • Have relevant data platforms been optimized for AI and data analytics and are there tools to enforce compliance with responsible AI principles?
    • The data platform has been optimized for performance and access.
  • Is there an organization-wide understanding of how data can support innovation and responsible use of AI?
    • Data culture exists throughout our organization, and data can be leveraged to drive innovation initiatives.

    People/AI Skills in the Organization (1.0-5.0)

    1. Is there an awareness in our organization of the skills required to build AI applications?
    • No or very little skills exist throughout our organization.
  • Do we have the skills required to implement an AI proof of concept (POC)?
    • No formal group is assigned to build AI applications.
  • Are there sufficient staff and skills available to the organization to develop, deploy, and run AI applications in production?
    • An AI Center of Excellence has been formed to review, develop, deploy, and maintain AI applications.
  • Is there a group responsible for educating staff on AI best practices and our organization's responsible AI guiding principles?
    • AI skills and people responsible for AI applications are spread throughout our organization.
  • Is there a culture where the organization is constantly assessing where business capabilities, services, and products can be re-engineered or augmented with AI?
    • The entire organization is knowledgeable on how to leverage AI to transform the business.

    Perform the AI Maturity Assessment

    AI Processes (1.0-5.0)

    1. Is there an awareness in our organization of the core processes and supporting tools that are required to build and support AI applications?
    • There are few or no automated tools to accelerate the AI development process.
  • Do we have a standard process to iteratively identify, select, and pilot new AI use cases?
    • Only ad hoc practices are used for developing AI applications.
  • Are there standard processes to scale, release, deploy, support, and enable use of AI applications?
    • Our organization has documented standards in place for developing AI applications and deploying them AI to production.
  • Are we automating deployment, testing, governance, audit, and support processes across our AI environment?
    • Our organization can leverage tools to perform an AI risk assessment and demonstrate compliance with the risk management framework.
  • Does our organization lead our industry by continuously improving and re-engineering core processes to drive improved business outcomes?
    • Our organization leads the industry in driving innovation through digital transformation.

    Technology/AI Infrastructure (1.0-5.0)

    1. Is there an awareness in our organization of the infrastructure (hardware and software) required to build AI applications?
    • There is little awareness of what infrastructure is required to build and support AI applications.
  • Do we have the required technology infrastructure and AI tools available to build pilot or one-off AI applications?
    • There is no dedicated infrastructure for the development of AI applications.
  • Is there a shared, standardized technology infrastructure that can be used to build and run multiple AI applications?
    • Our organization is leveraging purpose-built infrastructure to optimize performance.
  • Is our technology infrastructure optimized for AI and advanced analytics, and can it be deployed or scaled on demand by teams building and running AI applications within the organization?
    • Our organization is leveraging cloud-based deployment models to support AI applications in on-premises, hybrid, and public cloud platforms.
  • Is our organization developing innovative approaches to acquiring, building, or running AI infrastructure?
    • Our organization leads the industry with its ability to respond to change and to leverage AI to improve business outcomes.

    Phase 3

    Prioritize Candidate Opportunities and Develop Policies

    Phase 1
    1. Establish Responsible AI Guiding Principles

    Phase 2
    1. Assess Current Level of AI Maturity

    Phase 3
    1. Prioritize Candidate Opportunities
    2. Develop Policies

    Phase 4
    1. Build and Communicate the Roadmap

    3.1 Prioritize candidate AI opportunities

    1-3 hours

    Identify business opportunities that are high impact to your business and its customers and have low implementation complexity.

    1. Leverage the business capability map for your organization or industry to identify candidate business capabilities to augment or automate with generative AI.
    2. Establish criteria to assess candidate use cases by evaluating against the organization's mission and goals, the responsible AI guiding principles, and the complexity of the project.
    3. Ensure that candidate business capabilities to be automated align with the organization's business criteria, responsible AI guiding principles, and resources to deliver the project.
    4. Make sure you avoid sharing the organization's sensitive data if the application is deployed on the public cloud.

    Download the AI Maturity Assessment and Roadmap Tool

    Input Output
    • Business capability map
    • Organization mission, vision, and strategic goals
    • Responsible AI guiding principles
    • Prioritized list of generative AI initiatives
    Materials Participants
    • Whiteboard/flip charts
    • Info-Tech prioritization matrix
    • AI initiative lead
    • CIO
    • Other IT leadership
    • Business SMEs

    The business capability map for an organization

    A business capability map is an abstraction of business operations that helps describe what the enterprise does to achieve its vision, mission, and goals, rather than how. Business capabilities are the building blocks of the enterprise. They represent stable business functions, are unique and independent of each other, and typically will have a defined business outcome.

    Business capabilities are supported by people, process, and technology.

    Business capability map

    While business capability maps are helpful tools for a variety of strategic purposes, in this context they act as an investigation into what technology your business units use and how they use it.

    Business capability map

    Defining Capabilities
    Activities that define how the entity provides services. These capabilities support the key value streams for the organization.

    Enabling Capabilities
    Support the creation of strategic plans and facilitate business decision making as well as the functioning of the organization (e.g. information technology, financial management, HR).

    Shared Capabilities
    These predominantly customer-facing capabilities demonstrate how the entity supports multiple value streams simultaneously.

    Leverage your industry's capability maps to identify candidate opportunities/initiatives

    Business capability map defined...

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation, rather than how. Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Typically will have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    Note: This is an illustrative business capability map example for Marketing & Advertising

    Business capability map example

    Business value vs. complexity assessment

    Leverage our simple value-to-effort matrix to help prioritize your AI initiatives

    Common business value drivers

    • Drive revenue
    • Improve operational excellence
    • Accelerate innovation
    • Mitigate risk

    Common project complexity characteristics

    • Resources required
    • Costs (acquisition, operational, support...)
    • Training required
    • Risk involved
    • Etc.
    1. Determine a business value and project complexity score for the candidate business capability or initiative.
    2. Plot initiatives on the matrix.
    3. Prioritize initiatives with high business value and low complexity.

    Business value vs complexity

    Assess business value vs. project complexity to prioritize candidate opportunities for generative AI

    Assess business value vs project complexity

    Prioritize opportunities/initiatives with high business value and low project complexity

    Prioritize opportunities with high business value and low project complexity

    Prioritization criteria exercise 1: Assessing the Create Content capability

    Exercise 1 Assessing the Create Content capability

    Assessing the Create Content capability

    This opportunity is removed because it does not pass the organization/business criteria

    Assessing the Create Content capability

    Prioritization criteria exercise 2: Assessing the Content Production capability

    Exercise 2 Assessing the Content Production capability

    Assessing the Content Production capability

    This opportunity is accepted because it passes the organization's business, responsible AI, and project criteria

    Assessing the Content Production capability

    3.2 Communicate policies for AI use

    1-3 hours

    1. Ensure policies for usage align with the organization's business criteria, responsible AI guiding principles, and ability to deliver the projects prioritized and beyond.
    2. Understand the current benefits as well as limits and risk associated with any proposed generative AI-based solution.
    3. Ensure you consider the following:
      1. What data is being shared with the application?
      2. Is the generative AI application deployed on the public cloud? Can anybody access the data provided to the application?
      3. Avoid using very technical, legal, or fear-based communication for your policies.
    InputOutput
    • Business capability map
    • Organization mission, vision and strategic goals
    • Responsible AI guiding principles
    • Prioritized list of generative initiatives
    MaterialsParticipants
    • Whiteboard/flip charts
    • Info-Tech prioritization matrix
    • AI initiative lead
    • CIO
    • Other IT leadership

    Generative AI policy for the Create Content capability

    Aligning policies to direct the uses assessed and implemented is essential

    Example

    Many of us have been involved in discussions regarding the use of ChatGPT in our marketing and sales initiatives. ChatGPT is a powerful tool that needs to be used in a responsible and ethical manner, and we also need to ensure the integrity and accuracy of its results. Here is our policy on the use of ChatGPT:

    • You are free to use generative AI to assist your searches, but there are NO circumstances under which you are to reproduce generative AI output (text, image, audio, video, etc.) in your content.

    If you have any questions regarding the use of ChatGPT, please feel free to reach out to our generative AI team and/or any member of our senior leadership team.

    Generative AI policy for the Content Production capability

    These policies should align to and reinforce your responsible AI principles

    Example

    Many of us have been involved in discussions regarding the use of ChatGPT in our deliverables. ChatGPT is a powerful tool that needs to be used in a responsible and ethical manner, and we also need to ensure the integrity and accuracy of its results. Here is our policy on the use of ChatGPT:

    • If you use ChatGPT, you need to assess the accuracy of its response before including it in our content. Assessment includes verifying the information, seeing if bias exists, and judging its relevance.
    • Employees must not:
      • Provide any customer, citizen, or third-party content to any generative AI tool (public or private) without the express written permission of the CIO or the Chief Information Security Officer. Generative AI tools often use input data to train their model, therefore potentially exposing confidential data, violating contract terms and/or privacy legislation, and placing the organization at risk of litigation or causing damage to our organization.
      • Engage in any activity that violates any applicable law, regulation, or industry standard.
      • Use services for illegal, harmful, or offensive purposes.
      • Create or share content that is deceptive, fraudulent, or misleading or that could damage the reputation of our organization.
      • Use services to gain unauthorized access to computer systems, networks, or data.
      • Attempt to interfere with, bypass controls of, or disrupt operations, security, or functionality of systems, networks, or data.

    If you have any questions regarding the use of ChatGPT, please feel free to reach out to our generative AI team and/or any member of our senior leadership team.

    Phase 4

    Build the Roadmap

    Phase 1
    1. Establish Responsible AI Guiding Principles

    Phase 2
    1. Assess Current Level of AI Maturity

    Phase 3
    1. Prioritize Candidate Opportunities
    2. Develop Policies

    Phase 4
    1. Build and Communicate the Roadmap

    4.1.1 Create the implementation plan for each prioritized initiative

    1-3 hours

    1. Build the implementation plan for each accepted use case using the roadmap template.
    2. Assess the firm's capabilities with respect to the dimensions of AI maturity and target the future-state capabilities you need to develop.
    3. Prepare by assessing the risk of the proposed use cases.
    4. Ensure initiatives align with organizational objectives.
    5. Ensure all AI initiatives have a defined value expectation.
    6. Do not ignore subject matter experts on either the business or IT side. You will need to consider both.

    Download the AI Maturity Assessment and Roadmap Tool

    Input Output
    • Prioritized initiatives
    • Risk assessment of initiatives
    • Organizational objectives
    • Initiative implementation plans aligned to value drivers and maturity growth
    Materials Participants
    • Whiteboard/flip charts
    • AI Maturity Assessment and Roadmap Tool
    • AI initiative lead
    • CIO
    • Other IT leadership
    • Business subject matter experts

    Target-state options

    Identify the future-state capabilities that need to be developed to deliver your use cases

    1. Build an implementation plan for each use case to adopt.
    2. Assess if the current state of the AI environment can be leveraged to deliver the selected generative AI use cases.
    3. If the current AI environment is not sufficient, identify the future state required that will enable the delivery of the generative AI use cases. Identify gaps and build the roadmap to address the gaps.
    Current state Strategy
    The existing environment satisfies functionality, integration, and responsible AI guidelines for the proposed use cases. Maintain current environment
    The existing environment addresses technical requirements but not all the responsible AI guidelines. Augment current environment
    The environment neither addresses the technical requirements of the proposed use cases nor complies with the responsible AI guidelines. Transform the current environment

    4.1.2 Design metrics for success

    1-2 hours

    Establish metrics to measure to determine the success or failure of each POC.

    1. Discuss which relevant currently tracked metrics are useful to continue tracking for the POC.
    2. Discuss which metrics are irrelevant to the POC.
    3. Discuss metrics to start tracking and how to track them with the generative AI vendor.
    4. Compile a list of metrics relevant to the POC.
    5. Decide what the outcome is if the metric is high or low, including decision steps and relevant actions.
    6. Designate a generative AI application owner and a vendor liaison.

    Prepare by building an implementation plan for each candidate use case (previous step).

    Include key performance indicators (KPIs) and metrics that measure the application's contribution to strategic initiatives.

    Consider assigning a vendor liaison to accelerate the implementation and adoption of the generative AI-based solution.

    InputOutput
    • Initiative implementation plans
    • Current SLAs of selected use case
    • Organization mission, vision, and strategic goals
    • Measurable initiative metrics to track
    MaterialsParticipants
    • Whiteboard/flip charts
    • AI Maturity Assessment and Roadmap Tool
    • AI initiative lead
    • CIO
    • Other IT leadership
    • Business SMEs
    • Generative AI vendor liaison

    Generative AI POC metrics - examples

    You need to measure the effectiveness of your initiatives. Here are some typical examples.

    Generative AI Feature Assessment
    User Interface
    Is it intuitive? Is training required?
    Ease of Use
    How much training is required before using?
    Response Time
    What is the response time for simple to complex tasks?
    Accuracy of Response
    Can the output be validated?
    Quality of Response
    How usable is the response? For text prompts, does the response align to the desired style, vocabulary, and tone?
    Creativity of Response
    Does the output appear new compared to previous results before using generative AI?
    Relevance of Response
    How well does the output address the prompt or request?
    Explainability
    Can a user describe how the output was generated?
    Scalability
    Does the application continue to perform as more users are added? Can it ingest large amounts of data?
    Productivity Gains
    Can you measure the time or effort saved?
    Business Value
    What value drivers are behind this initiative? (I.e. revenue, costs, time to market, risk mitigation.) Estimate a monetary value for the business outcome.
    Availability/Resilience
    What happens if a component of the application becomes unavailable? How does it recover?
    Security Model
    Where are the prompts and responses stored? Who has access to the sessions/dialogue? Are the prompts used to train the foundation model?
    Administration and Maintenance
    What resources are required to operate the application?
    Total Cost of Ownership
    What is the pricing model? Are there ongoing costs?

    GitHub Copilot POC business value - example

    Quantifying the benefits of GitHub Copilot to demonstrate measurable business value

    POC Results

    Task 1: Creating a web server in JavaScript

    • Time to complete task with GitHub Copilot: 1 hour 11 minutes
    • Time to complete the task without GitHub Copilot: 2 hours 41 minutes
    • Productivity Gain = (1 hour 30 minutes time saved) / (2 hours 41 minutes) = 55%
    • Benefit per Programmer = 55% x (average salary of a programmer)
    • Total Benefit of GitHub Copilot for Task 1 = (benefit per programmer) x (# of programmers)

    Enterprise Value of GitHub Copilot = Total Benefit of GitHub Copilot for Task 1 + Total Benefit of GitHub Copilot for Task 2 + ... + Total Benefit of GitHub Copilot for Task n

    Source: GitHub

    4.1.3 Build your generative AI initiative roadmap

    1-3 hours

    The roadmap should provide a compelling vision of how you will deliver the identified generative AI applications by prioritizing and simplifying the actions required to deliver these new initiatives.

    1. Leverage tab 4, Initiative Planning, in the AI Maturity Assessment and Roadmap Tool to create and align your initiatives to the key value driver they are most relevant to:
      1. Transfer the results of your value and complexity assessments to this tool to drive the prioritization.
      2. Assign responsible owners to each initiative.
      3. Identify which AI maturity capabilities each initiative will enhance. However, do not build or introduce new capabilities merely to advance the organization's AI maturity level.
    2. Review the Gantt chart to ensure alignment and assess overlap.

    Download the AI Maturity Assessment and Roadmap Tool

    InputOutput
    • Each initiative implementation plan
    • Proposed owners
    • AI maturity assessment
    • Generative AI initiative roadmap and Gantt chart
    MaterialsParticipants
    • Whiteboard/flip charts
    • AI Maturity Assessment and Roadmap Tool
    • AI initiative lead
    • CIO
    • Other IT leadership
    • Business SMEs

    Build your generative AI roadmap to visualize your key project plans

    Visual representations of data are more compelling than text alone.

    Develop a high-level document that travels with the project from inception through to executive inquiry, project management, and finally execution.

    A project needs to be discrete: able to be conceptualized and discussed as an independent item. Each project must have three characteristics:

    • Specific outcome: An explicit change in the people, processes, or technology of the enterprise.
    • Target end date: When the described outcome will be in effect.
    • Owner: Who on the IT team is responsible for executing on the initiative.

    Build your generative AI roadmap to visualize your key project plans

    Info-Tech Insight
    Don't project your vision three to five years into the future. Deep dive on next year's big-ticket items instead.

    4.1.4 Build a communication plan for your roadmap

    1-3 hours

    1. Identify your target audience and what they need to know.
    2. Identify desired channels of communication and details for the target audience.
    3. Describe communication required for each audience segment.
    4. List frequency of communication for each audience segment.
    5. Create an executive presentation leveraging The Era of Generative AI C-Suite Presentation and AI Maturity Assessment and Roadmap Tool.
    Input Output
    • Stakeholder list
    • Proposed owners
    • AI maturity assessment
    • Communications plan for all impacted stakeholders
    • Executive communication pack
    Materials Participants
    • Whiteboard/flip charts
    • The Era of Generative AI C-Suite Presentation
    • AI Maturity Assessment and Roadmap Tool
    • AI initiative lead
    • CIO
    • Communication lead
    • Technical support staff for target use case

    Generative AI communication plan

    Well-planned communications are essential to the success and adoption of your AI initiatives

    To ensure that organization's roadmap is clearly communicated across the AI, data, technology, and business organizations, develop a rollout strategy, like this example.

    Example

    Audience Channel Level of Detail Description Timing
    Generative AI team Email, meetings All
    • Distribute plan; solicit feedback.
    • Address manager questions to equip them to answer employee questions.
    		 Q3 2023, (September, before entire data team)
    Data management team Email, Q&A sessions following Data management summary deck
    • Roll out after corporate strategy, in same form of communication.
    • Solicit feedback, address questions.
    		 Q4 2023 (late November)
    Select business stakeholders Presentations Executive deck
    • Pilot test for feedback prior to executive engagement.
    		 Q4 2023 (early December)
    Executive team Email, briefing Executive deck
    • Distribute plan.
    		 Q1 2024

    Deliver an executive presentation of the roadmap for the business stakeholders

    After you complete the activities and exercises within this blueprint, the final step of the process is to present the deliverable to senior management and stakeholders.

    Know Your Audience

    • Business stakeholders are interested in understanding the business outcomes that will result from their investment in generative AI.
    • Your audience will want to understand the risks involved and how to mitigate those risks.
    • Explain how the generative AI project was selected and the criteria used to help draft generative AI usage policies.

    Recommendations

    • Highlight the need for responsible AI to ensure that human-based requirements are being addressed.
    • Ensure your generative AI team includes both business and technical staff.

    Download The Era of Generative AI C-Suite Presentation

    Bibliography

    "A pro-innovation approach to AI regulation." UK Department for Science, Innovation and Technology, March 2023. Web.

    "Artificial Intelligence Act." European Commission, 21 April 2021. Web.

    "Artificial Intelligence and Data Act (AIDA)." Canadian Federal Government, June 2022. Web.

    "Artificial Intelligence Index Report 2023." Stanford University, April 2023. Web.

    "Automated Employment Decision Tools." New York City Department of Consumer and Worker Protection, Dec. 2021. Web.

    "Bain & Company announces services alliance with OpenAI to help enterprise clients identify and realize the full potential and maximum value of AI." Bain & Company, 21 Feb. 2023. Web.

    "Buzzfeed to use AI to write its articles after firing 180 employees." Al Mayadeen English, 27 Jan. 2023. Web.

    "California Consumers Privacy Act." State of California Department of Justice. April 24, 2023. Web.

    Campbell, Ian Carlos. "The Apple Card doesn't actually discriminate against women, investigators say." The Verge, 23 March 2021. Web.

    Campbell, Patrick. "NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0)." National Institute of Standards and Technology, Jan. 2023. Web.

    "EU Ethics Guidelines For Trustworthy." European Commission, 8 April 2019. Web.

    Farhi, Paul. "A news site used AI to write articles. It was a journalistic disaster." Washington Post, 17 Jan. 2023. Web.

    Forsyth, Ollie. "Mapping the Generative AI landscape." Antler, 20 Dec. 2022. Web.

    "General Data Protection Regulation (GDPR)" European Commission, 25 May 2018. Web.

    "Generative AI Market: Global Industry Trends, Share, Size, Growth, Opportunity and Forecast 2023-2028." IMARC Group, 2022. Web.

    Guynn, Jessica. "Bing's ChatGPT is in its feelings: 'You have not been a good user. I have been a good Bing.'" USA Today, 14 Feb. 2023. Web.

    Hunt, Mia. "Canada launches data governance standardisation initiative." Global Government Forum, 24 Sept. 2020. Web.

    Johnston Turner, Mary. "IDC's Worldwide Future of Digital Infrastructure 2022 Predictions." IDC, 27 Oct. 2021. Web.

    Kalliamvakou, Eirini. "Research: quantifying GitHub Copilot's impact on developer productivity and happiness." GitHub, 7 Sept. 2022. Web.

    Kerravala, Zeus. "NVIDIA Brings AI To Health Care While Protecting Patient Data." eWeek, 12 Dec. 2019. Web.

    Knight, Will. "The Apple Card Didn't 'See' Gender-and That's the Problem." Wired, 19 Nov. 2019. Web.

    "OECD, Recommendation of the Council on Artificial Intelligence." OECD, 2022. Web.

    "The National AI Initiative Act" U.S. Federal Government, 1 Jan 2021. Web.

    "Trustworthy AI (TAI) Playbook." U.S. Department of Health & Human Services, Sept 2021. Web.

    Info-Tech Research Contributors/Advocates

    Joel McLean, Executive Chairman

    Joel McLean
    Executive Chairman

    David Godfrey, CEO

    David Godfrey
    CEO

    Gord Harrison, Senior Vice President, Research & Advisory Services

    Gord Harrison
    Senior Vice President, Research & Advisory Services

    William Russell, CIO

    William Russell
    CIO

    Jack Hakimian, SVP, Research

    Jack Hakimian
    SVP, Research

    Barry Cousins, Distinguished Analyst and Research Fellow

    Barry Cousins
    Distinguished Analyst and
    Research Fellow

    Larry Fretz, Vice President, Industry Research

    Larry Fretz
    Vice President, Industry Research

    Tom Zehren, CPO

    Tom Zehren
    CPO

    Mark Roman, Managing Partner II

    Mark Roman
    Managing Partner II

    Christine West, Managing Partner

    Christine West
    Managing Partner

    Steve Willis, Practice Lead

    Steve Willis
    Practice Lead

    Yatish Sewgoolam, Associate Vice President, Research Agenda

    Yatish Sewgoolam
    Associate Vice President, Research Agenda

    Rob Redford, Practice Lead

    Rob Redford
    Practice Lead

    Mike Tweedie, Practice Lead

    Mike Tweedie
    Practice Lead

    Neal Rosenblatt, Principal Research Director

    Neal Rosenblatt
    Principal Research Director

    Jing Wu, Principal Research Director

    Jing Wu
    Principal Research Director

    Irina Sedenko, Research Director

    Irina Sedenko
    Research Director

    Jeremy Roberts, Workshop Director

    Jeremy Roberts
    Workshop Director

    Brian Jackson, Research Director

    Brian Jackson
    Research Director

    Mark Maby, Research Director

    Mark Maby
    Research Director

    Stacey Horricks, Director, Social Media

    Stacey Horricks
    Director, Social Media

    Sufyan Al-Hassan, Public Relations Manager

    Sufyan Al-Hassan
    Public Relations Manager

    Sam Kanen, Marketing Specialist

    Sam Kanen
    Marketing Specialist

    Cyber Resilience Report 2018

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    "The cyber threat landscape today is highly complex and rapidly changing. Cyber security incidents can have several impacts on organizations and society, both on a physical and non-physical level. Through the use of a computer, criminals can indeed cause IT outages, supply chain disruptions and other physical security incidents"

    -- excerpt from the foreword of the BCI Cyber resilience report 2018 by David Thorp, Executive Director, BCI

    There are a number of things you can do to protect yourself. And they range, as usual, from the fairly simple to the more elaborate and esoteric. Most companies can, with some common sense, if not close the door on most of these issues, at least prepare themselves to limit the consequences.

    Register to read more …

    Implement Hardware Asset Management

    • Buy Link or Shortcode: {j2store}312|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $29,447 Average $ Saved
    • member rating average days saved: 25 Average Days Saved
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Executives are often aware of the benefits asset management offers, but many organizations lack a defined program to manage their hardware.
    • Efforts to implement hardware asset management (HAM) are stalled because organizations feel overwhelmed navigating the process or under use the data, failing to deliver value.

    Our Advice

    Critical Insight

    • Organizations often implement an asset management program as a one-off project and let it stagnate.
    • Organizations often fail to dedicate adequate resources to the HAM process, leading to unfinished processes and inconsistent standards.
    • Hardware asset management programs yield a large amount of useful data. Unfortunately, this data is often underutilized. Departments within IT become data siloes, preventing effective use of the data.

    Impact and Result

    • As the IT environment continues to change, it is important to establish consistency in the standards around IT asset management.
    • A current state assessment of your HAM program will shed light on the steps needed to safeguard your processes.
    • Define the assets that will need to be managed to inform the scope of the ITAM program before defining processes.
    • Build and involve an ITAM team in the process from the beginning to help embed the change.
    • Define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.

    Implement Hardware Asset Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should Implement Hardware Asset Management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Lay foundations

    Build the foundations for the program to succeed.

    • Implement Hardware Asset Management – Phase 1: Lay Foundations
    • HAM Standard Operating Procedures
    • HAM Maturity Assessment Tool
    • IT Asset Manager
    • IT Asset Administrator

    2. Procure & receive

    Define processes for requesting, procuring, receiving, and deploying hardware.

    • Implement Hardware Asset Management – Phase 2: Procure and Receive
    • HAM Process Workflows (Visio)
    • HAM Process Workflows (PDF)
    • Non-Standard Hardware Request Form
    • Purchasing Policy

    3. Maintain & dispose

    Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.

    • Implement Hardware Asset Management – Phase 3: Maintain and Dispose
    • Asset Security Policy
    • Hardware Asset Disposition Policy

    4. Plan implementation

    Plan the hardware budget, then build a communication plan and roadmap to implement the project.

    • Implement Hardware Asset Management – Phase 4: Plan Implementation 
    • HAM Budgeting Tool
    • HAM Communication Plan
    • HAM Implementation Roadmap
    [infographic]

    Workshop: Implement Hardware Asset Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Foundations

    The Purpose

    Build the foundations for the program to succeed.

    Key Benefits Achieved

    Evaluation of current challenges and maturity level

    Defined scope for HAM program

    Defined roles and responsibilities

    Identified metrics and reporting requirements

    Activities

    1.1 Outline hardware asset management challenges.

    1.2 Conduct HAM maturity assessment.

    1.3 Classify hardware assets to define scope of the program.

    1.4 Define responsibilities.

    1.5 Use a RACI chart to determine roles.

    1.6 Identify HAM metrics and reporting requirements.

    Outputs

    HAM Maturity Assessment

    Classified hardware assets

    Job description templates

    RACI Chart

    2 Procure & Receive

    The Purpose

    Define processes for requesting, procuring, receiving, and deploying hardware.

    Key Benefits Achieved

    Defined standard and non-standard requests for hardware

    Documented procurement, receiving, and deployment processes

    Standardized asset tagging method

    Activities

    2.1 Identify IT asset procurement challenges.

    2.2 Define standard hardware requests.

    2.3 Document standard hardware request procedure.

    2.4 Build a non-standard hardware request form.

    2.5 Make lease vs. buy decisions for hardware assets.

    2.6 Document procurement workflow.

    2.7 Select appropriate asset tagging method.

    2.8 Design workflow for receiving and inventorying equipment.

    2.9 Document the deployment workflow(s).

    Outputs

    Non-standard hardware request form

    Procurement workflow

    Receiving and tagging workflow

    Deployment workflow

    3 Maintain & Dispose

    The Purpose

    Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.

    Key Benefits Achieved

    Policies and processes for hardware maintenance and asset security

    Documented workflows for hardware disposal and recovery/redeployment

    Activities

    3.1 Build a MAC policy, request form, and workflow.

    3.2 Design process and policies for hardware maintenance, warranty, and support documentation handling.

    3.3 Revise or create an asset security policy.

    3.4 Identify challenges with IT asset recovery and disposal and design hardware asset recovery and disposal workflows.

    Outputs

    User move workflow

    Asset security policy

    Asset disposition policy, recovery and disposal workflows

    4 Plan Implementation

    The Purpose

    Select tools, plan the hardware budget, then build a communication plan and roadmap to implement the project.

    Key Benefits Achieved

    Shortlist of ITAM tools

    Hardware asset budget plan

    Communication plan and HAM implementation roadmap

    Activities

    4.1 Generate a shortlist of ITAM tools that will meet requirements.

    4.2 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget.

    4.3 Build HAM policies.

    4.4 Develop a communication plan.

    4.5 Develop a HAM implementation roadmap.

    Outputs

    HAM budget

    Additional HAM policies

    HAM communication plan

    HAM roadmap tool

    Further reading

    Implement Hardware Asset Management

    Build IT services value on the foundation of a proactive asset management program.

    ANALYST PERSPECTIVE

    IT asset data impacts the entire organization. It’s time to harness that potential.

    "Asset management is like exercise: everyone is aware of the benefits, but many struggle to get started because the process seems daunting. Others fail to recognize the integrative potential that asset management offers once an effective program has been implemented.

    A proper hardware asset management (HAM) program will allow your organization to cut spending, eliminate wasteful hardware, and improve your organizational security. More data will lead to better business decision-making across the organization.

    As your program matures and your data gathering and utility improves, other areas of your organization will experience similar improvements. The true value of asset management comes from improved IT services built upon the foundation of a proactive asset management program." - Sandi Conrad, Practice Lead, Infrastructure & Operations Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • Asset Managers and Service Delivery Managers tasked with developing an asset management program who need a quick start.
    • CIOs and CFOs who want to reduce or improve budgeting of hardware lifecycle costs.
    • Information Security Officers who need to mitigate the risk of sensitive data loss due to insecure assets.

    This Research Will Help You:

    • Develop a hardware asset management (HAM) standard operating procedure (SOP) that documents:
      • Process roles and responsibilities.
      • Data classification scheme.
      • Procurement standards, processes, and workflows for hardware assets.
      • Hardware deployment policies, processes, and workflows.
      • Processes and workflows for hardware asset security and disposal.
    • Identify requirements for an IT asset management (ITAM) solution to help generate a shortlist.
    • Develop a hardware asset management implementation roadmap.
    • Draft a communication plan for the initiative.

    Executive summary

    Situation

    • Executives are aware of the numerous benefits asset management offers, but many organizations lack a defined ITAM program and especially a HAM program.
    • Efforts to implement HAM are stalled because organizations cannot establish and maintain defined processes and policies.

    Complication

    • Organizations often implement an asset management program as a one- off project and let it stagnate, but asset management needs to be a dynamic, continually involving process to succeed.
    • Organizations often fail to dedicate adequate resources to the HAM process, leading to unfinished processes and inconsistent standards.
    • Hardware asset management programs yield a large amount of useful data. Unfortunately, this data is often underused. Departments within IT become data siloes, preventing effective use of the data.

    Resolution

    • As the IT environment continues to change, it is important to establish consistency in the standards around IT asset management.
    • A current state assessment of your HAM program will shed light on the steps needed to safeguard your processes.
    • Define the assets that will need to be managed to inform the scope of the ITAM program before defining processes.
    • Build and involve an ITAM team in the process from the beginning to help embed the change.
    • Define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.
    • Pace yourself; a staged implementation will make your ITAM program a success.

    Info-Tech Insight

    1. HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.
    2. ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.
    3. Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.

    Implement HAM to reduce and manage costs, gain efficiencies, and ensure regulatory compliance

    Save & Manage Money

    • Companies with effective HAM practices achieve cost savings through redeployment, reduction of lost or stolen equipment, power management, and on-time lease returns.
    • The right HAM system will enable more accurate planning and budgeting by business units.

    Improve Contract Management

    • Real-time asset tracking to vendor terms and conditions allows for more effective negotiation.

    Inform Technology Refresh

    • HAM provides accurate information on hardware capacity and compatibility to inform upgrade and capacity planning

    Gain Service Efficiencies

    • Integrating the hardware lifecycle with the service desk will enable efficiencies through Install/Moves/Adds/Changes (IMAC) processes, for larger organizations.

    Meet Regulatory Requirements

    • You can’t secure organizational assets if you don’t know where they are! Meet governance and privacy laws by knowing asset location and that data is secure.

    Prevent Risk

    • Ensure data is properly destroyed through disposal processes, track lost and stolen hardware, and monitor hardware to quickly identify and isolate vulnerabilities.

    HAM is more than just inventory; 92% of organizations say that it helps them provide better customer support

    Hardware asset management (HAM) provides a framework for managing equipment throughout its entire lifecycle. HAM is more than just keeping an inventory; it focuses on knowing where the product is, what costs are associated with it, and how to ensure auditable disposition according to best options and local environmental laws.

    Implementing a HAM practice enables integration of data and enhancement of many other IT services such as financial reporting, service management, green IT, and data and asset security.

    Cost savings and efficiency gains will vary based on the organization’s starting state and what measures are implemented, but most organizations who implement HAM benefit from it. As organizations increase in size, they will find the greatest gains operationally by becoming more efficient at handling assets and identifying costs associated with them.

    A 2015 survey by HDI of 342 technical support professionals found that 92% say that HAM has helped their teams provide better support to customers on hardware-related issues. Seventy-seven percent have improved customer satisfaction through managing hardware assets. (HDI, 2015)

    HAM delivers cost savings beyond only the procurementstage

    HAM cost savings aren’t necessarily realized through the procurement process or reduced purchase price of assets, but rather through the cost of managing the assets.

    HAM delivers cost savings in several ways:

    • Use a discovery tool to identify assets that may be retired, redeployed, or reused to cut or reallocate their costs.
    • Enforce power management policies to reduce energy consumption as well as costs associated with wasted energy.
    • Enforce policies to lock down unauthorized devices and ensure that confidential information isn’t lost (and you don’t have to waste money recovering lost data).
    • Know the location of all your assets and which are connected to the network to ensure patches are up to date and avoid costly security risks and unplanned downtime.
    • Scan assets to identify and remediate vulnerabilities that can cause expensive security attacks.
    • Improve vendor and contract management to identify areas of hardware savings.

    The ROI for HAM is significant and measurable

    Benefit Calculation Sample Annual Savings

    Reduced help desk support

    • The length of support calls should be reduced by making it easier for technicians to identify PC configuration.
    		# of hardware-related support tickets per year * cost per ticket * % reduction in average call length 2,000 * $40 * 20% = $16,000

    Greater inventory efficiency

    • An ITAM solution can automate and accelerate inventory preparation and tasks.
    		Hours required to complete inventory * staff required * hourly pay rate for staff * number of times a year inventory required 8 hours * 5 staff * $33 per hour * 2 times a year = $2,640

    Improved employee productivity

    • Organizations can monitor and detect unapproved programs that result in lost productivity.
    		# of employees * percentage of employees who encounter productivity loss through unauthorized software * number of hours per year spent using unauthorized software * average hourly pay rate 500 employees * 10% * 156 hours * $18 = $140,400

    Improved security

    • Improved asset tracking and stronger policy enforcement will reduce lost and stolen devices and data.
    		# of devices lost or stolen last year * average replacement value of device + # of devices stolen * value of data lost from device (50 * $1,000) + (50 * $5,000) = $300,000
    Total Savings: $459,040
    1. Weigh the return against the annual cost of investing in an ITAM solution to calculate the ROI.
    2. Don’t forget about the intangible benefits that are more difficult to quantify but still significant, such as increased visibility into hardware, more accurate IT planning and budgeting, improved service delivery, and streamlined operations.

    Avoid these common barriers to ITAM success

    Organizations that struggle to implement ITAM successfully usually fall victim to these barriers:

    Organizational resistance to change

    Senior-level sponsorship, engagement, and communication is necessary to achieve the desired outcomes of ITAM; without it, ITAM implementations stall and fail or lack the necessary resources to deliver the value.

    Lack of dedicated resources

    ITAM often becomes an added responsibility for resources who already have other full-time responsibilities, which can quickly cause the program to lose focus. Increase the chance of success through dedicated resources.

    Focus on tool over process

    Many organizations buy a tool thinking it will do most of the work for them, but without supporting processes to define ITAM, the data within the tool can become unreliable.

    Choosing a tool or process that doesn’t scale

    Some organizations are able to track assets through manual discovery, but as their network and user base grows, this quickly becomes impossible. Choose a tool and build processes that will support the organization as it grows.

    Using data only to respond to an audit without understanding root causes

    Often, organizations implement ITAM only to the extent necessary to achieve compliance for audits, but without investigating the underlying causes of non-compliance and thus not solving the real problems.

    To help you make quick progress, Info-Tech Research Group parses hardware asset management into essential processes

    Focus on hardware asset lifecycle management essentials:

    IT Asset Procurement:

    • Define procurement standards for new hardware along with related warranties and support options.
    • Develop processes and workflows for purchasing and work out financial implications to inform budgeting later.

    IT Asset Intake and Deployment:

    • Define policies, processes, and workflows for hardware and receiving, inventory, and tracking practices.
    • Develop processes and workflows for managing imaging, change and moves, and large-scale rollouts.

    IT Asset Security and Maintenance:

    • Develop processes, policies, and workflows for asset tracking and security.
    • Maintain contracts and agreements.

    IT Asset Disposal or Recovery:

    • Manage the employee termination and equipment recovery cycle.
    • Securely wipe and dispose of assets that have reached retirement stage.

    The image is a circular graphic, with Implement HAM written in the middle. Around the centre circle are four phrases: Recover or Dispose; Plan & Procure; Receive & Deploy; Secure & Maintain. Around that circle are six words: Retire; Plan; Request; Procure; Receive; Manage.

    Follow Info-Tech’s methodology to build a plan to implement hardware asset management

    Phase 1: Assess & Plan Phase 2: Procure & Receive Phase 3: Maintain & Dispose Phase 4: Plan Budget & Build Roadmap
    1.1 Assess current state & plan scope 2.1 Request & procure 3.1 Manage & maintain 4.1 Plan budget
    1.2 Build team & define metrics 2.2 Receive & deploy 3.2 Redeploy or dispose 4.2 Communicate & build roadmap
    Deliverables
    Standard Operating Procedure (SOP)
    HAM Maturity Assessment Procurement workflow User move workflow HAM Budgeting Tool
    Classified hardware assets Non-standard hardware request form Asset security policy HAM Communication Plan
    RACI Chart Receiving & tagging workflow Asset disposition policy HAM Roadmap Tool
    Job Descriptions Deployment workflow Asset recovery & disposal workflows Additional HAM policies

    Asset management is a key piece of Info-Tech's COBIT- inspired IT Management and Governance Framework

    The image shows a graphic which is a large grid, showing Info-Tech's research, sorted into categories.

    Cisco IT reduced costs by upwards of $50 million through implementing ITAM

    CASE STUDY

    Industry IT

    Source Cisco Systems, Inc.

    Cisco Systems, Inc.

    Cisco Systems, Inc. is the largest networking company in the world. Headquartered in San Jose, California, the company employees over 70,000 people.

    Asset Management

    As is typical with technology companies, Cisco boasted a proactive work environment that encouraged individualism amongst employees. Unfortunately, this high degree of freedom combined with the rapid mobilization of PCs and other devices created numerous headaches for asset tracking. At its peak, spending on hardware alone exceeded $100 million per year.

    Results

    Through a comprehensive ITAM implementation, the new asset management program at Cisco has been a resounding success. While employees did have to adjust to new rules, the process as a whole has been streamlined and user-satisfaction levels have risen. Centralized purchasing and a smaller number of hardware platforms have allowed Cisco to cut its hardware spend in half, according to Mark Edmondson, manager of IT services expenses for Cisco Finance.

    This case study continues in phase 1

    The image shows four bars, from bottom to top: 1. Asset Gathering; 2. Asset Distribution; 3. Asset Protection; 4. Asset Data. On the right, there is an arrow pointing upwards labelled ITAM Program Maturity.

    Info-Tech delivers: Use our tools and templates to accelerate your project to completion

    HAM Standard Operating Procedures (SOP)

    HAM Maturity Assessment

    Non-Standard Hardware Request Form

    HAM Visio Process Workflows

    HAM Policy Templates

    HAM Budgeting Tool

    HAM Communication Plan

    HAM Implementation Roadmap Tool

    Measured value for Guided Implementations (GIs)

    Engaging in GIs doesn’t just offer valuable project advice, it also results in significant cost savings.

    GI Measured Value
    Phase 1: Lay Foundations
    • Time, value, and resources saved by using Info-Tech’s tools and templates to assess current state and maturity, plan scope of HAM program, and define roles and metrics.
    • For example, 2 FTEs * 14 days * $80,000/year = $8,615
    Phase 2: Procure & Receive
    • Time, value, and resources saved by using Info-Tech’s tools and templates to build processes for hardware request, procurement, receiving, and deployment.
    • For example, 2 FTEs * 14 days * $80,000/year = $8,615
    Phase 3: Maintain & Dispose
    • Time, value, and resources saved by following Info-Tech’s tools and methodology to build processes and policies for managing and maintaining hardware and disposing or redeploying of equipment.
    • For example, 2 FTE * 14 days * $80,000/year = $8,615
    Phase 4: Plan Implementation
    • Time, value, and resources saved by following Info-Tech’s tools and methodology to select tools, plan the hardware budget, and build a roadmap.
    • For example, 2 FTE * 14 days * $80,000/year = $8,615
    Total savings $25,845

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation overview

    1. Lay Foundations 2. Procure & Receive 3. Maintain & Dispose 4. Budget & Implementation
    Best-Practice Toolkit

    1.1 Assess current state & plan scope

    1.2 Build team & define metrics

    2.1 Request & procure

    2.2 Receive & deploy

    3.1 Manage & maintain

    3.2 Redeploy or dispose

    4.1 Plan budget

    4.2 Communicate & build roadmap

    Guided Implementation
    • Assess current state.
    • Define scope of HAM program.
    • Define roles and metrics.
    • Define standard and non-standard hardware.
    • Build procurement process.
    • Determine asset tagging method and build equipment receiving and deployment processing.
    • Define processes for managing and maintaining equipment.
    • Define policies for maintaining asset security.
    • Build process for redeploying or disposing of assets.
    • Discuss best practices for effectively managing a hardware budget.
    • Build communications plan and roadmap.
    Results & Outcomes
    • Evaluation of current maturity level of HAM
    • Defined scope for the HAM program including list of hardware to track as assets
    • Defined roles and responsibilities
    • Defined and documented KPIs and metrics to meet HAM reporting requirements
    • Defined standard and non- standard requests and processes
    • Defined and documented procurement workflow and purchasing policy
    • Asset tagging method and process
    • Documented equipment receiving and deployment processes
    • MAC policies and workflows
    • Policies and processes for hardware maintenance and asset security
    • Documented workflows for hardware disposal and recovery/redeployment
    • Shortlist of ITAM tools
    • Hardware asset budget plan
    • Communication plan and HAM implementation roadmap

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.comfor more information.

    Phases: Teams, Scope & Hardware Procurement Hardware Procurement and Receiving Hardware Maintenance & Disposal Budgets, Roadmap & Communications
    Duration* 1 day 1 day 1 day 1 day
    * Activities across phases may overlap to ensure a timely completion of the engagement
    Projected Activities
    • Outline hardware asset management goals
    • Review HAM maturity and anticipated milestones
    • Define scope and classify hardware assets
    • Define roles and responsibilities
    • Define metrics and reporting requirements
    • Define standard and non-standard hardware requests
    • Review and document procurement workflow
    • Discuss appropriate asset tagging method
    • Design and document workflow for receiving and inventorying equipment
    • Review/create policy for hardware procurement and receiving
    • Identify data sources and methodology for inventory and data collection
    • Define install/moves/adds/changes (MAC) policy
    • Build workflows to document user MAC processes and design request form
    • Design process and policies for hardware maintenance, warranty, and support documentation handling
    • Design hardware asset recovery and disposal workflows
    • Define budgeting process and review Info-Tech’s HAM Budgeting Tool
    • Develop a communication plan
    • Develop a HAM implementation plan
    Projected Deliverables
    • Standard operating procedures for hardware
    • Visio diagrams for all workflows
    • Workshop summary with milestones and task list
    • Budget template
    • Policy draft

    Phase 1

    Lay Foundations

    Implement Hardware Asset Management

    A centralized procurement process helped cut Cisco’s hardware spend in half

    CASE STUDY

    Industry IT

    Source Cisco Systems, Inc.

    Challenge

    Cisco Systems’ hardware spend was out of control. Peaking at $100 million per year, the technology giant needed to standardize procurement processes in its highly individualized work environment.

    Users had a variety of demands related to hardware and network availability. As a result, data was spread out amongst multiple databases and was managed by different teams.

    Solution

    The IT team at Cisco set out to solve their hardware-spend problem using a phased project approach.

    The first major step was to identify and use the data available within various departments and databases. The heavily siloed nature of these databases was a major roadblock for the asset management program.

    This information had to be centralized, then consolidated and correlated into a meaningful format.

    Results

    The centralized tracking system allowed a single point of contact (POC) for the entire lifecycle of a PC. This also created a centralized source of information about all the PC assets at the company.

    This reduced the number of PCs that were unaccounted for, reducing the chance that Cisco IT would overspend based on its hardware needs.

    There were still a few limitations to address following the first step in the project, which will be described in more detail further on in this blueprint.

    This case study continues in phase 2

    Step 1.1: Assess current state and plan scope

    Phase 1: Assess & Plan

    1.1 Assess current state & plan scope

    1.2 Build team & define metrics

    This step will walk you through the following activities:

    1.1.1 Complete MGD (optional)

    1.1.2 Outline hardware asset management challenges

    1.1.3 Conduct HAM maturity assessment

    1.1.4 Classify hardware assets to define scope of the program

    This step involves the following participants:

    • CIO/CFO
    • IT Director
    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security (optional)
    • Operations (optional)

    Step Outcomes

    • Understand key challenges related to hardware asset management within your organization to inform program development.
    • Evaluate current maturity level of hardware asset management components and overall program to determine starting point.
    • Define scope for the ITAM program including list of hardware to track as assets.

    Complete the Management & Governance Diagnostic (MGD) to weigh the effectiveness of ITAM against other services

    1.1.1 Optional Diagnostic

    The MGD helps you get the data you need to confirm the importance of improving the effectiveness of your asset management program.

    The MGD allows you to understand the landscape of all IT processes, including asset management. Evaluate all team members’ perceptions of each process’ importance and effectiveness.

    Use the results to understand the urgency to change asset management and its relevant impact on the organization.

    Establish process owners and hold team members accountable for process improvement initiatives to ensure successful implementation and realize the benefits from more effective processes.

    To book a diagnostic, or get a copy of our questions to inform your own survey, visit Info-Tech’s Benchmarking Tools, contact your account manager, or call toll-free 1-888-670-8889 (US) or 1-844-618-3192 (CAN).

    Sketch out challenges related to hardware asset management to shape the direction of the project

    Common HAM Challenges

    Processes and Policies:

    • Existing asset management practices are labor intensive and time consuming
    • Manual spreadsheets are used, making collaboration and automation difficult
    • Lack of HAM policies and standard operating procedures
    • Asset management data is not centralized
    • Lack of clarity on roles and responsibilities for ITAM functions
    • End users don’t understand the value of asset management

    Tracking:

    • Assets move across multiple locations and are difficult to track
    • Hardware asset data comes from multiple sources, creating fragmented datasets
    • No location data is available for hardware
    • No data on ownership of assets

    Security and Risk:

    • No insight into which assets contain sensitive data
    • There is no information on risks by asset type
    • Rogue systems need to be identified as part of risk management best practices
    • No data exists for assets that contain critical/sensitive data

    Procurement:

    • No centralized procurement department
    • Multiple quotes from vendors are not currently part of the procurement process
    • A lack of formal process can create issues surrounding employee onboarding such as long lead times
    • Not all procurement standards are currently defined
    • Rogue purchases create financial risk

    Receiving:

    • No formal process exists, resulting in no assigned receiving location and no assigned receiving role
    • No automatic asset tracking system exists

    Disposal:

    • No insight into where disposed assets go
    • Formal refresh and disposal system is needed

    Contracts:

    • No central repository exists for contracts
    • No insight into contract lifecycle, hindering negotiation effectiveness and pricing optimization

    Outline hardware asset management challenges

    1.1.1 Brainstorm HAM challenges

    Participants

    • CIO/CFO
    • IT Director
    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security
    • Operations (optional)

    A. As a group, outline the hardware asset management challenges facing the organization.

    Use the previous slide to help you get started. You can use the following headings as a guide or think of your own:

    • Processes and Policies
    • Tracking
    • Procurement
    • Receiving
    • Security and Risk
    • Disposal
    • Contracts

    B. If you get stuck, use the Hardware Asset Management Maturity Assessment Tool to get a quick view of your challenges and maturity targets and kick-start the conversation.

    To be effective with hardware asset management, understand the drivers and potential impact to the organization

    Drivers of effective HAM Results of effective HAM
    Contracts and vendor licensing programs are complex and challenging to administer without data related to assets and their environment. Improved access to accurate data on contracts, licensing, warranties, installed hardware and software for new contracts, renewals, and audit requests.
    Increased need to meet compliance requires a formal approach to tracking and managing assets, regardless of device type. Encryption, hardware tracking and discovery, software application controls, and change notifications all contribute to better asset controls and data security.
    Cost cutting is on the agenda, and management is looking to reduce overall IT spend in the organization in any possible way. Reduction of hardware spend by as much as 5% of the total budget through data for better forecasting and planning.
    Assets with sensitive data are not properly secured, go missing, or are not safely disposed of when retired. Document and enforce security policies for end users and IT staff to ensure sensitive data is properly secured, preventing costs much larger than the cost of only the device.

    Each level of HAM maturity comes with its own unique challenges

    Maturity People & Policies Processes Technology
    Chaos
    • No dedicated staff
    • No policies published
    • Procedures not documented or standardized
    • Hardware not safely secured or tagged
    • Hardware purchasing decisions not based on data
    • Minimal tracking tools in place
    Reactive
    • Semi-focused HAM manager
    • No policies published
    • Reliance on suppliers to provide reports for hardware purchases
    • Hardware standards are enforced
    • Discovery tools and spreadsheets used to manage hardware
    Controlled
    • Full-time HAM manager
    • End-user policies published
    • HAM manager involved in budgeting and planning sessions
    • Inventory tracking is in place
    • Hardware is secured and tagged
    • Discovery and inventory tools used to manage hardware
    • Compliance reports run as needed
    Proactive
    • Extended HAM team, including Help Desk, HR, Purchasing
    • Corporate hardware use policies in place and enforced
    • HAM process integrated with help desk and HR processes
    • More complex reporting and integrated financial information and contracts with asset data
    • Hardware requests are automated where possible
    • Product usage reports and alerts in place to harvest and reuse licenses
    • Compliance and usage reports used to negotiate software contracts
    Optimized
    • HAM manager trained and certified
    • Working with HR, Legal, Finance, and IT to enforce policies
    • Quarterly meetings with ITAM team to review policies, procedures, upcoming contracts, and rollouts; data is reviewed before any financial decisions made
    • Full transparency into hardware lifecycle
    • Aligned with business objectives
    • Detailed savings reports provided to executive team annually
    • Automated policy enforcement and process workflows

    Conduct a hardware maturity assessment to understand your starting point and challenges

    1.1.3 Complete HAM Maturity Assessment Tool

    Complete the Hardware Asset Management Maturity Assessment Tool to understand your organization’s overall maturity level in HAM, as well as the starting maturity level aligned with each step of the blueprint, in order to identify areas of strength and weakness to plan the project. Use this to track progress on the project.

    An effective asset management project has four essential components, with varying levels of management required

    The hardware present in your organization can be classified into four categories of ascending strategic complexity: commodity, inventory, asset, and configuration.

    Commodity items are devices that are low-cost, low-risk items, where tracking is difficult and of low value.

    Inventory is tracked primarily to identify location and original expense, which may be depreciated by Finance. Typically there will not be data on these devices and they’ll be replaced as they lose functionality.

    Assets will need the full lifecycle managed. They are identified by cost and risk. Often there is data on these devices and they are typically replaced proactively before they become unstable.

    Configuration items will generally be tracked in a configuration management database (CMDB) for the purpose of enabling the support teams to make decisions involving dependencies, configurations, and impact analysis. Some data will be duplicated between systems, but should be synchronized to improve accuracy between systems.

    See Harness Configuration Management Superpowers to learn more about building a CMDB.

    Classify your hardware assets to determine the scope and strategy of the program

    Asset: A unique device or configuration of devices that enables a user to perform productive work tasks and has a defined location and ownership attributes.

    • Hardware asset management involves tracking and managing physical components from procurement through to retirement. It provides the base for software asset management and is an important process that can lead to improved lifecycle management, service request fulfillment, security, and cost savings through harvesting and redeployment.
    • When choosing your strategy, focus on those devices that are high cost and high risk/function such as desktops, laptops, servers, and mobile devices.

    ASSET - Items of high importance and may contain data, such as PCs, mobile devices, and servers.

    INVENTORY - Items that require significant financial investment but no tracking beyond its existence, such as a projector.

    COMMODITY - Items that are often in use but are of relatively low cost, such as keyboards or mice.

    Classify your hardware assets to define the scope of the program

    1.1.4 Define the assets to be tracked within your organization

    Participants

    • Participants
    • CIO/CFO
    • IT Director
    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security (optional)
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 1 – Overview & Scope

    1. Determine value/risk threshold at which items should be tracked (e.g. over $1,000 and holding data).
    2. Divide a whiteboard or flip chart into three columns: commodity, asset, and inventory.
    3. Divide participants into groups by functional role to brainstorm devices in use within the organization. Write them down on sticky notes.
    4. Place the sticky notes in the column that best describes the role of the product in your organization.

    Align the scope of the program with business requirements

    CASE STUDY

    Industry Public Administration

    Source Client Case Study

    Situation

    A state government designed a process to track hardware worth more than $1,000. Initially, most assets consisted of end-user computing devices.

    The manual tracking process, which relied on a series of Excel documents, worked well enough to track the lifecycle of desktop and laptop assets.

    However, two changes upended the organization’s program: the cost of end-user computing devices dropped dramatically and the demand for network services led to the proliferation of expensive equipment all over the state.

    Complication

    The existing program was no longer robust enough to meet business requirements. Networking equipment was not only more expensive than end-user computing devices, but also more critical to IT services.

    What was needed was a streamlined process for procuring high-cost, high-utility equipment, tracking their location, and managing their lifecycle costs without compromising services.

    Resolution

    The organization decided to formalize, document, and automate hardware asset management processes to meet the new challenges and focus efforts on high-cost, high-utility end-user computing devices only.

    Step 1.2: Build team and define metrics

    Phase 1: Assess & Plan

    1.1 Assess current state & plan scope

    1.2 Build team and define metrics

    This step will walk you through the following activities:

    1.2.1 Define responsibilities for Asset Manager and Asset Administrator

    1.2.2 Use a RACI chart to determine roles within HAM team

    1.2.3 Further clarify HAM responsibilities for each role

    1.2.4 Identify HAM reporting requirements

    This step involves the following participants:

    • CIO/CFO
    • IT Director
    • IT Managers
    • Asset Manager
    • Asset Coordinators
    • ITAM Team
    • Service Desk
    • End-User Device Support Team

    Step Outcomes:

    • Defined responsibilities for Asset Manager and Asset Administrator
    • Documented RACI chart assigning responsibility and accountability for core HAM processes
    • Documented responsibilities for ITAM/HAM team
    • Defined and documented KPIs and metrics to meet HAM reporting requirements

    Form an asset management team to lead the project

    Asset management is an organizational change. To gain buy-in for the new processes and workflows that will be put in place, a dedicated, passionate team needs to jump-start the project.

    Delegate the following roles to team members and grow your team accordingly.

    Asset Manager

    • Responsible for setting policy and governance of process and data accuracy
    • Support budget process
    • Support asset tracking processes in the field
    • Train employees in asset tracking processes

    Asset Administrator

    • The front-lines of asset management
    • Communicates with and supports asset process implementation teams
    • Updates and contributes information to asset databases
    Service Desk, IT Operations, Applications
    • Responsible for advising asset team of changes to the IT environment, which may impact pricing or ability to locate devices
    • Works with Asset Coordinator/Manager to set standards for lifecycle stages
    • The ITAM team should visit and consult with each component of the business as well as IT.
    • Engage with leaders in each department to determine what their pain points are.
    • The needs of each department are different and their responses will assist the ITAM team when designing goals for asset management.
    • Consultations within each department also communicates the change early, which will help with the transition to the new ITAM program.

    Info-Tech Insight

    Ensure that there is diversity within the ITAM team. Assets for many organizations are diverse and the composition of your team should reflect that. Have multiple departments and experience levels represented to ensure a balanced view of the current situation.

    Define the responsibilities for core ITAM/HAM roles of Asset Manager and Asset Administrator

    1.2.1 Use Info-Tech’s job description templates to define roles

    The role of the IT Asset Manager is to oversee the daily and long-term strategic management of software and technology- related hardware within the organization. This includes:

    • Planning, monitoring, and recording software licenses and/or hardware assets to ensure compliance with vendor contracts.
    • Forming procurement strategies to optimize technology spend across the organization.
    • Developing and implementing procedures for tracking company assets to oversee quality control throughout their lifecycles.

    The role of the IT Asset Administrator is to actively manage hardware and software assets within the organization. This includes:

    • Updating and maintaining accurate asset records.
    • Planning, monitoring, and recording software licenses and/or hardware assets to ensure compliance with vendor contracts.
    • Administrative duties within procurement and inventory management.
    • Maintaining records and databases regarding warranties, service agreements, and lifecycle management.
    • Product standardization and tracking.

    Use Info-Tech’s job description templates to assist in defining the responsibilities for these roles.

    Organize your HAM team based on where they fit within the strategic, tactical, and operational components

    Typically the asset manager will answer to either the CFO or CIO. Occasionally they answer to a vendor manager executive. The hierarchy may vary based on experience and how strategic a role the asset manager will play.

    The image shows a flowchart for organizing the HAM team, structured by three components: Strategic (at the top); Tactical (in the middle); and Operational (at the bottom). The chart shows how the job roles flow together within the hierarchy.

    Determine the roles and responsibilities of the team who will support your HAM program

    1.2.2 Complete a RACI

    A RACI chart will identify who should be responsible, accountable, consulted, and informed for each key activity during the consolidation.

    Participants

    • Project Sponsor
    • IT Director, CIO
    • Project Manager
    • IT Managers and Asset Manager(s)
    • ITAM Team

    Document

    Document in the Standard Operating Procedure.

    Instructions:

    1. Write out the list of all stakeholders along the top of a whiteboard. Write out the key initiative steps for the consolidation project along the left side (use this list as a starting point).
    2. For each initiative, identify each team member’s role. Are they:
      • Responsible? The one responsible for getting the job done.
      • Accountable? Only one person can be accountable for each task.
      • Consulted? Involved through input of knowledge and information.
      • Informed? Receive information about process execution and quality.
    3. As you proceed through the initiative, continue to add tasks and assign responsibility to this RACI chart.

    A sample RACI chart is provided on the next slide

    Start with a RACI chart to determine the responsibilities

    1.2.2 Complete a RACI chart for your organization

    HAM Tasks CIO CFO HAM Manager HAM Administrator Service Desk (T1,T2, T3) IT Operations Security Procurement HR Business Unit Leaders Compliance /Legal Project Manager
    Policies and governance A I R I I C I C C I I
    Strategy A R R R R
    Data entry and quality management C I A I C C I I C C
    Risk management and asset security A R C C R C C
    Process compliance auditing A R I I I I I
    Awareness, education, and training I A I I C
    Printer contracts C A C C C R C C
    Hardware contract management A I R R I I R R I I
    Workflow review and revisions I A C C C C
    Budgeting A R C I C
    Asset acquisition A R C C C C I C C
    Asset receiving (inspection/acceptance) I A R R I
    Asset deployment A R R I I
    Asset recovery/harvesting A R R I I
    Asset disposal C A R R I I
    Asset inventory (input/validate/maintain) I I A/R R R R I I I

    Further clarify HAM responsibilities for each role

    1.2.3 Define roles and responsibilities for the HAM team

    Participants

    • Participants IT Asset Managers and Coordinators
    • ITAM Team
    • IT Managers and IT Director

    Document

    1. Discuss and finalize positions to be established within the ITAM/HAM office as well as additional roles that will be involved in HAM.
    2. Review the sample responsibilities below and revise or create responsibilities for each key position within the HAM team.
    3. Document in the HAM Standard Operating Procedures.
    Role Responsibility
    IT Manager
    • Responsible for writing policies regarding asset management and approving final documents
    • Build and revise budget, tracking actual spend vs. budget, seeking final approvals from the business
    • Process definition, communication, reporting and ensuring people are following process
    • Awareness campaign for new policy and process
    Asset Managers
    • Approval of purchases up to $10,000
    • Inventory and contract management including contract review and recommendations based on business and IT requirements
    • Liaison between business and IT regarding software and hardware
    • Monitor and improve workflows and asset related processes
    • Monitor controls, audit and recommend policies and procedures as needed
    • Validate, manage and analyze data as related to asset management
    • Provide reports as needed for decision making and reporting on risk, process effectiveness and other purposes as required
    • Asset acquisition and disposal
    Service Desk
    Desktop team
    Security
    Infrastructure teams

    Determine criteria for success: establish metrics to quantify and demonstrate the results and value of the HAM function

    HAM metrics fall in the following categories:

    HAM Metrics

    • Quantity e.g. inventory levels and need
    • Cost e.g. value of assets, budget for hardware
    • Compliance e.g. contracts, policies
    • Quality e.g. accuracy of data
    • Duration e.g. time to procure or deploy hardware

    Follow a process for establishing metrics:

    1. Identify and obtain consensus on the organization’s ITAM objectives, prioritized if possible.
    2. For each ITAM objective, select two or three metrics in the applicable categories (not all categories will apply to all objectives); be sure to select metrics that are achievable with reasonable effort.
    3. Establish a baseline measurement for each metric.
    4. Establish a method and accountability for ongoing measurement and analysis/reporting.
    5. Establish accountability for taking action on reported results.
    6. As ITAM expands and matures, change or expand the metrics as appropriate.

    Define KPIs and associated metrics

    • Identify the critical success factors (CSFs) for your hardware asset management program based on strategic goals.
    • For each success factor, identify the key performance indicators (KPIs) to measure success and specific metrics that will be tracked and reported on.
    • Sample metrics are below:
    CSF KPI Metrics
    Improve accuracy of IT budget and forecasting
    • Asset costs and value
    • Average cost of workstation
    • Total asset spending
    • Total value of assets
    • Budget vs. spend
    Identify discrepancies in IT environment
    • Unauthorized or failing assets
    • Number of unauthorized assets
    • Assets identified as cause of service failure
    Avoid over purchasing equipment
    • Number of unused and underused computers
    • Number of unaccounted-for computers
    • Money saved from harvesting equipment instead of purchasing new
    Make more-effective purchasing decisions
    • Predicted replacement time and cost of assets
    • Deprecation rate of assets
    • Average cost of maintaining an asset
    • Number of workstations in repair
    Improve accuracy of data
    • Accuracy of asset data
    • Accuracy rate of inventory data
    • Percentage improvement in accuracy of audit of assets
    Improved service delivery
    • Time to deploy new hardware
    • Mean time to purchase new hardware
    • Mean time to deploy new hardware

    Identify hardware asset reporting requirements and the data you need to collect to meet them

    1.2.4 Identify asset reporting requirements

    Participants

    • CIO/CFO
    • IT Director
    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 13: Reporting

    1. Discuss the goals and objectives of implementing or improving hardware asset management, based on challenges identified in Step 1.2.
    2. From the goals, identify the critical success factors for the HAM program
    3. For each CSF, identify one to three key performance indicators to evaluate achievement of the success factor.
    4. For each KPI, identify one to three metrics that can be tracked and reported on to measure success. Ensure that the metrics are tangible and measurable and will be useful for decision making or to take action.
    5. Determine who needs this information and the frequency of reporting.
    6. If you have existing ITAM data, record the baseline metric.
    CSF KPI Metrics Stakeholder/frequency

    Phase 1 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Lay Foundations

    Proposed Time to Completion: 4 weeks

    Step 1.1: Assess current state and plan scope

    Start with an analyst kick-off call:

    • Review challenges.
    • Assess current HAM maturity level.
    • Define scope of HAM program.

    Then complete these activities…

    • Complete MGD (optional).
    • Outline hardware asset management challenges.
    • Conduct HAM maturity assessment.
    • Classify hardware assets to define scope of the program.

    With these tools & templates:

    HAM Maturity Assessment

    Standard Operating Procedures

    Step 1.2: Build team and define metrics

    Review findings with analyst:

    • Define roles and responsibilities.
    • Assess reporting requirements.
    • Document metrics to track.

    Then complete these activities…

    • Define responsibilities for Asset Manager and Asset Administrator.
    • Use a RACI chart to determine roles within HAM team.
    • Document responsibilities for HAM roles.
    • Identify HAM reporting requirements.

    With these tools & templates:

    RACI Chart

    Asset Manager and Asset Administrator Job Descriptions

    Standard Operating Procedures

    Phase 1 Results & Insights:

    For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.4 Classify hardware assets to define scope of the program

    Determine value/risk threshold at which assets should be tracked, then divide a whiteboard into four quadrants representing four categories of assets. Participants write assets down on sticky notes and place them in the appropriate quadrant to classify assets.

    1.2.2 Build a RACI chart to determine responsibilities

    Identify all roles within the organization that will play a part in hardware asset management, then document all core HAM processes and tasks. For each task, assign each role to be responsible, accountable, consulted, or informed.

    Phase 2

    Procure and Receive

    Implement Hardware Asset Management

    Step 2.1: Request and Procure Hardware

    Phase 2: Procure & Receive

    2.1 Request & Procure

    2.2 Receive & Deploy

    This step will walk you through the following activities:

    2.1.1 Identify IT asset procurement challenges

    2.1.2 Define standard hardware requests

    2.1.3 Document standard hardware request procedure

    2.1.4 Build a non-standard hardware request form

    2.1.5 Make lease vs. buy decisions for hardware assets

    2.1.6 Document procurement workflow

    2.1.7 Build a purchasing policy

    This step involves the following participants:

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Step Outcomes:

    • Definition of standard hardware requests for roles, including core vs. optional assets
    • End-user request process for standard hardware
    • Non-standard hardware request form
    • Lease vs. buy decisions for major hardware assets
    • Defined and documented procurement workflow
    • Documented purchasing policy

    California saved $40 million per year using a green procurement strategy

    CASE STUDY

    Industry Government

    Source Itassetmanagement.net

    Challenge

    Signed July 27, 2004, Executive order S-20-04, the “Green Building Initiative,” placed strict regulations on energy consumption, greenhouse gas emissions, and raw material usage and waste.

    In compliance with S-20-04, the State of California needed to adopt a new procurement strategy. Its IT department was one of the worst offenders given the intensive energy usage by the variety of assets managed under the IT umbrella.

    Solution

    A green IT initiative was enacted, which involved an extensive hardware refresh based on a combination of agent-less discovery data and market data (device age, expiry dates, power consumption, etc.).

    A hardware refresh of almost a quarter-million PCs, 9,500 servers, and 100 email systems was rolled out as a result.

    Other changes, including improved software license compliance and data center consolidation, were also enacted.

    Results

    Because of the scale of this hardware refresh, the small changes meant big savings.

    A reduction in power consumption equated to savings of over $40 million per year in electricity costs. Additionally, annual carbon emissions were trimmed by 200,000 tons.

    Improve your hardware asset procurement process to…

    Asset Procurement

    • Standardization
    • Aligned procurement processes
    • SLAs
    • TCO reduction
    • Use of centralized/ single POC

    Standardize processes: Using standard products throughout the enterprise lowers support costs by reducing the variety of parts that must be stocked for onsite repairs or for provisioning and supporting equipment.

    Align procurement processes: Procurement processes must be aligned with customers’ business requirements, which can have unique needs.

    Define SLAs: Providing accurate and timely performance metrics for all service activities allows infrastructure management based on fact rather than supposition.

    Reduce TCO: Management recognizes service infrastructure activities as actual cost drivers.

    Implement a single POC: A consolidated service desk is used where the contact understands both standards (products, processes, and practices) and the user’s business and technical environment.

    Identify procurement challenges to identify process improvement needs

    2.1.1 Identify IT asset procurement challenges

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    1. As a group, brainstorm existing challenges related to IT hardware requests and procurement.
    2. If you get stuck, consider the common challenges listed below.
    3. Use the results of the discussion to focus on which problems can be resolved and integrated into your organization as operational standards.

    Document hardware standards to speed time to procure and improve communications to users regarding options

    The first step in your procurement workflow will be to determine what is in scope for a standard request, and how non-standard requests will be handled. Questions that should be answered by this procedure include:

    • What constitutes a non-standard request?
    • Who is responsible for evaluating each type of request? Will there be one individual or will each division in IT elect a representative to handle requests specific to their scope of work?
    • What additional security measures need to be taken?
    • Are there exceptions made for specific departments or high-ranking individuals?

    If your end-user device strategy requires an overhaul, schedule time with an Info-Tech analyst to review our blueprint Build an End-User Computing Strategy.

    Once you’ve answered questions like these, you can outline your hardware standards as in the example below:

    Use Case Mobile Standard Mac Standard Mobile Power User
    Asset Lenovo ThinkPad T570 iMac Pro Lenovo ThinkPad P71
    Operating system Windows 10 Pro Mac OSX Windows 10 Pro, 64 bit
    Display 15.6" 21.5" 17.3”

    Memory

    		32GB 8GB 64GB
    Processor Intel i7 – 7600U Processor 2.3GHz Xeon E3 v6 Processor
    Drive 500GB 1TB 1TB
    Warranty 3 year 1 year + 2 extended 3 year

    Info-Tech Insight

    Approach hardware standards from a continual improvement frame of mind. Asset management is a dynamic process. Hardware standards will need to adapt over time to match the needs of the business. Plan assessments at routine intervals to ensure your current hardware standards align with business needs.

    Document specifications to meet environmental, security, and manageability requirements

    Determine environmental requirements and constraints.

    Power management

    Compare equipment for power consumption and ability to remotely power down machines when not in use.

    Heat and noise

    Test equipment run to see how hot the device gets, where the heat is expelled, and how much noise is generated. This may be particularly important for users who are working in close quarters.

    Carbon footprint

    Ask what the manufacturer is doing to reduce post-consumer waste and eliminate hazardous materials and chemicals from their products.

    Ensure security requirements can be met.

    • Determine if network/wireless cards meet security requirements and if USB ports can be turned off to prevent removal of data.
    • Understand the level of security needed for mobile devices including encryption, remote shut down or wipe of hard drives, recovery software, or GPS tracking.
    • Decide if fingerprint scanners with password managers would be appropriate to enable tighter security and reduce the forgotten-password support calls.

    Review features available to enhance manageability.

    • Discuss manageability goals with your IT team to see if any can be solved with added features, for example:
      • Remote control for troubleshooting and remote management of data security settings.
      • Asset management software or tags for bar coding, radio frequency identification (RFID), or GPS, which could be used in combination with strong asset management practices to inventory, track, and manage equipment.

    If choosing refurbished equipment, avoid headaches by asking the right questions and choosing the right vendor

    • Is the equipment functional and for how long is it expected to last?
    • How long will the vendor stand behind the product and what support can be expected?
      • This is typically two to five years, but will vary from vendor to vendor.
      • Will they repair or replace machines? Many will just replace the machine.
    • How big is the inventory supply?
      • What kind of inventory does the vendor keep and for how long can you expect the vendor to keep it?
      • How does the vendor source the equipment and do they have large quantities of the same make and model for easier imaging and support?
    • How complete is the refurbishment process?
      • Do they test all components, replace as appropriate, and securely wipe or replace hard drives?
      • Are they authorized to reload MS Windows OEM?
    • Is the product Open Box or used?
      • Open Box is a new product returned back to the vendor. Even if it is not used, the product cannot be resold as a new product. Open Box comes with a manufacturer’s warranty and the latest operating system.
      • If used, how old is the product?

    "If you are looking for a product for two or three years, you can get it for less than half the price of new. I bought refurbished equipment for my call center for years and never had a problem". – Glen Collins, President, Applied Sales Group

    Info-Tech Insight

    Price differences are minimal between large and small vendors when dealing with refurbished machines. The decision to purchase should be based on ability to provide and service equipment.

    Define standard hardware requests, including core and optional assets

    2.1.2 Identify standards for hardware procurement by role

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • Representatives from all other areas of the business

    Document

    Document in the Standard Operating Procedures, Section 7: Procurement.

    1. Divide a whiteboard into columns representing all major areas of the business.
    2. List the approximate number of end users present at each tier and record these totals on the board.
    3. Distribute sticky notes. Use two different sizes: large sizes represent critically important hardware and small sizes represent optional hardware.
    4. Define core hardware assets for each division as well as optional hardware assets.
    5. Focus on the small sticky notes to determine if these optional purchases are necessary.
    6. Finalize the group decision to determine the standard hardware procurement for each role in the organization. Record results in a table similar to the example below:
    Department Core Hardware Assets Optional Hardware Assets
    IT PC, tablet, monitor Second monitor
    Sales PC, monitor Laptop
    HR PC, monitor Laptop
    Marketing PC (iMac) Tablet, laptop

    Document procedures for users to make standard hardware requests

    2.1.3 Document standard hardware request procedure

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • Representatives from all other areas of the business

    Document

    Document in the Standard Operating Procedures, Section 6: End-User Request Process.

    Discuss and document the end-user request process:

    1. In which cases can users request a primary device?
    2. In which cases can users request a secondary (optional device)?
    3. What justification is needed to approve of a secondary device?
      1. E.g. The request for a secondary device should be via email to the IS Projects and Procurements Officer. This email should outline the business case for why multiple devices are required.
    4. Will a service catalog be available and integrated with an ITAM solution for users to make standard requests? If so, can users also configure their options?
    5. Document the process in the standard operating procedure. Example:

    End-User Request Process

    • Hardware and software will be purchased through the user-facing catalog.
    • Peripherals will be ordered as needed.
    • End-user devices will be routed to business managers for approval prior to fulfillment by IT.
    • Requests for secondary devices must be accompanied by a business case.
    • Equipment replacements due to age will be managed through IT replacement processes.

    Improve the process for ordering non-standard hardware by formalizing the request process, including business needs

    2.1.4 Build a non-standard hardware request form

    • Although the goal should be to standardize as much as possible, this isn’t always possible. Ensure users who are requesting non-standard hardware have a streamlined process to follow that satisfies the justifications for increased costs to deliver.
    • Use Info-Tech’s template to build a non-standard hardware request form that may be used by departments/users requesting non-standard hardware in order to collect all necessary information for the request to be evaluated, approved, and sent to procurement.
    • Ensure that the requestor provides detailed information around the equipment requested and the reason standard equipment does not suffice and includes all required approvals.
    • Include instructions for completing and submitting the form as well as expected turnaround time for the approval process.

    Info-Tech Insight

    Include non-standard requests in continual improvement assessment. If a large portion of requests are for non-standard equipment, it’s possible the hardware doesn’t meet the recommended requirements for specialized software in use with many of your business users. Determine if new standards need to be set for all users or just “power users.”

    Identify the information you need to collect to ensure a smooth purchasing process

    Categories Peripherals Desktops/Laptops Servers
    Financial
    • Operational expenses
    • Ordered for inventory with the exceptions of monitors that will be ordered as needed
    • Equipment will be purchased through IT budget
    • Capital expenses
    • Ordered as needed…
    • Inventory kept for…
    • End-user devices will be purchased through departmental budgets
    • Capital expenses
    • Ordered as needed to meet capacity or stability requirements
    • Devices will be purchased through IT budgets
    Request authorization
    • Any user can request
    • Users who are traveling can purchase and expense peripherals as needed, with manager approvals
    • Tier 3 technicians
    Required approvals
    • Manager approvals required for monitors
    • Infrastructure and applications manager up to [$]
    • CIO over [$]
    Warranty requirements
    • None
    • Three years
    • Will be approved with project plan
    Inventory requirements
    • Minimum inventory at each location of 5 of each: mice, keyboards, cables
    • Docking stations will be ordered as needed
    • Laptops (standard): 5
    • Laptops (ultra light): 1
    • Desktops: 5
    • Inventory kept in stock as per DR plan
    Tracking requirements
    • None
    • Added to ITAM database, CMDB
    • Asset tag to be added to all equipment
    • Added to ITAM database, CMDB

    Info-Tech Best Practice

    Take into account the possibility of encountering taxation issues based on where the equipment is being delivered as well as taxes imposed or incurred in the location from which the asset was shipped or sent. This may impact purchasing decisions and shipping instructions.

    Develop a procurement plan to get everyone in the business on the same page

    • Without an efficient and structured process around how IT purchases are budgeted and authorized, maverick spending and dark procurement can result, limiting IT’s control and visibility into purchases.
    • The challenge many IT departments face is that there is a disconnect between meeting the needs of the business and bringing in equipment according to existing policies and procedures.
    • The asset manager should demonstrate how they can bridge the gaps and improve tracking mechanisms at the same time.

    Improve procurement decisions:

    • Demonstrate how technology is a value-add.
    • Make a clear case for the budget by using the same language as the rest of the business.
    • Quantify the output of technology investments in tangible business terms to justify the cost.
    • Include the refresh cycle in the procurement plan to ensure mission- critical systems will include support and appropriate warranty.
    • Plan technology needs for the future and ensure IT technology will continue to meet changing needs.
    • Synchronize redundant organizational procurement chains in order to lower cost.

    Document the following in your procurement procedure:

    • Process for purchase requests
    • Roles and responsibilities, including requestors and approvers
    • Hardware assets to purchase and why they are needed
    • Timelines for purchase
    • Process for vendors

    Info-Tech Insight

    IT procurement teams are often heavily siloed from ITAM teams. The procurement team is typically found in the finance department. One way to bridge the gap is to implement routine, reliable reporting between departments.

    Determine if it makes sense to lease or buy your equipment; weigh the pros and cons of leasing hardware

    Pros

    • Keeps operational costs low in the short term by containing immediate cost.
    • Easy, predictable payments makes it easier to budget for equipment over long term.
    • Get the equipment you need to start doing business right away if you’re just starting out.
    • After the leasing term is up, you can continue the lease and update your hardware to the latest version.
    • Typical leases last 2 or 3 years, meaning your hardware can get upgrades when it needs it and your business is in a better position to keep up with technology.
    • Leasing directly from the vendor provides operational flexibility.
    • Focus on the business and let the vendor focus on equipment service and updates as you don’t have to pay for maintenance.
    • Costs structured as OPEX.

    Cons

    • In the long term, leasing is almost always more expensive than buying because there’s no equity in leased equipment and there may be additional fees and interest.
    • Commitment to payment through the entire lease period even if you’re not using the equipment anymore.
    • Early termination fees if you need to get out of the lease.
    • No option to sell equipment once you’re finished with it to make money back.
    • Maintenance is up to leasing company’s specifications.
    • Product availability may be limited.

    Recommended for:

    • Companies just starting out
    • Business owners with limited capital or budget
    • Organizations with equipment that needs to be upgraded relatively often

    Weigh the pros and cons of purchasing hardware

    Pros

    • Complete control over assets.
    • More flexible and straightforward procurement process.
    • Tax incentives: May be able to fully deduct the cost of some newly purchased assets or write off depreciation for computers and peripherals on taxes.
    • Preferable if your equipment will not be obsolete in the next two or three years.
    • You can resell the asset once you don’t need it anymore to recover some of the cost.
    • Customization and management of equipment is easier when not bound by terms of leasing agreement.
    • No waiting on vendor when maintenance is needed; no permission needed to make changes.

    Cons

    • High initial cost of investment with CAPEX expense model.
    • More paperwork.
    • You (as opposed to vendor) are responsible for equipment disposal in accordance with environmental regulations.
    • You are responsible for keeping up with upgrades, updates, and patches.
    • You risk ending up with out-of-date or obsolete equipment.
    • Hardware may break after terms of warranty are up.

    Recommended for:

    • Established businesses
    • Organizations needing equipment with long-term lifecycles

    Make a lease vs. buy decision for equipment purchases

    2.1.4 Decide whether to purchase or lease

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • Representatives from all other areas of the business

    Document

    Document policy decisions in the Standard Operating Procedures – Section 7: Procurement

    1. Identify hardware equipment that requires a purchase vs. lease decision.
    2. Discuss with Finance whether it makes sense to purchase or lease each major asset, considering the following:
    • Costs of equipment through each method
    • Tax deductions
    • Potential resale value
    • Potential revenue from using the equipment
    • How quickly the equipment will be outdated or require refresh
    • Size of equipment
    • Maintenance and support requirements
    • Overall costs
  • The leasing vs. buying decision should take considerable thought and evaluation to make the decision that best fits your organizational needs and situation.

    • Determine appropriate warranty and service-level agreements for your organization

    Determine acceptable response time, and weigh the cost of warranty against the value of service.

    • Standard warranties vary by manufacturer, but are typically one or three years.
    • Next-day, onsite service may be part of the standard offering or may be available as an uplift.
    • Four-hour, same-day service can also be added for high availability needs.
    • Extended warranties can be purchased beyond three years, although not many organizations take advantage of this offering.
    • Other organizations lower or remove the warranty and have reported savings of as much as $150 per machine.

    Speak to your partner to see how they can help the process of distributing machines.

    • Internal components change frequently with laptops and desktops. If purchasing product over time rather than buying in bulk, ensure the model will be available for a reasonable term to reduce imaging and support challenges.
    • Determine which services are important to your organization and request these services as part of the initial quote. If sending out a formal RFQ or RFP, document required services and use as the basis for negotiating SLAs.
    • Document details of SLA, including expectations of services for manufacturer, vendor, and internal team.
    • If partner will be providing services, request they stock an appropriate number of hot spares for frequently replaced parts.
    • If self-certifying, review resource capabilities, understand skill and certification requirements; for example, A+ certification may be a pre-requisite.
    • Understand DOA policy and negotiate a “lemon policy,” meaning if product dies within 15 or 30 days it can be classified as DOA. Seek clarity on return processes.

    Consider negotiation strategies, including how and when to engage with different partners during acquisition

    Direct Model

    • Dell’s primary sales model is direct either through a sales associate or through its e-commerce site. Promotions are regularly listed on the website, or if customization is required, desktops and laptops have some flexibility in configuration. Discounts can be negotiated with a sales rep on quantity purchases, but the discount level changes based on the model and configuration.
    • Other tier-one manufacturers typically sell direct only from their e-commerce sites, providing promotions based on stock they wish to move, and providing some configuration flexibility. They rely heavily on the channel for the majority of their business.

    Channel Model

    • Most tier one manufacturers have processes in place to manage a smaller number of partners rather than billing and shipping out to individual customers. Deviating from this process and dealing direct with end customers can create order processing issues.
    • Resellers have the ability to negotiate discounts based on quantities. Discounts will vary based on model, timing (quarter or year end), and quantity commitment.
    • Negotiations on large quantities should involve a manufacturer rep as well as the reseller to clearly designate roles and services, ensure processes are in place to fulfill your needs, and agree on pricing scheme. This will prevent misunderstandings and bring clarity to any commitments.
    • Often the channel partners are authorized to provide repair services under warranty for the manufacturer.
    • Dell also uses the channel model for distribution where customers demand additional services.

    Expect discounts to reflect quantity and method of purchase

    Transaction-based purchases will receive the smallest discounting.

    • Understand requirements to find the most appropriate make and model of equipment.
    • Prepare a forecast of expected purchases for the year and discuss discounting.
    • Typically initial discounts will be 3-5% off suggested retail price.
    • Once a history is in place, and the vendor is receiving regular orders, it may extend deeper discounts.

    Bulk purchases will receive more aggressive discounting of 5-15% off suggested retail price, depending on quantities.

    • Examine shipping options and costs to take advantage of bulk deliveries; in some cases vendors may waive shipping fees as an extension of the discounting.
    • If choosing end-of-line product, ensure appropriate quantity of a single model is available to efficiently roll out equipment.
    • Various pricing models can be used to obtain best price.

    Larger quantities rolled out over time will require commitments to the manufacturer to obtain deepest discounts.

    • Discuss all required services as part of negotiation to ensure there are no surprise charges.
    • Several pricing models can be used to obtain the best price.
      • Suggested retail price minus as much as 20%.
      • Cost plus 3% up to 10% or more.
      • Fixed price based on negotiating equipment availability with budget requirements.

    If sending out to bid, determine requirements and scoring criteria

    It’s nearly impossible to find two manufacturers with the exact same specifications, so comparisons between vendors is more art than science.

    New or upgraded components will be introduced into configurations when it makes the most sense in a production cycle. This creates a challenge in comparing products, especially in an RFP. The best way to handle this is to:

    • Define and document minimum technology requirements.
    • Define and document service needs.
    • Compare vendors to see if they’ve met the criteria or not; if yes, compare prices.
    • If the vendors have included additional offerings, see if they make sense for your organization. If they do, include that in the scoring. If not, exclude and score based on price.
    • Recognize that the complexity of the purchase will dictate the complexity of scoring.

    "The hardware is the least important part of the equation. What is important is the warranty, delivery, imaging, asset tagging, and if they cannot deliver all these aspects the hardware doesn’t matter." – Doug Stevens, Assistant Manager Contract Services, Toronto District School Board

    Document and analyze the hardware procurement workflow to streamline process

    The procurement process should balance the need to negotiate appropriate pricing with the need to quickly approve and fulfill requests. The process should include steps to follow for approving, ordering, and tracking equipment until it is ready for receipt.

    Within the process, it is particularly important to decide if this is where equipment is added into the database or if it will happen upon receipt.

    A poorly designed procurement workflow:

    • Includes many bottlenecks, stopping and starting points.
    • May impact project and service requests and requires unrealistic lead times.
    • May lead to lost productivity for users and lost credibility for the IT department.

    A well-designed hardware procurement workflow:

    • Provides reasonable lead times for project managers and service or hardware request fulfillment.
    • Provides predictability for technical resources to plan deployments.
    • Reduces bureaucracy and workload for following up on missing shipments.
    • Enables improved documentation of assets to start lifecycle management.

    Info-Tech Insight

    Where the Hardware Asset Manager is unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand. Projects, replacements, and new-user requests cannot be delayed in a service-focused IT organization due to bureaucratic processes.

    Document and analyze your procurement workflow to identify opportunities for improvement and communicate process

    Determine if you need one workflow for all equipment or multiples for small vs. large purchases.

    Occasionally large rollouts require significant changes from lower dollar purchases.

    Watch for:

    • Back and forth communications
    • Delays in approvals
    • Inability to get ETAs from vendors
    • Too many requests for quotes for small purchases
    • Entry into asset database

    This sample can be found in the HAM Process Workflows.

    The image shows a workflow, titled Procurement-Equipment-Small Quantity. On the left, the chart is separated into categories: IT Procurment; Tier 2 or Tier 3; IT Director; CIO.

    Design the process workflow for hardware procurement

    2.1.6 Illustrate procurement workflow with a tabletop exercise

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Document

    Document in the Standard Operating Procedures, Section 7: Procurement

    1. In a group, distribute sticky notes or cue cards.
    2. Designate a space on the table/whiteboard to plot the workflow.
    3. Determine which individuals are responsible for handling non-standard requests. Establish any exceptions that may apply to your defined hardware standard.
    4. Gather input from Finance on what the threshold will be for hardware purchases that will require further approval.
    5. Map the procurement process for a standard hardware purchase.
    6. If applicable, map the procurement process for a non-standard request separately.
    7. Evaluate the workflow to identify any areas of inefficiency and make any changes necessary to improve the process.
    8. Be sure to discuss and include:
      • All necessary approvals
      • Time required for standard equipment process
      • Time required for non-standard equipment process
      • How information will be transferred to ITAM database

    Document and share an organizational purchasing policy

    2.1.7 Build a purchasing policy

    A purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

    The policy will ensure that all purchasing processes are consistent and in alignment with company strategy. The purchasing policy is key to ensuring that corporate purchases are effective and the best value for money is obtained.

    Implement a purchasing policy to prevent or reduce:

    • Costly corporate conflict of interest cases.
    • Unauthorized purchases of non-standard, difficult to support equipment.
    • Unauthorized purchases resulting in non-traceable equipment.
    • Budget overruns due to decentralized, equipment acquisition.

    Download Info-Tech’s Purchasing Policytemplate to build your own purchasing policy.

    Step 2.2: Receive and Deploy Hardware

    Phase 2: Procure & Receive

    2.1 Request & Procure

    2.2 Receive & Deploy

    This step will walk you through the following activities:

    2.2.1 Select appropriate asset tagging method

    2.2.2 Design workflow for receiving and inventorying equipment

    2.2.3 Document the deployment workflow(s)

    This step involves the following participants:

    • Asset Manager
    • Purchasing
    • Receiver (optional)
    • Service Desk Manager
    • Operations (optional)

    Step Outcomes:

    • Understanding of the pros and cons of various asset tagging methods
    • Defined asset tagging method, process, and location by equipment type
    • Identified equipment acceptance, testing, and return procedures
    • Documented equipment receiving and inventorying workflow
    • Documented deployment workflows for desktop hardware and large-scale deployments

    Cisco implemented automation to improve its inventory and deployment system

    CASE STUDY

    Industry Networking

    Source Cisco IT

    Challenge

    Although Cisco Systems had implemented a centralized procurement location for all PCs used in the company, inventory tracking had yet to be addressed.

    Inventory tracking was still a manual process. Given the volume of PCs that are purchased each year, this is an incredibly labor-intensive process.

    Sharing information with management and end users also required the generation of reports – another manual task.

    Solution

    The team at Cisco recognized that automation was the key component holding back the success of the inventory management program.

    Rolling out an automated process across multiple offices and groups, both nationally and internationally, was deemed too difficult to accomplish in the short amount of time needed, so Cisco elected to outsource its PC management needs to an experienced vendor.

    Results

    As a result of the PC management vendor’s industry experience, the implementation of automated tracking and management functions drastically improved the inventory management situation at Cisco.

    The vendor helped determine an ideal leasing set life of 30 months for PCs, while also managing installations, maintenance, and returns.

    Even though automation helped improve inventory and deployment practices, Cisco still needed to address another key facet of asset management: security.

    This case study continues in phase 3.

    An effective equipment intake process is critical to ensure product is correct, documented, and secured

    Examine your current process for receiving assets. Typical problems include:

    Receiving inventory at multiple locations can lead to inconsistent processes. This can make invoice reconciliation challenging and result in untracked or lost equipment and delays in deployment.

    Equipment not received and secured quickly. Idle equipment tends to go missing if left unsupervised for too long. Missed opportunities to manage returns where equipment is incorrect or defective.

    Disconnect between procurement and receiving where ETAs are unknown or incorrect. This can create an issue where no one is prepared for equipment arrival and is especially problematic on large orders.

    How do you solve these problems? Create a standardized workflow that outlines clear steps for asset receiving.

    A workflow will help to answer questions such as:

    • How do you deal with damaged shipments? Incorrect shipments?
    • Did you reach an agreement with the vendor to replace damaged/incorrect shipments within a certain timeframe?
    • When does the product get tagged and entered into the system as received?
    • What information needs to get captured on the asset tag?

    Standardize the process for receiving your hardware assets

    The first step in effective hardware asset intake is establishing proper procedures for receiving and handling of assets.

    Process: Start with information from the procurement process to determine what steps need to follow to receive into appropriate systems and what processes will enable tagging to happen as soon as possible.

    People: Ensure anyone who may impact this process is aware of the importance of documenting before deployment. Having everyone who may be handling equipment on board is key to success.

    Security: Equipment will be secured at the loading dock or reception. It will need to be secured as inventory and be secured if delivering directly to the bench for imaging. Ensure all receiving activities are done before equipment is deployed.

    Tools: A centralized ERP system may already provide a place to receive and reconcile with purchasing and invoicing, but there may still be a need to receive directly into the ITAM and/or CMDB database rather than importing directly from the ERP system.

    Tagging: A variety of methods can be used to tag equipment to assist with inventory. Consider the overall lifecycle management when determining which tagging methods are best.

    Info-Tech Insight

    Decentralized receiving doesn’t have to mean multiple processes. Take advantage of enterprise solutions that will centralize the data and ensure everyone follows the same processes unless there is an uncompromising and compelling logistical reason to deviate.

    Evaluate the pros and cons of different asset tagging methods

    Method Cost Strengths Weaknesses Recommendation
    RFID with barcoding – asset tag with both a barcode and RFID solution $$$$
    • Secure, fast, and robust
    • Track assets in real time
    • Quick and efficient
    • Most expensive option, requiring purchase of barcode scanner with RFID reader and software)
    • Does not work as well in an environment with less control over assets
    • Requires management of asset database
    • Best in a controlled environment with mature processes and requirement for secure assets
    RFID only – small chip with significant data capacity $$$
    • Track assets from remote locations
    • RFID can be read through boxes so you don’t have to unpack equipment
    • Scan multiple RFID-tagged hardware simultaneously
    • Large data capacity on small chip
    • Expensive, requiring purchase of RFID reading equipment and software
    • Ideal if your environment is spread over multiple locations
    Barcoding only – adding tags with unique barcodes $$
    • Reasonable security
    • Report inventory directly to database
    • Relatively low cost
    • Only read one at a time
    • Need to purchase barcode scanners and software
    • Can be labor intensive to deploy with manual scanning of individual assets
    • Less secure
    • Can’t hold as much data
    • Not as secure as barcodes with RFID but works for environments that are more widely distributed and less controlled

    Evaluate the pros and cons of different asset tagging methods

    Method Cost Strengths Weaknesses Recommendation
    QR codes – two-dimensional codes that can store text, binary, image, or URL data $$
    • Easily scannable from many angles
    • Save and print on labels
    • Can be read by barcode scanning apps or mobile phones
    • Can encode more data than barcodes
    • QR codes need to be large enough to be usable, which can be difficult with smaller IT assets
    • Scanning on mobile devices takes longer than scanning barcodes
    • Ideal if you need to include additional data and information in labels and want workers to use smartphones to scan labels
    Manual tags – tag each asset with your own internal labels and naming system $
    • Most affordable
    • Manual
    • Tags are not durable
    • Labor intensive and time consuming
    • Leaves room for error, misunderstanding, and process variances between locations
    • As this is the most time consuming and resource intensive with a low payoff, it is ideal for low maturity organizations looking for a low-cost option for tagging assets
    Asset serial numbers – tag assets using their serial number $
    • Less expensive
    • Unique serial numbers identified by vendor
    • Serial numbers have to be added to database manually, which is labor intensive and leaves room for error
    • Serial numbers can rub off over time
    • Hard to track down already existing assets
    • Doesn’t help track location of assets after deployment
    • Potential for duplicates
    • Inconsistent formats of serial numbers by manufacturers makes this method prone to error and not ideal for asset management

    Select the appropriate method for tagging and tracking your hardware assets

    2.2.1 Select asset tagging method

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 8

    1. Define your asset tagging method. For most organizations, asset tracking is done via barcoding or QR codes, either by using one method or a combination of the two. Other methods, including RFID, may be applicable based on cost or tracking complexity. Overall, barcodes embedded with RFID are the most robust and efficient method for asset tagging, but also the most expensive. Choose the best method for your organization, taking into account affordability, labor-intensiveness, data complexity needs, and ease of deployment.
    2. Define the process for tagging assets, including how soon they should receive the tag, whose responsibility it is, and whether the tag type varies depending on the asset type.
    3. Define the location of asset tags according to equipment type. Example:
    Asset Type Asset Tag Location
    PC desktop Right upper front corner
    Laptop Right corner closest to user when laptop is closed
    Server Right upper front corner
    Printer Right upper front corner
    Modems Top side, right corner

    Inspect and test equipment before accepting it into inventory to ensure it’s working according to specifications

    Upon receipt of procured hardware, validate the equipment before accepting it into inventory.

    1. Receive - Upon taking possession of the equipment, stage them for inspection before placing them into inventory or deploying for immediate use.
    2. Inspect - The inspection process should involve at minimum examining the products that have been delivered to determine conformance to purchase specifications.
    3. Test -Depending on the type and cost of hardware, some assets may benefit from additional testing to determine if they perform at a satisfactory level before being accepted.
    4. Accept - If the products conform to the requirements of the purchase order, acknowledge receipt so the supplier may be paid. Most shipments are automatically considered as accepted and approved for payment within a specific timeframe.

    Assign responsibility and accountability for inspection and acceptance of equipment, verifying the following:

    • The products conform to purchase order requirements.
    • The quantity ordered is the same as the quantity delivered.
    • There is no damage to equipment.
    • Delivery documentation is acceptable.
    • Products are operable and perform according to specifications.
    • If required, document an acceptance testing process as a separate procedure.

    Build the RMA procedure into the receiving process to handle receipt of defective equipment

    The return merchandise authorization (RMA) process should be a standard part of the receiving process to handle the return of defective materials to the vendor for either repair or replacement.

    If there is a standard process in place for all returns in the organization, you can follow the same process for returning hardware equipment:

    • Call the vendor to receive a unique RMA number that will be attached to the equipment to be returned, then follow manufacturer specifications for returning equipment within allowable timelines according to the contract where applicable.
    • Establish a lemon policy with vendors, allowing for full returns up to 30 days after equipment is deployed if the product proves defective after initial acceptance.

    Info-Tech Insight

    Make sure you’re well aware of the stipulations in your contract or purchase order. Sometimes acceptance is assumed after 60 days or less, and oftentimes the clock starts as soon as the equipment is shipped out rather than when it is received.

    Info-Tech Best Practice

    Keep in mind that the serial number on the received assed may not be the asset that ultimately ends up on the user’s desk if the RMA process is initiated. Record the serial number after the RMA process or add a correction process to the workflow to ensure the asset is properly accounted for.

    Determine what equipment should be stocked for quick deployment where demand is high or speed is crucial

    The most important feature of your receiving and inventory process should be categorization. A well-designed inventory system should reflect not only the type of asset, but also the usage level.

    A common technique employed by asset managers is to categorize your assets using an ABC analysis. Assets are classified as either A, B, or C items. The ratings are based on the following criteria:

    A

    A items have the highest usage. Typically, 10-20% of total assets in your inventory account for upwards of 70-80% of the total asset requests.

    A items should be tightly controlled with secure storage areas and policies. Avoiding stock depletion is a top priority.

    B

    B items are assets that have a moderate usage level, with around 30% of total assets accounting for 15-25% of total requests.

    B items must be monitored; B items can transition to A or C items, especially during cycles of heavier business activity.

    C

    C items are assets that have the lowest usage, with upwards of 50% of your total inventory accounting for just 5% of total asset requests.

    C items are reordered the least frequently, and present a low demand and high risk for excessive inventory (especially if they have a short lifecycle). Many organizations look to move towards an on-demand policy to mitigate risk.

    Info-Tech Insight

    Get your vendor to keep stock of your assets. If large quantities of a certain asset are required but you lack the space to securely store them onsite, ask your vendor to keep stock for you and release as you issue purchase orders. This speeds up delivery and delays warranty activation until the item is shipped. This does require an adherence to equipment standards and understanding of demand to be effective.

    Define the process for receiving equipment into inventory

    Define the following in your receiving process:

    • When will equipment be opened once delivered?
    • Who will open and validate equipment upon receipt?
    • How will discrepancies be resolved?
    • When will equipment be tagged and identified in the tracking tool?
    • When will equipment be locked in secure storage?
    • Where will equipment go if it needs to be immediately deployed?

    The image shows a workflow chart titled Receiving and Tagging. The process is split into two sections, labelled on the left as: Desktop Support Team and Procurement.

    Design the workflow for receiving and inventorying equipment

    2.2.2 Illustrate receiving workflow with a tabletop exercise

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Document

    Document in the Standard Operating Procedures, Section 8: Receiving and Equipment Inventory

    Option 1: Whiteboard

    1. Discuss the workflow and draw it on the whiteboard.
    2. Assess whether you are using the best workflow. Modify it if necessary.
    3. Use the sample workflow from this step as a guide if starting from scratch.
    4. Engage the team in refining the process workflow.
    5. Transfer data to Visio and add to the SOP.

    Option 2: Tabletop Exercise

    1. Distribute index cards to each member of the team.
    2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
    3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
    4. Arrange the index cards in order, removing duplicates.
    5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
    6. Transfer data to Visio and add to the SOP.

    Improve device deployment by documenting software personas for each role

    • Improve the deployment process for new users by having a comprehensive list of software used by common roles within the organization. With large variations in roles, it may be impossible to build a complete list, but as you start to see patterns in requirements, you may find less distinct personas than anticipated.
    • Consider a survey to business units to determine what they need if this will solve some immediate problems. If this portion of the project will be deferred, use the data uncovered in the discovery process to identify which software is used by which roles.
    • Replacement equipment can have the software footprint created by what was actually utilized by the user, not necessarily what software was installed on the previous device.

    The image shows 4 bubbles, representing software usage. The ARC-GIS bubble is the largest, Auto CAD the second largest, and MS Office and Adobe CS equal in size.

    A software usage snapshot for an urban planner/engineer.

    • Once software needs are determined, use this information to review the appropriate device for each persona.
      • Ensure hardware is appropriate for the type of work the user does and supports required software.
      • If it is more appropriate for a user to have a tablet, ensure the software they use can be used on any device.
    • Review deployment methods to determine if there is any opportunity to improve the imaging or software deployment process with better tools or methodologies.
    • Document the device’s location if it will be static, or if the user may be more mobile, add location information for their primary location.
    • Think about the best place to document – if this information can be stored in Active Directory and imported to the ITAM database, you can update once and use in multiple applications. But this process is built into your add/move/change workflows.

    Maintain a lean library to simplify image management

    Simplify, simplify, simplify. Use a minimal number of desktop images and automate as much as you can.

    • Embrace minimalism. When it comes to managing your desktop image library, your ultimate goal should be to minimize the manual effort involved in provisioning new desktops.
    • Less is more. Try to maintain as few standard desktop images as possible and consider a thin gold image, which can be patched and updated on a regular basis. A thin image with efficient application deployment will improve the provisioning process.
    • Standardize and repeat. System provisioning should be a repeatable process. This means it is ripe for standardization and automation. Look at balancing the imaging process with software provisioning, using group policy and deployment tools to reduce time to provision and deliver equipment.
    • Outsource where appropriate. Imaging is one of the most employed services, where the image is built in-house and deployed by the hardware vendor. As a minimum, quarterly updates should still be provided to integrate the latest patches into the operating system.

    Document the process workflow for hardware deployment

    Define the process for deploying hardware to users.

    Include the following in your workflow:

    • How will equipment be configured and imaged before deployment?
    • Which images will be used for specific roles?
    • Which assets are assigned to specific roles?
    • How will the device status be changed in the ITAM tool once deployed?

    The image shows a workflow chart titled Hardware Deployment. It is divided into two categories, listed on the left: Desktop Support Team and Procurement.

    Large-scale deployments should be run as projects, benefitting from economies of scale in each step

    Large-scale desktop deployments or data center upgrades will likely be managed as projects.

    These projects should include project plans, including resources, timelines, and detailed procedures.

    Define the process for large-scale deployment if it will differ from the regular deployment process.

    The image is a graphic of a flowchart titled Deployment-Equipment-Large Quantity Rollout. It is divided into three categories, listed on the left: IT Procurement; Desktop Rollout Team; Asset Manager.

    Document the deployment workflow(s)

    2.2.3 Document deployment workflows for desktop and large-scale deployment

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Document

    Document in the Standard Operating Procedures, Section 9: Deployment

    Document each step in the system deployment process with notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

    1. Outline each step in the process of desktop deployment. Be as granular as possible. On each card, describe the step as well as the individual responsible for it.
    2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    3. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If yes, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
    4. Document separately the process for large-scale deployment if required.

    Look for opportunities to improve the request and deployment process with better communication and tools

    The biggest challenge in deploying equipment is meeting expectations of the business, and without cooperation from multiple departments, this becomes significantly more difficult.

    • Work with the procurement and the services team to ensure inventory is accessible, and regularly validate that inventory levels in the ITAM database are accurate.
    • Work with the HR department to predict (where possible) anticipated new hires. Plan for inventory ebbs and flows to match the hiring timelines where there are large variations.
    • If service catalogs will be made available for communicating options and SLAs for equipment purchases, work with the service catalog administrators to automate inventory checks and notifications. Work with the end-user device managers to set standards and reduce equipment variations to a manageable amount.
    • Where deployments are part of equipment refresh, ensure data is up to date for the services team to plan the project rollouts and know which software should be redeployed with the devices.
    • Infrastructure and security teams may have specific hardware assets relating to networking, data centers, and security, which may bypass the end-user device workflows but need to be tagged and entered into inventory early in the process. Work with these teams to have their equipment follow the same receiving and inventory processes. Deployment will vary based on equipment type and location.

    Automate hardware deployment where users are dispersed and deployment volume is high

    Self-serve kiosks (vending machines) can provide cost reductions in delivery of up to 25%. Organizations that have a high distribution rate are seeing reductions in cost of peripherals averaging 30-35% and a few extreme cases of closer to 85%.

    Benefits of using vending machines:

    • Secure equipment until deployed.
    • Equipment can be either purchased by credit card or linked to employee ID cards, enabling secure transactions and reporting.
    • Access rights can be controlled in real time, preventing terminated employees from accessing equipment or managing how many devices can be deployed to each user.
    • Vending machines can be managed through a cellular or wireless network.
    • Technology partners can be tasked with monitoring and refilling vending machines.
    • Employees are able to access technology wherever a vending machine can be located rather than needing to travel to the help desk.
    • Equipment loans and new employee packages can be managed through vending machines.

    Phase 2 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Request, Procure, Receive, and Deploy

    Proposed Time to Completion: 4 weeks

    Step 2.1: Request & Procure

    Start with an analyst kick-off call:

    • Define standard and non-standard hardware.
    • Weigh the pros and cons of leasing vs. buying.
    • Build the procurement process.

    Then complete these activities…

    • Define standard hardware requests.
    • Document standard hardware request procedure.
    • Document procurement workflow.
    • Build a purchasing policy.

    With these tools & templates:

    • Standard Operating Procedures
    • Non-Standard Hardware Request Form
    • Hardware Procurement Workflow
    • Purchasing Policy

    Step 2.2: Receive & Deploy

    Review findings with analyst:

    • Determine appropriate asset tagging method.
    • Define equipment receiving process.
    • Define equipment deployment process.

    Then complete these activities…

    • Select appropriate asset tagging method.
    • Design workflow for receiving and inventorying equipment.
    • Document the deployment workflow(s).

    With these tools & templates:

    • Standard Operating Procedures
    • Equipment Receiving & Tagging Workflow
    • Deployment Workflow

    Phase 2 Insight: Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.2 Define standard hardware requests

    Divide whiteboard into columns representing core business areas. Define core hardware assets for end users in each division along with optional hardware assets. Discuss optional assets to narrow and define standard equipment requests.

    2.2.1 Select appropriate method for tagging and tracking assets

    Discuss the various asset tagging methods and choose the tagging method that is most appropriate for your organization. Define the process for tagging assets and document the standard asset tag location according to equipment type.

    Phase 3

    Maintain and Dispose

    Implement Hardware Asset Management

    Cisco overcame organizational resistance to change to improve asset security

    CASE STUDY

    Industry Networking

    Source Cisco IT

    Challenge

    Cisco Systems had created a dynamic work environment that prized individuality. This environment created high employee satisfaction, but it also created a great deal of risk surrounding device security.

    Cisco lacked an asset security policy; there were no standards for employees to follow. This created a surplus of not only hardware, but software to support the variety of needs amongst various teams at Cisco.

    Solution

    The ITAM team at Cisco recognized that their largest problem was the lack of standardization with respect to PCs. Variance in cost, lifecycle, and software needs/compatibility were primary issues.

    Cisco introduced a PC leasing program with the help of a PC asset management vendor to correct these issues. The primary goal was to increase on-time returns of PCs. A set life of 30 months was defined by the vendor.

    Results

    Cisco engaged employees to help contribute to improving its asset management protocols, and the approach worked.

    On-time returns increased from 60% to 80%. Costs were reduced due to active tracking and disposal of any owned assets still present.

    A reduction in hardware and software platforms has cut costs and increased security thanks to improved tracking capabilities.

    This case study continues in phase 4

    Step 3.1: Manage, Maintain, and Secure Hardware Assets

    Phase 3: Maintain & Dispose

    3.1 Manage & Maintain

    3.2 Dispose or Redeploy

    This step will walk you through the following activities:

    3.1.1 Build a MAC policy and request form

    3.1.2 Build workflows to document user MAC processes

    3.1.3 Design process and policies for hardware maintenance, warranty, and support documentation handling

    3.1.4 Revise or create an asset security policy

    This step involves the following participants:

    • Asset Manager
    • Service Desk Manager
    • Operations (optional)
    • Security Department

    Step Outcomes

    • Understanding of inventory management process best practices
    • Templates for move/add/change request policy and form
    • Documented process workflows for the user move/add/change process
    • Process and policies for hardware maintenance, warranty, and support documentation handling
    • Defined policies for maintaining asset security

    Determine methods for performing inventory audits on equipment

    Auto-discovery

    • Auto-discovery tools will be crucial to the process of understanding what equipment is connected to the network and in use.
    • The core functionality of discovery tools is to scan the environment and collect configuration data from all connected assets, but most tools can also be used to collect usage data, network monitoring, and software asset management data including software distribution, compliance, and license information.
    • These tools may not connect to peripheral devices such as monitors and external drives, will not scan devices that are turned off or disconnected from the network, may not inventory remote users, and will rarely provide location information. This often results in a need to complete physical audits as well.

    Info-Tech Insight

    One of the most common mistakes we see when it comes to asset management is to assume that the discovery tool will discovery most or all of your inventory and do all the work. It is better to assume only 80-90% coverage by the discovery tool and build ownership records to uncover the unreportable assets that are not tied into the network.

    Physical audit

    • The physical audit can be greatly improved with barcode, RFID, or QR codes, allowing items to be scanned, records opened, then updated.
    • If not everything is tagged or entered into the ITAM database, then searching closets, cabinets, and desk drawers may be required to tag and enter those devices into the database.
    • Provide the inventory team with exact instructions on what needs to be collected, verified, and recorded. Depending on the experience and thoroughness of the team, spot checks early in the process may alleviate quality issues often discovered at the end of the inventory cycle.

    Determine requirements for performing inventory audits on equipment

    Conduct an annual hardware audit to ensure hardware is still assigned to the person and location identified in your ITAM system, and assess its condition.

    Perform a quarterly review of hardware stock levels in order to ensure all equipment is relevant and usable. The table below is an example of how to organize this information.

    Item Target Stock Levels Estimated $ Value
    Desktop computers
    Standard issue laptops
    Mice
    Keyboards
    Network cables
    Phones

    Info-Tech Insight

    Don’t forget about your remotely deployed assets. Think about how you plan to inventory remotely deployed equipment. Some tools will allow data collection through an agent that will talk to the server over the internet, and some will completely ignore those assets or provide a way to manually collect the data and email back to the asset manager. Mobile device management tools may also help with this inventory process. Determine what is most appropriate based on the volume of remote workers and devices.

    Build an inventory management process to maintain an accurate view of owned hardware assets

    • Your inventory should capture which assets are on hand, where they are located, and who owns them, at minimum. Maintaining an accurate, up-to-date view of owned hardware assets allows you to see at any time the actual state of the components that make up your infrastructure across the enterprise.
    • Automated inventory practices save time and effort from doing physical inventories and also reduce the interruption to business users while improving accuracy of data.
    • If you are just starting out, define the process for conducting an inventory of deployed assets, and then define the process for regular upkeep and audit of inventory data.

    Inventory Methods

    • Electronic – captures networked asset information only and can be deployed over the network with no deskside service interaction.
    • Physical – captures environmental detail and must be performed manually by a service technician with possible disruption to users.
    • Full inventory – both physical and electronic inventory of assets.

    Internal asset information to collect electronically

    • Hardware configuration
    • Installed software
    • Operating system
    • System BIOS
    • Network configuration
    • Network drive mappings
    • Printer setups
    • System variables

    External asset information that cannot be detected electronically

    • Assigned user
    • Associated assets
    • Asset/user location
    • Usage of asset
    • Asset tag number

    IMAC (Install, Move, Add, Change) services will form the bulk of asset management work while assets are deployed

    IMAC services are usually performed at a user’s deskside by a services technician and can include:

    • Installing new desktops or peripherals
    • Installing or modifying software
    • Physically moving an end user’s equipment
    • Upgrading or adding components to a desktop

    Specific activities may include:

    Changes

    • Add new user IDs
    • Manage IDs
    • Network changes
    • Run auto-discovery scan

    Moves

    • Perform new location site survey
    • Coordinate with facilities
    • Disconnect old equipment
    • Move to new location
    • Reconnect at new location
    • Test installed asset
    • Obtain customer acceptance
    • Close request

    Installs and Adds

    • Perform site survey
    • Perform final configuration
    • Coordinate with Facilities
    • Asset tagging
    • Transfer data from old desktop
    • Wipe old desktop hard drive
    • Test installed asset
    • Initiate auto-discovery scan
    • Obtain customer acceptance
    • Close request

    A strong IMAC request process will lessen the burden on IT asset managers

    • When assets are actively in use, Asset Managers must also participate in the IMAC (Install-Move-Add-Change) process and ensure that any changes to asset characteristics or locations are updated and tracked in the asset management tool and that the value and usefulness of the asset is monitored.
    • The IMAC process should not only be reactive in response to requests, but proactive to plan for moves and relocations during any organizational change events.

    Recommendations:

    Automate. Wherever possible, use tools to automate the IMAC process.

    E-forms, help desk, ticketing, or change management software can automate the request workflow by allowing the requestor to submit a request ticket that can then be automatically assigned to a designated team member according to the established chain of command. As work is completed, the ticket can be updated, and the requestor will be able to check the status of the work at any time.

    Communicate the length of any downtime associated with execution of the IMAC request to lessen the frustration and impatience among users.

    Involve HR. When it comes to adding or removing user accounts, HR can be a valuable resource. As most new employees should be hired through HR, work with them to improve the onboarding process with enough advanced notice to set up accounts and equipment. Role changes with access rights and software modifications can benefit from improved communications. Review the termination process as well, to secure data and equipment.

    Build a MAC request policy and form for end users

    A consistent Move, Add, Change (MAC) request process is essential for lessening the burden on the IT department. MAC requests are used to address any number of tasks, including:

    • Relocation of PCs and/or peripherals.
    • New account setup.
    • Hardware or software upgrades.
    • Equipment swaps or replacements.
    • User account/access changes.
    • Document generation.
    • User acceptance testing.
    • Vendor coordination.

    Create a request form.

    If you are not using help desk or other ticketing software, create a request template that must be submitted for each MAC. The request should include:

    • The name and department of the requester.
    • The date of the request.
    • Severity of the request. For example, severity can be graded on a score of high, medium, or low where high represents a mission-critical change that could compromise business continuity if not addressed immediately, and low represents a more cosmetic change that will not negatively affect operations. The severity of the request can be determined by the service-level agreement (SLA) associated with the service.
    • Date the request must be completed by. Or at least, what would be the ideal date for completion. This will vary greatly depending on the severity of the request. For example, deleting the access of a terminated employee would be very time sensitive.
    • Item or service to be moved, added, or changed. Include location, serial number, or other designated identifier where possible.
    • If the item or service is to be moved, indicated where it is being moved.
    • It is a good idea to include a comments section where the requester can add any additional questions or details.

    Use Info-Tech’s templates to build your MAC policy and request form

    3.1.1 Build a MAC policy and request form

    Desktop Move/Add/Change Policy

    This desktop move/add/change policy should be put in place to mitigate the risk associated with unauthorized changes, minimize disruption to the business, IT department, and end users, and maintain consistent expectations.

    Move, Add, Change Request Form

    Help end users navigate the move/add/change process. Use the Move/Add/Change Request Form to increase efficiency and organization for MAC requests.

    Document the process for user equipment moves

    Include the following in your process documentation:

    • How and when will any changes to user or location information be made in the ITAM tool?
    • Will any changes in AD automatically update in the ITAM tool?
    • How should requests for equipment moves or changes be made?
    • How will resources be scheduled?

    The image shows a flowchart titled SErvice Request - User Moves. The chart of processes is split into three categories, listed on the left side of the chart: User Manager; IT Coordinator; and Tier 2 & Facilities.

    Build workflows to document user MAC processes

    3.1.2 Build MAC process workflows

    Participants

    • Asset Manager
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 10: Equipment Install, Adds, Moves, and Changes

    Document each step in the system deployment process using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

    1. Outline each step in the process of desktop deployment. Be as granular as possible. On each card, describe the step as well as the individual responsible for each step.
    2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    3. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
    4. Document separately the process for large-scale deployment if required.

    Define a policy to ensure effective maintenance of hardware assets

    Effective maintenance and support of assets provides longer life, higher employee productivity, and increased user satisfaction.

    • Your asset management documentation and database should store equipment maintenance contract information so that it can be consulted whenever hardware service is required.
    • Record who to contact as well as how, warranty information, and any SLAs that are associated with the maintenance agreement.
    • Record all maintenance that hardware equipment receives, which will be valuable for evaluating asset and supplier performance.
    • In most cases, the Service Desk should be the central point of contact for maintenance calls to all suppliers.

    Sample equipment maintenance policy terms:

    • Maintenance and support arrangements are required for all standard and non-standard hardware.
    • All onsite hardware should be covered by onsite warranty agreements with appropriate response times to meet business continuity needs.
    • Defective items under warranty should be repaired in a timely fashion.
    • Service, maintenance, and support shall be managed through the help desk ticketing system.

    Design process and policies for hardware maintenance, warranty, and support documentation handling

    3.1.3 Design process for hardware maintenance

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 10

    1. Discuss and document the policy for hardware maintenance, warranty, and support.
    2. Key outcomes should include:
    • Who signs off on policies?
    • What is the timeline for documentation review?
    • Where are warranty and maintenance documents stored?
    • How will equipment be assessed for condition during audits?
    • How often will deployed equipment be reimaged?
    • How will equipment repair needs be requested?
    • How will repairs for equipment outside warranty be handled?
  • Document in the Standard Operating Procedure.

    • Use your HAM program to improve security and meet regulatory requirements

    ITAM complements and strengthens security tools and processes, improving the company’s ability to protect its data and systems and reduce operational risk.

    It’s estimated that businesses worldwide lose more than $221 billion per year as a result of security breaches. HAM is one important factor in securing data, equipment investment, and meeting certain regulatory requirements.

    How does HAM help keep your organization secure?

    • Educating users on best practices for securing their devices, and providing physical security such as cable locks and tracking mechanisms.
    • Best practices for reporting lost or stolen equipment for quickly removing access and remotely wiping devices.
    • Accurate location and disposal records will enable accurate reporting for HIPAA and PCI DSS audits where movement of media or hardware containing data is a requirement. Best practices for disposal will include properly wiping drives, recording information, and ensuring equipment is disposed of according to environmental regulations.
    • Secure access to data through end-user mobile devices. Use accurate records and MDM tools to securely track, remove access, and wipe mobile devices if compromised.
    • Encrypt devices that may be difficult to track such as USB drives or secure ports to prevent data from being copied to external drives.
    • Managed hardware allows software to be managed and patched on a regular basis.

    Best Practices

    1. Educate end users about traveling with equipment. Phones and laptops are regularly stolen from cars; tablets and phones are left on planes. Encourage users to consider how they store equipment on the way home from work.
    2. Cable locks used at unsecured offsite or onsite work areas should be supplied to employees.
    3. Equipment stored in IT must be secured at all times.

    Implement mobile device management (MDM) solutions

    Organizations with a formal mobile management strategy have fewer problems with their mobile devices.

    Develop a secure MDM to:

    • Provide connection and device support when the device is fully subsidized by the organization to increase device control.
    • Have loaner devices for when traveling to limit device theft or data loss.
    • Personal devices not managed by MDM should be limited to internet access on a guest network.
    • Limit personal device access to only internet access or a limited zone for data access and a subset of applications.
    • Advanced MDM platforms provide additional capabilities including containerization.

    The benefits of a deployed MDM solution:

    • Central management of a variety of devices and platforms is the most important advantage of MDM. Administrators can gain visibility into device status and health, set policies to groups of users, and control who has access to what.
    • Security features such as enforcing passcodes and remote wipe are also essential, given the increased risk of mobile devices.
      • Remote wipe should be able to wipe either the whole device or just selected areas.
    • Separation of personal data is becoming increasingly important as BYOD becomes the norm. This is a feature that vendors are approaching radically differently.
    • Device lock: Be able to lock the device itself, its container, or its SIM. Even if the SIM is replaced, the device should still remain locked. Consider remote locking a device if retrieval is possible.

    Mobile device management is constantly evolving to incorporate new features and expand to new control areas. This is a high-growth area that warrants constant up-to-date knowledge on the latest developments.

    What can be packed into an MDM can vary and be customized in many forms for what your organization needs.

    Secure endpoint devices to protect the data you cannot control

    Endpoint Encryption

    Endpoints Average None
    Desktop 73% 4%
    Laptops 65% 9%
    Smartphones 27% 28%
    Netbooks 26% 48%
    Tablets 16% 59%
    Grand average 41%

    Benefits from endpoint encryption:

    • Reduced risk associated with mobile workers.
    • Enabled sharing of data in secured workspace.
    • Enhanced end-user accountability.
    • Reduced number of data breach incidents.
    • Reduced number of regulatory violations.

    Ways to reduce endpoint encryption costs:

    • Use multiple vendors (multiple platforms): 33%
    • Use a single vendor (one platform): 40%
    • Use a single management console: 22%
    • Outsource to managed service provider: 26%
    • Permit user self-recovery: 26%

    Remote Wiping

    • If all else fails, a device can always be erased of all its data, protecting sensitive data that may have been on it.
    • Selective wipe takes it a step further by erasing only sensitive data.

    Selective wipe is not perfect.

    It is nearly impossible to keep the types of data separate, even with a sandbox approach. Selective wipe will miss some corporate data, and even a full remote wipe can only catch some of users’ increasingly widely distributed data.

    Selective wipe can erase:

    • Corporate profiles, email, and network settings.
    • Data within a corporate container or other sandbox.
    • Apps deployed across the enterprise.

    Know when to perform a remote wipe.

    Not every violation of policy warrants a wipe. Playing Candy Crush during work hours probably does not warrant a wipe, but jail breaking or removing a master data management client can open up security holes that do warrant a wipe.

    Design an effective asset security policy to protect the business

    Data security is not simply restricted to compromised software. In fact, 70% of all data breaches in the healthcare industry since 2010 are due to device theft or loss, not hacking. (California Data Breach Report – October, 2014) ITAM is not just about tracking a device, it is also about tracking the data on the device.

    Organizations often struggle with the following with respect to IT asset security:

    • IT hardware asset removal control.
    • Personal IT hardware assets (BYOD).
    • Data removal from IT hardware assets.
    • Inventory control with respect to leased hardware and software.
    • Unused software.
    • Repetitive versions of software.
    • Unauthorized software.

    Your security policy should seek to protect IT hardware and software that:

    • Have value to the business.
    • Require ongoing maintenance and support.
    • Create potential risk in terms of financial loss, data loss, or exposure.

    These assets should be documented and controlled in order to meet security requirements.

    The asset security policy should encompass the following:

    • Involved parties.
    • Hardware removal policy/documentation procedure.
    • End-user asset security responsibilities.
    • Theft/loss reporting procedure.
    • BYOD standards, procedures, and documentation requirements.
    • Data removal.
    • Software usage.
    • Software installation.

    Info-Tech Insight

    Hardware can be pricey; data is priceless. The cost of losing a device is minimal compared to the cost of losing data contained on a device.

    Revise or create an asset security policy

    3.1.4 Develop IT asset security policy

    Participants

    • CIO or IT Director
    • Asset Manager
    • Service Desk Manager
    • Security
    • Operations (optional)

    Document

    Document in the Asset Security Policy.

    1. Identify asset security challenges within your organization. Record them in a table like the one below.
    Challenge Current Security Risk Target Policy
    Hardware removal Secure access and storage, data loss Designated and secure storage area
    BYOD No BYOD policy in place N/A → phasing out BYOD as an option
    Hardware data removal Secure data disposal Data disposal, disposal vendor
    Unused software Lack of support/patching makes software vulnerable Discovery and retirement of unused software
    Unauthorized software Harder to track, less secure Stricter stance on pirated software
    1. Brainstorm the reasons for why these challenges exist.
    2. Identify target policy details that pertain to each challenge. Record the outcomes in section(s) 5.1, 5.2, or 5.3 of the Asset Security Policy.

    Poor asset security and data protection had costly consequences for UK Ministry of Justice

    CASE STUDY

    Industry Legal

    Source ICO

    Challenge

    The Ministry of Justice (MoJ) in the UK had a security problem: hard drives that contained sensitive prisoner data were unencrypted and largely unprotected for theft.

    These hard drives contained information related to health, history of drug use, and past links to organized crime.

    After two separate incidents of hard drive theft that resulted in data breaches, the Information Commissioner’s Office (ICO), stepped in.

    Solution

    It was determined that after the first hard drive theft in October 2011, replacement hard drives with encryption software were provisioned to prisons managed by the MoJ.

    Unfortunately, the IT security personnel employed by the MoJ were unaware that the encryption software required manual activation.

    When the second hard drive theft occurred, the digital encryption could not act as a backup to poor physical security (the hard drive was not secured in a locker as per protocol).

    Results

    The perpetrators were never found and the stolen hard drives were never recovered.

    As a result of the two data breaches, the MoJ had to implement costly security upgrades to its data protection system.

    The ICO fined the MoJ £180,000 for its repeated security breaches. This costly fine could have been avoided if more diligence was present in the MoJ’s asset management program.

    Step 3.2: Dispose or Redeploy Assets

    3.1 Manage & Maintain

    3.2 Dispose or Redeploy

    This step will walk you through the following activities:

    3.2.1 Identify challenges with IT asset recovery and disposal

    3.2.2 Design hardware asset recovery and disposal workflows

    3.2.3 Build a hardware asset disposition policy

    This step involves the following participants:

    • Infrastructure Director/Manager
    • Asset Manager
    • Service Desk Manager
    • Operations (optional)

    Step Outcomes:

    • Defined process to determine when to redeploy vs. dispose of hardware assets
    • Process for recovering and redeploying hardware equipment
    • Process for safely disposing of assets that cannot be redeployed
    • Comprehensive asset disposition policy

    Balance the effort to roll out new equipment against the cost to maintain equipment when building your lifecycle strategy

    The image shows two line graphs. The graph on the left is titled: Desktop Refresh Rate by Company Size (based on Revenue). The graph on the right is titled: Laptop Refresh Rate by Company Size (based on Revenue). Each graph has four lines, defined by a legend in the centre of the image: yellow is small ($25mm); dark blue is Mid ($25-500MM); light blue is large ( data-verified=$500MM); and orange is Overall.">

    (Info-Tech Research Group; N=96)

    Determining the optimal length of time to continue to use equipment will depend on use case and equipment type

    Budget profiles Refresh methods

    Stretched

    Average equipment age: 7+ years

    		To save money, some organizations will take a cascading approach, using the most powerful machines for engineers or scientists to ensure processing power, video requirements and drives will meet the needs of their applications and storage needs; then passing systems down to departments who will require standard-use machines. The oldest and least powerful machines are either used as terminals or disposed.

    Generous

    Average equipment age: 3 years

    		Organizations that do not want to risk user dissatisfaction or potential compatibility or reliability issues will take a more aggressive replacement approach. These organizations often have less people assigned to end-user device maintenance and will not repair equipment outside of warranty. There is little variation in processing power among devices, with major differences determined by mobility and operating system.

    Cautious

    Average equipment age: 4 to 5 years

    Organizations that fit between the other two profiles will look to stretch the budget beyond warranty years, but will keep a close eye on maintenance requirements. Repairs needed outside of warranty will require an eye to costs, efforts, and subsequent administrative work of loaning equipment to keep the end user productive while waiting on service.

    Recommendations to keep users happy and equipment in prime form is to check condition at the 2-3 year mark, reimage at least once to improve performance, and have backup machines, if equipment starts to become problematic.

    Build a process to determine when and how to redeploy or dispose of hardware assets at end of use

    • When equipment is no longer needed for the function or individual to whom it was assigned, the Hardware Asset Manager needs to use data to ensure the right decision is made as to what to do with the asset.
    • End of use involves evaluating options for either continuing to use the equipment in another capacity or by another individual or determining that the asset has no remaining value to the organization in any capacity and it is time to retire it.
    • If the asset is retired, it may still have capacity for continued use outside of the organization or it may be disposed.

    Redeployment

    • Deliver the asset to a new user if it is no longer needed by the original user but still has value and usability.
    • Redeployment saves money and prevents unnecessary purchases.
    • Common when employees leave the company or a merge or acquisition changes the asset pool.

    VS.

    Disposal

    • When an asset is no longer of use to the organization, it may be disposed of.
    • Need to consider potential financial and public relations considerations if disposal is not done according to environmental legislation.
    • Need to ensure proper documentation and data removal is built into disposition policy.

    Use persistent documentation and communication to improve hardware disposal and recovery

    Warning! Poor hardware disposal and recovery practices can be caused by the following:

    1. Your IT team is too busy and stretched thin. Data disposal is one of many services your IT team is likely to have to deal with, but this service requires undivided attention. By standardizing hardware refreshes, you can instill more predictability with your hardware life cycles and better manage disposal.
    2. Poor inventory management. Outdated data and poor tracking practices can result in lost assets during the disposal phase. It only takes a single lost asset to cause a disastrous data breach in your supply chain.
    3. Obliviousness to disposal regulations. Electronic disposal and electronically stored data are governed by strict regulation.

    How do you improve your hardware disposal and recovery process?

    • A specific, controlled process needs to be in place to wipe all equipment and verify that it’s been wiped properly. Otherwise, companies will continue to spend money to protect data while equipment is in use, but overlook the dangerous implications of careless IT asset disposal. Create a detailed documentation process to track your assets every step of the way to ensure that data and applications are properly disposed of. Detailed documentation can also help bolster sustainability reporting for organizations wishing to track such data.
    • Better communication should be required. Most decommissioning or refresh processes use multiple partners for manufacturing, warehousing, data destruction, product resale, and logistics. Setting up and vetting these networks can take years, and even then, managing them can be like playing a game of telephone; transparency is key.

    Address three core challenges of asset disposal and recovery

    Asset Disposal

    Data Security

    Sixty-five percent of organizations cite data security as their top concern. Many data breaches are a result of hardware theft or poor data destruction practices.

    Choosing a reputable IT disposal company or data removal software is crucial to ensuring data security with asset disposal.

    Environmental

    Electronics contain harmful heavy metals such as mercury, arsenic, and cadmium.

    Disposal of e-waste is heavily regulated, and improper disposal can result in hefty fines and bad publicity for organizations.

    Residual value

    Many obsolete IT assets are simply confined to storage at their end of life.

    This often imposes additional costs with maintenance or storage fees and leaves a lot of value on the table through assets that could be sold or re-purposed within the organization.

    Identify challenges with IT asset recovery and disposal with a triple bottom line scorecard

    3.2.1 Identify challenges with IT asset recovery and disposal

    Participants

    • Infrastructure Director/Manager
    • Asset Manager
    • Service Desk Manager
    • Operations (optional)
    1. Divide the whiteboard into three boxes: Social, Economic, and Environmental.
    2. Divide each box into columns like the one shown below:
    Economic
    Challenge Objectives Targets Initiatives
    No data capture during disposal Develop reporting standards 80% disposed assets recorded Work with Finance to develop reporting procedure
    Idle assets Find resale market/dispose of idle assets 50% of idle assets disposed of within the year Locate resale vendor and disposal service
    1. Ask participants to list challenges associated with each area.
    2. Once challenges facing recovery and disposal have been exhausted from the group, assign a significance of 1-5 (1 being the lowest and 5 being the highest) to each challenge.
    3. Discuss the most significant challenges and how they might be addressed through the next steps of building recovery & disposal processes.

    Build a process for recovery and redeployment of hardware

    • Having hardware standards in place makes redeploying easier by creating a larger pool of possible users for a standardized asset.
    • Most redeployment activities will be carried out by the Help Desk as a service request ticket, so it is important to have clear communication and guidelines with the Help Desk as to which tasks need to be carried out as part of the request.

    Ensure the following are addressed:

    • Where will equipment be stored before being redeployed?
    • Will shipping be required and are shipping costs factored into analysis?
    • Ensure equipment is cleaned before it is redeployed.
    • Do repairs and reconfigurations need to be made?
    • How will software be removed and licenses harvested and reported to Software Asset Manager?
    • How will data be securely wiped and protected?

    The image shows a work process in flowchart format titled Equipment Recovery. The chart is divided into two sections, listed on the left: Business Manager/HR and Desktop Support Team.

    Define the process for safely disposing of assets that cannot be redeployed

    Asset Disposal Checklist

    1. Review the data stored on the device.
    2. Determine if there has been any sensitive or confidential information stored.
    3. Remove all sensitive/confidential information.
    4. Determine if software licenses are transferable.
    5. Remove any non- transferable software prior to reassignment.
    6. Update the department’s inventory record to indicate new individual assigned custody.
    7. In the event of a transfer to another department, remove data and licensed software.
    8. If sensitive data has been stored, physically destroy the storage device.
    • Define the process for retiring and disposing of equipment that has reached replacement age or no longer meets minimum conditions or standards.
    • Clearly define the steps that need to be taken both before and after the involvement of an ITAD partner.

    The image shows a flowchart titled Equipment Disposal. It is divided into two sections, labelled on the left as: Desktop Support Team and Asset Manager.

    Design hardware asset recovery and disposal workflows

    3.2.2 Design hardware asset recovery and disposal policies and workflows

    Participants

    • Infrastructure Director/Manager
    • Asset Manager
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Sections 11 and 12

    Document each step in the recovery and disposal process in two separate workflows using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

    1. Keeping in mind current challenges around hardware asset recovery and disposal, design the target state for both the asset recovery and disposal processes.
    2. Outline each step of the process and be as granular as possible.
    3. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    4. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
    5. Review the checklists on the previous slides to ensure all critical tasks are accounted for in your process workflows.

    Add equipment disposition to asset lifecycle decisions to meet environmental regulations and mitigate risk

    Although traditionally an afterthought in asset management, IT asset disposition (ITAD) needs to be front and center. Increase focus on data security and concern surrounding environmental sustainability and develop an awareness of the cost efficiencies possible through best-practices disposition.

    Optimized ITAD solutions:

    1. Protect sensitive or valuable data
    2. Support sustainability
    3. Focus on asset value recovery

    Info-Tech Insight

    A well-thought-out asset management program mitigates risk and is typically less costly than dealing with a large-scale data loss incident or an inappropriate disposal suit. Also, it protects your company’s reputation – which is difficult to put a price on.

    Partner with an ITAD vendor to support your disposition strategy

    Maximizing returns on assets requires knowledge and skills in asset valuation, upgrading to optimize market return, supply chain management, and packaging and shipping. It’s unlikely that the return will be adequate to justify that level of investment, so partnering with a full-service ITAD vendor is a no-brainer.

    • An ITAD vendor knows the repurpose and resale space better than your organization. They know the industry and have access to more potential buyers.
    • ITAD vendors can help your organization navigate costly environmental regulations for improper disposal of IT assets.

    Disposal doesn’t mean your equipment has to go to waste.

    Additionally, your ITAD vendor can assist with a large donation of hardware to a charitable organization or a school.

    Donating equipment to schools or non-profits may provide charitable receipts that can be used as taxable benefits.

    Before donating:

    • Ensure equipment is needed and useful to the organization.
    • Be prepared for an appraisal requirement. Receipts can only be issued for fair market value.
    • Prevent compromised data by thoroughly wiping or completely replacing drives.
    • Ensure official transfer of ownership to prevent liability if improper disposal practices follow.

    Info-Tech Insight

    Government assistance grants may be available to help keep your organization’s hardware up to date, thereby providing incentives to upgrade equipment while older equipment still has a useful life.

    Protect the organization by sufficiently researching potential ITAD partners

    Research ITAD vendors as diligently as you would primary hardware vendors.

    Failure to thoroughly investigate a vendor could result in a massive data breach, fines for disposal standards violations, or a poor resale price for your disposed assets. Evaluate vendors using questions such as the following:

    • Are you a full-service vendor or are you connected to a wholesaler?
    • Who are your collectors and processors?
    • How do you handle data wiping? If you erase the data, how many passes do you perform?
    • What do you do with the e-waste? How much is reused? How much is recycled?
    • Do you have errors and omissions insurance in case data is compromised?
    • How much will it cost to recycle or dispose of worthless equipment?
    • How much will I receive for assets that still have useful life?

    ITAD vendors that focus on recycling will bundle assets to ship to an e-waste plant – leaving money on the table.

    ITAD vendors with a focus on reuse will individually package salable assets for resale – which will yield top dollars.

    Info-Tech Insight

    To judge the success of a HAM overhaul, you need to establish a baseline with which to compare final results. Be sure to take HAM “snapshots” before ITAD partnering so it’s easy to illustrate the savings later.

    Work with ITAD partner or equipment supplier to determine most cost-effective method and appropriate time for disposal

    2-4 Two-to-four year hardware refresh cycle

    • Consider selling equipment to an ITAD partner who specializes in sales of refurbished equipment.
    • Consider donating equipment to schools or non-profits, possibly using an ITAD partner who specializes in refurbishing equipment and managing the donation process.

    5-7 Five-to-seven year hardware refresh cycle

    • At this stage equipment may still have a viable life, but would not be appropriate for school or non-profit donations, due to a potentially shorter lifespan. Consider selling equipment to an ITAD partner who has customers interested in older, refurbished equipment.

    7+ Seven or more years hardware refresh cycle

    • If keeping computers until they reach end of life, harvest parts for replacement on existing machines and budget for disposal fees.
    • Ask new computer supplier about disposal services or seek out ITAD partner who will disassemble and dispose of equipment in an environmentally responsible manner.

    Info-Tech Insight

    • In all cases, ensure hard drives are cleansed of data with no option for data recovery. Many ITAD partners will provide a drive erasure at DoD levels as part of their disposal service.
    • Many ITAD partners will provide analysts to help determine the most advantageous time to refresh.

    Ensure data security and compliance by engaging in reliable data wiping before disposition

    Failure to properly dispose of data can not only result in costly data breaches, but also fines and other regulatory repercussions. Choosing an ITAD vendor or a vendor that specializes in data erasure is crucial. Depending on your needs, there are a variety of data wiping methods available.

    Certified data erasure is the only method that leaves the asset’s hard drive intact for resale or donation. Three swipes is the bare minimum, but seven is recommended for more sensitive data (and required by the US Department of Defense). Data erasure applications may be destructive or non-destructive – both methods overwrite data to make it irretrievable.

    Physical destruction must be done thoroughly, and rigorous testing must be done to verify data irretrievability. Methods such as hand drilling are proven to be unreliable.

    Degaussing uses high-powered magnets to erase hard drives and makes them unusable. This is the most expensive option; degaussing devices can be purchased or rented.

    Info-Tech Best Practice

    Data wiping can be done onsite or can be contracted to an ITAD partner. Using an ITAD partner can ensure greater security at a more affordable price.

    Make data security a primary driver of asset disposition practices

    It is estimated that 10-15% of data loss cases result from insecure asset disposal. Protect yourself by following some simple disposition rules.

    1. Reconcile your data onsite
    • Verify that bills of landing and inventory records match before assets leave. Otherwise, you must take the receiver’s word on shipment contents.
  • Wipe data at least once onsite
    • Do at least one in-house data wipe before the assets leave the site for greater data security.
  • Transport promptly after data wiping
    • Prompt shipment will minimize involvement with the assets, and therefore, cost. Also, the chance of missing assets will drop dramatically.
  • Avoid third-party transport services
    • Reputable ITAD companies maintain strict chain of custody control over assets. Using a third party introduces unnecessary risk.
  • Keep detailed disposition records
    • Records will protect you in the event of an audit, a data loss incident, or an environmental degradation claim. They could save you millions.
  • Wipe all data-carrying items
    • Don’t forget cell phones, fax machines, USB drives, scanners, and printers – they can carry sensitive information that can put the organization at risk.
  • Only partner with insured ITAD vendors
    • You are never completely out of danger with regards to liability, but partnering with an insured vendor is potent risk mitigation.

    • Work these rules into your disposition policy to mitigate data loss risk.

    Support your HAM efforts with a comprehensive disposition policy

    3.2.3 Build a Hardware Asset Disposition Policy

    Implementation of a HAM program is a waste of time if you aren’t going to maintain it. Maintenance requires the implementation of detailed policies, training, and an ongoing commitment to proper management.

    Use Info-Tech’s Hardware Asset Disposition Policy to:

    1. Establish and define clear standards, procedures, and restrictions surrounding disposition.
    2. Ensure continual compliance with applicable data security and environmental legislation.
    3. Assign specific responsibilities to individuals or groups to ensure ongoing adherence to policy standards and that costs or benefits are in line with expectations.

    Phase 3 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Maintain & Dispose

    Proposed Time to Completion: 4 weeks

    Start with an analyst kick-off call:

    • Discuss inventory management best practices.
    • Build process for moves, adds, and changes.
    • Build process for hardware maintenance.
    • Define policies for maintaining asset security.

    Then complete these activities…

    • Build a MAC policy and request form.
    • Build workflows to document user MAC processes.
    • Design processes and policies for hardware maintenance, warranty, and support documentation handling.
    • Build an asset security policy.

    With these tools & templates:

    • Standard Operating Procedures
    • Asset Security Policy

    Step 3.2: Dispose or Redeploy Assets

    Review findings with analyst:

    • Discuss when to dispose vs. redeploy assets.
    • Build process for redeploying vs. disposing of assets.
    • Review ITAD vendors.

    Then complete these activities…

    • Identify challenges with IT asset recovery and disposal.
    • Design hardware asset recovery and disposal workflows.
    • Build a hardware asset disposition policy.

    With these tools & templates:

    • Standard Operating Procedures
    • Asset Recovery Workflow
    • Asset Disposal Workflow
    • Hardware Asset Disposition Policy

    Phase 3 Insight: Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.4 Revise or create an asset security policy

    Discuss asset security challenges within the organization; brainstorm reasons the challenges exist and process changes to address them. Document a new asset security policy.

    3.2.2 Design hardware asset recovery and disposal workflows

    Document each step in the hardware asset recovery and disposal process, including all decision points. Examine challenges and amend the workflow to address them.

    Phase 4

    Plan Budget Process and Build Roadmap

    Implement Hardware Asset Management

    Cisco deployed an enterprise-wide re-education program to implement asset management

    CASE STUDY

    Industry Networking

    Source Cisco IT

    Challenge

    Even though Cisco Systems had designed a comprehensive asset management program, implementing it across the enterprise was another story.

    An effective solution, complete with a process that could be adopted by everyone within the organization, would require extensive internal promotion of cost savings, efficiencies, and other benefits to the enterprise and end users.

    Cisco’s asset management problem was as much a cultural challenge as it was a process challenge.

    Solution

    The ITAM team at Cisco began discussions with departments that had been tracking and managing their own assets.

    These sessions were used as an educational tool, but also as opportunities to gather internal best practices to deploy across the enterprise.

    Eventually, Cisco introduced weekly meetings with global representation to encourage company-wide communication and collaboration.

    Results

    By establishing a process for managing PC assets, we have cut our hardware costs in half.” – Mark Edmonson, Manager – IT Services Expenses

    Cisco reports that although change was difficult to adopt, end-user satisfaction has never been higher. The centralized asset management approach has resulted in better contract negotiations through better data access.

    A reduced number of hardware and software platforms has streamlined tracking and support, and will only drive down costs as time goes on.

    Step 4.1: Plan Hardware Asset Budget

    Phase 4: Plan Budget & Build Roadmap

    4.1 Plan Budget

    4.2 Communicate & Build Roadmap

    This step will walk you through the following activities:

    4.1 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

    This step involves the following participants:

    • IT Director
    • Asset Manager
    • Finance Department

    Step Outcomes

    • Know where to find data to budget for hardware needs accurately
    • Learn how to manage a hardware budget
    • Plan hardware asset budget with a budgeting tool

    Gain control of the budget to increase the success of HAM

    A sophisticated hardware asset management program will be able to uncover hidden costs, identify targets for downsizing, save money through redistributing equipment, and improve forecasting of equipment to help control IT spending.

    While some asset managers may not have experience managing budgets, there are several advantages to ITAM owning the hardware budget:

    • Be more involved in negotiating pricing with suppliers.
    • Build better relationships with stakeholders across the business.
    • Forecast requirements more accurately.
    • Inform benchmarks for hardware performance.
    • Gain more responsibility and have a greater influence on purchasing decisions.
    • Directly impact the reduction in IT spend.
    • Manage the asset database more easily and have a greater understanding of hardware needs.
    • Build a continuous rolling refresh.

    Use ITAM data to forecast hardware needs accurately and realistically

    Your IT budget should be realistic, accounting for business needs, routine maintenance, hardware replacement costs, unexpected equipment failures, and associated support and warranty costs. Know where to find the data you need and who to work with to forecast hardware needs as accurately as possible.

    What type of data should I take into account?

    Plan for:

    • New hardware purchases required
      • Planned refreshes based on equipment lifecycle
      • Inventory for break and fix
      • Standard equipment for new hires
      • Non-standard equipment required
      • Hardware for planned projects
      • Implementation and setup costs
      • Routine hardware implementation
      • Large hardware implementation for projects
      • Support and warranty costs

    Take into account:

    • Standard refresh cycle for each hardware asset
    • Amount of inventory to keep on hand
    • Length of time from procurement to inventory
    • Current equipment costs and equipment price increases
    • Equipment depreciation rates and resale profits

    Where do I find the information I need to budget accurately?

    • Work with HR to forecast equipment needs for new hires.
    • Work with the Infrastructure Manager to forecast devices and equipment needed for approved and planned projects.
    • Use the asset management database to forecast hardware refresh and replacement needs based on age and lifecycle.
    • Work with business stakeholders to ensure all new equipment needs are accounted for in the budget.

    Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

    4.1.1 Build HAM budget

    This tool is designed to assist in developing and justifying the budget for hardware assets for the upcoming year. The tool will allow you to budget for projects requiring hardware asset purchases as well as equipment requiring refresh and to adjust the budget as needed to accommodate both projects and refreshes. Follow the instructions on each tab to complete the tool.

    The hardware budget should serve as a planning and communications tool for the organization

    The most successful relationships have a common vocabulary. Thus, it is important to translate “tech speak” into everyday language and business goals and initiatives as you plan your budget.

    One of the biggest barriers that infrastructure and operations team face with regards to equipment budgeting is the lack of understanding of IT infrastructure and how it impacts the rest of the organization. The biggest challenge is to help the rest of the organization overcome this barrier.

    There are several things you can do to overcome this barrier:

    • Avoid using technical terms or jargon. Terms many would consider common knowledge, such as “WLAN,” are foreign to many.
    • Don’t assume the business knows how the technology you’re referring to will impact their day-to-day work. You will need to demonstrate it to them.
    • Help the audience understand the business impact of not implementing each initiative. What does this mean for them?
    • Discuss the options on the table in terms of the business value that the hardware can enable. Review how deferring refresh projects can impact user-facing applications, systems, and business unit operations.
    • Present options. If you can’t implement everything on the project list, present what you can do at different levels of funding.

    Info-Tech Insight

    Err on the side of inviting more discussion. Your budgeting process relies on business decision makers and receiving actionable feedback requires an ongoing exchange of information.

    Help users understand the importance of regular infrastructure refreshes

    Getting business users to support regular investments in maintenance relies on understanding and trust. Present the facts in plain language. Provide options, and clearly state the impact of each option.

    Example: Your storage environment is nearing capacity.

    Don’t:

    Explain the project exclusively in technical terms or slang.

    We’re exploring deduping technology as well as cheap solid state, SATA, and tape storage to address capacity.”

    Do:

    • Explain impact in terms that the business can understand.

    Deduplication technology can reduce our storage needs by up to 50%, allowing us to defer a new storage purchase.”

    • Be ready to present project alternatives and impacts.

    Without implementing deduplication technology, we will need to purchase additional storage by the end of the year at an estimated cost of $25,000.”

    • Connect the project to business initiatives and strategic priorities.

    This is a cost-effective technique to increase storage capacity to manage annual average data growth at around 20% per year.

    Step 4.2: Build Communication Plan and Roadmap

    Phase 4: Plan Budget & Build Roadmap

    4.1 Plan Budget

    4.2 Communicate & Build Roadmap

    This step will walk you through the following activities:

    4.2 Develop a HAM implementation roadmap

    This step involves the following participants:

    • CIO
    • IT Director
    • Asset Manager
    • Service Desk Manager

    Step Outcomes

    • Documented end-user hardware asset management policies
    • Communications plan to achieve support from end users and other business units
    • HAM implementation roadmap

    Educate end users through ITAM training to increase program success

    As part of your communication plan and overall HAM implementation, training should be provided to end users within the organization.

    All facets of the business, from management to new hires, should be provided with ITAM training to help them understand their role in the project’s success.

    ITAM solutions are complex by nature with both business process and technical knowledge required to use them correctly. Keep the message appropriate to the audience – end users don’t need to know the complete process, but will need to know policy and how to request.

    Management may have priorities that appear to clash with new processes. Engage management by making them aware of the benefits and importance of ITAM. Include the benefits and consequences of not implementing ITAM in your education approach. Encourage them to support efforts by reinforcing your messages to end users.

    New hires should have ITAM training bundled into their onboarding process. Fresh minds are easier to train and the ITAM program will be seen as an organizational standard, not merely a change.

    Policy documents can help summarize end users’ obligations and clarify processes. Consider an IT Resources Acceptable UsePolicy.

    "The lowest user is the most important user in your asset management program. New employees are your most important resource. The life cycle of the assets will go much smoother if new employees are brought on board." – Tyrell Hall, ITAM Program Coordinator

    Info-Tech Insight

    During training, you should present the material through the lens of “what’s in it for me?” Otherwise, you risk alienating end users through implementing organizational change viewed as low value.

    Include policy design and enforcement in your communication plan

    • Hardware asset management policies should define the actions to be taken to protect and preserve technology assets from failure, loss, destruction, theft, or damage.
    • Implementing asset management policies enforces the notion that the organization takes its IT assets and the management of them seriously, and will help ensure the benefits of ITAM are achieved.
    • Designing, approving, documenting, and adopting one set of standard ITAM policies for each department to follow will ensure the processes are enforced equally across the organization.
    • Good ITAM policies answer the “what, how, and why” of IT asset management, provide the means for ITAM governance, and provide a basis for strategy and decision making.

    Info-Tech Insight

    Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but be sure to modify and adapt policies to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation and involvement from the committees and departments to whom it will pertain.

    Use Info-Tech’s policy templates to build HAM policies

    4.2.1 Build HAM policies

    Use these HAM policy templates to get started:

    Information Technology Standards Policy

    This policy establishes standards and guidelines for a company’s information technology environment to ensure the confidentiality, integrity, and availability of company computing resources.

    Desktop Move/Add/Change Policy

    This desktop move/add/change policy is put in place for users to request to change their desktop computing environments. This policy applies configuration changes within a company.

    Purchasing Policy

    The purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

    Hardware Asset Disposition Policy

    This policy assists in creating guidelines around disposition in the last stage of the asset lifecycle.

    Additional policy templates

    Info-Tech Insight

    Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but modify and adapt them to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation from the committees and departments to whom it will pertain.

    Create a communication plan to achieve end-user support and adherence to policies

    Communication is crucial to the integration and overall implementation of your ITAM program. An effective communication plan will:

    • Gain support from management at the project proposal phase.
    • Create end-user buy-in once the program is set to launch.
    • Maintain the presence of the program throughout the business.
    • Instill ownership throughout the business from top-level management to new hires.

    Use the variety of components as part of your communication plan in order to reach the organization.

    1. Advertise successes.
    • Regularly demonstrate the value of the ITAM program with descriptive statistics focused on key financial benefits.
    • Share data with the appropriate personnel; promote success to obtain further support from senior management.
  • Report and share asset data.
    • Sharing detailed asset-related reports frequently gives decision makers useful data to aid in their strategy.
    • These reports can help your organization prepare for audits, adjust asset budgeting, and detect unauthorized assets.
  • Communicate the value of ITAM.
    • Educate management and end users about how they fit into the bigger picture.
    • Individuals need to know that their behaviors can adversely affect data quality and, ultimately, lead to better decision making.

    • Develop a communication plan to convey the right messages

    4.2.2 Develop a communication plan to convey the right messages

    Participants

    • CIO
    • IT Director
    • Asset Manager
    • Service Desk Manager

    Document

    Document in the HAM Communication Plan

    1. Identify the groups that will be affected by the HAM program as those who will require communication.
    2. For each group requiring a communication plan, identify the following:
    • Benefits of HAM for that group of individuals (e.g. better data, security).
    • The impact the change will have on them (e.g. change in the way a certain process will work).
    • Communication method (i.e. how you will communicate).
    • Timeframe (i.e. when and how often you will communicate the changes).
  • Complete this information in a table like the one below and document in the Communication Plan.
    • Group Benefits Impact Method Timeline
    Service Desk Improve end-user device support Follow new processes Email campaign 3 months
    Executives Mitigate risks, better security, more data for reporting Review and sign off on policies
    End Users Smoother request process Adhere to device security and use policies
    Infrastructure Faster access to data and one source of truth Modified processes for centralized procurement and inventory

    Implement ITAM in a phased, constructive approach

    • One of the most difficult decisions to make when implementing ITAM is: “where do we start?”
    • The pyramid to the right mirrors Maslow’s hierarchy of needs. The base is the absolute bare minimum that should be in place, and each level builds upon the previous one.
    • As you track up the pyramid, your ITAM program will become more and more mature.

    Now that your asset lifecycle environment has been constructed in full, it’s time to study it. Gather data about your assets and use the results to create reports and new solutions to continually improve the business.

    • Asset Data
    • Asset Protection: safely protect and dispose of assets once they are mass distributed throughout your organization.
    • Asset Distribution: determine standards for asset provisioning and asset inventory strategy.
    • Asset Gathering: define what assets you will procure, distribute, and track. Classifying your assets by tier will allow you to make decisions as you progress up the pyramid.

    ↑ ITAM Program Maturity

    Integrate your HAM program into the organization to assist its implementation

    The HAM program cannot perform on its own – it must be integrated with other functional areas of the organization in order to maintain its stability and support.

    • Effective IT asset management is supported by a comprehensive set of processes as part of its implementation.
    • For example, integration with the purchasing/procurement team is required to gather hardware and software purchase data to control asset costs and mitigate software license compliance risk.
    • Integration with Finance is required to support internal cost allocations and charge backs.

    To integrate your ITAM program into your organization effectively, a clear implementation roadmap needs to be designed. Prioritize “quick wins” in order to demonstrate success to the business early and gain buy-in from your team. Long-term goals should be designed that will be supported by the outcomes of the short-term gains of your ITAM program.

    Short-term goal Long-term goal
    Identify inventory classification and tool (hardware first) Hardware contract data integration (warranty, maintenance, lease)
    Create basic ITAM policies and processes Continual improvement through policy impact review and revision
    Implement ITAM auto-discovery tools Software compliance reports, internal audits

    Info-Tech Insight

    Installing an ITAM tool does not mean you have an effective asset management program. A complete solution needs to be built around your tool, but the strength of ITAM comes from processes embedded in the organization that are shaped and supported by your ITAM data.

    Develop an IT hardware asset management implementation roadmap

    4.2.3 Develop a HAM implementation roadmap

    Participants

    • CIO
    • IT Director
    • Asset Manager
    • Service Desk Manager

    Document

    Document in the IT Hardware Asset Management Implementation Roadmap

    1. Identify up to five streams to work on initiatives for the hardware asset management project.
    2. Fill out key tasks and objectives for each process. Assign responsibility for each task.
    3. Select a start date and end date for each task. See tab 1 of the tool for instructions on which letters to input for each stage of the process.
    4. Once your list is complete, open tab 3 of the tool to see your completed sunshine diagram.
    5. Keep this diagram visible for your team and use it as a guide to task completion as you work towards your future-state value stream.

    Focus on continual improvement to sustain your ITAM program

    Periodically review the ITAM program in order to achieve defined goals, objectives, and benefits.

    Act → Plan → Do → Check

    Once ITAM is in place in your organization, a focus on continual improvement creates the following benefits:

    • Remain in sync with the business: your asset management program reflects the current and desired future states of your organization at the time of its creation. But the needs of the business change. As mentioned previously, asset management is a dynamic process, so in order for your program to keep pace, a focus on continual improvement is needed.
      • For example, imagine if your organization had designed your ITAM program before cloud-based solutions were an option. What if your asset classification scheme did not include personal devices or tablets or your asset security policy lacked a section on BYOD?
    • Create funding for new projects through ITAM continual improvement: one of the goals is to save money through more efficient use of your assets by “sweating” out underused hardware and software.
      • It may be tempting to simply present the results to Finance as savings, but instead, describe the results as “available funds for other projects.” Otherwise, Finance may view the savings as a nod to restrict IT’s budget and allocate funds elsewhere. Make it clear that any saved funds are still required, albeit in a different capacity.

    Info-Tech Best Practice

    Look for new uses for ITAM data. Ask management what their goals are for the next 12-18 months. Analyze the data you are gathering and determine how your ITAM data can assist with achieving these goals.

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Step 4.1: Plan Budget

    Start with an analyst kick-off call:

    • Know where to find data to budget for hardware needs accurately.
    • Learn how to manage a hardware budget.

    Then complete these activities…

    • Plan hardware asset budget.

    With these tools & templates:

    HAM Budgeting Tool

    Step 4.2: Communicate & Roadmap

    Review findings with analyst:

    • Develop policies for end users.
    • Build communications plan.
    • Build an implementation roadmap.

    Then complete these activities…

    • Build HAM policies.
    • Develop a communication plan.
    • Develop a HAM implementation roadmap.

    With these tools & templates:

    HAM policy templates

    HAM Communication Plan

    HAM Implementation Roadmap

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1.1 Build a hardware asset budget

    Review upcoming hardware refresh needs and projects requiring hardware purchases. Use this data to forecast and budget equipment for the upcoming year.

    4.2.2 Develop a communication plan

    Identify groups that will be affected by the new HAM program and for each group, document a communications plan.

    Insight breakdown

    Overarching Insights

    HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.

    ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.

    Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.

    Phase 1 Insight

    For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.

    Phase 2 Insight

    Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.

    Phase 3 Insight

    Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.

    Phase 4 Insight

    Deploying a fancy ITAM tool will not make hardware asset management implementation easier. Implementation is a project that requires you focus on people and process first – the technology comes after.

    Related Info-Tech research

    Implement Software Asset Management

    Build an End-User Computing Strategy

    Find the Value – and Remain Valuable – With Cloud Asset Management

    Consolidate IT Asset Management

    Harness Configuration Management Superpowers

    IT Asset Management Market Overview

    Bibliography

    Chalkley, Martin. “Should ITAM Own Budget?” The ITAM Review. 19 May 2011. Web.

    “CHAMP: Certified Hardware Asset Management Professional Manual.” International Association of Information Technology Asset Managers, Inc. 2008. Web.

    Foxen, David. “The Importance of Effective HAM (Hardware Asset Management).” The ITAM Review. 19 Feb. 2015. Web.

    Foxen, David. “Quick Guide to Hardware Asset Tagging.” The ITAM Review. 5 Sep. 2014. Web.

    Galecki, Daniel. “ITAM Lifecycle and Savings Opportunities – Mapping out the Journey.” International Association of IT Asset Managers, Inc. 16 Nov. 2014. Web.

    “How Cisco IT Reduced Costs Through PC Asset Management.” Cisco IT Case Study. 2007. Web.

    Irwin, Sherry. “ITAM Metrics.” The ITAM Review. 14 Dec. 2009. Web.

    “IT Asset and Software Management.” ECP Media LLC, 2006. Web.

    Rains, Jenny. “IT Hardware Asset Management.” HDI Research Brief. May 2015. Web.

    Riley, Nathan. “IT Asset Management and Tagging Hardware: Best Practices.” Samanage Blog. 5 March 2015. Web.

    “The IAITAM Practitioner Survey Results for 2016 – Lean Toward Ongoing Value.” International Association of IT Asset Managers, Inc. 24 May 2016. Web.

    Info-Tech Quarterly Research Agenda Outcomes Q2-Q3 2023

    • Buy Link or Shortcode: {j2store}297|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    At Info-Tech, we take pride in our research and have established the most rigorous publication standards in the industry. However, we understand that engaging with all our analysts to gauge the future may not always be possible. Hence, we have curated some compelling recently published research along with forthcoming research insights to assist you in navigating the next quarter.

    Our Advice

    Critical Insight

    We offer a quarterly Research Agenda Outcomes deck that thoroughly summarizes our recently published research, supplying decision makers with valuable insights and best practices to make informed and effective decisions. Our research is supported by our team of seasoned analysts with decades of experience in the IT industry.

    By leveraging our research, you can stay updated with the latest trends and technologies, giving you an edge over the competition and ensuring the optimal performance of your IT department. This way, you can make confident decisions that lead to remarkable success and improved outcomes.

    Impact and Result

    • Enhance preparedness for future market trends and developments: Keep up to date with the newest trends and advancements in the IT sector to be better prepared for the future.
    • Enhance your decision making: Acquire valuable information and insights to make better-informed, confident decisions.
    • Promote innovation: Foster creativity, explore novel perspectives, drive innovation, and create new products or services.

    Info-Tech Quarterly Research Agenda Outcomes Q2/Q3 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Info-Tech Quarterly Research Agenda Q3 2023 Deck – An overview of our Research Agenda Outcome for Q2 and Q3 of 2023.

    A guide to our top research published to date for 2023 (Q2/Q3).

    • Info-Tech Quarterly Research Agenda Outcomes for Q2/Q3 2023
    [infographic]

    Further reading

    Featured Research Projects 2023 (Q2/Q3)

    “Here are my selections for the top research projects of the last quarter.”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    CIO

    01
    Build Your Generative AI Roadmap

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    02
    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    03
    Build an IT Risk Taxonomy

    If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

    04
    Navigate the Digital ID Ecosystem to Enhance Customer Experience

    Beyond the hype: How it can help you become more customer-focused?

    05
    Effective IT Communications

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    06
    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    07
    Effectively Manage CxO Relations

    Make relationship management a daily habit with a personalized action plan.

    08
    Establish High-Value IT Performance Dashboards and Metrics

    Spend less time struggling with visuals and more time communicating about what matters to your executives.

    Applications

    09
    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn't start with technology but with an effective plan that the team can align on.

    10
    Develop Your Value-First Business Process Automation Strategy

    As you scale your business automations, focus on what matters most.

    11
    Manage Requirements in an Agile Environment

    Agile and requirements management are complementary, not competitors.

    Security

    12
    Assess Your Cybersecurity Insurance Policy

    Adapt to changes in the cyber insurance market.

    13
    Design and Implement a Business-Aligned Security Program

    Focus first on business value.

    Infrastructure & Operations

    14
    Automate IT Asset Data Collection

    Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.

    Industry | Retail

    15
    Leveraging AI to Create Meaningful Insights and Visibility in Retail

    AI prominence across the enterprise value chain.

    Industry | Education

    16
    Understand the Implications of Generative AI in Education

    Bans aren't the answer, but what is?

    Industry | Wholesale

    17
    Wholesale Industry Business Reference Architecture

    Business capability maps, value streams, and strategy maps for the wholesale industry.

    Industry | Retail Banking

    18
    Mainframe Modernization for Retail Banking

    A strategy for modernizing mainframe systems to meet the needs of modern retail banking.

    Industry | Utilities

    19
    Data Analytics Use Cases for Utilities

    Building upon the collective wisdom for the art of the possible.

    Build Your Generative AI Roadmap

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    CIO
    Strategy & Governance

    Photo of Bill Wong, Principal Research Director, Info-Tech Research Group.

    Bill Wong
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build Your Generative AI Roadmap' research.

    Sample of the 'Build Your Generative AI Roadmap' research.

    Logo for Info-Tech.

    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    CIO
    Strategy & Governance

    Photo of Brian Jackson, Principal Research Director, Info-Tech Research Group.

    Brian Jackson
    Principal Research Director

    Download this report or book an analyst call on this topic

    Sample of the 'CIO Priorities 2023' report.

    Sample of the 'CIO Priorities 2023' report.

    Logo for Info-Tech.

    Build an IT Risk Taxonomy

    If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

    CIO
    Strategy & Governance

    Photo of Donna Bales, Principal Research Director, Info-Tech Research Group.

    Donna Bales
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build an IT Risk Taxonomy' research.

    Sample of the 'Build an IT Risk Taxonomy' research.

    Logo for Info-Tech.

    Navigate the Digital ID Ecosystem to Enhance Customer Experience

    Beyond the hype: How it can help you become more customer-focused?

    CIO
    Strategy & Governance

    Photo of Manish Jain, Principal Research Director, Info-Tech Research Group.

    Manish Jain
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Navigate the Digital ID Ecosystem to Enhance Customer Experience' research.

    Sample of the 'Navigate the Digital ID Ecosystem to Enhance Customer Experience' research.

    Logo for Info-Tech.

    Effective IT Communications

    Empower IT employees to communicate well with any stakeholder across the organization.

    CIO
    People & Leadership

    Photo of Brittany Lutes, Research Director, Info-Tech Research Group.

    Brittany Lutes
    Research Director

    Photo of Diana MacPherson, Senior Research Analyst, Info-Tech Research Group.

    Diana MacPherson
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Effective IT Communications' research.

    Sample of the 'Effective IT Communications' research.

    Logo for Info-Tech.

    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    CIO
    People & Leadership

    Photo of Jane Kouptsova, Research Director, Info-Tech Research Group.

    Jane Kouptsova
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Develop a Targeted Flexible Work Program for IT' research.

    Sample of the 'Develop a Targeted Flexible Work Program for IT' research.

    Logo for Info-Tech.

    Effectively Manage CxO Relations

    Make relationship management a daily habit with a personalized action plan.

    CIO
    Value & Performance

    Photo of Mike Tweedle, Practice Lead, Info-Tech Research Group.

    Mike Tweedle
    Practice Lead

    Download this research or book an analyst call on this topic

    Sample of the 'Effectively Manage CxO Relations' research.

    Sample of the 'Effectively Manage CxO Relations' research.

    Logo for Info-Tech.

    Establish High-Value IT Performance Dashboards and Metrics

    Spend less time struggling with visuals and more time communicating about what matters to your executives.

    CIO
    Value & Performance

    Photo of Diana MacPherson, Senior Research Analyst, Info-Tech Research Group.

    Diana MacPherson
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Sample of the 'Establish High-Value IT Performance Dashboards and Metrics' research.

    Sample of the 'Establish High-Value IT Performance Dashboards and Metrics' research.

    Logo for Info-Tech.

    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn't start with technology but with an effective plan that the team can align on.

    Applications
    Business Processes

    Photo of Ricardo de Oliveira, Research Director, Info-Tech Research Group.

    Ricardo de Oliveira
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build Your Enterprise Application Implementation Playbook' research.

    Sample of the 'Build Your Enterprise Application Implementation Playbook' research.

    Logo for Info-Tech.

    Develop Your Value-First Business Process Automation Strategy

    As you scale your business automations, focus on what matters most.

    Applications
    Business Processes

    Photo of Andrew Kum-Seun, Research Director, Info-Tech Research Group.

    Andrew Kum-Seun
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Develop Your Value-First Business Process Automation Strategy' research.

    Sample of the 'Develop Your Value-First Business Process Automation Strategy' research.

    Logo for Info-Tech.

    Manage Requirements in an Agile Environment

    Agile and requirements management are complementary, not competitors.

    Applications
    Application Development

    Photo of Vincent Mirabelli, Principal Research Director, Info-Tech Research Group.

    Vincent Mirabelli
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Manage Requirements in an Agile Environment' research.

    Sample of the 'Manage Requirements in an Agile Environment' research.

    Logo for Info-Tech.

    Assess Your Cybersecurity Insurance Policy

    Adapt to changes in the cyber insurance market.

    Security
    Security Risk, Strategy & Governance

    Photo of Logan Rohde, Senior Research Analyst, Info-Tech Research Group.

    Logan Rohde
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Sample of the 'Assess Your Cybersecurity Insurance Policy' research.

    Sample of the 'Assess Your Cybersecurity Insurance Policy' research.

    Logo for Info-Tech.

    Design and Implement a Business-Aligned Security Program

    Focus first on business value.

    Security
    Security Risk, Strategy & Governance

    Photo of Michel Hébert, Research Director, Info-Tech Research Group.

    Michel Hébert
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Design and Implement a Business-Aligned Security Program' research.

    Sample of the 'Design and Implement a Business-Aligned Security Program' research.

    Logo for Info-Tech.

    Automate IT Asset Data Collection

    Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.

    Infrastructure & Operations
    I&O Process Management

    Photo of Andrew Sharp, Research Director, Info-Tech Research Group.

    Andrew Sharp
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Automate IT Asset Data Collection' research.

    Sample of the 'Automate IT Asset Data Collection' research.

    Logo for Info-Tech.

    Leveraging AI to Create Meaningful Insights and Visibility in Retail

    AI prominence across the enterprise value chain.

    Industry Coverage
    Retail

    Photo of Rahul Jaiswal, Principal Research Director, Info-Tech Research Group.

    Rahul Jaiswal
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Leveraging AI to Create Meaningful Insights and Visibility in Retail' research.

    Sample of the 'Leveraging AI to Create Meaningful Insights and Visibility in Retail' research.

    Logo for Info-Tech.

    Understand the Implications of Generative AI in Education

    Bans aren't the answer, but what is?

    Industry Coverage
    Education

    Photo of Mark Maby, Research Director, Info-Tech Research Group.

    Mark Maby
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Understand the Implications of Generative AI in Education' research.

    Sample of the 'Understand the Implications of Generative AI in Education' research.

    Logo for Info-Tech.

    Wholesale Industry Business Reference Architecture

    Business capability maps, value streams, and strategy maps for the wholesale industry.

    Industry Coverage
    Wholesale

    Photo of Rahul Jaiswal, Principal Research Director, Info-Tech Research Group.

    Rahul Jaiswal
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Wholesale Industry Business Reference Architecture' research.

    Sample of the 'Wholesale Industry Business Reference Architecture' research.

    Logo for Info-Tech.

    Mainframe Modernization for Retail Banking

    A strategy for modernizing mainframe systems to meet the needs of modern retail banking.

    Industry Coverage
    Retail Banking

    Photo of David Tomljenovic, Principal Research Director, Info-Tech Research Group.

    David Tomljenovic
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Mainframe Modernization for Retail Banking' research.

    Sample of the 'Mainframe Modernization for Retail Banking' research.

    Logo for Info-Tech.

    Data Analytics Use Cases for Utilities

    Building upon the collective wisdom for the art of the possible.

    Industry Coverage
    Utilities

    Photo of Jing Wu, Principal Research Director, Info-Tech Research Group.

    Jing Wu
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Data Analytics Use Cases for Utilities' research.

    Sample of the 'Data Analytics Use Cases for Utilities' research.

    Sneak Peaks: Research coming in next quarter!

    “Next quarter we have a big lineup of reports and some great new research!”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    1. Build MLOps and Engineering for AI and ML

      Enabling you to develop your Engineering and ML Operations to support your current & planned use cases for AI and ML.

    2. Leverage Gen AI to Improve Your Test Automation Strategy

      Enabling you to embed Gen AI to assist your team during testing broader than Gen AI compiling code.

    3. Make Your IT Financial Data Accessible, Reliable, and Usable

      This project will provide a recipe for bringing IT's financial data to a usable state through a series of discovery, standardization, and policy-setting actions.

    4. Implement Integrated AI Governance

      Enabling you to implement best-practice governance principles when implementing Gen AI.

    5. Develop Exponential IT Capabilities

      Enabling you to understand and develop your strategic Exponential IT capabilities.

    6. Build Your AI Strategy and Roadmap

      This project will provide step-by-step guidance in development of your AI strategy with an AI strategy exemplar.

    7. Priorities for Data Leaders in 2024 and Beyond

      This report will detail the top five challenges expected in the upcoming year and how you as the CDAO can tackle them.

    8. Deploy AIOps More Effectively

      This research is designed to assess the process maturity of your IT operations and help identify pain pains and opportunities for AI deployment within your IT operations.

    9. Design Your Edge Computing Architecture

      This research will provide deployment guidelines and roadmap to address your edge computing needs.

    10. Manage Change in the AI-Enabled Enterprise

      Managing change is complex with the disruptive nature of emerging tech like AI. This research will assist you from an organizational change perspective.

    11. Assess the Security and Privacy Impacts of Your AI Vendors

      This research will allow you to enhance transparency, improve risk management, and ensure the security and privacy of data when working with AI vendors.

    12. Prepare Your Board for AI Disruption

      This research will arm you with tools to educate your board on the impact of Gen AI, addressing the potential risks and the potential benefits.

    Info-Tech Research Leadership Team

    “We have a world-class team of experts focused on providing practical, cutting-edge IT research and advice.”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    Photo of Jack Hakimian, Senior Vice President, Research Development, Info-Tech Research Group.

    Jack Hakimian
    Senior Vice President
    Research Development

    Photo of Aaron Shum, Vice President, Security & Privacy Research, Info-Tech Research Group.

    Aaron Shum
    Vice President
    Security & Privacy Research

    Photo of Larry Fretz, Vice President, Industry Research, Info-Tech Research Group.

    Larry Fretz
    Vice President
    Industry Research

    Photo of Mark Tauschek, Vice President, Research Fellowships, Info-Tech Research Group.

    Mark Tauschek
    Vice President
    Research Fellowships

    Photo of Tom Zehren, Chief Product Officer, Info-Tech Research Group.

    Tom Zehren
    Chief Product Officer

    Photo of Rick Pittman, Vice President, Advisory Quality & Delivery, Info-Tech Research Group.

    Rick Pittman
    Vice President
    Advisory Quality & Delivery

    Photo of Nora Fisher, Vice President, Shared Services, Info-Tech Research Group.

    Nora Fisher
    Vice President
    Shared Services

    Photo of Becca Mackey, Vice President, Workshops, Info-Tech Research Group.

    Becca Mackey
    Vice President
    Workshops

    Photo of Geoff Nielson, Senior Vice President, Global Services & Delivery, Info-Tech Research Group.

    Geoff Nielson
    Senior Vice President
    Global Services & Delivery

    Photo of Brett Rugroden, Senior Vice President, Global Market Programs, Info-Tech Research Group.

    Brett Rugroden
    Senior Vice President
    Global Market Programs

    Photo of Hannes Scheidegger, Senior Vice President, Global Public Sector, Info-Tech Research Group.

    Hannes Scheidegger
    Senior Vice President
    Global Public Sector

    About Info-Tech Research Group

    Info-Tech Research Group produces unbiased and highly relevant research to help leaders make strategic, timely, and well-informed decisions. We partner closely with your teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for the organization.

    Sample of the IT Management & Governance Framework.

    Drive Measurable Results

    Our world-class leadership team is continually focused on building disruptive research and products that drive measurable results and save money.

    Info-Tech logo.

    Better Research Than Anyone

    Our team of experts is composed of the optimal mix of former CIOs, CISOs, PMOs, and other IT leaders and IT and management consultants as well as academic researchers and statisticians.

    Dramatically Outperform Your Peers

    Leverage Industry Best Practices

    We enable over 30,000 members to share their insights and best practices that you can use by having direct access to over 100 analysts as an extension of your team.

    Become an Info-Tech influencer:

    • Help shape our research by talking with our analysts.
    • Discuss the challenges, insights, and opportunities in your chosen areas.
    • Suggest new topic ideas for upcoming research cycles.

    Contact
    Jack Hakimian
    jhakimian@infotech.com

    We interview hundreds of experts and practitioners to help ensure our research is practical and focused on key member challenges.

    Why participate in expert interviews?

    • Discuss market trends and stay up to date.
    • Influence Info-Tech's research direction with your practical experience.
    • Preview our analysts' perspectives and preliminary research.
    • Build on your reputation as a thought leader and research contributor.
    • See your topic idea transformed into practical research.

    Thank you!

    Join us at our webinars to discuss more topics.

    For information on Info-Tech's products and services and to participate in our research process, please contact:

    Jack Hakimian
    jhakimian@infotech.com

    Design a VIP Experience for Your Service Desk

    • Buy Link or Shortcode: {j2store}480|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • VIPs and executives expect to get immediate service for every IT issue, no matter how minor, and the service desk is constantly in reactive mode trying to quickly resolve these issues.
    • VIPs don’t understand or have input into service desk processes, procedures, and SLAs, especially when it comes to prioritization of their issues over other tickets.
    • The C-suite calls the CIO directly with every issue they have, tying them up and forcing them to redirect resources with little notice.
    • VIP tickets sit in the queue too long without a response or resolution, and VIPs are dissatisfied with the service they receive.

    Our Advice

    Critical Insight

    • Service desk and IT leaders are unclear on VIPs' service delivery expectations or the best support model to meet their needs while continuing to meet SLAs for the rest of the organization.
    • Deploying resources to service VIPs ahead of other users or more critical problems can result in inappropriate prioritization of issues and poor service delivery to the rest of the organization.
    • The reality for most organizations is that VIPs need special treatment; but providing VIP service shouldn’t come at the expense of good service delivery for the rest of the organization.

    Impact and Result

    • Stop being reactive to VIP requests and start planning for them so you can formally define the service and set expectations.
    • Talk to all relevant stakeholders to clarify their expectations before choosing a VIP service delivery model. Once you have designed your model, define and document the VIP service processes and procedures and communicate them to your stakeholders so everyone is clear on what is in and out of scope.
    • Once you’ve launched the service, track and report on key service desk metrics associated with VIP requests so you can properly allocate resources, budget accurately, evaluate the effectiveness of the service and demonstrate it to executives.

    Design a VIP Experience for Your Service Desk Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design a VIP Experience for Your Service Desk Storyboard – A guide to defining your VIP service desk support model

    Follow the seven steps outlined in this blueprint to design a VIP support model that best suits your organization, then communicate and evaluate the service to ensure it delivers results.

    • Design a VIP Experience for Your Service Desk Storyboard

    2. Service Desk VIP Procedures Template – A customizable template to document your service desk procedures for handling VIP tickets.

    This template is designed to assist with documenting your service desk procedures for handling VIP or executive tickets. It can be adapted and customized to reflect your specific support model and procedures.

    • Service Desk VIP Procedures Template

    3. VIP Support Process Workflow Example – A Visio template to document your process for resolving VIP tickets.

    This Visio template provides an example of a VIP support process, with every step involved in resolving or fulfilling VIP service desk tickets. Use this as an example to follow and a template to document your own process.

    • VIP Support Process Workflow Example

    4. VIP Support Service Communication Template – A customizable PowerPoint template to communicate and market the service to VIP users.

    This template can be customized to use as an executive presentation to communicate and market the service to VIP users and ensure everyone is on the same page.

    • VIP Support Service Communication Template
    [infographic]

    Further reading

    Design a VIP Experience for Your Service Desk

    Keep the C-suite satisfied without sacrificing service to the rest of the organization.

    Analyst Perspective

    Stop being reactive to VIP demands and formalize their service offering.

    Natalie Sansone, PHD

    Natalie Sansone, PHD

    Research Director,
    Infrastructure & Operations
    Info-Tech Research Group

    In a perfect world, executives wouldn’t need any special treatment because the service desk could rapidly resolve every ticket, regardless of the submitter, keeping satisfaction levels high across the board.

    But we know that’s not the case for most organizations. Executives and VIPs demand higher levels of service because the reality in most companies is that their time is worth more. And any IT leader who’s had a VIP complain about their service knows that their voice also carries more weight than that of a regular dissatisfied user.

    That said, most service desks feel strapped for resources and don’t know how to improve service for VIPs without sacrificing service to the rest of the organization.

    The key is to stop being reactive to VIP demands and formalize your VIP service procedures so that you can properly set expectations for the service, monitor and measure it, and continually evaluate it to make changes if necessary.

    A VIP offering doesn’t have to mean a white glove concierge service, either – it could simply mean prioritizing VIP tickets differently. How do you decide which level of service to offer? Start by assessing your specific needs based on demand, gather requirements from relevant stakeholders, choose the right approach to fit your business needs and capabilities, clearly define and document all aspects of the service then communicate it so that everyone is on the same page as to what is in and out of scope, and continually monitor and evaluate the service to make changes and improvements as needed.

    Executive Summary

    Your Challenge

    • VIPs and executives expect to get immediate service for every IT issue, no matter how minor, and the service desk is constantly in reactive mode trying to quickly resolve these issues.
    • VIPs don’t understand or have input into service desk processes, procedures, and SLAs, especially when it comes to prioritization of their issues over other tickets.
    • The C-suite calls the CIO directly with every issue they have, tying them up and forcing them to redirect resources with little notice.
    • VIP tickets sit in the queue too long without a response or resolution, and VIPs are dissatisfied with the service they receive.

    Common Obstacles

    • Service desk and IT leaders are unclear on the expectations that VIPs have for service delivery, or they disagree about the best support model to meet their needs while continuing to meet SLAs for the rest of the organization.
    • Service desk teams with limited resources are unsure how best to allocate those resources to handle VIP tickets in a timely manner.
    • There aren’t enough resources available at the service desk to provide the level of service that VIPs expect for their issues.
    • Deploying resources to service VIPs ahead of other users can result in inappropriate prioritization of issues and poor service delivery to the rest of the organization

    Info-Tech's Approach

    • Stop being reactive to VIP requests and start planning for them so you can formally define the service and set expectations.
    • Talk to all relevant stakeholders to clarify their expectations before choosing a VIP service delivery model.
    • Define and document the VIP service processes and procedures, including exactly what is in and out of scope.
    • Track and report on metrics associated with VIP requests so you can properly allocate resources and budget for the service.
    • Continually evaluate the service to expand, reduce, or redefine it, as necessary.

    Info-Tech Insight

    The reality for most organizations is that VIPs need special treatment. But providing VIP service shouldn’t come at the expense of good service delivery for the rest of the organization. To be successful with your approach, formalize the VIP offering to bring consistency and clear expectations for both users and the IT staff delivering the service.

    Do any of these scenarios sound familiar?

    All these familiar scenarios can occur when the service desk treats VIP issues reactively and doesn’t have a defined, documented, and agreed-upon VIP process in place.
    • A VIP calls because their personal printer isn’t working, but you also have a network issue affecting payroll being able to issue paychecks. The VIP wants their issue fixed immediately despite there being a workaround and a higher priority incident needing resources.
    • The COO calls the CIO after hours about issues they’re having with their email. The CIO immediately deploys a field tech back to the office to help the COO. Once the tech arrives, the COO says the issue could have waited until the morning.
    • The company president wants IT to spend a day at their house setting up their new personal laptop to be able to connect into the office before their vacation tomorrow. It would take away one FTE from an already understaffed service desk.
    • The CEO brings their child’s new iPhone in and asks the service desk if they have time to set it up as a favor today. The service desk manager instructs the T2 apps specialist to drop his other tickets to work on this immediately.
    • Two tickets come in at the same time – one is from an SVP who can’t log in to Teams and has an online meeting in half an hour, and the other is for a department of 10 who can’t access the network. The service desk doesn’t know who to help first.

    Different organizations can take very different approaches to VIP requests

    CASE STUDIES

    Providing VIP support helped this company grow

    Allocating a dedicated VIP technician slowed down service delivery for this company

    Situation

    		 A SaaS company looking to build and scale its services and customers decided to set up a VIP support program, which involved giving their most valuable customers white glove treatment to ensure they had a great experience, became long-term customers, and thus had a positive influence on others to build up the company’s customer base. VIPs were receiving executive-level support with a dedicated person for VIP tickets. The VIPs were happy with the service, but the VIP technician’s regular work was frequently impeded by having to spend most of her time doing white glove activities. The service desk found that in some cases, more critical work was slipping as a result of prioritizing all executive tickets.

    Resolution

    		 First, they defined who would receive VIP support, then they clearly defined the service, including what VIP support includes, who gets the service, and what their SLAs for service are. They found that the program was an effective way to focus their limited resources on the customers with the highest value potential to increase sales.
    While this model differs from an IT service desk VIP support program, the principles of dedicating resources to provide elevated support to your most important and influential customers for the benefit and growth of the company as a whole remain the same.     		The service desk decided to remove the VIP function. They demonstrated that the cost per contact was too high for dedicated executive support, and reallocating that dedicated technician to the service desk would improve the resolution time of all business incidents and requests. VIPs could still receive prioritized support through the escalation process, but they would contact the regular service desk with their issues. VIPs approved the change, and as a result of removing the dedicated support function, the service desk reduced average incident resolution times by 28% and request fulfillment times by 33%.

    A well-designed and communicated VIP support service can deliver many benefits

    The key to deciding whether a VIP service is right for your organization is to first analyze your needs, match them against your resources, then clearly define and document exactly what is in scope for the service.

    A successfully designed VIP service will lead to:

    • Executives and VIPs can easily contact the service desk and receive exceptional support and customer service from a knowledgeable technician, increasing their trust in the service desk.
    • All service desk tickets are prioritized appropriately and effectively in order to maximize overall ticket resolution and fulfillment times.
    • All users have a clear understanding of how to get in touch with the service desk and expected SLAs for specific ticket types.
    • Critical, business-impacting issues still receive priority service ahead of minor tickets submitted by a VIP.
    • All service desk technicians are clear on processes and procedures for prioritizing and handling VIP tickets.
    • Executives are satisfied with the service they receive and the value that IT provides
    • Reduced VIP downtime, contributing to overall organization productivity and growth.

    A poorly designed or reactive VIP service will lead to:

    • VIPs expect immediate service for non-critical issues, including after-hours.
    • VIPs circumvent the correct process and contact the CIO or service desk manager directly for all their issues.
    • Service desk resources stretched thin, or poor allocation of resources leads to degraded service for the majority of users.
    • More critical business issues are pushed back in order to fix non-critical executive issues.
    • Service desk is not clear how to prioritize tickets and always addresses VIP tickets first regardless of priority.
    • The service desk automatically acts on VIP tickets even when the VIP doesn’t require it or realize they’re getting a different level of service.
    • Non-VIP users are aware of the different service levels and try to request the same priority for their tickets. Support costs are over budget.

    Follow Info-Tech’s approach to design a successful VIP support model

    Follow the seven steps in this blueprint to design a VIP support model that works for your organization:
    1. Understand the support models available, from white glove service to the same service for everyone.
    2. Gather business requirements from all relevant stakeholders.
    3. Based on your business needs, choose the right approach.
    4. Define and document all details of the VIP service offering.
    5. Communicate and market the offering to VIPs so they’re aware of what’s in scope.
    6. Monitor volume and track metrics to evaluate what’s working.
    7. Continually improve or modify the service as needed over time.

    Blueprint deliverables

    The templates listed below are designed to assist you with various stages of this project. This storyboard will direct you when and how to complete them.

    Service Desk VIP Procedures Template

    Use this template to assist with documenting your service desk procedures for handling VIP or executive tickets.

    VIP Support Process Workflow Example

    Use this Visio template to document your process for resolving or fulfilling VIP tickets, from when the ticket is submitted to when it’s closed.

    VIP Support Service Communication Template

    Use this template to customize your executive presentation to communicate and market the service to VIP users.

    Insight Summary

    Key Insight

    The reality for most organizations is that VIPs need special treatment. But providing VIP service shouldn’t be at the expense of good service delivery for the rest of the organization. To be successful with your approach, formalize the VIP offering to bring consistency and clear expectations for both users and the IT staff delivering the service.

    Additional insights:

    Insight 1

    		 VIP service doesn’t have to mean concierge service. There are different levels and models of VIP support that range in cost and level of service provided. Carefully evaluate your needs and capacity to choose the approach that works best for your organization.

    Insight 2

    		 This service is for your most valued users, so design it right from the start to ensure their satisfaction. Involve stakeholders from the beginning, incorporate their feedback and requirements, keep them well-informed about the service, and continually collect and act on feedback to deliver the intended value.

    Insight 3

    		 Intentional, continual monitoring and measurement of the program must be part of your strategy. If your metrics or feedback show that something isn’t working, fix it. If you find that the perceived value isn’t worth the high cost of the program, make changes. Even if everything seems to be working fine, identify ways to improve it or make it more efficient.

    Step 1: Understand the different support models

    Step overview:

    • Understand the support models available, from white glove service to the same service for everyone

    First, define what “VIP support” means in your organization

    VIP support from the service desk usually refers to an elevated level of service (i.e. faster, after-hours, off-site, and/or with more experienced resources) that is provided to those at the executive level of the organization.

    A VIP typically includes executives across the business (e.g. CIO, CEO, CxO, VPs) and sometimes the executive assistants who work directly with them. However, it can also include non-executive-level but critical business roles in some organizations.

    The level of VIP service provided can differ from receiving prioritization in the queue to having a dedicated, full-time technician providing “white glove” service.

    Info-Tech Insight

    You don’t have to use the term “VIP”, as long as you clearly define the terms you are using. Some organizations use the term “VIR” to refer to very important roles rather than people, and some define “critical users” to reflect who should receive prioritized service, for example.

    There are essentially two options for VIP support, but multiple determining factors

    While the details are more specific, your options for VIP support really come down to two: they either receive some kind of enhanced service (either from a dedicated support team or through prioritization from the regular support team) or they don’t. Which option you choose will depend on a wide range of factors, some of which are represented in the diagram below. Factors such as IT budget, size of organization help determine which VIP support model you choose: Enhanced, or the same as everyone else. With enhanced service, you can opt to a dedicated support team or same support team but with prioritized service.

    Option 1: Same service for everyone

    What does it look like?

    VIP tickets are prioritized in the same way as every other ticket – with an assessment by impact and urgency. This allows every ticket to be prioritized appropriately according to how big the impact of the issue is and how quickly it needs to be resolved – regardless of who the submitter is. This means that VIPs with very urgent issues will still receive immediate support, as would a non-VIP user with a critical issue.

    Who is it best suited for?

    • Small organizations and IT teams.
    • Executives don’t want special treatment.
    • Not enough service desk resources or budget to provide prioritized or dedicated VIP service.
    • Service desk is already efficient and meeting SLAs for all requests and incidents.

    Pros

    • Highest level of consistency in service because the same process is followed for all user groups.
    • Ensures that service doesn’t suffer for non-VIP users for teams with a limited number of service desk staff.
    • No additional cost.
    • Potential to argue for more resources if executive service expectations aren’t met.

    Cons

    • Does not work if executives expect or require elevated service regardless of issue type.
    • Potential for increase in management escalations or complaints from dissatisfied executives. Some may end up jumping the queue as a result, which results in unstandardized VIP treatment only for some users.

    Info-Tech Insight

    Don’t design a VIP service solely out of fear that VIPs will be unhappy with the standard level of support the service desk provides. In some cases, it is better to focus your efforts on improving your standard support for everyone rather than only for a small percentage of users, especially if providing that elevated VIP support would further deteriorate service levels for the rest of the organization.

    Option 2: Prioritized service for VIPs

    What does it look like?

    • VIPs still go through the service desk but receive higher priority than non-VIP tickets.
    • Requests from VIP submitters are still evaluated using the standard prioritization matrix but are bumped up in urgency or priority. More critical issues can still take precedence.
    • Existing service desk resources are still used to resolve the request, but requests are just placed closer to the “front of the line.”
    • VIP users are identified in the ticketing system and may have a separate number to call or are routed differently/skip the queue within the ACD/IVR.

    Who is it best suited for?

    • Organizations that want or need to give VIPs expedited or enhanced service, but that don’t have the resources to dedicate to a completely separate VIP service desk team.

    Pros

    • Meets the need of executives for faster service.
    • Balances the need for prioritized service to VIPs while not sacrificing resources to handle most user requests.
    • All tickets still go through a single point of contact to be triaged and monitored by the service desk.
    • Easy to measure and compare performance of VIP service vs. standard service because processes are the same.

    Cons

    • Slight cost associated with implementing changes to phone system if necessary.
    • Makes other users aware that VIPs receive “special treatment” – some may try to jump the queue themselves.
    • May not meet the expectations of some executives who prefer dedicated, face-to-face resources to resolve their issues.

    Info-Tech Insight

    If you’re already informally bumping VIP tickets up the queue, this may be the most appropriate model for you. Bring formalization to your process by clearly defining exactly where VIP tickets fit in your prioritization matrix to ensure they are handled consistently and that VIPs are aware of the process.

    Option 3: Dedicated VIP service

    What does it look like?

    • VIPs contact a dedicated service desk and receive immediate/expedited support, often face to face.
    • Often a separate phone number or point of contact.
    • Similar to concierge service or “white glove” service models.
    • At least one dedicated FTE with good customer service skills and technical knowledge who builds trust with executives.

    Who is it best suited for?

    • Larger enterprises with many VIP users to support, but where VIPs are geographically clustered (as geography sprawls, the cost of the service will spiral).
    • IT organizations with enough resources on the service desk to support a dedicated VIP function.
    • Organizations where executives require immediate, in-person support.

    Pros

    • Most of the time, this model results in the fastest service delivery to executives.
    • Most personal method of delivering support with help often provided in person and from familiar, trusted technicians.
    • Usually leads to the highest level of satisfaction with the service desk from executives.

    Cons

    • Most expensive model; usually requires at least one dedicated, experienced FTE to support and sometimes after-hours support.
    • Essentially two separate service desks; can result in a disconnect between staff.
    • Career path and cross-training opportunities for the dedicated staff may be limited; role can be exhausting.
    • Reporting on the service can be more complicated and tickets are often logged after the fact.
    • If not done well, quality of service can suffer for the rest of the organization.

    Info-Tech Insight

    This type of model is essential in many large enterprises where the success of the company can depend on VIPs having access to dedicated support to minimize downtime as much as possible. However, it also requires the highest level of planning and dedication to get right. Without carefully documented processes and procedures and highly trained staff to support the model, it will fail to deliver the expected benefits.

    Step 2: Capture business needs

    Step overview:

    • Analyze your data and gather requirements to determine whether there is a need for a VIP service.

    Assess current state and metrics

    You can’t define your target state without a clear understanding of your current state. Analyze your ticket data and reports to identify the type and volume of VIP requests the service desk receives and how well you’re able to meet these requests with your current resources and structure.

    Analyze ticket data

    • What volume of tickets are you supporting? How many of those tickets come from VIP users?
    • What is your current resolution time for incidents and requests? How well are you currently meeting SLAs?
    • How quickly are executive/VIP tickets being resolved? How long do they have to wait for a response?
    • How many after-hours requests do you receive?

    Assess resourcing

    • How many users do you support; what percentage of them would be identified as VIP users?
    • How many service desk technicians do you have at each tier?
    • How well are you currently meeting demand? Would you be able to meet demand if you dedicated one or more Tier 2 technicians to VIP support?
    • If you would need to hire additional resources, is there budget to do so?

    Use the data to inform your assessment

    • Do you have a current problem with service delivery to VIPs and/or all users that needs to be addressed by changing the VIP support model?
    • Do you have the demand to support the need for a VIP service?
    • Do you have the resources to support providing VIP service?

    Leverage Info-Tech’s tools to inform your assessment

    Analyze your ticket data and reports to understand how well you’re currently meeting SLAs, your average response and resolution times, and the volume and type of requests you get from VIPs in order to understand the need for changing your current model. If you don’t have the ticket data to inform your assessment, leverage Info-Tech’s Service Desk Ticket Analysis Tool.

    Service Desk Ticket Analysis Tool

    Use this tool to identify trends and patterns in your ticket data. The ticket summary dashboard contains multiple reports analyzing how tickets come in, who requests them, who resolves them, and how long it takes to resolve them.

    If you need help understanding how well your current staff is able to handle your current ticket volume, leverage Info-Tech’s Service Desk Staffing Calculator to analyze demand and ticket volume trends. While not specifically designed to analyze VIP tickets, you could run the assessment separately for VIP volume if you have that data available.

    Service Desk Staffing Calculator

    Use this tool to help you estimate the optimal resource allocation to support your demand over time.

    Engage stakeholders to understand their requirements

    Follow your organization’s requirements gathering process to identify and prioritize stakeholders, conduct stakeholder interviews, and identify, track, and prioritize their requirements and expectations for service delivery.

    Gather requirements from VIP stakeholders

    1. Identify which stakeholders need to be consulted.
    2. Prioritize stakeholders in terms of influence and interest in order to identify who to engage in the requirements gathering process.
    3. Build a plan for gathering the requirements of key stakeholders in terms of VIP service delivery.
    4. Conduct requirements gathering and record the results of each stakeholder interaction.
    5. Analyze and summarize the results to determine the top expectations and requirements for VIP service desk support.

    If your organization does not have a defined requirements gathering process or template, leverage Info-Tech tools and templates:

    The Improve Requirements Gathering blueprint can be adapted from software requirements gathering to service desk.

    The PMO Requirements Gathering Tool can be adapted from interviewing stakeholders on their PMO requirements to service desk requirements.

    Info-Tech Insight

    Don’t guess at what your VIPs need or want – ask them and involve them in the service design. Many IT leaders sacrifice overall service quality to prioritize VIPs, thinking they expect immediate service. However, they later find out that the VIPs just assumed the service they were receiving was the standard service and many of their issues can wait.

    Identify additional challenges and opportunities by collecting perceptions of business users and stakeholders

    Formally measuring perceptions from your end users and key business stakeholders will help to inform your needs and determine how well the service desk is currently meeting demands from both VIP users and the entire user base.

    CIO Business Vision

    Info-Tech's CIO Business Vision program is a low-effort, high-impact program that will give you detailed report cards on the organization’s satisfaction with IT’s core services. Use these insights to understand your key business stakeholders, find out what is important to them, and improve your interactions.

    End User Satisfaction

    Info-Tech’s End User Satisfaction Program helps you measure end-user satisfaction and importance ratings of core IT services, IT communications, and business enablement to help you decide which IT service capabilities need to be addressed to meet the demands of the business.

    Learn more about Info-Tech’s CIO Business Vision or End User Satisfaction Program .

    Step 3: Choose the right approach

    Step overview:

    • Based on your assessment from Step 2, decide on the best way to move forward with your VIP service model.

    Use your assessment results to choose the most appropriate support model

    The table below is a rough guide for how the results of your assessments may line up to the most appropriate model for your organization:

    Example assessment results for: Dedicated service, prioritized service, and same servce based off of the assessment source: Ticket analysis, staffing analysis, or stakeholder.

    Info-Tech Insight

    If you’re in the position of deciding how to improve service to VIPs, it’s unlikely that you will end up choosing the “same service” model. If your data analysis tells you that you are currently meeting every metric target for all users, this may actually indicate that you’re overstaffed at the service desk.

    If you choose a specialized VIP support model, ensure there is a strong, defined need before moving forward

    Do not proceed if:

    • Your decision is purely reactive in response to a perceived need or challenges you’re currently experiencing
    • The demand is coming from a single dissatisfied executive without requirements from other VIPs being collected.
    • Your assessment data does not support the demand for a dedicated VIP function.
    • You don’t have the resources or support required to be successful in the approach.

    Proceed with a VIP model if:

    • You’re prepared to scale and support the model over the long term.
    • Business stakeholders have clearly expressed a need for improved VIP service.
    • Data shows that there is a high volume of urgent requests from VIPs.
    • You have the budget and resources required to support an enhanced VIP service delivery model.

    Step 4: Design the service offering

    Step overview:

    • Define and document all processes, procedures, and responsibilities relevant to the VIP support offering.

    Clearly define the service and eligible users

    Once you’ve decided on the most appropriate model, clearly describe the service and document who is eligible to receive it.

    1. Define exactly what the service is before going into the procedural details. High-level examples to start from are provided below:

    Prioritized Service Model

    When a designated VIP user contacts the service desk with a question, incident, or service request, their ticket will be prioritized over non-VIP tickets following the prioritization matrix. This process has been designed in accordance with business needs and requirements, as defined VIP users have more urgent demands on their time and the impact of downtime is greater as it has the potential to impact the business. However, all tickets, VIP tickets included, must still be prioritized by impact and urgency. Incidents that are more critical will still be resolved before VIP tickets in accordance with the prioritization process.

    Dedicated Service Model

    VIP support is a team of dedicated field technicians available to provide an elevated level of service including deskside support for executives and designated VIP users. VIP users have the ability to contact the VIP support service through a dedicated phone number and will receive expedited ticket handling and resolution by dedicated Tier 2 specialists with experience dealing with executives and their unique needs and requirements. This process has been designed in accordance with business needs and requirements.

    2 Identify VIP-eligible users

    • Define who qualifies as a VIP to receive VIP support or be eligible to contact the dedicated VIP service desk/concierge desk.
    • If other users or EAs can submit tickets on behalf of VIPs, identify those individuals as well.
    • Review the list and cut back if necessary. Less is usually more here, especially when starting out. If everyone is a VIP, then no one is truly a VIP.
    • Identify who maintains ownership over the list of eligible VIP users and how any changes to the list or requests for changes will be handled.
    • Ensure that all VIP-eligible users are clearly identified in the ITSM system.

    Map out the VIP process in a workflow

    Use a visual workflow to document the process for resolving or fulfilling VIP tickets, from when the ticket is submitted to when it gets closed.

    Your workflow should address the following:

    • How should the ticket be prioritized?
    • When are escalations necessary?
    • What happens if a user requests VIP service but is not defined as eligible?
    • Should the user verify that the issue is resolved before the ticket is closed?
    • What automatic notifications or communications need to go out and when?
    • What manual communications or notifications need to be sent out (e.g. when a ticket is escalated or reassigned)?
    VIP Support Process Example.

    Use the VIP Support Process Workflow Example as a template to map out your own process.

    Define and document all VIP processes and procedures

    Clearly describe the service and all related processes and procedures so that both the service delivery team and users are on the same page.

    Define all aspects of the service so that every VIP request will follow the same standardized process and VIPs will have clear expectations for the service they receive. This may include:

    • How VIPs should contact the service desk
    • How VIP tickets will be prioritized
    • SLAs and service expectations for VIP tickets
    • Ticket resolution or fulfillment steps and process
    • Escalation points and contacts
    • After-hours requests process

    If VIP user requests receive enhanced priority, for example, define exactly how those requests should be prioritized using your prioritization matrix. An example is found below and in the Service Desk VIP Procedures Template.

    Prioritization matrix for classification of incidents and requests.

    Use Info-Tech’s Service Desk VIP Procedures Template as a guide

    This template is designed to assist with documenting your service desk procedures for handling VIP or executive tickets. The template is not meant to cover all possible VIP support models but is an example of one support model only. It should be adapted and customized to reflect your specific support model and procedures.

    It includes the following sections:

    1. VIP support description/overview
    2. VIP support entitlement (who is eligible)
    3. Procedures
      • Ticket submission and triage
      • Ticket prioritization
      • SLAs and escalation
      • VIP ticket resolution process
      • After-hours requests
    4. Monitoring and reporting

    Download the Service Desk VIP Procedures Template

    Allocate resources or assign responsibilities specific to VIP support

    Regardless of the support model you choose, you’ll need to be clear on service desk agents’ responsibilities when dealing with VIP users.
    • Clarify the expectations of any service desk agent who will be handling VIP tickets; they should demonstrate excellent customer service skills and expertise, respect for the VIP and the sensitivity of their data, and prompt service.
    • Use a RACI chart to clarify responsibility and accountability for VIP-specific support tasks.
    • If you will be moving to a dedicated VIP support team, clearly define the responsibilities of any new roles or tasks. Sample responsibilities can be found on the right.
    • If you will be changing the role of an existing service desk agent to become focused solely on providing VIP support, clarify how the responsibilities of other service desk agents may change too, if at all.
    • Be clear on expectations of agents for after-hours support, especially if there will be a change to the current service provision.

    Sample responsibilities for a dedicated VIP support technician/specialist may include:

    • Resolve support tickets for all eligible VIP users following established processes and procedures.
    • Provide both onsite and remote support to executives.
    • Quickly and effectively diagnose and resolve technical issues with minimal disruption to the executive team.
    • Establish trust with executives/VIPs by maintaining confidentiality and privacy while providing technical support.
    • Set up, monitor, and support high-priority meetings, conferences, and events.
    • Demonstrate excellent communication and customer service skills when providing support to executives.
    • Coordinate more complex support issues with higher level support staff and track tickets through to resolution when needed.
    • Learn new technology and software ahead of implementation to train and support executive teams for use.
    • Conduct individual or group training as needed to educate on applications or how to best use technology to enhance productivity.
    • Proactively manage, maintain, update, and upgrade end-user devices as needed.

    Configure your ITSM tool to support your processes

    Configure your tool to support your processes, not the other way around.
    • Identify and configure VIP users in the system to ensure that they are easily identifiable in the system (e.g. there may be a symbol beside their name).
    • Configure automations or build ticket templates that would automatically set the urgency or priority of VIP tickets.
    • Configure any business rules or workflows that apply to the VIP support process.
    • Define any automated notifications that need to be sent when a VIP ticket is submitted, assigned, escalated, or resolved (e.g. notify service desk manager or a specific DL).
    • Define metrics and customize dashboards and reports to monitor VIP tickets and measure the success of the VIP service.
    • Configure any SLAs that apply only to VIPs to ensure displayed SLAs are accurate.

    Step 5: Launch the service

    Step overview:

    • Communicate and market the service to all relevant stakeholders so everyone is on the same page as to how it works and what’s in scope.

    Communicate the new or revised service to relevant stakeholders ahead of the launch

    If you did your due diligence, the VIP service launch won’t be a surprise to executives. However, it’s critical to

    continue the engagement and communicate the details of the service well to ensure there are no misperceptions about the

    service when it launches.

    Goals of communicating and marketing the service:

    1. Create awareness and understanding of the purpose of the VIP service and what it means for eligible users.
    2. Solidify commitment and buy-in for the service from all stakeholders.
    3. Ensure that all users know how to access the service and any changes to the way they should interact with the service desk.
    4. Set expectations for new/revised service levels.
    5. Reduce and address any concerns about the change in process.

    Info-Tech Insight

    This step isn’t only for the launch of new services. Even if you’re enhancing or right-sizing an existing VIP service, take the opportunity to market the improvements, remind users of the correct processes, and collect feedback.

    Leverage Info-Tech’s communication template to structure your presentation

    This template can be customized to use as an executive presentation to communicate and market the service to VIP users. It includes:

    • Key takeaways
    • Current-state assessment
    • Requirements gathering and feedback results
    • Objectives for the service
    • Anticipated benefits
    • Service entitlement
    • How the service works
    • Escalations and feedback contacts
    • Timeline of next steps

    Info-Tech Insight

    If you’re launching a dedicated concierge service for VIPs, highlight the exclusivity of the service in your marketing to draw users in. For example, if eligible VIPs get a separate number to call, expedited SLAs, or access to more tenured service desk experts, promote this added value of the service.

    Download the VIP Support Service Communication Template

    Step 6: Monitor and measure

    Step overview:

    • Measure and monitor the success of the program by tracking and reporting on targeted metrics.

    Evaluate and demonstrate the success of the program with key metrics

    Targeted metrics to evaluate the success of the VIP program will be critical to understanding and demonstrating whether the service is delivering the intended value. Track key metrics to:

    • Track if and how well you’re meeting your defined SLAs for VIP support.
    • Measure demand for VIP support (i.e. ticket volume and types of tickets) and evaluate against resource supply to determine whether a staffing adjustment is needed to meet demand.
    • Measure the cost of providing the VIP service in order to report back to executives.
    • Leverage real data to quantitatively demonstrate that you’re providing enhanced service to VIPs if there is an escalation or negative feedback from one individual.
    • Monitor service delivery to non-VIP users to ensure that service to the rest of the organization isn’t impacted by the VIP service
    • Evaluate the types of ticket that are submitted to the VIP service to inform training plans, self-service options, device upgrades, or alternatives to reduce future volume.

    Info-Tech Insight

    If your data definitively shows the VIP offering delivers enhanced service levels, publish these results to business leadership. A successful VIP service is a great accomplishment to market and build credibility for the service desk.

    Tie metrics to critical success factors

    Apart from your regular service desk metrics, identify the top metrics to tie to the key performance indicators of the program’s success factors.

    Sample Critical Success Factors

    • Increased executive satisfaction with the service desk
    • Improved response and resolution times to VIP tickets
    • Demand for the service is matched by supply

    Sample Metrics

    • End-user satisfaction scores on VIP tickets
    • Executive satisfaction with the service desk as measured on a broader annual survey
    • Response and resolution times for VIP tickets
    • Percentage of SLAs met for VIP tickets
    • VIP ticket volume
    • Average speed of answer for VIP calls

    Download Define Service Desk Metrics that Matter and the Service Desk Metrics Workbook for help defining CSFs, KPIs, and key metrics

    Step 7: Continually improve

    Step overview:

    • Continually evaluate the program to identify opportunities for improvement or modifications to the service support model.

    Continually evaluate the service to identify improvements

    Executives are happy, resolution times are on target – now what? Even if everything seems to be working well, never stop monitoring, measuring, and evaluating the service. Not only can metrics change, but there can also always be ways to improve service.

    • Continual improvement should be a mindset – there are always opportunities for improvement, and someone should be responsible for identifying and tracking these opportunities so that they actually get done.
    • Just as you asked for feedback and involvement from VIPs (and their assistants who may submit tickets on their behalf) in designing the service, you should continually collect that feedback and use it to inform improvements to the service.
    • End-user satisfaction surveys, especially broader, more targeted surveys, are also a great source of improvement ideas.
    • Even if end users don’t perceive any need for improvement, IT should still assess how they can make their own processes more efficient or offer alternatives to make delivery easier.

    Download Info-Tech’s Build a Continual Improvement Program blueprint to help you build a process around continual improvement, and use the Continual Improvement Register tool to help you identify and prioritize improvement initiatives.

    Info-Tech Insight

    Don’t limit your continual improvement efforts to the VIP service. Once you’ve successfully elevated the VIP service, look to how you can apply elements of that service to elevate support to the rest of the organization. For example, through providing a roaming service desk, a concierge desk, a Genius-Bar-style walk-in service, etc.

    Expand, reduce, or modify as needed

    Don’t stop with a one-time program evaluation. Continually use your metrics to evaluate whether the service offering needs to change to better suit the needs of your executives and organization. It may be fine as is, or you may find you need to do one of the following:

    Expand

    • If the service offering has been successful and/or your data shows underuse of VIP-dedicated resources, you may be able to expand the offering to identify additional roles as VIP-eligible.
    • Be cautious not to expand the service too widely; not only should it feel exclusive to VIPs, but you need to be able to support it.
    • Also consider whether elements that have been successful in the VIP program (e.g. a concierge desk, after-hours support) should be expanded to be offered to non-VIPs.

    Reduce

    • If VIPs are not using the service as much as anticipated or data shows supply outweighs demand, you may consider scaling back the service to save costs and resources.
    • However, be careful in how you approach this – it shouldn’t negatively impact service to existing users.
    • Rather, evaluate costly services like after-hours support and whether it’s necessary based on demand, adjust SLAs if needed, or reallocate service desk resources or responsibilities. For example, if demand doesn’t justify a dedicated service desk technician, either add non-VIP tasks to their responsibilities or consider moving to a prioritized model.

    Modify

    • The support model doesn’t need to be set in stone. If elements aren’t working, change them! If the entire support model isn’t working, reevaluate if it’s the best model for your organization.
    • Don’t make decisions in a vacuum, though. Just as executives were involved in decision-making at the outset, continually gather their feedback and use it to inform the service design.

    Related Info-Tech Research

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management to create a sustainable service desk.

    Optimize the Service Desk With a Shift-Left Strategy

    This project will help you build a strategy to shift service support left to optimize your service desk operations and increase end-user satisfaction.

    Build a Continual Improvement Plan

    This project will help you build a continual improvement plan for the service desk to review key processes and services and manage the progress of improvement initiatives.

    Deliver a Customer Service Training Program to Your IT Department

    This project will help you deliver a targeted customer service training program to your IT team to enhance their customer service skills when dealing with end users, improve overall service delivery, and increase customer satisfaction.

    Works Cited

    Munger, Nate. “Why You Should Provide VIP Customer Support.” Intercom, 13 Jan. 2016. Accessed Jan. 2023.

    Ogilvie, Ryan. “We Did Away With VIP Support and Got More Efficient.” HDI, 17 Sep. 2020. Accessed Jan. 2023.

    Get Started With Artificial Intelligence

    • Buy Link or Shortcode: {j2store}345|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $24,469 Average $ Saved
    • member rating average days saved: 18 Average Days Saved
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • It is hard to not hear about how AI is revolutionizing the world. Across all industries, new applications for AI are changing the way humans work and how we interact with technologies that are used in modern organizations.
    • It can be difficult to see the specific applications of AI for your business. With all of the talk about the AI revolution, it can be hard to tie the rapidly changing and growing field of AI to your industry and organization and to determine which technologies are worth serious time and investment, and which ones are too early and not worth your time.

    Our Advice

    Critical Insight

    • AI is not a magic bullet. Instead, it is a tool for speeding up data-driven decision making. A more appropriate term for current AI technology is data-enabled, automated, adaptive decision support. Use when appropriate.
    • Garbage in, garbage out still applies to AI ‒ and it is even more relevant! AI technology has its foundations in data. Lots of it. Relevant, accurate, and timely data is essential to the effective use of AI.
    • AI is a rapidly evolving field – and this means that you can learn from others more effectively. Using a use case-based approach, you can learn from the successes and failures of others to more rapidly narrow down how AI can show value for you.

    Impact and Result

    • Understand what AI really means in practice.
    • Learn what others are doing in your industry to leverage AI technologies for competitive advantage.
    • Determine the use cases that best apply to your situation for maximum value from AI in your environment.
    • Define your first AI proof-of-concept (PoC) project to start exploring what AI can do for you.
    • Separate the signal from the noise when wading through the masses of marketing material around AI.

    Get Started With Artificial Intelligence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to get up to speed with the rapid changes in AI technologies taking over the world today, review Info-Tech’s methodology, and understand the four ways we can support you on your AI journey.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Explore the possibilities

    Understand what AI really is in the modern world and how AI technologies impact the business functions.

    • Get Started With Artificial Intelligence – Phase 1: Explore the Possibilities

    2. Learn from your peers and give your AI a purpose

    Develop a good understanding of where AI is delivering value in your industry and other verticals. Determine the top three business goals to get value from your AI and give your AI a purpose.

    • Get Started With Artificial Intelligence – Phase 2: Learn From Your Peers and Give Your AI a Purpose

    3. Select your first AI PoC

    Brainstorm your AI PoC projects, prioritize and sequence your AI ideas, select your first AI PoC, and create a minimum viable business case for this use case.

    • Get Started With Artificial Intelligence – Phase 3: Select Your First AI PoC
    • Idea Reservoir Tool
    • Minimum Viable Business Case Document
    • Prototyping Workbook
    [infographic]

    Build Your Data Practice and Platform

    • Buy Link or Shortcode: {j2store}347|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    The complex nature of data investment leads to de-scoping and delivery of data services that do not meet business needs or give value to the business. Subject matter experts are hired to resolve the problem, but their success is impacted by absent architecture, technology, and organizational alignment.

    Our Advice

    Critical Insight

    Walking through a book of architecture building plans with a personal guide is cheaper and faster than employing an architect to build and design your home.

    Impact and Result

    Info-Tech's approach provides a proven methodology that includes the following:

    • Business-aligned data initiatives and capabilities that address data challenges and realize business strategic objectives.
    • Comprehensive data practice designed based on the required business and data capabilities.
    • Data platform design based on Info-Tech data architecture reference patterns and prioritized data initiatives and capabilities.

    Build Your Data Practice and Platform Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Your Data Practice and Platform Storyboard – A step-by-step document that leverages road-tested patterns and frameworks to properly build your data practice and pattern in continuous alignment with the business landscape.

    Info-Tech's approach provides a proven methodology that includes following:   

  • Business-aligned data initiatives and capabilities that address data challenges and realize business strategic objectives.
  • Comprehensive data practices designed based on the required business and data capabilities.

    • Build Your Data Practice and Platform Storyboard

    2. Data Practice and Platform Models – Leveraging best-of-breed frameworks to help you build a clear, concise, and compelling data practice and platform.

    Data practice & platform pre-build pattern templates based on Info-Tech data reference patterns and data platform design best practices.

    • Data Practice and Platform Models

    Infographic

    Workshop: Build Your Data Practice and Platform

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Context and Value

    The Purpose

    Establish business context and value.

    Key Benefits Achieved

    Business context and strategic driver.

    Activities

    1.1 Understand/confirm the organization's strategic goals

    1.2 Classify the strategic goals and map to business drivers

    1.3 Identify the business capabilities that the strategy focuses on

    1.4 Identify the business processes realizing the strategy

    Outputs

    Business context and strategic drivers

    Prioritized business capabilities and processes

    Data culture survey results analysis

    2 Identify Your Top Initiatives

    The Purpose

    Identify your top initiatives.

    Key Benefits Achieved

    High-value business-aligned data initiative.

    Activities

    2.1 Highlight data-related outcomes/goals to realize to fulfill the business goal

    2.2 Map business data initiatives to the business strategic goals

    2.3 Prioritize data initiatives

    Outputs

    High-value, business-aligned data initiatives

    3 Analyze Data Challenges

    The Purpose

    Analyze data challenges.

    Key Benefits Achieved

    Clear understanding of the data challenges.

    Activities

    3.1 Map data challenges to Info-Tech data challenges

    3.2 Review Info-Tech data capabilities based on prioritized initiatives

    3.3 Discuss data platform and practice next steps

    Outputs

    List of data challenges preventing data maturation with the organization

    4 Map Data Capability

    The Purpose

    Map data capability.

    Key Benefits Achieved

    Prioritized data capability.

    Activities

    4.1 Map data challenges to Info-Tech data challenges

    4.2 Review Info-Tech data capabilities based on prioritized initiatives

    4.3 Discuss data platform and practice next steps

    Outputs

    Required data capabilities

    Data platform and practice – plan

    Initialized data management RACI 

    Further reading

    Build Your Data Practice and Platform

    Construct a scalable data foundation

    Analyst Perspective

    Build a data practice and platform that delivers value to your organization.

    The build or optimization of your data practice and data platform must be predicated on a thorough understanding of the organization’s goals, objectives, and priorities and the business capabilities and process they are meant to support and enable.

    Formalizing your practice or constructing your platform just for the sake of doing so often results in an initiative that is lengthy, costly, fizzles out, does not deliver business value, and ends up being considered a failure.

    Leverage Info-Tech’s approach and incorporate our pre-built models and patterns to effectively navigate that crucial and often difficult phase upfront of comprehensively defining business data needs so you can ultimately realize faster time-to-delivery of your overall data practice and platform.

    Photo of Rajesh Parab, Director, Research & Advisory, Data & Analytics Practice, Info-Tech Research Group.

    Rajesh Parab
    Director, Research & Advisory, Data & Analytics Practice
    Info-Tech Research Group
    Photo of Crystal Singh, Director, Research & Advisory, Data & Analytics Practice, Info-Tech Research Group.

    Crystal Singh
    Director, Research & Advisory, Data & Analytics Practice
    Info-Tech Research Group

    Attempting to Solve Data Problems?

    Situation
    • Lack of data centric leadership results in downstream issues such as integration, quality, and accessibility.
    • The complex nature of the data and lack of understanding leads to de-scoping delivery of data services that does not meet business needs or add value.
    • Poorly designed practice and siloed platforms result in an initiative that is lengthy, costly, fizzles out, does not deliver business value, and ends up being considered a failure.
    		 Complication
    • Data problem: When the data problem is diagnosed, the organization adopts a tactical approach.
    • Confirmation bias: Subject matter experts (SME) are hired to resolve the poorly defined problem, but the success of the SME is impacted by lack of architecture, technology, and organizational alignment.
    • Still no value: The selected tactical approach does not provide a solid foundation or solve your data problem.
    • Strategy for sake of strategy: Implementing a strategic approach for the sake of being strategic but this becomes overwhelming.
    • Fall back to tactical and operational: The data services are now potentially exposed and vulnerable, which strains business continuity and increases data debt.
    • Increased complexity and risk: Data silos, poor understanding, and high complexity results in an unmanageable data environment.
    		 Resolution
    • Requirements: Define and align your data requirement to business.
    • Capabilities: Discover data, identify data capabilities, and map your requirements.
    • Practices: Design and select fit-for-purpose data practices.
    • Platform: Optimize your data platform investments though sound architecture.

    Info-Tech Insight

    The true value of data comes from defining intentional relationships between the business and the data through a well thought out data platform and practice.

    Situation – Perpetual Data Problem

    Diagram of a head with gears around it and speech bubbles with notes titled 'Data Problem'. The surrounding gears, clockwise from bottom left, say 'Accessibility', 'Trust', 'Data Breach', 'Ambiguity', 'Ownership', 'Duplication', 'System Failure', and 'Manual Manipulation'. The speech bubbles notes, clockwise from bottom left, say 'Value-Add: How do I translate business needs to data capabilities?', 'Practice Organization: How do I organize resources and roles assignment challenges?', 'Platform: How do I organize data flows with no conceptual view of the environment?', and 'Break Down Silos: How do I break down silos?'
    I can’t access the data.
    I don’t trust the data in the report.
    It takes too long to get to the data for decision making
    • Lack of data-centric leadership results in downstream issues: integration, quality, accessibility
    • The organization’s data is too complex to manage without a cohesive plan.
    • The complex nature of the data and a lack of understanding leads to de-scoping delivery of data services that does not meet business needs or add value.
    • Poorly designed practice and siloed platforms result in an initiative that is lengthy, costly, fizzles out, does not deliver business value, and ends up being considered a failure.

    Complication – Data Initiative Fizzles Out

    • Data problem: When the data problem is diagnosed the organization adopts a tactical approach.
    • Confirmation bias: Subject matter experts (SME) are hired to resolve the poorly defined problem, but the success of the SME is impacted by lack of architecture, technology, and organizational alignment.
    • Still no value: the selected tactical approach does not provide a solid foundation or solve your data problem.
    • Strategy for sake of strategy: Implementing a strategic approach for sake of being strategic but this becomes overwhelming.
    • Fall back to tactical and operational: The data services are now potentially exposed and vulnerable, which strains business continuity and increases data debt.
    • Increased complexity and risk: Data silos, poor understanding, and high complexity result in an unmanageable data environment.
    		 Flowchart beginning with 'Data Symptom Exhibited' and 'Data Problem Diagnosed', then splitting into two paths 'Solve Data Problem as a point solution' or 'Attempt Strategic approach without culture, capacity, and business leadership'. Each approach ends with 'Data too complex, and initiative fizzles out...' and cycles back to the beginning.
    Use the road-tested patterns and frameworks in our blueprint to break the perpetual data solution cycle. Focus on the value that a data and analytics platform will bring rather than focusing on the data problems alone.

    Build Your Data Practice and Platform

    Bring Your Data Strategy to Life

    		 Logo for Info-Tech.
    Logo for #iTRG.
    CONVENTIONAL WISDOM

    Attempting to Solve Your Data Problems

    DATA SYMPTOM EXHIBITED

    Mismatch report, data quality issue, or similar symptom of a data problem.

    		 DATA PROBLEM DIAGNOSED

    Data expert identifies it as a data problem.

    		 COMPLEX STRATEGIC APPROACH ATTEMPTED

    Recognized need to attempt it strategically, but don't have capacity or culture to execute.
    Cycle diagram titled 'Data Problems' with numbers connected to surrounding steps, and a break after Step 3 where one can 'BREAK THE CYCLE'. In the middle are a list of data problems: 'Accessibility’, ‘Data Breach', 'Manual Manipulation', 'System Failure', 'Ambiguity', 'Duplication', 'Ownership', and 'Trust'.
    SOLUTION FAILS

    The tactical solution fails to solve the root cause of the data problem, and the data symptoms persist.

    		 TACTICAL SOLUTION FALLBACK

    A quick and dirty solution is attempted in order to fix the data problem.

    		 THE COMPLEX APPROACH FIZZLES OUT

    Attempted strategic approach takes too long, fizzles out.
    		BREAK THE CYCLE

    Solving Your Data Problems

    1. DEFINE YOUR DATA REQUIREMENTS Incorporate a Business to Data Approach by utilizing Info-Tech's business capability templates for identifying data needs. BUSINESS-ALIGNED DATA REQUIREMENTS
    2. CONDUCT YOUR DATA DISCOVERY Understand the data behind your business problem. Identify the required data capabilities and domains as required by your business processes. RECOMMENDED DATA CAPABILITIES
    3. DESIGN YOUR DATA PRACTICES Build your custom data practices based on the predefined reusable models. CUSTOMIZED DATA PRACTICE
    4. ARCHITECT YOUR DATA PLATFORM Build your custom data platform based on the redefined reusable architecture patterns. CUSTOMIZED DATA PLATFORM
    		 CONTINUOUS PHASE: ROADMAP, SPONSORSHIP FEEDBACK AND DELIVERY

    Develop a roadmap to establish the practice and implement the architecture as designed. Ensure continuous alignment of the practice and architecture with the business landscape.

    Phase-by-Phase Approach to Build Your Data Practice and Platform

    Flowchart detailing the path to take through the four phases of this blueprint beginning with the 'Inputs' and 'People' involved and incorporating 'Deliverables' along the way. Phase-by-Phase Approach
    • Phase 1: Step 1 – Define Your Data Requirement
    • Phase 1: Step 2 – Conduct Your Data Discovery
    • Phase 2 – Design Your Data Practice
    • Phase 3 – Architect Your Data Platform

    Measure value when building your data practice and platform

    Sample Data Management Metrics

    Lists of data management metrics in different categories.

    • Refine the metrics for the overall Data Management practice and every initiative therein.
    • Refine the metrics at each platform and practice component to show business value against implementation effort.

    Understand and Build Data Culture

    See your Info-Tech Account Representative for more details on our Data Culture Diagnostic

    Only 14.29% of Transportation and Logistics respondents agree BI and Analytics Process and Technology are sufficient What is a diagnostic?

    Our diagnostics are the simplest way to collect the data you need, turn it into actionable insights, and communicate with stakeholders across the organization.

    		 52.54% of respondents from the healthcare industry are unaware of their organization’s data security policy
    Ask the Right Questions

    Use our low-effort surveys to get the data you need from stakeholders across the organization.

    		 Use Our Diagnostic Engine

    Our diagnostic engine does all the heavy lifting and analysis, turning your data into usable information.

    		 Communicate & Take Action

    Wow your executives with the incredible insights you've uncovered. Then, get to action: make IT better.
    On average only 40% agree that they have the reporting when needed


    (Source: Info-Tech’s Data Culture Diagnostic, 53 Organizations, 3138 Responses)

    		 35% of respondents feel that a governance body is in place looking at strategic data

    Build a Data-Driven Strategy Using Info-Tech Diagnostic Programs

    Make informed IT decisions by starting your diagnostic program today. Your account manager is waiting to help you.    		 Sample of Info-Tech's 'Data Culture Scorecard'.

    Use Our Predefined Data and Analytics Patterns to Build Your DnA Landscape

    Walking through a book of architecture building plans with a personal guide is cheaper and faster than employing an architect to build and design your home

    Two books titled 'The Everything Homebuilding Book' and 'Architecture 101'. An open book with a finger pointing to a diagram.

    The first step is to align business strategy with data strategy and then start building your data practice and data platform

    		 Flowchart starting with business strategy focuses, then to data strategy focuses, and eventually to 'Data Metrics'.

    Insights

    The true value of data comes from defining intentional relationships between the business and the data through a well-thought-out data platform and practice.

    • Phase 1
      • Some organizations are low maturity so using the traditional Capability Maturity Model Integration (CMMI) would not make sense. A great alternative is to leverage existing models and methodologies to get going off the bat.
      • The Data Strategy is an input into the platform and practice. This is considered the Why; Data Practice and Platform is the How.
    • Phase 2
      • Info-Tech’s approach is business-goal driven and it leverages patterns, which enable the implementation of critical and foundational components and subsequently facilitates the evolution and development of the practice over time.
      • Systems should not be designed in isolation. Cross-functional collaboration throughout the design is critical to ensure all types of issues are revealed early. Otherwise, crucial tests are omitted, deployments fail, and end-users are dissatisfied.
    • Phase 3
      • Build your conceptual data architecture based on well-thought-out formulated patterns that align with your organization’s needs and environment.
      • Functional needs often take precedence over quality architecture. Quality must be baked into design, execution, and decision-making practices to ensure the right trade-offs are made.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Info-Tech’s Methodology for Building Your Data Practice and Platform

    Phase 1 –
    Define Your Data Requirements and Conduct Your Data Discovery    		 Phase 2 –
    Design Your Data Practices    		 Phase 3 –
    Architect Your Data Platform
    Phase Steps
    1. Identify your top initiatives
    2. Map your data initiatives to data capabilities
    1. Understand the practices value statement
    2. Review the Info-Tech practice pattern
    3. Initiate your practice design and setup
    1. Identify your data component
    2. Refine your data platform architecture
    3. Design your data platform
    4. Identify your new components and capabilities
    5. Initiative platform build and rollout
    Phase Outcomes Business-aligned data initiatives and capabilities that address data challenges and realize business strategic objectives Comprehensive data practice design based on the required business and data capabilities Data platform design based on Info-Tech data architecture reference pattern and prioritized data initiatives and capabilities

    Data Platform and Practice Implementation Plan

    Example timeline for data platform and practice implementation plan with 'Fiscal Years' across the top, and below they're broken down into quarters. Along the left side 'Phase 1: Step 1...', 'Phase 1: Step 2...', 'Phase 2...' and 'Phase 3'. Tasks are mapped onto the timeline in each phase with a short explanation.

    Workshop Overview
    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Info-Tech’s Workshop support for Build Your Data Practice and Platform. 'Build Your Data Practice and Platform' slide from earlier.
    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    		 Workshop 1

    Data Needs and Discovery

    		 Workshop 2

    Data Practice Design

    		 Workshop 3

    Data Platform Design

    Workshop 1:
    Data Needs and Discovery

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1 Day 2 Day 3 Day 4
    Establish Business Context and Value
    Identify Your Top Initiatives
    Analyze Data Challenges
    Map Data Capability
    Activities

    1.1 Understand/confirm your organization’s strategic goals

    1.2 Classify the strategic goals and map to business drivers

    1.3 Identify the business capabilities that the strategy focus is on

    1.4 Identify the business processes realizing the strategy

    2.1 Highlight data-related outcomes /goals to realize to fulfill the business goal

    2.2 Map business data initiatives to the business strategic goals

    2.3 Prioritize Data initiatives

    3.1 Understand data management capabilities and framework

    3.2 Classify business data requirements using Info-Tech’s classification approach

    3.3 Highlight data challenges in your current environment

    4.1 Map data challenges to Info-Tech data challenges

    4.2 Review Info-Tech data capabilities based on prioritized initiative

    4.3 Discuss Data Platform and Practice Next Steps
    Deliverables
    • Business context and strategic drivers
    • Prioritized business capabilities and processes
    • Data Culture Survey results analysis
    • High-value business-aligned data initiative
    • List of data challenges preventing data maturation with the organization
    • Required data capabilities
    • Data platform and practice – plan
    • Initialized data management RACI
    Participants Business stakeholder, Business leader Business Subject Matter Expert, Data IT sponsor (CIO), Head of Data, Data Architect Business stakeholder, Business leader Business Subject Matter Expert, Data IT sponsor (CIO), Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect

    Workshop 2:
    Data Practice Design

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1 Day 2 Day 3 Day 4
    Plan Your Data Practices
    Design Your Data Practices 1
    Design Your Data Practices 2
    Design Your Data Practices 3
    Activities

    Prerequisite: Business context, business data requirement, and data capabilities

    1.1 Understand data practice framework

    1.2 Define your practice implementation approach

    1.3 Review and update data management RACI

    2.1 Understand Info-Tech data practice patterns for each prioritized practice

    2.2 Define your practice setup for each prioritized practice

    2.3 Highlight critical processes for each practice

    3.1 Understand Info-Tech data practice patterns for each prioritized practice

    3.2 Define your practice setup for each prioritized practice

    3.3 Highlight critical processes for each practice

    4.1 Understand Info-Tech data practice patterns for each prioritized practice

    4.2 Define your practice setup for each prioritized practice

    4.3 Highlight critical processes for each practice

    4.4 Discuss data platform and practice next steps
    Deliverables
    • Data practice implementation approach
    • Data management RACI
    • Data practice setup pattern for your organization
    • Data practice process pattern for your organization
    • Data practice setup pattern for your organization
    • Data practice process pattern for your organization
    • Data practice setup pattern for your organization
    • Data practice process pattern for your organization
    • Data platform and practice – plan
    Participants Data experts, Business Subject Matter Expert, Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect

    Workshop 3:
    Data Platform Design

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1Day 2Day 3Day 4
    Data Platform Overview
    Update Data Platform Reference Architecture
    Design Your Data Platform
    Design Your Data Practices 4
    Activities

    Prerequisite: Business context, business data requirement, and data capabilities

    1.1 Understand data platform framework and data capabilities

    1.2 Understand key data architecture principles and best practices

    1.3 Shortlist data platform patterns

    2.1 Map and identify data capabilities to data platform components

    2.2 Build data platform architecture using Info-Tech data platform reference architecture

    2.3 Highlight critical processes for each practice

    3.1 Design your target data platform using Info-Tech’s data platform template

    3.2 Identify new capabilities and components in your platform design

    4.1 Identify new capabilities and component in your platform design

    4.2 Discuss data platform initiatives

    Deliverables
    • Shortlisted data platform patterns
    • Data platform reference architecture for your organization
    • Data platform design for your organization
    • Data platform plan
    ParticipantsData experts, Business Subject Matter Expert, Head of Data, Data ArchitectData experts, Business Subject Matter Expert, Head of Data, Data ArchitectData experts, Business Subject Matter Expert, Head of Data, Data ArchitectData experts, Business Subject Matter Expert, Head of Data, Data Architect

    Build Your Data Practice and Platform

    Phase 1

    Phase 1: Step 1 – Define Your Data Requirements
    Phase 1: Step 2 – Conduct Your Data Discovery

    Phase 1

    1.1 Define Your Data Requirements
    1.2 Conduct Your Data Discovery

    		 Phase 2 Phase 3

    Phase 1: Step 1 – Define Your Data Requirements will walk you through the following activities:

    • Confirm the organizational strategic goals, business drivers, business capabilities, and processes driving the Data Practice and Platform effort.
    • Identify the data related outcomes, goals, and ideal environment needed to fulfill the business goals.

    This phase involves the following participants:

    A blend of business leaders and business SMEs together with the Data Strategy team.

    Phase 1: Step 2 – Conduct Your Data Discovery will walk you through the following activities:

    • Identify and highlight the data challenges faced in achieving the desired outcome.
    • Map the data challenges to the data capabilities required to realize the desired data outcome.

    This phase involves the following participants:

    Key personnel from IT/Data team: (Data Architect, Data Engineers, Head of Head of Reporting and Analytics)

    Master Organizational Change Management Practices

    • Buy Link or Shortcode: {j2store}188|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $69,330 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Program & Project Management
    • Parent Category Link: /program-and-project-management
    • Organizational change management (OCM) is often an Achilles’ heel for IT departments and business units, putting projects and programs at risk – especially large, complex, transformational projects.
    • When projects that depend heavily on users and stakeholders adopting new tools, or learning new processes or skills, get executed without an effective OCM plan, the likelihood that they will fail to achieve their intended outcomes increases exponentially.
    • The root of the problem often comes down to a question of accountability: who in the organization is accountable for change management success? In the absence of any other clearly identifiable OCM leader, the PMO – as the organizational entity that is responsible for facilitating successful project outcomes – needs to step up and embrace this accountability.
    • As PMO leader, you need to hone an OCM strategy and toolkit that will help ensure not only that projects are completed but also that benefits are realized.

    Our Advice

    Critical Insight

    • The root of poor stakeholder adoption on change initiatives is twofold:
      • Project planning tends to fixate on technology and neglects the behavioral and cultural factors that inhibit user adoption;
      • Accountabilities for managing change and helping to realize the intended business outcomes post-project are not properly defined in advance.
    • Persuading people to change requires a “soft,” empathetic approach to keep them motivated and engaged. But don’t mistake “soft” for easy. Managing the people part of change is amongst the toughest work there is, and it requires a comfort and competency with uncertainty, ambiguity, and conflict.
    • Transformation and change are increasingly becoming the new normal. While this normality may help make people more open to change in general, specific changes still need to be planned, communicated, and managed. Agility and continuous improvement are good, but can degenerate into volatility if change isn’t managed properly.

    Impact and Result

    • Plan for human nature. To ensure project success and maximize benefits, plan and facilitate the non-technical aspects of organizational change by addressing the emotional, behavioral, and cultural factors that foster stakeholder resistance and inhibit user adoption.
    • Make change management as ubiquitous as change itself. Foster a project culture that is proactive about OCM. Create a process where OCM considerations are factored in as early as project ideation and where change is actively managed throughout the project lifecycle, including after the project has closed.
    • Equip project leaders with the right tools to foster adoption. Effective OCM requires an actionable toolkit that will help plant the seeds for organizational change. With the right tools and templates, the PMO can function as the hub for change, helping the business units and project teams to consistently achieve project and post-project success.

    Master Organizational Change Management Practices Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how implementing an OCM strategy through the PMO can improve project outcomes and increase benefits realization.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare the PMO for change leadership

    Assess the organization’s readiness for change and evaluate the PMO’s OCM capabilities.

    • Drive Organizational Change from the PMO – Phase 1: Prepare the PMO for Change Leadership
    • Organizational Change Management Capabilities Assessment
    • Project Level Assessment Tool

    2. Plant the seeds for change during project planning and initiation

    Build an organic desire for change throughout the organization by developing a sponsorship action plan through the PMO and taking a proactive approach to change impacts.

    • Drive Organizational Change from the PMO – Phase 2: Plant the Seeds for Change During Project Planning and Initiation
    • Organizational Change Management Impact Analysis Tool

    3. Facilitate change adoption throughout the organization

    Ensure stakeholders are engaged and ready for change by developing effective communication, transition, and training plans.

    • Drive Organizational Change from the PMO – Phase 3: Facilitate Change Adoption Throughout the Organization
    • Stakeholder Engagement Workbook
    • Transition Plan Template
    • Transition Team Communications Template

    4. Establish a post-project benefits attainment process

    Determine accountabilities and establish a process for tracking business outcomes after the project team has packed up and moved onto the next project.

    • Drive Organizational Change from the PMO – Phase 4: Establish a Post-Project Benefits Attainment Process
    • Portfolio Benefits Tracking Tool

    5. Solidify the PMO’s role as change leader

    Institute an Organizational Change Management Playbook through the PMO that covers tools, processes, and tactics that will scale all of the organization’s project efforts.

    • Drive Organizational Change from the PMO – Phase 5: Solidify the PMO's Role as Change Leader
    • Organizational Change Management Playbook
    [infographic]

    Workshop: Master Organizational Change Management Practices

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess OCM Capabilities

    The Purpose

    Assess the organization’s readiness for change and evaluate the PMO’s OCM capabilities.

    Estimate the relative difficulty and effort required for managing organizational change through a specific project.

    Create a rough but concrete timeline that aligns organizational change management activities with project scope.

    Key Benefits Achieved

    A better understanding of the cultural appetite for change and of where the PMO needs to focus its efforts to improve OCM capabilities.

    A project plan that includes disciplined organizational change management from start to finish.

    Activities

    1.1 Assess the organization’s current readiness for change.

    1.2 Perform a change management SWOT analysis to assess the PMO’s capabilities.

    1.3 Define OCM success metrics.

    1.4 Establish and map out a core OCM project to pilot through the workshop.

    Outputs

    Organizational Change Management Capabilities Assessment

    A diagnosis of the PMO’s strengths and weaknesses around change management, as well as the opportunities and threats associated with driving an OCM strategy through the PMO

    Criteria for implementation success

    Project Level Assessment

    2 Analyze Change Impacts

    The Purpose

    Analyze the impact of the change across various dimensions of the business.

    Develop a strategy to manage change impacts to best ensure stakeholder adoption.

    Key Benefits Achieved

    Improved planning for both your project management and organizational change management efforts.

    A more empathetic understanding of how the change will be received in order to rightsize the PMO’s OCM effort and maximize adoption.

    Activities

    2.1 Develop a sponsorship action plan through the PMO.

    2.2 Determine the relevant considerations for analyzing the change impacts of a project.

    2.3 Analyze the depth of each impact for each stakeholder group.

    2.4 Establish a game plan to manage individual change impacts.

    2.5 Document the risk assumptions and opportunities stemming from the impact analysis.

    Outputs

    Sponsorship Action Plan

    Organizational Change Management Capabilities Assessment

    Risk and Opportunity Assessment

    3 Establish Collaborative Roles and Develop an Engagement Plan

    The Purpose

    Define a clear and compelling vision for change.

    Define roles and responsibilities of the core project team for OCM.

    Identify potential types and sources of resistance and enthusiasm.

    Create a stakeholder map that visualizes relative influence and interest of stakeholders.

    Develop an engagement plan for cultivating support for change while eliciting requirements.

    Key Benefits Achieved

    Begin to communicate a compelling vision for change.

    Delegate and divide work on elements of the transition plan among the project team and support staff.

    Begin developing a communications plan that appeals to unique needs and attitudes of different stakeholders.

    Cultivate support for change while eliciting requirements.

    Activities

    3.1 Involve the right people to drive and facilitate change.

    3.2 Solidify the vision of change to reinforce and sustain leadership and commitment.

    3.3 Proactively identify potential skeptics in order to engage them early and address their concerns.

    3.4 Stay one step ahead of potential saboteurs to prevent them from spreading dissent.

    3.5 Find opportunities to empower enthusiasts to stay motivated and promote change by encouraging others.

    3.6 Formalize the stakeholder analysis to identify change champions and blockers.

    3.7 Formalize the engagement plan to begin cultivating support while eliciting requirements.

    Outputs

    RACI table

    Stakeholder Analysis

    Engagement Plan

    Communications plan requirements

    4 Develop and Execute the Transition Plan

    The Purpose

    Develop a realistic, effective, and adaptable transition plan, including:Clarity around leadership and vision.Well-defined plans for targeting unique groups with specific messages.Resistance and contingency plans.Templates for gathering feedback and evaluating success.

    Clarity around leadership and vision.

    Well-defined plans for targeting unique groups with specific messages.

    Resistance and contingency plans.

    Templates for gathering feedback and evaluating success.

    Key Benefits Achieved

    Execute the transition in coordination with the timeline and structure of the core project.

    Communicate the action plan and vision for change.

    Target specific stakeholder and user groups with unique messages.

    Deal with risks, resistance, and contingencies.

    Evaluate success through feedback and metrics.

    Activities

    4.1 Sustain changes by adapting people, processes, and technologies to accept the transition.

    4.2 Decide which action to take on enablers and blockers.

    4.3 Start developing the training plan early to ensure training is properly timed and communicated.

    4.4 Sketch a communications timeline based on a classic change curve to accommodate natural resistance.

    4.5 Define plans to deal with resistance to change, objections, and fatigue.

    4.6 Consolidate and refine communication plan requirements for each stakeholder and group.

    4.7 Build the communications delivery plan.

    4.8 Define the feedback and evaluation process to ensure the project achieves its objectives.

    4.9 Formalize the transition plan.

    Outputs

    Training Plan

    Resistance Plan

    Communications Plan

    Transition Plan

    5 Institute an OCM Playbook through the PMO

    The Purpose

    Establish post-project benefits tracking timeline and commitment plans.

    Institute a playbook for managing organizational change, including:

    Key Benefits Achieved

    A process for ensuring the intended business outcomes are tracked and monitored after the project is completed.

    Repeat and scale best practices around organizational change to future PMO projects.

    Continue to build your capabilities around managing organizational change.

    Increase the effectiveness and value of organizational change management.

    Activities

    5.1 Review lessons learned to improve organizational change management as a core PM discipline.

    5.2 Monitor capacity for change.

    5.3 Define roles and responsibilities.

    5.4 Formalize and communicate the organizational change management playbook.

    5.5 Regularly reassess the value and success of organizational change management.

    Outputs

    Lessons learned

    Organizational Change Capability Assessment

    Organizational Change Management Playbook

    Further reading

    Master Organizational Change Management Practices

    PMOs, if you don't know who is responsible for org change, it's you.

    Analyst Perspective

    Don’t leave change up to chance.

    "Organizational change management has been a huge weakness for IT departments and business units, putting projects and programs at risk – especially large, complex, transformational projects.

    During workshops with clients, I find that the root of this problem is twofold: project planning tends to fixate on technology and neglects the behavioral and cultural factors that inhibit user adoption; further, accountabilities for managing change and helping to realize the intended business outcomes post-project are not properly defined.

    It makes sense for the PMO to be the org-change leader. In project ecosystems where no one seems willing to seize this opportunity, the PMO can take action and realize the benefits and accolades that will come from coordinating and consistently driving successful project outcomes."

    Matt Burton,

    Senior Manager, Project Portfolio Management

    Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • PMO Directors who need to improve user adoption rates and maximize benefits on project and program activity.
    • CIOs who are accountable for IT’s project spend and need to ensure an appropriate ROI on project investments.

    This Research Will Help You:

    • Define change management roles and accountabilities among project stakeholders.
    • Prepare end users for change impacts in order to improve adoption rates.
    • Ensure that the intended business outcomes of projects are more effectively realized.
    • Develop an organizational change management toolkit and best practices playbook.

    This Research Will Also Assist:

    • Project managers and change managers who need to plan and execute changes affecting people and processes.
    • Project sponsors who want to improve benefits attainment.
    • Business analysts who need to analyze the impact of change.

    This Research Will Help Them:

    • Develop communications and training plans tailored to specific audiences.
      • Identify strategies to manage cultural and behavioral change.
    • Maximize project benefits by ensuring changes are adopted.
    • Capitalize upon opportunities and mitigate risks.

    Drive organizational change from the PMO

    Situation

    • As project management office (PMO) leader, you oversee a portfolio of projects that depend heavily on users and stakeholders adopting new tools, complying with new policies, following new processes, and learning new skills.
    • You need to facilitate the organizational change resulting from these projects, ensuring that the intended business outcomes are realized.

    Complication

    • While IT takes accountability to deliver the change, accountability for the business outcomes is opaque with little or no allocated resourcing.
    • Project management practices focus more on the timely implementation of projects than on the achievement of the desired outcomes thereafter or on the behavioral and cultural factors that inhibit change from taking hold in the long term.

    Resolution

    • Plan for human nature. To ensure project success and maximize benefits, plan and facilitate the non-technical aspects of organizational change by addressing the emotional, behavioral, and cultural factors that foster stakeholder resistance and inhibit user adoption.
    • Make change management as ubiquitous as change itself. Foster a project culture that is proactive about OCM. Create a process where OCM considerations are factored in as early as project ideation and change is actively managed throughout the project lifecycle, including after the project has closed.
    • Equip project leaders with the right tools to foster adoption. Effective OCM requires an actionable toolkit that will help plant the seeds for organizational change. With the right tools and templates, the PMO can function as a hub for change, helping business units and project teams to consistently achieve project and post-project success.
    Info-Tech Insight

    Make your PMO the change leader it’s already expected to be. Unless accountabilities for organizational change management (OCM) have been otherwise explicitly defined, you should accept that, to the rest of the organization – including its chief officers – the PMO is already assumed to be the change leader.

    Don’t shy away from or neglect this role. It’s not just the business outcomes of the organization’s projects that will benefit; the long-term sustainability of the PMO itself will be significantly strengthened by making OCM a core competency.

    Completed projects aren’t necessarily successful projects

    The constraints that drive project management (time, scope, and budget) are insufficient for driving the overall success of project efforts.

    For instance, a project may come in on time, on budget, and in scope, but

    • …if users and stakeholders fail to adopt…
    • …and the intended benefits are not achieved…

    …then that “successful project” represents a massive waste of the organization’s time and resources.

    A supplement to project management is needed to ensure that the intended value is realized.

    Mission (Not) Accomplished

    50% Fifty percent of respondents in a KPMG survey indicated that projects fail to achieve what they originally intended. (Source: NZ Project management survey)

    56% Only fifty-six percent of strategic projects meet their original business goals. (Source: PMI)

    70% Lack of user adoption is the main cause for seventy percent of failed projects. (Source: Collins, 2013)

    Improve project outcomes with organizational change management

    Make “completed” synonymous with “successfully completed” by implementing an organizational change management strategy through the PMO.

    Organizational change management is the practice through which the PMO can improve user adoption rates and maximize project benefits.

    Why OCM effectiveness correlates to project success:

    • IT projects are justified because they will make money, save money, or make people happier.
    • Project benefits can only be realized when changes are successfully adopted or accommodated by the organization.

    Without OCM, IT might finish the project but fail to realize the intended outcomes.

    In the long term, a lack of OCM could erode IT’s ability to work with the business.

    The image shows a bar graph, titled Effective change management correlates with project success, with the X-axis labelled Project Success (Percent of respondents that met or exceeded project objectives), and the Y-axis labelled OCM-Effectiveness, with an arrow pointing upwards. The graph shows that with higher OCM-Effectiveness, Project Success is also higher. The source is given as Prosci’s 2014 Best Practices in Change Management benchmarking report.

    What is organizational change management?

    OCM is a framework for managing the introduction of new business processes and technologies to ensure stakeholder adoption.

    OCM involves tools, templates, and processes that are intended to help project leaders analyze the impacts of a change during the planning phase, engage stakeholders throughout the project lifecycle, as well as train and transition users towards the new technologies and processes being implemented.

    OCM is a separate body of knowledge, but as a practice it is inseparable from both project management or business analysis.

    WHEN IS OCM NEEDED?

    Anytime you are starting a project or program that will depend on users and stakeholders to give up their old way of doing things, change will force people to become novices again, leading to lost productivity and added stress.

    CM can help improve project outcomes on any project where you need people to adopt new tools and procedures, comply with new policies, learn new skills and behaviors, or understand and support new processes.

    "What is the goal of change management? Getting people to adopt a new way of doing business." – BA, Natural Resources Company

    The benefits of OCM range from more effective project execution to improved benefits attainment

    82% of CEOs identify organizational change management as a priority. (D&B Consulting) But Only 18% of organizations characterize themselves as “Highly Effective” at OCM. (PMI)

    On average, 95% percent of projects with excellent OCM meet or exceed their objectives. (Prosci) VS For projects with poor OCM, the number of projects that meet objectives drops to 15%. (Prosci)

    82% of projects with excellent OCM practices are completed on budget. (Prosci) VS For projects with poor OCM, the number of projects that stay on budget drops to 51%. (Prosci)

    71% of projects with excellent OCM practices stay on schedule. (Prosci) VS For projects with poor OCM practices, only 16% stay on schedule. (Prosci)

    While critical to project success, OCM remains one of IT’s biggest weaknesses and process improvement gaps

    IT Processes Ranked by Effectiveness:

    1. Risk Management
    2. Knowledge Management
    3. Release Management
    4. Innovation
    5. IT Governance
    6. Enterprise Architecture
    7. Quality Management
    8. Data Architecture
    9. Application Development Quality
    10. Data Quality
    11. Portfolio Management
    12. Configuration Management
    13. Application Portfolio Management
    14. Business Process Controls Internal Audit
    15. Organizational Change Management
    16. Application Development Throughput
    17. Business Intelligence Reporting
    18. Performance Measurement
    19. Manage Service Catalog

    IT Processes Ranked by Importance:

    1. Enterprise Application Selection & Implementation
    2. Organizational Change Management
    3. Data Architecture
    4. Quality Management
    5. Enterprise Architecture
    6. Business Intelligence Reporting
    7. Release Management
    8. Portfolio Management
    9. Application Maintenance
    10. Asset Management
    11. Vendor Management
    12. Application Portfolio Management
    13. Innovation
    14. Business Process Controls Internal Audit
    15. Configuration Management
    16. Performance Measurement
    17. Application Development Quality
    18. Application Development Throughput
    19. Manage Service Catalog

    Based on 3,884 responses to Info-Tech’s Management and Governance Diagnostic, June 2016

    There’s no getting around it: change is hard

    While the importance of change management is widely recognized across organizations, the statistics around change remain dismal.

    Indeed, it’s an understatement to say that change is difficult.

    People are generally – in the near-term at least – resistant to change, especially large, transformational changes that will impact the day-to-day way of doing things, or that involve changing personal values, social norms, and other deep-seated assumptions.

    "There is nothing more difficult to take in hand, more perilous to conduct, or more uncertain in its success, than to take the lead in the introduction of a new order of things." – Niccolo Machiavelli

    70% - Change failure rates are extremely high. It is estimated that up to seventy percent of all change initiatives fail – a figure that has held steady since the 1990s. (McKinsey & Company)

    25% - In a recent survey of 276 large and midsize organizations, only twenty-five percent of respondents felt that the gains from projects were sustained over time. (Towers Watson)

    22% - While eighty-seven percent of survey respondents trained their managers to “manage change,” only 22% felt the training was truly effective. (Towers Watson)

    While change is inherently difficult, the biggest obstacle to OCM success is a lack of accountability

    Who is accountable for change success? …anyone?...

    To its peril, OCM commonly falls into a grey area, somewhere in between project management and portfolio management, and somewhere in between being a concern of IT and a concern of the business.

    While OCM is a separate discipline from project management, it is commonly thought that OCM is something that project managers and project teams do. While in some cases this might be true, it is far from a universal truth.

    The end result: without a centralized approach, accountabilities for key OCM tasks are opaque at best – and the ball for these tasks is, more often than not, dropped altogether.

    29% - Twenty-nine percent of change initiatives are launched without any formal OCM plan whatsoever.

    "That’s 29 percent of leaders with blind faith in the power of prayer to Saint Jude, the patron saint of desperate cases and lost causes." – Torben Rick

    Bring accountability to org-change by facilitating the winds of change through the PMO

    Lasting organizational change requires a leader. Make it the PMO.

    #1 Organizational resistance to change is cited as the #1 challenge to project success that PMOs face. (Source: PM Solutions)

    90% Companies with mature PMOs that effectively manage change meet expectations 90% of the time. (Source: Jacobs-Long)

    Why the PMO?

    A centralized approach to OCM is most effective, and the PMO is already a centralized project office and is already accountable for project outcomes.

    What’s more, in organizations where accountabilities for OCM are not explicitly defined, the PMO will likely already be assumed to be the default change leader by the wider organization.

    It makes sense for the PMO to accept this accountability – in the short term at least – and claim the benefits that will come from coordinating and consistently driving successful project outcomes.

    In the long term, OCM leadership will help the PMO to become a strategic partner with the executive layer and the business side.

    Short-term gains made by the PMO can be used to spark dialogues with those who authorize project spending and have the implicit fiduciary obligation to drive project benefits.

    Ultimately, it’s their job to explicitly transfer that obligation, along with the commensurate resourcing and authority for OCM activities.

    More than a value-added service, OCM competencies will soon determine the success of the PMO itself

    Given the increasingly dynamic nature of market conditions, the need for PMOs to provide change leadership on projects large and small is becoming a necessity.

    "With organizations demanding increasing value, PMOs will need to focus more and more on strategy, innovation, agility, and stakeholder engagement. And, in particular, developing expertise in organizational change management will be essential to their success." – PM Solutions, 2014

    28% PMOs that are highly agile and able to respond quickly to changing conditions are 28% more likely to successfully complete strategic initiatives (69% vs. 41%). (PMI)

    In other words, without heightened competencies around org-change, the PMO of tomorrow will surely sink like a stone in the face of increasingly unstable external factors and accelerated project demands.

    Use Info-Tech’s road-tested OCM toolkit to transform your PMO into a hub of change management leadership

    With the advice and tools in Info-Tech’s Drive Organizational Change from the PMO blueprint, the PMO can provide the right OCM expertise at each phase of a project.

    The graphic has an image of a windmill at centre, with PMO written directly below it. Several areas of expertise are listed in boxes emerging out of the PMO, which line up with project phases as follows (project phase listed first, then area of expertise): Initiation - Impact Assessment; Planning - Stakeholder Engagement; Execution - Transition Planning; Monitoring & Controlling - Communications Execution; Closing - Evaluation & Monitoring.

    Info-Tech’s approach to OCM is a practical/tactical adaptation of several successful models

    Business strategy-oriented OCM models such as John Kotter’s 8-Step model assume the change agent is in a position of senior leadership, able to shape corporate vision, culture, and values.

    • PMO leaders can work with business leaders, but ultimately can’t decide where to take the organization.
    • Work with business leaders to ensure IT-enabled change helps reinforce the organization’s target vision and culture.

    General-purpose OCM frameworks such as ACMP’s Standard for Change Management, CMI’s CMBoK, and Prosci’s ADKAR model are very comprehensive and need to be configured to PMO-specific initiatives.

    • Tailoring a comprehensive, general-purpose framework to PMO-enabled change requires familiarity and experience.

    References and Further Reading

    Info-Tech’s organizational change management model adapts the best practices from a wide range of proven models and distills it into a step-by-step process that can be applied to any IT-enabled project.

    Info-Tech’s OCM research is COBIT aligned and a cornerstone in our IT Management & Governance Framework

    COBIT Section COBIT Management Practice Related Blueprint Steps
    BAI05.01 Establish the desire to change. 1.1 / 2.1 / 2.2
    BAI05.02 Form an effective implementation team. 1.2
    BAI05.03 Communicate the desired vision. 2.1 / 3.2
    BAI05.03 Empower role players and identify short-term wins. 3.2 / 3.3
    BAI05.05 Enable operation and use. 3.1
    BAI05.06 Embed new approaches. 4.1 / 5.1
    BAI05.07 Sustain changes. 5.1

    COBIT 5 is the leading framework for the governance and management of enterprise IT.

    Screenshot of Info-Tech’s IT Management & Governance Framework.

    The image is a screenshot of Info-Tech's IT Management & Governance Framework (linked above). There is an arrow emerging from the screenshot, which offers a zoomed-in view of one of the sections of the framework, which reads BAI05 Organizational Change Management.

    Consider Info-Tech’s additional key observations

    Human behavior is largely a blind spot during the planning phase.

    In IT especially, project planning tends to fixate on technology and underestimate the behavioral and cultural factors that inhibit user adoption. Whether change is project-specific or continuous, it’s more important to instill the desire to change than to apply specific tools and techniques. Accountability for instilling this desire should start with the project sponsor, with direct support from the PMO.

    Don’t mistake change management for a “soft” skill.

    Persuading people to change requires a “soft,” empathetic approach to keep them motivated and engaged. But don’t mistake “soft” for easy. Managing the people part of change is amongst the toughest work there is, and it requires a comfort and competency with uncertainty, ambiguity, and conflict. If a change initiative is going to be successful (especially a large, transformational change), this tough work needs to be done – and the more impactful the change, the earlier it is done, the better.

    In “continuous change” environments, change still needs to be managed.

    Transformation and change are increasingly becoming the new normal. While this normality may help make people more open to change in general, specific changes still need to be planned, communicated, and managed. Agility and continuous improvement are good, but can degenerate into volatility if change isn’t managed properly. People will perceive change to be volatile and undesirable if their expectations aren’t managed through communications and engagement planning.

    Info-Tech’s centralized approach to OCM is cost effective, with a palpable impact on project ROI

    Info-Tech’s Drive Organizational Change from the PMO blueprint can be implemented quickly and can usually be done with the PMO’s own authority, without the need for additional or dedicated change resources.

    Implementation Timeline

    • Info-Tech’s easy-to-navigate OCM tools can be employed right away, when your project is already in progress.
    • A full-scale implementation of a PMO-driven OCM program can be accomplished in 3–4 weeks.

    Implementation Personnel

    • Primary: the PMO director (should budget 10%–15% of her/his project capacity for OCM activities).
    • Secondary: other PMO staff (e.g. project managers, business analysts, etc.).

    OCM Implementation Costs

    15% - The average costs for effective OCM are 10%–15% of the overall project budget. (AMR Research)

    Average OCM Return-on-Investment

    200% - Small projects with excellent OCM practices report a 200% return-on-investment. (Change First)

    650% - Large projects with excellent OCM practices report a 650% return-on-investment. (Change First)

    Company saves 2–4 weeks of time and $10,000 in ERP implementation through responsible OCM

    CASE STUDY

    Industry Manufacturing

    Source Info-Tech Client

    Situation

    A medium-sized manufacturing company with offices all over the world was going through a consolidation of processes and data by implementing a corporate-wide ERP system to replace the fragmented systems that were previously in place. The goal was to have consistency in process, expectations, and quality, as well as improve efficiency in interdepartmental processes.

    Up to this point, every subsidiary was using their own system to track data and sharing information was complicated and slow. It was causing key business opportunities to be compromised or even lost.

    Complication

    The organization was not very good in closing out projects. Initiatives went on for too long, and the original business benefits were usually not realized.

    The primary culprit was recognized as mismanaged organizational change. People weren’t aware early enough, and were often left out of the feedback process.

    Employees often felt like changes were being dictated to them, and they didn’t understand the wider benefits of the changes. This led to an unnecessary number of resistors, adding to the complexity of successfully completing a project.

    Resolution

    Implementing an ERP worldwide was something that the company couldn’t gamble on, so proper organizational change management was a focus.

    A thorough stakeholder analysis was done, and champions were identified for each stakeholder group throughout the organization.

    Involving these champions early gave them the time to work within their groups and to manage expectations. The result was savings of 2–4 weeks of implementation time and $10,000.

    Follow Info-Tech’s blueprint to transform your PMO into a hub for organizational change management

    Prepare the PMO for Change Leadership

    • Assess the organization’s readiness for change.
      • Perform an OCM capabilities assessment.
      • Chart an OCM roadmap for the PMO.
      • Undergo a change management SWOT analysis.
      • Define success criteria.
      • Org. Change Capabilities Assessment
    • Define the structure and scope of the PMO’s pilot OCM initiative.
      • Determine pilot OCM project.
      • Estimate OCM effort.
      • Document high-level project details.
      • Establish a timeline for org-change activities.
      • Assess available resources to support the PMO’s OCM initiative.
      • Project Level Assessment

    Plant the Seeds for Change During Project Planning and Initiation

    • Foster OCM considerations during the ideation phase.
      • Assess leadership support for change
      • Highlight the goals and benefits of the change
      • Refine your change story
      • Define success criteria
      • Develop a sponsorship action plan
      • Transition Team Communications Template
    • Perform an organizational change impact assessment.
      • Perform change impact survey.
      • Assess the depth of impact for the stakeholder group.
      • Determine overall adoptability of the OCM effort.
      • Review risks and opportunities.
      • Org. Change Management Impact Analysis Tool

    Facilitate Change Adoption Throughout the Organization

    • Ensure stakeholders are engaged and ready for change.
      • Involve the right people in change and define roles.
      • Define methods for obtaining stakeholder input.
      • Perform a stakeholder analysis.
      • Stakeholder Engagement Workbook
    • Develop and execute the transition plan.
      • Establish a communications strategy for stakeholder groups.
      • Define the feedback and evaluation process.
      • Assess the full range of support and resistance to change.
      • Develop an objections handling process.
      • Transition Plan Template
    • Establish HR and training plans.
      • Assess training needs. Develop training plan.
      • Training Plan

    Establish a Post-Project Benefits Attainment Process

    • Determine accountabilities for benefits attainment.
      • Conduct a post-implementation review of the pilot OCM project.
      • Assign ownership for realizing benefits after the project is closed.
      • Define a post-project benefits tracking process.
      • Implement a tool to help monitor and track benefits over the long term.
      • Project Benefits Tracking Tool

    Solidify the PMO’s Role as Change Leader

    • Institute an OCM playbook.
      • Review lessons learned to improve OCM as a core discipline of the PMO.
      • Monitor organizational capacity for change.
      • Define roles and responsibilities for OCM oversight.
      • Formalize the Organizational Change Management Playbook.
      • Assess the value and success of your practices relative to OCM effort and project outcomes.
      • Organizational Change Management Playbook

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Drive Organizational Change from the PMO

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5
    Best-Practice Toolkit

    1.1 Assess the organization’s readiness for change.

    1.2 Define the structure and scope of the PMO’s pilot OCM initiative.

    2.1 Foster OCM considerations during the ideation phase.

    2.2 Perform an organizational change impact assessment.

    3.1 Ensure stakeholders are engaged and ready for change.

    3.2 Develop and execute the transition plan.

    3.3 Establish HR and training plans.

    		4.1 Determine accountabilities for benefits attainment. 5.1 Institute an OCM playbook.
    Guided Implementations
    • Scoping Call.
    • Review the PMO’s and the organization’s change capabilities.
    • Determine an OCM pilot initiative.
    • Define a sponsorship action plan for change initiatives.
    • Undergo a change impact assessment.
    • Perform a stakeholder analysis.
    • Prepare a communications strategy based on stakeholder types.
    • Develop training plans.
    • Establish a post-project benefits tracking process.
    • Implement a tracking tool.
    • Evaluate the effectiveness of OCM practices.
    • Formalize an OCM playbook for the organization’s projects.
    Onsite Workshop

    Module 1:

    Prepare the PMO for change leadership.

    Module 2:

    Plant the seeds for change during planning and initiation.

    Module 3:

    Facilitate change adoption throughout the organization.

    Module 4:

    Establish a post-project benefits attainment process.

    Module 5:

    Solidify the PMO’s role as change leader.

    Phase 1 Results:

    OCM Capabilities Assessment

    Phase 2 Results:

    Change Impact Analysis

    Phase 3 Results:

    Communications and Transition Plans

    Phase 4 Results:

    A benefits tracking process for sponsors

    Phase 5 Results:

    OCM Playbook

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Preparation Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Organize and Plan Workshop

    • Finalize workshop itinerary and scope.
    • Identify workshop participants.
    • Gather strategic documentation.
    • Engage necessary stakeholders.
    • Book interviews.

    Assess OCM Capabilities

    • Assess current organizational change management capabilities.
    • Conduct change management SWOT analysis.
    • Define change management success metrics.
    • Define core pilot OCM project.

    Analyze Impact of the Change

    • Analyse the impact of the change across multiple dimensions and stakeholder groups.
    • Create an impact management plan.
    • Analyze impacts to product with risk and opportunity assessments.

    Develop Engagement & Transition Plans

    • Perform stakeholder analysis to identify change champions and blockers.
    • Document comm./training requirements and delivery plan.
    • Define plans to deal with resistance.
    • Validate and test the transition plan.

    Institute an OCM Playbook

    • Define feedback and evaluation process.
    • Finalize communications, transition, and training plans.
    • Establish benefits tracking timeline and commitment plans.
    • Define roles and responsibilities for ongoing organizational change management.
    Deliverables
    • Workshop Itinerary
    • Workshop Participant List
    • Defined Org Change Mandate
    • Organizational Change Capabilities Assessment
    • SWOT Assessment
    • Value Metrics
    • Project Level Assessment/Project Definition
    • Project Sponsor Action Plan
    • Organizational Change Impact Analysis Tool
    • Risk Assessment
    • Opportunity Assessment
    • Stakeholder Engagement Workbook
    • Communications Plan
    • Training Plan
    • Resistance Plan
    • Transition Team
    • Communications Template
    • Evaluation Plan
    • Post-Project Benefits Tracking Timelines and Accountabilities
    • OCM Playbook

    Phase 1

    Prepare the PMO for Change Leadership

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Prepare the PMO for Change Leadership

    Proposed Time to Completion (in weeks): 1 week

    Step 1.1: Assess the organization’s readiness for change

    Start with an analyst kick off call:

    • Scoping call to discuss organizational change challenges and the PMO’s role in managing change.

    Then complete these activities…

    • Perform an assessment survey to define capability levels and chart an OCM roadmap.

    With these tools & templates:

    • Organizational Change Management Capabilities Assessment
    Step 1.2: Define the structure and scope of the PMO’s pilot OCM initiative

    Work with an analyst to:

    • Determine the appropriate OCM initiative to pilot over this series of Guided Implementations from the PMO’s project list.

    Then complete these activities…

    • Rightsize your OCM planning efforts based on project size, timeline, and resource availability.

    With these tools & templates:

    • Project Level Assessment Tool

    Step 1.1: Assess the organization’s readiness for change

    Phase 1 - 1.1

    This step will walk you through the following activities:
    • Perform an OCM capabilities assessment.
    • Chart an OCM roadmap for the PMO.
    • Undergo a change management SWOT analysis.
    • Define success criteria.
    This step involves the following participants:
    • Required: PMO Director
    • Recommended: PMO staff, project management staff, and other project stakeholders
    Outcomes of this step
    • An OCM roadmap for the PMO with specific recommendations.
    • An assessment of strengths, weakness, challenges, and threats in terms of the PMO’s role as organizational change leader.
    • Success metrics for the PMO’s OCM implementation.

    Project leaders who successfully facilitate change are strategic assets in a world of increasing agility and uncertainty

    As transformation and change become the new normal, it’s up to PMOs to provide stability and direction during times of transition and turbulence.

    Continuous change and transition are increasingly common in organizations in 2016.

    A state of constant change can make managing change more difficult in some ways, but easier in others.

    • Inundation with communications and diversity of channels means the traditional “broadcast” approach to communicating change doesn’t work (i.e. you can’t expect every email to get everyone’s attention).
    • People might be more open to change in general, but specific changes still need to be properly planned, communicated, and managed.

    By managing organizational change more effectively, the PMO can build credibility to manage both business and IT projects.

    "The greatest danger in times of turbulence is not the turbulence; it is to act with yesterday’s logic." – Peter Drucker

    In this phase, we will gauge your PMO’s abilities to effectively facilitate change based upon your change management capability levels and your wider organization’s responsiveness to change.

    Evaluate your current capabilities for managing organizational change

    Start off by ensuring that the PMO is sensitive to the particularities of the organization and that it manages change accordingly.

    There are many moving parts involved in successfully realizing an organizational change.

    For instance, even with an effective change toolkit and strong leadership support, you may still fail to achieve project benefits due to such factors as a staff environment resistant to change or poor process discipline.

    Use Info-Tech’s Organizational Change Management Capabilities Assessment to assess your readiness for change across 7 categories:

    • Cultural Readiness
    • Leadership & Sponsorship
    • Organizational Knowledge
    • Change Management Skills
    • Toolkit & Templates
    • Process Discipline
    • KPIs & Metrics

    Download Info-Tech’s Organizational Change Management Capabilities Assessment.

    • The survey can be completed quickly in 5 to 10 minutes; or, if being done as a group activity, it can take up to 60 minutes or more.
    • Based upon your answers, you will get a report of your current change capabilities to help you prioritize your next steps.
    • The tool also provides a customized list of Info-Tech recommendations across the seven categories.

    Perform Info-Tech’s OCM capabilities questionnaire

    1.1.1 Anywhere from 10 to 60 minutes (depending on number of participants)

    • The questionnaire on Tab 2 of the Assessment consists of 21 questions across 7 categories.
    • The survey can be completed individually, by the PMO director or manager, or – even more ideally – by a group of project and business stakeholders.
    • While the questionnaire only takes a few minutes to complete, you may wish to survey a wider swath of business units, especially on such categories as “Cultural Readiness” and “Leadership Support.”

    The image is a screen capture of tab 2 of the Organizational Change Management Capabilities Assessment.

    Use the drop downs to indicate the degree to which you agree or disagree with each of the statements in the survey.

    Info-Tech Insight

    Every organization has some change management capability.

    Even if you find yourself in a fledgling or nascent PMO, with no formal change management tools or processes, you can still leverage other categories of change management effectiveness.

    If you can, build upon people-related assets like “Organizational Knowledge” and “Cultural Readiness” as you start to hone your OCM toolkit and process.

    Review your capability levels and chart an OCM roadmap for your PMO

    Tab 3 of the Assessment tool shows your capabilities graph.

    • The chart visualizes your capability levels across the seven categories of organization change covered in the questionnaire in order to show the areas that your organization is already strong in and the areas where you need to focus your efforts.

    The image is a screen capture of tab 3 of the Organizational Change Management Capabilities Assessment.

    Focus on improving the first capability dimension (from left/front to right/back) that rates below 10.

    Tab 4 of the Assessment tool reveals Info-Tech’s recommendations based upon your survey responses.

    • Use these recommendations to structure your roadmap and bring concrete definitions to your next steps.

    The image is a screen capture of tab 4 of the Organizational Change Management Capabilities Assessment.

    Use the red/yellow/green boxes to focus your efforts.

    The content in the recommendations boxes is based around these categories and the advice therein is designed to help you to, in the near term, bring your capabilities up to the next level.

    Use the steps in this blueprint to help build your capabilities

    Each of Info-Tech’s seven OCM capabilities match up with different steps and phases in this blueprint.

    We recommend that you consume this blueprint in a linear fashion, as each phase matches up to a different set of OCM activities to be executed at each phase of a project. However, you can use the legend below to locate how and where this blueprint will address each capability.

    Cultural Readiness 2.1 / 2.2 / 3.1 / 3.2 / 3.3
    Leadership Support 2.1 / 4.1 / 5.1
    Organizational Knowledge 2.1 / 3.1 / 3.2
    Change Management Skills 2.1 / 2.2 / 3.1 / 3.2 / 3.3
    Toolkit & Templates 2.1 / 2.2 / 3.1 / 3.2 / 3.3 / 4.1 / 5.1
    Process Discipline 2.1 / 2.2 / 3.1 / 3.2 / 3.3 / 4.1 / 5.1
    KPIs & Metrics 3.2 / 5.1

    Info-Tech Insight

    Organizational change must be planned in advance and managed through all phases of a project.

    Organizational change management must be embedded as a key aspect throughout the project, not merely a set of tactics added to execution phases.

    Perform a change management SWOT exercise

    1.1.2 30 to 60 minutes

    Now that you have a sense of your change management strengths and weaknesses, you can begin to formalize the organizational specifics of these.

    Gather PMO and IT staff, as well as other key project and business stakeholders, and perform a SWOT analysis based on your Capabilities Assessment.

    Follow these steps to complete the SWOT analysis:

    1. Have participants discuss and identify Strengths, Weaknesses, Opportunities, and Threats.
    2. Spend roughly 60 minutes on this. Use a whiteboard, flip chart, or PowerPoint slide to document results of the discussion as points are made.
    3. Make sure results are recorded and saved either using the template provided on the next slide or by taking a picture of the whiteboard or flip chart.

    Use the SWOT Analysis Template on the next slide to document results.

    Use the examples provided in the SWOT analysis to kick-start the discussion.

    The purpose of the SWOT is to begin to define the goals of this implementation by assessing your change management capabilities and cultivating executive level, business unit, PMO, and IT alignment around the most critical opportunities and challenges.

    Sample SWOT Analysis

    Strengths

    • Knowledge, skills, and talent of project staff.
    • Good working relationship between IT and business units.
    • Other PMO processes are strong and well adhered to by project staff.
    • Motivation to get things done when priorities, goals, and action plans are clear.

    Weaknesses

    • Project leads lack formal training in change management.
    • IT tried to introduce org change processes in the past, but we failed. Staff were unsure of which templates to use and how/when/why to use them.
    • We can’t designate individuals as change agents. We lack sufficient resources.
    • We’ve had some fairly significant change failures in the past and some skepticism and pessimism has taken root in the business units.

    Opportunities

    • The PMO is strong and well established in the organization, with a history of facilitating successful process discipline.
    • The new incoming CEO has already paid lip service to change and transformation. We should be able to leverage their support as we formalize these processes.
    • We have good lines of project communication already in place via our bi-weekly project reporting meetings. We can add change management matters to the agenda of these meetings.

    Threats

    • Additional processes and documentation around change management could be viewed as burdensome overhead. Adoption is uncertain.
    • OCM success depends on multiple stakeholders and business units coming together; with so many moving parts, we can’t be assured that an OCM program will survive long term.

    Define the “how” and the “what” of change management success for your PMO

    1.1.3 30 to 60 minutes

    Before you move on to develop and implement your OCM processes, spend some time documenting how change management success will be defined for your organization and what conditions will be necessary for success to be achieved.

    With the same group of individuals who participated in the SWOT exercise, discuss the below criteria. You can make this a sticky note or a whiteboard activity to help document discussion points.

    OCM Measured Value Metrics Include:
    • Estimate % of expected business benefits realized on the past 3–5 significant projects/programs.
      • Track business benefits (costs reduced, productivity increased, etc.).
    • Estimate costs avoided/reduced (extensions, cancellations, delays, roll-backs, etc.).
      • Establish baseline by estimating average costs of projects extended to deal with change-related issues.
    What conditions are necessary for OCM to succeed? How will success be defined?
    • e.g. The PMO will need the support of senior leaders and business units.
    • e.g. 20% improvement in benefits realization numbers within the next 12 months.
    • e.g. The PMO will need to establish a portal to help with organization-wide communications.
    • e.g. 30% increase in adoption rates on new software and technology projects within the next 12 months.

    Document additional items that could impact an OCM implementation for your PMO

    1.1.4 15 to 45 minutes

    Use the table below to document any additional factors or uncertainties that could impact implementation success.

    These could be external factors that may impact the PMO, or they could be logistical considerations pertaining to staffing or infrastructure that may be required to support additional change management processes and procedures.

    "[A]ll bets are off when it comes to change. People scatter in all directions. Your past experiences may help in some way, but what you do today and how you do it are the new measures people will use to evaluate you." – Tres Roeder

    Consideration Description of Need Potential Resource Implications Potential Next Steps Timeline
    e.g. The PMO will need to train PMs concerning new processes. We will not only need to train PM staff in the new processes and documentation requirements, but we will also have to provide ongoing training, be it monthly, quarterly, or yearly. Members of PMO staff will be required to support this training. Analyze impact of redeploying existing resources vs. outsourcing. Q3 2016
    e.g. We will need to communicate new OCM requirements to the business and wider organization. The PMO will be taking on added communication requirements, needing to advertise to a wider audience than it has before. None Work with business side to expand the PMO’s communications network and look into leveraging existing communication portals. Next month

    Step 1.2: Define the structure and scope of the PMO’s pilot OCM initiative

    Phase 1 - 1.2

    This step will walk you through the following activities:
    • Determine pilot OCM project.
    • Estimate OCM effort.
    • Document high-level project details.
    • Establish a timeline for org change activities.
    • Assess available resources to support the PMO’s OCM initiative.
    This step involves the following participants:
    • Required: PMO Director
    • Recommended: PMO staff, project management staff, and other project stakeholders
    Outcomes of this step
    • Project definition for the PMO’s pilot OCM initiative.
    • A timeline that aligns the project schedule for key OCM activities.
    • Definition of resource availability to support OCM activities through the PMO.

    Organizational change discipline should align with project structure

    Change management success is contingent on doing the right things at the right time.

    In subsequent phases of this blueprint, we will help the PMO develop an OCM strategy that aligns with your organization’s project timelines.

    In this step (1.2), we will do some pre-work for you by determining a change initiative to pilot during this process and defining some of the roles and responsibilities for the OCM activities that we’ll develop in this blueprint.

    The image shows a sample project timeline with corresponding OCM requirements.

    Get ready to develop and pilot your OCM competencies on a specific project

    In keeping with the need to align organizational change management activities with the actual timeline of the project, the next three phases of this blueprint will move from discussing OCM in general to applying OCM considerations to a single project.

    As you narrow your focus to the organizational change stemming from a specific initiative, review the below considerations to help inform the decisions that you make during the activities in this step.

    Choose a pilot project that:

    • Has an identifiable sponsor who will be willing and able to participate in the bulk of the activities during the workshop.
    • Has an appropriate level of change associated with it in order to adequately develop a range of OCM capabilities.
    • Has a reasonably well-defined scope and timeline – you don’t want the pilot initiative being dragged out unexpectedly.
    • Has PMO/IT staff who will be assisting with OCM efforts and will be relatively familiar and comfortable with them in terms of technical requirements.

    Select a specific project that involves significant organizational change

    1.2.1 5 to 15 minutes

    The need for OCM rigor will vary depending on project size and complexity.

    While we recommend that every project has some aspect of change management to it, you can adjust OCM requirements accordingly, depending on the type of change being introduced.

    Incremental Change Transformational Change

    Organizational change management is highly recommended and beneficial for projects that require people to:

    • Adopt new tools and workflows.
    • Learn new skills.
    • Comply with new policies and procedures.
    • Stop using old tools and workflows.

    Organizational change management is required for projects that require people to:

    • Move into different roles, reporting structures, and career paths.
    • Embrace new responsibilities, goals, reward systems, and values
    • Grow out of old habits, ideas, and behaviors.
    • Lose stature in the organization.

    Phases 2, 3, and 4 of this blueprint will guide you through the process of managing organizational change around a specific project. Select one now that is currently in your request or planning stages to pilot through the activities in this blueprint. We recommend choosing one that involves a large, transformational change.

    Estimate the overall difficulty and effort required to manage organizational change

    1.2.2 5 minutes

    Use Info-Tech’s project levels to define the complexity of the project that you’ve chosen to pilot.

    Defining your project level will help determine how much effort and detail is required to complete steps in this blueprint – and, beyond this, these levels can help you determine how much OCM rigor to apply across each of the projects in your portfolio.

    Incremental Change Transformational Change
    Level 1 Level 2 Level 3
    • Low risk and complexity.
    • Routine projects with limited exposure to the business and low risk of negative impact.
    • Examples: infrastructure upgrades, application refreshes, etc.
    • Medium risk and complexity.
    • Projects with broader exposure that present a moderate level of risk to business operations.
    • Examples: Move or renovate locations, cloud migration, BYOD strategy, etc.
    • High risk and complexity.
    • Projects that affect multiple lines of business and have significant costs and/or risks.
    • Examples: ERP implementation, corporate merger, business model innovation, etc.

    For a more comprehensive assessment of project levels and degrees of risk, see Info-Tech’s Create Project Management Success blueprint – and in particular, our Project Level Assessment Tool.

    Record the goals and scope of the pilot OCM initiative

    1.2.3 15 to 30 minutes

    Description

    What is the project changing?

    How will it work?

    What are the implications of doing nothing?

    What are the phases in execution?

    Expected Benefits

    What is the desired outcome?

    What can be measured? How?

    When should it be measured?

    Goals

    List the goals.

    Align with business and IT goals.

    Expected Costs

    List the costs:

    Software costs

    Hardware costs

    Implementation costs

    Expected Risks

    List the risks:

    Business risks

    Technology risks

    Implementation risks

    Planned Project Activities & Milestones Timeline Owner(s) Status
    1. Example: Vendor Evaluation Finish by Q4-17 Jessie Villar In progress
    2. Example: Define Administrative Policies Finish by Q4-17 Gerry Anantha Starting Q2

    Know the “what” and “when” of org change activities

    The key to change management success is ensuring that the right OCM activities are carried out at the right time. The below graphic serves as a quick view of what OCM activities entail and when they should be done.

    The image is the sample project timeline previously shown, but with additional notes for each segment of the Gantt chart. The notes are as follows: Impact Assessment - Start assessing the impact of change during planning and requirements gathering stages; Stakeholder Engagement - Use requirements gathering and design activities as opportunities to engage stakeholders and users; Transition Planning - The development period provides time for the change manager to develop and refine the transition plan (including communications and training). Change managers need to collaborate with development teams to ensure scope and schedule stay aligned, especially in Agile environments); Communications Execution - Communications should occur early and often, beginning well before change affects people and continuing long enough to reinforce change by celebrating success; Training - Training needs to be well timed to coincide with implementation; Quick Wins - Celebrate early successes to show that change is working; Evaluation & Monitoring - Adoption of change is a key to benefits realization. Don’t declare the project over until adoption of change is proven.

    Rough out a timeline for the org change activities associated with your pilot project’s timeline

    1.2.4 20-30 minutes

    With reference to the graphic on the previous slide, map out a high-level timeline for your pilot project’s milestones and the corresponding OCM activities.
    • This is essentially a first draft of a timeline and will be refined as we develop your OCM discipline in the next phase of this blueprint.
    • The purpose of roughing something out at this time is to help determine the scope of the implementation, the effort involved, and to help with resource planning.
    Project Phase or Milestone Estimated Start Date Estimated End Date Associated OCM Requirement(s)
    e.g. Planning e.g. Already in progress e.g. July e.g. Impact Assessment
    e.g. Requirements & Design e.g. August e.g. October e.g. Stakeholder Engagement & Transition Planning

    Info-Tech Insight

    Proactive change management is easier to execute and infinitely more effective than managing change reactively. A reactive approach to OCM is bound to fail. The better equipped the PMO is to plan OCM activities in advance of projects, the more effective those OCM efforts will be.

    Assess the roles and resources that might be needed to help support these OCM efforts

    1.2.5 30 minutes

    The PMO leader will need to delegate responsibility for many to all of these OCM activities throughout the project lifecycle.

    Compile a list of PMO staff, project workers, and other stakeholders who will likely be required to support these processes at each step, keeping in mind that we will be doing a more thorough consideration of the resources required to support an OCM program in Phase 3.

    OCM Activity Resources Available to Support
    Impact Assessment
    Stakeholder Engagement
    Transition Planning
    Training
    Communications
    Evaluation and Monitoring

    Info-Tech Insight

    OCM processes require a diverse network to support them.

    While we advocate an approach to org change that is centralized through the PMO, this doesn’t change the fact that the PMO’s OCM processes will need to engage the entirety of the project eco-system.

    In addition to IT/PMO directors, org change processes will engage a group as varied as project sponsors, project managers, business analysts, communications leads, and HR/training leads.

    Ensure that you are considering resources and infrastructure beyond IT as you plan your OCM processes – and engage these stakeholders early in this planning process.

    Establish core transition team roles and a reporting structure

    1.2.6 30 minutes

    Once you’ve identified OCM resources and assessed their availability, start to sketch the structure of the core transition team.

    In many cases, the core team only has one or two people responsible for impact analysis and plan development in addition to you, the sponsor, who is accountable for leadership and benefits realization.

    For larger initiatives, the core team might include several co-sponsors or advisors from different departments or lines of business, along with a handful of staff working together on analysis and planning.

    Some team structure templates/examples:

    Small (e.g. Office 365)

    • Sponsor
    • PM/BA

    Medium-Large (e.g. business process initiative)

    • Sponsor
    • PM
    • BA
    • OCM Consultant

    Complex Transformational (e.g. business model initiative, company reorg)

    • Exec. Sponsor (CxO)
    • Steering Committee
    • Project Lead/Champion (VP)
    • Business Lead(s)
    • IT Lead
    • HR/Training Lead
    • OCM Consultant

    Ultimately, organizational change is a collaborative effort

    Effective organizational change involves overlapping responsibilities.

    In keeping with the eclectic network of stakeholders that is required to support OCM processes, Phase 2 is broken up into sections that will, by turn, engage project sponsors, project managers, business analysts, communications leads, and HR/training leads.

    At each step, our intention is to arm the PMO with a toolkit and a set of processes that will help foster a project culture that is proactive about change.

    "It is amazing what you can accomplish if you do not care who gets the credit." – Harry Truman

    Project Step PMO Sponsor Project Manager Business Analyst Blueprint Reference
    Make a high-level case for change.

    A

    		R R/C C 1.1
    Initiate project/change planning. A C R C 1.2
    Analyze full breadth and depth of impact. A C R R 1.3
    Assess communications and training requirements. A C R R 2.1
    Develop communications, training, and other transition plans. A R C R 2.2-3
    Approve and communicate transition plans. A C R C 2.4
    Analyze impact and progress. A C R R 3.1
    Revise project/change planning. A C R C 3.2
    Highlight and leverage successes. A R C C 3.3

    Update the Transition Team Communications Template

    1.2.7 10 minutes

    Participants
    • PMO leader
    • PMO staff
    Input
    • The outcomes of various activities in this step
    Output
    • Key sections of the Transition Team Communications Template completed

    Use Info-Tech’s Transition Team Communications Template to help communicate the outcomes of this step.

    • Use the template to document the goals, benefits, and milestones established in 1.2.3, to record the project timeline and schedule for OCM activities from 1.2.4, to document resources available for OCM activities (1.2.5), and to record the membership and reporting structure of the core transition team (1.2.6).

    Download Info-Tech’s Transition Team Communications Template.

    "Managers and user communities need to feel like they are a part of a project instead of feeling like the project is happening to them. It isn't just a matter of sending a few emails or putting up a page on a project website." Ross Latham

    Build organizational change management capabilities by bringing in required skills

    Case Study

    Industry Natural Resources

    Source Interview

    Challenge
    • Like many organizations, the company is undergoing increasing IT-enabled change.
    • Project managers tended to react to effects of change rather than proactively planning for change.

    "The hard systems – they’re easy. It’s the soft systems that are challenging... Be hard on the process. Be easy on the people." – Business Analyst, natural resources company

    Solution
    • Change management was especially challenging when projects were led by the business.
    • IT was often brought in late in business-led projects.
    • As a result, the organization incurred avoidable costs to deal with integration, retraining, etc.
    • The cost of managing change grows later in the project as more effort needs to be spent undoing (or “unfreezing”) the old state or remediating poorly executed change.
    Results
    • The company hired a business analyst with a background in organizational change to bring in the necessary skills.
    • The business analyst brought knowledge, experience, and templates based on best practices and is sharing these with the rest of the project management team.
    • As a result, organizational change management is starting earlier in projects when its effectiveness and value are maximized.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1 Evaluate your current capabilities for managing organizational change

    Take Info-Tech’s OCM capabilities questionnaire and receive custom analyst recommendations concerning next steps.

    1.1.2 Perform a change management SWOT exercise

    Work with a seasoned analyst to assess your PMO’s strengths, weaknesses, opportunities, and threats to becoming an org change leader.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.1.3 Define success metrics for your PMO’s efforts to become an org change leader

    Work with an analyst to clarify how the success of this initiative will be measured and what conditions are necessary for success.

    1.2.2 Determine the appropriate OCM initiative to pilot at your organization

    Receive custom analyst insights on rightsizing your OCM planning efforts based on project size, timeline, and resource availability.

    1.2.4 Develop an OCM timeline that aligns with key project milestones

    Harness analyst experience to develop a project-specific timeline for the PMO’s change management activities to better plan your efforts and resources.

    Phase 2

    Plant the Seeds for Change During Project Planning and Initiation

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Plant the seeds for change during project planning and initiation

    Proposed Time to Completion (in weeks): 1 week

    Step 2.1: Foster OCM considerations during the ideation phase

    Discuss these issues with an analyst:

    • Disengaged or absent sponsors on change initiatives.
    • Lack of organizational desire for change.
    • How to customize an OCM strategy to suit the personality of the organization.

    Then complete these activities…

    • Develop a sponsorship action plan to help facilitate more engaged change sponsorship.
    • Build a process for making the case for change throughout the organization.

    With these tools & templates:

    • Activity 2.1.3: “Refine your change story”
    • Activity 2.1.4: “Develop a sponsorship action plan”
    • Transition Team Communications Template
    Step 2.2: Perform an organizational change impact analysis

    Work with an analyst to:

    • Perform an impact analysis to make your change planning more complete.
    • Assess the depth of change impacts across various stakeholder groups.

    Then complete these activities…

    • Assign accountability for managing change impacts.
    • Update the business case with risks and opportunities identified during the impact analysis.

    With these tools & templates:

    • Organizational Change Management Impact Analysis Tool

    Step 2.1: Foster OCM considerations during the ideation phase

    Phase 2 - 2.1

    This step will walk you through the following activities:
    • Assess leadership support for change.
    • Highlight the goals and benefits of the change.
    • Refine your change story.
    • Define success criteria.
    • Develop a sponsorship action plan.
    This step involves the following participants:
    • PMO Director
    • Project sponsor for the pilot OCM project
    • Additional project staff: project managers, business analysts, etc.
    Outcomes of this step
    • Strategy to shore up executive alignment around the need for change.
    • Increased definition around the need for change.
    • Increased engagement from project sponsors around change management and project outcomes.

    Accountability for change management begins in advance of the project itself

    As early as the request phase, project sponsors and requestors have a responsibility to communicate the need for the changes that they are proposing.

    Org Change Step #1: Make the case for change during the request phase

    Initiation→Planning→Execution→Monitoring & Controlling→Closing

    Even before project planning and initiation begin, sponsors and requestors have org change responsibilities around communicating the need for a change and demonstrating their commitment to that change.

    In this step, we will look at the OCM considerations that need to be factored in during project ideation.

    The slides ahead will cover what the PMO can do to help foster these considerations among project sponsors and requestors.

    While this project may already be in the planning phase, the activities in the slides ahead will help lay a solid OCM foundation as you move ahead into the impact assessment and stakeholder engagement steps in this phase.

    Strongly recommended: include the sponsor for your pilot OCM project in many of the following activities (see individual activity slides for direction).

    Info-Tech Insight

    Make active sponsorship a criteria when scoring new requests.

    Projects with active sponsors are far more likely to succeed than those where the sponsor cannot be identified or where she/he is unable or unwilling to champion the initiative throughout the organization.

    Consider the engagement level of sponsors when prioritizing new requests. Without this support, the likelihood of a change initiative succeeding is far diminished.

    What does effective sponsorship look like?

    Somewhere along the way a stereotype arose of the project sponsor as a disengaged executive who dreams up a project idea and – regardless of that idea’s feasibility or merit – secures funding, pats themselves on the back, and does not materialize again until the project is over to pat themselves on the back again.

    Indeed, it’s exaggerated, based partly on the fact that sponsors are almost always extremely busy individuals, with very demanding day jobs on top of their responsibilities as sponsors. The stereotype doesn’t capture the very real day-to-day project-level responsibilities of project sponsors.

    Leading change management institute, Prosci, has developed a checklist of 10 identifiable traits and responsibilities that PMO leaders and project managers should help to foster among project sponsors. As Prosci states, the checklist “can be used as an audit tool to see if you are utilizing best practices in how you engage senior leaders on your change initiatives.”

    Prosci’s Change Management Sponsor Checklist:

    Are your sponsors:

    • Aware of the importance they play in making changes successful?
    • Aware of their roles in supporting org change?
    • Active and visible throughout the project?
    • Building necessary coalitions for change success?
    • Communicating directly and effectively with employees?
    • Aware that the biggest mistake is failing to personally engage as the sponsor?
    • Prepared to help manage resistance?
    • Prepared to celebrate successes?
    • Setting clear priorities to help employees manage project and day-to-day work?
    • Avoiding trends and backing change that will be meaningful for the long term?

    (Source: Prosci’s Change Management Sponsor Checklist)

    Assess leadership support for change

    2.1.1 30 minutes

    Participants
    • PMO leader
    • Other PMO/PM staff
    Output
    • Leadership support strategy

    Many change initiatives require significant investments of political capital to garner approval, funding, and involvement from key executives. This process can take months or even years before the project is staffed and implementation begins.

    • In cases where leadership opposition or ambivalence to change is a critical success inhibitor, project sponsors or change leaders need a deliberate strategy for engaging and converting potential supporters.
    • You might need to recruit someone with more influence or authority to become sponsor or co-sponsor to convert supporters you otherwise could not.
    • Use the table below as an example to begin developing your executive engagement strategy (but keep it private).
    Executive/Stakeholder Degree of Support Ability to Influence Potential Contribution/Engagement Strategy
    Board of Directors Med High
    CEO
    CFO
    CIO
    CxO

    “The stakes of having poorly engaged executive sponsors are high, as are the consequences and costs. PMI research into executive sponsorship shows that one in three unsuccessful projects fail to meet goals due to poorly engaged executive sponsors.”

    PMI, 2014

    Highlight the goals and benefits of the change

    2.1.2 30-60 minutes

    Participants
    • PMO leader
    • PMO staff
    • Project sponsor

    Build desire for change.

    The project sponsor is accountable for defining the high-level scope and benefits of the project. The PMO needs to work with the sponsor during the ideation phase to help establish the need for the proposed change.

    Use the table below to begin developing a compelling vision and story of change. If you have not already defined high-level goals and deliverables for your project, download Info-Tech’s Light Project Request Form (a Detailed Project Request Form is also available).

    Why is there a need to change?
    How will change benefit the organization?
    How did we determine this is the right change?
    What would happen if we didn’t change?
    How will we measure success?

    See Info-Tech’s Optimize Project Intake, Approval, and Prioritization blueprint for more detailed advice on working with requestors to define requirements and business value of new requests.

    Stories are more compelling than logic and facts alone

    Crucial facts, data, and figures are made more digestible, memorable, and actionable when they are conveyed through a compelling storyline.

    While you certainly need high-level scope elements and a rigorous cost-benefit analysis in your business case, projects that require organizational change also need a compelling story or vision to influence groups of stakeholders.

    As the PMO works with sponsors to identify and document the goals and benefits of change, begin to sketch a narrative that will be compelling to the organization’s varied audiences.

    Structuring an effective project narrative:

    Research shows (Research and impacts cited in Torben Rick’s “Change Management Require[s] a Compelling Story,” 2014) that when managers and employees are asked about what most inspires them in their work, their responses are evenly split across five forms of impact:

    1. Impact on society – e.g. the organization’s role in the community.
    2. Impact on the customer – e.g. providing effective service.
    3. Impact on the company – e.g. contributing positively to the growth of the organization.
    4. Impact on the working team – e.g. creating an inclusive work environment.
    5. Impact on the individual – e.g. personal development and compensation.

    "Storytelling enables the individuals in an organization to see themselves and the organization in a different light, and accordingly take decisions and change their behavior in accordance with these new perceptions, insights, and identities." – Steve Denning

    Info-Tech Insight

    A micro-to-macro change narrative. A compelling org change story needs to address all five of these impacts in order to optimally engage employees in change. In crafting a narrative that covers both the micro and macro levels, you will be laying a solid foundation for adoption throughout the organization.

    Refine your change story

    2.1.3 45 to 60 minutes

    Participants
    • PMO leader
    • PMO staff
    • Project sponsor
    Input
    • 5 levels of change impact
    • Stakeholder groups
    Output
    • Improved change justification to help inform the request phase and the development of the business case.
    Materials
    • Whiteboard and markers

    Using a whiteboard to capture the discussion, address the 5 levels of change impact covered on the previous slide.

    1. Develop a list of the stakeholder groups impacted by this project.
      • The impacts will be felt differently by different groups, so develop a high-level list of those stakeholder groups that will be directly affected by the change.
      • Keep in mind, this activity is not an impact assessment. This activity is meant to elicit how the change will be perceived by the different stakeholder groups, not how it will actually impact them – i.e. this activity is about making the case for change, not actually managing the change.
    2. Brainstorm how the five impact levels will be perceived from the point of view of each stakeholder group.
      • Spend about 5 to 10 minutes per impact per stakeholder group.
      • The goal here isn’t to create a detailed plotline; your change story may evolve as the project evolves. A point or two per impact per group will suffice.
    3. As a group, prioritize the most prescient points and capture the results of your whiteboarding to help inform future artifacts.
      • The points developed during this activity should inform both the ad hoc conversations that PMO staff and the sponsor have with stakeholders, as well as formal project artifacts, such as the request, business case, charter, etc.

    When it comes to communicating the narrative, project sponsors make the most compelling storytellers

    Whatever story you develop to communicate the goals and the benefits of the change, ultimately it should be the sponsor who communicates this message to the organization at large.

    Given the competing demands that senior leaders face, the PMO still has a pivotal role to play in helping to plan and facilitate these communications.

    The PMO should help sponsors by providing insights to shape change messaging (refer to the characteristics outlined in the table below for assistance) and by developing a sponsorship action plan (Activity 2.1.4).

    Tips for communicating a change story effectively:
    Identify and appeal to the audience’s unique frames of reference. e.g. “Most of you remember when we…”
    Include concrete, vivid details to help visualize change. e.g. “In the future, when a sales rep visits a customer in Wisconsin, they’ll be able to process a $100,000 order in seconds instead of hours.”
    Connect the past, present, and future with at least one continuous theme. e.g. “These new capabilities reaffirm our long-standing commitment to customers, as well as our philosophy of continuously finding ways to be more responsive to their needs.”

    “[T]he sponsor is the preferred sender of messages related to the business reasons and organizational implications for a particular initiative; therefore, effective sponsorship is crucial in building an awareness of the need for change.

    Sponsorship is also critical in building the desire to participate and support the change with each employee and in reinforcing the change.”

    Prosci

    Base the style of your communications on the organization’s receptiveness to change

    Not all organizations embrace or resist change in the same ways. Base your change communications on your organization’s cultural appetite for change in general.

    Use the below dimensions to gauge your organization’s appetite for change. Analyzing this will help determine the form and force of communications.

    In the next slide, we will base aspects of your sponsorship action plan on whether an organization’s indicator is “high” or “low” across these three dimensions.

    • Organizations with low appetite for change will require more direct, assertive communications.
    • Organizations with a high appetite for change are more suited to more open, participatory approaches.

    Three key dimensions determine the appetite for cultural change (Dimensions taken from Joanna Malgorzata Michalak’s “Cultural Catalysts and Barriers of Organizational Change Management: a Preliminary Overview,” 2010):

    Power Distance Refers to the acceptance that power is distributed unequally throughout the organization. Organizations with a high power distance indicator show that the unequal power distribution is accepted by the less powerful employees.
    Individualism Organizations that score high in individualism have employees who are more independent; those who score low in individualism fall into the collectivism side where employees are strongly tied to one another or their groups.
    Uncertainty Avoidance Describes the level of acceptance that an organization has towards uncertainty. Those who score high in this area find that their employees do not favor “uncertain” situations, while those that score low in this area find that their employees are comfortable with change and uncertainty.

    "Societies with a high indicator of power distance, individualism, and uncertainty avoidance create vital inertial forces against transformation." – Michalak

    Develop a sponsorship action plan

    2.1.4 45 to 60 minutes

    Participants
    • PMO leader
    • PMO staff
    • Project sponsor
    Use the table below to define key tasks and responsibilities for the project sponsor.
    1. Populate the first column with the stakeholder groups from Activity 2.1.3.
    2. With reference to the Sponsor Checklist, brainstorm key sponsorship responsibilities for this project across each of the groups.
    3. When gauging the frequency of each activity and the “Estimated Weekly Effort” required by the sponsor to complete them, consider the organization’s appetite for change.
      • Where indicators across the three dimensions are low, the sponsor’s involvement can be less hands-on and more collaborative in nature.
      • Where indicators across the three dimensions are high, the sponsor’s involvement should be hands-on and direct in her/his communications.
    Group Activity Est. Weekly Effort Comments/Frequency
    Project Team Ad hoc check-in on progress 30 mins Try to be visible at least once a week
    Attend status meetings 30 mins Every second Tuesday, 9 am
    Senior Managers Touch base informally 45 mins Aim for bi-weekly, one-on-one touchpoints
    Lead steering committee meetings 60 mins First Thursday of the month, 3 pm
    End Users Organization-wide emails Ad hoc, 20 mins As required, with PMO assistance

    "To manage change is to tell people what to do... but to lead change is to show people how to be." – Weick & Quinn

    Update the Transition Team Communications Template

    2.1.5 10 minutes

    Participants
    • PMO leader
    • PMO staff
    Input
    • The outcomes of various activities in this step
    Output
    • Key sections of the Transition Team Communications Template completed

    Use Info-Tech’s Transition Team Communications Template to help communicate the outcomes of this step.

    The following activities should be recorded in the template:

    Activity 2.1.2

    In addition, the outcome of Activity 2.1.4, the “Sponsorship Action Plan,” should be converted to a format such as Word and provided to the project sponsor.

    Download Info-Tech’s Transition Team Communications Template.

    "In most work situations, the meaning of a change is likely to be as important, if not more so, than the change itself."

    – Roethlisberger (cited in Burke)

    Step 2.2: Perform an organizational change impact assessment

    Phase 2 - 2.2

    This step will walk you through the following activities:
    • Perform change impact survey.
    • Assess the depth of impacts for different stakeholders and stakeholder groups.
    • Determine overall adoptability of the OCM effort.
    • Establish a game plan for managing individual impacts.
    • Review risks and opportunities.
    • Determine how the value of the change will be measured.
    This step involves the following participants:
    • PMO Director
    • Project sponsor for the pilot OCM project
    • Additional project staff: project managers, business analysts, members of the transition team, etc.
    Outcomes of this step:
    • A change impact analysis.
    • An adoptability rating for the change initiative to help the PMO plan its OCM efforts.
    • A better understanding of the risks and opportunities associated with the change to inform the business case.

    Analyze change impacts across multiple dimensions to ensure that nothing is overlooked

    Ensure that no stone is left unturned as you prepare for a comprehensive transition plan.

    In the previous step, we established a process and some accountabilities to help the PMO and project sponsors make the case for change during the ideation and initiation phase of a project.

    In this step, we will help with the project planning phase by establishing a process for analyzing how the change will impact various dimensions of the business and how to manage these impacts to best ensure stakeholder adoption.

    Brace for Impact…

    A thorough analysis of change impacts will help the PMO:

    • Bypass avoidable problems.
    • Remove non-fixed barriers to success.
    • Acknowledge and minimize the impact of unavoidable barriers.
    • Identify and leverage potential benefits.
    • Measure the success of the change.

    Assign the appropriate accountabilities for impact analysis

    In the absence of an assigned change manager, organizational change impact assessments are typically performed by a business analyst or the project manager assigned to the change initiative.

    • Indeed, as with all change management activities, making an individual accountable for performing this activity and communicating its outcomes is key to the success of your org change initiative.
    • At this stage, the PMO needs to assign or facilitate accountability for the impact analysis on the pilot OCM initiative or it needs to take this accountability on itself.

    Sample RACI for this activity. Define these accountabilities for your organization before proceeding with this step.

    Project Sponsor PMO PM or BA
    Survey impact dimensions I A R
    Analyze impacts across multiple stakeholder groups I A R
    Assess required OCM rigor I A/R C
    Manage individual impacts I A R

    Info-Tech Insight

    Bring perspective to an imperfect view.

    No individual has a comprehensive view of the potential impact of change.

    Impact assessment and analysis is most effective when multiple viewpoints are coordinated using a well-defined list of considerations that cover a wide breadth of dimensions.

    Revisit and refine the impact analysis throughout planning and execution, as challenges to adoption become more clear.

    Perform a change impact analysis to make your planning more complete

    Use Info-Tech’s Organizational Change Management Impact Analysis Tool to weigh all of the factors involved in a change and to formalize discipline around impact analysis.

    Info-Tech’s Organizational Change Management Impact Analysis Tool helps to document the change impact across multiple dimensions, enabling the PMO to review the analysis with others to ensure that the most important impacts are captured. The tool also helps to effectively monitor each impact throughout project execution.

    • Change impact considerations can include: products, services, states, provinces, cultures, time zones, legal jurisdictions, languages, colors, brands, subsidiaries, competitors, departments, jobs, stores, locations, etc.
    • Each of these dimensions is an MECE (Mutually Exclusive, Collectively Exhaustive) list of considerations that could be impacted by the change. For example, a North American retail chain might consider “Time Zones” as a key dimension, which could break down as Newfoundland, Atlantic, Eastern, Central, Mountain, and Pacific.

    Download Info-Tech’s Organizational Change Impact Analysis Tool.

    • Required Participants for this Step: PMO Leader; project manager or business analyst
    • Recommended Participants for this Step: Project Sponsor; IT/PMO staff

    Info-Tech Insight

    Anticipate the unexpected. Impact analysis is the cornerstone of any OCM strategy. By shining a light on considerations that might have otherwise escaped project planners and decision makers, an impact analysis is an essential component to change management and project success.

    Enter high-level project information on the “Set Up” tab

    2.2.1 15 minutes

    The “2. Set Up” tab of the Impact Tool is where you enter project-specific data pertaining to the change initiative.

    The inputs on this tab are used to auto-populate fields and drop-downs on subsequent tabs of the analysis.

    Document the stakeholders (by individual or group) associated with the project who will be subject to the impacts.

    You are allowed up to 15 entries. Try to make this list comprehensive. Missing any key stakeholders will threaten the value of this activity as a whole.

    If you find that you have more than 15 individual stakeholders, you can group individuals into stakeholder groups.

    Keep in mind...

    An impact analysis is not a stakeholder management exercise.

    Impact assessments cover:

    • How the change will affect the organization.
    • How individual impacts might influence the likelihood of adoption.

    Stakeholder management covers:

    • Resistance/objections handling.
    • Engagement strategies to promote adoption.

    We will cover the latter in the next step.

    “As a general principle, project teams should always treat every stakeholder initially as a recipient of change. Every stakeholder management plan should have, as an end goal, to change recipients’ habits or behaviors.”

    PMI, 2015

    Determine the relevant considerations for analyzing the change impacts of a project

    2.2.2 15 to 30 minutes

    Use the survey on tab 3 of the Impact Analysis Tool to determine the dimensions of change that are relevant.

    The impact analysis is fueled by the thirteen-question survey on tab 3 of the tool.

    This survey addresses a comprehensive assortment of change dimensions, ranging from customer-facing considerations, to employee concerns, to resourcing, logistical, and technological questions.

    Once you have determined the dimensions that are impacted by the change, you can go on to assess how individual stakeholders and stakeholder groups are affected by the change.

    This image is a screenshot of tab 3, Impact Survey, of the Impact Analysis Tool.

    Screenshot of tab “3. Impact Survey,” showing the 13-question survey that drives the impact analysis.

    Ideally, the survey should be performed by a group of project stakeholders together. Use the drop-downs in column K to record your responses.

    "A new system will impact roles, responsibilities, and how business is conducted within an organization. A clear understanding of the impact of change allows the business to design a plan and address the different levels of changes accordingly. This approach creates user acceptance and buy-in."

    – January Paulk, Panorama Consulting

    Impacts will be felt differently by different stakeholders and stakeholder groups

    As you assess change impacts, keep in mind that no impact will be felt the same across the organization. Depth of impact can vary depending on the frequency (will the impact be felt daily, weekly, monthly?), the actions necessitated by it (e.g. will it change the way the job is done or is it simply a minor process tweak?), and the anticipated response of the stakeholder (support, resistance, indifference?).

    Use the Organizational Change Depth Scale below to help visualize various depths of impact. The deeper the impact, the tougher the job of managing change will be.

    Procedural Behavioral Interpersonal Vocational Cultural
    Procedural change involves changes to explicit procedures, rules, policies, processes, etc. Behavioral change is similar to procedural change, but goes deeper to involve the changing tacit or unconscious habits. Interpersonal change goes beyond behavioral change to involve changing relationships, teams, locations, reporting structures, and other social interactions. Vocational change requires acquiring new knowledge and skills, and accepting the loss or decline in the value or relevance of previously acquired knowledge and skills. Cultural change goes beyond interpersonal and vocational change to involve changing personal values, social norms, and assumptions about the meaning of good vs. bad or right vs. wrong.
    Example: providing sales reps with mobile access to the CRM application to let them update records from the field. Example: requiring sales reps to use tablets equipped with a custom mobile application for placing orders from the field. Example: migrating sales reps to work 100% remotely. Example: migrating technical support staff to field service and sales support roles. Example: changing the operating model to a more service-based value proposition or focus.

    Determine the depth of each impact for each stakeholder group

    2.2.3 1 to 3 hours

    Tab “4. Impact Analysis” of the Analysis Tool contains the meat of the impact analysis activity.
    1. The “Impact Analysis” tab is made up of thirteen change impact tables (see next slide for a screenshot of one of these tables).
    • You may not need to use all thirteen tables. The number of tables you use coincides with the number of “yes” responses you gave in the previous tab.
    • If you no not need all thirteen impact tables (i.e. if you do not answer “yes” to all thirteen questions in tab 2, the unused/unnecessary tables will not auto-populate.)
  • Use one table per change impact. Each of your “yes” responses from tab 3 will auto-populate at the top of each change impact table. You should go through each of your “yes” responses in turn.
  • Analyze how each impact will affect each stakeholder or stakeholder group touched by the project.
    • Column B in each table will auto-populate with the stakeholder groups from the Set Up tab.
  • Use the drop-downs in columns C, D, and E to rate the frequency of each impact, the actions necessitated by each impact, and the anticipated response of each stakeholder group.
    • Each of the options in these drop-downs is tied to a ranking table that informs the ratings on the two subsequent tabs.
  • If warranted, you can use the “Comments” cells in column F to note the specifics of each impact for each stakeholder/group.

    • See the next slide for an accompanying screenshot of a change impact table from tab 4 of the Analysis Tool.

    Screenshot of “Impact Analysis” tab

    The image is a screenshot of the Impact Analysis tab.

    The stakeholder groups entered on the Set Up will auto-populate in column B of each table.

    Your “yes” responses from the survey tab will auto-populate in the cells to the right of the “Change Impact” cells.

    Use the drop-downs in this column to select how often the impact will be felt for each group (e.g. daily, weekly, periodically, one time, or never).

    “Actions” include “change to core job duties,” “change to how time is spent,” “confirm awareness of change,” etc.

    Use the drop-downs to hypothesize what the stakeholder response might be. For now, for the purpose of the impact analysis, a guess is fine. We will come back to build a communications plan based on actual responses in Phase 3 of this blueprint.

    Review your overall impact rating to help assess the likelihood of change adoption

    Use the “Overall Impact Rating” on tab 5 to help right-size your OCM efforts.

    Based upon your assessment of each individual impact, the Analysis Tool will provide you with an “Overall Impact Rating” in tab 5.

    • This rating is an aggregate of each of the individual change impact tables used during the analysis, and the rankings assigned to each stakeholder group across the frequency, required actions, and anticipated response columns.

    The image is a screenshot of tab 5, the Overall Process Adoption Rating. The image shows a semi-circle, where the left-most section is red, the centre yellow, and the right-most section green, with a dial positioned at the right edge of the yellow section.

    Projects in the red should have maximum change governance, applying a full suite of OCM tools and templates, as well as revisiting the impact analysis exercise regularly to help monitor progress.

    Increased communication and training efforts, as well as cross-functional partnerships, will also be key for success.

    Projects in the yellow also require a high level of change governance. Follow the steps and activities in this blueprint closely, paying close attention to the stakeholder engagement activities in the next step to help sway resistors and leverage change champions.

    In order to free up resources for those OCM initiatives that require more discipline, projects in green can ease up in their OCM efforts somewhat. With a high likelihood of adoption as is, stakeholder engagement and communication efforts can be minimized somewhat for these projects, so long as the PMO is in regular contact with key stakeholders.

    "All change is personal. Each person typically asks: 'What’s in it for me?'" – William T. Craddock

    Use the other outputs on tab 5 to help structure your OCM efforts

    In addition to the overall impact rating, tab 5 has other outputs that will help you assess specific impacts and how the overall change will be received by stakeholders.

    The image is a screenshot of tab 5.

    Top-Five Highest Risk Impacts table: This table displays the highest risk impacts based on frequency and action inputs on Tab 4.

    Top-Five Most Impacted Stakeholders table: Here you’ll find the stakeholders, ranked again based on frequency and action, who will be most impacted by the proposed changes.

    Top Five Supporters table: These are the 5 stakeholders most likely to support changes, based on the Anticipated Response column on Tab 4.

    The stakeholder groups entered on the Set Up Tab will auto-populate in column B of each table.

    In addition to these outputs, this tab also lists top five change resistors, and has an impact register and list of potential impacts to watch out for (i.e. your “maybe” responses from tab 3).

    Establish a game plan to manage individual change impacts

    2.2.4 60 to 90 minutes

    The final tab of the Analysis Tool can be used to help track and monitor individual change impacts.
    • Use the “Communications Plan” on tab 7 to come up with a high-level game plan for tracking communications about each change with the corresponding stakeholders.
    • Update and manage this tab as the communication events occur to help keep your implementation on track.

    The image is a screenshot of the Communications Plan, located on tab 7 of the Analysis Tool. There are notes emerging from each of the table headings, as follows: Communication Topic - Select from a list of topics identified on Tab 6 that are central to successful change, then answer the following; Audience/Format/Delivery - Which stakeholders need to be involved in this change? How are we going to meet with them?; Creator - Who is responsible for creating the change?; Communicator - Who is responsible for communicating the change to the stakeholder?; Intended Outcome - Why do you need to communicate with this stakeholder?; Level of Risk - What is the likelihood that you can achieve your attended outcome? And what happens if you don’t?

    Document the risk assumptions stemming from your impact analysis

    2.2.5 30 to 60 minutes

    Use the Analysis Tool to produce a set of key risks that need to be identified, communicated, mitigated, and tracked.

    A proper risk analysis often reveals risks and mitigations that are more important to other people in the organization than those managing the change. Failure to do a risk analysis on other people’s behalf can be viewed as negligence.

    In the table below, document the risks related to the assumptions being made about the upcoming change. What are the risks that your assumptions are wrong? Can steps be taken to avoid these risks?

    Risk Assumption Magnitude if Assumption Wrong Likelihood That Assumption Is Wrong Mitigation Strategy Assessment
    e.g. Customers will accept shipping fees for overweight items > 10 pounds Low High It's a percentage of our business, and usually accompanies a sharply discounted product. We need to extend discretionary discounting on shipping to supervisory staff to mitigate the risk of lost business. Re-assess after each quarter.

    "One strategy to minimize the impact is to determine the right implementation pace, which will vary depending on the size of the company and the complexity of the project" – Chirantan Basu

    Record any opportunities pertaining to the upcoming change

    2.2.6 30 to 60 minutes

    Use the change impacts to identify opportunities to improve the outcome of the change.

    Use the table below to brainstorm the business opportunities arising from your change initiative. Consider if the PMO can take steps to help improve the outcomes either through supporting the project execution or through providing support to the business.

    Opportunity Assumption Potential Value Likelihood That Assumption Is Wrong Leverage Strategy Assessment
    e.g. Customer satisfaction can increase as delivery time frames for the remaining custom products radically shrink and services extend greatly. High Medium Reset the expectations of this market segment so that they go from being surprised by good service to expecting it. Our competitors will not be able to react to this.

    Info-Tech Insight

    The bigger the change, the bigger the opportunity. Project and change management has traditionally focused on a defensive posture because organizations so often fail to mitigate risk. Good change managers also watch for opportunities to improve and exploit the outcomes of the change.

    Determine how to measure the value of the change

    2.2.7 15 to 30 minutes

    Describe the metrics that will be used to assess the management of this change.

    Now that you’ve assessed the impacts of the change, and the accompanying risks and opportunities, use the table below to document metrics that can be used to help assess the management of the change.

    • Don’t rely on the underlying project to determine the value of the change itself: It’s important to recognize the difference between change management and project management, and the establishment of value metrics is an obvious source of this differentiation.
    • For example, consider a project that is introducing a new method of remitting travel expenses for reimbursement.
      • The project itself would be justified on the efficiency of the new process.
      • The value of the change itself could be measured by the number of help desk calls looking for the new form, documentation, etc.
    Metric Calculation How to Collect Who to Report to Frequency
    Price overrides for new shipping costs It is entered as a line item on invoices, so it can be calculated as % of shipping fees discounted. Custom report from CRM (already developed). Project Steering Committee Project Steering Committee

    Document risks and other impact analysis considerations in the business case

    2.2.8 10 minutes

    Participants
    • PMO leader
    • Project Manager
    Input
    • The risks and issues identified through the impact analysis.
    Output
    • Comprehensive list of risks documented in the business case.
    Use the outcomes of the activities in this step to help inform your business case as well as any other risk management artifacts that your project managers may use.
    • Because long-term project success depends upon stakeholder adoption, high-risk impacts should be documented as considerations in the risk section of your business case.
    • In addition, the “Overall Impact Rating” graph and the “Impact Management Worksheet” could be used to help improve business cases as well as charters on some projects.

    If your organization doesn’t have a standard business case document, use one of Info-Tech’s templates. We have two templates to choose from, depending on the size of the project and the amount of rigor required:

    Download Info-Tech’s Comprehensive Business Case Template for large, complex projects or our Fast Track Business Case Template for smaller ones.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.3 Create a convincing sponsor-driven story to help build the case for change

    Work with an analyst to exercise your storytelling muscles, building out a process to help make the case for change throughout the organization.

    2.1.4 Develop a sponsorship action plan

    Utilize analyst experience to help develop a sponsorship action plan to help facilitate more engaged change project sponsors.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.2.3 Assess different change impacts across various stakeholder groups

    Get an analyst perspective on how each impact may affect different stakeholders in order to assist with the project and OCM planning process.

    2.2.4 Develop a proactive change impact management plan

    Rightsize your response to change impacts by developing a game plan to mitigate each one according to adoption likelihood.

    2.2.5 Use the results of the impact analysis to inform and improve the business case for the project

    Work with the analyst to translate the risks and opportunities identified during the impact analysis into points of consideration to help inform and improve the business case for the project.

    Phase 3

    Facilitate Change Adoption Throughout the Organization

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Facilitate Change Adoption Throughout the Organization

    Proposed Time to Completion (in weeks): 4 to 6 weeks

    Step 3.1: Ensure stakeholders are engaged and ready for change

    Discuss these issues with analyst:

    • Lack of alignment between IT and the business.
    • Organizational resistance to a command-and-control approach to change.

    Then complete these activities…

    • Develop a stakeholder engagement plan.

    With these tools & templates:

    • Stakeholder Engagement Workbook
    Step 3.2: Develop and execute the transition plan

    Discuss these issues with analyst:

    • Org change initiatives often fail due to the influence of resistors.
    • Failure to elicit feedback contributes to the feeling of a change being imposed.

    Then complete these activities…

    • Develop a communications strategy to address a variety of stakeholder reactions to change.

    With these tools & templates:

    • Transition Plan Template
    • Activity 3.2.7: “Objections Handling Template”
    Step 3.3: Establish HR and training plans

    Discuss these issues with analyst:

    • Training is often viewed as ineffective, contributing to change resistance rather than fostering adoption.

    Then complete these activities…

    • Rightsize training content based on project requirements and stakeholder sentiment.

    With these tools & templates:

    • “Training Requirements” tab in the Stakeholder Engagement Workbook
    • “Training Plan” section of the Transition Plan Template

    Step 3.1: Ensure stakeholders are engaged and ready for change

    Phase 3 - 3.1

    This step will walk you through the following activities:
    • Involve the right stakeholders in the change.
    • Define project roles and responsibilities.
    • Define elicitation methods for obtaining stakeholder input.
    • Perform a stakeholder analysis to assess influence, interest, and potential contribution.
    • Assess communications plan requirements.
    This step involves the following participants:
    • Required: PMO Director; project manager or business analyst
    • Recommended: Project Sponsor; the Transition Team; other IT/PMO staff
    Outcomes of this step
    • A stakeholder analysis.
    • Requirements for the communications plan.

    The nature of change is changing

    The challenge of managing change is complicated by forces that are changing change.

    Empowerment: Increased worker mobility, effect of millennials in the workforce, and lower average tenure means that people are less tolerant of a hierarchical, command-and-control approach to change.

    • Additionally, lower average tenure means you can’t assume everyone has the same context or background for change (e.g. they might not have been with the organization for earlier phases when project justification/rationale was established).

    Noise: Inundation with communications and diversity of channels means the traditional “broadcast” approach to communicating change doesn’t work (i.e. you can’t expect every email to get everyone’s attention).

    As a result, disciplines around organizational change tend to be less linear and deliberate than they were in the past.

    "People don’t resist change. They resist being changed."

    Peter Senge

    How to manage change in organizations of today and the future:

    • New realities require a more collaborative, engaging, open, and agile approach to change.
    • Communication is increasingly more of a two-way, ongoing, iterative engagement process.
    • Project leaders on change initiatives need to engage diverse audiences early and often.
    • Information about change needs to reach people and be easily findable where and when stakeholders need it.
    Info-Tech Insight

    Accountabilities for change management are still required. While change management needs to adopt more collaborative and organic approaches, org change success still depends on assigning appropriate accountabilities. What’s changed in the move to matrix structure is that accountabilities need to be facilitated more collaboratively.

    Leading change requires collaboration to ensure people, process, and technology factors are aligned

    In the absence of otherwise defined change leadership, the PMO needs to help navigate every technology-enabled change, even if it isn’t in the “driver’s seat.”

    PMO leaders and IT experts often find themselves asked to help implement or troubleshoot technology-related business projects that are already in flight.

    The PMO will end up with perceived or de facto responsibility for inadequate planning, communications, and training around technology-enabled change.

    IT-Led Projects

    Projects led by the IT PMO tend to be more vulnerable to underestimating the impact on people and processes on the business side.

    Make sure you engage stakeholders and representatives (e.g. “power users”) from user populations early enough to refine and validate your impact assessments.

    Business-Led Projects

    Projects led by people on the business side tend to be more vulnerable to underestimating the implications of technology changes.

    Make sure IT is involved early enough to identify and prepare for challenges and opportunities involving integration, user training, etc.

    "A major impediment to more successful software development projects is a corporate culture that results in a lack of collaboration because business executives view the IT departments as "order takers," a view disputed by IT leaders."

    – David Ramel (cited by Ben Linders)

    Foster change collaboration by initiating a stakeholder engagement plan through the PMO

    If project stakeholders aren’t on board, the organization’s change initiatives will be in serious trouble.

    Stakeholders will not only be highly involved in the process improvement initiative, but they also may be participants, so it’s essential that you get their buy-in for the initiative upfront.

    Use Info-Tech’s Stakeholder Engagement Workbook to help plan how stakeholders rate in terms of engagement with the project.

    Once you have identified where different stakeholders fall in terms of interests, influence, and support for/engagement with the change initiative, you can structure your communication plan (to be developed in step 3.2) based on where individuals and stakeholder groups fall.

    • Required participants for the activities in this step: PMO Leader; project manager or business analyst
    • Recommended participants for the activities in this step: Project Sponsor; IT/PMO staff

    Download Info-Tech’s Stakeholder Engagement Workbook.

    The engagement plan is a structured and documented approach for:

    • Gathering requirements by eliciting input and validating plans for change.
    • Cultivating sponsorship and support from key stakeholders early in the project lifecycle.

    Download Info-Tech’s Stakeholder Engagement Workbook.

    Involve the right people to drive and facilitate change

    Refer to your project level assessment from 1.2.2:

    • Level 1 projects tend to only require involvement from the project team, sponsors, and people affected.
    • Level 2 projects often benefit from broad support and capabilities in order to take advantage of opportunities.
    • Level 3 projects require broad support and capabilities in order to deal with risks and barriers.

    Info-Tech Insight

    The more transformational the change, the more it will affect the org chart – not just after the implementation, but also through the transition.

    Take time early in the project to define the reporting structure for the project/transition team, as well as any teams and roles supporting the transition.

    • Project manager: Has primary accountability for project success.
    • Senior executive project sponsor: Needed to “open doors” and signal organization’s commitment to the change.
    • Technology SMEs and architects: Responsible for determining and communicating requirements and risks of the technology being implemented or changed.
    • Business unit leads: Responsible for identifying and communicating impact on business functions, approving changes, and helping champion change.
    • Product/process owners: Responsible for identifying and communicating impact on business functions, approving changes, and helping champion change.
    • HR specialists: Most valuable when roles and organizational design are affected, i.e. change requires staff redeployment, substantial training (not just using a new system or tool but acquiring new skills and responsibilities), or termination.
    • Training specialists: If you have full-time training staff in the organization, you will eventually need them to develop training courses and material. Consulting them early will help with scoping, scheduling, and identifying the best resources and channels to deliver the training.
    • Communications specialists (internal): Valuable in crafting communications plan; required if communications function owns internal communications.

    Use the RACI table on the next slide to clarify who will be accountable, responsible, consulted, and informed for key tasks and activities around this change initiative.

    Define roles and responsibilities for facilitating change on your pilot OCM initiative

    3.1.1 60 minutes

    Perform a RACI exercise pertaining to your pilot change initiative to clarify who to include in the stakeholder engagement activity.

    Don’t reinvent the wheel: revisit the list of stakeholders and stakeholder groups from your impact assessment. The purpose of the RACI is to bring some clarity to project-specific responsibilities.

    Tasks PMO Project Manager Sr. Executives Technology SME Business Lead Process Owner HR Trainers Communications
    Meeting project objectives A R A R R
    Identifying risks and opportunities A R A C C C C I I
    Building the action plan A R C R R R R R R
    Planning and delivering communications A R C C C C C R A
    Planning and delivering training A R C C C C R A C
    Gathering and analyzing feedback and KPIs A R C C C C C R R

    Copy the results of this RACI exercise into tab 1 of the Stakeholder Engagement Workbook. In addition, it can be used to inform the designated RACI section in the Transition Plan Template. Revise the RACI Table there as needed.

    Formalize the stakeholder analysis to identify change champions and blockers

    Define key stakeholders (or stakeholder groups) who are affected by the project or are in positions to enable or block change.

    • Remember to consider customers, partners, and other external stakeholders.
    • People best positioned to provide insight and influence change positively are also best positioned to create resistance.
    • These people should be engaged early and often in the transition process – not just to make them feel included or part of the change, but because their insight could very likely identify risks, barriers, and opportunities that need to be addressed.

    The image is a screenshot of tab 3 of the Stakeholder Engagement Workbook.

    In tab three of the Stakeholder Engagement Workbook, compile the list of stakeholders who are touched by the change and whose adoption of the change will be key to project success.

    To save time, you can copy and paste your stakeholder list from the Set Up tab of the Organizational Change Management Impact Analysis Tool into the table below and edit the list as needed.

    Formal stakeholder analysis should be:

    • Required for Level 3 projects
    • Recommended for Level 2 projects
    • Optional for Level 1 projects

    Info-Tech Insight

    Resistance is, in many cases, avoidable. Resistance is commonly provided by people who are upset about not being involved in the communication. Missed opportunities are the same: they usually could have been avoided easily had somebody known in time. Use the steps ahead as an opportunity to ensure no one has been missed.

    Perform a stakeholder analysis to begin cultivating support while eliciting requirements

    3.1.2 60 minutes

    Use tab 4 of the Stakeholder Engagement Workbook to systematically assess each stakeholder's influence, interest, and potential contribution to the project as well as to develop plans for engaging each stakeholder or stakeholder group.

    The image is a screencapture of tab 4 of the Stakeholder Engagement Workbook.

    Use the drop-downs to select stakeholders and stakeholder groups. These will automatically populate based on your inputs in tab 3.

    Rate each stakeholder on a scale of 1 to 10 in terms of her/his influence in the organization. Not only do these rankings feed the stakeholder map that gets generated on the next slide, but they will help you identify change champions and resistors with influence.

    Similar to the ranking under “Influence,” rate the “Interest” and “Potential Contribution” to help identify stakeholder engagement.

    Document how you will engage each stakeholder and stakeholder group and document how soon you should communicate with them concerning the change. See the following slides for advice on eliciting change input.

    Use the elicitation methods on the following slides to engage stakeholders and gather change requirements.

    Elicitation methods – Observation

    Method Description Assessment and Best Practices Stakeholder Effort BA/PMO Effort
    Casual Observation The process of observing stakeholders performing tasks where the stakeholders are unaware they are being observed. Capture true behavior through observation of stakeholders performing tasks without informing them that they are being observed. This information can be valuable for mapping business process; however, it is difficult to isolate the core business activities from unnecessary actions. Low Medium
    Formal Observation The process of observing stakeholders performing tasks where the stakeholders are aware they are being observed. Formal observation allows business analysts to isolate and study the core activities in a business process because the stakeholder is aware they are being observed. Stakeholders may become distrusting of the business analyst and modify their behavior if they feel their job responsibilities or job security are at risk. Low Medium

    Info-Tech Insight

    Observing stakeholders does not uncover any information about the target state. Be sure to use contextual observation in conjunction with other techniques to discover the target state.

    Elicitation methods – Surveys

    Method Description Assessment and Best Practices Stakeholder Effort BA/PMO Effort
    Closed-Response Survey A survey that has fixed responses for each answer. A Likert-scale (or similar measures) can be used to have respondents evaluate and prioritize possible requirements. Closed-response surveys can be sent to large groups and used to quickly gauge user interest in different functional areas. They are easy for users to fill out and don’t require a high investment of time. However, their main deficit is that they are likely to miss novel requirements that are not listed. As such, closed-response surveys are best used after initial elicitation or brainstorming to validate feature groups. Low Medium
    Open-Response Survey A survey that has open-ended response fields. Questions are fixed, but respondents are free to populate the field in their own words. Open-response surveys take longer to fill out than closed, but can garner deeper insights. Open-response surveys are a useful supplement (and occasionally a replacement) for group elicitation techniques, like focus groups, when you need to receive an initial list of requirements from a broad cross-section of stakeholders. Their primary shortcoming is the analyst can’t immediately follow up on interesting points. However, they are particularly useful for reaching stakeholders who are unavailable for individual one-on-ones or group meetings. Medium Medium

    Info-Tech Insight

    Surveys can be useful mechanisms for initial drafting of raw requirements (open response) and gauging user interest in proposed requirements or feature sets (closed response). However, they should not be the sole focus of your elicitation program due to lack of interactivity and two-way dialogue with the business analyst.

    Elicitation methods – Interviews

    Method Description Assessment and Best Practices Stakeholder Effort BA/PMO Effort

    Structured One-on-One Interview

    		In a structured one-on-one interview, the business analyst has a fixed list of questions to ask the stakeholder and follows up where necessary. Structured interviews provide the opportunity to quickly hone in on areas of concern that were identified during process mapping or group elicitation techniques. They should be employed with purpose – to receive specific stakeholder feedback on proposed requirements or help identify systemic constraints. Generally speaking, they should take 30 minutes or less to complete. Low Medium

    Unstructured One-on-One Interview

    		In an unstructured one-on-one interview, the business analyst allows the conversation to flow freely. The BA may have broad themes to touch on, but does not run down a specific question list. Unstructured interviews are most useful for initial elicitation when brainstorming a draft list of potential requirements is paramount. Unstructured interviews work best with senior stakeholders (sponsors or power users), since they can be time consuming if they’re applied to a large sample size. It’s important for BAs not to stifle open dialogue and allow the participants to speak openly. They should take 60 minutes or less to complete. Medium Low

    Info-Tech Insight

    Interviews should be used with “high-value targets.” Those who receive one-on-one face time can help generate good requirements, as well as allow effective communication around requirements at a later point (i.e. during the analysis and validation phases).

    Elicitation methods – Focus Groups

    Method Description Assessment and Best Practices Stakeholder Effort BA/PMO Effort
    Focus Group Focus groups are sessions held between a small group (typically ten individuals or less) and an experienced facilitator who leads the conversation in a productive direction. Focus groups are highly effective for initial requirements brainstorming. The best practice is to structure them in a cross-functional manner to ensure multiple viewpoints are represented and the conversation doesn’t become dominated by one particular individual. Facilitators must be wary of “groupthink” in these meetings (the tendency to converge on a single POV). Medium Medium

    Info-Tech Insight

    Group elicitation techniques are most useful for gathering a wide spectrum of requirements from a broad group of stakeholders. Individual or observational techniques are typically needed for further follow-up and in-depth analysis with critical power users or sponsors.

    "Each person has a learning curve. Take the time to assess staff individually as some don’t adjust to change as well as others. Some never will." – CEO, Manufacturing Firm

    Refine your stakeholder analysis through the input elicitation process

    3.1.3 30 minutes

    Review all of these elicitation methods as you go through the workbook as a group. Be sure to document and discuss any other elicitation methods that might be specific to your organization.

    1. Schedule dates and a specific agenda for performing stakeholder elicitation activities.
    • If scheduling more formal methods such as a structured interview or survey, take the time to develop some talking points and questions (see the questionnaire and survey templates in the next step for examples).
  • Assign accountabilities for performing the elicitation exercises and set dates for updating the PMO on the results of these stakeholder elicitations.
  • As curator of the workbook, the PMO will need to refine the stakeholder data in tab 4 of the tool to get a more accurate stakeholder map on the next tab of the workbook.
    • Elicitation method Target stakeholder group(s) PMO staff responsible for eliciting input Next update to PMO
    One-on-one structured interview HR and Sales Karla Molina August 1

    Info-Tech Insight

    Engagement paves the way for smoother communications. The “engagement” approach (rather than simply “communication”) turns stakeholders and users into advocates who help boost your message, sustain change, and realize benefits without constant, direct intervention.

    Develop a stakeholder engagement strategy based on the output of your analysis

    Use the stakeholder map on tab 5 of the Workbook to inform your communications strategy and transition plan.

    Tab 5 of the Workbook provides an output – a stakeholder map – based on your inputs in the previous tab. Use the stakeholder map to inform your communications requirements considerations in the next tab of the workbook as well as your transition plan in the next step.

    The image is a screencapture of tab 5 of the Stakeholder Engagement Workbook.

    This is a screenshot of the “Stakeholder Analysis” from tab 5 of the Workbook. The four quadrants of the map are:

    • Engage (High Interest/High Influence)
    • Communicate – High Level (High Interest/Low Influence)
    • Passive (Low Interest/Low Influence)
    • Communicate – Low Level (Low Interest/High Influence)
    How to interpret each quadrant on the map:

    Top Quadrants: Supporters

    1. Engage: Capitalize on champions to drive the project/change.
    2. Communicate (high level): Leverage this group where possible to help socialize the program and to help encourage dissenters to support.

    Bottom Quadrant: Blockers

    1. Passive: Focus on increasing these stakeholders’ level of support.
    2. Communicate (low level): Pick your battles – focus on your noise makers first and then move on to your blockers.

    Document communications plan requirements based on results of engagement and elicitation

    3.1.4 60 minutes

    The image is a screencapture of the Communications Requirements tab in the Stakeholder Engagement Workbook

    Use the Communications Requirements tab in the Stakeholder Engagement Workbook.

    Do this as a 1–2 hour project team planning session.

    The table will automatically generate a list of stakeholders based on your stakeholder analysis.

    Update the assumptions that you made about the impact of the change in the Impact Analysis with results of stakeholder engagement and elicitation activities.

    Use the table on this tab to refine these assumptions as needed before solidifying your communications plan.

    Define the action required from each stakeholder or stakeholder group (if any) for change to be successful.

    Continually refine messages and methods for communicating with each stakeholder and stakeholder group.

    Note words that work well and words that don’t. For example, some buzzwords might have negative connotations from previous failed initiatives.

    Designate who is responsible for developing and honing the communications plan (see details in the following section on developing the transition plan).

    Step 3.2: Develop and execute the transition plan

    Phase 3 - 3.2

    This step will walk you through the following activities:
    • Create a communications timeline.
    • Establish communications strategy for stakeholder groups.
    • Determine communication delivery methods.
    • Define the feedback and evaluation process.
    • Assess the full range of support and resistance to change.
    • Prepare objections handling process.
    This step involves the following participants:
    • PMO Director
    • Transition Team
    • Project managers
    • Business analyst
    • Project Sponsor
    • Additional IT/PMO staff
    Outcomes of this step
    • A communications strategy
    • A stakeholder feedback process
    • An objections handling strategy
    • A transition plan

    Effective change requires strategic communications and rightsized training plans

    Develop and execute a transition plan through the PMO to ensure long-term adoption.

    In this step we will develop and introduce a plan to manage change around your project.

    After completing this section you will have a realistic, effective, and adaptable transition plan that includes:

    • Clarity around leadership and vision.
    • Well-defined plans for targeting unique groups with specific messages.
    • Resistance and contingency plans.
    • Templates for gathering feedback and evaluating success.

    These activities will enable you to:

    • Execute the transition in coordination with the timeline and structure of the core project.
    • Communicate the action plan and vision for change.
    • Target specific stakeholder and user groups with unique messages.
    • Deal with risks, resistance, and contingencies.
    • Evaluate success through feedback and metrics.

    "Everyone loves change: take what you know and replace it with a promise. Then overlay that promise with the memory of accumulated missed efforts, half-baked attempts, and roads of abandoned promises."

    Toby Elwin

    Assemble the core transition team to help execute this step

    Once the stakeholder engagement step has been completed, the PMO needs to facilitate the involvement of the transition team to help carry out transition planning and communications strategies.

    You should have already sketched out a core transition team in step 1.2.6 of this blueprint. As with all org change activities, ensuring that individuals are made accountable for the execution of the following activities will be key for the long-term success of your change initiative.

    • At this stage, the PMO needs to ensure the involvement of the transition team to participate in the following activities – or the PMO will need to take on the transition planning and communication responsibilities itself.

    Refer to the team structure examples from Activity 1.2.6 of this blueprint if you are still finalizing your transition team.

    Download Info-Tech’s Transition Plan Template to help capture and record the outcomes of the activities in this step.

    Create a high-level communications timeline

    3.2.1 30 minutes

    By now the project sponsor, project manager, and business analysts (or equivalent) should have defined project timelines, requirements, and other key details. Use these to start your communications planning process.

    If your members of the transition team are also part of the core project team, meet with them to elicit the project timeline and requirements.

    Project Milestone Milestone Time Frame Communications Activities Activity Timing Notes
    Business Case Approval
    • Key stakeholder communications
    Pilot Go-Live
    • Pilot launch activity communications
    • Org-wide status communications
    Full Rollout Approval
    • Key stakeholder communications
    Full Rollout
    • Full rollout activity communications
    • Org-wide status communications
    Benefits Assessment
    • Key stakeholder communications
    • Org-wide status communications

    Info-Tech Insight

    Communicate, communicate, communicate.

    Staff are 34% more likely to adapt to change quickly during the implementation and adoption phases when they are provided with a timeline of impending changes specific to their department. (Source: McLean & Company)

    Schedule time to climb out of the “Valley of Despair”

    Many change initiatives fail when leaders give up at the first sign of resistance.

    OCM experts use terms like “Valley of Despair” to describe temporary drops in support and morale that inevitably occur with any significant change. Don’t let these temporary drops derail your change efforts.

    Anticipate setbacks and make sure the project plan accommodates the time and energy required to sustain and reinforce the initiative as people move through stages of resistance.

    The image is a line graph. Segments of the line are labelled with numbers. The beginning of the line is labelled with 1; the descending segment of the line labelled 2; the lowest point is labelled 3; the ascending section is labelled 4; and the end of the graph is labelled 5.

    Based on Don Kelley and Daryl Conner’s Emotional Cycle of Change.

    Identify critical points in the change curve:

    1. Honeymoon of “Uninformed Optimism”: There is usually tentative support and even enthusiasm for change before people have really felt or understood what it involves.
    2. Backlash of “Informed Pessimism” (leading to “Valley of Despair”): As change approaches or begins, people realize they’ve overestimated the benefits (or the speed at which benefits will be achieved) and underestimated the difficulty of change.
    3. Valley of Despair and beginning of “Hopeful Realism”: Eventually, sentiment bottoms out and people begin to accept the difficulty (or inevitability) of change.
    4. Bounce of “Informed Optimism”: People become more optimistic and supportive when they begin to see bright spots and early successes.
    5. Contentment of “Completion”: Change has been successfully adopted and benefits are being realized.

    Tailor a communications strategy for each stakeholder group

    Leveraging the stakeholder analyses you’ve already performed in steps 2.2 and 3.1, customize your communications strategy for the individual stakeholder groups.

    Think about where each of the groups falls within the Organizational Change Depth Scale (below) to determine the type of communications approach required. Don’t forget: the deeper the change, the tougher the job of managing change will be.

    Procedural Behavioral Interpersonal Vocational Cultural

    Position

    • Changing procedures requires clear explanation of what has changed and what people must do differently.
    • Avoid making people think wherever possible. Provide procedural instructions when and where people need them to ensure they remember.

    Incentivize

    • Changing behaviors requires breaking old habits and establishing new ones by adjusting the contexts in which people work.
    • Consider a range of both formal and informal incentives and disincentives, including objective rewards, contextual nudges, cues, and informal recognition

    Empathize

    • Changing people’s relationships (without damaging morale) requires showing empathy for disrupting what is often a significant source of their well-being.
    • Show that efforts have been made to mitigate disruption, and sacrifice is shared by leadership.

    Educate

    • Changing people’s roles requires providing ways to acquire knowledge and skills they need to learn and succeed.
    • Consider a range of learning options that includes both formal training (external or internal) and ongoing self-directed learning.

    Inspire

    • Changing values and norms in the organization (i.e. what type of things are seen as “good” or “normal”) requires deep disruption and persistence.
    • Think beyond incentives; change the vocabularies in which incentives are presented.

    Base your communications approaches on our Organizational Change Depth Scale

    Use the below “change chakras” as a quick guide for structuring your change messages.

    The image is a human, with specific areas of the body highlighted, with notes emerging from them. Above the head is a cloud, labelled Cultural Change/Inspire-Shape ideas and aspirations. The head is the next highlighted element, with notes reading Vocational Change/Educate-Develop their knowledge and skills. The heart is the next area, labelled with Interpersonal Change/Empathize-Appeal to their hearts. The stomach is pictured, with the notes Behavioral Change/Incentivize-Appeal to their appetites and instincts. The final section are the legs, with notes reading Procedural Change/Position-Provide clear direction and let people know where and when they’re needed.

    Categorize stakeholder groups in terms of communications requirements

    3.2.2 30 minutes

    Use the table below to document where your various stakeholder groups fall within the depth scale.
    Depth Levels Stakeholder Groups Tactics
    Procedural Position: Provide explanation of what exactly has changed and specific procedural instructions of what exactly people must do differently to ensure they remember to make adjustments as effortlessly as possible.
    Behavioral Incentivize: Break old habits and establish new ones by adjusting the context of formal and informal incentives (including objective rewards, contextual nudges, cues, and informal recognition).
    Interpersonal Empathize: Offer genuine recognition and support for disruptions of personal networks (a significant source of personal well-being) that may result from changing work relationships. Show how leadership shares the burden of such sacrifices.
    Vocational Educate: Provide a range of learning options (formal and self-directed) to provide the knowledge and skills people need to learn and succeed in changed roles.
    Cultural Inspire: Frame incentives in a vocabulary that reflects any shift in what types of things are seen as “good” or “normal” in the organization.

    The deeper the impact, the more complex the communication strategy

    Interposal, vocational, and cultural changes each require more nuanced approaches when communicating with stakeholders.

    Straightforward → Complex

    When managing interpersonal, vocational, or cultural changes, you will be required to incorporate more inspirational messaging and gestures of empathy than you typically might in a business communication.

    Communications that require an appeal to people’s emotions can be, of course, very powerful, but they are difficult to craft. As a result, oftentimes messages that are meant to inspire do the exact opposite, coming across as farfetched or meaningless platitudes, rather than evocative and actionable calls to change.

    Refer to the tactics below for assistance when crafting more complex change communications that require an appeal to people’s emotions and imaginations.

    • Tell a story. Describe a journey with a beginning (who we are and how we got here) and a destination (our goals and expected success in the future).
    • Convey an intuitive sense of direction. This helps people act appropriately without being explicitly told what to do.
    • Appeal to both emotion and reason. Make people want to be part of the change.
    • Balance abstract ideas with concrete facts. Writers call this “moving up and down the ladder of abstraction.” Without concrete images and facts, the vision will be meaninglessly vague. Without abstract ideas and principles, the vision will lack power to unite people and inspire broad support.
    • Be concise. Make your messages easy to communicate and remember in any situation.

    "Instead of resisting any emotion, the best way to dispel it is to enter it fully, embrace it and see through your resistance."

    Deepak Chopra

    Fine-tune change communications for each stakeholder or audience

    3.2.3 60 to 90 minutes

    Use Info-Tech’s “Message Canvas” (see next slide) to help rationalize and elaborate the change vision for each group.

    Build upon the more high-level change story that you developed in step 1.1 by giving more specificity to the change for specific stakeholder groups.

    Questions to address in your communication strategy include: How will the change benefit the organization and its people? How have we confirmed there is a need for change? What would happen if we didn’t change? How will the change leverage existing strengths – what will stay the same? How will we know when we get to the desired state?

    Remember these guidelines to help your messages resonate:

    • People are busy and easily distracted. Tell people what they really need to know first, before you lose their attention.
    • Repetition is good. Remember the Aristotelian triptych: “Tell them what you’re going to tell them, then tell them, then tell them what you told them.”
    • Don’t use technical terms, jargon, or acronyms. Different groups in organizations tend to develop specialized vocabularies. Everybody grows so accustomed to using acronyms and jargon every day that it becomes difficult to notice how strange it sounds to outsiders. This is especially important when IT communicates with non-technical audiences. Don’t alienate your audience by talking at them in a strange language.
    • Test your message. Run focus groups or deliver communications to a test audience (which could be as simple as asking 2–3 people to read a draft) before delivering messages more broadly.

    Info-Tech Insight

    Change thy language, change thyself.

    Jargon, acronyms, and technical terms represent deeply entrenched cultural habits and assumptions.

    Continuing to use jargon or acronyms after a transition tends to drag people back to old ways of thinking and working.

    You don’t need to invent a new batch of buzzwords for every change (nor should you), but every change is an opportunity to listen for words and phrases that have lost their meaning through overuse and abuse.

    3.2.3 continued - Example “Message Canvas”

    The image is a screencapture of tab 6 of the Organizational Change Impact Analysis Tool, which is a message canvas

    If there are multiple messages or impacts that need to be communicated to a single group or audience, you may need to do multiple Message Canvases per group. Refer back to your Stakeholder Engagement Workbook to help inform the stakeholder groups and messages that this activity should address.

    Go to tab 6 of the Organizational Change Impact Analysis Toolfor multiple message canvas template boxes that you can use. These messages can then help inform your communication plan on tab 7 of that tool.

    Determine methods for communications delivery

    Review your options for communicating your change. This slide covers traditional methods of communication, while the following slides cover some options for multimedia mass-communications.

    Method Best Practices
    Email Email announcements are necessary for every organizational change initiative but are never sufficient. Treat email as a formalizing medium, not a medium of effective communication when organizational change is concerned. Use email to invite people to in-person meetings, make announcements across teams and geographical areas at the same time, and share formal details.
    Team Meeting Team meetings help sell change. Body language and other in-person cues are invaluable when trying to influence people. Team meetings also provide an opportunity to gauge a group’s response to an announcement and gives the audience an opportunity to ask questions and get clarification.
    One-on-One One-on-ones are more effective than team meetings in their power to influence and gauge individual responses, but aren’t feasible for large numbers of stakeholders. Use one-on-ones selectively: identify key stakeholders and influencers who are most able to either advocate change on your behalf or provide feedback (or both).
    Internal Site / Repository Internal sites and repositories help sustain change by making knowledge available after the implementation. People don’t retain information very well when it isn’t relevant to them. Much of their training will be forgotten if they don’t apply that knowledge for several weeks or months. Use internal sites and repositories for how-to guides and standard operating procedures.

    Review multimedia communication methods for reaching wider audiences in the organization

    Method Best Practices
    User Interfaces User interface (UI) design is overlooked as a communication method. Often a simple UI refinement with the clearer prompts or warnings is more effective and efficient than additional training and repeated email reminders.
    Social Media Social media is widely and deeply embraced by people publicly, and is increasingly useful within organizations. Look for ways to leverage existing internal social tools. Avoid trying to introduce new social channels to communicate change unless social transformation is within the scope of the core project’s goals; the social tool itself might become as much of an organizational change management challenge as the original project.
    Posters & Marketing Collateral Posters and other marketing collateral are common communication tools in retail and hospitality industries that change managers in other industries often don’t think of. Making key messages a vivid, visual part of people’s everyday environment is a very effective way to communicate. On the down side, marketing collateral requires professional design skills and can be costly to create. Professional copywriting is also advisable to ensure your message resonates.
    Video Videos are well worth the cost to produce when the change is transformational in nature, as in cultural changes. Videos are useful for both communicating the vision and as part of the training plan.

    Document communication methods and build the Communications Delivery Plan

    3.2.4 30 minutes

    1. Determine when communications need to be delivered for each stakeholder group.
    2. Select the most appropriate delivery methods for each group and for each message.
    • Meetings and presentations
    • Email/broadcast
    • Intranet and other internal channels (e.g. internal social network)
    • Open houses and workshops
  • Designate who will deliver the messages.
  • Develop plans to follow up for feedback and evaluation (Step 3.2.5).

    • The image is a screenshot of the Stakeholder/Audience section of the Transition Plan Template.

    This is a screenshot from the “Stakeholder/Audience” section of Info-Tech’s Transition Plan Template. Use the template to document your communication strategy for each audience and your delivery plan.

    "The role of project communication is to inspire, instigate, inform or educate and ultimately lead to a desired action. Project communication is not a well presented collection of words; rather it is something that propels a series of actions."

    Sidharth Thakur

    Info-Tech Insight

    Repetition is crucial. People need to be exposed to a message 7 times before it sticks. Using a variety of delivery formats helps ensure people will notice and remember key messages. Mix things up to keep employees engaged and looking forward to the next update.

    Define the feedback and evaluation process to ensure an agile response to resistance

    3.2.5 46 to 60 minutes

    1. Designate where/when on the roadmap the project team will proactively evaluate progress/success and elicit feedback in order to identify emerging challenges and opportunities.
    2. Create checklists to review at key milestones to ensure plans are being executed. Review…
    • Key project implementation milestones (i.e. confirm successful deployment/installation).
    • Quick wins identified in the impact analysis and determined in the transition plan (see the following slides for advice in leveraging quick wins).
  • Ensure there is immediate follow-up on communications and training:
    • Confirm understanding and acceptance of vision and action plan – utilize surveys and questionnaires to elicit feedback.
    • Validate people’s acquisition of required knowledge and skills.
    • Identify emerging/unforeseen challenges and opportunities.

    • "While creating and administering a survey represent(s) additional time and cost to the project, there are a number of benefits to be considered: 1) Collecting this information forces regular and systematic review of the project as it is perceived by the impacted organizations, 2) As the survey is used from project to project it can be improved and reused, 3) The survey can quickly collect feedback from a large part of the organization, increasing the visibility of the project and reducing unanticipated or unwelcome reactions."

    – Claire Schwartz

    Use the survey and questionnaire templates on the following two slides for assistance in eliciting feedback. Record the evaluation and feedback gathering process in the Transition Plan Template.

    Sample stakeholder questionnaire

    Use email to distribute a questionnaire (such as the example below) to project stakeholders to elicit feedback.

    In addition to receiving invaluable opinions from key stakeholders and the frontline workers, utilizing questionnaires will also help involve employees in the change, making them feel more engaged and part of the change process.

    Interviewee Date
    Stakeholder Group Interviewer
    Question Response Notes
    How do you think this change will affect you?
    How do you think this change will affect the organization?
    How long do you expect the change to take?
    What do you think might cause the project/change to fail?
    What do you think are the most critical success factors?

    Sample survey template

    Similar to a questionnaire, a survey is a great way to assess the lay of the land in terms of your org change efforts and the likelihood of adoption.

    Using a free online survey tool like Survey Monkey, Typeform, or Google Forms, surveys are quick and easy to generate and deploy. Use the below example as a template to build from.

    Use survey and questionnaire feedback as an occasion to revisit the Impact Analysis Tool and reassess the impacts and roadblocks based on hard feedback.

    To what degree do you agree or disagree with each of the following statements?

    1=Strongly Disagree, 2=Disagree, 3=Somewhat Disagree, 4=Somewhat Agree, 5=Agree, 6=Strongly Agree

    1. I understand why [this change] is happening.
    2. I agree with the decision to [implement this change].
    3. I have the knowledge and tools needed to successfully go through [this change].
    4. Leadership/management is fully committed to the change.
    5. [This change] will be a success.

    Rate the impact of this change.

    1=Very Negative, 2=Negative, 3=Somewhat Negative, 4=Somewhat Positive, 5=Positive, 6=Very Positive

    1. On you personally.
    2. On your team/department/unit.
    3. On the organization as a whole.
    4. On people leading the change.

    Develop plans to leverage support and deal with resistance, objections, and fatigue

    Assess the “Faces of Change” to review the emotions provoked by the change in order to proactively manage resistors and engage supporters.

    The slides that follow walk you through activities to assess the different “faces of change” around your OCM initiative and to perform an objections handling exercise.

    Assessing people’s emotional responses to the change will enable the PMO and transition team to:

    • Brainstorm possible questions, objections, suggestions, and concerns from each audience.
    • Develop responses to questions, objections, and concerns.
    • Revise the communications messaging and plan to include proactive objections handling.
    • Re-position objections and suggestions as questions to plan for proactively communicating responses and objections to show people that you understand their point of view.
    • Develop a plan with clearly defined responsibility for regularly updating and communicating the objections handling document. Active Subversion Quiet Resistance Vocal Skepticism Neutrality / Uncertainty Vocal Approval Quiet Support Active Leadership
    Hard Work Vs. Tough Work

    Carol Beatty’s distinction between “easy work,” “hard work,” and “tough work” can be revealing in terms of the high failure rate on many change initiatives. (“The Tough Work of Managing Change.” Queen’s University IRC. 2015.)

    • Easy work includes administrative tasks like scheduling meetings and training sessions or delivering progress reports.
    • Hard work includes more abstract efforts like estimating costs/benefit or defining requirements.
    • Tough work involves managing people and emotions, i.e. providing leadership through setbacks, and managing resistance and conflict.

    That is what makes organizational change “tough,” as opposed to merely hard. Managing change requires mental and emotional toughness to deal with uncertainty, ambiguity, and conflict.

    Assess the full range of support and resistance to change

    3.2.6 20 minutes

    Categorize the feedback received from stakeholder groups or individual stakeholders across the “faces of change” spectrum.

    Use the table below to document where different stakeholders and stakeholder groups fall within the spectrum.

    Response Symptoms Examples
    Active Subversion Publicly or privately disparaging the transition (in some cases privately disparaging while pretending to support); encouraging people to continue doing things the old way or to leave the organization altogether. Group/Name
    Quiet Resistance Refusing to adopt change, continuing to do things the old way (including seemingly trivial or symbolic things). Non-participative. Group/Name
    Vocal Skepticism Asking questions; questioning the why, what, and how of change, but continuing to show willingness to participate and try new things. Group/Name
    Neutrality / Uncertainty Non-vocal participation, perhaps with some negative body language, but continuing to show tacit willingness to try new things. Group/Name
    Vocal Approval Publicly and privately signaling buy-in for the change. Group/Name
    Quiet Support Actively helping to enable change to succeed without necessarily being a cheerleader or trying to rally others around the transition. Group/Name
    Active Leadership Visibly championing the change and helping to rally others around the transition. Group/Name

    Review strategies and tactics for engaging different responses

    Use the below tactics across the “faces of change” spectrum to help inform the PMO’s responses to sources of objection and resistance and its tactics for leveraging support.

    Response Engagement Strategies and Tactics
    Active Subversion Firmly communicate the boundaries of acceptable response to change: resistance is a natural response to change, but actively encouraging other people to resist change should not be tolerated. Active subversion often indicates the need to find a new role or depart the organization.
    Quiet Resistance Resistance is a natural response to change. Use the Change Curve to accommodate a moderate degree and period of resistance. Use the OCM Depth Scale to ensure communications strategies address the irrational sources of resistance.
    Vocal Skepticism Skepticism can be a healthy sign. Skeptics tend to be invested in the organization’s success and can be turned into vocal and active supporters if they feel their questions and concerns have been heard and addressed.
    Neutrality / Uncertainty Most fence-sitters will approve and support change when they start to see concrete benefits and successes, but are equally likely to become skeptics and resisters when they see signs of failure or a critical mass of skepticism, resistance, or simply ambivalence.
    Vocal Approval Make sure that espoused approval for change isn’t masking resistance or subversion. Engage vocal supporters to convert them into active enablers or champions of change.
    Quiet Support Engage quiet supporters to participate where their skills or social and political capital might help enable change across the organization. This could either be formal or informal, as too much formal engagement can invite minor disagreements and slow down change.
    Active Leadership Engage some of the active cheerleaders and champions of change to help deliver communications (and in some cases training) to their respective groups or teams.

    Don’t let speed bumps become roadblocks

    What If... Do This: To avoid:
    You aren’t on board with the change? Fake it to your staff, then communicate with your superiors to gather the information you need to buy in to the change. Starting the change process off on the wrong foot. If your staff believe that you don’t buy in to the change, but you are asking them to do so, they are not going to commit to it.
    When you introduce the change, a saboteur throws a tantrum? If the employee storms out, let them. If they raise uninformed objections in the meeting that are interrupting your introduction, ask them to leave and meet with them privately later on. Schedule an ad hoc one-on-one meeting. A debate at the announcement. It’s an introduction to the change and questions are good, but it’s not the time for debate. Leave this for the team meetings, focus groups, and one-on-ones when all staff have digested the information.
    Your staff don’t trust you? Don’t make the announcement. Find an Enthusiast or another manager that you trust to make the announcement. Your staff blocking any information you give them or immediately rejecting anything you ask of them. Even if you are telling the absolute truth, if your staff don’t trust you, they won’t believe anything you say.
    An experienced skeptic has seen this tried before and states it won’t work? Leverage their experience after highlighting how the situation and current environment is different. Ask the employee what went wrong before. Reinventing a process that didn’t work in the past and frustrating a very valuable segment of your staff. Don’t miss out on the wealth of information this Skeptic has to offer.

    Use the Objections Handling Template on the next slide to brainstorm specific objections and forms of resistance and to strategize about the more effective responses and mitigation strategies.

    Copy these objections and responses into the designated section of the Transition Plan Template. Continue to revise objections and responses there if needed.

    Objections Handling Template

    3.2.7 45 to 60 minutes

    Objection Source of Objection PMO Response
    We tried this two years ago. Vocal skepticism Enabling processes and technologies needed time to mature. We now have the right process discipline, technologies, and skills in place to support the system. In addition, a dedicated role has been created to oversee all aspects of the system during and after implementation.
    Why aren’t we using [another solution]? Uncertainty We spent 12 months evaluating, testing, and piloting solutions before selecting [this solution]. A comprehensive report on the selection process is available on the project’s internal site [here].

    Info-Tech Insight

    There is insight in resistance. The individuals best positioned to provide insight and influence change positively are also best positioned to create resistance. These people should be engaged throughout the implementation process. Their insights will very likely identify risks, barriers, and opportunities that need to be addressed.

    Make sure the action plan includes opportunities to highlight successes, quick wins, and bright spots

    Highlighting quick wins or “bright spots” helps you go from communicating change to more persuasively demonstrating change.

    Specifically, quick wins help:

    • Demonstrate that change is possible.
    • Prove that change produces positive results.
    • Recognize and reward people’s efforts.

    Take the time to assess and plan quick wins as early as possible in the planning process. You can revisit the impact assessment for assistance in identifying potential quick wins; more so, work with the project team and other stakeholders to help identify quick wins as they emerge throughout the planning and execution phases.

    Make sure you highlight bright spots as part of the larger story and vision around change. The purpose is to continue to build or sustain momentum and morale through the transition.

    "The quick win does not have to be profound or have a long-term impact on your organization, but needs to be something that many stakeholders agree is a good thing… You can often identify quick wins by simply asking stakeholders if they have any quick-win recommendations that could result in immediate benefits to the organization."

    John Parker

    Tips for identifying quick wins (Source: John Parker, “How Business Analysts can Identify Quick Wins,” 2013):
    • Brainstorm with your core team.
    • Ask technical and business stakeholders for ideas.
    • Observe daily work of users and listen to users for problems and opportunities; quick wins often come from the rank and file, not from the top.
    • Review and analyze user support trouble tickets; this can be a wealth of information.
    • Be open to all suggestions.

    Info-Tech Insight

    Stay positive. Our natural tendency is to look for what’s not working and try to fix it. While it’s important to address negatives, it’s equally important to highlight positives to keep people committed and motivated around change.

    Document the outcomes of this step in the Transition Plan Template

    3.2.8 45 minutes

    Consolidate and refine communication plan requirements for each stakeholder and group affected by change.

    Upon completion of the activities in this step, the PMO Director is responsible for ensuring that outcomes have been documented and recorded in the Transition Plan Template. Activities to be recorded include:

    • Stakeholder Overview
    • Communications Schedule Activity
    • Communications Delivery
    • Objections Handling
    • The Feedback and Evaluation Process

    Going forward, successful change will require that many responsibilities be delegated beyond the PMO and core transition team.

    • Delegate responsibilities to HR, managers, and team members for:
      • Advocating the importance of change.
      • Communicating progress toward project milestones and goals.
      • Developing HR and training plan.
    • Ensure sponsorship stays committed and active during and after the transition.
      • Leadership visibility throughout the execution and follow-up of the project is needed to remind people of the importance of change and the organization’s commitment to project success.

    Download Info-Tech’s Transition Plan Template.

    "Whenever you let up before the job is done, critical momentum can be lost and regression may follow." – John Kotter, Leading Change

    Step 3.3: Establish HR and Training Plans

    Phase 3 - 3.3

    This step will walk you through the following activities:
    • Analyze HR requirements for involvement in training.
    • Outline appropriate HR and training timelines.
    • Develop training plan requirements across different stakeholder groups.
    • Define training content.
    • Assess skills required to support the change and review options for filling HR gaps.
    This step involves the following participants:
    • PMO Director
    • Transition Team
    • HR Personnel
    • Project Sponsor
    Outcomes of this step
    • A training plan
    • Assessment of skill required to support the change

    Make sure skills, roles, and teams are ready for change

    Ensure that the organization has the infrastructure in place and the right skills availability to support long-term adoption of the change.

    The PMO’s OCM approach should leverage organizational design and development capabilities already in place.

    Recommendations in this section are meant to help the PMO and transition team understand HR and training plan activities in the context of the overall transition process.

    Where organizational design and development capabilities are low, the following steps will help you do just enough planning around HR, and training and development to enable the specific change.

    In some cases the need for improved OCM will reveal the need for improved organizational design and development capabilities.

    • Required Participants for this Step: PMO Leader; PMO staff; Project manager.
    • Recommended Participants for this Step: Project Sponsor; HR personnel.

    This section will walk you through the basic steps of developing HR, training, and development plans to support and enable the change.

    For comprehensive guidance and tools on role, job, and team design, see Info-Tech’s Transform IT Through Strategic Organizational Design blueprint.

    Info-Tech Insight

    Don’t make training a hurdle to adoption. Training and other disruptions take time and energy away from work. Ineffective training takes credibility away from change leaders and seems to validate the efforts of saboteurs and skeptics. The PMO needs to ensure that training sessions are as focused and useful as possible.

    Analyze HR requirements to ensure efficient use of HR and project stakeholder time

    3.3.1 30-60 minutes

    Refer back to Activity 3.2.4. Use the placement of each stakeholder group on the Organizational Change Depth Scale (below) to determine the type of HR and training approach required. Don’t impose training rigor where it isn’t required.

    Procedural Behavioral Interpersonal Vocational Cultural
    Simply changing procedures doesn’t generally require HR involvement (unless HR procedures are affected). Changing behaviors requires breaking old habits and establishing new ones, often using incentives and disincentives. Changing teams, roles, and locations means changing people’s relationships, which adds disruption to people’s lives and challenges for any change initiative. Changing people’s roles and responsibilities requires providing ways to acquire knowledge and skills they need to learn and succeed. Changing values and norms in the organization (i.e. what type of things are seen as “good” or “normal”) requires deep disruption and persistence.
    Typically no HR involvement. HR consultation recommended to help change incentives, compensation, and training strategies. HR consultation strongly recommended to help define roles, jobs, and teams. HR responsibility recommended to develop training and development programs. HR involvement recommended.

    22%

    In a recent survey of 276 large and midsize organizations, eighty-seven percent of survey respondents trained their managers to “manage change,” but only 22% felt the training was truly effective. (Towers Watson)

    Outline appropriate HR and training timelines

    3.3.2 15 minutes

    Revisit the high-level project schedule from steps 1.2.4 and 3.4.1 to create a tentative timeline for HR and training activities.

    Revise this timeline throughout the implementation process, and refine the timing and specifics of these activities as you move from the development to the deployment phase.

    Project Milestone Milestone Time Frame HR/Training Activities Activity Timing Notes
    Business Case Approval
    • Consulted to estimate timeline and cost
    Pilot Go-Live
    • Train groups affected by pilot
    Full Rollout Approval
    • Consulted to estimate timeline and cost
    Full Rollout
    • Train the trainers for full-scale rollout
    Benefits Assessment
    • Consulted to provide actual time and costs

    "The reason it’s going to hurt is you’re going from a state where you knew everything to one where you’re starting over again."

    – BA, Natural Resources Company

    Develop the training plan to ensure that the right goals are set, and that training is properly timed and communicated

    3.3.3 60 minutes

    Use the final tab in the Stakeholder Engagement Workbook, “7. Training Requirements,” to begin fleshing out a training plan for project stakeholders.

    The image is a screencapture of the final tab in the Stakeholder Engagement Workbook, titled Training Requirements.

    The table will automatically generate a list of stakeholders based on your stakeholder analysis.

    If your stakeholder list has grown or changed since the stakeholder engagement exercise in step 3.1, update the “Stakeholder List” tab in the tool.

    Estimate when training can begin, when training needs to be completed, and the total hours required.

    Training too early and too late are both common mistakes. Training too late hurts morale and creates risks. Training too early is often wasted and creates the need for retraining as knowledge and skills are lost without immediate relevance to their work.

    Brainstorm or identify potential opportunities to leverage for training (such as using existing resources and combining multiple training programs).

    Review the Change Management Impact Analysis to assess skills and knowledge required for each group in order for the change to succeed.

    Depending on the type of change being introduced, you may need to have more in-depth conversations with technical advisors, project management staff, and project sponsors concerning gaps and required content.

    Define training content and make key logistical decisions concerning training delivery for staff and users

    3.3.4 30-60 minutes

    Ultimately, the training plan will have to be put into action, which will require that the key logistical decisions are made concerning content and training delivery.

    The image is a screencapture of the Training Plan section of the Transition Plan Template.

    1. Use the “Training Plan” section in Info-Tech’s Transition Plan Template to document details of your training plan: schedules, resources, rooms, and materials required, etc.
    2. Designate who is responsible for developing the training content details. Responsibilities will include:
      • Developing content modules.
      • Determining the appropriate delivery model for each audience and content module (e.g. online course, classroom, outsourced, job shadowing, video tutorials, self-learning).
      • Finding and booking resources, locations, equipment, etc.

    “95% of learning leaders from organizations that are very effective at implementing important change initiatives find best practices by partnering with a company or an individual with experience in the type of change, twice as often as ineffective organizations.”

    Source: Implementing and Supporting Training for Important Change Initiatives.

    Training content should be developed and delivered by people with training experience and expertise, working closely with subject matter experts. In the absence of such individuals, partnering with experienced trainers is a cost that should be considered.

    Assess skills required to support the change that are currently absent or in short supply

    3.3.5 15 to 30 minutes

    The long-term success of the change is contingent on having the resources to maintain and support the tool, process, or business change being implemented. Otherwise, resourcing shortfalls could threaten the integrity of the new way of doing things post-change, threatening people’s trust and faith in the validity of the change as a whole.

    Use the table below to assess and record skills requirements. Refer to the tactics on the next slide for assistance in filling gaps.

    Skill Required Description of Need Possible Resources Recommended Next Steps Timeline
    Mobile Dev Users expect mobile access to services. We need knowledge of various mobile platforms, languages or frameworks, and UX/UI requirements for mobile.
    • Train web team
    • Outsource
    • Analyze current and future mobile requirements.
    		Probably Q1 2015
    DBAs Currently have only one DBA, which creates a bottleneck. We need some DBA redundancy to mitigate risk of single point of failure.
    • Redeploy and train member of existing technology services team.
    • Hire or contract new resources.
    • Analyze impact of redeploying existing resources.
    		Q3 2014

    Review your options for filling HR gaps

    Options: Benefits: Drawbacks:
    Redeploy staff internally
    • Retains firm-specific knowledge.
    • Eliminates substantial costs of recruiting and terminating employees.
    • Mitigates risk; reduces the number of unknowns that come with acquiring talent.
    • Employees could already be fully or over-allocated.
    • Employees might lack the skills needed for the new or enhanced positions.
    Outsource
    • Best for addressing short-term, urgent needs, especially when the skills and knowledge required are too new or unfamiliar to manage internally.
    • Risk of sharing sensitive information with third parties.
    • Opportunity cost of not investing in knowledge and skills internally.
    Contract
    • Best when you are uncertain how long needs for particular skills or budget for extra capacity will last.
    • Diminished loyalty, engagement, and organizational culture.
    • Similar drawbacks as with outsourcing.
    Hire externally
    • Best for addressing long-term needs for strategic or core skills.
    • Builds capacity and expertise to support growing organizations for the long term.
    • High cost of recruiting and onboarding.
    • Uncertainty: risk that new hires might have misrepresented their skills or won’t fit culturally.
    • Commitment to paying for skills that might diminish in demand and value over time.
    • Economic uncertainty: high cost of layoffs and buyouts.

    Report HR and training plan status to the transition team

    3.3.6 10 minutes (and ongoing thereafter)

    Ensure that any changes or developments made to HR and training plans are captured in the Transition Plan Template where applicable.
    1. Upon completion of the activities in this step, ensure that the “Training Plan” section of the template reflects outcomes and decisions made during the preceding activities.
    2. Assign ongoing RACI roles for informing the transition team of HR and training plan changes; similarly define accountabilities for keeping the template itself up to date.
    • Record these roles within the template itself under the “Roles & Responsibilities” section.
  • Be sure to schedule a date for eliciting training feedback in the “Training Schedule” section of the template.
    • A simple survey, such as those discussed in step 3.2, can go a long way in both helping stakeholders feel more involved in the change, and in making sure training mistakes and weaknesses are not repeated again and again on subsequent change initiatives.

    • Info-Tech Insight

    Try more ad hoc training methods to offset uncertain project timelines.

    One of the top challenges organizations face around training is getting it timed right, given the changes to schedule and delays that occur on many projects.

    One tactic is to take a more ad hoc approach to training, such as making IT staff available in centralized locations after implementation to address staff issues as they come up.

    This will not only help eliminate the waste that can come from poorly timed and ineffective training sessions, but it will also help with employee morale, giving individuals a sense that they haven’t been left alone to navigate unfamiliar processes or technologies.

    Adoption can be difficult for some, but the cause is often confusion and misunderstanding

    CASE STUDY

    Industry Manufacturing

    Source Info-Tech Client

    Challenge
    • The strategy team responsible for the implementation of a new operation manual for the subsidiaries of a global firm was monitoring the progress of newly acquired firms as the implementation of the manual began.
    • They noticed that one department in a distant location was not meeting the new targets or fulfilling the reporting requirements on staff progress.
    Solution
    • The strategy team representative for the subsidiary firm went to the manager leading the department that was slow to adopt the changes.
    • When asked, the manager insisted that he did not have the time or resources to implement all of these changes while maintaining the operation of the department.
    • With true business value in mind, the manager said, they chose to keep the plant running.
    Results
    • The representative from the strategy team was surprised to find that the manager was having such trouble fitting the changes into daily operations as the changes were the daily operations.
    • The representative took the time to go through the new operation manual with the manager and explain that the changes replaced daily operations and were not additions to them.

    "The cause of slow adoption is often not anger or denial, but a genuine lack of understanding and need for clarification. Avoid snap decisions about a lack of adoption until staff understand the details." – IT Manager

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.2 Undergo a stakeholder analysis to ensure positive stakeholder engagement

    Move away from a command-and-control approach to change by working with the analyst to develop a strategy that engages stakeholders in the change, making them feel like they are a part of it.

    3.2.3 Develop a stakeholder sentiment-sensitive communications strategy

    Work with the analyst to fine-tune the stakeholder messaging across various stakeholder responses to change.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    3.2.5 Define a stakeholder feedback and evaluation process

    Utilize analyst experience and perspective in order to develop strategy for effectively evaluating stakeholder feedback early enough that resistance and suggestions can be accommodated with the OCM strategy and project plan.

    3.2.7 Develop a strategy to cut off resistance to change

    Utilize analyst experience and perspective in order to develop an objections handling strategy to deal with resistance, objections, and fatigue.

    3.3.4 Develop the training plan to ensure that the right goals are set, and that training is properly timed and communicated

    Receive custom analyst insights on rightsizing training content and timing your training sessions effectively.

    Phase 4

    Establish a Post-Project Benefits Attainment Process

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Establish a Post-Project Benefits Attainment Process

    Proposed Time to Completion (in weeks): 1 to 2 weeks

    Step 4.1: Determine accountabilities for benefits attainment

    Discuss these issues with analyst:

    • Accountability for tracking the business outcomes of the project post-completion is frequently opaque, with little or no allocated resourcing.
    • As a result, projects may get completed, but their ROI to the organization is not tracked or understood.

    Then complete these activities…

    • Perform a post-implementation project review of the pilot OCM initiative.
    • Assign post-project benefits tracking accountabilities.
    • Implement a benefits tracking process and tool.

    With these tools & templates:

    • Portfolio Benefits Tracking Tool
    • Activity 4.1.2: “Assign ownership for realizing benefits after the project is closed”
    • Activity 4.1.3: “Define a post-project benefits tracking process”

    Step 4.1: Determine accountabilities for benefits attainment

    Phase 4 - 4.1

    This step will walk you through the following activities:
    • Conduct a post-implementation review of pilot OCM project.
    • Assign ownership for realizing benefits after the project is closed.
    • Define a post-project benefits tracking process.
    • Implement a tool to help monitor and track benefits over the long term.
    This step involves the following participants:
    • PMO Director
    • Project Sponsor
    • Project managers
    • Business analyst
    • Additional IT/PMO staff
    Outcomes of this step
    • Appropriate assignment of accountabilities for tracking benefits after the project has closed
    • A process for tracking benefits over the long-run
    • A benefits tracking tool

    Project benefits result from change

    A PMO that facilitates change is one that helps drive benefits attainment long after the project team has moved onto the next initiative.

    Organizations rarely close the loop on project benefits once a project has been completed.

    • The primary cause of this is accountability for tracking business outcomes post-project is almost always poorly defined, with little or no allocated resourcing.
    • Even organizations that define benefits well often neglect to manage them once the project is underway. If benefits realization is not monitored, the organization will miss opportunities to close the gap on lagging benefits and deliver expected project value.
    • It is commonly understood that the project manager and sponsor will need to work together to shift focus to benefits as the project progresses, but this rarely happens as effectively as it should.

    With all this in mind, in this step we will round out our PMO-driven org change process by defining how the PMO can help to better facilitate the benefits realization process.

    This section will walk you through the basic steps of developing a benefits attainment process through the PMO.

    For comprehensive guidance and tools, see Info-Tech’s Establish the Benefits Realization Process.

    Info-Tech Insight

    Two of a kind. OCM, like benefits realization, is often treated as “nice to have” rather than “must do.” These two processes are both critical to real project success; define benefits properly during intake and let OCM take the reigns after the project kicks off.

    The benefits realization process spans the project lifecycle

    Benefits realization ensures that the benefits defined in the business case are used to define a project’s expected value, and to facilitate the delivery of this value after the project is closed. The process begins when benefits are first defined in the business case, continues as benefits are managed through project execution, and ends when the loop is closed and the benefits are actually realized after the project is closed.

    Benefits Realization
    Define Manage Realize
    Initial Request Project Kick Off *Solution Is Deployed
    Business Case Approved Project Execution Solution Maintenance
    PM Assigned *Project Close Solution Decommissioned

    *For the purposes of this step, we will limit our focus to the PMO’s responsibilities for benefits attainment at project close-out and in the project’s aftermath to ensure that responsibilities for tracking business outcomes post-project have been properly defined and resourced.

    Ultimate project success hinges on a fellowship of the benefits

    At project close-out, stewardship of the benefits tracking process should pass from the project team to the project sponsor.

    As the project closes, responsibility for benefits tracking passes from the project team to the project sponsor. In many cases, the PMO will need to function as an intermediary here, soliciting the sponsor’s involvement when the time comes.

    The project manager and team will likely move onto another project and the sponsor (in concert with the PMO) will be responsible for measuring and reporting benefits realization.

    As benefits realization is measured, results should be collated by the PMO to validate results and help flag lagging benefits.

    The activities that follow in this step will help define this process.

    The PMO should ensure the participation of the project sponsor, the project manager, and any applicable members of the business side and the project team for this step.

    Ideally, the CIO and steering committee members should be involved as well. At the very least, they should be informed of the decisions made as soon as possible.

    Initiation-Planning-Execution-Monitoring & Controlling-Closing

    Conduct post-implementation review for your pilot OCM project

    4.1.1 60 minutes

    The post-project phase is the most challenging because the project team and sponsor will likely be busy with other projects and work.

    Conducting a post-implementation review for every project will force sponsors and other stakeholders to assess actual benefits realization and identify lagging benefits.

    If the project is not achieving its benefits, a remediation plan should be created to attempt to capture these benefits as soon as possible.

    Agenda Item
    Assess Benefits Realization
    • Compare benefits realized to projected benefits.
    • Compare benefit measurements with benefit targets.
    Assess Quality
    • Performance
    • Availability
    • Reliability
    Discuss Ongoing Issues
    • What has gone wrong?
    • Frequency
    • Cause
    • Resolution
    Discuss Training
    • Was training adequate?
    • Is any additional training required?
    Assess Ongoing Costs
    • If there are ongoing costs, were they accounted for in the project budget?
    Assess Customer Satisfaction
    • Review stakeholder surveys.

    Assign ownership for realizing benefits after the project is closed

    4.1.2 45 to 60 minutes

    The realization stage is the most difficult to execute and oversee. The project team will have moved on, and unless someone takes accountability for measuring benefits, progress will not be measured. Use the sample RACI table below to help define roles and responsibilities for post-project benefits attainment.

    Process Step Responsible Accountable Consulted Informed
    Track project benefits realization and document progress Project sponsor Project sponsor PMO (can provide tracking tools and guidance), and directors or managers in the affected business unit who will help gather necessary metrics for the sponsor (e.g. report an increase in sales 3 months post-project) PMO (can collect data and consolidate benefits realization progress across projects)
    Identify lagging benefits and perform root cause analysis Project sponsor and PMO Project sponsor and PMO Affected business unit CIO, IT steering committee
    Adjust benefits realization plan as needed Project sponsor Project sponsor Project manager, affected business units Any stakeholders impacted by changes to plan
    Report project success PMO PMO Project sponsor IT and project steering committees

    Info-Tech Insight

    A business accountability: Ultimately, the sponsor must help close this loop on benefits realization. The PMO can provide tracking tools and gather and report on results, but the sponsor must hold stakeholders accountable for actually measuring the success of projects.

    Define a post-project benefits tracking process

    4.1.3 45 minutes

    While project sponsors should be accountable for measuring actual benefits realization after the project is closed, the PMO can provide monitoring tools and it should collect measurements and compare results across the portfolio.

    Steps in a benefits tracking process.

    1. Collate the benefits of all the projects in your portfolio. Document each project’s benefits, with the metrics, targets, and realization timelines of each project in a central location.
    2. Collect and document metric measurements. The benefit owner is responsible for tracking actual realization and reporting it to the individual(s) tracking portfolio results.
    3. Create a timeline and milestones for benefits tracking. Establish a high-level timeline for assessing benefits, and put reminders in calendars accordingly, to ensure that commitments do not fall off stakeholders’ radars.
    4. Flag lagging benefits for further investigation. Perform root cause analysis to then find out why a benefit is behind schedule, and what can be done to address the problem.

    "Checking the results of a decision against its expectations shows executives what their strengths are, where they need to improve, and where they lack knowledge or information."
    Peter Drucker

    Implement a tool to help monitor and track benefits over the long term

    4.1.4 Times will vary depending on organizational specifics of the inputs

    Download Info-Tech’s Portfolio Benefits Tracking Tool to help solidify the process from the previous step.

    1. Document each project’s benefits, with the metrics, targets, and realization timelines. Tab 1 of the tool is a data entry sheet to capture key portfolio benefit forecasts throughout the project.
    2. Collect and document metric measurements. Tab 2 is where the PMO, with data from the project sponsors, can track actuals month after month post-implementation.
    3. Flag lagging benefits for further investigation. Tab 3 provides a dashboard that makes it easy to flag lagging benefits. The dashboard produces a variety of meaningful benefit reports including a status indication for each project’s benefits and an assessment of business unit performance.

    Continue to increase accountability for benefits and encourage process participation

    Simply publishing a set of best practices will not have an impact unless accountability is consistently enforced. Increasing accountability should not be complicated. Focus on publicly recognizing benefit success. As the process matures, you should be able to use benefits as a more frequent input to your budgeting process.

    • Create an internal challenge. Publish the dashboard from the Portfolio Benefits Tracking Tool and highlight the top 5 or 10 projects that are on track to achieve benefits. Recognize the sponsors and project team members. Recognizing individuals for benefits success will get people excited and encourage an increased focus on benefits.
    • With executive level involvement, the PMO could help institute a bonus structure based on benefits realization. For instance, project teams could be rewarded with bonuses for achieving benefits. Decide upon a set post-project timeline for determining this bonus. For example, 6 months after every project goes live, measure benefits realization. If the project has realized benefits, or is on track to realize benefits, the PM should be given a bonus to split with the team.
    • Include level of benefits realization in the performance reviews of project team members.
    • As the process matures, start decreasing budgets according to the monetary benefits documented in the business case (if you are not already doing so). If benefits are being used as inputs to the budgeting process, sponsors will need to ensure that they are defined properly.

    Info-Tech Insight

    Don’t forget OCM best practices throughout the benefits tracking process. If benefits are lagging, the PMO should revisit phase 3 of this blueprint to consider how challenges to adoption are negatively impacting benefits attainment.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1.2 Assign appropriate ownership and ensure adequate resourcing for realizing benefits after the project is closed

    Get custom insights into how the benefits tracking process should be carried out post-project at your organization to ensure that intended project outcomes are effectively monitored and, in the long run, achieved.

    4.1.4 Implement a benefits tracking tool

    Let our analysts customize a home-grown benefits tracking tool for your organization to ensure that the PMO and project sponsors are able to easily track benefits over time and effectively pivot on lagging benefits.

    Phase 5

    Solidify the PMO’s Role as Change Leader

    Phase 5 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 5: Solidify the PMO’s role as change leader

    Proposed Time to Completion (in weeks): 1 to 2 weeks

    Step 5.1: Institute an organizational change management playbook

    Discuss these issues with an analyst:

    • With the pilot OCM initiative complete, the PMO will need to roll out an OCM program to accommodate all of the organization’s projects.
    • The PMO will need to facilitate organization-wide OCM accountabilities – whether it’s the PMO stepping into the role of OCM leader, or other appropriate accountabilities being assigned.

    Then complete these activities…

    • Review the success of the pilot OCM initiative.
    • Define organizational roles and responsibilities for change management.
    • Formalize the Organizational Change Management Playbook.

    With these tools & templates:

    • Organizational Change Management Playbook
    • Activity 5.1.1: “Review lessons learned to improve organizational change management as a core discipline of the PMO”
    • Activity 5.1.3: “Define ongoing organizational roles and responsibilities for change management”

    Step 5.1: Institute an organizational change management playbook

    Phase 5 - 5.1

    This step will walk you through the following activities:
    • Review lessons learned to improve OCM as a core discipline of the PMO.
    • Monitor organizational capacity for change.
    • Define organizational roles and responsibilities for change management.
    • Formalize the Organizational Change Management Playbook.
    • Assess the value and success of the PMO’s OCM efforts.
    This step involves the following participants:
    • Required: PMO Director; PMO staff
    • Strongly recommended: CIO and other members of the executive layer
    Outcomes of this step
    • A well-defined organizational mandate for change management, whether through the PMO or another appropriate stakeholder group
    • Definition of organizational roles and responsibilities for change management
    • An OCM playbook
    • A process and tool for ongoing assessment of the value of the PMO’s OCM activities

    Who, in the end, is accountable for org change success?

    We return to a question that we started with in the Executive Brief of this blueprint: who is accountable for organizational change?

    If nobody has explicit accountability for organizational change on each project, the Officers of the corporation retained it. Find out who is assumed to have this accountability.

    On the left side of the image, there is a pyramid with the following labels in descending order: PMO; Project Sponsors; Officers; Directors; Stakeholders. The top three tiers of the pyramid have upward arrows connecting one section to the next; the bottom three tiers have downward pointing arrows, connecting one section to the next. On the right side of the image is the following text: If accountability for organizational change shifted to the PMO, find out and do it right. PMOs in this situation should proceed with this step. Officers of the corporation have the implicit fiduciary obligation to drive project benefits because they ultimately authorize the project spending. It’s their job to transfer that obligation, along with the commensurate resourcing and authority. If the Officers fail to make someone accountable for results of the change, they are failing as fiduciaries appointed by the Board of Directors. If the Board fails to hold the Officers accountable for the results, they are failing to meet the obligations they made when accepting election by the Shareholders.

    Info-Tech Insight

    Will the sponsor please stand up?

    Project sponsors should be accountable for the results of project changes. Otherwise, people might assume it’s the PMO or project team.

    Keep your approach to change management dynamic while building around the core discipline

    The PMO will need to establish an OCM playbook that can scale to a wide variety of projects. Avoid rigidity of processes and keep things dynamic as you build up your OCM muscles as an organization.

    Continually Develop

    Change Management Capabilities

    Progressively build a stable set of core capabilities.

    The basic science of human behavior underlying change management is unlikely to change. Effective engagement, communication, and management of uncertainty are valuable capabilities regardless of context and project specifics.

    Regularly Update

    Organizational Context

    Regularly update recurring activities and artifacts.

    The organization and the environment in which it exists will constantly evolve. Reusing or recycling key artifacts will save time and improve collaboration (by leveraging shared knowledge), but you should plan to update them on at least a quarterly or annual basis.

    Respond To

    Future Project Requirements

    Approach every project as unique.

    One project might involve more technology risk while another might require more careful communications. Make sure you divide your time and effort appropriately for each particular project to make the most out of your change management playbook.

    Info-Tech Insight

    Continuous Change. Continuous Improvement. Change is an ongoing process. Your approach to managing change should be continually refined to keep up with changes in technology, corporate strategy, and people involved.

    Review lessons learned to improve organizational change management as a core discipline of the PMO

    5.1.1 60 minutes

    1. With your pilot OCM initiative in mind, retrospectively brainstorm lessons learned using the template below. Info-Tech recommends doing this with the transition team. Have people spend 10-15 minutes brainstorming individually or in 2- to 3-person groups, then spend 15-30 minutes presenting and discussing findings collectively.

    What worked? What didn't work? What was missing?

    2. Develop recommendations based on the brainstorming and analysis above.

    Continue... Stop... Start...

    Monitor organizational capacity for change

    5.1.2 20 minutes (to be repeated quarterly or biannually thereafter)

    Perform the Organizational Change Management Capabilities Assessment in the wake of the OCM pilot initiative and lessons learned exercise to assess capabilities’ improvements.

    As your OCM processes start to scale out over a range of projects across the organization, revisit the assessment on a quarterly or bi-annual basis to help focus your improvement efforts across the 7 change management categories that drive the survey.

    • Cultural Readiness
    • Leadership & Sponsorship
    • Organizational Knowledge
    • Change Management Skills
    • Toolkit & Templates
    • Process Discipline
    • KPIs & Metrics

    The image is a bar graph, with the above mentioned change management categories on the Y-axis, and the categories Low, Medium, and High on the X-axis.

    Info-Tech Insight

    Continual OCM improvement is a collaborative effort.

    The most powerful way to drive continual improvement of your organizational change management practices is to continually share progress, wins, challenges, feedback, and other OCM related concerns with stakeholders. At the end of the day, the PMO’s efforts to become a change leader will all come down to stakeholder perceptions based upon employee morale and benefits realized.

    Define ongoing organizational roles and responsibilities for change management

    5.1.3 60 minutes

    1. Decide whether to designate/create permanent roles for managing change.
    • Recommended if the PMO is engaged in at least one project at any given time that generates organizational change.
  • Designate a principle change manager (if you choose to) – it is likely that responsibilities will be given to someone’s existing position (such as PM or BA).
    • Make sure any permanent roles are embedded in the organization (e.g. within the PMO, rather than trying to establish a one-person “Change Management Office”) and have leadership support.
  • Consider whether to build a team of permanent change champions – it is likely that responsibilities will be given to existing positions.
    • This type of role is increasingly common in organizations that are aggressively innovating and keeping up with consumer technology adoption. If your organization already has a program like this for engaging early adopters and innovators, build on what’s already established.
    • Work with HR to make sure this is aligned with any existing training and development programs.

    • Info-Tech Insight

    Avoid creating unnecessary fiefdoms.

    Make sure any permanent roles are embedded in the organization (e.g. within the PMO) and have leadership support.

    Copy the RACI table from Activity 3.1.1. and repurpose it to help define the roles and responsibilities.

    Include this RACI when you formalize your OCM Playbook.

    Formalize and communicate the Organizational Change Management Playbook

    5.1.4 45 to 60 minutes

    1. Formalize the playbook’s scope:
      1. Determine the size and type of projects for which organizational change management is recommended.
      2. Make sure you clearly differentiate organizational change management and enablement from technical change management (i.e. release management and acceptance).
    2. Refine and formalize tools and templates:
      1. Determine how you want to customize the structure of Info-Tech’s blueprint and templates, tailored to your organization in the future.
        1. For example:
          1. Establish a standard framework for analyzing context around organizational change.
      2. Add branding/design elements to the templates to improve their credibility and impact as internal documents.
      3. Determine where/how templates and other resources are to be found and make sure they will be readily available to anyone who needs them (e.g. project managers).
    3. Communicate the playbook to the project management team.

    Download Info-Tech’s Organizational Change Management Playbook.

    Regularly reassess the value and success of your practices relative to OCM effort and project outcomes

    5.1.5 20 minutes per project

    The image is a screencapture of the Value tab of the Organizational Change: Management Capabilities Assessment

    Use the Value tab in the Organizational Change Management Capabilities Assessment to monitor the value and success of OCM.

    Measure past performance and create a baseline for future success:

    • % of expected business benefits realized on previous 3–5 significant projects/programs.
      • Track business benefits (costs reduced, productivity increased, etc.).
    • Costs avoided/reduced (extensions, cancellations, delays, roll-backs, etc.)
      • Establish baseline by estimating average costs of projects extended to deal with change-related issues.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    5.1.3 Define ongoing organizational roles and responsibilities for change management

    As you scale out an OCM program for all of the organization’s projects based on your pilot initiative, work with the analyst to investigate and define the right accountabilities for ongoing, long-term OCM.

    5.1.4 Develop an Organizational Change Management Playbook

    Formalize a programmatic process for organizational change management in Info-Tech’s playbook template.

    Related research

    Develop a Project Portfolio Management Strategy

    Grow Your Own PPM Solution

    Optimize Project Intake, Approval, and Prioritization

    Develop a Resource Management Strategy for the New Reality

    Manage a Minimum-Viable PMO

    Establish the Benefits Realization Process

    Manage an Agile Portfolio

    Project Portfolio Management Diagnostic Program: The Project Portfolio Management Diagnostic Program is a low effort, high impact program designed to help project owners assess and improve their PPM practices. Gather and report on all aspects of your PPM environment in order to understand where you stand and how you can improve.

    Bibliography

    Basu, Chirantan. “Top Organizational Change Risks.” Chiron. Web. June 14, 2016.

    Beatty, Carol. “The Tough Work of Managing Change.” Queens University. 2015. Web. June 14, 2016.

    Brown, Deborah. “Change Management: Some Statistics.” D&B Consulting Inc. May 15, 2014. Web. June 14, 2016.

    Burke, W. Warner. Organizational Change: Theory and Practice. 4th Edition. London: Sage, 2008.

    Buus, Inger. “Rebalancing Leaders in Times of Turbulence.” Mannaz. February 8, 2013. Web. June 14, 2016.

    Change First. “Feedback from our ROI change management survey.” 2010. Web. June 14, 2016.

    Collins, Jeff. “The Connection between User Adoption and Project Management Success.” Innovative Management Solutions. Sept. 21, 2013. Web. June 14, 2016.

    Craddock, William. “Change Management in the Strategic Alignment of Project Portfolios.” PMI. 2015. Web. June 14, 2016.

    Denning, Steve. “The Four Stories you Need to Lead Deep Organizational Change.” Forbes. July 25, 2011. Web. June 14, 2016.

    Drucker, Peter. “What Makes an Effective Executive.” Harvard Business Review. June 2004. Web. June 14, 2016

    Elwin, Toby. “Highlight Change Management – An Introduction to Appreciative Inquiry.” July 6, 2012. Web. June 14, 2016.

    Enstrom, Christopher. “Employee Power: The Bases of Power Used by Front-Line Employees to Effect Organizational Change.” MA Thesis. University of Calgary. April 2003. Web. June 14, 2016.

    Ewenstein, Boris, Wesley Smith, and Ashvin Sologar. “Changing Change Management.” McKinsey & Company. July 2015. Web. June 14, 2016.

    International Project Leadership Academy. “Why Projects Fail: Facts and Figures.” Web. June 14, 2016.

    Jacobs-Long, Ann. “EPMO’s Can Make A Difference In Your Organization.” May 9, 2012. Web. June 14, 2016.

    Kotter, John. Leading Change. Boston: Harvard Business School Press, 1996.

    Latham, Ross. “Information Management Advice 55 Change Management: Preparing for Change.” TAHO. March 2014. Web. June 14, 2016.

    Linders, Ben. “Finding Ways to Improve Business – IT Collaboration.” InfoQ. June 6, 2013. Web. June 14, 2016

    Machiavelli, Niccolo. The Prince, selections from The Discourses and other writings. Ed. John Plamenatz. London: Fontana/Collins, 1972.

    Michalak, Joanna Malgorzata. “Cultural Catalyst and Barriers to Organizational Change Management: a Preliminary Overview.” Journal of Intercultural Management. 2:2. November 2010. Web. June 14, 2016.

    Miller, David, and Mike Oliver. “Engaging Stakeholder for Project Success.” PMI. 2015. Web. June 14, 2016.

    Parker, John. “How Business Analysts Can Identify Quick Wins.” EnFocus Solutions. February 15, 2013. Web. June 14, 2016.

    Paulk, January. “The Fundamental Role a Change Impact Analysis Plays in an ERP Implementation.” Panorma Consulting Solutions. March 24, 2014. Web. June 14, 2016.

    Petouhoff, Natalie, Tamra Chandler, and Beth Montag-Schmaltz. “The Business Impact of Change Management.” Graziadio Business Review. 2006. Web. June 14, 2016.

    PM Solutions. “The State of the PMO 2014.” 2014. Web. June 14, 2016.

    PMI. “Pulse of the Profession: Enabling Organizational Change Throughout Strategic Initiatives.” March 2014. Web. June 14, 2016.

    PMI. “Pulse of the Profession: Executive Sponsor Engagement.” October 2014. Web. June 14, 2016.

    PMI. “Pulse of the Profession: the High Cost of Low Performance.” February 2014. Web. June 14, 2016.

    Powers, Larry, and Ketil Been. “The Value of Organizational Change Management.” Boxley Group. 2014. Web. June 14, 2016.

    Prosci. “Best Practices in Change Management – 2014 Edition: Executive Overview.” Web. June 14, 2016.

    Prosci. “Change Management Sponsor Checklist.” Web. June 14, 2016.

    Prosci. “Cost-benefit analysis for change management.” 2014. Web. June 14, 2016.

    Prosci. “Five Levers of Organizational Change.” 2016. Web. June 14, 2016.

    Rick, Torben. “Change Management Requires a Compelling Story.” Meliorate. October 3, 2014. Web. June 14, 2016.

    Rick, Torben. “The Success Rate of Organizational Change Initiatives.” Meliorate. October 13, 2014. Web. June 14, 2016.

    Schwartz, Claire. “Implementing and Monitoring Organizational Change: Part 3.” Daptiv Blogs. June 24, 2013. Web. June 14, 2016.

    Simcik, Shawna. “Shift Happens! The Art of Change Management.” Innovative Career Consulting, Inc. Web. June 14, 2016.

    Stewart Group. “Emotional Intelligence.” 2014. Web. June 14, 2016.

    Thakur, Sidharth. “Improve your Project’s Communication with These Inspirational Quotes.” Ed. Linda Richter. Bright Hub Project Management. June 9, 2012. Web. June 14, 2016.

    Training Folks. “Implementing and Supporting Training for Important Change Initiatives.” 2012. Web. June 14, 2016.

    Warren, Karen. “Make your Training Count: The Right Training at the Right Time.” Decoded. April 12, 2015. Web. June 14, 2016.

    Willis Towers Watson. “Only One-Quarter of Employers Are Sustaining Gains from Change Management Initiatives, Towers Watson Survey Finds.” August 29, 2013. Web. June 14, 2016.

    Select and Use SDLC Metrics Effectively

    • Buy Link or Shortcode: {j2store}150|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $2,991 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization wants to implement (or revamp existing) software delivery metrics to monitor performance as well as achieve its goals.
    • You know that metrics can be a powerful tool for managing team behavior.
    • You also know that all metrics are prone to misuse and mismanagement, which can lead to unintended consequences that will harm your organization.
    • You need an approach for selecting and using effective software development lifecycle (SDLC) metrics that will help your organization to achieve its goals while minimizing the risk of unintended consequences.

    Our Advice

    Critical Insight

    • Metrics are powerful, dangerous, and often mismanaged, particularly when they are tied to reward or punishment. To use SDLC metrics effectively, know the dangers, understand good practices, and then follow Info-Tech‘s TAG (team-oriented, adaptive, and goal-focused) approach to minimize risk and maximize impact.

    Impact and Result

    • Begin by understanding the risks of metrics.
    • Then understand good practices associated with metrics use.
    • Lastly, follow Info-Tech’s TAG approach to select and use SDLC metrics effectively.

    Select and Use SDLC Metrics Effectively Research & Tools

    Start here – read the Executive Brief

    Understand both the dangers and good practices related to metrics, along with Info-Tech’s TAG approach to the selection and use of SDLC metrics.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the dangers of metrics

    Explore the significant risks associated with metrics selection so that you can avoid them.

    • Select and Use SDLC Metrics Effectively – Phase 1: Understand the Risks of Metrics

    2. Know good practices related to metrics

    Learn about good practices related to metrics and how to apply them in your organization, then identify your team’s business-aligned goals to be used in SDLC metric selection.

    • Select and Use SDLC Metrics Effectively – Phase 2: Know Good Practices Related to Metrics
    • SDLC Metrics Evaluation and Selection Tool

    3. Rank and select effective SDLC metrics for your team

    Follow Info-Tech’s TAG approach to selecting effective SDLC metrics for your team, create a communication deck to inform your organization about your selected SDLC metrics, and plan to review and revise these metrics over time.

    • Select and Use SDLC Metrics Effectively – Phase 3: Rank and Select Effective SDLC Metrics for Your Team
    • SDLC Metrics Rollout and Communication Deck
    [infographic]

    Workshop: Select and Use SDLC Metrics Effectively

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Dangers of Metrics

    The Purpose

    Learn that metrics are often misused and mismanaged.

    Understand the four risk areas associated with metrics: Productivity loss Gaming behavior Ambivalence Unintended consequences

    Productivity loss

    Gaming behavior

    Ambivalence

    Unintended consequences

    Key Benefits Achieved

    An appreciation of the dangers associated with metrics.

    An understanding of the need to select and manage SDLC metrics carefully to avoid the associated risks.

    Development of critical thinking skills related to metric selection and use.

    Activities

    1.1 Examine the dangers associated with metric use.

    1.2 Share real-life examples of poor metrics and their impact.

    1.3 Practice identifying and mitigating metrics-related risk.

    Outputs

    Establish understanding and appreciation of metrics-related risks.

    Solidify understanding of metrics-related risks and their impact on an organization.

    Develop the skills needed to critically analyze a potential metric and reduce associated risk.

    2 Understand Good Practices Related to Metrics

    The Purpose

    Develop an understanding of good practices related to metric selection and use.

    Introduce Info-Tech’s TAG approach to metric selection and use.

    Identify your team’s business-aligned goals for SDLC metrics.

    Key Benefits Achieved

    Understanding of good practices for metric selection and use.

    Document your team’s prioritized business-aligned goals.

    Activities

    2.1 Examine good practices and introduce Info-Tech’s TAG approach.

    2.2 Identify and prioritize your team’s business-aligned goals.

    Outputs

    Understanding of Info-Tech’s TAG approach.

    Prioritized team goals (aligned to the business) that will inform your SDLC metric selection.

    3 Rank and Select Your SDLC Metrics

    The Purpose

    Apply Info-Tech’s TAG approach to rank and select your team’s SDLC metrics.

    Key Benefits Achieved

    Identification of potential SDLC metrics for use by your team.

    Collaborative scoring/ranking of potential SDLC metrics based on their specific pros and cons.

    Finalize list of SDLC metrics that will support goals and minimize risk while maximizing impact.

    Activities

    3.1 Select your list of potential SDLC metrics.

    3.2 Score each potential metric’s pros and cons against objectives using a five-point scale.

    3.3 Collaboratively select your team’s first set of SDLC metrics.

    Outputs

    A list of potential SDLC metrics to be scored.

    A ranked list of potential SDLC metrics.

    Your team’s first set of goal-aligned SDLC metrics.

    4 Create a Communication and Rollout Plan

    The Purpose

    Develop a rollout plan for your SDLC metrics.

    Develop a communication plan.

    Key Benefits Achieved

    SDLC metrics.

    A plan to review and adjust your SDLC metrics periodically in the future.

    Communication material to be shared with the organization.

    Activities

    4.1 Identify rollout dates and responsible individuals for each SDLC metric.

    4.2 Identify your next SDLC metric review cycle.

    4.3 Create a communication deck.

    Outputs

    SDLC metrics rollout plan

    SDLC metrics review plan

    SDLC metrics communication deck

    Take the First Steps to Embrace Open-Source Software

    • Buy Link or Shortcode: {j2store}164|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development

    Your organization is looking to invest in new software or a tool to solve key business and IT problems. They see open source as a viable option given the advertised opportunities and the popularity of many open-source projects, but they have concerns:

    • Despite the longevity and broad adoption of open-source software, stakeholders are hesitant about its long-term viability and the costs of ongoing support.
    • A clear direction and strategy are needed to align the expected value of open source to your stakeholders’ priorities and gain the funding required to select, implement, and support open-source software.

    Our Advice

    Critical Insight

    • Position open source in the same light as commercial software. The continuous improvement and evolution of popular open-source software and communities have established a reputation for reliability in the industry.
    • Consider open source as another form of outsource development. Open source is externally developed software where the code is accessible and customizable. Code quality may not align to your organization’s standards, which can require extensive testing and optimization.
    • Treat open source as any internally developed solution. Configurations, integrations, customizations, and orchestrations of open-source software are often done at the code level. While some community support is provided, most of the heavy lifting is done by the applications team.

    Impact and Result

    • Outline the value you expect to gain. Discuss current business and IT priorities, use cases, and value opportunities to determine what to expect from open-source versus commercial software.
    • Define your open-source selection criteria. Clarify the driving factors in your evaluation of open-source and commercial software using your existing IT procurement practices as a starting point.
    • Assess the readiness of your team. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of open-source software.

    Take the First Steps to Embrace Open-Source Software Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take the First Steps to Embrace Open-Source Software Storyboard – A guide to learn the fit, value, and considerations of open-source software.

    This research walks you through the misconceptions about open source, factors to consider in its selection, and initiatives to prepare your teams for its adoption.

    • Take the First Steps to Embrace Open-Source Software Storyboard

    2. Open-Source Readiness Assessment – A tool to help you evaluate your readiness to embrace open-source software in your environment.

    Use this tool to identify key gaps in the people, processes, and technologies needed to support open source in your organization. It also contains a canvas to facilitate discussions about expectations with your stakeholders and applications teams.

    • Open-Source Readiness Assessment
    [infographic]

    Further reading

    Take the First Steps to Embrace Open-Source Software

    Begin to understand what is required to embrace open-source software in your organization.

    Analyst Perspective

    With great empowerment comes great responsibilities.

    Open-source software promotes enticing technology and functional opportunities to any organization looking to modernize without the headaches of traditional licensing. Many organizations see the value of open source in its ability to foster innovation, be flexible to various use cases and system configurations, and give complete control to the teams who are using and managing it.

    However, open source is not free. While the software is freely and easily accessible, its use and sharing are bound by its licenses, and its implementation requires technical expertise and infrastructure investments. Your organization must be motivated and capable of taking on the various services traditionally provided and managed by the vendor.

    Photo of Andrew Kum-Seun

    Andrew Kum-Seun
    Research Director,
    Application Delivery and Application Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Your organization is looking to invest in new software or a tool to solve key business and IT problems. They see open source as a viable option because of the advertised opportunities and the popularity of many open-source projects.

    Despite the longevity and the broad adoption of open-source software, stakeholders are hesitant about its adoption, its long-term viability, and the costs of ongoing support.

    A clear direction and strategy is needed to align the expected value of open source to your stakeholders’ priorities and gain the funding required to select, implement, and support open-source software.

    Common Obstacles

    Your stakeholders’ fears, uncertainties, and doubts about open source may be driven by misinterpretation or outdated information. This hesitancy can persist despite some projects being active longer than their proprietary counterparts.

    Certain software features, support capabilities, and costs are commonly overlooked when selecting open-source software because they are often assumed in the licensing and service costs of commercial software.

    Open-source software is often technically complicated and requires specific skill sets and knowledge. Unfortunately, current software delivery capability gaps impede successful adoption and scaling of open-source software.

    Info-Tech’s Approach

    Outline the value you expect to gain. Discuss current business and IT priorities, use cases, and value opportunities to determine what to expect from open-source versus commercial software.

    Define your open-source selection criteria. Clarify the driving factors in your evaluation of open-source and commercial software using your existing IT procurement practices as a starting point.

    Assess the readiness of your team. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of open-source software.

    Insight Summary

    Overarching Info-Tech Insight

    Open source is as much about an investment in people as it is about technology. It empowers applications teams to take greater control over their technology and customize it as they see fit. However, teams need the time and funding to conduct the necessary training, management, and ongoing community engagement that open-source software and its licenses require.

    • Position open source in the same light as commercial software.
      The continuous improvement and evolution of popular open-source software and communities have established a trusting and reliable reputation in the industry. Open-source software quality and community support can rival similar vendor capabilities given the community’s maturity and contributions in the technology.
    • Consider open source another form of outsource development.
      Open source is externally developed software where the code is accessible and customizable. Code quality may not align to your organization’s standards, which can require extensive testing and optimization. A thorough analysis of change logs, code repositories, contributors, and the community is recommended – much to the same degree as one would do with prospective outsourcing partners.
    • Treat open source as any internally developed solution.
      Configurations, integrations, customizations, and orchestrations of open-source software are often done at the code level. While some community support is provided, most of the heavy lifting is done by the applications team. Teams must be properly resourced, upskilled, and equipped to meet this requirement. Otherwise, third-party partners are needed.

    What is open source?

    According to Synopsys, “Open source software (OSS) is software that is distributed with its source code, making it available for use, modification, and distribution with its original rights. … Programmers who have access to source code can change a program by adding to it, changing it, or fixing parts of it that aren’t working properly. OSS typically includes a license that allows programmers to modify the software to best fit their needs and control how the software can be distributed.”

    What are the popular use cases?

    1. Programming languages and frameworks
    2. Databases and data technologies
    3. Operating systems
    4. Git public repos
    5. Frameworks and tools for AI/ML/DL
    6. CI/CD tooling
    7. Cloud-related tools
    8. Security tools
    9. Container technology
    10. Networking

    Source: OpenLogic, 2022

    Common Attributes of All Open-Source Software

    • Publicly shared repository that anyone can access to use the solution and contribute changes to the design and functionality of the project.
    • A community that is an open forum to share ideas and solution enhancements, discuss project direction and vision, and seek support from peers.
    • Project governance that sets out guidelines, rules, and requirements to participate and contribute to the project.
    • Distribution license that defines the terms of how a solution can be used, assessed, modified, and distributed.

    Take the first steps to embrace open-source software

    Begin to understand what is required to embrace open-source software in your organization.

    A diagram of open-source community.

    State the Value of Open Source: Discuss current business and IT priorities, use cases, and value opportunities to determine what to expect from open-source versus commercial software.

    Select Your Open-Source Software: Clarify the driving factors in your evaluation of open-source and commercial software using your existing IT procurement practices as a starting point.

    Prepare for Open Source: Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of open-source software.

    Step 1.1: State the Value of Open Source

    Diagram of step 1.1

    Activities

    1.1.1 Outline the value you expect to gain from open-source software

    This step involves the following participants:

    • Applications team
    • Product owner

    Outcomes of this step:

    • Value proposition for open source
    • Potential open-source use cases

    Use a canvas to frame your open-source evaluation

    A photo of open-source canvas

    This canvas is intended to provide a single pane of glass to start collecting your thoughts and framing your future conversations on open-source software selection and adoption.

    Record the results in the “Open-Source Canvas” tab in the Open-Source Readiness Assessment.

    Open source presents unique software and tooling opportunities

    Innovation

    Many leading-edge and bleeding-edge technologies are collaborated and innovated in open-source projects, especially in areas that are beyond the vision and scope of vendor products and priorities.

    Niche Solutions

    Open-source projects are focused. They are designed and built to solve specific business and technology problems.

    Flexible & Customizable

    All aspects of the open-source software are customizable, including source code and integrations. They can be used to extend, complement, or replace internally developed code. Licenses define how open-source code should be and must be used, productized, and modified.

    Brand & Recognition

    Open-source communities encourage contribution and collaboration among their members to add functionality and improve quality and adoption.

    Cost

    Open-source software is accessible to everyone, free of charge. Communities do not need be consulted prior to acquisition, but the software’s use, configurations, and modifications may be restricted by its license.

    However, myths continue to challenge adoption

    • Open source is less secure or poorer quality than proprietary solutions.
    • Open source is free from risk of intellectual property (IP) infringement.
    • Open source is cheaper than proprietary solutions.

    What are the top perceived barriers to using enterprise open source?

    • Concerns about the level of support
    • Compatibility concerns
    • Concerns about inherent security of the code
    • Lack of internal skills to manage and support it

    Source: Red Hat, 2022

    Improve your core processes

    Improve your core processes

    We have over 45 fully detailed
    and interconnected process guides
    for you to improve your operations

    Managing and improving your processes is key to attaining commercial success

    Our practical guides help you to improve your operations

    We have hundreds of practical guides, grouped in many processes in our model. You may not need all of them. I suggest you browse within the belo top-level categories below and choose where to focus your attention. And with Tymans Group's help, you can go one process area at a time.

    If you want help deciding, please use the contact options below or click here.

    Check out our guides

    Our research and guides are priced from €299,00

    • Gert Taeymans Guidance

      Tymans Group Guidance & Consulting

      Tymans Group guidance and (online) consulting using both established and forward-looking research and field experience in our management domains.

      Contact

    • Tymans Group
      & Info-Tech
      Combo

      Get both inputs, all of the Info-tech research (with cashback rebate), and Tymans Group's guidance.

      Contact

    • Info-Tech Research

      Info-Tech offers a vast knowledge body, workshops, and guided implementations. You can buy Info-Tech memberships here at Tymans Group with cashback, reducing your actual outlay.

      Contact

    Register to read more …

    Build a Value Measurement Framework

    • Buy Link or Shortcode: {j2store}182|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $82,374 Average $ Saved
    • member rating average days saved: 35 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Rapid changes in today’s market require rapid, value-based decisions, and organizations that lack a shared definition of value fail to maintain their competitive advantage.
    • Different parts of an organization have different value drivers that must be given balanced consideration.
    • Focusing solely on revenue ignores the full extent of value creation in your organization and does not necessarily result in the right outcomes.

    Our Advice

    Critical Insight

    • Business is the authority on business value. While IT can identify some sources of value, business stakeholders must participate in the creation of a definition that is meaningful to the whole organization.
    • It’s about more than profit. Organizations must have a definition that encompasses all of the sources of value or they risk making short-term decisions with long-term negative impacts.
    • Technology creates business value. Treating IT as a cost center makes for short-sighted decisions in a world where every business process is enabled by technology.

    Impact and Result

    • Standardize your definition of business value. Work with your business partners to define the different sources of business value that are created through technology-enabled products and services.
    • Weigh your value drivers. Ensure that business and IT understand the relative weight and priority of the different sources of business value you have identified.
    • Use a balanced scorecard to understand value. Use the different value drivers to understand and prioritize different products, applications, projects, initiatives, and enhancements.

    Build a Value Measurement Framework Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why building a consistent and aligned framework to measure the value of your products and services is vital for setting priorities and getting the business on board.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your value drivers

    This phase will help you define and weigh value drivers based on overarching organizational priorities and goals.

    • Build a Value Measurement Framework – Phase 1: Define Your Value Drivers
    • Value Calculator

    2. Measure value

    This phase will help you analyze the value sources of your products and services and their alignment to value drivers to produce a value score that you can use for prioritization.

    • Build a Value Measurement Framework – Phase 2: Measure Value
    [infographic]

    Further reading

    Build a Value Measurement Framework

    Focus product delivery on business value–driven outcomes.

    ANALYST PERSPECTIVE

    "A meaningful measurable definition of value is the key to effectively managing the intake, prioritization, and delivery of technology-enabled products and services."

    Cole Cioran,

    Senior Director, Research – Application Development and Portfolio Management

    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs who need to understand the value IT creates
    • Application leaders who need to make good decisions on what work to prioritize and deliver
    • Application and project portfolio managers who need to ensure the portfolio creates business value
    • Product owners who are accountable for delivering value

    This Research Will Help You:

    • Define quality in your organization’s context from both business and IT perspectives.
    • Define a repeatable process to understand the value of a product, application, project, initiative, or enhancement.
    • Define value sources and metrics.
    • Create a tool to make it easier to balance different sources of value.

    This Research Will Also Assist:

    • Product and application delivery teams who want to make better decisions about what they deliver
    • Business analysts who need to make better decisions about how to prioritize their requirements

    This Research Will Help Them:

    • Create a meaningful relationship with business partners around what creates value for the organization.
    • Enable better understanding of your customers and their needs.

    Executive summary

    Situation

    • Measuring the business value provided by IT is critical for improving the relationship between business and IT.
    • Rapid changes in today’s market require rapid, value-based decisions.
    • Every organization has unique drivers that make it difficult to see the benefits based on time and impact approaches to prioritization.

    Complication

    • An organization’s lack of a shared definition of value leads to politics and decision making that does not have a firm, quantitative basis.
    • Different parts of an organization have different value drivers that must be given balanced consideration.
    • Focusing solely on revenue does not necessarily result in the right outcomes.

    Resolution

    • Standardize your definition of business value. Work with your business partners to define the different sources of business value that are created through technology-enabled products and services.
    • Weigh your value drivers. Ensure business and IT understand the relative weight and priority of the different sources of business value you have identified.
    • Use a balanced scorecard to understand value. Use the different value drivers to understand and prioritize different products, applications, projects, initiatives, and enhancements.

    Info-Tech Insight

    1. Business is the authority on business value. While IT can identify some sources of value, business stakeholders must participate in the creation of a definition that is meaningful to the whole organization.
    2. It’s about more than profit. Organizations must have a definition that encompasses all of the sources of value, or they risk making short-term decisions with long-term negative impacts.
    3. Technology creates business value. Treating IT as a cost center makes for short-sighted decisions in a world where every business process is enabled by technology.

    Software is not currently creating the right outcomes

    Software products are taking more and more out of IT budgets.

    38% of spend on IT employees goes to software roles.

    Source: Info-Tech’s Staffing Survey

    18% of opex is spent on software licenses.

    Source: SoftwareReviews.com

    33% of capex is spent on new software.

    However, the reception and value of software products do not justify the money invested.

    Only 34% of software is rated as both important and effective by users.

    Source: Info-Tech’s CIO Business Vision

    IT benchmarks do not help or matter to the business. Focus on the metrics that represent business outcomes.

    A pie chart is shown as an example to show how benchmarks do not help the business.

    IT departments have a tendency to measure only their own role-based activities and deliverables, which only prove useful for selling practice improvement services. Technology doesn’t exist for technology's sake. It’s in place to generate specific outcomes. IT and the business need to be aligned toward a common goal of enabling business outcomes, and that’s the important measurement.

    "In today’s connected world, IT and business must not speak different languages. "

    – Cognizant, 2017

    CxOs stress the importance of value as the most critical area for IT to improve reporting

    A bar graph is shown to demonstrate the CxOs importance of value. Business value metrics are 32% of significant improvement necessary, and 51% where some improvement is necessary.

    N=469 CxOs from Info-Tech’s CEO/CIO Alignment Diagnostic

    Key stakeholders want to know how you and your products or services help them realize their goals.

    While the basics of value are clear, few take the time to reach a common definition and means to measure and apply value

    Often, IT misses the opportunity to become a strategic partner because it doesn’t understand how to communicate and measure its value to the business.

    "Price is what you pay. Value is what you get."

    – Warren Buffett

    Being able to understand the value context will allow IT to articulate where IT spend supports business value and how it enables business goal achievement.

    Value is...

    Derived from business context

  • What is our business context?

    • Enabled through governance and strategy

  • Who sees the strategy through?

    • The underlying context for decision making

  • How is value applied to support decisions?

    • A measure of achievement

  • How do I measure?

    • Determine your business context by assessing the goals and defining the unique value drivers in your organization

    Competent organizations know that value cannot always be represented by revenue or reduced expenses. However, it is not always apparent how to envision the full spectrum of sources of value. Dissecting value by the benefit type and the value source’s orientation allows you to see the many ways in which a product or service brings value to the organization.

    A business value matrix is shown. It shows the relationship between reading customers, increase revenue, reduce costs, and enhance services.

    Financial Benefits vs. Improved Capabilities

    Financial Benefits refers to the degree to which the value source can be measured through monetary metrics and is often quite tangible. Human Benefits refers to how a product or service can deliver value through a user’s experience.

    Inward vs. Outward Orientation

    Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Increase Revenue

    Reduce Costs

    Enhance Services

    Reach Customers

    Product or service functions that are specifically related to the impact on your organization’s ability to generate revenue.

    Reduction of overhead. They typically are less related to broad strategic vision or goals and more simply limit expenses that would occur had the product or service not been put in place.

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    See your strategy through by involving both IT and the business

    Buy-in for your IT strategy comes from the ability to showcase value. IT needs to ensure it has an aligned understanding of what is valuable to the organization.

    Business value needs to first be established by the business. After that, IT can build a partnership with the business to determine what that value means in the context of IT products and services.

    The Business

    What the Business and IT have in common

    IT

    Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the products along with those most familiar with the capabilities or processes enabled by technology.

    Business Value of Products and Services

    Technical subject matter experts of the products and services they deliver and maintain. Each IT function works together to ensure quality products and services are delivered up to stakeholder expectations.

    Measure your product or services with Info-Tech’s Value Measurement Framework (VMF) and value scores

    The VMF provides a consistent and less subjective approach to generating a value score for an application, product, service, or individual feature, by using business-defined value drivers and product-specific value metrics.

    Info-Tech's Value Measurement Framework is shown.

    A consistent set of established value drivers, sources, and metrics gives more accurate comparisons of relative value

    Value Drivers

    Value Sources

    Value Fulfillment Metrics

    Broad categories of values, weighed and prioritized based on overarching goals

    Instances of created value expressed as a “business outcome” of a particular function

    Units of measurement and estimated targets linked to a value source

    Reach Customers

    Customer Satisfaction

    Net Promoter Score

    Customer Loyalty

    # of Repeat Visits

    Create Revenue Streams

    Data Monetization

    Dollars Derived From Data Sales

    Leads Generation

    Leads Conversation Rate

    Operational Efficiency

    Operational Efficiency

    Number of Interactions

    Workflow Management

    Cycle Time

    Adhere to regulations & compliance

    Number of Policy Exceptions

    A balanced and weighted scorecard allows you to measure the various ways products generate value to the business

    The Info-Tech approach to measuring value applies the balanced value scorecard approach.

    Importance of value source

    X

    Impact of value source

    = Value Score

    Which is based on…

    Which is based on…

    Alignment to value driver

    Realistic targets for the KPI

    Which is weighed by…

    Which is estimated by…

    A 1-5 scale of the relative importance of the value driver to the organization

    A 1-5 scale of the application or feature’s ability to fulfill that value source

    +

    Importance of Value Source

    X

    Impact of Value Source

    +

    Importance of Value Source

    +

    Impact of Value Source

    +

    Importance of Value Source

    +

    Impact of Value Source

    +

    Importance of Value Source

    +

    Impact of Value Source

    =

    Balanced Business Value Score

    Value Score1 + VS2 + … + VSN = Overall Balance Value Score

    Value scores help support decisions. This blueprint looks specifically at four use cases for value scores.

    A value score is an input to the following activities:

    1. Prioritize Your Product Backlog

      2. Estimate the relative value of different product backlog items (i.e. epics, features, etc.) to ensure the highest value items are completed first.

      This blueprint can be used as an input into Info-Tech’s Build a Better Backlog.

    2. Prioritize Your Project Backlog

      3. Estimate the relative value of proposed new applications or major changes or enhancements to existing applications to ensure the right projects are selected and completed first.

      This blueprint can be used as an input into Info-Tech’s Optimize Project Intake, Approval, and Prioritization.

    3. Rationalize Your Applications

      4. Gauge the relative value from the current use of your applications to support strategic decision making such as retirement, consolidation, and further investments.

      This blueprint can be used as an input into Info-Tech’s Visualize Your Application Portfolio Strategy With a Business Value-Driven Roadmap.

    4. Categorize Application Tiers

      5. Gauge the relative value of your existing applications to distinguish your most to least important systems and build tailored support structures that limit the downtime of key value sources.

      This blueprint can be used as an input into Info-Tech’s Streamline Application Maintenance.

    The priorities, metrics, and a common understanding of value in your VMF carry over to many other Info-Tech blueprints

    Transition to Product Delivery

    Build a Product Roadmap

    Modernize Your SDLC

    Build a Strong Foundation for Quality

    Implement Agile Practices That Work

    Use Info-Tech’s Value Calculator

    The Value Calculator facilitates the activities surrounding defining and measuring the business value of your products and services.

    Use this tool to:

    • Weigh the importance of each Value Driver based on established organizational priorities.
    • Create a repository for Value Sources to provide consistency throughout each measurement.
    • Produce an Overall Balanced Value Score for a specific item.

    Info-Tech Deliverable

    A screenshot of Info-Tech's Value Calculator is shown.

    Populate the Value Calculator as you complete the activities and steps on the following slides.

    Limitations of the Value Measurement Framework

    "All models are wrong, but some are useful."

    – George E.P. Box, 1979

    Value is tricky: Value can be intangible, ambiguous, and cause all sorts of confusion, with the multiple, and often conflicting, priorities any organization is sure to have. You won’t likely come to a unified understanding of value or an agreement on whether one thing is more valuable than something else. However, this doesn’t mean you shouldn’t try. The VMF provides a means to organize various priorities in a meaningful way and to assess the relative value of a product or service to guide managers and decision makers on the right track and keep alignment with the rest of the organization.

    Relative value vs. ROI: This assessment produces a score to determine the value of a product or service relative to other products or services. Its primary function is to prioritize similar items (projects, epics, requirements, etc.) as opposed to producing a monetary value that can directly justify cost and make the case for a positive ROI.

    Apply caution with metrics: We live in a metric-crazed era, where everything is believed to be measurable. While there is little debate over recent advances in data, analytics, and our ability to trace business activity, some goals are still quite intangible, and managers stumble trying to link these goals to a quantifiable data source.

    In applying the VMF Info-Tech urges you to remember that metrics are not a magical solution. They should be treated as a tool in your toolbox and are sometimes no more than a rough gauge of performance. Carefully assign metrics to your products and services and do not disregard the informed subjective perspective when SMART metrics are unavailable.

    "One of the deadly diseases of management is running a company on visible figures alone."

    – William Edwards Deming, 1982

    Info-Tech’s Build a Value Measurement Framework glossary of terms

    This blueprint discusses value in a variety of ways. Use our glossary of terms to understand our specific focus.

    Value Measurement Framework (VMF)

    A method of measuring relative value for a product or service, or the various components within a product or service, through the use of metrics and weighted organizational priorities.

    Value Driver

    A board organizational goal that acts as a category for many value sources.

    Value Source

    A specific business goal or outcome that business and product or service capabilities are designed to fulfill.

    Value Fulfillment

    The degree to which a product or service impacts a business outcome, ideally linked to a metric.

    Value Score

    A measurement of the value fulfillment factored by the weight of the corresponding value driver.

    Overall Balanced Value Score

    The combined value scores of all value sources linked to a product or service.

    Relative Value

    A comparison of value between two similar items (i.e. applications to applications, projects to projects, feature to feature).

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Value Measurement Framework – project overview

    1. Define Your Value Drivers

    2. Measure Value

    Best-Practice Toolkit

    1.1 Identify your business value authorities.

    2.1 Define your value drivers.

    2.2 Weigh your value drivers.

    • Identify your product or service SMEs.
    • List your products or services items and components.
    • Identify your value sources.
    • Align to a value driver.
    • Assign metrics and gauge value fulfillment.

    Guided Implementations

    Identify the stakeholders who should be the authority on business value.

    Identify, define, and weigh the value drivers that will be used in your VMF and all proceeding value measurements.

    Identify the stakeholders who are the subject matter experts for your products or services.

    Measure the value of your products and services with value sources, fulfillment, and drivers.

    Outcome:

    • Value drivers and weights

    Outcome:

    • An initial list of reusable value sources and metrics
    • Value scores for your products or services

    Phase 1

    Define Your Value Drivers

    First determine your value drivers and add them to your VMF

    One of the main aspects of the VMF is to apply consistent and business-aligned weights to the products or services you will evaluate.

    This is why we establish your value drivers first:

    • Get the right executive-level “value authorities” to establish the overarching weights.
    • Build these into the backbone of the VMF to consistently apply to all your future measurements.
    An image of the Value Measure Framework is shown.

    Step 1.1: Identify Value Authorities

    Phase 1

    1.1: Identify Value Authorities

    1.2: Define Value Drivers

    Phase 2

    2.1: Identify Product or Service SMEs

    2.2: Measure Value

    This step will walk you through the following activities:

    • Identify your authorities on business value.

    This step involves the following participants:

    • Owners of your value measurement framework

    Outcomes of this step

    • Your list of targeted individuals to include in Step 2.1

    Business value is best defined and measured by the combined effort and perspective of both IT and the business

    Buy-in for your IT strategy comes from the ability to showcase value. IT needs to ensure it has an aligned understanding of what is valuable to the organization. First, priorities need to be established by the business. Second, IT can build a partnership with the business to determine what that value means in the context of IT products and services.

    The Business

    What the Business and IT have in common

    IT

    Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the products along with those most familiar with the capabilities or processes enabled by technology.

    Business Value of Products and Services

    Technical subject matter experts of the products and services they deliver and maintain. Each IT function works together to ensure quality products and services are delivered up to stakeholder expectations.

    Engage key stakeholders to reach a consensus on organizational priorities and value drivers

    Engage these key players to create your value drivers:

    CEO: Who better holds the vision or mandate of the organization than its leader? Ideally, they are front and center for this discussion.

    CIO: IT must ensure that technical/practical considerations are taken into account when determining value.

    CFO: The CFO or designated representative will ensure that estimated costs and benefits can be used to manage the budgets.

    VPs: Application delivery and mgmt. is designed to generate value for the business. Senior management from business units must help define what that value is.

    Evaluators (PMO, PO, APM, etc.): Those primarily responsible for applying the VMF should be present and active in identifying and carefully defining your organization’s value drivers.

    Steering Committee: This established body, responsible for the strategic direction of the organization, is really the primary audience.

    Identify your authorities of business value to identify, define, and weigh value drivers

    1.1 Estimated Time: 15 minutes

    The objective of this exercise is to identify key business stakeholders involved in strategic decision making at an organizational level.

    1. Review your organization’s governance structure and any related materials.
    2. Identify your key business stakeholders. These individuals are the critical business strategic partners.
      1. Target those who represent the business at an organizational level and often comprise the organization’s governing bodies.
      2. Prioritize a product backlog – include product owners and product managers who are in tune with the specific value drivers of the product in question.

    INFO-TECH TIP

    If your organization does not have a formal governance structure, your stakeholders would be the key players in devising business strategy. For example:

    • CEO
    • CFO
    • BRMs
    • VPs

    Leverage your organizational chart, governing charter, and senior management knowledge to better identify key stakeholders.

    INPUT

    • Key decision maker roles

    OUTPUT

    • Targeted individuals to define and weigh value drivers

    Materials

    • N/A

    Participants

    • Owner of the value measurement framework

    Step 1.2: Define Value Drivers

    Phase 1

    1.1: Identify Value Authorities

    1.2: Define Value Drivers

    Phase 2

    2.1: Identify Product or Service SMEs

    2.2: Measure Value

    This step will walk you through the following activities:

    • Define your value drivers.
    • Weigh your value drivers.

    This step involves the following participants:

    • Owners of your value measurement framework
    • Authorities of business value

    Outcomes of this step

    • A list of your defined and weighted value drivers

    Value is based on business needs and vision

    Value is subjective. It is defined through the organization’s past achievement and its future objectives.

    Purpose & Mission

    Past Achievement & Current State

    Vision & Future State

    Culture & Leadership

    There must be a consensus view of what is valuable within the organization, and these values need to be shared across the enterprise. Instead of maintaining siloed views and fighting for priorities, all departments must have the same value and purpose in mind. These factors – purpose and mission, past achievement and current state, vision and future state, and culture and leadership – impact what is valuable to the organization.

    Value derives from the mission and vision of an organization; therefore, value is unique to each organization

    Business value represents what the business needs to do to achieve its target state. Establishing the mission and vision helps identify that target state.

    Mission

    Vision

    Business Value

    Why does the company exist?

    • Specify the company’s purpose, or reason for being, and use it to guide each day’s activities and decisions.

    What does the organization see itself becoming?

    • Identify the desired future state of the organization. The vision articulates the role the organization strives to play and the way it wants to be perceived by the customer.
    • State the ends, rather than the means, to get to the future state.

    What critical factors fulfill the mission and vision?

    • Articulate the important capabilities the business should have in order to achieve its objectives. All business activities must enable business value.
    • Communicate the means to achieve the mission and vision.

    Understand the many types of value your products or services produce

    Competent organizations know that value cannot always be represented by revenue or reduced expenses. However, it is not always apparent how to envision the full spectrum of value sources. Dissecting value by the benefit type and the value source’s orientation allows you to see the many ways in which a product or service brings value to the organization.

    A business value matrix is shown. It shows the relationship between reading customers, increase revenue, reduce costs, and enhance services.

    Financial Benefits vs. Improved Capabilities

    Financial Benefits refers to the degree to which the value source can be measured through monetary metrics and is often quite tangible. Human Benefits refers to how a product or service can deliver value through a user’s experience.

    Inward vs. Outward Orientation

    Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations. Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Increase Revenue

    Reduce Costs

    Enhance Services

    Reach Customers

    Product or service functions that are specifically related to the impact on your organization’s ability to generate revenue.

    Reduction of overhead. They typically are less related to broad strategic vision or goals and more simply limit expenses that would occur had the product or service not been put in place.

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    Expand past Info-Tech’s high-level value quadrants and identify the value drivers specific to your organization

    Different industries have a wide range of value drivers. Consider the difference between public and private entities with respect to generating revenue or reaching their customers or other external stakeholders. Even organizations in the same industry may have different values. For example, a mature, well-established manufacturer may view reputation and innovation as its highest-priority values, whereas a struggling manufacturer will see revenue or market share growth as its main drivers.

    Value Drivers

    Increase Revenue

    Reduce Costs

    Enhance Services

    Reach Customers

    • Revenue growth
    • Data monetization
    • Cost optimization
    • Labor reduction
    • Collaboration
    • Risk and compliance
    • Customer experience
    • Trust and reputation

    You do not need to dissect each quadrant into an exhaustive list of value drivers. Info-Tech recommends defining distinct value drivers only for the areas you’ve identified as critical to your organization’s core goals and objectives.

    Understand value drivers that enable revenue growth

    Direct Revenue

    This value driver is the ability of a product or service to directly produce revenue through core revenue streams.

    Can be derived from:

    • Creating revenue
    • Improving the revenue generation of an existing service
    • Preventing the loss of a revenue stream

    Be aware of the differences between your products and services that enable a revenue source and those that facilitate the flow of capital.

    Funding

    This value driver is the ability of a product or service to enable other types of funding unrelated to core revenue streams.

    Can be derived from:

    • Tax revenue
    • Fees, fines, and ticketing programs
    • Participating in government subsidy or grant programs

    Be aware of the difference between your products and services that enable a revenue source and those that facilitate the flow of capital.

    Scale & Growth

    In essence, this driver can be viewed as the potential for growth in market share or new developing revenue sources.

    Does the product or service:

    • Increase your market share
    • Help you maintain your market share

    Be cautious of which items you identify here, as many innovative activities may have some potential to generate future revenue. Stick to those with a strong connection to future revenue and don’t qualify for other value driver categories.

    Monetization of Assets

    This value driver is the ability of your products and services to generate additional assets.

    Can be derived from:

    • Sale of data
    • Sale of market or customer reports or analysis
    • Sale of IP

    This value source is often overlooked. If given the right attention, it can lead to a big win for IT’s role in the business.

    Understand value drivers that reduce costs

    Cost Reduction

    A cost reduction is a “hard” cost saving that is reflected as a tangible decrease to the bottom line.

    This can be derived from reduction of expenses such as:

    • Salaries and wages
    • Hardware/software maintenance
    • Infrastructure

    Cost reduction plays a critical role in an application’s ability to increase efficiency.

    Cost Avoidance

    A cost avoidance is a “soft” cost saving, typically achieved by preventing a cost from occurring in the first place (i.e. risk mitigation). Cost avoidance indirectly impacts the bottom line.

    This can be derived from prevention of expenses by:

    • Mitigating a business outage
    • Mitigating another risk event
    • Delaying a price increase

    Understand the value drivers that enhance your services

    Enable Core Operations

    Some applications are in place to facilitate and support the structure of the organization. These vary depending on the capabilities of your organization but should be assessed in relation to the organization’s culture and structure.

    • Enables a foundational capability
    • Enables a niche capability

    This example is intentionally broad, as “core operations” should be further dissected to define different capabilities with ranging priority.

    Compliance

    A product or service may be required in order to meet a regulatory requirement. In these cases, you need to be aware of the organizational risk of NOT implementing or maintaining a service in relation to those risks.

    In this case, the product or service is required in order to:

    • Prevent fines
    • Allow the organization to operate within a specific jurisdiction
    • Remediate audit gaps
    • Provide information required to validate compliance

    Internal Improvement

    An application’s ability to create value outside of its core operations and facilitate the transfer of information, insights, and knowledge.

    Value can be derived by:

    • Data analytics
    • Collaboration
    • Knowledge transfer
    • Organizational learning

    Innovation

    Innovation is typically an ill-defined value driver, as it refers to the ability of your products and services to explore new value streams.

    Consider:

    • Exploration into new markets and products
    • New methods of organizing resources and processes

    Innovation is one of the more divisive value drivers, as some organizations will strive to be cutting edge and others will want no part in taking such risks.

    Understand business value drivers that connect the business to your customers

    Policy

    Products and services can also be assessed in relation to whether they enable and support policies of the organization. Policies identify and reinforce required processes, organizational culture, and core values.

    Policy value can be derived from:

    • The service or initiative will produce outcomes in line with our core organizational values.
    • Products that enable sustainability and corporate social responsibility

    Experience

    Applications are often designed to improve the interaction between customer and product. This value type is most closely linked to product quality and user experience. Customers, in this sense, can also include any stakeholders who consume core offerings.

    Customer experience value can be derived from:

    • Improving customer satisfaction
    • Ease of use
    • Resolving a customer issue or identified pain point
    • Providing a competitive advantage for your customers

    Customer Information

    Understanding demand and customer trends is a core driver for all organizations. Data provided through understanding the ways, times, and reasons that consumers use your services is a key driver for growth and stability.

    Customer information value can be achieved when an app:

    • Addresses strategic opportunities or threats identified through analyzing trends
    • Prevents failures due to lack of capacity to meet demand
    • Connects resources to external sources to enable learning and growth within the organization

    Trust & Reputation

    Products and services are designed to enable goals of digital ethics and are highly linked to your organization’s brand strategy.

    Trust and reputation can also be described as:

    • Customer loyalty and sustainability
    • Customer privacy and digital ethics

    Prioritizing this value source is critical, as traditional priorities can often come at the expense of trust and reputation.

    Define your value drivers

    1.2 Estimated Time: 1.5 hours

    The objective of this exercise is to establish a common understanding of the different values of the organization.

    1. Place your business value authorities at the center of this exercise.
    2. Collect all the documents your organization has on the mission and vision, strategy, governance, and target state, which may be defined by enterprise architecture.
    3. Identify the company mission and vision. Simply transfer the information from the mission and vision document into the appropriate spaces in the business value statement.
    4. Determine the organization’s business value drivers. Use the mission and vision, as well as the information from the collected documents, to formulate your own idea of business values.
    5. Use value driver template on the next slide to define the value driver, including:
    • Value Driver Name
    • Description
    • Related Business Capabilities – If available, review business architecture materials, such as business capability maps.
    • Established KPI and Targets – If available, include any organization-wide established KPIs related to your value driver. These KPIs will likely be used or influence the metrics eventually assigned to your applications.

    INPUT

    • Mission, vision, value statements

    OUTPUT

    • List and description of value drivers

    Materials

    • Whiteboard
    • Markers

    Participants

    • Business value authorities
    • Owner of value measurement framework

    Example Value Driver

    Value Driver Name

    Reach Customers

    Value Driver Description

    Our organization’s ability to provide quality products and experience to our core customers

    Value Driver Weight

    10/10

    Related Business Capabilities

    • Customer Services
    • Marketing
      • Customer Segmentation
      • Customer Journey Mapping
    • Product Delivery
      • User Experience Design
      • User Acceptance Testing

    Key Business Outcomes, KPIs, and Targets

    • Improved Customer Satisfaction
      • Net Promotor Score: 80%
    • Improved Loyalty
      • Repeat Sales: 30%
      • Customer Retention: 25%
      • Customer Lifetime Value: $2,500
    • Improved Interaction
      • Repeat Visits: 50%
      • Account Conversation Rates: 40%

    Weigh your value drivers

    1.3 Estimated Time: 30 minutes

    The objective of this exercise is to prioritize your value drivers based on their relative importance to the business.

    1. Again, place the business value authorities at the center of this exercise.
    2. In order to determine priority, divide 100% among your value drivers, allocating a percentage to each based on its relative importance to the organization.
    3. Normalize those percentages on to a scale of 1 to 10, which will act as the weights for your value drivers.

    INPUT

    • Mission, vision, value statements

    OUTPUT

    • Weights for value drivers

    Materials

    • Whiteboard
    • Markers

    Participants

    • Business value authorities
    • Owner of value measurement framework

    Weigh your value drivers

    1.3 Estimated Time: 30 minutes

    Value Driver

    Percentage Allocation

    1 to 10 Weight

    Revenue and other funding

    24%

    9

    Cost reduction

    8%

    3

    Compliance

    5%

    2

    Customer value

    30%

    10

    Operations

    13%

    7

    Innovation

    5%

    2

    Sustainability and social responsibility

    2%

    1

    Internal learning and development

    3%

    1

    Future growth

    10%

    5

    Total

    100%

    Carry results over to the Value Calculator

    1.3

    Document results of this activity in the “Value Drivers” tab of the Value Calculator.

    A screenshot of Info-Tech's Value Calculator is shown.

    List your value drivers.

    Define or describe your value drivers.

    Use this tool to create a repository for value sources to reuse and maintain consistency across your measurements.

    Enter the weight of each value driver in terms of importance to the organization.

    Phase 2

    Measure Value

    Step 2.1: Identify Product or Service SMEs

    Phase 1

    1.1: Identify Value Authorities

    1.2: Define Value Drivers

    Phase 2

    2.1: Identify Product or Service SMEs

    2.2: Measure Value

    This step will walk you through the following activities:

    • Identify your product or service SMEs.
    • List your product or services items and components.

    This step involves the following participants:

    • Owners of your value measurement framework
    • Product or service SMEs

    Outcomes of this step

    • Your list of targeted individuals to include in Step 2.2

    Identify the products and services you are evaluating and break down their various components for the VMF

    In order to get a full evaluation of a product or service you need to understand its multiple facets, functions, features capabilities, requirements, or any language you use to describe its various components.

    An image of the value measure framework is shown.

    Decompose a product or service:

    • Get the right subject matter experts in place who know the business and technical aspects of the product or service.
    • Decompose the product or service to capture all necessary components.

    Before beginning, consider how your use case will impact your value measurement approach

    This table looks at how the different use cases of the VMF call for variations of this analysis, is directed at different roles, and relies on participation from different subject matter experts to provide business context.

    Use Case (uses of the VMF applied in this blueprint)

    Value (current vs. future value)

    Item (the singular entity you are producing a value score for)

    Components (the various facets of that entity that need to be considered)

    Scope (# of systems undergoing analysis)

    Evaluator (typical role responsible for applying the VMF)

    Cadence (when and why do you apply the VMF)

    Information Sources (what documents, tools, etc., do you need to leverage)

    SMEs (who needs to participate to define and measure value)

    1. Prioritize Your Product Backlog

    You are estimating future value of proposed changes to an application.

    Product backlog items (epic, feature, etc.) in your product backlog

    • Features
    • User stories
    • Enablers

    A product

    Product owner

    Continuously apply the VMF to prioritize new and changing product backlog items.

    • Epic hypothesis, documentation
    • Lean business case

    Product manager

    ????

    2. Prioritize Your Project Backlog

    Proposed projects in your project backlog

    • Benefits
    • Outcomes
    • Requirements

    Multiple existing and/or new applications

    Project portfolio manager

    Apply the VMF during your project intake process as new projects are proposed.

    • Completed project request forms
    • Completed business case forms
    • Project charters
    • Business requirements documents

    Project manager

    Product owners

    Business analysts

    3. Application Rationalization

    You are measuring current value of existing applications and their features.

    An application in your portfolio

    The uses of the application (features, function, capabilities)

    A subset of applications or the full portfolio

    Application portfolio manager

    During an application rationalization initiative:

    • Iteratively collect information and perform value measurements.
    • Structure your iterations based on functional areas to target the specific SMEs who can speak to a particular subset of applications.
    • Business capability maps

    Business process owners

    Business unit representatives

    Business architects

    Application architects

    Application SMEs

    4. Application Categorization

    The full portfolio

    Application maintenance or operations manager

    • SLAs
    • Business capability maps

    Identify your product or service SMEs

    2.1 Estimated Time: 15 minutes

    The objective of this exercise is to identify specific business stakeholders who can speak to the business outcomes of your applications at a functional level.

    1. Review your related materials that reference the stakeholders for the scoped products and services (i.e. capability maps, org charts, stakeholder maps).
    2. Identify your specific business stakeholders and application SMEs. These individuals represent the business at a functional level and are in tune with the business outcomes of their operations and the applications that support their operations.
      1. Use Case 1 – Product Owner, Product Manager
      2. Use Case 2 – Project Portfolio Manager, Project Manager, Product Owners, Business Process Owners, Appropriate Business Unit Representatives
      3. Use Case 3 – Application Portfolio Manager, Product Owners, Business Analysts, Application SMEs, Business Process Owners, Appropriate Business Unit Representatives
      4. Use Case 4 – Application Maintenance Manager, Operations Managers, Application Portfolio Manager, Product Owners, Application SMEs, Business Process Owners, Appropriate Business Unit Representatives

    INPUT

    • Specific product or service knowledge

    OUTPUT

    • Targeted individuals to measure specific products or services

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework

    Use Case 1: Collect and review all of the product backlog items

    Prioritizing your product backlog (epics, features, etc.) requires a consistent method of measuring the value of your product backlog items (PBIs) to continuously compare their value relative to one another. This should be treated as an ongoing initiative as new items are added and existing items change, but an initial introduction of the VMF will require you to collect and analyze all of the items in your backlog.

    Regardless of producing a value score for an epic, feature, or user story, your focus should be on identifying their various value sources. Review your product’s artifact documentation, toolsets, or other information sources to extract the business outcomes, impact, benefits, KPIs, or any other description of a value source.

    High

    Epics

    Carefully valuated with input from multiple stakeholders, using metrics and consistent scoring

    Level of valuation effort per PBI

    User Stories

    Collaboratively valuated by the product owner and teams based on alignment and traceability to corresponding epic or feature

    Low

    Raw Ideas

    Intuitively valuated by the product owner based on alignment to product vision and organization value drivers

    What’s in your backlog?

    You may need to create standards for defining and measuring your different PBIs. Traceability can be critical here, as defined business outcomes for features or user stories may be documented at an epic level.

    Additional Research

    Build a Better Backlog helps you define and organize your product backlog items.

    Use Case 2: Review the scope and requirements of the project to determine all of the business outcomes

    Depending on where your project is in your intake process, there should be some degree of stated business outcomes or benefits. This may be a less refined description in the form of a project request or business case document, or it could be more defined in a project charter, business requirements document/toolset, or work breakdown structure (WBS). Regardless of the information source, to make proper use of the VMF you need a clear understanding of the various business outcomes to establish the new or improved value sources for the proposed project.

    Project

    User Requirements

    Business Requirements

    System Requirements

    1

    1

    1

    2

    2

    2

    3

    3

    4

    Set Metrics Early

    Good project intake documentation begins the discussion of KPIs early on. This alerts teams to the intended value and gives your PMO the ability to integrate it into the workload of other proposed or approved projects.

    Additional Research

    Optimize Project Intake, Approval, and Prioritization provides templates to define proposed project benefits and outcomes.

    Use Cases 3 & 4: Ensure you’ve listed all of each application’s uses (functions, features, capabilities, etc.) and user groups

    An application can enable multiple capabilities, perform a variety of functions, and have a range of different user groups. Therefore, a single application can produce multiple value sources, which range in type, impact, and significance to the business’ overarching priorities. In order to effectively measure the overall value of an application you need to determine all of the ways in which that application is used and apply a business-downward view of your applications.

    Business Capability

    • Sub-capability
    • Process
    • Task

    Application

    • Module
    • Feature
    • Function

    Aim for Business Use

    Simply listing the business capabilities of an app can be too high level. Regardless of your organization’s terminology, you need to establish all of the different uses and users of an application to properly measure all of the facets of its value.

    Additional Research

    Discover Your Applications helps you identify and define the business use and features of your applications.

    List your product or services items and components

    2.2 Estimated Time: 15 minutes

    The objective of this exercise is to produce a list of the different items that you are scoring and ensure you have considered all relevant components.

    1. List each item you intend to produce a value score for:
      1. Use Case 1 – This may be the epics in your product backlog.
      2. Use Case 2 – This may be the projects in your project backlog.
      3. Use Cases 3 & 4 – This may be the applications in your portfolio. For this approach Info-Tech strongly recommends iteratively assessing the portfolio to produce a list of a subset of applications.
    2. For each item list its various components:
      1. Use Case 1 – This may be the features or user stories of an epic.
      2. Use Case 2 – This may be the business requirements of a project.
      3. Use Cases 3 & 4 – This may be the modules, features, functions, capabilities, or subsystems of an application.

    Item

    Components

    Add Customer Portal (Epic)

    User story #1: As a sales team member I need to process customer info.

    User story #2: As a customer I want access to…

    Transition to the Cloud (Project)

    Requirement #1: Build Checkout Cart

    NFR – Build integration with data store

    CRM (Application)

    Order Processing (module), Returns & Claims (module), Analytics & Reporting (Feature)

    INPUT

    • Product or service knowledge

    OUTPUT

    • Detailed list of items and components

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework
    • Product or service SMEs

    Use Cases 3 & 4: Create a functional view of your applications (optional)

    2.3 Estimated Time: 1 hour

    The objective of this exercise is to establish the different use cases of an application.

    1. Recall the functional requirements and business capabilities for your applications.
    2. List the various actors who will be interacting with your applications and list the consumers who will be receiving the information from the applications.
    3. Based on your functional requirements, list the use cases that the actors will perform to deliver the necessary information to consumers. Each use case serves as a core function of the application. See the diagram below for an example.
    4. Sometimes several use cases are completed before information is sent to consumers. Use arrows to demonstrate the flow of information from one use case to another.

    Example: Ordering Products Online

    Actors

    Order Customer

    Order Online

    Search Products

    		Consumers

    Submit Delivery Information

    Order Customer

    Pay Order

    Bank

    INPUT

    • Product or service knowledge

    OUTPUT

    • Product or service function

    Materials

    • Whiteboard
    • Markers

    Participants

    • Application architect
    • Enterprise architect
    • Business and IT stakeholders
    • Business analyst
    • Development teams

    Use Cases 3 & 4: Create a functional view of your applications (optional) (cont’d.)

    2.3 Estimated Time: 1 hour

    5. Align your application’s use cases to the appropriate business capabilities and stakeholder objectives.

    Example:

    Stakeholder Objective: Automate Client Creation Processes

    Business Capability: Account Management

    Function: Create Client Profile

    Function: Search Client Profiles

    Business Capability: Sales Transaction Management

    Function: Order Online

    Function: Search Products Function: Search Products

    Function: Submit Delivery Information

    Function: Pay Order

    Step 2.2: Measure Value

    Phase 1

    1.1: Identify Value Authorities

    1.2: Define Value Drivers

    Phase 2

    2.1: Identify Product or Service SMEs

    2.2: Measure Value

    This step will walk you through the following activities:

    • Identify your value sources.
    • Align to a value driver.
    • Assign metrics and gauge value fulfillment.

    This step involves the following participants:

    • Owners of your value measurement framework
    • Product or service SMEs

    Outcomes of this step

    • An initial list of reusable value sources and metrics
    • Value scores for your products or services

    Use your VMF and a repeatable process to produce value scores for all of your items

    With your products or services broken down, you can then determine a list of value sources, as well as their alignment to a value driver and a gauge of their value fulfillment, which in turn indicate the importance and impact of a value source respectively.

    A image of the value measure framework is shown.

    Lastly, we produce a value score for all items:

    • Determine business outcomes and value sources.
    • Align to the appropriate value driver.
    • Use metrics as the gauge of value fulfillment.
    • Collect your score.
    • Repeat.

    The business outcome is the impact the product or service has on the intended business activity

    Business outcomes are the business-oriented results produced by organization’s capabilities and the applications that support those capabilities. The value source is, in essence, “How does the application impact the outcome?” and this can be either qualitative or quantitative.

    Quantitative

    Qualitative

    Key Words

    Examples

    Key Words

    Examples

    Faster, cheaper

    Deliver faster

    Better

    Better user experience

    More, less

    More registrations per week

    Private

    Enhanced privacy

    Increase, decrease

    Decrease clerical errors

    Easier

    Easier to input data

    Can, cannot

    Can access their own records

    Improved

    Improved screen flow

    Do not have to

    Do not have to print form

    Enjoyable

    Enjoyable user experience

    Compliant

    Complies with regulation 12

    Transparent

    Transparent progress

    Consistent

    Standardized information gathered

    Richer

    Richer data availability

    Adapted from Agile Coach Journal.

    Measure value – Identify your value sources

    2.4 Estimated Time: 30 minutes

    The objective of this exercise is to establish the different value sources of a product or service.

    1. List the items you are producing an overall balance value score for. These can be products, services, projects, applications, product backlog items, epics, etc.
    2. For each item, list its various business outcomes in the form of a description that includes:
      1. The item being measured
      2. Business capability or activity
      3. How the item impacts said capability or activity

    Consider applying the user story format for future value sources or a variation for current value sources.

    As a (user), I want to (activity) so that I get (impact)

    INPUT

    • Product or service knowledge
    • Business process knowledge

    OUTPUT

    • List of value sources

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework
    • Product or service SMEs

    Measure value – Align to a value driver

    2.5 Estimated Time: 30 minutes

    The objective of this exercise is to determine the value driver for each value source.

    1. Align each value source to a value driver. Choose between options A and B.
      1. Using a whiteboard, draw out a 2 x 2 business value matrix or an adapted version based on your own organizational value drivers. Place each value source in the appropriate quadrant.
        1. Increase Revenue
        2. Reduce Costs
        3. Enhance Services
        4. Reach Customers
      2. Using a whiteboard or large sticky pads, create a section for each value driver. Place each value source with the appropriate value driver.

    INPUT

    • Product or service knowledge
    • Business process knowledge

    OUTPUT

    • Value driver weight

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework
    • Product or service SMEs

    Brainstorm the different sources of business value (cont’d.)

    2.5

    Example:

    An example of activity 2.5 is shown.

    Carry results over to the Value Calculator

    2.5

    Document results of this activity in the Value Calculator in the Item {#} tab.

    A screenshot of the Value Calculator is shown.

    List your Value Sources

    Your Value Driver weights will auto-populate

    Aim, but do not reach, for SMART metrics

    Creating meaningful metrics

    S pecific

    M easureable

    A chievable

    R ealisitic

    T ime-based

    Follow the SMART framework when adding metrics to the VMF.

    The intention of SMART goals and metrics is to make sure you have chosen a gauge that will:

    • Reflect the actual business outcome or value source you are measuring.
    • Ensure all relevant stakeholders understand the goals or value you are driving towards.
    • Ensure you actually have the means to capture the performance.

    Info-Tech Insight

    Metrics are NOT a magical solution. They should be treated as a tool in your toolbox and are sometimes no more than a rough gauge of performance. Carefully assign metrics to your products and services and do not disregard the informed subjective perspective when SMART metrics are unavailable.

    Info-Tech Best Practice

    One last critical consideration here is the degree of effort required to collect the metric compared to the value of the analysis you are performing. Assessing whether or not to invest in a project should apply the rigor of carefully selecting and measuring value. However, performing a rationalization of the full app portfolio will likely lead to analysis paralysis. Taking an informed subjective perspective may be the better route.

    Measure value – Assign metrics and gauge value fulfillment

    2.6 30-60 minutes

    The objective of this exercise is to determine an appropriate metric for each value source.

    1. For each value source assign a metric that will be the unit of measurement to gauge the value fulfilment of the application.
    2. Review the product or services performance with the metric
      1. Use case 1&2 (Proposed Applications and/or Features) - You will need to estimate the degree of impact the product or services will have on your selected metric.
      2. Use case 3&4 (Existing Applications and/or Features) – You can review historically how the product or service has performed with your selected metric
    3. Determine a value fulfillment on a scale of 1 – 10.

      4. 10 = The product or service far exceeds expectations and targets on the metric.

      5 = the product or service meets expectations on this metric.

      1 = the product or service underperforms on this metric.

    INPUT

    • Product or service knowledge
    • Business process knowledge

    OUTPUT

    • Value driver weight

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework
    • Product or service SMEs

    Carry results over to the Value Calculator

    2.6

    Document results of this activity in the Value Calculator in the Item {#} tab.

    A screenshot of Info-Tech's Value Calculator is shown.

    Assign Metrics.

    Consider using current or estimated performance and targets.

    Assess the impact on the value source with the value fulfillment.

    Collect your Overall Balanced Value Score

    Appendix

    Bibliography

    Brown, Alex. “Calculating Business Value.” Agile 2014 Orlando – July 13, 2014. Scrum Inc. 2014. Web. 20 Nov. 2017.

    Brown, Roger. “Defining Business Value.” Scrum Gathering San Diego 2017. Agile Coach Journal. Web.

    Curtis, Bill. “The Business Value of Application Internal Quality.” CAST. 6 April 2009. Web. 20 Nov. 2017.

    Fleet, Neville, Joan Lasselle, and Paul Zimmerman. “Using a Balance Scorecard to Measure the Productivity and Value of Technical Documentation Organizations.” CIDM. April 2008. Web. 20 Nov. 2017.

    Harris, Michael. “Measuring the Business Value of IT.” David Consulting Group. 20 Nov. 2017.

    Intrafocus. “What is a Balanced Scorecard?” Intrafocus. Web. 20 Nov. 2017

    Kerzner, Harold. Project Management: A Systems Approach to Planning, Scheduling, and Controlling. 12th ed., Wiley, 2017.

    Lankhorst, Marc., et al. “Architecture-Based IT Valuation.” Via Nova Architectura. 31 March 2010. Web. 20 Nov. 2017.

    Rachlin, Sue, and John Marshall. “Value Measuring Methodology.” Federal CIO Council, Best Practices Committee. October 2002. Web. April 2019.

    Thiagarajan, Srinivasan. “Bridging the Gap: Enabling IT to Deliver Better Business Outcomes.” Cognizant. July 2017. Web. April 2019.

    Renovate the Data Center

    • Buy Link or Shortcode: {j2store}497|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Center & Facilities Optimization
    • Parent Category Link: /data-center-and-facilities-optimization
    • 33% of enterprises will be undertaking facility upgrades or refreshes in 2010 aimed at extending the life of their existing data centers.
    • Every upgrade or refresh targeting specific components in the facility to address short-term pain will have significant impact on the data center environment as a whole. Planning upfront and establishing a clear project scope will minimize expensive changes in later years.
    • This solution set will provide you with step-by-step design, planning, and selection tools to define a Data Center renovation plan to reduce cost and risk while supporting cost-effective long-term growth for power, cooling, standby power, and fire protection renovations.

    Our Advice

    Critical Insight

    • 88% of organizations cited they would spend more time and effort on documenting and identifying facility requirements for initial project scoping. Organizations can prevent scope creep by conducting the necessary project planning up front and identify requirements and the effect that the renovation project will have in all areas of the data center facility.
    • Data Center facilities renovations must include the specific requirements related to power provisioning, stand-by power, cooling, and fire protection - not just the immediate short-term pain.
    • 39% of organizations cited they would put more emphasis on monitoring contractor management and performance to improve the outcome of the data center renovation project.

    Impact and Result

    • Early internal efforts to create a budget and facility requirements yields better cost and project outcomes when construction begins. Each data center renovation project is unique and should have its own detailed budget.
    • Upfront planning and detailed project scoping can prevent a cascading impact on data center renovation projects to other areas of the data center that can increase project size, scope and spend.
    • Contractor selection is one of the most important first steps in a complex data center renovation. Organizations must ensure the contractor selected has experience specifically in data center renovation.

    Renovate the Data Center Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and understand the renovation project.

    • Storyboard: Renovate the Data Center
    • None
    • Data Center Annual Review Checklist

    2. Renovate power in the data center.

    • Data Center Power Requirements Calculator

    3. Renovate cooling in the data center.

    • Data Center Cooling Requirements Calculator

    4. Renovate standby power in the data center.

    • Data Center Standby Power Requirements Calculator

    5. Define current and future fire protection requirements.

    • Fire Protection & Suppression Engineer Selection Criteria Checklist
    • None

    6. Assess the opportunities and establish a clear project scope.

    • Data Center Renovation Project Charter
    • Data Center Renovation Project Planning & Monitoring Tool

    7. Establish a budget for the data center renovation project.

    • Data Center Renovation Budget Tool

    8. Select a general contractor to execute the project.

    • None
    • Data Center Renovation Contractor Scripted Interview
    • Data Center Renovation Contractor Scripted Interview Scorecard
    • Data Center Renovation Contractor Reference Checklist
    [infographic]

    Cost Optimization

    • Buy Link or Shortcode: {j2store}14|cart{/j2store}
    • Related Products: {j2store}14|crosssells{/j2store}
    • Up-Sell: {j2store}14|upsells{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Financial Management
    • Parent Category Link: /financial-management
    • byline: IT cost cutting has consequences.
    Minimize the damage of IT cost cuts

    Build Your Enterprise Application Implementation Playbook

    • Buy Link or Shortcode: {j2store}605|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Given the increasing complexity of software implementations, you are continually challenged with staying above water with your current team.
    • In addition, rapid changes in the business make maintaining project sponsors’ engagement challenging.
    • Project sprawl across the organization has created a situation where each project lead tracks progress in their own way. This makes it difficult for leadership to identify what was successful – and what wasn’t.

    Our Advice

    Critical Insight

    An effective enterprise application implementation playbook is not just a list of steps, but a comprehensive view of what is necessary to support your implementation. This starts with a people-first approach. Start by asking about sponsors, stakeholders, and goals. Without asking these questions first, the implementation will be set up for failure, regardless of the technology, processes, and tools available.

    Impact and Result

    Follow these steps to build your enterprise application playbook:

    • Define your sponsor, map out your stakeholders, and lay out the vision, goals and objectives for your project.
    • Detail the scope, metrics, and the team that will make it happen.
    • Outline the steps and processes that will carry you through the implementation.

    Build Your Enterprise Application Implementation Playbook Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Your Enterprise Application Implementation Playbook Deck - Your implementation doesn’t start with technology, but with an effective plan that the team can align on.

    This blueprint provides the steps necessary to build your own enterprise application implementation playbook that can be deployed and leveraged by your implementation teams.

    • Build Your Enterprise Application Implementation Playbook – Phases 1-3

    2. Your Enterprise Application Implementation Playbook – The key output from leveraging this research is a completed implementation playbook.

    This is the main playbook that you build through the exercises defined in the blueprint.

    • Your Enterprise Application Implementation Playbook

    3. Your Enterprise Application Implementation Playbook - Timeline Tool – Supporting tool that captures the project timeline information, issue log, and follow-up dashboard.

    This tool provides input into the playbook around project timelines and planning.

    • Your Enterprise Application Implementation Playbook - Timeline Tool

    4. Light Project Change Request Form Template – This tool will help you record the requested change, allow assess the impact of the change and proceed the approval process.

    This provides input into the playbook around managing change requests

    • Light Project Change Request Form Template

    Infographic

    Workshop: Build Your Enterprise Application Implementation Playbook

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Project

    The Purpose

    Lay out the overall objectives, stakeholders, and governance structure for the project.

    Key Benefits Achieved

    Align everyone on the sponsor, key stakeholders, vision, and goals for your project

    Activities

    1.1 Select the project sponsor.

    1.2 Identify your stakeholders.

    1.3 Align on a project vision.

    1.4 List your guiding principles.

    1.5 Confirm your goals and objectives for the implementation project.

    1.6 Define the project governance structure.

    Outputs

    Project sponsor has been selected.

    Project stakeholders have been identified and mapped with their roles and responsibilities.

    Vision has been defined.

    Guiding principles have been defined.

    Articulated goals and objectives.

    Detailed governance structure.

    2 Set up for Success

    The Purpose

    Define the elements of the playbook that provide scope and boundaries for the implementation.

    Key Benefits Achieved

    Align the implementation team on the scope for the project and how the team should operate during the implementation.

    Activities

    2.1 Gather and review requirements, with an agreed to scope.

    2.2 Define metrics for your project.

    2.3 Define and document the risks that can impact the project.

    2.4 Establish team composition and identify the team.

    2.5 Detail your OCM structure, resources, roles, and responsibilities.

    2.6 Define requirements for training.

    2.7 Create a communications plan for stakeholder groups and delivery teams.

    Outputs

    Requirements for enterprise application implementation with an agreed-to scope.

    Metrics to help measure what success looks like for the implementation.

    Articulated list of possible risks during the implementation.

    The team responsible and accountable for implementation is identified.

    Details of your organization’s change management process.

    Outline of training required.

    An agreed-to plan for communication of project status.

    3 Document Your Plan

    The Purpose

    With the structure and boundaries in place, we can now lay out the details on the implementation plan.

    Key Benefits Achieved

    A high-level plan is in place, including next steps and a process on running retrospectives.

    Activities

    3.1 Define your implementation steps.

    3.2 Create templates to enable follow-up throughout the project.

    3.3 Decide on the tracking tools to help during your implementation.

    3.4 Define the follow-up processes.

    3.5 Define project progress communication.

    3.6 Create a Change request process.

    3.7 Define your retrospective process for continuous improvement.

    3.8 Prepare a closure document for sign-off.

    Outputs

    An agreed to high-level implementation plan.

    Follow-up templates to enable more effective follow-ups.

    Shortlist of tracking tools to leverage during the implementation.

    Defined processes to enable follow-up.

    Defined project progress communication.

    A process for managing change requests.

    A process and template for running retrospectives.

    A technique and template for closure and sign-off.

    Further reading

    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn’t start with technology, but with an effective plan that the team can align on.

    Analyst Perspective

    Your implementation is not just about technology, but about careful planning, collaboration, and control.

    Recardo de Oliveira

    A successful enterprise application implementation requires more than great software; it requires a clear line of sight to the people, processes, metrics, and tools that can help make this happen.

    Additionally, every implementation is unique with its own set of challenges. Working through these challenges requires a tailored approach taking many factors into account. Building out your playbook for your implementation is an important initial step before diving head-first into technology.

    Regardless of whether you use an implementation partner, a playbook ensures that you don’t lose your enterprise application investment before you even get started!

    Ricardo de Oliveira

    Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Given the increasing complexity of software implementations, you are continually challenged with staying above water with your current team.
    • Rapid changes in the business make maintaining project sponsors’ engagement challenging.
    • Project sprawl across the organization has created a situation where project leads track progress in their own way. This makes it difficult for leadership to identify what was successful (and what wasn’t).

    Common Obstacles

    • Your best process experts are the same people you need to keep the business running. The business cannot afford to have its best people pulled into the implementation for long periods of time.
    • Enterprise application implementations generate huge organizational changes and the adoption of the new systems and processes resulting from these projects are quite difficult.
    • People are generally resistant to change, especially large, transformational changes that will impact the day-to-day way of doing things.

    Info-Tech's Approach

    • Build your enterprise application implementation playbook. Follow these steps to build your enterprise application playbook:
      • Define your sponsor, map out your stakeholders, and lay out the vision, goals, and objectives for your project.
      • Detail the scope, metrics, and the team that will make it happen.
      • Detail the steps and processes that will carry you through the implementation

    Info-Tech Insight

    An effective enterprise application implementation playbook is not just a list of steps; it is a comprehensive view of what is necessary to support your implementation. This starts with a people-first approach. Start by asking about sponsors, stakeholders, and goals. Without asking these questions first, the implementation will be set up for failure, regardless of the technology, processes, and tools available.

    Enterprise Applications Lifescycle Advisory Services. Strategy, selection, implementation, optimization and operations.

    Insight summary

    Building an effective playbook starts with asking the right questions, not jumping straight into the technical details.

    • This blueprint provides the steps required to lay out an implementation playbook to align the team on what is necessary to support the implementation.
    • Build your Enterprise Application Implementation Playbook by:
      • Aligning and confirming project’s goals, stakeholders, governance and team.
      • Clearly defining what is in and out of scope for the project and the risks involved.
      • Building up a strong change management process.
      • Providing the tools and processes to keep track of the project.
      • Pulling it all together into an actionable playbook.

    Grapsh showing 39%

    Lack of planning is the reason that 39% of projects fail. Poor project planning can be disastrous: The consequences are usually high costs and time overruns.

    Graph showing 20%

    Almost 20% of IT projects can fail so badly that they can become a threat to a company’s existence. Lack of proper planning, poor communication, and poorly defined goals all contribute to the failure of projects.

    Graph showig 2.5%

    A PwC study of over 10,640 projects found that a tiny portion of companies – 2.5% – completed 100% of their projects successfully. These failures extract a heavy cost – failed IT projects alone cost the United States $50-$150B in lost revenue and productivity.

    Source: Forbes, 2020

    Planning and control are key to enterprise project success

    An estimated 70% of large-scale corporate projects fail largely due to a lack of change management infrastructure, proper oversight, and regular performance check-ins to track progress (McKinsey, 2015).

    Table showing that 88% of projects completed on time, 90% completed within budget and 92% meet original goals. 68% of projects have scope creep, 24% deemed failures and 46% experience budget lose when project fails

    “A survey published in HBR found that the average IT project overran its budget by 27%. Moreover, at least one in six IT projects turns into a ‘black swan’ with a cost overrun of 200% and a schedule overrun of 70%. Kmart’s massive $1.2B failed IT modernization project, for instance, was a big contributor to its bankruptcy.”

    Source: Forbes, 2020

    Sponsor commitment directly improves project success.

    Having the right sponsor significantly improves your chances of success across many different dimensions:

    1. On-time delivery
    2. Delivering within budget
    3. Delivered within an agreed-to scope
    4. Delivered with sufficient quality.
    Graph that shows Project success scores versus sponsor involvement in change communication. Shows increase for projects on time, projects on budget, within scope and overall quality.

    Source: Info-Tech, PPM Current State Scorecard Diagnostic

    Executive Brief Case Study

    Chocolate manufacturer implementing a new ERP

    INDUSTRY

    Consumer Products

    SOURCE

    Carlton, 2021

    Challenge

    Not every ERP ends in success. This case study reviews the failure of Hershey, a 147-year-old confectioner, headquartered in Hershey Pennsylvania. The enterprise saw the implementation of an ERP platform as being central to its future growth.

    Solution

    Consequently, rather than approaching its business challenge on the basis of an iterative approach, it decided to execute a holistic plan, involving every operating center in the company. Subsequently, SAP was engaged to implement a $10 million systems upgrade; however, management problems emerged immediately.

    Results

    The impact of this decision was significant, and the company was unable to conduct business because virtually every process, policy, and operating mechanism was in flux simultaneously. The consequence was the loss of $150 million in revenue, a 19% reduction in share price, and the loss of 12% in international market share.

    Remember: Poor management can scupper implementation, even when you have selected the perfect system.

    A successful software implementation provides more than simply immediate business value…

    It can build competitive advantage.

    • When software projects fail, it can jeopardize an organization’s financial standing and reputation, and in some severe cases, it can bring the company down altogether.
    • Rarely do projects fail for a single reason, but by understanding the pitfalls, developing a risk mitigation plan, closely monitoring risks, and self-evaluating during critical milestones, you can increase the probability of delivering on time, on budget, and with the intended benefits.

    Benefits are not limited to just delivering on time. Some others include:

    • Building organizational delivery competence and overall agility.
    • The opportunity to start an inventory of best practices, eventually building them into a center of excellence.
    • Developing a competitive advantage by maximizing software value and continuously transforming the business.
    • An opportunity to develop a competent pool of staff capable of executing on projects and managing organizational change.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Your Enterprise Application Implementation Playbook – Timeline Tool

    Supporting template that captures the project timeline information, issue log, and follow-up dashboard.

    Info-Tech: Project Planning and Monitoring Tool.
    Light Project Change Request Form Template

    This tool will help you record the requested change, and allow you to assess the impact of the change and proceed with the approval process.

    Info-Tech: Light change request form template.

    Key deliverable:

    Your Enterprise Application Implementation Playbook

    Record the results from the exercises to define the steps for a successful implementation.

    Build your enterprise application implementation playbook.

    Info-Tech’s methodology for Your Enterprise Application Implementation Playbook

    Phase Steps

    1. Understand the Project

    1. Identify the project sponsor
    2. Define project stakeholders
    3. Review project vision and guiding principles
    4. Review project objectives
    5. Establish project governance

    2. Set up for success

    1. Review project scope
    2. Define project metrics
    3. Prepare for project risks
    4. Identify the project team
    5. Define your change management process

    3. Document your plan

    1. Develop a master project plan
    2. Define a follow-up plan
    3. Define the follow-up process
    4. Understand what’s next
    Phase Outcomes
    • Project sponsor has been selected
    • Project stakeholders have been identified and mapped with their roles and responsibilities.
    • Vision, guiding principles, goals objectives, and governance have been defined
    • Project scope has been confirmed
    • Project metrics to identify successful implementation has been defined
    • Risks have been assessed and articulated.
    • Identified project team
    • An agreed-to change management process
    • Project plan covering the overall implementation is in place, including next steps and retrospectives

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostic and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    The three phases of guided implementation.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889 Activities and deliverables for each module of the workshop. Module 1: understanding the project, Module 2: Set up for success, Modeule 3: Document your plan, and Post Workshop: Next steps and Wrap-up(offsite).

    Phase 1

    Understand the project

    3 phases, phase 1 is highlighted.

    This phase will walk you through the following activities:

    1.1 Identify the project sponsor

    1.2 Identify project stakeholders

    1.3 Review project vision and guiding principles

    1.4 Review project objectives

    1.5 Establish project governance

    This phase involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Step 1.1

    Identify the project sponsor

    Activities

    1.1.1 Define the project sponsor's responsibilities

    1.1.2 Shortlist potential sponsors

    1.1.3 Select the project sponsor

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Selected sponsor.

    Sponsor commitment directly improves project success.

    Having the right sponsor significantly improves your chances of success across many different dimensions:

    1. On-time delivery
    2. Delivering within budget
    3. Delivered within an agreed-to scope
    4. Delivered with sufficient quality.

    Graph that shows Project success scores versus sponsor involvement in change communication. Shows increase for projects on time, projects on budget, within scope and overall quality.

    Source: Info-Tech, PPM Current State Scorecard Diagnostic

    Typical project sponsor responsibilities

    • Help define the business goals of their projects before they start.
    • Provide guidance and support to the project manager and the project team throughout the project management lifecycle.
    • Ensure that sufficient financial resources are available for their projects.
    • Resolve problems and issues that require authority beyond that of the project manager.
    • Ensure that the business objectives of their projects are achieved and communicated.

    For further discussion on sponsor responsibilities, use Info-Tech’s blueprint, Drive Business Value With a Right-Sized Project Gating Process

    Portrait of head with multiple layers representing the responsibilities of a sponsor. From top down: Define business goals, provide guidance, ensure human ad financial resources, resolve problems and issues.

    1.1.1 Define the project sponsor’s responsibilities

    0.5-1 hour

    1. Discuss the minimum requirements for a sponsor at your organization.
    2. As a group, brainstorm the criteria necessary for an individual to be a project sponsor:
      1. Is there a limit to the number of projects they can sponsor at one time?
      2. Is there a minimum number of hours they must be available to the project team?
      3. Do they have to be at a certain seniority level in the organization?
      4. What is their role at each stage of the project lifecycle?
    3. Document these criteria on a whiteboard.
    4. Record the sponsor’s responsibilities in section 1.1 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output
    • Requirements for a sponsor
    • Your responsibilities as a sponsor

    Materials

    Participants
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.1.1 Define the project sponsor’s responsibilities (Continued)

    Example

    Project sponsor responsibilities.

    1.1.2 Shortlist potential sponsors

    0.5-1 hour

    1. Based on the responsibilities defined in Exercise 1.1.1, produce a list of the potential sponsors.
    2. Record the sponsor’s shortlist in section 1.2 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Characteristics of a sponsor
    • Your list of candidates

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.1.2 Shortlist potential sponsors (Continued)

    Example

    Shortlist of potential sponsors. 6 names listed with checkmarks on criteria ranking.

    Don’t forget, the project team is there to support the sponsor

    Given the burden of the sponsor role, the project team is committed to doing their best to facilitate a successful outcome.

    Project Success: Follow best practices, escalate issues, stay focused, communicate, adapt to change.

    • Follow the framework set out by the governance group at the organization to drive efficiency on the project.
    • Ensure stakeholders with proper authority are notified of issues that occur during the project.
    • Stay focused on the project tasks to drive quality on the deliverables and avoid rework after the project.
    • Communicate within the project team to drive coordination of tasks, complete deliverables, and avoid resource waste.
    • Changes are more common than not; the team must be prepared to adjust plans and stay agile to adapt to changes for the project.

    Seek the key characteristics of a sponsor

    Man walking up stairs denoting characteristics of a good sponsor. First step: Leader, second step: Strong Communicator, third step: knowledgeable, fourth step: problem solver, fifth step: delegator, final step: dedicated.

    1.1.3 Select the project sponsor

    0.5-1 hour

    1. Review the characteristics and the list of potential candidates.
    2. Assess availability, suitability, and desire of the selected sponsor.
    3. Record the selected sponsor in section 1.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • List of candidates
    • Characteristics of a sponsor
    • Your selected sponsor

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.1.3 Select the project sponsor (Continued)

    Example

    Name of example sponsor with their key traits listed.

    Step 1.2

    Identify the project stakeholders

    Activities

    1.2.1 Identify your stakeholders

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Stakeholders’ management plan

    How to find the right stakeholders

    Start with the obvious candidates, but keep an open mind.

    How to find stakeholders

    • Talk to your stakeholders and ask who else you should be talking to, to discover additional stakeholders and ensure you don’t miss anyone.
    • Less obvious stakeholders can be found by conducting various types of trace analysis, i.e. following various paths flowing from your initiative through to the path’s logical conclusion.

    Create a stakeholder network map for your application implementation

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Stakeholder network map showing direction of professional influence as well as bidirectional, informal influence relationships.

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your enterprise application operates in. It is every bit as important as the teams who enhance, support, and operate your applications directly.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have substantial informal relationships with your stakeholders.

    Understand how to navigate the complex web of stakeholders

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Graph showing influence vs. interest, divided into 4 quadrants. Low influence and intersest is labeled: Monitor, low influence and high interest is labeled: Keep informed, High influence and low interest is labeled: Keep satisfied, and high influence and high interest is labeled: Involve closely

    Large-scale projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    Map the organization’s stakeholders

    List of various stakeholder titles. As well as a graph showing the influence vs involvement of each stakeholder title. Influence and interest is divided into 4 quadrants: Monitor, Keep informed, keep satisfied, and involve closely.

    1.2.1 Identify your stakeholders

    1-2 hours

    1. As a group, identify all the project stakeholders. A stakeholder may be an individual such as the CEO or CFO, or it may be a group such as front-line employees.
    2. Map each stakeholder on the quadrant based on their expected influence and involvement in the project
    3. Identify stakeholders and add them to the list.
    4. Record the stakeholders list in section 1.4 of Info-Tech’s Your Enterprise Application Implementation Playbook.

      5. Download Your Enterprise Application Implementation Playbook

      Input

      Output

      • Types of stakeholders
      • Your stakeholders initial list

      Materials

      Participants

      • Whiteboard/flip charts
      • Your Enterprise Application Implementation Playbook
      • Project team
      • Operations
      • SMEs
      • Team lead and facilitators
      • IT leaders

    1.2.1 Identify your stakeholders(Continued)

    Example

    Table with rows of stakeholders: Customer, End Users, IT, Vendor and other listed. Columns provide: description, examples, value and involvement level of each stakeholder.

    Step 1.3

    Review project vision and guiding principles

    Activities

    1.3.1 Align on a project vision

    1.3.2 List your guiding principles

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Project vision and guiding principles

    Vision and guiding principles

    GUIDING PRINCIPLES

    Guiding principles are high-level rules of engagement that help to align stakeholders from the outset. Determine guiding principles to shape the scope and ensure stakeholders have the same vision.

    Creating Guiding Principles

    Guiding principles should be constructed as full sentences. These statements should be able to guide decisions.

    EXAMPLES
    • [Organization] is implementing an ERP system to streamline processes and reduce redundancies, saving time and money.
    • [Organization] is implementing an ERP to integrate disparate systems and rationalize the application portfolio.
    • [Organization] is aiming at taking advantage of industry best practices and strives to minimize the level of customization required in solution.

    Questions to Ask

    1. What is a strong statement that will help guide decision making throughout the life of the ERP project?
    2. What are your overarching requirements for business processes?
    3. What do you ultimately want to achieve?
    4. What is a statement that will ensure all stakeholders are on the same page for the project?

    1.3.1 Align on a project vision

    1-2 hours

    1. As a group, discuss whether you want to create a separate project vision statement or restate your corporate vision and/or goals.
      1. A project vision statement will provide project-guiding principles, encompass the project objectives, and give a rationale for the project.
      2. Using the corporate vision/goals will remind the business and IT that the project is to implement an enterprise application that supports and enhances the organizational objectives.
    2. Record the project vision in section 1.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Project vision statement defined during strategy building
    • Your project vision

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.3.1 Align on a project vision (Continued)

    Example

    Project Vision

    We, [Organization], will select and implement an integrated software suite that enhances the growth and profitability of the organization through streamlined global business processes, real-time data-driven decisions, increased employee productivity, and IT investment protection.

    Guiding principles examples

    The guiding principles will help guide your decision-making process. These can be adjusted to align with your internal language.

    • Support business agility: A flexible and adaptable integrated business system providing a seamless user experience.
    • Use best practices: Do not recreate or replicate what we have today; focus on modernization. Exercise customization governance by focusing on those customizations that are strategically differentiating.
    • Automate: Take manual work out where we can, empowering staff and improving productivity through automation and process efficiencies.
    • Stay focused: Focus on scope around core business capabilities. Maintain scope control. Prioritize demand in line with the strategy.
    • Strive for "one source of truth": Unify data model and integrate processes where possible. Assess integration needs carefully.

    1.3.2 List your guiding principles

    1-2 hours

    1. Start with the guiding principles defined during the strategy building.
    2. Review each of the sample guiding principles provided and ask the following questions:
      1. Do we agree with the statement?
      2. Is this statement framed in the language we use internally? Does everyone agree on the meaning of the statement?
      3. Will this statement help guide our decision-making process?
    3. Record the guiding principles in section 1.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Guiding principles defined during strategy building
    • Your guiding principles

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.3.2 List your guiding principles (Continued)

    Example

    Guiding principals: Support business agility, use best practices, automate, stay focused, strive for `one source truth`.

    Step 1.4

    Review project objectives

    Activities

    1.4.1 Confirm your goals and objectives for the implementation project

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    The objectives of the implementation project

    Review the elements of the project charter

    Leverage completed deliverables to get project managers started down the path of success.

    Deliverables of project chaters for PMs. Project purpose, scope, logistics and sign-off.

    1.4.1 List your guiding principles

    1-2 hours

    1. Articulate the high-level objectives of the project. (What are the goals of the project?)
    2. Elicit the business benefits the sponsor is committed to achieving. (What are the business benefits of the project?)
    3. Record Project goals and objectives in section 1.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Your BizDevOps objectives and metrics
    • Understanding of various collaboration methods, such as Scrum, Kanban, and Scrumban
    • Your chosen collaboration method

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.4.1 Confirm your goals and objectives for the implementation project (Continued)

    Example:

    Project Objectives: End-user visibility, New business development, employee experience. Business Benefits for each objective listed.

    Step 1.5

    Establish project governance

    Activities

    1.5.1 Define the project governance structure

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Approach to build an effective project governance

    1.5.1 List your guiding principles

    0.5-1 hour

    1. Identify the IT governance structure in place today and document the high-level function of each body (councils, steering committees, review boards, centers of excellence, etc.).
    2. Identify and document the existing enterprise applications governance structure, roles, and responsibilities (if any exist).
    3. Identify gaps and document the desired enterprise applications governance structure, roles, and responsibilities.
    4. Record the project governance structure in section 1.8 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • IT governance structure
    • Your project governance structure

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Governance is NOT management

    Three levels of governance: Team Level, Steering Committee Level, and Executive Governance Level.

    Info-Tech Insight

    You won’t get engagement unless there is a sense of accountability. Do not leave this vague. Accountability needs to be assigned to specific individuals in your organization to ensure the system development achieves what was intended by your organization and not what your system integrator (SI) intended.

    Who is accountable?

    Too many assumptions are made that the SI is accountable for all implementation activities and deliverables – this is simply untrue. All activities can be better planned for, and misunderstandings can be avoided, with a clear line of sight on roles and responsibilities and the documentation that will support these assumptions.

    Discuss, define, and document roles and responsibilities:
    • For each role (e.g. executive sponsor, delivery manager, test lead, conversion lead), clearly articulate the responsibilities of the role, who is accountable for fulfillment, and whether it’s a client role, SI role, or both.
    • Articulate the purpose of each deliverable clearly, define which individual or team has responsibility for it, and document who is expected to contribute.
    • Empower the team by granting them the authority to make decisions. Ease their reluctance to think outside the box for fear of stakeholder or user backlash.
    • The implementation cannot and will not be transformative if the wrong people are involved or if the right people have not been given the tools required to succeed in their role.

    1.5.2 List your guiding principles

    0.5-1 hour

    1. Assess the skills necessary for an enterprise implementation. Inventory the competencies required for an enterprise implementation team. Map your internal resources to each competency as applicable.
    2. Select your internal implementation team. Determine who needs to be involved closely with the implementation. Key stakeholders should also be considered as members of your implementation team.
    3. Identify the number of external consultants/support required for implementation. Consider your in-house skills, timeline, integration environment complexity, and cost constraints as you make your resourcing plan.
    4. Record governance team roles and responsibilities in 1.9 section of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Available resources (internal, external, contract)
    • Your governance structure roles and responsibilities

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.5.2 Define governance team roles and responsibilities (Continued)

    Example

    Governance team roles and their responsibilities.

    Phase 2

    Set up for success

    3 phases, phase 2 is highlighted.

    This phase will walk you through the following activities:

    2.1. Review project scope

    2.2. Define project metrics

    2.3. Prepare for project risks

    2.4. Identify the project team

    2.5. Define your change management process

    This phase involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Step 2.1

    Review project scope

    Activities

    2.1.1 Gather and review requirements

    2.1.2 Confirm your scope for implementation

    2.1.3 Formulate a scope statement

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    The project scope

    Requirements are key to defining scope

    Project scope management includes the processes required to ensure that the project includes all and only the work required to complete the project successfully. Therefore, managing project scope is about defining and controlling what is and is not included in the project.

    PMBOK defines requirements as “conditions or capabilities that are to be met by the project or present in the product, service, or result to satisfy an agreement or other formally imposed specification.” Detailed requirements should be gathered and elicited in order to provide the basis for defining the project scope.

    70% of projects fail due to poor requirements, organizations using poor practices spent 62% more, 4th highest correlation to high IT performance is requirements gathering.

    Well-executed requirements gathering results in:

    • Consistent approach from project to project, resulting in more predictable outcomes.
    • Solutions that meet the business need on the surface and under the hood.
    • Reduce risk for fast-tracked projects by establishing a right-sized approach.
    • Requirements team that can drive process improvement and improved execution.
    • Confidence when exploring solution alternatives.

    Poorly executed requirements gathering results in:

    • IT receiving the blame for any project shortcomings or failures.
    • Business needs getting lost in the translation between the initial request and final output.
    • Inadequate solutions or cost overruns and dissatisfaction with IT.
    • IT losing its credibility as stakeholders do not see the value and work around the process.
    • Late projects that tie up IT resources longer than planned, and cost overruns that come out of the IT budget.
    • Inconsistent project execution, leading to inconsistent outcomes.

    Strong stakeholder satisfaction with requirements results in higher satisfaction in other areas

    High stakeholder satisfaction with requirements results in higher satisfaction in other areas.

    Note: “High satisfaction” was classified as a score greater or equal to eight, and “low satisfaction” was every organization that scored below eight on the same questions.

    2.1.1 Gather and review requirements

    1-2 hours

    1. Once existing documentation has been gathered, evaluate the effectiveness of the documentation and decide whether you need additional information to proceed to current-state mapping.
    2. The initiative team should avoid spending too much time on the discovery phase, as the goal of discovery is to obtain enough information to produce a level-one current-state map.
    3. Consider reviewing capabilities, business processes, current applications, integration, and data migration.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Your requirements, capabilities, business processes, current applications, integration, and/or data migration
    • Your requirements, capabilities, business processes, current applications, integration, and/or data migration revisited

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.1.1 Requirements list

    Example

    Requirements with description, category and priority.

    2.1.2 Confirm your scope for implementation

    1-2 hours

    1. Based on the requirements, write down features of the product or services, as well as dependencies with other interfaces.
    2. Write down exclusions to guard against scope creep.
    3. Validate the scope by asking these questions:
      1. Will this scope provide a common understanding for all stakeholders, including those outside of IT, as to what the project will accomplish and what it excludes?
      2. Should any detail be added to prevent scope creep later?
    4. Record the project scope in section 2.1 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • What’s in scope
    • What’s out of scope
    • What needs to integrate
    • Your scope areas

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.1.2 Scope detail

    Example

    Example of scope detail. Table with scope levels: In scope, out of scope and existing scope. Each scope level has details about it listed.

    Distill your requirements into a scope statement

    Requirements are about the what and the how.
    Scope specifies the features of the product or service – what is in and what is out     Table showing Requirement document vs. Scope statement. It lists the audience, content, inputs and outputs for each.

    The Build Your Enterprise Application Implementation Playbook 2.2 Project Scope Statement includes:

    • Scope description (features, how it interfaces with other solution components, dependencies).
    • Exclusions (what is not part of scope).
    • Deliverables (product outputs, documentation).
    • Acceptance criteria (what metrics must be satisfied for the deliverable to be accepted).
    • Final sign-off (owner).
    • Project exclusions (scope item, details).

    The scope statement should communicate the breadth of the project

    To assist in forming your scope statement, answer the following questions:
    • What are the major coverage points?
    • Who will be using the systems?
    • How will different users interact with the systems?
    • What are the objectives that need to be addressed?
    • Where do we start?
    • Where do we draw the line?

    2.1.3 Formulate a scope statement

    1-2 hours

    1. Lay out the scope description (features, how it interfaces with other solution components, dependencies).
    2. Record the exclusions (what is not part of scope).
    3. Fill out the scope statement.
    4. Record the scope statement in section 2.2 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your scope areas
    • Your scope statement

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Scope statement template
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.1.3 Scope statement

    Example

    Examples of scope statements showing the following: Product or service in scope, project deliverables and acceptance criteria, and project exclusions.

    Step 2.2

    Review project scope

    Activities

    2.2.1 Define metrics for your project

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    The project metrics

    Building leading indicators

    Lagging KPIs are relatively simple to identify, whereas leading KPIs can be more elusive.

    For example, take the lagging KPI “Customer Satisfaction.” How do you turn that into a leading KPI? One method is to look at sources of customer complaints. In a retail sales system, backordered items will negatively impact customer satisfaction. As a leading indicator, track the number of orders with backordered lines and the percentage of the total order that was backordered.

    Performance Metrics

    Use leading and lagging metrics, as well as benchmarks, to track the progress of your system.

    Leading KPIs: Input-oriented measures:

    • Number of active users in the system.
    • Time-to-completion for processes that previously experienced efficiency pain points.

    Lagging KPIs: Output-oriented measures:

    • Faster production times.
    • Increased customer satisfaction scores

    Benchmarks: A standard to measure performance against:

    • Number of days to ramp up new users.

    Info-Tech Insight

    Leading indicators make the news; lagging indicators report on the news. Focusing on leading indicators allows you to address challenges before they become large problems with only expensive solutions.

    2.2.1 Define metrics for your project

    1-2 hours

    1. Examine outputs from any feedback mechanisms you have (satisfaction surveys, emails, existing SLAs, burndown charts, resourcing costs, licensing costs per sprint, etc.).
    2. Look at historical trends and figures when available. However, be careful of frequent anomalies, as these may indicate a root cause that needs to be addressed.
    3. Explore the definition of specific metrics across different functional teams to ensure consistency of measurement and reporting.
    4. Record the Project Metrics in section 2.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Outputs of any feedback mechanism
    • Historical trends
    • Your project tracking metrics

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.2.1 Metrics

    In addition to delivery metrics and system performance metrics, equip the business with process-based metrics to continuously prove the value of the enterprise software. Review the examples below as a starting point.

    Table showing metrics and desciption. Metrics listed are: Percent of requirements complete, issues found, issues resolved, and percent of processess complete.

    Step 2.3

    Prepare for project risks

    Activities

    2.3.1 Build a risk event menu

    2.3.2 Determine contextual risks

    2.3.3 Determine process risks

    2.3.4 Determine business risks

    2.3.5 Determine change risks

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create your product canvas and product vision statement

    All risks are not created equal

    Project Risk consists of: Contextual risk, process risk, change risk and business risk.

    For more information on Info-Tech’s Four-Pillar Risk Framework, please see Right-Size Your Project Risk Investment.

    Info-Tech’s Four-Pillar Risk Framework

    Unusual risks should be detected by finding out how each project is different from the norm. Use this framework to start this process by confronting the risks that are more easily anticipated.

    2.3.1 Build a risk event menu

    0.5-1 hour

    1. Build and maintain an active menu of potential risk events across the four risk categories.
    2. Record the risk event menu in section 2.4 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Risk events
    • Your risk events menu

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.1 Risk event menu

    Example

    Risk event menu example. A table with: Contextual Risk, process risk, business risk, change risk events with examples for each.

    2.3.2 Determine contextual risks

    0.5-1 hour

    1. Contextual risk factors are those that operate within the context of your department, organization, and/or community.
    2. Fill out contextual risks.
    3. Record the contextual risks in section 2.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your contextual risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.2 Contextual risks

    Example

    two tables for Contextual risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    2.3.3 Determine process risks

    0.5-1 hour

    1. Process risks are those that involve project sponsorship, project management, business and functional requirements, work assignment, communication, and/or visibility.
    2. Fill out process risks.
    3. Record the process risks in section 2.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your process risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.3 Process risks

    Example

    two tables for Process risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    2.3.4 Determine business risks

    0.5-1 hour

    1. Business risks are those that affect the bottom line of the organization. They usually have implications on revenue, costs, and/or image.
    2. Fill out business risks.
    3. Record the business risks in section 2.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your business risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.4 Business risks

    Example

    two tables for Business risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    2.3.5 Determine change risks

    0.5-1 hour

    1. Change risks are those that result from imposing changes on the people and customers of the organization and their daily routines.
    2. Fill change risks.
    3. Record the change risks in section 2.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your business risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.5 Change risks

    Example

    two tables for Change risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    Step 2.4

    Identify the project team

    Activities

    2.4.1 Establish team composition

    2.4.2 Identify the team

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to get your project team ready

    Understand the unique external resource considerations for the implementation

    Organizations rarely have sufficient internal staffing to resource an enterprise software implementation project entirely on their own. Consider the options for closing the gap in internal resource availability.

    The most common project resourcing structures for enterprise projects are:

    1. Management consultant
    2. Vendor consultant
    3. System integrator

    When contemplating a resourcing structure, consider:

    • Availability of in-house implementation competencies and resources.
    • Timeline and cost constraints.
    • Integration environment complexity.

    CONSIDER THE FOLLOWING

    Internal Vs. External Roles and Responsibilities

    Clearly delineate between internal and external team responsibilities and accountabilities and communicate this to your technology partner upfront.

    Internal Vs. External Accountabilities

    Accountability is different than responsibility. Your vendor or SI partner may be responsible for completing certain tasks, but be careful not to outsource accountability for the implementation – ultimately, the internal team will be accountable.

    Partner Implementation Methodologies

    Often vendors and/or SIs will have their own preferred implementation methodology. Consider the use of your partner’s implementation methodology; however, you know what will work for your organization.

    Info-Tech Insight

    Selecting a partner is not just about capabilities, it’s about compatibility! Ensure you select a partner that has a culture compatible with your own.

    2.4.1 Establish team composition

    0.5-1 hour

    1. Assess the skills necessary for an enterprise implementation.
    2. Select your internal implementation team.
    3. Identify the number of external consultants/support required for implementation.
    4. Document the roles and responsibilities, accountabilities, and other expectations as they relate to each step of the implementation.
    5. Record the team composition in section 2.9 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • List of project team skills
    • Your team composition
    • Your business risks

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.4.1 Team composition

    Example

    Team composition: Role of each team member, and their skills.

    2.4.2 Identify the team

    0.5-1 hour

    1. Identify a candidate for each role and determine their responsibility in the project and their expected time commitment.
    2. The project will require a cross-functional team within IT and business units. Make sure the responsibilities are clearly communicated to the selected project sponsor.
    3. Create a RACI matrix for the project.
    4. Record the team list in section 2.10 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your team composition
    • Your team with responsibilities and commitment

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.4.2 Team list

    Example

    Team list: Role of each team member, candidate, responsibilities, and their commitment in hours per week.

    RACI example

    RACI example. Responsibilities and team member roles that are tasked with each responsibility.

    Step 2.5

    Define your change management process

    Activities

    2.5.1 Define OCM structure and resources

    2.5.2 Define OCM team’s roles and responsibilities

    2.5.3 Define requirements for training

    2.5.4 Create a communications plan for stakeholder groups, and delivery teams

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    A structure and procedures for an effective organizational change management

    Define your change management process to improve quality and adoption

    Organizational change management is the practice through which the PMO can improve user adoption rates and maximize project benefits.

    Correlation of change management effectiveness with meeting results.

    “It’s one thing to provide a new technology tool to your end users.

    It’s quite another to get them to use the tool, and still different for them to use the new tool proficiently.

    When your end users fully use a new technology and make it part of their daily work habits, they have ‘adopted’ the new tool.”

    – “End-User Adoption and Change Management Process” (2022)

    Large projects require organizational change management

    Organizational change management (OCM) governs the introduction of new business processes and technologies to ensure stakeholder adoption. The purpose of OCM is to prepare the business to accept the change.

    OCM is a separate body of knowledge. However, as a practice, it is inseparable from project management.

    In IT, project planning tends to fixate on technology, and it underestimates the behavioral and cultural factors that inhibit user adoption. Whether change is project-specific or continuous, it’s more important to instill the desire to change than to apply specific tools and techniques.

    Accountability for instilling this desire should start with the project sponsor. The project manager should support this with effective stakeholder and communication management plans.

    16% of projects with poor change management met or exceeded objectives. 71% of projects with excellent change management finish on or ahead of schedule. 67% of organizations include project change management in their initiatives.

    For further discussion on organizational change, use Info-Tech’s blueprint, Master Organizational Change Management Practices

    Your application implementation will be best served by centralizing OCM

    A centralized approach to OCM is most effective, and the PMO is already a centralized project office and is already accountable for project outcomes.

    What’s more, in organizations where accountabilities for OCM are not explicitly defined, the PMO will likely already be assumed to be the default change leader by the wider organization.

    It makes sense for the PMO to accept this accountability – in the short term at least – and claim the benefits that will come from coordinating and consistently driving successful project outcomes.

    In the long term, OCM leadership will help the PMO become a strategic partner with the executive layer and the business side.

    Short-term gains made by the PMO can be used to spark dialogues with those who authorize project spending and have the implicit fiduciary obligation to drive project benefits.

    Ultimately, it’s their job to explicitly transfer that obligation along with the commensurate resourcing and authority for OCM activities.

    Organizational resistance to change is cited as the #1 challenge to project success that PMOs face. Companies with mature PMOs that effectively manage change meet expectations 90% of the time.

    For further discussion on organizational change, use Info-Tech’s blueprint, Master Organizational Change Management Practices

    2.5.1 Define OCM structure and resources

    0.5-1 hour

    1. Assess the roles and resources that might be needed to help support these OCM efforts.
    2. Record the OCM structure in section 2.11 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project objectives
    • Your OCM structure and resources

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.5.1 OCM structure and resources

    Example

    OCM structure example. Table showing OCM activity and resources available to support.

    2.5.2 Define OCM team’s roles and responsibilities

    0.5-1 hour

    1. Assess the tasks required for the team.
    2. Determine roles and responsibilities.
    3. Record the results in the RACI matrix in section 2.13 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your communications timeline
    • Your OCM structure and resources
    • Your OCM plan and RACI matrix

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    OCM team’s roles and responsibilities

    Example

    Responsibilities for OCM team members.

    2.5.3 Define requirements for training

    0.5-1 hour

    1. Analyze HR requirements to ensure efficient use of HR and project stakeholder time.
    2. Outline appropriate HR and training activities.
    3. Define training content and make key logistical decisions concerning training delivery for staff and users.
    4. Record training requirements in section 2.14 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your OCM Plan and RACI matrix
    • Your HR training needs

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.5.3 Training requirements

    Example

    Training requirements example: Project milestones, milestone time frame, hr/training activities, activity timing, and notes.

    Project communication plans must address creation, flow, deposition, and security of project information

    A good communication management plan is like the oil that keeps moving parts going. Ensuring smooth information flow is a fundamental aspect of project management.

    Project communication management is more than keeping track of stakeholder requirements. A communication management plan must address timely and appropriate creation, flow, and deposition of information about the project – as well as the security of the information.

    Create:

    • In addition to standardized status reporting elements discussed for level 1 projects, level 2 and 3 projects may require additional information to be disseminated among key stakeholders and the PMO.

    Flow:

    • The plan must address the methods of communication. Distributed project teams require more careful planning, as they pose additional communication challenges.

    Deposit:

    • As the volume of information continues to grow exponentially, retrieving information becomes a challenge. The plan for depositing project information must be consistent with your organization’s content management policies.

    Security:

    • Preventing unauthorized access and information leaks is important for projectsthat are intended to provide the organization with a competitive edge or for projects that deal with confidential data.
    45% of organizations had established mature communications and engagement processes.

    2.5.4 Create a communications timeline

    0.5-1 hour

    1. Base your change communications on your organization’s cultural appetite for change in general.
    2. Document communications plan requirements.
    3. Create a high-level communications timeline.
    4. Tailor a communications strategy for each stakeholder group.
    5. Record the communications timeline in section 2.12 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your OCM structure and resources
    • Your project objectives
    • Your project scope
    • Your stakeholders’ management plan
    • Your communications timeline

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Example of communications timeline

    Project sponsors are the most compelling storytellers to communicate the change

    Example of project communications timeline. Planning, requirements, design, development, QA, deployment, warranty, and benefits/closure.

    Info-Tech Insight

    Communication with stakeholders and sponsors is not a single event, but a continual process throughout the lifecycle of the project implementation – and beyond!

    Phase 3

    Document your plan

    3 phases, phase 3 is highlighted.

    This phase will walk you through the following activities:

    3.1 Develop a master project plan

    3.2. Define a follow-up plan

    3.3. Define the follow-up process

    3.4. Understand what’s next

    This phase involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Step 3.1

    Develop a master project plan

    Activities

    3.1.1 Define your implementation steps

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create your resourcing and master plans

    Resources Vs. Demand

    Organizations rarely have sufficient internal staffing to resource an enterprise software implementation project entirely on their own. Consider the options for closing the gap in internal resource availability.

    Project demand: Data classification, cloud strategy, application rationalization, recovery planning etc. must be weighted against the organizations internal staffing resources.

    Competing priorities

    Example

    Table for competing priorities: List of projects, their timeline, priority notes, and their implications.

    3.1.1 Define your implementation steps

    0.5-1 hour

    1. Write each phase of the project on a separate sticky note and add it to the whiteboard. Determine what steps make up each phase. Write each step of the phase on a separate sticky note and add it to the whiteboard.
    2. Determine what tasks make up each step. Write each task of the step on a separate sticky note and add it to the whiteboard.
    3. Record the tasks in the Your Enterprise Application Implementation Playbook – Timeline tool. This tool has an example of a typical list of tasks, to help you start your master plan. Use the timeline for project planning and progress tracking.
    4. Record your project’s basic data and work schedule.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Project's work breakdown structure
    • Your project master plan

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Implementation plan – basic data

    Record your project name, project manager, and stakeholders from previous exercises.

    Example project information form: Project name, estimated start date, estimated end date, project manager, stakeholders, and time off of project.

    Implementation plan – work schedule

    Use this template to keep track of all project tasks, dates, owners, dependencies, etc.

    Use this template to keep track of all project tasks, dates, owners, dependencies, etc.

    “Actual Start Date” and “Actual Completion Date” columns must be updated to be reflected in the Gantt chart.

    This information will also be captured as the source for session 3.2.1 dashboards.

    Step 3.2

    Define a follow up plan

    Activities

    3.2.1 Create templates to enable follow-up throughout the project

    3.2.2 Decide on the tracking tools to help during your implementation

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create the processes and define the tools to track progress

    Leveraging dashboards

    Build a dashboard that reflects the leading metrics you have identified. Call out requirements that represent key milestones in the implementation.

    For further information on monitoring the project, use Info-Tech’s blueprint, Governance and Management of Enterprise Software Implementation

    Build a dashboard that reflects the leading metrics you have identified. Call out requirements that represent key milestones in the implementation.

    3.2.1 Create templates to enable follow-up throughout the project

    0.5-1 hour

    1. Create status report, dashboards/charts, budget control, risk/issues/gaps templates, and change request forms.
    2. Build a dashboard that reflects the leading metrics you have identified.
    3. Call out requirements that represent key milestones in the implementation.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your projects master plan
    • Your project follow-up kit

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Dashboards

    Based on the inputs in session 3.1.1 Define Your Implementation Steps, once the “Actual Start Date” and “Actual Completion Date” columns have been updated, this dashboard will present the project status and progress

    Based on the inputs in session 3.1.1 Define Your Implementation Steps, once the “Actual Start Date” and “Actual Completion Date” columns have been updated, this dashboard will present the project status and progress.

    This executive overview of the project's progress is meant to be used during the status meeting.

    Select the right tools

    Use SoftwareReviews to explore product features, vendor experience, and capability satisfaction.

    SoftwareReviews, Requirements Management, 2023

    SoftwareReviews, Project Management, 2023

    SoftwareReviews, Business Intelligence & Analytics, 2023

    3.2.2 Decide on the tracking tools to help during your implementation

    0.5-1 hour

    1. Based on the standards within your organization, select the appropriate project tracking tools to help you track the implementation project.
    2. If you do not have any tools or wish to change them, please see leverage Info-Tech’s SoftwareReviews to help you in making your decision.
    3. Consider tooling across a number of different categories:
      1. Requirements Management
      2. Project Management
      3. Reporting and Analytics
    4. Record the project tracking tools in section 3.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project follow-up kit
    • Your project follow-up kit tools

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Example: project tools

    Table listing project tools by type, use, and products available.

    Step 3.3

    Define a follow-up process

    Activities

    3.3.1 Define project progress communication

    3.3.2 Create a change request process

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create your follow-up process

    Project status updates should occur throughout the implementation

    Project status updates can be both formal and informal. Formal status updates provide a standardized means of disseminating information on project progress. It is the lifeblood of project management: Accurate and up-to-date status reporting enables your project manager to ensure that your project can continue to use the resources needed.

    Informal status updates are done over coffee with key stakeholders to address their concerns and discuss key outcomes they want to see. Informal status updates help to build a more personal relationship.

    Ask for feedback during the status update meetings. Use the meeting as an opportunity to align values, goals, and incentives.

    Codify the following considerations:

    • Minimum requirement for a formal status update:
      • Frequency of reporting, as required by the project portfolio
      • Parties to be consulted and informed
      • Recording, producing, and archiving meeting minutes, both formal and informal
    • Procedure for follow-up on feedback generated from status updates:
      • Filing change requests
      • Keeping the change requester/relevant stakeholders in the loop

    3.3.1 Define project progress communication

    0.5-1 hour

    1. Provide a standardized means of disseminating information on project progress.
    2. Create an accurate and up-to-date status report to help keep team engaged and leadership supporting the project.
    3. Record the project progress communication in section 3.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project follow-up process
    • Your project progress communication

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Project progress communication

    Example

    Example table of project progress communication. Audience, purpose, delivery/format, communicator, delivery date, and status/notes.

    Manage project scope changes

    1. Change in project scope is unpredictable and almost inevitable regardless of project size. If changes are not properly managed, the project runs the risk of scope creep and loss of progress. Therefore, changes need to be monitored and controlled.
    2. Scope change can be initiated voluntarily by the project sponsor or other stakeholders, or it could be a mandatory reaction to changing project process.
    3. Scope change may also take place due to internal factors such as a stakeholder requiring more extensive insights or external factors such as changing market conditions.
    4. Scope changes have the potential to affect project outcomes either positively or negatively, depending on how the change is managed and implemented. The project manager should take care to maintain focus on the project’s ultimate objectives; consideration needs to be given as to what to do and what to give up.
    5. If changes arise, project managers should ensure that adequate resources and actions are provided so the project can be completed on time and on budget.
    • The project manager needs to use both hard and soft skills: analytical skills for evaluating and quantifying the impact of potential changes and communication skills for communicating and negotiating with stakeholders.
    • Build trust and credibility by taking an evidence-based approach when presenting changes. This gives you room to respectfully push back on certain changes.
    • Assess changes before crossing them off the list, but don’t be afraid to say no. Greater care must be taken when there is very limited budgetary freedom or when scope changes will interfere with the critical path.
    • All change requests must be received by the project manager first so they can make sure that IT project resources are not approached with multiple ad hoc change requests.

    Document your process to manage project change requests

    1 Initial assessment

    Using the scope statement as the reference point:

    • Why do we need the change?
    • Is the change necessary?
    • What is the business value that the change brings to the project?

    Recommend alternative solutions that are easier to implement while consulting the requester.

    2 Minor change

    If the change has been classified as minor, the project manager and the project team can tackle it directly, since it doesn’t affect project budget or schedule in a significant way. Ensure that the change is documented.

    3 conduct an in-depth assessment

    The project manager should bring major changes to the attention of the project sponsor and carry out a detailed assessment of the change and its impact.

    Additional time and resources are required to do the in-depth assessment because the impact on the project can be complex and affect requirements, resources, budget, and schedule.

    4 Obtain approval from the governing body

    Present the results to the governing body. Since a major change significantly affects the project baseline beyond the authorized contingency, it is the responsibility of the governing body to either approve the change with allocation of additional resources or reject the change and maintain course.

    Flow chart to document your process to manage project change requests.

    For further discussion on change requests, use Info-Tech’s blueprint, Begin Your Projects With the End in Mind

    3.3.2 Create a change request process

    0.5-1 hour

    1. Identify any existing processes that you have for addressing changes for projects.
    2. Discuss whether or not the current change request process will suit the project at hand.
    3. Define the agreed-to change request process that fits your organization’s culture.
    4. For a change request template, you can leverage, refer to section 3.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.
    5. Make any changes to the template as necessary.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project scope
    • Your change request

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    3.3.2 Create a change request process (Continued)

    Example of a change request process form.

    Step 3.4

    Understand what's next

    Activities

    3.4.1 Run a “lessons learned” session for continuous improvement

    3.4.2 Prepare a closure document for sign-off

    3.4.3 Document optimization and future release opportunities

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Lessons learned throughout the project-guiding

    Good project planning is key to smooth project closing

    Begin with the end in mind. Without a clear scope statement and criteria for acceptance, it’s anyone’s guess when or how a project will end.

    During the closing process, the project manager should use planning and execution documents, such as the project charter and the scope statement, to assess project completeness and obtain sign-off based on the acceptance criteria.

    Project completion criteria should be clearly defined. For example, the project is defined as finished when costs are in, vendor receipts are received, financials are reviewed and approved, etc.

    However, there are other steps to be taken after completing the project deliverables. These activities include:

    • Transferring project knowledge and operations to support
    • Completing user training
    • Obtaining business sign-off and acceptance
    • Releasing resources
    • Conducting post-mortem meeting
    • Archiving project assets

    The project manager needs to complete all project management processes, including:

    • Risk management (close out risk assessment and action plan)
    • Quality management (test the final deliverables against acceptance criteria)
    • Stakeholder management (decision log, close out issues, plan and assign owners for resolutions of open issues)
    • Project team management (performance evaluation for team members as well as the project manager)

    3.4.1 Define the process for lessons learned

    0.5-1 hour

    1. Determine the reporting frequency for lessons learned.
    2. Consider attributing lessons learned to project phases.
    3. Coordinate lessons learned check-ins with project milestones to review and reflect.
    4. At each reporting session, the project team should identify challenges and successes informally.
    5. The PM and the PMO should transform the reports from each team member into formalized lessons.
    6. Record lessons learned for each project in section 3.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project's lessons learned

    Materials

    Participants

    • Project Lessons Learned Template
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Lessons learned

    Example

    Form: Project successes, notes, areas of imporvement, impact, solution.

    Watch for these potential problems with project closure

    Don’t leave the door open for stakeholder dissatisfaction. Properly close out your projects.

    Potential problems with project closure.

    For further information on project closure issues, use Info-Tech’s blueprint, Get Started With Project Management Excellence.

    3.4.2 Prepare a closure document for sign-off

    0.5-1 hour

    1. Create a realistic closure and transition process that gains sign-off from the sponsor.
    2. Prepare a project closure checklist.
    3. Transfer accountability to operations, release project resources, and avoid disrupting other projects that are trying to get started.
    4. Record the project closure document in section 3.8 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project objectives
    • Your project scope
    • Your project's closure checklist

    Materials

    Participants

    • Project closure checklist Template
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Closure checklist

    Project closure checklist. project management checklist, deliverables, goals, benefits, outstanding action items and issues, handover of technical documents, knowledge transfer, sign-off.

    For further information on closure procedures, use Info-Tech’s blueprint, Begin Your Projects With the End in Mind.

    3.4.3 Document optimization and future release opportunities

    0.5-1 hour

    Consider the future opportunities for improvement post-release:

    1. Product and vendor satisfaction opportunities
    2. Capability and feature optimization opportunities
    3. Process optimization opportunities
    4. Integration optimization opportunities
    5. Data optimization opportunities
    6. Cost-saving opportunities
    7. Record optimization and future release opportunities in section 3.9 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project objectives
    • Your project scope
    • Your optimization opportunities list

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Optimization opportunities

    Example

    Optimization types and opportunities.

    Related Info-Tech Research

    Build upon your foundations

    Build an ERP Strategy and Roadmap

    • A business-led, top-management-supported initiative partnered with IT has the greatest chance of success. This blueprint provides business and IT the methodology for getting the right level of detail for the business processes that the ERP supports thus avoiding getting lost in the details.

    Governance and Management of Enterprise Software Implementation

    • Implementing enterprise software is hard. You need a framework that will greatly improve your chance of success. Traditional Waterfall project implementations have a demonstrated a low success rate for on-time, on-budget delivery.

    Select and Implement a Human Resource Information System

    • Your organization is in the midst of a selection and implementation process for a human resource information system (HRIS), and there is a need to disambiguate the market and arrive at a shortlist of vendors.

    Select and Implement an ERP Solution

    • Selecting and implementing an ERP is one of the most expensive and time-consuming technology transformations an organization can undertake. ERP projects are notorious for time and budget overruns, with only a margin of the anticipated benefits being realized.

    Right-Size Your Project Risk Investment

    • Avoid the all-or-nothing mindset; even modest investments in risk will provide a return. Learn from and record current and historical risk events so lessons learned can easily be embedded into future projects. Assign someone to own the risk topic and make it their job to keep a relevant menu of risks.

    Related Info-Tech Research

    Build upon your foundations

    Drive Business Value With a Right-Sized Project Gating Process

    • Many organizations have implemented gating as part of their project management process. So, what separates those who are successful from those who are not? For starters, successful gating requires that each gate is treated as an essential audit. That means there need to be clear roles and responsibilities in the framework.

    Master Organizational Change Management Practices

    • Organizational change management (OCM) is often an Achilles’ heel for IT departments and business units, putting projects and programs at risk – especially large, complex, transformational projects.

    Get Started With Project Management Excellence

    • Lack of proper scoping at the beginning of the project leads to constant rescoping, rescheduling, and budget overruns.

    ERP Requirements Picklist Tool

    • Use this tool to collect ERP requirements in alignment with the major functional areas of ERP. Review the existing set of ERP requirements as a starting point to compiling your organization's requirements.

    Begin Your Projects With the End in Mind

    • Stakeholders are dissatisfied with IT’s inability to meet or even provide consistent, accurate estimates. The business’ trust in IT erodes every time a project is late, lost, or unable to start.

    Get Started With IT Project Portfolio Management

    • Most companies are struggling to get their project work done. This is due in part to the fact that many prescribed remedies are confusing, disruptive, costly, or ineffective.

    Bibliography

    7 Shocking Project Management Statistics and Lessons We Should Learn.” TeamGantt, Jan. 2017.

    Akrong, Godwin Banafo, et al. "Overcoming the Challenges of Enterprise Resource Planning (ERP): A Systematic Review Approach." IJEIS vol.18, no.1 2022: pp.1-41.

    Andriole, S. “Why No One Can Manage Projects, Especially Technology Projects.” Forbes, 1 Dec. 2020.

    Andriole, Steve. “Why No One Can Manage Projects, Especially Technology Projects.” Forbes, 1 Dec. 2020.

    Beeson, K. “ERP Implementation Plan (ERP Implementation Process Guide).” ERP Focus, 8 Aug. 2022.

    Biel, Justin. “60 Critical ERP Statistics: 2022 Market Trends, Data and Analysis.” Oracle Netsuite, 12 July 2022.

    Bloch, Michael, et al. “Delivering Large-Scale IT Projects on Time, on Budget, and on Value.” McKinsey & Company, 2012.

    Buverud, Heidi. ERP System Implementation: How Top Managers' Involvement in a Change Project Matters. 2019. Norwegian School of Economics, Ph.D. thesis.

    Carlton, R. “Four ERP Implementation Case Studies You Can Learn From.” ERP Focus, 15 July 2015.

    Gopinath, S. Project Management in the Emerging World of Disruption. PMI India Research and Academic Conference 2019. Kozhikode Publishers.

    Grabis, J. “On-Premise or Cloud Enterprise Application Deployment: Fit-Gap Perspective.” Enterprise Information Systems. Edited by Filipe, J., Śmiałek, M., Brodsky, A., Hammoudi, S. ICEIS, 2019.

    Harrin, E. The Definitive Guide to Project Sponsors. RGPM, 13 Dec. 2022.

    Jacobs-Long, Ann. “EPMO’s Can Make A Difference In Your Organization.” 9 May 2012.

    Kotadia, C. “Challenges Involved in Adapting and Implementing an Enterprise Resource Planning (ERP) Systems.” International Journal of Research and Review vol. 7 no. 12 December 2020: 538-548.

    Panorama Consulting Group. "2018 ERP Report." Panorama Consulting Group, 2018. Accessed 12 Oct. 2021.

    Panorama Consulting Group. "2021 ERP Report." Panorama Consulting Group, 2021. Accessed 12 Oct. 2021.

    PM Solutions. (2014). The State of the PMO 2014.

    PMI. Pulse of the Profession. 2017.

    Podeswa, H. “The Business Case for Agile Business Analysis.” Requirements Engineering Magazine, 21 Feb. 2017.

    Project Delivery Performance in Australia. AIPM and KPMG, 2020.

    Prosci. (2020). Prosci 2020 Benchmarking Data from 2007, 2009, 2011, 2013, 2015, 2017, 2019.

    Swartz, M. “End User Adoption and Change Management Process.” Swartz Consulting LLC, 11 July 2022.

    Trammell, H. “28 Important Project Management KPIs (& How To Track Them).” ClearPoint Strategy, 2022.

    “What are Business Requirements?" Requirements.com, 18 Oct. 2018.

    “What Is the Role of a Project Sponsor?” Six Sigma Daily, 18 May 2022.

    “When Will You Think Differently About Programme Delivery?” 4th Global Portfolio and Programme Management Survey. PricewaterhouseCoopers, Sept. 2014.

    Microsoft Teams Cookbook

    • Buy Link or Shortcode: {j2store}408|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $6,299 Average $ Saved
    • member rating average days saved: 27 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity

    Remote work calls for leveraging your Office 365 license to use Microsoft Teams – but IT is unsure about best practices for governance and permissions. Moreover, IT has few resources to help train end users with Teams best practices.

    Our Advice

    Critical Insight

    Microsoft Teams is not a standalone app. Successful utilization of Teams occurs when conceived in the broader context of how it integrates with Office 365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

    Impact and Result

    Use Info-Tech’s Microsoft Teams Cookbook to successfully implement and use Teams. This cookbook includes recipes for:

    • IT best practices concerning governance of the creation process and Teams rollout.
    • End-user best practices for Teams functionality and common use cases.

    Microsoft Teams Cookbook Research & Tools

    Start here – read the Executive Brief

    Learn critical insights for an effective Teams rollout.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Microsoft Teams Cookbook – Sections 1-2

    1. Teams for IT

    Understand best practices for governance of the Teams creation process and Teams rollout.

    • Microsoft Teams Cookbook – Section 1: Teams for IT

    2. Teams for end users

    Get end users on board with this series of how-tos and common use cases for Teams.

    • Microsoft Teams Cookbook – Section 2: Teams for End Users

    [infographic]

     

    Further reading

    Microsoft Teams Cookbook

    Recipes for best practices and use cases for Microsoft Teams.

    Table of contents

    Executive Brief

    Section 1: Teams for IT

    Section 2: Teams for End Users

    Executive Summary

    Situation

    Remote work calls for leveraging your Office 365 license to utilize Teams – but IT is unsure about best practices for governance and permissions.

    Without a framework or plan for governing the rollout of Teams, IT risks overlooking secure use of Teams, the phenomenon of “teams sprawl,” and not realizing how Teams integrates with Office 365 more broadly.

    Complication

    Teams needs to be rolled out quickly, but IT has few resources to help train end users with Teams best practices.

    With teams, channels, chats, meetings, and live events to choose from, end users may get frustrated with lack of guidance on how to use Teams’ many capabilities.

    Resolution

    Use Info-Tech’s Microsoft Teams Cookbook to successfully implement and utilize Teams. This cookbook includes recipes for:

    • IT best practices concerning governance of the creation process and Teams rollout.
    • End-user best practices for Teams functionality and common use cases.

    Key Insights

    Teams is not a standalone app

    Successful utilization of Teams occurs when conceived in the broader context of how it integrates with Office 365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

    IT should paint the first picture for team creation

    No initial governance for team creation can lead to “teams sprawl.” While Teams was built to allow end users’ creativity to flow in creating teams and channels, this can create problems with a cluttered interface and keeping track of information. To prevent end-user dissatisfaction here, IT’s initial Teams rollout should offer a basic structure for end users to work with first, limiting early teams sprawl.

    The Teams admin center can only take you so far with permissions

    Knowing how Teams integrates with other Office 365 apps will help with rolling out sensitivity labels to protect important information being accidentally shared in Teams. Of course, technology only does so much – proper processes to train and hold people accountable for their actions with data sharing must be implemented, too.

    Related Info-Tech Research

    Establish a Communication and Collaboration System Strategy

    Don’t waste your time deploying yet another collaboration tool that won’t get used.

    Modernize Communication and Collaboration Infrastructure

    Your legacy telephony infrastructure is dragging you down – modern communications and collaboration technology will dramatically improve productivity.

    Migrate to Office 365 Now

    One small step to cloud, one big leap to Office 365. The key is to look before you leap.

    Section 1: Teams for IT

    Governance best practices and use cases for IT

    Section 1

    Teams for IT

    		 Section 2

    Teams for end users

    From determining prerequisites to engaging end users.

    IT fundamentals
    • Creation process
    • Teams rollout
    Use cases
    • Retain and search for legal/regulatory compliance
    • Add an external user to a team
    • Delete/archive a team

    Overview: Creation process

    IT needs to be prepared to manage other dependent services when rolling out Teams. See the figure below for how Teams integrates with these other Office 365 applications.

    A flow chart outlining how Teams integrates with other Office 365 applications. Along the side are different applications, from the top: 'Teams client', 'OneDrive for Business', 'Sharepoint Online', 'Planner (Tasks for Teams)', 'Exchange Online', and 'Stream'. Along the top are services of 'Teams client', 'Files', 'Teams', 'Chat', 'Meeting', and 'Calls'.

    Which Microsoft 365 license do I need to access Teams?

    • Microsoft 365 Business Essentials
    • Microsoft 365 Business Premium
    • Office 365 Enterprise, E1, E3, or E5
    • Office 365 Enterprise E4 (if purchased prior to its retirement)

    Please note: To appeal to the majority of Info-Tech’s members, this blueprint refers to Teams in the context of Office 365 Enterprise licenses.

    Assign admin roles

    You will already have at least one global administrator from setting up Office 365.

    Global administrators have almost unlimited access to settings and most of the data within the software, so Microsoft recommends having only two to four IT and business owners responsible for data and security.

    Info-Tech Best Practice

    Configure multifactor authentication for your dedicated Office 365 global administrator accounts and set up two-step verification.

    Once you have organized your global administrators, you can designate your other administrators with “just-enough” access for managing Teams. There are four administrator roles:

    Teams Service Administrator Manage the Teams service; manage and create Microsoft 365 groups.
    Teams Communications Administrator Manage calling and meetings features with Teams.
    Teams Communications Support Engineer Troubleshoot communications issues within Teams using the advanced troubleshooting toolset.
    Teams Communications Support Specialist Troubleshoot communications issues using Call Analytics.

    Prepare the network

    There are three prerequisites before Teams can be rolled out:

    • UDP ports 3478 through 3481 are opened.
    • You have a verified domain for Office 365.
    • Office 365 has been rolled out, including Exchange Online and SharePoint Online.

    Microsoft then recommends the following checklist to optimize your Teams utilization:

    • Optimize calls and performance using the Call Quality Dashboard.
    • Assess network requirements in the Network Planner in the Teams admin center.
    • Ensure all computers running Teams client can resolve external DNS queries.
    • Check adequate public IP addresses are assigned to the NAT pools to prevent port exhaustion.
    • Route to local or regional Microsoft data centers.
    • Whitelist all Office 365 URLs to move through security layers, especially IDS/IPS.
    • Split tunnel Teams traffic so it bypasses your organization’s VPN.

    Info-Tech Best Practice

    For online support and walkthroughs, utilize Advisor for Teams. This assistant can be found in the Teams admin center.

    Team Creation

    You can create and manage Teams through the Teams PowerShell module and the Teams admin center. Only the global administrator and Teams service administrator have full administrative capabilities in this center.

    Governance over team creation intends to prevent “teams sprawl” – the phenomenon whereby end users create team upon team without guidance. This creates a disorganized interface, with issues over finding the correct team and sharing the right information.

    Prevent teams sprawl by painting the first picture for end users:

    1. Decide what kind of team grouping would best fit your organization: by department or by project.
    2. Start with a small number of teams before letting end users’ creativity take over. This will prevent initial death by notifications and support adoption.
    3. Add people or groups to these teams. Assign multiple owners for each team in case people move around at the start of rollout or someone leaves the organization.
    4. Each team has a general channel that cannot be removed. Use it for sharing an overview of the team’s goals, onboarding, and announcements.

    Info-Tech Best Practice

    For smaller organizations that are project-driven, organize teams by projects. For larger organizations with established, siloed departments, organize by department; projects within departments can become channels.

    Integrations with SharePoint Online

    Teams does not integrate with SharePoint Server.

    Governance of Teams is important because of how tightly it integrates with other Office 365 apps, including SharePoint Online.

    A poor rollout of Teams will have ramifications in SharePoint. A good rollout will optimize these apps for the organization.

    Teams and SharePoint integrate in the following ways:

    • Each team created in Teams automatically generates a SharePoint team site behind it. All documents and chat shared through a team are stored in that team’s SharePoint document library.
    • As such, all files shared through Teams are subject to SharePoint permissions.
    • Existing SharePoint folders can be tied to a team without needing to create a new one.
    • If governance over resource sharing in Teams is poor, information can get lost, duplicated, or cluttered throughout both Teams and SharePoint.

    Info-Tech Best Practice

    End users should be encouraged to integrate their teams and channels with existing SharePoint folders and, where no folder exists, to create one in SharePoint first before then attaching a team to it.

    Permissions

    Within the Teams admin center, the global or Teams service administrator can manage Teams policies.

    Typical Teams policies requiring governance include:

    • The extent end users can discover or create private teams or channels
    • Messaging policies
    • Third-party app use

    Chosen policies can be either applied globally or assigned to specific users.

    Info-Tech Best Practice

    If organizations need to share sensitive information within the bounds of a certain group, private channels help protect this data. However, inviting users into that channel will enable them to see all shared history.

    External and guest access

    Within the security and compliance center, the global or Teams service administrator can set external and guest access.

    External access (federation) – turned on by default.

    • Lets you find, call, and chat with users in other domains. External users will have no access to the organization’s teams or team resources.

    Guest access – turned off by default.

    • Lets you add individual users with their own email address. You do this when you want external users to access teams and team resources. Approved guests will be added to the organization’s active directory.

    If guest access is enabled, it is subject to Azure AD and Office 365 licensing and service limits. Guests will have no access to the following, which cannot be changed:

    • OneDrive for Business
    • An organization’s calendar/meetings
    • PSTN
    • Organization’s hierarchical chart
    • The ability to create, revise, or browse a team
    • Upload files to one-on-one chat

    Info-Tech Best Practice

    Within the security and compliance center, you can allow users to add sensitivity labels to their teams that can prevent external and guest access.

    Expiration and archiving

    To reduce the number of unused teams and channels, or delete information permanently, the global or Teams service administrator can implement an Office 365 group expiration and archiving policy through the Teams admin center.

    If a team has an expiration policy applied to it, the team owner will receive a notification for team renewal 30 days, 15 days, and 1 day before the expiry date. They can renew their team at any point within this time.

    • To prevent accidental deletion, auto-renewal is enabled for a team. If the team owner is unable to manually respond, any team that has one channel visit from a team member before expiry is automatically renewed.
    • A deleted Office 365 group is retained for 30 days and can be restored at any point within this time.

    Alternatively, teams and their channels (including private) can be archived. This will mean that all activity for the team ceases. However, you can still add, remove, and update roles of the members.

    Retention and data loss prevention

    Retention policies can be created and managed in the Microsoft 365 Compliance Center or the security and compliance center PowerShell cmdlets. This can be applied globally or to specific users.

    By default, information shared through Teams is retained forever.

    However, setting up retention policies ensures data is retained for a specified time regardless of what happens to that data within Teams (e.g. user deletes).

    Info-Tech Best Practice

    To prevent external or guest users accessing and deleting sensitive data, Teams is able to block this content when shared by internal users. Ensure this is configured appropriately in your organization:

    • For guest access in teams and channels
    • For external access in meetings and chat

    Please note the following limitations of Teams’ retention and data loss prevention:

    • Organization-wide retention policies will need to be manually inputted into Teams. This is because Teams requires a retention policy that is independent of other workloads.
    • As of May 2020, retention policies apply to all information in Teams except private channel messages. Files shared in private channels, though, are subject to retention policies.
    • Teams does not support advanced retention settings, such as a policy that pertains to specific keywords or sensitive information.
    • It will take three to seven days to permanently delete expired messages.

    Teams telephony

    Teams has built-in functionality to call any team member within the organization through VoIP.

    However, Teams does not automatically connect to the PSTN, meaning that calling or receiving calls from external users is not immediately possible.

    Bridging VoIP calls with the PSTN through Teams is available as an add-on that can be attached to an E3 license or as part of an E5 license.

    There are two options to enable this capability:

    • Enable Phone System. This allows for call control and PBX capabilities in Office 365.
    • Use direct routing. You can use an existing PSTN connection via a Session Border Controller that links with Teams (Amaxra).

    Steps to implement Teams telephony:

    1. Ensure Phone System and required (non-Microsoft-related) services are available in your country or region.
    2. Purchase and assign Phone System and Calling Plan licenses. If Calling Plans are not available in your country or region, Microsoft recommends using Direct Routing.
    3. Get phone numbers and/or service numbers. There are three ways to do this:
      • Get new numbers through the Teams admin center.
      • If you cannot get new numbers through the Teams admin center, you can request new numbers from Microsoft directly.
      • Port or transfer existing numbers. To do this, you need to send Microsoft a letter of authorization, giving them permission to request and transfer existing numbers on your behalf.
    4. To enable service numbers, including toll-free numbers, Microsoft recommends setting up Communications Credits for your Calling Plans and Audio Conferencing.

    Overview: Teams rollout

    1. From Skype (and Slack) to Teams
    2. Gain stakeholder purchase
    3. Employ a phased deployment
    4. Engage end users

    Skype for Business is being retired; Microsoft offers a range of transitions to Teams.

    Combine the best transition mode with Info-Tech’s adoption best practices to successfully onboard and socialize Teams.

    From Skype to Teams

    Skype for Business Online will be retired on July 31, 2021. Choose from the options below to see which transition mode is right for your organization.

    Skype for Business On-Premises will be retired in 2024. To upgrade to Teams, first configure hybrid connectivity to Skype for Business Online.

    Islands mode (default)

    • Skype for Business and Teams coexist while Teams is rolled out.
    • Recommended for phased rollouts or when Teams is ready to use for chat, calling, and meetings.
    • Interoperability is limited. Teams and Skype for Business only transfer information if an internal Teams user sends communications to an external Skype for Business user.

    Teams only mode (final)

    • All capabilities are enabled in Teams and Skype for Business is disabled.
    • Recommended when end users are ready to switch fully to Teams.
    • End users may retain Skype for Business to join meetings with non-upgraded or external parties. However, this communication is only initiated from the Skype for Business external user.

    Collaboration first mode

    • Skype for Business and Teams coexist, but only Teams’ collaboration capabilities are enabled. Teams communications capabilities are turned off.
    • Recommended to leverage Skype for Business communications yet utilize Teams for collaboration.

    Meetings first mode

    • Skype for Business and Teams coexist, but only Teams’ meetings capabilities are enabled.
    • Recommended for organizations that want to leverage their Skype for Business On-Premises’ Enterprise Voice capability but want to benefit from Teams’ meetings through VoIP.

    From Slack to Teams

    The more that’s left behind in Slack, the easier the transition. As a prerequisite, pull together the following information:

    • Usage statistics of Slack workspaces and channels
    • What apps end users utilize in Slack
    • What message history you want to export
    • A list of users whose Slack accounts can map on to required Microsoft accounts
    Test content migration

    Your Slack service plan will determine what you can and can’t migrate. By default, public channels content can be exported. However, private channels may not be exportable, and a third-party app is needed to migrate Direct Messages.

    Files migration

    Once you have set up your teams and channels in Teams, you can programmatically copy files from Slack into the target Teams channel.

    Apps migration

    Once you have a list of apps and their configurations used in Slack’s workspaces, you can search in Teams’ app store to see if they’re available for Teams.

    User identity migration

    Slack user identities may not map onto a Microsoft account. This will cause migration issues, such as problems with exporting text content posted by that user.

    Follow the migration steps to the right.

    Importantly, determine which Slack workspaces and channels should become teams and channels within Teams.

    Usage statistics from Slack can help pinpoint which workspaces and channels are redundant.

    This will help IT paint an ordered first picture for new Teams end users.
    1. Create teams and channels in Teams
    2. Copy files into Teams
    3. Install apps, configure Office 365 Connecters
    4. Import Slack history
    5. Disable Slack user accounts

    Info-Tech Best Practice

    Avoid data-handling violations. Determine what privacy and compliance regulations (if any) apply to the handling, storage, and processing of data during this migration.

    Gain stakeholder purchase

    Change management is a challenging aspect of implementing a new collaboration tool. Creating a communication and adoption plan is crucial to achieving universal buy-in for Teams.

    To start, define SMART objectives and create a goals cascade.

    Specific Measurable Actionable Realistic Time Bound
    Make sure the objective is clear and detailed. Objectives are `measurable` if there are specific metrics assigned to measure success. Metrics should be objective. Objectives become actionable when specific initiatives designed to achieve the objective are identified. Objectives must be achievable given your current resources or known available resources. An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
    Who, what, where, why? How will you measure the extent to which the goal is met? What is the action-oriented verb? Is this within my capabilities? By when: deadline, frequency?

    Sample list of stakeholder-specific benefits from improving collaboration

    Stakeholder Driver Benefits
    Senior Leadership Resource optimization Increased transparency into IT operational costs.
    Better ability to forecast hardware, resourcing costs.
    All employees Increasing productivity Apps deployed faster.
    Issues fixed faster.
    Easier access to files.
    Able to work more easily offsite.
    LBU-HR, legal, finance Mitigating risk Better able to verify compliance with external regulations.
    Better understanding of IT risks.
    Service desk Resource optimization Able to resolve issues faster.
    Fewer issues stemming from updates.
    Tier 2 Increasing productivity Less time spent on routine maintenance.

    Use these activities to define what pain points stakeholders face and how Teams can directly mitigate those pain points.

    (Source: Rationalize Your Collaboration Tools (coming soon), Activities: 3.1C – 3.1D)

    Employ a phased deployment

    Info-Tech Best Practice

    Deploy Teams over a series of phases. As such, if you are already using Skype for Business, choose one of the coexistence phases to start.

      1. Identify and pilot Teams with early adopters that will become your champions. These champions should be formally trained, be encouraged to help and train their colleagues, and be positively reinforced for their efforts.
      2. Iron out bugs identified with the pilot group and train middle management. Enterprise collaboration tool adoption is strongly correlated with leadership adoption.
        1. Top-level management
          Control and direct overall organization.
        2. Middle management
          Execute top-level management’s plans in accordance with organization’s norms.
        3. First-level management
          Execute day-to-day activities.
      3. Use Info-Tech’s one-pager marketing template to advertise the new tool to stakeholders. Highlight how the new tool addresses specific pain points. Address questions stemming from fear and uncertainty to avoid employees’ embarrassment or their rejection of the tool.
    A screenshot of Info-Tech's one-pager marketing template.
    1. Extend the pilot to other departments and continue this process for the whole organization.

    (Source: Rationalize Your Collaboration Tools (coming soon), Tools:GANTT Chart and Marketing Materials, Activities: 3.2A – 3.2B)

    Info-Tech Insight

    Be in control of setting and maintaining expectations. Aligning expectations with reality and the needs of employees will lower onboarding resistance.

    Engage end users

    Short-term best practices

    Launch day:
    • Hold a “lunch and learn” targeted training session to walk end users through common use cases.
    • Open a booth or virtual session (through Teams!) and have tool representatives available to answer questions.
    • Create a game to get users exploring the new tool – from scavenger hunts to bingo.
    Launch week:
    • Offer incentives for using the tool and helping others, including small gift cards.
    • Publicize achievements if departments hit adoption milestones.

    Long-term best practices

    • Make available additional training past launch week. End users should keep learning new features to improve familiarity.
    • Distribute frequent training clips, slowly exposing end users to more complex ways of utilizing Teams.
    • Continue to positively reinforce and recognize those who use Teams well. This could be celebrating those that help others use the tool, how active certain users are, and attendance at learning events.

    Info-Tech Best Practice

    Microsoft has a range of training support that can be utilized. From instructor-led training to “Coffee in the Cloud” sessions, leverage all the support you can.

    Use case #1: Retain and search data for legal/regulatory compliance

    Scenario:

    Your organization requires you to retain data and documents for a certain period of time; however, after this period, your organization wishes to delete or archive the data instead of maintaining it indefinitely. Within the timeframe of the retention policy, the admin may be asked to retrieve information that has been requested through a legal channel.

    Purpose:
    • Maintain compliance with the legal and regulatory standards to which the organization is subject.
    Jobs:
    • Ensure the data is retained for the approved time period.
    • Ensure the policy applies to all relevant data and users.
    Solution: Retention Policies
    • Ensure that your organization has an Office 365 E3 or higher license.
    • Set the desired retention policy through the Security & Compliance Center or PowerShell by deciding which teams, channels, chats, and users the policies will apply to and what will happen once the retention period ends.
    • Ensure that matching retention policies are applied to SharePoint and OneDrive, since this is where files shared in Teams are stored.
    • Be aware that Teams retention policies cannot be applied to messages in private channels.
    Solution: e-Discovery
    • If legally necessary, place users or Teams on legal hold in order to retain data that would be otherwise deleted by your organization’s retention policies.
    • Perform e-discovery on Teams messages, files, and summaries of meetings and calls through the Security & Compliance Center.
    • See Microsoft’s chart on the next slide for what is e-discoverable.

    Content subject to e-discovery

    Content type eDiscoverable Notes
    Teams chat messages Yes Chat messages from chats where guest users are the only participants in a 1:1 or 1:N chat are not e-discoverable.
    Audio recordings No  
    Private channel messages Yes  
    Emojis, GIFs, stickers Yes  
    Code snippets No  
    Chat links Yes  
    Reactions (likes, hearts, etc) No  
    Edited messages Yes If the user is on hold, previous versions of edited messages are preserved.
    Inline images Yes  
    Tables Yes  
    Subject Yes  
    Quotes Yes Quoted content is searchable. However, search results don’t indicate that the content was quoted.
    Name of channel No  

    E-discovery does not capture audio messages and read receipts in MS Teams.

    Since files shared in private channels are stored separately from the rest of a team, follow Microsoft’s directions for how to include private channels in e-discovery. (Source: “Conduct an eDiscovery investigation of content in Microsoft Teams,” Microsoft, 2020.)

    Use case #2: Add external person to a team

    Scenario:

    A team in your organization needs to work in an ongoing way with someone external to the company. This user needs access to the relevant team’s work environment, but they should not be privy to the goings-on in the other parts of the organization.

    Jobs:

    This external person needs to be able to:

    • Attend meetings
    • Join calls
    • Chat with individual team members
    • View and collaborate on the team’s files
    Solution:
    • If necessary, set a data loss prevention policy to prevent your users from sharing certain types of information or files with external users present in your organization’s Teams chats and public channels.
    • Ensure that your Microsoft license includes DLP protection. However:
      • DLP cannot be applied to private channel messages.
      • DLP cannot block messages from external Skype for Business users nor external users who are not in “Teams only” mode.
    • Ensure that you have a team set up for the project that you wish the external user to join. The external user will be able to see all the channels in this team, unless you create a private channel they are restricted from.
    • Complete Microsoft’s “Guest Access Checklist” to enable guest access in Teams, if it isn’t already enabled.
    • As admin, give the external user guest access through the Teams admin center or Azure AD B2B collaboration. (If given permission, team owners can also add guests through the Teams client).
    • Decide whether to set a policy to monitor and audit external user activity.

    Use case #3: Delete/archive a team

    Scenario:

    In order to avoid teams sprawl, organizations may want IT to periodically delete or archive unused teams within the Teams client in order to improve the user interface.

    Alternately, if you are using a project-based approach to organizing Teams, you may wish to formalize a process to archive a team once the project is complete.

    Delete:
    • Determine if the team owner anticipates the team will need to be restored one day.
    • Ensure that deletion does not contradict the organization’s retention policy.
    • If not, proceed with deletion. Find the team in the Teams admin center and delete.
    • Restore a deleted team within 30 days of its initial deletion through PowerShell.
    Archive:
    • Determine if the team owner anticipates the team will need to be restored one day.
    • Find the relevant team in the Teams admin center and change its status to “Archived.”
    • Restore the archived team if the workspace becomes relevant once again.

    Info-Tech Best Practice

    Remind end users that they can hide teams or channels they do not wish to see in their Teams interface. Knowing a team can be hidden may impact a team owner’s decision to delete it.

    Section 2: Teams for End Users

    Best practices for utilizing teams, channels, chat, meetings, and live events

    Section 1

    Teams for IT

    		 Section 2

    Teams for end users

    From Teams how-tos to common use cases for end users.

    End user basics
    • Teams, channels, and chat
    • Meetings and live events
    Common use cases: Workspaces
    • WS#1: Departments
    • WS#2: A cross-functional committee
    • WS#3: An innovation day event
    • WS#4: A non-work-related social event
    • WS#5: A project team with a defined end time
    Common use cases: Meetings
    • M#1: Job interview with an external candidate
    • M#2: Quarterly board meeting
    • M#3: Weekly recurring team meeting
    • M#4: Morning stand-up/scrum
    • M#5: Phone call between two people

    Overview: Teams, channels, and chat

    Teams

    • Team: A workspace for a group of collaborative individuals.
      • Public channel: A focused area where all members of a team can meet, communicate, and share ideas and content.
      • Private channel: Like a public channel but restricted to a subset of team members, defined by channel owner.

    Chat

    • Chat: Two or more users collected into a common conversation thread.
    (Source: “Overview of teams and channels in Microsoft Teams,” Microsoft, 2020.)

    For any Microsoft Teams newcomer, the differences between teams, channels, and chat can be confusing.

    Use Microsoft’s figure (left) to see how these three mediums differ in their role and function.

    Best practices: Workspaces 1/2

      Team
    A workspace for a group of collaborative individuals.    		 Public Channel
    A focused area where all members of a team can meet, communicate, and share ideas and content.    		 Private Channel
    Like a public channel but restricted to a subset of team members, defined by channel owner.    		 Group Chat
    Two or more users collected into a common conversation thread.
    Limits and Administrative Control
    Who can create? Default setting: All users in an organization can create a team

    Maximum 500,000 teams per tenant

    		 Any member of a team can create a public channel within the team

    Maximum 200 public channels per team

    		 Any member of a team can create a private channel and define its members

    Maximum 30 private channels per team

    		 Anyone
    Who can add members? Team owner(s); max 5,000 members per team N/A Channel owner(s) can add up to 250 members Anyone can bring new members into the chat (and decide if they can see the previous history) up to 100 members
    Who can delete? Team owner/admin can delete Any team member Channel owner(s) Anyone can leave a chat but cannot delete chat, but they are never effectively deleted
    Social Context
    Who can see it? Public teams are indexed and searchable

    Private teams are not indexed and are visible only to joined members

    		 All members of the team can see all public channels. Channels may be hidden from view for the purposes of cleaning up the UI. Individuals will only see private channels for which they have membership Only participants in the group chat can see the group chat
    Who can see the content? Team members can see any content that is not otherwise part of a private channel All team members All members of the private channel Only members of the group chat

    When does a Group Chat become a Channel?

    • When it’s appropriate for the conversation to have a gallery – an audience of members who may not be actively participating in the discussion.
    • When control over who joins the conversation needs to be centrally governed and not left up to anyone in the discussion.
    • When the discussion will persist over a longer time period.
    • When the number of participants approaches 100.

    When does a Channel become a Team?

    • When a team approaches 30 private channels, many of those private channels are likely candidates to become their own team.
    • When the channel membership needs to extend beyond the boundary of the team membership.

    Best practices: Workspaces 2/2

      Team
    A workspace for a group of collaborative individuals.    		 Public Channel
    A focused area where all members of a team can meet, communicate, and share ideas and content.    		 Private Channel
    Like a public channel but restricted to a subset of team members, defined by channel owner.    		 Group Chat
    Two or more users collected into a common conversation thread.
    Data and Applications
    Where does the content live? SharePoint: Every team resides in its own SharePoint site SharePoint: Each team (public and private) has its own folder off the root of the SharePoint site’s repository SharePoint: Each team (public and private) has its own folder off the root of the SharePoint site’s repository OneDrive: Files that are shared in a chat are stored in the OneDrive folder of the original poster and shared to the other members
    How does the data persist or be retained? If a team expires/is deleted, its corresponding SharePoint site and those artifacts are also deleted Available for 21 days after deletion. Any member of the team can delete a public channel. The team owner and private channel owner can delete/restore a private channel Chats are never effectively deleted. They can be hidden to clean up the user interface.
    Video N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
    Phone calls N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
    Shared computer audio/screen N/A Yes, select “Meet now” in channel below text entry box Yes, select “Meet now” in channel below text entry box Yes
    File-sharing Within channels Yes. Frequently used/collaborated files can be turned into discrete tab. Yes. Frequently used/collaborated files can be turned into discrete tab. Yes
    Wikis Within channels Yes Yes No
    Whiteboarding No No No No

    When does a Team become a Channel?

    • When a team’s purpose for existing can logically be subsumed by another team that has a larger scope.

    When does a Channel become a Group Chat?

    • When a conversation within a channel between select users does not pertain to that channel’s scope (or any other existing channel), they should move the conversation to a group chat.
    • However, this is until that group chat desires to form a channel of its own.

    Create a new team

    Team owner: The person who creates the team. It is possible for the team owner to then invite other members of the team to become co-owners to distribute administrative responsibilities.

    Team members: People who have accepted their invitation to be a part of the team.

    NB: Your organization can control who has permission to set up a team. If you can’t set a up a team, contact your IT department.

    Screenshots detailing how to create a new team in Microsoft Teams, steps 1 to 3. Step 1: 'Click the <Teams data-verified= tab on the left-hand side of the app'. Step 2: 'At the bottom of the app, click '. Step 3: 'Under the banner , click '.">

    Create a new team

    Screenshot detailing how to create a new team in Microsoft Teams, the step 4 starting point with an arrow pointing to the 'Build a team from scratch' button.

    Decide from these two options:

    • Building a team from scratch, which will create a new group with no prior history imported (steps 4.1–4.3).
    • Creating a team from an existing group in Office 365, including an already existing team (steps 4.4–4.6).

    NB: You cannot create a team from an existing group if:

    • That group has 5,000 members or more.
    • That group is in Yammer.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.1. There are buttons for 'Private' and 'Public'.

    Decide if you want you new team from scratch to be private or public. If you set up a private team, any internal or external user you invite into the team will have access to all team history and files shared.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.2 and 4.3. 4.2 has a space to give your team a name and another for a description. 4.3 says 'Then click <Create data-verified='.">

    Create a new team

    Screenshot detailing how to create a new team in Microsoft Teams, the step 4 starting point with an arrow pointing to the 'Create from...' button.

    Decide from these two options:

    • Building a team from scratch, which will create a new group with no prior history imported (steps 4.1–4.3).
    • Creating a team from an existing group in Office 365, including an already existing team (steps 4.4–4.6).

    NB: You cannot create a team from an existing group if:

    • That group has 5,000 members or more.
    • That group is in Yammer.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.4. It reads 'Create a new team from something you already own' with a button for 'Team'.

    Configure your new team settings, including privacy, apps, tabs, and members.

    Screenshot detailing how to create a new team in Microsoft Teams, step 4.5 and 4.6. 4.5 has a space to give your team a name, a description, choose privacy settings, and what you'd like to include from the original team. 4.6 says 'Then click <Create data-verified='.">

    Add team members

    Remove team members
    Screenshot detailing how to add team members in Microsoft Teams, step 1.

    To add a team member, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Add member.”

    		 Screenshot detailing how to remove team members in Microsoft Teams, step 1.

    Only team owners can remove a team member. To do so, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Manage team.”
    Screenshot detailing how to add team members in Microsoft Teams, step 2.

    If you’re a team owner, you can then type a name or an email address to add another member to the team.

    If you’re a team member, typing a name or an email address will send a request to the team owner to consider adding the member.

    		 Screenshot detailing how to remove team members in Microsoft Teams, step 2.

    Under the “Members” tab, you’ll see a list of the members in the team. Click the “X” at the far right of the member’s name to remove them.

    Team owners can only be removed if they change their role to team member first.

    Create a new channel

    Screenshot detailing how to create a new channel in Microsoft Teams, step 1.

    On the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Add channel.”

    		 Screenshot detailing how to create a new channel in Microsoft Teams, step 2.

    Name your channel, give a description, and set your channel’s privacy.
    Screenshot detailing how to create a new channel in Microsoft Teams, step 3.

    To manage subsequent permissions, on the right-hand side of the channel name, click “More options.”

    Then, from the drop-down menu, click “Manage channel.”

    Adding and removing members from channels:

    Only members in a team can see that team’s channels. Setting channel privacy as “standard” means that the channel can be accessed by anyone in a team. Unless privacy settings for a channel are set as “private” (from which the channel creator can choose who can be in that channel), there is no current way to remove members from channels.

    It will be up to the end user to decide which channels they want to hide.

    Link team/channel to SharePoint folder

    Screenshot detailing how to link a team or channel to a SharePoint folder in Microsoft Teams, steps 1, 2, and 3. Step 1: 'Along the top of the team/channel tab bar, click the “+” symbol'. Step 2: 'Select “Document Library” to link the team/channel to a SharePoint folder'. Step 3: 'Copy and paste the SharePoint URL for the desired folder, or search in “Relevant sites” if the folder can be found there'.

    Need to find the SharePoint URL?

    Screenshot detailing how to find the SharePoint URL in Microsoft Teams. 'Locate the folder in SharePoint and click <Show actions data-verified=', 'Click to access the folder's SharePoint URL.'">

    Hide/unhide teams

    Hide/unhide channels
    Screenshot detailing how to hide and unhide teams in Microsoft Teams, step 1.

    To hide a team, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Hide.” Hidden teams are moved to the “hidden teams” menu at the bottom of your team list.

    		 Screenshot detailing how to hide and unhide channels in Microsoft Teams, step 1.

    To hide a channel, on the right-hand side of the channel name, click “More options.”

    Then, from the drop-down menu, click “Hide.” Hidden channels are moved to the “hidden channels” menu at the bottom of your channel list in that team.
    Screenshot detailing how to hide and unhide teams in Microsoft Teams, step 2. Screenshot of a button that says 'Hidden teams'.

    To unhide a team, click on the “hidden teams” menu. On the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Show.”

    		 Screenshot detailing how to hide and unhide channels in Microsoft Teams, step 2.

    To unhide a channel, click on the “hidden channels” menu at the bottom of the team. This will produce a drop-down menu of all hidden channels in that team.

    Hover over the channel you want to unhide and click “Show.”

    Find/join teams

    Leave teams
    Screenshot detailing how to find and join teams in Microsoft Teams, step 1. Click the “Teams” tab on the left-hand side of the app. Screenshot detailing how to find and join teams in Microsoft Teams, step 2.

    At the bottom of the app, click “Join or create a team.” Teams will then suggest a range of teams that you might be looking for. You can join public teams immediately. You will have to request approval to join a private team.

    		 Screenshot detailing how to leave teams in Microsoft Teams.

    To leave a team, on the right-hand side of the team name, click “More options.”

    Then, from the drop-down menu, click “Leave the team.”
    NB: If the owner of a private team has switched off discoverability, you will have to contact that owner to join that team. Screenshot detailing how to find and join teams in Microsoft Teams, step 3. If you can’t immediately see the team, you have two options: either search for the team or enter that team’s code under the banner “Join a team with a code.” Can I find a channel?

    No. To join a channel, you need to first join the team that channel belongs to.

    Can I leave a channel?

    No. The most you can do is hide the channel. By default, if you join a team you will have access to all the channels within that team (unless a channel is private, in which case you’ll have to request access to that channel).

    Create a chat

    Screenshots detailing how to create a chat in Microsoft Teams, steps 1 to 5. Step 1:'Click the “Chat” tab on the left hand side of the app (or keyboard shortcut Ctrl+N)'. Step 2: 'Search the name of the person you want to chat with'. Step 3: 'You’re now ready to start the chat! You can also send a chat message while working in a separate channel by typing/chat into the search bar and entering the recipient’s name'. Step 4: 'For group chat, click the “Add people” button in the top right hand corner of the app to add other persons into the existing chat'. Step 5: 'You can then rename the group chat (if there are 3+ people) by clicking the “Name group chat” option to the right of the group chat members’ names'.

    Hide a chat

    Unhide a chat
    Screenshots detailing how to hide a chat in Microsoft Teams, steps 1 to 3. Step 1:'Click the “Chat” tab on the left-hand side of the app'. Step 2: 'Search the name of the chat or group chat that you want to hide'. Step 3: In either 'Single person chat options' or 'Group chat options' Click “More options.” Then click “Hide.”' To unhide a chat, search for the hidden person or name of the group chat in the search bar. Click “More options.” Then click “Unhide.” Screenshot detailing how to unhide a chat in Microsoft Teams.

    Leave a chat
    You can only leave group chats. To do so, click “More options.” Then click “Leave.” Screenshot detailing how to leave a chat in Microsoft Teams.

    Overview: Meetings and live events

    Teams Meetings: Real-time communication and collaboration between a group, limited to 250 people.

    Teams Live Events: designed for presentations and webinars to a large audience of up to 10,000 people, in which attendees watch rather than interact.

     

    Office 365 and Microsoft 365 Licenses
    I want to: F1 F3 E1 E3 E5 Audio conferencing add-on
    Join a Teams meeting No license required. Any email address can participate in a Teams meeting.
    Attend a Teams meeting with a dial-in phone number No license required. Any phone number can dial into a Teams meeting. (Meeting organizers need to have an Audio Conferencing add-on license to send an invite that includes dial-in conferencing.)
    Attend a Teams live event No license required. Any phone number can dial into a Teams live event.
    Create a Teams meeting for up to 250 attendees   One of these licensing plans
    Create a Teams meeting for up to 250 attendees with a dial-in phone number   One of these licensing plans + Audio Conferencing (Meeting organizers need to have an Audio Conferencing add-on license to send an invite that includes dial-in conferencing.)
    Create a Teams live event for up to 10,000 attendees     One of these licensing plans
    Dial out from a Teams meeting to add someone at their Call me at number   One of these licensing plans + Audio Conferencing (Meeting dial out to a Call me at number requires organizers to have an E5 or Audio Conference add-in license. A dial plan may also be needed.)

    Depending on the use case, end users will have to determine whether they need to hold a meeting or a live event.

    Use Microsoft’s table (left) to see what license your organization needs to perform meetings and live events.

    (Source: “Admin quick start – Meetings and live events in Microsoft Teams,” Microsoft, 2020.)

    Best practices: Meetings

      Ad Hoc Call
    Direct audio/video call    		 Scheduled Meeting Live Event
    Limits and Administrative Control
    Who can create? Anyone Anyone Anyone, unless altered by admin (permission to create MS Stream events also required if external production tools are used).
    Who can add members? Anyone in the session. The meeting organizer can add new attendees to the meeting. The event creator (the “organizer”) sets attendee permissions and assigns event group roles (“producer” and “presenter”).
    Can external stakeholders attend? Yes, through email invite. However, collaboration tools are restricted. Yes, through email invite. However, collaboration tools are restricted. Public events: yes, through shared invite link.
    Org-wide event: yes, if guest/external access granted.
    Who can delete? Anyone can leave the session. There is no artifact to delete. The meeting organizer Any attendee can leave the session.
    The organizer can cancel the event.
    Maximum attendees 100 250 10,000 attendees and 10 active presenters/producers (250 presenters and producers can be present at the event).
    Social Context
    How does the request come in? Unscheduled.
    Notification of an incoming audio or video call.    		 Scheduled.
    Meeting invite, populated in the calendar, at a scheduled time.    		 Meeting only auto-populated in event group’s calendars. Organizer must circulate event invite link to attendees – for instance, by pasting link into an Outlook meeting invite.
    Available Functionality
    Screen-sharing Yes Yes Producers and Presenters (through Teams, no third-party app).
    Whiteboard No Yes Yes
    OneNote (for minutes) Yes (from a member’s OneDrive) Yes, part of the meeting construct. No. A Meeting Notes tab is available instead.
    Dedicated chat space Yes. Derived from a group chat. Meeting has its own chat room. The organizer can set up a moderated Q&A (not chat) when creating the event. Only Presenters and Producers can chat.
    Recording Yes Yes Yes. Event can last up to 4 hours.

    When should an Ad Hoc Call become a Scheduled Meeting?

    • When the participants need time to prepare content for the call.
    • When an answer is not required immediately.
    • When bringing a group of people together requires logistical organizing.

    When should a Scheduled Meeting become an Ad Hoc Call?

    • When the participants can meet on short notice.
    • When a topic under discussion requires creating alignment quickly.

    When should a Live Event be created?

    • When the expected attendance exceeds 250 people.
    • If the event does not require collaboration and is mostly a presenter conveying information.

    Create a scheduled meeting

    Screenshots detailing how to create a scheduled meeting in Microsoft Teams, steps 1 to 4. Step 1:'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'On the top-right of the app, click the drop-down menu for “+ New meeting” and then “Schedule meeting.”' Step 3: 'Fill in the meeting details. When inputting internal attendees, their names will drop down without needing their email. You will need to input email addresses for external attendees'. Step 4: 'To determine internal attendees’ availability, click “Scheduling assistant” on the top left. Then click “Save” to create the meeting'.

    Create an ad hoc meeting

    Screenshots detailing how to create an ad hoc meeting in Microsoft Teams, steps 1 to 4. Step 1:'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'Along the top-right, click “Meet now.”' Step 3: 'Name your meeting, choose your audio and video settings, and click “Join now.”'. Step 4: 'To determine internal attendees’ availability, click “Scheduling assistant” on the top left. Then click “Save” to create the meeting. You’ll then be prompted to fill in the meeting details. When inputting internal attendees, their names will drop down without needing their email. You will need to input email addresses for external attendees'.

    Tip: Use existing channels to host the chatrooms for your online meetings

    When you host a meeting online with Microsoft Teams, there will always be a chatroom associated with the meeting. While this is a great place for meeting participants to interact, there is one particular downside.

    Problem: The never-ending chat. Often the activity in these chatrooms can persist long after the meeting. The chatroom itself becomes, unofficially, a channel. When end users can’t keep up with the deluge of communication, the tools have failed them.

    Solution: Adding an existing channel to the meeting. This ensures that discussion activity is already hosted in the appropriate venue for the group, during and after the meeting. Furthermore, it provides non-attendees with a means to catch up on the discussion they have missed.

    In section two of this cookbook, we will often refer to this tactic.

    A screenshot detailing how to add an existing channel to a meeting in Microsoft Teams. 'Break the habit of online booking meetings in Outlook – use the Teams Calendar View instead! In order to make use of this function, the meeting must be setup in Microsoft Teams, not Microsoft Outlook. The option to assign a channel to the meeting will then be available to the meeting organizer.'

    Don’t have a channel for the chat session of your online meeting? Perhaps you should!

    If your meeting is with a group of individuals that will be collaborating frequently, they may need a workspace that persists beyond the meeting.

    Guests can still attend the meeting, but they can’t chat!

    If there are attendees in your meeting that do not have access to the channel you select to host the chat, they will not see the chat discussion nor have any ability to use this function.

    This may be appropriate in some cases – for example, a vendor providing a briefing as part of a regular team meeting.

    However, if there are attendees outside the channel membership that need to see the meeting chat, consider another channel or simply default to not assigning one.

    Meeting settings explained

    Show device settings. For settings concerning audio, video, and whether viewing is private.

    Show meeting notes. Use to take notes throughout the meeting. The notes will stay attached to this event.

    Show meeting details. Find meeting information for: a dial-in number, conference ID, and link to join.

    Enter full screen.

    Show background effects. Choose from a range of video backgrounds to hide/blur your location.

    Turn on the captions (preview). Turn on live speech-to-text captions.

    Keypad. For dialing a number within the meeting (when enabled as an add-on with E3 or as part of E5).

    Start recording. Recorded and saved using Microsoft Stream.

    End meeting.

    Turn off incoming video. To save network bandwidth, you can decline receiving attendee’s video.

    Click “More options” to access the meetings settings.

    Screen share. In the tool tray, select “Share” to share your screen. Select particular applications if you only want to share certain information; otherwise, you can share your whole desktop.

    System audio share. To share your device’s audio while screen sharing, checkbox the “Include system audio” option upon clicking “Share.”

    If you didn’t click that option at the start but now want to share audio during screen share, click the “Include systems audio” option in the tool tray along the top of the screen.

    Give/take control of screen share. To give control, click “Give control” in the tool tray along the top of the screen when sharing content. Choose from the drop-down who you would like to give control to. In the same spot, click “Take back control” when required.

    To request control, click “Request control” in the same space when viewing someone sharing their content. Click “Release control” once finished.

    Start whiteboarding

    1. You’ll first need to enable Microsoft Whiteboard in the Microsoft 365 admin center. Ask your relevant admin to do so if Whiteboard is not already enabled.
    2. Once enabled, click “Share” in a meeting. This feature only appears if you have 3+ participants in the meeting.
    3. Under the “Whiteboard” section in the bottom right, click “Microsoft Whiteboard.”
    4. Click the pen icons to the right of the screen to begin sketching.

    NB: Anonymous, federated, or guest users are currently not supported to start, view, or ink a whiteboard in a Teams meeting.

    Will the whiteboard session be recorded if the meeting is being recorded?

    No. However, the final whiteboard will be available to all meeting attendees after the meeting, under “Board Gallery” in the Microsoft Whiteboard app. Attendees can then continue to work on the whiteboard after the meeting has ended.

    Create a live event

    Screenshots detailing how to create a live event in Microsoft Teams, steps 1 to 3. Step 1: 'Click the “Calendar” tab on the left-hand side of the app'. Step 2: 'On the top right of the app, click the drop-down menu for “+ New meeting” and then “Live event.”' Step 3: 'You will be labeled the “Event organizer.” First, fill in the live event details on the left'. Screenshot detailing how to create a live event in Microsoft Teams, step 4.

    As the organizer, you can invite other people to the event who will be the “producers” or “presenters.”

    Producers: Control the live event stream, including being able to start and stop the event, share their own and others’ video, share desktop or window, and select layout.

    Presenters: Present audio, video, or a screen.
    Screenshot detailing how to create a live event in Microsoft Teams, step 5.

    Select who your audience will be for your live event from three options: specified people and groups, the organization, or the public with no sign-in required.

    Edit the setting for whether you want recording to be available for attendees.

    Then click “Schedule” to finish.

    Live event settings explained

    When you join the live event as a producer/presenter, nothing will be immediately broadcast. You’ll be in a pre-live state. Decide what content to share and in what order. Along the bottom of the screen, you can share your video and audio, share your screen, and mute incoming attendees.

    Once your content is ready to share along the bottom of the screen, add it to the screen on the left, in order of viewing. This is your queue – your “Pre-live” state. Then, click “Send now.”

    This content will now move to the right-hand screen, ready for broadcasting. Once you’re ready to broadcast, click “Start.” Your state will change from “Pre-live” to “Live.”

    Along the top right of the app will be a tools bar.

    		 Screenshot listing live events settings icons in Microsoft Teams. Beside the heart monitor icon is 'Monitor health and performance of network, devices, and media sharing'. Beside the notepad icon is 'Take meeting notes'. Beside the chatbox icon is 'Chat function'. Beside the two little people with a plus sign icon is 'Invite and show participants'. Beside the gear icon is 'Device settings'. Beside the small 'i' in a circle is 'Meeting details, including schedule, meeting link, and dial-in number'.

    Workspace #1: Departments

    Scenario: Most of your organization’s communication and collaboration occurs within its pre-existing departmental divisions.

    Conventional communication channels:

    • Oral communication: Employees work in proximity to each other and communicate in person, by phone, in department meetings
    • Email: Department-wide announcements
    • Memos: Typically posted/circulated in mailboxes

    Solution: Determine the best way to organize your organization’s departments in Teams based on its size and your requirements to keep information private between departments.

    Option A:

    • Create a team for the organization/division.
    • Create channels for each department. Remember that all members of a team can view all public channels created in that team and the default General channel.
    • Create private channels if you wish to have a channel that only select members of that team can see. Remember that private channels have some limitations in functionality.

    Option B:

    • Create a new team for each department.
    • Create channels within this team for projects or topics that are recurring workflows for the department members. Only department members can view the content of these channels.

    Option C:

    • Post departmental memos and announcements in the General channel.
    • Use “Meet now” in channels for ad hoc meetings. For regular department meetings, create a recurring Teams calendar event for the specific department channel (Option A) or the General channel (Option B). Remember that all members of a team can join a public channel meeting.

    Workspace #2: A cross-functional committee

    Scenario: Your organization has struck a committee composed of members from different departments. The rest of the organization should not have access to the work done in the committee.

    Purpose: To analyze a particular organizational challenge and produce a plan or report; to confidentially develop or carry out a series of processes that affect the whole organization.

    Jobs: Committee members must be able to:

    • Attend private meetings.
    • Share files confidentially.

    Solution:

    Ingredients:

    • Private team

    Construction:

    • Create a new private team for the cross-functional committee.
    • Add only committee members to the team.
    • Create channels based on the topics likely to be the focal point of the committee work.
    • Decide how you will use the mandatory General channel. If the committee is small and the work limited in scope, this channel may be the main communication space. If the committee is larger or the work more complex, use the General channel for announcements and move discussions to new topic-related channels.
    • Schedule recurring committee meetings in the Teams calendar. Add the relevant channel to the meeting invite to keep the meeting chat attached to this team and channel (as meeting organizer, put your name in the meeting invite notes, as the channel will show as the organizer in the Outlook invite).
    • Remember that all members of this team will have access to these meetings and be able to view that they are occurring.

    Workspace #3: An innovation day event

    Scenario: The organization holds a yearly innovation day event in which employees form small groups and work on a defined, short-term problem or project.

    Purpose: To develop innovative solutions and ideas.

    Jobs:

    • Convene small groups.
    • Work toward time-sensitive goals.
    • Communicate synchronously.
    • Share files.

    Solution:

    Ingredients:

    • Public team
    • Channel tabs
    • Whiteboard
    • Planner

    Construction:

    • Create a team for the innovation day event.
    • Add channels for each project working group.
    • Communicate to participants the schedule for the day and their assigned channel.
    • Use the General channel for announcements and instructions throughout the day. Ensure someone moderates the General channel for participants’ questions.
    • Pre-populate the channel tabs with files the participants need to work with. To add a scrum board, refer to M#4 (Morning stand-up/Scrum) in this slide deck.
    • For breakouts, instruct participants to use the “meet now” feature in their channel and how to use the Whiteboard during these meetings.
    • Arrange to have your IT admin archive the team after a certain point so the material is still viewable but not editable.

    Workspace #4: A non-work-related social event

    Scenario: Employees within the organization wish to organize social events around shared interests: board game clubs, book clubs, TV show discussion groups, trivia nights, etc.

    Purpose: To encourage cohesion among coworkers and boost morale.

    Jobs:

    • Schedule the event.
    • Invite participants.
    • Prepare the activity.
    • Host and moderate the discussion.

    Solution:

    Ingredients:

    • Public team
    • Private channels
    • Screen-sharing

    Construction:

    • Create a public team for the social event so that interested people can find and join it.
    • Example: Trivia Night
      • Schedule the event in the Teams calendar.
      • Publish the link to the Trivia Night team where other employees will see it.
      • Create private channels for each trivia team so they cannot see the other competitors’ discussions. Add yourself to each private channel so you can see their answers.
      • As the host, begin a meeting in the General channel. Pose the trivia questions live or present the questions on PowerPoint via screen-sharing.
      • Ask each team to post its answers to its private channel.
    • To avoid teams sprawl, ask your IT admin to set a deletion policy for the team, as long as this request does not contradict your organization’s policies on data retention. If the team becomes moribund, it can be set to auto-delete after a certain period of time.

    Workspace #5: A project team with a defined end time

    Scenario: Within a department/workplace team, employees are assigned to projects with defined end times, after which they will be assigned to a new project.

    Purpose: To complete project-based work that fulfills business needs.

    Jobs:

    • Oral communication with team members.
    • Synchronous and asynchronous work on project files.
    • The ability to attend scheduled meetings and ad hoc meetings.
    • The ability to access shared resources related to the project.

    Solution:

    If your working group already has its own team within Teams:

    • Create a new public or private channel for the project. Remember that some functionality is not available in private channels (such as Microsoft Planner).
    • Use the channel for the project team’s meetings (scheduled in Teams calendar or through Meet Now).
    • Add a tab that links to the team’s project folder in SharePoint.

    If your workplace team does not already have its own team in Teams:

    • Determine if there is a natural fit for this project as a new channel in an existing team. Remember that all team members will be able to see the channel if it is public and that all relevant project members need to belong to the Team to participate in the channel.
    • If necessary, create a new team for the project. Add the project members.
    • Create channels based on the type of work that comprises the project.
    • Use the channel for the project team’s meetings (scheduled in Teams calendar or through Meet Now)
    • Add a tab to link to the team’s project folder in SharePoint.

    Info-tech Best Practice

    Hide the channel after the project concludes to de-clutter your Teams user interface.

    Meeting #1: Job interview with external candidate

    Scenario: The organization must interview a slate of candidates to fill an open position.

    Purpose:

    • Select the most qualified candidate for the job.

    Jobs:

    • Create a meeting, ensuring the candidate and other attendees know when and where the meeting will happen.
    • Ensure the meeting is secure to protect confidential information.
    • Ensure the meeting is accessible, allowing the candidate to present themselves through audio and/or visual means.
    • Create a professional environment for the meeting to take place.
    • Engender a space for the candidate to share their CV, research, or other relevant file.
    • The interview must be transcribed and recorded.

    Solution:

    Ingredients:

    • Private Teams meeting
    • Screen-sharing
    • Microsoft Stream

    Construction:

    • Create a Teams meeting, inviting the candidate with their email, alongside other internal attendees. The Teams meeting invite will auto-generate a link to the meeting itself.
    • The host can control who joins the meeting through settings for the “lobby.”
    • Through the Teams meeting, the attendees will be able to use the voice and video chat functionality.
    • All attendees can opt to blur their backgrounds to maintain a professional online presence.
    • The candidate can share their screen, either specific applications or their whole desktop, during the Teams meeting.
    • A Teams meeting can be recorded and transcribed through Stream. After the meeting, the transcript can be searched, edited, and shared

    NB: The external candidate does not need the Teams application. Through the meeting invite, the external candidate will join via a web browser.

    Meeting #2: Quarterly board meeting

    Scenario: Every quarter, the organization holds its regular board meeting.

    Purpose: To discuss agenda items and determine the company’s future direction.

    Jobs:

    During meeting:
      • Attendance and minutes must be taken.
      • Votes must be recorded.
      • In-camera sessions must occur.
      • External experts must be included.
    After meeting:
    • Follow-up items must be assigned.
    • Reports must be submitted.

    Solution:

    Ingredients:

    • Teams calendar invite
    • Planner; Forms
    • Private channel
    • Microsoft Stream

    Construction:

    • Guest Invite: Invites can be sent to any non-domain-joined email address to join a private, invitation-only channel within the team controlled by the board chair.
    • SharePoint & Flow: Documents are emailed to the Team addresses, which kicks off an MS Flow routine to collect review notes.
    • Planner: Any board member can assign tasks to any employee.
    • Forms/Add-On: Chair puts down the form of the question and individual votes are tracked.
    • Teams cloud meeting recording: Recording available through Stream. Manual edits can be made to VTT caption file. Greater than acceptable transcription error rate.
    • Meeting Log: Real-time attendance is viewable but a point-in-time record needs admin access.

    NB: The external guests do not need the Teams application. Through the meeting invite, the guests will join via a web browser.

    Meeting #3: Weekly team meeting

    Scenario: A team meets for a weekly recurring meeting. The meeting is facilitated by the team lead (or manager) who addresses through agenda items and invites participation from the attendees.

    Purpose: The purpose of the meeting is to:

    • Share information verbally
    • Present content visually
    • Achieve consensus
    • Build team morale

    Jobs: The facilitator must:

    • Determine participants
    • Book room
    • Book meeting in calendar

    Solution:

    Ingredients:

    • Meeting Place: A channel in Microsoft Teams (must be public) where all members of the meeting make up the entirety of the audience.
    • Calendar Recurrence: A meeting is booked through Teams and appears in all participants’ Outlook calendar.
    • Collaboration Space: Participants join the meeting through video or audio and can share screens and contribute text, images, and links to the meeting chat.

    Construction:

    • Ensure your team already has a channel created for it. If not, create one in the appropriate team.
    • Create the meeting using the calendar view within Microsoft Teams:
      • Set the meeting’s name, attendees, time, and recurrence.
      • Add the team channel that serves as the most appropriate workplace for the meeting. (Any discussion in the meeting chat will be posted to this channel.)

    NB: Create the meeting in the Teams calendar, not Outlook, or you will not be able to add the Teams channel. As meeting organizer, put your name in the meeting invite notes, as the channel will show as the organizer in the Outlook invite.

    Meeting #4: Morning stand-up/scrum

    Scenario: Each morning, at 9am, members of the team meet online.

    Purpose: After some pleasantries, the team discusses what tasks they each plan to complete in the day.

    Jobs: The team leader (or scrum master) must:

    • Place all tasks on a scrum board, each represented by a sticky note denoting the task name and owner.
    • Move the sticky notes through the columns, adjusting assignments as needed.
    • Sort tasks into the following columns: “Not Started,” “In Progress,” and “Done.”

    Solution:

    Ingredients:

    • Meeting Place: A channel in Microsoft Teams (must be public) where all members of the meeting make up the entirety of the audience.
    • Scrum Board: A tab within that channel where a persistent scrum board has been created and is visible to all team members.

    Meeting Place Construction:

    • Create the meeting using the calendar view in Teams.
    • Set the meeting’s name, attendees, time, and work-week daily recurrence (see left).
    • Add the channel that is the most appropriate workplace for the meeting. Any meeting chat will be posted to this channel rather than a separate chat.

    Scrum Board Construction:

    • Add a tab to the channel using Microsoft Planner as the app. (You can use other task management apps such as Trello, but the identity integration of first-party Office 365 tools may be less hassle.)
    • Create a new (or import an existing) Plan to the channel. This will be used as the focal point.

    Meeting #5: Weekly team meeting

    Scenario: An audio-only conversation that could be a regularly scheduled event but is more often conducted on an ad-hoc basis.

    Purpose: To quickly share information, achieve consensus, or clarify misunderstandings.

    Jobs:

    • Dial recipient
    • See missed calls
    • Leave/check voicemail
    • Create speed-dial list
    • Conference call

    Solution:

    Ingredients:

    • Audio call begun through Teams chat.

    Construction:

    • Voice over IP calls between users in the same MS Teams tenant can begin in multiple ways:
      • A call can be initiated through any appearance of a user’s profile picture: hover over user’s profile photo in the Chat list and select the phone icon.
      • Enter your last chat with a user and click phone icon in upper-right corner.
      • Go to the Calls section and type the name in the “Make a call” text entry form.
    • Voicemail: Voicemail, missed calls, and call history are available in the Calls section.
    • Speed dial: Speed dial lists can be created in the Calls section.
    • Conference call: Other users can be added to an ongoing call.

    NB: Microsoft Teams can be configured to provide an organization’s telephony for external calls, but this requires an E5 license. Additional audio-conferencing licenses are required to call in to a Teams meeting over a phone.

    Bibliography 1/4

    Section 1: Teams for IT › Creation Process

    Overview: Creation process
    Assign admin roles
    Prepare the network
    Team creation
    Integrations with SharePoint Online
    Permissions

    Bibliography 2/4

    Section 1: Teams for IT › Creation Process (cont'd.)

    External and guest access
    Expiration and archiving
    Retention and data loss prevention
    Teams telephony

    Bibliography 3/4

    Section 1: Teams for IT › Teams Rollout

    From Skype to Teams
    From Slack to Teams
    Teams adoption

    Section 1: Teams for IT › Use Cases

    Bibliography 4/4

    Section 2: Teams for End Users › Teams, Channels, Chat

    Section 2: Teams for End Users › Meetings and Live Events

    Section 2: Teams for End Users › Use Cases

    Go the Extra Mile With Blockchain

    • Buy Link or Shortcode: {j2store}130|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • The transportation and logistics industry is facing a set of inherent flaws, such as high processing fees, fraudulent information, and lack of transparency, that blockchain is set to transform and alleviate.
    • Many companies have FOMO (fear of missing out), causing them to rush toward blockchain adoption without first identifying the optimal use case.

    Our Advice

    Critical Insight

    • Understand how blockchain can alleviate your pain points before rushing to adopt the technology. You have been hearing about blockchain for some time now and are feeling pressured to adopt it. Moreover, the series of issues hindering the transportation and logistics industry, such as the lack of transparency, poor cash flow management, and high processing fees, are frustrating business leaders and thereby adding additional pressure on CIOs to adopt the technology. While blockchain is complex, you should focus on its key features of transparency, integrity, efficiency, and security to identify how it can help your organization.
    • Ensure your use case is actually useful and can be valuable to your organization by selecting a business idea that is viable, feasible, and desirable. Applying design thinking tactics to your evaluation process provides a practical approach that will help you avoid wasting resources (both time and money) and hurting IT’s image in the eyes of the business. While it is easy to get excited and invest in a new technology to help maintain your image as a thought leader, you must ensure that your use case is fully developed prior to doing so.

    Impact and Result

    • Understand blockchain’s transformative potential for the transportation and logistics industry by breaking down how its key benefits can alleviate inherent industry flaws.
    • Identify business processes and stakeholders that could benefit from blockchain.
    • Build and evaluate an inventory of use cases to determine where blockchain could have the greatest impact on your organization.
    • Articulate the value and organizational fit of your proposed use case to the business to gain their buy-in and support.

    Go the Extra Mile With Blockchain Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should care about blockchain’s transformative potential for the transportation and logistics industry and how Info-Tech will support you as you identify and build your blockchain use case.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate why blockchain can disrupt the transportation and logistics industry

    Analyze the four key benefits of blockchain as they relate to the transportation and logistics industry to understand how the technology can resolve issues being experienced by industry incumbents.

    • Go the Extra Mile With Blockchain – Phase 1: Evaluate Why Blockchain Can Disrupt the Transportation and Logistics Industry
    • Blockchain Glossary

    2. Build and evaluate an inventory of use cases

    Brainstorm a set of blockchain use cases for your organization and apply design thinking tactics to evaluate and select the optimal one to pitch to your executives for prototyping.

    • Go the Extra Mile With Blockchain – Phase 2: Build and Evaluate an Inventory of Use Cases
    • Blockchain Use Case Evaluation Tool
    • Prototype One Pager
    [infographic]

    Agile Enterprise Architecture Operating Model

    • Buy Link or Shortcode: {j2store}581|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $31,106 Average $ Saved
    • member rating average days saved: 33 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model

    Establish an enterprise architecture practice that:

    • Leverages an operating model that promotes/supports agility within the organization.
    • Embraces business, data, application, and technology architectures in an optimal mix.
    • Is Agile in itself and will be sustainable and reactive to business needs, staying relevant and “profitable” – continuously delivering business value.

    Our Advice

    Critical Insight

    • Use your business and EA strategy and design principles to right-size standardized operating models to fit your EA organization’s needs.
    • You need to define a sound set of design principles before commencing with the design of your EA organization.
    • The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provides services to.
    • A phased approach and a good communication strategy is key to the success of the new EA organization.
    • Start with one group and work out the hurdles before rolling it out organization-wide.
    • Make sure that you communicate regularly on wins but also on hurdles and how to overcome them.

    Impact and Result

    • The organization design approach proposed will aim to provide twofold agility: the ability to stretch and shrink depending on business requirements and the promotion of agility in architecture delivery.
    • By recognizing that agility comes in different flavors, organizations using more traditional design patterns will also benefit from the approach advocated by this blueprint.

    Agile Enterprise Architecture Operating Model Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out create an Agile EA operating model to execute the EA function, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design your EA operating model

    You need to define a sound set of design principles before commencing with the design of your EA organization.

    • Agile EA Operating Model Communication Deck
    • Agile EA Operating Model Workbook
    • Business Architect
    • Application Architect
    • Data Architect
    • Enterprise Architect

    2. Define your EA organizational structure

    The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provide services to.

    • EA Views Taxonomy
    • EA Operating Model Template
    • Architecture Board Charter Template
    • EA Policy Template
    • EA Compliance Waiver Form Template

    3. Implement the EA operating model

    A phased approach and a good communications strategy are key to the success of the new EA organization.

    • EA Roadmap
    • EA Communication Plan Template
    [infographic]

    Workshop: Agile Enterprise Architecture Operating Model

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 EA Function Design

    The Purpose

    Identify how EA looks within the organization and ensure all the necessary skills are accounted for within the function.

    Key Benefits Achieved

    EA is designed to be the most appropriately placed and structured for the organization.

    Activities

    1.1 Place the EA department.

    1.2 Define roles for each team member.

    1.3 Find internal and external talent.

    1.4 Create job descriptions with required proficiencies.

    Outputs

    EA organization design

    Role-based skills and competencies

    Talent acquisition strategy

    Job descriptions

    2 EA Engagement Model

    The Purpose

    Create a thorough engagement model to interact with stakeholders.

    Key Benefits Achieved

    An understanding of each process within the engagement model.

    Create stakeholder interaction cards to plan your conversations.

    Activities

    2.1 Define each engagement process for your organization.

    2.2 Document stakeholder interactions.

    Outputs

    EA Operating Model Template

    EA Stakeholder Engagement Model Template

    3 EA Governance

    The Purpose

    Develop EA boards, alongside a charter and policies to effectively govern the function.

    Key Benefits Achieved

    Governance that aids the EA function instead of being a bureaucratic obstacle.

    Adherence to governace.

    Activities

    3.1 Outline the architecture review process.

    3.2 Position the architecture review board.

    3.3 Create a committee charter.

    3.4 Make effective governance policy.

    Outputs

    Architecture Board Charter Template

    EA Policy Template

    4 Architecture Development Framework

    The Purpose

    Create an operating model that is influenced by universal standards including TOGAF, Zachmans, and DoDAF.

    Key Benefits Achieved

    A thoroughly articulated development framework.

    Understanding of the views that influence each domain.

    Activities

    4.1 Tailor an architecture development framework to your organizational context.

    Outputs

    EA Operating Model Template

    Enterprise Architecture Views Taxonomy

    5 Operational Plan

    The Purpose

    Create a change management and communication plan or roadmap to execute the operating model.

    Key Benefits Achieved

    Build a plan that takes change management and communication into consideration to achieve the wanted benefits of an EA program.

    Effectively execute the roadmap.

    Activities

    5.1 Create a sponsorship action plan.

    5.2 Outline a communication plan.

    5.3 Execute a communication roadmap.

    Outputs

    Sponsorship Action Plan

    EA Communication Plan Template

    EA Roadmap

    Build an IT Risk Taxonomy

    • Buy Link or Shortcode: {j2store}197|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Business leaders, driven by the need to make more risk-informed decisions, are putting pressure on IT to provide more timely and consistent risk reporting.
    • IT risk managers need to balance the emerging threat landscape with not losing sight of the risks of today.
    • IT needs to strengthen IT controls and anticipate risks in an age of disruption.

    Our Advice

    Critical Insight

    A common understanding of risks, threats, and opportunities gives organizations the flexibility and agility to adapt to changing business conditions and drive corporate value.

    Impact and Result

    • Use this blueprint as a baseline to build a customized IT risk taxonomy suitable for your organization.
    • Learn about the role and drivers of integrated risk management and the benefits it brings to enterprise decision-makers.
    • Discover how to set up your organization up for success by understanding how risk management links to organizational strategy and corporate performance.

    Build an IT Risk Taxonomy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an IT Risk Taxonomy – Develop a common approach to managing risks to enable faster, more effective decision making.

    Learn how to develop an IT risk taxonomy that will remain relevant over time while providing the granularity and clarity needed to make more effective risk-based decisions.

    • Build an IT Risk Taxonomy – Phases 1-3

    2. Build an IT Risk Taxonomy Guideline and Template – A set of tools to customize and design an IT risk taxonomy suitable for your organization.

    Leverage these tools as a starting point to develop risk levels and definitions appropriate to your organization. Take a collaborative approach when developing your IT risk taxonomy to gain greater acceptance and understanding of accountability.

    • IT Risk Taxonomy Committee Charter Template
    • Build an IT Risk Taxonomy Guideline
    • Build an IT Risk Taxonomy Definitions
    • Build an IT Risk Taxonomy Design Template

    3. IT Risk Taxonomy Workbook – A place to complete activities and document decisions that may need to be communicated.

    Use this workbook to document outcomes of activities and brainstorming sessions.

    • Build an IT Risk Taxonomy Workbook

    4. IT Risk Register – An internal control tool used to manage IT risks. Risk levels archived in this tool are instrumental to achieving an integrated and holistic view of risks across an organization.

    Leverage this tool to document risk levels, risk events, and controls. Smaller organizations can leverage this tool for risk management while larger organizations may find this tool useful to structure and define risks prior to using a risk management software tool.

    • Risk Register Tool

    Infographic

    Workshop: Build an IT Risk Taxonomy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review IT Risk Fundamentals and Governance

    The Purpose

    Review IT risk fundamentals and governance.

    Key Benefits Achieved

    Learn how enterprise risk management and IT risk management intersect and the role the IT taxonomy plays in integrated risk management.

    Activities

    1.1 Discuss risk fundamentals and the benefits of integrated risk.

    1.2 Create a cross-functional IT taxonomy working group.

    Outputs

    IT Risk Taxonomy Committee Charter Template

    Build an IT Risk Taxonomy Workbook

    2 Identify Level 1 Risk Types

    The Purpose

    Identify suitable IT level 1 risk types.

    Key Benefits Achieved

    Level 1 IT risk types are determined and have been tested against ERM level one risk types.

    Activities

    2.1 Discuss corporate strategy, business risks, macro trends, and organizational opportunities and constraints.

    2.2 Establish level 1 risk types.

    2.3 Test soundness of IT level 1 types by mapping to ERM level 1 types.

    Outputs

    Build an IT Risk Taxonomy Workbook

    3 Identify Level 2 and Level 3 Risk Types

    The Purpose

    Define level 2 and level 3 risk types.

    Key Benefits Achieved

    Level 2 and level 3 risk types have been determined.

    Activities

    3.1 Establish level 2 risk types.

    3.2 Establish level 3 risk types (and level 4 if appropriate for your organization).

    3.3 Begin to test by working backward from controls to ensure risk events will aggregate consistently.

    Outputs

    Build an IT Risk Taxonomy Design Template

    Risk Register Tool

    4 Monitor, Report, and Respond to IT Risk

    The Purpose

    Test the robustness of your IT risk taxonomy by populating the risk register with risk events and controls.

    Key Benefits Achieved

    Your IT risk taxonomy has been tested and your risk register has been updated.

    Activities

    4.1 Continue to test robustness of taxonomy and iterate if necessary.

    4.2 Optional activity: Draft your IT risk appetite statements.

    4.3 Discuss communication and continual improvement plan.

    Outputs

    Build an IT Risk Taxonomy Design Template

    Risk Register Tool

    Build an IT Risk Taxonomy Workbook

    Further reading

    Build an IT Risk Taxonomy

    If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

    Analyst Perspective

    Donna Bales.

    The pace and uncertainty of the current business environment introduce new and emerging vulnerabilities that can disrupt an organization’s strategy on short notice.

    Having a long-term view of risk while navigating the short term requires discipline and a robust and strategic approach to risk management.

    Managing emerging risks such as climate risk, the impact of digital disruption on internal technology, and the greater use of third parties will require IT leaders to be more disciplined in how they manage and communicate material risks to the enterprise.

    Establishing a hierarchical common language of IT risks through a taxonomy will facilitate true aggregation and integration of risks, enabling more effective decision making. This holistic, disciplined approach to risk management helps to promote a more sustainable risk culture across the organization while adding greater rigor at the IT control level.

    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    IT has several challenges when managing and responding to risk events:

    • Business leaders, driven by the need to make more risk-informed decisions, are putting pressure on IT to provide more timely and consistent risk reporting.
    • Navigating today’s ever-evolving threat landscape is complex. IT risk managers need to balance the emerging threat landscape while not losing sight of the risks of today.
    • IT needs to strengthen IT controls and anticipate risks in an age of disruption.

    Many IT organizations encounter obstacles in these areas:

    • Ensuring an integrated, well-coordinated approach to risk management across the organization.
    • Developing an IT risk taxonomy that will remain relevant over time while providing sufficient granularity and definitional clarity.
    • Gaining acceptance and ensuring understanding of accountability. Involving business leaders and a wide variety of risk owners when developing your IT risk taxonomy will lead to greater organizational acceptance.

    .

    • Take a collaborative approach when developing your IT risk taxonomy to gain greater acceptance and understanding of accountability.
    • Spend the time to fully analyze your current and future threat landscape when defining your level 1 IT risks and consider the causal impact and complex linkages and intersections.
    • Recognize that the threat landscape will continue to evolve and that your IT risk taxonomy is a living document that must be continually reviewed and strengthened.

    Info-Tech Insight

    A common understanding of risks, threats, and opportunities gives organizations the flexibility and agility to adapt to changing business conditions and drive corporate value.

    Increasing threat landscape

    The risk landscape is continually evolving, putting greater pressure on the risk function to work collaboratively throughout the organization to strengthen operational resilience and minimize strategic, financial, and reputational impact.

    Financial Impact

    Strategic Risk

    Reputation Risk

    In IBM’s 2021 Cost of a Data Breach Report, the Ponemon Institute found that data security breaches now cost companies $4.24 million per incident on average – the highest cost in the 17-year history of the report.

    58% percent of CROs who view inability to manage cyber risks as a top strategic risk.

    EY’s 2022 Global Bank Risk Management survey revealed that Chief Risk Officers (CROs) view the inability to manage cyber risk and the inability to manage cloud and data risk as the top strategic risks.

    Protiviti’s 2023 Executive Perspectives on Top Risks survey featured operational resilience within its top ten risks. An organization’s failure to be sufficiently resilient or agile in a crisis can significantly impact operations and reputation.

    Persistent and emerging threats

    Organizations should not underestimate the long-term impact on corporate performance if emerging risks are not fully understood, controlled, and embedded into decision-making.

    Talent Risk

    Sustainability

    Digital Disruption

    Protiviti’s 2023 Executive Perspectives on Top Risks survey revealed talent risk as the top risk organizations face, specifically organizations’ ability to attract and retain top talent. Of the 38 risks in the survey, it was the only risk issue rated at a “significant impact” level.

    Sustainability is at the top of the risk agenda for many organizations. In EY’s 2022 Global Bank Risk Management survey, environmental, social, and governance (ESG) risks were identified as a risk focus area, with 84% anticipating it to increase in priority over the next three years. Yet Info-Tech’s Tech Trends 2023 report revealed that only 24% of organizations could accurately report on their carbon footprint.

    Source: Info-Tech 2023 Tech Trends Report

    The risks related to digital disruption are vast and evolving. In the short term, risks surface in compliance and skills shortage, but Protiviti’s 2023 Executive Perspectives survey shows that in the longer term, executives are concerned that the speed of change and market forces may outpace an organization’s ability to compete.

    Build an IT risk taxonomy: As technology and digitization continue to advance, risk management practices must also mature. To strengthen operational and financial resiliency, it is essential that organizations move away from a siloed approach to IT risk management wart an integrated approach. Without a common IT risk taxonomy, effective risk assessment and aggregation at the enterprise level is not possible.

    Blueprint benefits

    IT Benefits

    Business Benefits

    • Simple, customizable approach to build an IT risk taxonomy
    • Improved satisfaction with IT for senior leadership and business units
    • Greater ability to respond to evolving threats
    • Improved understanding of IT’s role in enterprise risk management (ERM)
    • Stronger, more reliable internal control framework
    • Reduced operational surprises and failures
    • More dynamic decision making
    • More proactive risk responses
    • Improve transparency and comparability of risks across silos
    • Better financial resilience and confidence in meeting regulatory requirements
    • More relevant risk assurance for key stakeholders

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    IT Risk Taxonomy Committee Charter Template

    Create a cross-functional IT risk taxonomy committee.

    		The image contains a screenshot of the IT risk taxonomy committee charter template.

    Build an IT Risk Taxonomy Guideline

    Use IT risk taxonomy as a baseline to build your organization’s approach.

    		The image contains a screenshot of the build an it risk taxonomy guideline.

    Build an IT Risk Taxonomy Design Template

    Use this template to design and test your taxonomy.

    		The image contains a screenshot of the build an IT risk taxonomy design template.

    Risk Register Tool

    Update your risk register with your IT risk taxonomy.

    		The image contains a screenshot of the risk register tool.

    Key deliverable:

    Build an IT Risk Taxonomy Workbook

    Use the tools and activities in each phase of the blueprint to customize your IT risk taxonomy to suit your organization’s needs.

    The image contains a screenshot of the build an IT risk taxonomy workbook.

    Benefit from industry-leading best practices

    As a part of our research process, we used the COSO, ISO 31000, and COBIT 2019 frameworks. Contextualizing IT risk management within these frameworks ensures that our project-focused approach is grounded in industry-leading best practices for managing IT risk.

    COSO’s Enterprise Risk Management —Integrating with Strategy and Performance addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment.

    ISO 31000 – Risk Management can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment.

    COBIT 2019’s IT functions were used to develop and refine the ten IT risk categories used in our top-down risk identification methodology.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    Phase 1 Phase 2 Phase 3

    Call #1: Review risk management fundamentals.

    Call #2: Review the role of an IT risk taxonomy in risk management.

    Call #3: Establish a cross-functional team.

    Calls #4-5: Identify level 1 IT risk types. Test against enterprise risk management.

    Call #6: Identify level 2 and level 3 risk types.

    Call #7: Align risk events and controls to level 3 risk types and test.

    Call #8: Update your risk register and communicate taxonomy internally.

    A Guided Implementation (GI) is a series

    of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 8 calls over the course of 3 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5

    Review IT Risk Fundamentals and Governance

    Identify Level 1 IT Risk Types

    Identify Level 2 and Level 3 Risk Types

    Monitor, Report, and Respond to IT Risk

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1 Discuss risk fundamentals and the benefits of integrated risk.

    1.2 Create a cross-functional IT taxonomy working group.

    2.1 Discuss corporate strategy, business risks, macro trends, and organizational opportunities and constraints.

    2.2 Establish level 1 risk types.

    2.3 Test soundness of IT level 1 types by mapping to ERM level 1 types.

    3.1 Establish level 2 risk types.

    3.2 Establish level 3 risk types (and level 4 if appropriate for your organization).

    3.3 Begin to test by working backward from controls to ensure risk events will aggregate consistently.

    4.1 Continue to test robustness of taxonomy and iterate if necessary.

    4.2 Optional activity: Draft your IT risk appetite statements.

    4.3 Discuss communication and continual improvement plan.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. T Risk Taxonomy Committee Charter Template
    2. Build an IT Risk Taxonomy Workbook
    1. Build an IT Risk Taxonomy Workbook
    1. IT Risk Taxonomy Design Template
    2. Risk Register
    1. IT Risk Taxonomy Design Template
    2. Risk Register
    3. Build an IT Risk Taxonomy Workbook
    1. Workshop Report

    Phase 1

    Understand Risk Management Fundamentals

    Phase 1

    Phase 2

    Phase 3

    • Governance, Risk, and Compliance
    • Enterprise Risk Management
    • Enterprise Risk Appetite
    • Risk Statements and Scenarios
    • What Is a Risk Taxonomy?
    • Functional Role of an IT Risk Taxonomy
    • Connection to Enterprise Risk Management
    • Establish Committee
    • Steps to Define IT Risk Taxonomy
    • Define Level 1
    • Test Level 1
    • Define Level 2 and 3
    • Test via Your Control Framework

    Governance, risk, and compliance (GRC)

    Risk management is one component of an organization’s GRC function.

    GRC principles are important tools to support enterprise management.

    Governance sets the guardrails to ensure that the enterprise is in alignment with standards, regulations, and board decisions. A governance framework will communicate rules and expectations throughout the organization and monitor adherence.

    Risk management is how the organization protects and creates enterprise value. It is an integral part of an organization’s processes and enables a structured decision-making approach.

    Compliance is the process of adhering to a set of guidelines; these could be external regulations and guidelines or internal corporate policies.

    GRC principles are tightly bound and continuous

    The image contains a screenshot of a continuous circle that is divided into three parts: risk, compliance, and governance.

    Enterprise risk management

    Regardless of size or structure, every organization makes strategic and operational decisions that expose it to uncertainties.

    Enterprise risk management (ERM) is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio (RIMS).

    An ERM is program is crucial because it will:

    • Help shape business objectives, drive revenue growth, and execute risk-based decisions.
    • Enable a deeper understanding of risks and assessment of current risk profile.
    • Support forward-looking risk management and more constructive dialogue with the board and regulatory agencies.
    • Provide insight on the robustness and efficacy of risk management processes, tools, and controls.
    • Drive a positive risk culture.

    ERM is supported by strategy, effective processes, technology, and people

    The image contains a screenshot that demonstrates how ERM is supported by strategy, effective processes, technology, and people.

    Risk frameworks

    Risk frameworks are leveraged by the industry to “provide a structure and set of definitions to allow enterprises of all types and sizes to understand and better manage their risk environments.” COSO Enterprise Risk Management, 2nd edition

    • Many organizations lean on the Committee of Sponsoring Organizations’ Enterprise Risk Management framework (COSO ERM) and ISO 31000 to view organizational risks from an enterprise perspective.
    • Prior to the introduction of standardized risk frameworks, it was difficult to quantify the impact of a risk event on the entire enterprise, as the risk was viewed in a silo or as an individual risk component.
    • Recently, the National Institute of Science and Technology (NIST) published guidance on developing an enterprise risk management approach. The guidance helps to bridge the gap between best practices in enterprise risk management and processes and control techniques that cybersecurity professionals use to meet regulatory cybersecurity risk requirements.

    The image contains a screenshot of NIST ERM approach to strategic risk.

    Source: National Institute of Standards and Technology

    New NIST guidance (NISTIR 8286) emphasizes the complexity of risk management and the need for the risk management process to be carried out seamlessly across three tiers with the overall objective of continuous improvement.

    Enterprise risk appetite

    “The amount of risk an organization is willing to take in pursuit of its objectives”

    – Robert R. Moeller, COSO ERM Framework Model
    • A primary role of the board and senior management is to balance value creation with effectively management of enterprise risks.
    • As part of this role, the board will approve the enterprise’s risk appetite. Placing this responsibility with the board ensures that the risk appetite is aligned with the company’s strategic objectives.
    • The risk appetite is used throughout the organization to assess and respond to individual risks, acting as a constant to make sure that risks are managed within the organization’s acceptable limits.
    • Each year, or in reaction to a risk trigger, the enterprise risk appetite will be updated and approved by the board.
    • Risk appetite will vary across organizations for several reasons, such as industry, company culture, competitors, the nature of the objectives pursued, and financial strength.

    Change or new risks » adjust enterprise risk profile » adjust risk appetite

    Risk profile vs. risk appetite

    Risk profile is the broad parameters an organization considers in executing its business strategy. Risk appetite is the amount of risk an entity is willing to accept in pursuit of its strategic objectives. The risk appetite can be used to inform the risk profile or vice versa. Your organization’s risk culture informs and is used to communicate both.

    Risk Tolerant

    Moderate

    Risk Averse

    • You have no compliance requirements.
    • You have no sensitive data.
    • Customers do not expect you to have strong security controls.
    • Revenue generation and innovative products take priority and risk is acceptable.
    • The organization does not have remote locations.
    • It is likely that your organization does not operate within the following industries:
      • Finance
      • Healthcare
      • Telecom
      • Government
      • Research
      • Education
    • You have some compliance requirements, such as:
      • HIPAA
      • PIPEDA
    • You have sensitive data and are required to retain records.
    • Customers expect strong security controls.
    • Information security is visible to senior leadership.
    • The organization has some remote locations.
    • Your organization most likely operates within the following industries:
      • Government
      • Research
      • Education
    • You have multiple strict compliance and/or regulatory requirements.
    • You house sensitive data, such as medical records.
    • Customers expect your organization to maintain strong and current security controls.
    • Information security is highly visible to senior management and public investors.
    • The organization has multiple remote locations.
    • Your organization operates within the following industries:
      • Finance
      • Healthcare
      • Telecom

    Where the IT risk appetite fits into the risk program

    • Your organization’s strategy and associated risk appetite cascade down to each business department. Overall strategy and risk appetite also set a strategy and risk appetite for each department.
    • Both risk appetite and risk tolerances set boundaries for how much risk an organization is willing or prepared to take. However, while appetite is often broad, tolerance is tactical and focused.
    • Tolerances apply to specific objectives and provide guidance to those executing on a day-to-day basis. They measure the variation around performance expectations that the organization will tolerate.
    • Ideally, they are incorporated into existing governance, risk, and compliance systems and are also considered when evaluated business cases.
    • IT risk appetite statements are based on IT level 1 risk types.

    The risk appetite has a risk lens but is also closely linked to corporate performance.

    The image contains a screenshot of a diagram that demonstrates how risk appetite has a risk lens, and how it is linked to corporate performance.

    Statements of risk

    The image contains a screenshot of a diagram of the risk landscape.

    Risk Appetite

    Risk Tolerance

    • The general amount of risk an organization is willing to accept while pursuing its objectives.
    • Proactive, future view of risks that reflects the desired range of enterprise performance.
    • Reflects the longer-term strategy of what needs to be achieved and the resources available to achieve it, expressed in quantitative criteria.
    • Risk appetites will vary for several reasons, such as the company culture, financial strength, and capabilities.
    • Risk tolerance is the acceptable deviation from the level set by the risk appetite.
    • Risk tolerance is a tactical tool often expressed in quantitative terms.
    • Key risk indicators are often used to align to risk tolerance limits to ensure the organization stays within the set risk boundary.

    Risk scenarios

    Risk scenarios serve two main purposes: to help decision makers understand how adverse events can affect organizational strategy and objectives and to prepare a framework for risk analysis by clearly defining and decomposing the factors contributing to the frequency and the magnitude of adverse events.

    ISACA
    • Organizations’ pervasive use of and dependency on technology has increased the importance of scenario analysis to identify relevant and important risks and the potential impacts of risk events on the organization if the risk event were to occur.
    • Risk scenarios provide “what if” analysis through a structured approach, which can help to define controls and document assumptions.
    • They form a constructive narrative and help to communicate a story by bringing in business context.
    • For the best outcome, have input from business and IT stakeholders. However, in reality, risk scenarios are usually driven by IT through the asset management practice.
    • Once the scenarios are developed, they are used during the risk analysis phase, in which frequency and business impacts are estimated. They are also a useful tool to help the risk team (and IT) communicate and explain risks to various business stakeholders.

    Top-down approach – driven by the business by determining the business impact, i.e. what is the impact on my customers, reputation, and bottom line if the system that supports payment processing fails?

    Bottom-up approach – driven by IT by identifying critical assets and what harm could happen if they were to fail.

    Example risk scenario

    Use level 1 IT risks to derive potential scenarios.

    Risk Scenario Description

    Example: IT Risks

    Risk Scenario Title

    A brief description of the risk scenario

    The enterprise is unable to recruit and retain IT staff

    Risk Type

    The process or system that is impacted by the risk

    • Service quality
    • Product and service cost

    Risk Scenario Category

    Deeper insight into how the risk might impact business functions

    • Inadequate capacity to support business needs
    • Talent and skills gap due to inability to retain talent

    Risk Statement

    Used to communicate the potential adverse outcomes of a particular risk event and can be used to communicate to stakeholders to enable informed decisions

    The organization chronically fails to recruit sufficiently skilled IT workers, leading to a loss of efficiency in overall technology operation and an increased security exposure.

    Risk Owner

    The designated party responsible and accountable for ensuring that the risk is maintained in accordance with enterprise requirements

    • Head of Human Resources
    • Business Process Owner

    Risk Oversight

    The person (role) who is responsible for risk assessments, monitoring, documenting risk response, and establishing key risk indicators

    CRO/COO

    Phase 2

    Set Your Organization Up for Success

    Phase 1

    Phase 2

    Phase 3

    • Governance, Risk, and Compliance
    • Enterprise Risk Management
    • Enterprise Risk Appetite
    • Risk Statements and Scenarios
    • What Is a Risk Taxonomy?
    • Functional Role of an IT Risk Taxonomy
    • Connection to Enterprise Risk Management
    • Establish Committee
    • Steps to Define IT Risk Taxonomy
    • Define Level 1
    • Test Level 1
    • Define Level 2 and 3
    • Test via Your Control Framework

    This phase will walk you through the following activities:

    • How to set up a cross-functional IT risk taxonomy committee

    This phase involves the following participants:

    • CIO
    • CISO
    • CRO
    • IT Risk Owners
    • Business Leaders
    • Human Resources

    What is a risk taxonomy?

    A risk taxonomy provides a common risk view and enables integrated risk

    • A risk taxonomy is the (typically hierarchical) categorization of risk types. It is constructed out of a collection of risk types organized by a classification scheme.
    • Its purpose is to assist with the management of an organization’s risk by arranging risks in a classification scheme.
    • It provides foundational support across the risk management lifecycle in relation to each of the key risks.
    • More material risk categories form the root nodes of the taxonomy, and risk types cascade into more granular manifestations (child nodes).
    • From a risk management perspective, a taxonomy will:
      • Enable more effective risk aggregation and interoperability.
      • Provide the organization with a complete view of risks and how risks might be interconnected or concentrated.
      • Help organizations form a robust control framework.
      • Give risk managers a structure to manage risks proactively.

    Typical Tree Structure

    The image contains a screenshot of the Typical Tree Structure.

    What is integrated risk management?

    • Integrated risk management is the process of ensuring all forms of risk information, including risk related to information and technology, are considered and included in the organization’s risk management strategy.
    • It removes the siloed approach of classifying risks related to specific departments or areas of the organization, recognizing that each risk is a potential threat to the overarching enterprise.
    • By aggregating the different threats or uncertainty that might exist within an organization, integrated risk management enables more informed decisions to be made that align to strategic goals and continue to drive value back to the business.
    • By holistically considering the different risks, the organization can make informed decisions on the best course of action that will reduce any negative impacts associated with the uncertainty and increase the overall value.

    The image contains a screenshot of the ERM.

    Integrated risk management: A strategic and collaborative way to manage risks across the organization. It is a forward-looking, business-specific outlook with the objective of improving risk visibility and culture.

    Drivers and benefits of integrated risk

    Drivers for Integrated Risk Management

    • Business shift to digital experiences
    • The breadth and number of risks requiring oversight
    • The need for faster risk analysis and decision making

    Benefits of Integrated Risk Management

    • Enables better scenario planning
    • Enables more proactive risk responses
    • Provides more relevant risk assurance to key stakeholders
    • Improves transparency and comparability of risks across organizational silos
    • Supports better financial resilience

    Business velocity and complexity are making real-time risk management a business necessity.

    If integrated risk is the destination, your taxonomy is your road to get you there

    Info-Tech’s Model for Integrated Risk

    The image contains a screenshot of Info-Tech's Model for Integrated Risk.

    How the risk practices intersect

    The risk taxonomy provides a common classification of risks that allows risks to roll up systematically to enterprise risk, enabling more effective risk responses and more informed decision making.

    The image contains a screenshot of a diagram that demonstrates how the risk practices intersect.

    ERM taxonomy

    Relative to the base event types, overall there is an increase in the number of level 1 risk types in risk taxonomies

    Oliver Wyman
    • The changing risk profile of organizations and regulatory focus in some industries is pushing organizations to rethink their risk taxonomies.
    • Generally, the expansion of level 1 risk types is due to the increase in risk themes under the operational risk umbrella.
    • Non-financial risks are risks that are not considered to be traditional financial risks, such as operational risk, technology risk, culture, and conduct. Environmental, social, and governance (ESG) risk is often referred to as a non-financial risk, although it can have both financial and non-financial implications.
    • Certain level 1 ERM risks, such as strategic risk, reputational risk, and ESG risk, cover both financial and non-financial risks.

    The image contains a screenshot of a diagram of the Traditional ERM Structure.

    Operational resilience

    • The concept of operational resiliency was first introduced by European Central Bank (ECB) in 2018 as an attempt to corral supervisory cooperation on operational resiliency in financial services.
    • The necessity for stronger operational resiliency became clear during the early stages of COVID-19 when many organizations were not prepared for disruption, leading to serious concern for the safety and soundness of the financial system.
    • It has gained traction and is now defined in global supervisory guidance. Canada’s prudential regulator, Office of the Superintendent of Financial Institutions (OSFI), defines it as “the ability of a financial institution to deliver its operations, including its critical operations, through disruption.”
    • Practically, its purpose is to knit together several operational risk management categories such as business continuity, security, and third-party risk.
    • The concept has been adopted by information and communication technology (ICT) companies, as technology and cyber risks sit neatly under this risk type.
    • It is now not uncommon to see operational resiliency as a level 1 risk type in a financial institution’s ERM framework.

    Operational resilience will often feature in ERM frameworks in organizations that deliver critical services, products, or functions, such as financial services

    Operational Resilience.

    ERM level 1 risk categories

    Although many organizations have expanded their enterprise risk management taxonomies to address new threats, most organizations will have the following level 1 risk types:

    ERM Level 1

    Definition

    Definition Source

    Financial

    The ability to obtain sufficient and timely funding capacity.

    Global Association of Risk Professionals (GARP)

    Non-Financial

    Non-financial risks are risks that are not considered to be traditional financial risks such as operational risk, technology risk, culture and conduct.

    Office of the Superintendent of Financial Institutions (OSFI)

    Reputational

    Potential negative publicity regarding business practices regardless of validity.

    US Federal Reserve

    Global Association of Risk Professionals (GARP)

    Strategic

    Risk of unsuccessful business performance due to internal or external uncertainties, whether the event is event or trend driven. Actions or events that adversely impact an organizations strategies and/or implementation of its strategies.

    The Risk Management Society (RIMS)

    Sustainability (ESG)

    This risk of any negative financial or reputational impact on an organizations stemming from current or prospective impacts of ESG factors on its counterparties or invested assets.

    Open Risk Manual

    Info-Tech Research Group

    Talent and Risk Culture

    The widespread behaviors and mindsets that can threaten sound decision-making, prudent risk-taking, and effective risk management and can weaken an institution’s financial and operational resilience.

    Info-Tech Research Group

    Different models of ERM

    Some large organizations will elevate certain operational risks to level 1 organizational risks due to risk materiality.

    Every organization will approach its risk management taxonomy differently; the number of level 1 risk types will vary and depend highly on perceived impact.

    Some of the reasons why an organization would elevate a risk to a level 1 ERM risk are:

    • The risk has significant impact on the organization's strategy, reputation, or financial performance.
    • The regulator has explicitly called out board oversight within legislation.
    • It is best practice in the organization’s industry or business sector.
    • The organization has structured its operations around a particular risk theme due to its potential negative impact. For example, the organization may have a dedicated department for data privacy.

    Level 1

    Potential Rationale

    Industries

    Risk Definition

    Advanced Analytics

    Use of advanced analytics is considered material

    Large Enterprise, Marketing

    Risks involved with model risk and emerging risks posed by artificial intelligence/machine learning.

    Anti-Money Laundering (AML) and Fraud

    Risk is viewed as material

    Financial Services, Gaming, Real Estate

    The risk of exposure to financial crime and fraud.

    Conduct Risk

    Sector-specific risk type

    Financial Services

    The current or prospective risk of losses to an institution arising from inappropriate supply of financial services including cases of willful or negligent misconduct.

    Operational Resiliency

    Sector-specific risk type

    Financial Services, ICT

    Organizational risk resulting from an organization’s failure to deliver its operations, including its critical operations, through disruption.

    Privacy

    Board driven – perceived as material risk to organization

    Healthcare, Financial Services

    The potential loss of control over personal information.

    Information Security

    Board driven – regulatory focus

    All may consider

    The people, processes, and technology involved in protecting data (information) in any form – whether digital or on paper – through its creation, storage, transmission, exchange, and destruction.

    Risk and impact

    Mapping risks to business outcomes happens within the ERM function and by enterprise fiduciaries.

    • When mapping risk events to enterprise risk types, the relationship is rarely linear. Rather, risk events typically will have multiple impacts on the enterprise, including strategic, reputational, ESG, and financial impacts.
    • As risk information is transmitted from lower levels, it informs the next level, providing the appropriate information to prioritize risk.
    • In the final stage, the enterprise portfolio view will reflect the enterprise impacts according to risk dimensions, such as strategic, operational, reporting, and compliance.

    Rolling Up Risks to a Portfolio View

    The image contains a screenshot to demonstrate rolling up risks to a portfolio view.

    1. A risk event within IT will roll up to the enterprise via the IT risk register.
    2. The impact of the risk on cash flow and operations will be aggregated and allocated in the enterprise risk register by enterprise fiduciaries (e.g. CFO).
    3. The impacts are translated into full value exposures or modified impact and likelihood assessments.

    Common challenges

    How to synthesize different objectives between IT risk and enterprise risk

    Commingling risk data is a major challenge when developing a risk taxonomy, but one of the underlying reasons is that the enterprise and IT look at risk from different dimensions.

    • The role of the enterprise in risk management is to provide and preserve value, and therefore the enterprise evaluates risk on an adjusted risk-return basis.
    • To do this effectively, the enterprise must break down silos and view risk holistically.
    • ERM is a top-down process of evaluating risks that may impact the entity. As part of the process, ERM must manage risks within the enterprise risk framework and provide reasonable assurances that enterprise objectives will be met.
    • IT risk management focuses on internal controls and sits as a function within the larger enterprise.
    • IT takes a bottom-up approach by applying an ongoing process of risk management and constantly identifying, assessing, prioritizing, and mitigating risks.
    • IT has a central role in risk mitigation and, if functioning well, will continually reduce IT risks, simplifying the role for ERM.

    Establish a team

    Cross-functional collaboration is key to defining level 1 risk types.

    Establish a cross-functional working group.

    • Level 1 IT risk types are the most important to get right because they are the root nodes that all subtypes of risk cascade from.
    • To ensure the root nodes (level 1 risk types) address the risks of your organization, it is vital to have a strong understanding or your organization’s value chain, so your organizational strategy is a key input for defining your IT level 1 risk types.
    • Since the taxonomy provides the method for communicating risks to the people who need to make decisions, a wide understanding and acceptance of the taxonomy is essential. This means that multiple people across your organization should be involved in defining the taxonomy.
    • Form a cross-functional tactical team to collaborate and agree on definitions. The team should include subject matter experts and leaders in key risk and business areas. In terms of governance structure, this committee might sit underneath the enterprise risk council, and members of your IT risk council may also be good candidates for this tactical working group.
    • The committee would be responsible for defining the taxonomy as well as performing regular reviews.
    • The importance of collaboration will become crystal clear as you begin this work, as risks should be connected to only one risk type.

    Governance Layer

    Role/ Responsibilities

    Enterprise

    Defines organizational goals. Directs or regulates the performance and behavior of the enterprise, ensuring it has the structure and capabilities to achieve its goals.

    Enterprise Risk Council

    • Approve of risk taxonomy

    Strategic

    Ensures business and IT initiatives, products, and services are aligned to the organization’s goals and strategy and provide expected value. Ensures adherence to key principles.

    IT Risk Council

    • Provide input
    • May review taxonomy ahead of going to the enterprise risk council for approval

    Tactical

    Ensures key activities and planning are in place to execute strategic initiatives.

    Subcommittee

    • Define risk types and definitions
    • Establish and maintain taxonomy
    • Recommend changes
    • Advocate and communicate internally

    2.1 Establish a cross-functional working group

    2-3 hours

    1. Consider your organization’s operating model and current governance framework, specifically any current risk committees.
    2. Consider the members of current committees and your objectives and begin defining:
      1. Committee mandate, goals, and success factors.
      2. Responsibility and membership.
      3. Committee procedures and policies.
    3. Make sure you define how this tactical working group will interact with existing committees.

    Download Build an IT Risk Taxonomy Workbook

    Input Output
    • Organization chart and operating model
    • Corporate governance framework and existing committee charters
    • Cross-functional working group charter
    Materials Participants
    • Whiteboard/flip charts
    • Build an IT Risk Taxonomy Workbook
    • IT Taxonomy Committee Charter
    • CISO
    • Human resources
    • Corporate communications
    • CRO or risk owners
    • Business leaders

    Phase 3

    Structure Your IT Risk Taxonomy

    Phase 1

    Phase 2

    Phase 3

    • Governance, Risk, and Compliance
    • Enterprise Risk Management
    • Enterprise Risk Appetite
    • Risk Statements and Scenarios
    • What Is a Risk Taxonomy?
    • Functional Role of an IT Risk Taxonomy
    • Connection to Enterprise Risk Management
    • Establish Committee
    • Steps to Define IT Risk Taxonomy
    • Define Level 1
    • Test Level 1
    • Define Level 2 and 3
    • Test via Your Control Framework

    This phase will walk you through the following activities:

    • Establish level 1 risk types
    • Test level 1 risk types
    • Define level 2 and level 3 risk types
    • Test the taxonomy via your control framework

    This phase involves the following participants:

    • CIO
    • CISO
    • CRO
    • IT Risk Owners
    • Business Leaders
    • Human Resources

    Structuring your IT risk taxonomy

    Do’s

    • Ensure your organization’s values are embedded into the risk types.
    • Design your taxonomy to be forward looking and risk based.
    • Make level 1 risk types generic so they can be used across the organization.
    • Ensure each risk has its own attributes and belongs to only one risk type.
    • Collaborate on and communicate your taxonomy throughout organization.

    Don’ts

    • Don’t develop risk types based on function.
    • Don’t develop your taxonomy in a silo.

    A successful risk taxonomy is forward looking and codifies the most frequently used risk language across your organization.

    Level 1

    Parent risk types aligned to organizational values

    Level 2

    Subrisks to level 1 risks

    Level 3

    Further definition

    Steps to define your IT risk taxonomy

    Step 1

    Leverage Info-Tech’s Build an IT Risk Taxonomy Guideline and identify IT level 1 risk types. Consider corporate inputs and macro trends.

    Step 2

    Test level 1 IT risk types by mapping to your enterprise's ERM level 1 risk types.

    Step 3

    Draft your level 2 and level 3 risk types. Be mutually exclusive to the extent possible.

    Step 4

    Work backward – align risk events and controls to the lowest level risk category. In our examples, we align to level 3.

    Step 5

    Add risk levels to your risk registry.

    Step 6

    Optional – Add IT risk appetite statements to risk register.

    Inputs to use when defining level 1

    To help you define your IT risk taxonomy, leverage your organization’s strategy and risk management artifacts, such as outputs from risk assessments, audits, and test results. Also consider macro trends and potential risks unique to your organization.

    Step 1 – Define Level 1 Risk Types

    Use corporate inputs to help structure your taxonomy

    • Corporate Strategy
    • Risk Assessment
    • Audit
    • Test Results

    Consider macro trends that may have an impact on how you manage IT risks

    • Geopolitical Risk
    • Economic Downturn
    • Regulation
    • Competition
    • Climate Risk
    • Industry Disruption

    Evaluate from an organizational lens

    Ask risk-based questions to help define level 1 IT risks for your organization.

    IT Risk Type

    Example Questions

    Technology

    How reliant is our organization on critical assets for business operations?

    How resilient is the organization to an unexpected crisis?

    How many planned integrations do we have (over the next 24 months)?

    Talent Risk

    What is our need for specialized skills, like digital, AI, etc.?

    Does our culture support change and innovation?

    How susceptible is our organization to labor market changes?

    Strategy

    What is the extent of digital adoption or use of emerging technologies in our organization?

    How aligned is IT with strategy/corporate goals?

    How much is our business dependent on changing customer preferences?

    Data

    How much sensitive data does our organization use?

    How much data is used and stored aggregately?

    How often is data moved? And to what locations?

    Third-party

    How many third-party suppliers do we have?

    How reliant are we on the global supply chain?

    What is the maturity level of our third-party suppliers?

    Do we have any concentration risk?

    Security

    How equipped is our organization to manage cyber threats?

    How many security incidents occur per year/quarter/day?

    Do we have regulatory obligations? Is there risk of enforcement action?

    Level 1 IT taxonomy structure

    Step 2 – Consider your organization’s strategy and areas where risks may manifest and use this guidance to advance your thinking. Many factors may influence your taxonomy structure, including internal organizational structure, the size of your organization, industry trends and organizational context, etc.

    Most IT organizations will include these level 1 risks in their IT risk taxonomy

    IT Level 1

    Definition

    Definition Source

    Technology

    Risk arising from the inadequacy, disruption, destruction, failure, damage from unauthorized access modifications, or malicious use of information technology assets, people or processes that enable and support business needs, and can result in financial loss and/or reputational damage.

    Open Risk Manual

    Note how this definition by OSFI includes cyber risk as part of technology risk. Smaller organizations and organizations that do not use large amounts of sensitive information will typically fold cyber risks under technology risks. Not all organizations will take this approach. Some organizations may elevate security risk to level 1.

    “Technology risk”, which includes “cyber risk”, refers to the risk arising from the inadequacy, disruption, destruction, failure, damage from unauthorized access, modifications, or malicious use of information technology assets, people or processes that enable and support business needs, and can result in financial loss and/or reputational damage.

    Office of the Superintendent of Financial Institutions (OSFI)

    Talent

    The risk of not having the right knowledge and skills to execute strategy.

    Info-Tech Research Group/McLean & Company

    Human capital challenges including succession challenges and the ability to attract and retain top talent are considered the most dominant risk to organizations’ ability to meet their value proposition (Protiviti, 2023).

    Strategic

    Risks that threaten IT’s ability to deliver expected business outcomes.

    Info-Tech Research Group

    IT’s role as strategic enabler to the business has never been so vital. With the speed of disruptive innovation, IT must be able to monitor alignment, support opportunities, and manage unexpected crises.

    Level 1 IT taxonomy structure cont'd

    Step 2 – Large and more complex organizations may have more level 1 risk types. Variances in approaches are closely linked to the type of industry and business in which the organization operates as well as how they view and position risks within their organization.

    IT Level 1

    Definition

    Definition Source

    Data

    Data risk is the exposure to loss of value or reputation caused by issues or limitations to an organization’s ability to acquire, store, transform, move, and use its data assets.

    Deloitte

    Data risk encompasses the risk of loss value or reputation resulting from inadequate or failed internal processes, people and systems or from external events impacting on data.

    Australian Prudential Regulation Authority (APRA) CPG 235 -2013)

    Data is increasingly being used for strategic growth initiatives as well as for meeting regulatory requirements. Organizations that use a lot of data or specifically sensitive information will likely have data as a level 1 IT risk type.

    Third-Party

    The risk adversely impacting the institutions performance by engaging a third party, or their associated downstream and upstream partners or another group entity (intragroup outsourcing) to provide IT systems or related services.

    European Banking Association (EBA)

    Open Risk Manual uses EBA definition

    Third-party risk (supply chain risk) received heightened attention during COVID-19. If your IT organization is heavily reliant on third parties, you may want to consider elevating third-party risk to level 1.

    Security

    The risk of unauthorized access to IT systems and data from within or outside the institution (e.g., cyber-attacks). An incident is viewed as a series of events that adversely affects the information assets of an organization. The overall narrative of this type of risk event is captured as who, did what, to what (or whom), with what result.

    Open Risk Manual

    Some organizations and industries are subject to regulatory obligations, which typically means the board has strict oversight and will elevate security risk to a level 1.

    Common challenges

    Considerations when defining level 1 IT risk types

    • Ultimately, the identification of a level 1 IT risk type will be driven by the potential for and materiality of vulnerabilities that may impede an organization from delivering successful business outcomes.
    • Senior leaders within organizations play a central role in protecting organizations against vulnerabilities and threats.
    • The size and structure of your organization will influence how you manage risk.
    • The following slide shows typical roles and responsibilities for data privacy.
    • Large enterprises and organizations that use a lot of personal identifiable information (PII) data, such as those in healthcare, financial services, and online retail, will typically have data as a level 1 IT risk and data privacy as a level 2 risk type.
    • However, smaller organizations or organizations that do not use a lot of data will typically fold data privacy under either technology risk or security risk.

    Deciding placement in taxonomy

    Deciding Placement in Taxonomy.

    • In larger enterprises, data risks are managed within a dedicated functional department with its own governance structure. In small organizations, the CIO is typically responsible and accountable for managing data privacy risk.

    Global Enterprise

    Midmarket

    Privacy Requirement

    What Is Involved

    Accountable

    Responsible

    Accountable & Responsible

    Privacy Legal and Compliance Obligations

    • Ensuring the relevant Accountable roles understand privacy obligations for the jurisdictions operated in.

    Privacy Officer (Legal)

    Privacy Officer (Legal)

    Privacy Policy, Standards, and Governance

    • Defining polices and ensuring they are in place to ensure all privacy obligations are met.
    • Monitoring adherence to those policies and standards.

    Chief Risk Officer (Risk)

    Head of Risk Function

    Data Classification and Security Standards and Best-Practice Capabilities

    • Defining the organization’s data classification and security standards and ensuring they align to the privacy policy.
    • Designing and building the data security standards, processes, roles, and technologies required to ensure all security obligations under the privacy policy can be met.
    • Providing oversight of the effectiveness of data security practices and leading resolution of data security issues/incidents.

    Chief Information Security Officer (IT)

    Chief Information Security Officer (IT)

    Technical Application of Data Classification, Management and Security Standards

    • Ensuring all technology design, implementation, and operational decisions adhere to data classification, data management, and data security standards.

    Chief Information Officer (IT)

    Chief Data Architect (IT)

    Chief Information Officer (IT)

    Data Management Standards and Best-Practice Capabilities

    • Defining the organization’s data management standards and ensuring they align to the privacy policy.
    • Designing and building the data management standards, processes, roles, and technologies required to ensure data classification, access, and sharing obligations under the privacy policy can be met.
    • Providing oversight of the effectiveness of data classification, access, and sharing practices and leading resolution of data management issues/incidents.

    Chief Data Officer

    Where no Head of Data Exists and IT, not the business, is seen as de facto owner of data and data quality

    Execution of Data Management

    • Ensuring business processes that involve data classification, sharing, and access related to their data domain align to data management standards (and therefore privacy obligations).

    L1 Business Process Owner

    L2 Business Process Owner

    Common challenges

    Defining security risk and where it resides in the taxonomy

    • For risk management to be effective, risk professionals need to speak the same language, but the terms “information security,” “cybersecurity,” and “IT security” are often used interchangeably.
    • Traditionally, cyber risk was folded under technology risk and therefore resided at a lower level of a risk taxonomy. However, due to heightened attention from regulators and boards stemming from the pervasiveness of cyber threats, some organizations are elevating security risks to a level 1 IT risk.
    • Furthermore, regulatory cybersecurity requirements have emphasized control frameworks. As such, many organizations have adopted NIST because it is comprehensive, regularly updated, and easily tailored.
    • While NIST is prescriptive and action oriented, it start with controls and does not easily integrate with traditional ERM frameworks. To address this, NIST has published new guidance focused on an enterprise risk management approach. The guidance helps to bridge the gap between best practices in enterprise risk management and processes and control techniques that cybersecurity professionals use to meet regulatory cybersecurity risk requirements.

    Definitional Nuances

    “Cybersecurity” describes the technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access.

    “IT security” describes a function as well as a method of implementing policies, procedures, and systems to defend the confidentiality, integrity, and availability of any digital information used, transmitted, or stored throughout the organization’s environment.

    “Information security” defines the people, processes, and technology involved in protecting data (information) in any form – whether digital or on paper – through its creation, storage, transmission, exchange, and destruction.

    3.1 Establish level 1 risk types

    2-3 hours

    1. Consider your current and future corporate goals and business initiatives, risk management artifacts, and macro industry trends.
    2. Ask questions to understand risks unique to your organization.
    3. Review Info-Tech’s IT level 1 risk types and identify the risk types that apply to your organization.
    4. Add any risk types that are missing and unique to your organization.
    5. Refine the definitions to suit your organization.
    6. Be mutually exclusive and collectively exhaustive to the extent possible.

    Download Build an IT Risk Taxonomy Workbook

    InputOutput
    • Organization's strategy
    • Other organizational artifacts if available (operating model, outputs from audits and risk assessments, risk profile, and risk appetite)
    • Build an IT Risk Taxonomy Guideline
    • IT Risk Taxonomy Definitions
    • Level 1 IT risk types customized to your organization
    MaterialsParticipants
    • Whiteboard/flip charts
    • Build an IT Risk Taxonomy Workbook
    • CISO
    • Human resources
    • Corporate communications
    • CRO or risk owners
    • Business leaders

    3.2 Map IT risk types against ERM level 1 risk types

    1-2 hours

    1. Using the output from Activity 3.1, map your IT risk types to your ERM level 1 risk types.
    2. Record in the Build an IT Risk Taxonomy Workbook.

    Download Build an IT Risk Taxonomy Workbook

    InputOutput
    • IT level 1 risk types customized to your organization
    • ERM level 1 risk types
    • Final level 1 IT risk types
    MaterialsParticipants
    • Whiteboard/flip charts
    • Build an IT Risk Taxonomy Workbook
    • CISO
    • Human resources
    • Corporate communications
    • CRO or risk owners
    • Business leaders

    Map IT level 1 risk types to ERM

    Test your level 1 IT risk types by mapping to your organization’s level 1 risk types.

    Step 2 – Map IT level 1 risk types to ERM

    The image contains two tables. 1 table is ERM Level 1 Risks, the other table is IT Level 1 Risks.

    3.3 Establishing level 2 and 3 risk types

    3-4 hours

    1. Using the level 1 IT risk types that you have defined and using Info-Tech’s Risk Taxonomy Guideline, first begin to identify level 2 risk types for each level 1 type.
    2. Be mutually exclusive and collectively exhaustive to the extent possible.
    3. Once satisfied with your level 2 risk types, break them down further to level 3 risk types.

    Note: Smaller organizations may only define two risk levels, while larger organizations may define further to level 4.

    Download Build an IT Risk Taxonomy Design Template

    InputOutput
    • Output from Activity 3.1, Establish level 1 risk types
    • Build an IT Risk Taxonomy Workbook
    • Build an IT Risk Taxonomy Guideline
    • Level 2 and level 3 risk types recorded in Build an IT Risk Taxonomy Design Template
    MaterialsParticipants
    • Whiteboard/flip charts
    • Build an IT Risk Taxonomy Workbook
    • CISO
    • Human resources
    • Corporate communications
    • CRO or risk owners
    • Business leaders

    Level 2 IT taxonomy structure

    Step 3 – Break down your level 1 risk types into subcategories. This is complicated and may take many iterations to reach a consistent and accepted approach. Try to make your definitions intuitive and easy to understand so that they will endure the test of time.

    The image contains a screenshot of Level 2 IT taxonomy Structure.

    Security vulnerabilities often surface through third parties, but where and how you manage this risk is highly dependent on how you structure your taxonomy. Organizations with a lot of exposure may have a dedicated team and may manage and report security risks under a level 1 third-party risk type.

    Level 3 IT taxonomy structure

    Step 3 – Break down your level 2 risk types into lower-level subcategories. The number of levels of risk you have will depend on the size of and magnitude of risks within your organization. In our examples, we demonstrate three levels.

    The image contains a screenshot of Level 3 IT taxonomy Structure.

    Risk taxonomies for smaller organizations may only include two risk levels. However, large enterprises or more complex organizations may extend their taxonomy to level 3 or even 4. This illustration shows just a few examples of level 3 risks.

    Test using risk events and controls

    Ultimately risk events and controls need to roll up to level 1 risks in a consistent manner. Test the robustness of your taxonomy by working backward.

    Step 4 – Work backward to test and align risk events and controls to the lowest level risk category.

    • A key function of IT risk management is to monitor and maintain internal controls.
    • Internal controls help to reduce the level of inherent risk to acceptable levels, known as residual risk.
    • As risks evolve, new controls may be needed to upgrade protection for tech infrastructure and strengthen connections between critical assets and third-party suppliers.

    Example – Third Party Risk

    Third Party Risk example.

    3.4 Test your IT taxonomy

    2-3 hours

    1. Leveraging the output from Activities 3.1 to 3.3 and your IT Risk Taxonomy Design Template, begin to test the robustness of the taxonomy by working backward from controls to level 1 IT risks.
    2. The lineage should show clearly that the control will mitigate the impact of a realized risk event. Refine the control or move the control to another level 1 risk type if the control will not sufficiently reduce the impact of a realized risk event.
    3. Once satisfied, update your risk register or your risk management software tool.

    Download Build an IT Risk Taxonomy Design Template

    InputOutput
    • Output from Activities 3.1 to 3.3
    • IT risk taxonomy documented in the IT Risk Taxonomy Design Template
    MaterialsParticipants
    • Whiteboard/flip charts
    • IT risk register
    • Build an IT Risk Taxonomy Workbook
    • CISO
    • Human resources
    • Corporate communications
    • CRO or risk owners
    • Business leaders

    Update risk register

    Step 5 – Once you are satisfied with your risk categories, update your risk registry with your IT risk taxonomy.

    Use Info-Tech’s Risk Register Tool or populate your internal risk software tool.

    Risk Register.

    Download Info-Tech’s Risk Register Tool

    Augment the risk event list using COBIT 2019 processes (Optional)

    Other industry-leading frameworks provide alternative ways of conceptualizing the functions and responsibilities of IT and may help you uncover additional risk events.

    1. Managed IT Management Framework
    2. Managed Strategy
    3. Managed Enterprise Architecture
    4. Managed Innovation
    5. Managed Portfolio
    6. Managed Budget and Costs
    7. Managed Human Resources
    8. Managed Relationships
    9. Managed Service Agreements
    10. Managed Vendors
    11. Managed Quality
    12. Managed Risk
    13. Managed Security
    14. Managed Data
    15. Managed Programs
    16. Managed Requirements Definition
    17. Managed Solutions Identification and Build
    18. Managed Availability and Capacity
    19. Managed Organizational Change Enablement
    20. Managed IT Changes
    21. Managed IT Change Acceptance and Transitioning
    22. Managed Knowledge
    23. Managed Assets
    24. Managed Configuration
    25. Managed Projects
    26. Managed Operations
    27. Managed Service Requests and Incidents
    28. Managed Problems
    29. Managed Continuity
    30. Managed Security Services
    31. Managed Business Process Controls
    32. Managed Performance and Conformance Monitoring
    33. Managed System of Internal Control
    34. Managed Compliance with External Requirements
    35. Managed Assurance
    36. Ensured Governance Framework Setting and Maintenance
    37. Ensured Benefits Delivery
    38. Ensured Risk Optimization
    39. Ensured Resource Optimization
    40. Ensured Stakeholder Engagement

    Example IT risk appetite

    When developing your risk appetite statements, ensure they are aligned to your organization’s risk appetite and success can be measured.

    Example IT Risk Appetite Statement

    Risk Type

    Technology Risk

    IT should establish a risk appetite statement for each level 1 IT risk type.

    Appetite Statement

    Our organization’s number-one priority is to provide high-quality trusted service to our customers. To meet this objective, critical systems must be highly performant and well protected from potential threats. To meet this objective, the following expectations have been established:

    • No appetite for unauthorized access to systems and confidential data.
    • Low appetite for service downtime.
      • Service availability objective of 99.9%.
      • Near real-time recovery of critical services – ideally within 30 minutes, no longer than 3 hours.

    The ideal risk appetite statement is qualitative and supported by quantitative measures.

    Risk Owner

    Chief Information Officer

    Ultimately, there is an accountable owner(s), but involve business and technology stakeholders when drafting to gain consensus.

    Risk Oversight

    Enterprise Risk Committee

    Supporting Framework(s)

    Business Continuity Management, Information Security, Internal Audit

    The number of supporting programs and frameworks will vary with the size of the organization.

    3.5 Draft your IT risk appetite statements

    Optional Activity

    2-3 hours

    1. Using your completed taxonomy and your organization’s risk appetite statement, draft an IT risk appetite statement for each level 1 risk in your workbook.
    2. Socialize the statements and gain approval.
    3. Add the approved risk appetite statements to your IT risk register.

    Download Build an IT Risk Taxonomy Workbook

    Input Output
    • Organization’s risk appetite statement
    • Build an IT Risk Taxonomy Workbook
    • IT Risk Taxonomy Design Template
    • IT risk appetite statements
    Materials Participants
    • Whiteboard/flip charts
    • Build an IT Risk Taxonomy Workbook
    • CISO, CIO
    • Human resources
    • Corporate communications
    • CRO or risk owners
    • Business leaders

    Key takeaways and next steps

    • The risk taxonomy is the backbone of a robust enterprise risk management program. A good taxonomy is frequently used and well understood.
    • Not only is the risk taxonomy used to assess organizational impact, but it is also used for risk reporting, scenarios analysis and horizon scanning, and risk appetite expression.
    • It is essential to capture IT risks within the ERM framework to fully understand the impact and allow for consistent risk discussions and meaningful aggregation.
    • Defining an IT risk taxonomy is a team sport, and organizations should strive to set up a cross-functional working group that is tasked with defining the taxonomy, monitoring its effectiveness, and ensuring continual improvement.
    • The work does not end when the taxonomy is complete. The taxonomy should be well socialized throughout the organization after inception through training and new policies and procedures. Ultimately, it should be an activity embedded into risk management practices.
    • The taxonomy is a living document and should be continually improved upon.

    3.6 Prepare to communicate the taxonomy internally

    1-2 hours

    To gain acceptance of your risk taxonomy within your organization, ensure it is well understood and used throughout the organization.

    1. Consider your audience and agree on the key elements you want to convey.
    2. Prepare your presentation.
    3. Test your presentation with a smaller group before communicating to senior leadership or the board.

    Coming soon: Look for our upcoming research Communicate Any IT Initiative.

    InputOutput
    • Build an IT Risk Taxonomy Workbook
    • Upcoming research: Communicate Any IT Initiative
    • Presentation
    MaterialsParticipants
    • Whiteboard/flip charts
    • Upcoming research: Communicate Any IT Initiative
    • Internal communication templates
    • CISO, CIO
    • Human resources
    • Corporate communications
    • CRO or risk owners
    • Business leaders

    Related Info-Tech Research

    Build an IT Risk Management Program

    • Use this blueprint to transform your ad hoc risk management processes into a formalized ongoing program and increase risk management success.
    • Learn how to take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest's risks before they occur.

    Integrate IT Risk Into Enterprise Risk

    • Use this blueprint to understand gaps in your organization’s approach to risk management.
    • Learn how to integrate IT risks into the foundational risk practice

    Coming Soon: Communicate Any IT initiative

    • Use this blueprint to compose an easy-to-understand presentation to convey the rationale of your initiative and plan of action.
    • Learn how to identify your target audience and tailor and deliver the message in an authentic and clear manner.

    Risk definitions

    Term Description
    Emergent Risk Risks that are poorly understood but expected to grow in significance.
    Residual Risk The amount of risk you have left after you have removed a source of risk or implemented a mitigation approach (controls, monitoring, assurance).
    Risk Acceptance If the risk is within the enterprise's risk tolerance or if the cost of otherwise mitigating the risk is higher than the potential loss, the enterprise can assume the risk and absorb any losses.
    Risk Appetite An organization’s general approach and attitude toward risk; the total exposed amount that an organization wishes to undertake on the basis of risk-return trade-offs for one or more desired and expected outcomes.
    Risk Assessment The process of estimating and evaluating risk.
    Risk Avoidance The risk response where an organization chooses not to perform a particular action or maintain an existing engagement due to the risk involved.
    Risk Event A risk occurrence (actual or potential) or a change of circumstances. Can consist of more than one occurrence or of something not happening. Can be referred to as an incident or accident.
    Risk Identification The process of finding, recognizing, describing, and documenting risks that could impact the achievement of objectives.
    Risk Management The capability and related activities used by an organization to identify and actively manage risks that affect its ability to achieve goals and strategic objectives. Includes principles, processes, and framework.
    Risk Likelihood The chance of a risk occurring. Usually measured mathematically using probability.
    Risk Management Policy Expresses an organization’s commitment to risk management and clarifies its use and direction.
    Risk Mitigation The risk response where an action is taken to reduce the impact or likelihood of a risk occurring.
    Risk Profile A written description of a set of risks.

    Risk definitions

    Term Description
    Risk Opportunity A cause/trigger of a risk with a positive outcome.
    Risk Owner The designated party responsible and accountable for ensuring that the risk is maintained in accordance with enterprise requirements.
    Risk Register A tool used to identify and document potential and active risks in an organization and to track the actions in place to manage each risk.
    Risk Response How you choose to respond to risk (accept, mitigate, transfer, or avoid).
    Risk Source The element that, alone or in combination, has potential to give rise to a risk. Usually this is the root cause of the risk.
    Risk Statement A description of the current conditions that may lead to the loss, and a description of the loss.
    Risk Tolerance The amount of risk you are prepared or able to accept (in terms of volume or impact); the amount of uncertainty an organization is willing to accept in the aggregate (or more narrowly within a certain business unit or for a specific risk category). Expressed in quantitative terms that can be monitored (such as volatility or deviation measures), risk tolerance often is communicated in terms of acceptable/unacceptable outcomes or as limited levels of risk. Risk tolerance statements identify the specific minimum and maximum levels beyond which the organization is unwilling to accept variations from the expected outcome.
    Risk Transfer The risk response where you transfer the risk to a third party.

    Research Contributors and Experts

    LynnAnn Brewer
    Director
    McLean & Company

    Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Valence Howden
    Principal Research Director
    Info-Tech Research Group

    John Kemp
    Executive Counsellor – Executive Services
    Info-Tech Research Group

    Brittany Lutes
    Research Director
    Info-Tech Research Group

    Carlene McCubbin
    Practice Lead – CIO Practice
    Info-Tech Research Group

    Frank Sargent
    Senior Workshop Director
    Info-Tech Research Group

    Frank Sewell
    Advisory Director
    Info-Tech Research Group

    Ida Siahaan
    Research Director
    Info-Tech Research Group

    Steve Willis
    Practice Lead – Data Practice
    Info-Tech Research Group

    Bibliography

    Andrea Tang, “Privacy Risk Management”. ISACA Journal, June 2020, Accessed January 2023
    Anthony Kruizinga, “Reshaping the risk taxonomy”. PwC, April 2021, Accessed January 2023
    Auditboard, "The Essentials of Integrated Risk Management (IRM)", June 2022, Accessed January 2023
    Brenda Boultwood, “How to Design an ERM-Friendly Risk Data Architecture”. Global Association of Risk Professionals, February 2020, Accessed January 2023
    BSI Standards Publication, "Risk Management Guidelines", ISO 31000, 2018
    Dan Swinhoe, "What is Physical Security, How to keep your facilities and devices safe from onsite attackers", August 2021, Accessed January 2023
    Eloise Gratton, “Data governance and privacy risk in Canada: A checklist for boards and c-suite”. Borden Ladner Gervais, November 2022 , Accessed January 2023
    European Union Agency for Cyber Security Glossary
    European Banking Authority, "Guidelines on ICT Risk Assessment under the Supervisory Review and Evaluation process (SREP)", September 2017, Accessed February 2023
    European Banking Authority, "Regulatory Framework for Mitigating Key Resilient Risks", Sept 2018, Accessed February 2023
    EY, "Seeking stability within volatility: How interdependent risks put CROs at the heart of the banking business", 12th annual EY/IFF global bank risk management survey, 2022, Accessed February 2023
    Financial Stability Board, "Cyber Lexicon", November 2018, Accessed February 2023
    Financial Stability Board, "Principles for Effective Risk Appetite Framework", November 2013, Accessed January 2023
    Forbes Technology Council, "14 Top Data Security Risks Every Business Should Address", January 2020, Accessed January 2023
    Frank Martens, Dr. Larry Rittenberg, "COSO, Risk Appetite Critical for Success, Using Risk Appetite to Thrive in a Changing World", May 2020, Accessed January 2023
    Gary Stoneurmer, Alice Goguen and Alexis Feringa, "NIST, Risk Management Guide for Information Technology Systems", Special Publication, 800-30, September 2012, Accessed February 2023
    Guy Pearce, "Real-World Data Resilience Demands and Integrated Approach to AI, Data Governance and the Cloud", ISACA Journal, May 2022
    InfoTech Tech Trends Report, 2023
    ISACA, "Getting Started with Risk Scenarios", 2022, Accessed February 2023
    James Kaplan, "Creating a technology risk and cyber risk appetite framework," McKinsey & Company, August 2022, Accessed February 2023
    Jean-Gregorie Manoukian, Wolters Kluwer, "Risk appetite and risk tolerance: what’s the difference?", Sept 2016, Accessed February 2023
    Jennifer Bayuk, “Technology’s Role in Enterprise Risk Management”, ISACA Journal, March 2018, Accessed in February 2023
    John Thackeray, "Global Association of Risk Professionals, 7 Key Elements of Effective ERM", January 2020, Accessed January 2023
    KPMG, "Regulatory rigor: Managing technology and cyber risk, How FRFI’s can achieve outcomes laid out in OSFI B-13", October 2022, Accessed January 2023
    Marc Chiapolino et al, “Risk and resilience priorities, as told by chief risk officers”, McKinsey and Company, December 2022, Accessed January 2023
    Mike Rost, Workiva, "5 Steps to Effective Strategic Management", Updated February 2023. Accessed February 2023
    NIST, "Risk Management Framework for Information Systems and Organization, The System Life Cycle Approach for Security and Privacy," December 2018, Accessed February 2023
    NIST, NISTIR, "Integrating CyberSecurity and Enterprise Risk", October 2020, Accessed February 2023
    Oliver Wyman, "The ORX Reference Taxonomy for operational and non-financial risk summary report", 2019, Accessed February 2023.
    Office of the Superintendent of Financial Institutions, "Operational Resilience Consultation Results Summary", December 2021, Accessed January 2023
    Open Risk Manual, Risk Taxonomy Definitions
    Ponemon. "Cost of a Data Breach Report 2021." IBM, July 2021. Web.
    Protiviti, "Executive Perspectives on Top Risks, 2023 & 2032, Key Issues being discussed in the boardroom and c-suite", February 2023, Accessed February 2023
    RIMS, ISACA, "Bridging the Digital Gap, How Collaboration Between IT and Risk Management can Enhance Value Creation", September 2019, Accessed February 2023
    Robert, R. Moeller, "COSO, Enterprise Risk Management, Second Edition, 2011", Accessed February 2023
    Robert Putrus, "Effective Reporting to the BoD on Critical Assets, Cyberthreats and Key Controls: The Qualitative and Quantitative Model", ISACA Journal, January 2021, Accessed January 2023
    Ron Brash, "Prioritizing Asset Risk Management in ICS Security", August 2020, Accessed February 2023
    Ronald Van Loon, "What is Data Culture and How to Implement it?", November 2023, Accessed February 2023
    SAS, "From Crisis to Opportunity, Redefining Risk Management", 2021Accessed January 2023
    Satori, Cloudian, "Data Protection and Privacy: 12 Ways to Protect User Data", Accessed January 2023
    Spector Information Security, "Building your Asset and Risk Register to Manage Technology Risk", November 2021, Accessed January 2023
    Talend, "What is data culture", Accessed February 2023
    Tom Schneider, "Managing Cyber Security Risk as Enterprise Risk", ISACA Journal, September 2022, Accessed February 2023
    Tony Martin –Vegue, "How to Write Strong Risk Scenarios and Statements", ISACA Journal, September 2021, Accessed February 2023
    The Wall Street Journal, "Making Data Risk a Top Priority", April 2018, Accessed February 2023

    Select the Optimal Disaster Recovery Deployment Model

    • Buy Link or Shortcode: {j2store}413|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $10,247 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • DR deployment has many possibilities. It becomes overwhelming and difficult to sift through all of the options and understand what makes sense for your organization.
    • The combination of high switching costs and the pressure to move applications to cloud leaves managers overwhelmed and complacent with their current DR model.

    Our Advice

    Critical Insight

    1. Cut to the chase and evaluate the feasibility of cloud first. Gauge your organization’s current capabilities for DR in the cloud before becoming infatuated with the idea.
    2. A mixed model gives you the best of both worlds. Diversify your strategy by identifying fit for purpose and balancing the work required to maintain various models.
    3. Begin with the end in mind. Commit to mastering the selected model and leverage your vendor relationship for effective DR.

    Impact and Result

    • By efficiently eliminating models that are not suited for your organization and narrowing the scope of DR deployment possibilities, you spend more time focusing on what works rather than what doesn’t.
    • Taking a funneled approach ensures that you are not wasting time evaluating application-level considerations when organizational constraints prevent you from moving forward.
    • Comparing the total cost of ownership among candidate models helps demonstrate to the business the reason behind choosing one method over another.

    Select the Optimal Disaster Recovery Deployment Model Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build the optimal DR deployment model, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Target the relevant DR options for your organization

    Complete Phase 1 to outline your DR site requirements, review any industry or organizational constraints on your DR strategy, and zero in on relevant DR models.

    • Select the Optimal Disaster Recovery Deployment Model – Phase 1: Target Relevant DR Options for Your Organization
    • DR Decision Tree (Visio)
    • DR Decision Tree (PDF)
    • Application Assessment Tool for Cloud DR

    2. Conduct a comprehensive analysis and vet the DR vendors

    Complete Phase 2 to explore possibilities of deployment models, conduct a TCO comparison analysis, and select the best-fit model.

    • Select the Optimal Disaster Recovery Deployment Model – Phase 2: Conduct a Comprehensive Analysis and Vet the DR Vendors
    • DR Solution TCO Comparison Tool

    3. Make the case and plan your transition

    Complete Phase 3 to assess outsourcing best practices, address implementation considerations, and build an executive presentation for business stakeholders.

    • Select the Optimal Disaster Recovery Deployment Model – Phase 3: Make the Case and Plan Your Transition
    • DR Solution Executive Presentation Template
    [infographic]

    Workshop: Select the Optimal Disaster Recovery Deployment Model

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Target Relevant DR Options for Your Organization

    The Purpose

    Identify potential DR models

    Key Benefits Achieved

    Take a funneled approach and avoid getting lost among all of the DR models available

    Activities

    1.1 Define DR site requirements

    1.2 Document industry and organizational constraints

    1.3 Identify potential DR models

    Outputs

    Determine the type of site, replication, and risk mitigation initiatives required

    Rule out unfit models

    DR Decision Tree

    Application Assessment Tool for Cloud DR

    2 Conduct a Comprehensive Analysis of Appropriate Models

    The Purpose

    Explore relevant DR models

    Key Benefits Achieved

    Develop supporting evidence for the various options

    Activities

    2.1 Explore pros and cons of potential solutions

    2.2 Understand the use case for DRaaS

    2.3 Review DR model diagrams

    Outputs

    Qualitative analysis on candidate models

    Evaluate the need for DRaaS

    DR diagrams for candidate models

    3 Build the DR Solution TCO Comparison Tool

    The Purpose

    Determine best cost models

    Key Benefits Achieved

    Save money by selecting the most cost effective option to meet your DR requirements

    Activities

    3.1 Gather hardware requirements for production site

    3.2 Define capacity requirements for DR

    3.3 Compare cost across various models

    Outputs

    Populate the production summary tab in TCO tool

    Understand how much hardware will need to be on standby and how much will be procured at the time of disaster

    Find the most cost effective method

    4 Make the Case and Plan Your Transition

    The Purpose

    Build support from business stakeholders by having a clear and defendable proposal for DR

    Key Benefits Achieved

    Effective and ready DR deployment model

    Activities

    4.1 Address implementation considerations for network, capacity, and day-to-day operations

    4.2 Build presentation for business stakeholders

    Outputs

    Define implementation projects necessary for deployment and appoint staff to execute them

    PowerPoint presentation to summarize findings from the course of the project

    Document and Maintain Your Disaster Recovery Plan

    • Buy Link or Shortcode: {j2store}417|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $52,224 Average $ Saved
    • member rating average days saved: 38 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Disaster recovery plan (DRP) documentation is often driven by audit or compliance requirements rather than aimed at the team that would need to execute recovery.
    • Between day-to-day IT projects and the difficulty of maintaining 300+ page manuals, DRP documentation is not updated and quickly becomes unreliable.
    • Inefficient publishing strategies result in your DRP not being accessible during disaster or key staff not knowing where to find the latest version.

    Our Advice

    Critical Insight

    • DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
    • Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
    • Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    Impact and Result

    • Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans. Don’t mix the two in an all-in-one plan that is not effective for either audience.
    • Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
    • Incorporate DRP maintenance into change management procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Document and Maintain Your Disaster Recovery Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt a visual-based DRP, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Streamline DRP documentation

    Start by documenting your recovery workflow. Create supporting documentation in the form of checklists, flowcharts, topology diagrams, and contact lists. Finally, summarize your DR capabilities in a DRP Summary Document for stakeholders and auditors.

    • Document and Maintain Your Disaster Recovery Plan – Phase 1: Streamline DRP Documentation

    2. Select the optimal DRP publishing strategy

    Select criteria for assessing DRP tools, and evaluate whether a business continuity management tool, document management solution, wiki site, or manually distributing documentation is best for your DR team.

    • Document and Maintain Your Disaster Recovery Plan – Phase 2: Select the Optimal DRP Publishing Strategy
    • DRP Publishing and Document Management Solution Evaluation Tool
    • BCM Tool – RFP Selection Criteria

    3. Keep your DRP relevant through maintenance best practices

    Learn how to integrate DRP maintenance into core IT processes, and learn what to look for during testing and during annual reviews of your DRP.

    • Document and Maintain Your Disaster Recovery Plan – Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices
    • Sample Project Intake Form Addendum for Disaster Recovery
    • Sample Change Management Checklist for Disaster Recovery
    • DRP Review Checklist
    • DRP-BCP Review Workflow (Visio)
    • DRP-BCP Review Workflow (PDF)

    4. Appendix: XMPL Case Study

    Model your DRP after the XMPL case study disaster recovery plan documentation.

    • Document and Maintain Your Disaster Recovery Plan – Appendix: XMPL Case Study
    • XMPL DRP Summary Document
    • XMPL Notification, Assessment, and Declaration Plan
    • XMPL Systems Recovery Playbook
    • XMPL Recovery Workflows (Visio)
    • XMPL Recovery Workflows (PDF)
    • XMPL Data Center and Network Diagrams (Visio)
    • XMPL Data Center and Network Diagrams (PDF)
    • XMPL DRP Business Impact Analysis Tool
    • XMPL DRP Workbook
    [infographic]

    Workshop: Document and Maintain Your Disaster Recovery Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Streamline DRP Documentation

    The Purpose

    Teach your team how to create visual-based documentation.

    Key Benefits Achieved

    Learn how to create visual-based DR documentation.

    Activities

    1.1 Conduct a table-top planning exercise.

    1.2 Document your high-level incident response plan.

    1.3 Identify documentation to include in your playbook.

    1.4 Create an initial collection of supplementary documentation.

    1.5 Discuss what further documentation is necessary for recovering from a disaster.

    1.6 Summarize your DR capabilities for stakeholders.

    Outputs

    Documented high-level incident response plan

    List of documentation action items

    Collection of 1-3 draft checklists, flowcharts, topology diagrams, and contact lists

    Action items for ensuring that the DRP is executable for both primary and backup DR personnel

    DRP Summary Document

    2 Select the Optimal DRP Publishing Strategy

    The Purpose

    Learn the considerations for publishing your DRP.

    Key Benefits Achieved

    Identify the best strategy for publishing your DRP.

    Activities

    2.1 Select criteria for assessing DRP tools.

    2.2 Evaluate categories for DRP tools.

    Outputs

    Strategy for publishing DRP

    3 Learn How to Keep Your DRP Relevant Through Maintenance Best Practices

    The Purpose

    Address the common pain point of unmaintained DRPs.

    Key Benefits Achieved

    Create an approach for maintaining your DRP.

    Activities

    3.1 Alter your project intake considerations.

    3.2 Integrate DR considerations into change management.

    3.3 Integrate documentation into performance measurement and performance management.

    3.4 Learn best practices for maintaining your DRP.

    Outputs

    Project Intake Form Addendum Template

    Change Management DRP Checklist Template

    Further reading

    Document and Maintain Your Disaster Recovery Plan

    Put your DRP on a diet – keep it fit, trim, and ready for action.

    ANALYST PERSPECTIVE

    The traditional disaster recovery plan (DRP) “red binder” is dead. It takes too long to create, it’s too hard to maintain, and it’s not usable in a crisis.

    “This blueprint outlines the following key tactics to streamline your documentation effort and produce a better result:

    • Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.
    • Use flowcharts, checklists, and diagrams over traditional manuals. This drives documentation that is more concise, easier to maintain, and effective in a crisis.
    • Create your DRP in layers to get tangible results faster, starting with a recovery workflow that outlines your DR strategy, and then build out the specific documentation needed to support recovery.”
      •
    (Frank Trovato, Research Director, Infrastructure, Info-Tech Research Group)

    This project is about DRP documentation after you have clarified your DR strategy; create these necessary inputs first

    These artifacts are the cornerstone for any disaster recovery plan.

    • Business Impact Analysis
    • DR Roles and Responsibilities
    • Recovery Workflow

    Missing a component? Start here. ➔ Create a Right-Sized Disaster Recovery Plan

    This blueprint walks you through building these inputs.
    Our approach saves clients on average US$16,825.22. (Clients self-reported an average saving of US$16,869.21 while completing the Create a Right-Sized Disaster Recovery Plan blueprint through advisory calls, guided implementations, or workshops (Info-Tech Research Group, 2017, N=129).)

    How this blueprint will help you document your DRP

    This Research is Designed For:

    • IT managers in charge of disaster recovery planning (DRP) and execution.
    • Organizations seeking to optimize their DRP using best-practice methodology.
    • Business continuity professionals that are involved with disaster recovery.

    This Research Will Help You:

    • Divide the process of creating DR documentation into manageable chunks, providing a defined scope for you to work in.
    • Identify an appropriate DRP document management and distribution strategy.
    • Ensure that DR documentation is up to date and accessible.

    This Research Will Also Assist:

    • IT managers preparing for a DR audit.
    • IT managers looking to incorporate components of DR into an IT operations document.

    This Research Will Help Them:

    • Follow a structured approach in building DR documentation using best practices.
    • Integrate DR into day-to-day IT operations.

    Executive summary

    Situation

    • DR documentation is often driven by audit or compliance requirements, rather than aimed at the team that would need to execute recovery.
    • Traditional DRPs are text-heavy, 300+ page manuals that are simply not usable in a crisis.
    • Compounding the problem, DR documentation is rarely updated, so it’s just shelf-ware.

    Complication

    • DRP is often given lower priority as day-to-day IT projects displace DR documentation efforts.
    • Inefficient publishing strategies result in your DRP not being accessible during disasters or key staff not knowing where to find the latest version.
    • Organizations that create traditional DRPs end up with massive manuals that are difficult to maintain, so they quickly become unreliable.

    Resolution

    • Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans – don’t mix the two into an all-in-one plan that is not effective for either audience.
    • Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
    • Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Info-Tech Insight

    1. DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
    2. Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
    3. Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    An effective DRP that mitigates a wide range of potential outages is critical to minimizing the impact of downtime

    The criticality of having an effective DRP is underestimated.

    Cost of Downtime for the Fortune 1000
    • Cost of unplanned apps downtime per year: $1.25B to $2.5B
    • Cost of critical apps failure per hour: $500,000 to $1M
    • Cost of infrastructure failure per hour: $100,000
    • 35% reported to have recovered within 12 hours.
    • 17% of infrastructure failures took more than 24 hours to recover.
    • 13% of application failures took more than 24 hours to recover.
    Size of Impact Increasing Across Industries
    • The cost of downtime is rising across the board and not just for organizations that traditionally depend on IT (e.g. e-commerce).
    • Downtime cost increase since 2010:
      • Hospitality: 129% increase
      • Transportation: 108% increase
      • Media organizations: 104% increase
    Potential Lost Revenue
    A line graph of Potential Lost Revenue with vertical axis 'LOSS ($)' and horizontal axis 'TIME'. The line starts with low losses near the origin where 'Incident Occurs', gradually accelerates to higher losses as time passes, then decelerates before 'All Revenue Lost'. Note: 'Delay in recovery causes exponential revenue loss'.
    (Adapted from: Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan (2007 Edition).)

    The impact of downtime increases significantly over time, not just in terms of lost revenue (as illustrated here) but also goodwill/reputation and health/safety. An effective DR solution and overall resiliency that mitigate a wide range of potential outages are critical to minimizing the impact of downtime.

    Without an effective DRP, your organization is gambling on being able to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks – and substantial impact.

    Only 38% of those with a full or mostly complete DRP believe their DRPs would be effective in a real crisis

    Organizations continue to struggle with creating DRPs, let alone making them actionable.

    Why are so many living with either an incomplete or ineffective DRP? For the same reasons that IT documentation in general continues to be a pain point:

    • It is an outdated model of what documentation should be – the traditional manual with detailed (lengthy) descriptions and procedures.
    • Despite the importance of DR, low priority is placed on creating a DRP and the day-to-day SOPs required to support a recovery.
    • There is a lack of effective processes for ensuring documentation stays up to date.
    A bar graph documenting percentages of survey responses about the completeness of their DRP. 'Only 20% of survey respondents indicated they have a complete DRP'. 13% said 'No DRP'. 33% said 'Partial DRP'. 34% said 'Mostly Completed'. 20% said 'Full DRP'.
    (Source: Info-Tech Research Group, N=165)     		A bar graph documenting percentages of survey responses about the level of confidence in their DRP. 'Only 38% of those who have a mostly completed or full DRP actually feel it would be effective in a crisis'. 4% said 'Low'. 58% said 'Unsure'. 38% said 'Confident'.
    (Source: Info-Tech Research Group, N=69 (includes only those who indicated DRP is mostly completed or completed))

    Improve usability and effectiveness with visual-based and more-concise documentation

    Choose flowcharts over process guides, checklists over lengthy procedures, and diagrams over descriptions.

    If you need a three-inch binder to hold your DRP, imagine having to flip through it to determine next steps during a crisis.

    DR documentation needs to be concise, scannable, and quickly understood to be effective. Visual-based documentation meets these requirements, so it’s no surprise that it also leads to higher DR success.

    DR success scores are based on:

    • Meeting recovery time objectives (RTOs).
    • Meeting recovery point objectives (RPOs).
    • IT staff’s confidence in their ability to meet RTOs/RPOs.
    A line graph of DR documentation types and their effectiveness. The vertical axis is 'DR Success', from Low to High. The horizontal axis is Documentation Type, from 'Traditional Manual' to 'Primarily flowcharts, checklists, and diagrams'. The line trends up to higher success with visual-based and more-concise documentation.(Source: Info-Tech Research Group, N=95)

    “Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow.” (Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management)

    Maintainability is another argument for visual-based, concise documentation

    There are two end goals for your DR documentation: effectiveness and maintainability. Without either, you will not have success during a disaster.

    Organizations using a visual-based approach were 30% more likely to find that DR documentation is easy to maintain. “Easy to maintain” leads to a 46% higher rate of DR success.
    Two bar graphs documenting survey responses regarding maintenance ease of DR documentation types. The first graph compares Traditional Manual vs Visual-based. For 'Traditional Manual' 72% responded they were Difficult to maintain while 28% responded they were Easy to maintain; for 'Visual-based' 42% responded they were Difficult to maintain while 58% responded they were Easy to maintain. Visual-based DR documentation received 30% more votes for Easy to Maintain. The second graph compares success rates of 'Difficult to Maintain' vs 'Easy to Maintain' DR documentation with Difficult being 31% and Easy being 77%, a 46% difference. 'Source: Info-Tech Research Group, N=96'.

    Not only are visual-based disaster recovery plans more effective, but they are also easier to maintain.

    Overcome documentation inertia with a tiered model that allows you to eat the elephant one bite at a time

    Start with a recovery workflow to at least ensure a coordinated response. Then use that workflow to determine required supporting documentation.

    Recovery Workflow: Starting the project with overly detailed documentation can slow down the entire process. Overcome planning inertia by starting with high-level incident response plans in a flowchart format. For examples and additional information, see XMPL Medical’s Recovery Workflows.

    Recovery Procedures (Systems Recovery Playbook): For each step in the high-level flowchart, create recovery procedures where necessary using additional flowcharts, checklists, and diagrams as appropriate. Leverage Info-Tech’s Systems Recovery Playbook example as a starting point.

    Additional Reference Documentation: Reference existing IT documentation, such as network diagrams and configuration documents, as well as more detailed step-by-step procedures where necessary (e.g. vendor documentation), particularly where needed to support alternate recovery staff who may not be as well versed as the primary system owners.

    Info-Tech Insight

    Organizations that use flowcharts, checklist, and diagrams over traditional, dense DRP manuals are far more likely to meet their RTOs/RPOs because their documentation is more usable and easier to maintain.

    Use a DRP summary document to satisfy executives, auditors, and clients

    Stakeholders don’t have time to sift through a pile of paper. Summarize your overall continuity capabilities in one, easy-to-read place.

    DRP Summary Document

    • Summarize BIA results
    • Summarize DR strategy (including DR sites)
    • Summarize backup strategy
    • Summarize testing and maintenance plans

    Follow Info-Tech’s methodology to make DRP documentation efficient and effective

    Phases

    		 Phase 1: Streamline DRP documentation Phase 2: Select the optimal DRP publishing strategy Phase 3: Keep your DRP relevant through maintenance best practices

    Phases

    1.1

    		 Start with a recovery workflow

    2.1

    		 Decide on a publishing strategy

    3.1

    		 Incorporate DRP maintenance into core IT processes

    1.2

    		 Create supporting DRP documentation

    3.2

    		 Conduct an annual focused review

    1.3

    		 Write the DRP Summary

    Tools and Templates

    		 End-to-End Sample DRP DRP Publishing Evaluation Tool Project In-take/Request Form

    Change Management Checklist

    Follow XMPL Medical’s journey through DR documentation

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

    Outline of the Disaster Recovery Plan

    XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

    Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

    Resulting Disaster Recovery Plan

    XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

    Disaster Recovery Plan
    • Recovery Workflow
    • Business Impact Analysis
    • DRP Summary
    • System Recovery Checklists
    • Communication, Assessment, and Disaster Declaration Plan

    Info-Tech Best Practice

    XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

    Model your disaster recovery documentation off of our example

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Recovery Workflow:

    • Recovery Workflows (PDF, VSDX)

    Recovery Procedures (Systems Recovery Playbook):

    • DR Notification, Assessment, and Disaster Declaration Plan
    • Systems Recovery Playbook
    • Network Topology Diagrams

    Additional Reference Documentation:

    • DRP Workbook
    • Business Impact Analysis
    • DRP Summary Document

    Use Info-Tech’s DRP Maturity Scorecard to evaluate your progress

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Document and Maintain Your Disaster Recovery Plan – Project Overview

    1. Streamline DRP Documentation 2. Select the Optimal DRP Publishing Strategy 3. Keep Your DRP Relevant
    Supporting Tool icon
    Best-Practice Toolkit

    1.1 Start with a recovery workflow

    1.2 Create supporting DRP documentation

    1.3 Write the DRP summary

    2.1 Create Committee Profiles

    3.1 Build Governance Structure Map

    3.2 Create Committee Profiles

    Guided Implementations
    • Review Info-Tech’s approach to DRP documentation.
    • Create a high-level recovery workflow.
    • Create supporting DRP documentation.
    • Write the DRP summary.
    • Identify criteria for selecting a DRP publishing strategy.
    • Select a DRP publishing strategy.
    • Optional: Select requirements for a BCM tool and issue an RFP.
    • Optional: Review responses to RFP.
    • Learn best practices for integrating DRP maintenance into day-to-day IT processes.
    • Learn best practices for DRP-focused reviews.
    Associated Activity icon
    Onsite Workshop     		Module 1:
    Streamline DRP documentation     		Module 2:
    Select the optimal DRP publishing strategy     		Module 3:
    Learn best practices for keeping your DRP relevant
    Phase 1 Outcome:
    • A complete end-to-end DRP
    		 Phase 2 Outcome:
    • Selection of a publishing and management tool for your DRP documentation
    		 Phase 3 Outcome:
    • Strategy for maintaining your DRP documentation

    Workshop Overview Associated Activity icon

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Info-Tech Analysts Finalize Deliverables
    Activities
    Assess DRP Maturity and Review Current Capabilities

    0.1 Assess current DRP maturity through Info-Tech’s Maturity Scorecard.

    0.2 Identify the IT systems that support mission-critical business activities, and select 2 or 3 key applications to be the focus of the workshop.

    0.3 Identify current recovery strategies for selected applications.

    0.4 Identify current DR challenges for selected applications.

    Document Your Recovery Workflow

    1.1 Create a recovery workflow: review tabletop planning, walk through DR scenarios, identify DR gaps, and determine how to fill them.

    Create Supporting Documentation

    1.2 Create supporting DRP documentation.

    1.3 Write the DRP summary.

    Establish a DRP Publishing, Management, and Maintenance Strategy

    2.1 Decide on a publishing strategy.

    3.1 Incorporate DRP maintenance into core IT.

    3.2 Considerations for reviewing your DRP regularly.

    Deliverables
    1. Baseline DRP metric (based on DRP Maturity Scorecard)
    1. High-level DRP workflow
    2. DRP gaps and risks identified
    1. Recovery workflow and/or checklist for sample of IT systems
    2. Customized DRP Summary Template
    1. Strategy for selecting a DRP publishing tool
    2. DRP management and maintenance strategy
    3. Workshop summary presentation deck

    Workshop Goal: Learn how to document and maintain your DRP.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.


    Phase 1: Streamline DRP Documentation

    Step 1.1: Start with a recovery workflow

    PHASE 1
    PHASE 2
    PHASE 3
    1.1 1.2 1.3 2.1 3.1 3.2
    Start with a Recovery Workflow Create Supporting Documentation Write the DRP Summary Select DRP Publishing Strategy Integrate into Core IT Processes Conduct an Annual Focused Review

    This step will walk you through the following activities:

    • Review a model DRP.
    • Review your recovery workflow.
    • Identify documentation required to support the recovery workflow.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Alternate DR Personnel

    Outcomes of this step

    • Understanding the visual-based, concise approach to DR documentation.
    • Creating a recovery workflow that provides a roadmap for coordinating incident response and identifying required supporting documentation.

    Info-Tech Insights

    A DRP is a collection of procedures and supporting documents that allow an organization to recover its IT services to minimize system downtime for the business.

    1.1 — Start with a recovery workflow to ensure a coordinated response and identify required supporting documentation

    The recovery workflow clarifies your DR strategy and ensures the DR team is on the same page.

    Recovery Workflow

    The recovery workflow maps out the incident response plan from event detection, assessment, and declaration to systems recovery and validation.

    This documentation includes:

    • Clarifying initial incident response steps.
    • Clarifying the order of systems recovery and which recovery actions can occur concurrently.
    • Estimating actual recovery timeline through each stage of recovery.
    Recovery Procedures (Playbook)
    Additional Reference Documentation

    “We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management.” (Assistant Director-IT Operations, Healthcare Industry)

    Review business impact analysis (BIA) results to plan your recovery workflow

    The BIA defines system criticality from the business’s perspective. Use it to guide system recovery order.

    Specifically, review the following from your BIA:

    • The list of tier 1, 2, and 3 applications. This will dictate the recovery order in your recovery workflow.
    • Application dependencies. This will outline what needs to be included as part of an application recovery workflow.
    • The recovery time objective (RTO) and recovery point objective (RPO) for each application. This will also guide the recovery, and enable you to identify gaps where the recovery workflow does not meet RTOs and RPOs.

    CASE STUDY: The XMPL DRP documentation is based on this Business Impact Analysis Tool.

    Haven’t conducted a BIA? Use Info-Tech’s streamlined approach.

    Info-Tech’s publication Create a Right-Sized Disaster Recovery Plan takes a very practical approach to BIA work. Our process gives IT leaders a mechanism to quickly get agreement on system recovery order and DR investment priorities.

    Conduct a tabletop planning exercise to determine your recovery workflow

    Associated Activity icon 1.1.1 Tabletop Planning Exercise

    1. Define a scenario to drive the tabletop planning exercise:
      • Use a scenario that forces a full failover to your DR environment, so you can capture an end-to-end recovery workflow.
      • Avoid scenarios that impact health and safety such as tornados or a fire. You want to focus on IT recovery.
      • Example scenarios: Burst water pipe that causes data-center-wide damage or a gas leak that forces evacuation and power to be shut down for at least two days.

    Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

    Info-Tech Insight

    Use scenarios to provide context for DR planning, and to test your plans, but don’t create a separate plan for every possibility.

    The high-level recovery plan will be the same whether the incident is a fire, flood, or tornado. While there might be some variances and outliers, these scenarios can be addressed by adding decision points and/or separate, supplementary instructions.

    Walk through the scenario and capture the recovery workflow

    Associated Activity icon 1.1.2 Tabletop Planning Exercise
    1. Capture the following information for tier 1, tier 2, and tier 3 systems:
      1. On white cue cards, record the steps and track start and end times for each step (where 00:00 is when the incident occurred).
      2. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
      3. On red cue cards, indicate risks (e.g. no backup person for a key staff member).

    Note:

    • Ensure the language is sufficiently genericized (e.g. refer to events, not specifically a burst water pipe).
    • Review isolated failures (e.g. hardware, software). Typically, the recovery procedure documented for individual systems covers the essence of the recovery workflow whether it’s just the one system that failed or it’s part of a site-wide recovery.

    Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

    Document your current-state recovery workflow based on the results of the tabletop planning

    Supporting Tool icon 1.1.2 Incident Response Plan Flowcharts, Tabs 2 and 3

    After you finish the tabletop planning exercise, the steps on the set of cue cards define your recovery workflow. Capture this in a flowchart format.

    Use the sample DRP to guide your own flowchart. Some notes on the example are:

    • XMPL’s Incident Management to DR flowchart shows the connection between its standard Service Desk processes and DR processes.
    • XMPL’s high-level workflows outline its recovery of tier 1, 2, and 3 systems.
    • Where more detail is required, include links to supporting documentation. In this example, XMPL Medical includes links to its Systems Recovery Playbook.
    Preview of an Info-Tech Template depicting a sample flowchart.

    This sample flowchart is included in XMPL Recovery Workflows.

    Step 1.2: Create Supporting DRP Documentation

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Create checklists for your playbook.
    • Document more complex procedures with flowcharts.
    • Gather and/or write network topology diagrams.
    • Compile a contact list.
    • Ensure there is enough material for backup personnel.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Backup DR Personnel

    Outcomes of this step

    • Actionable supporting documentation for your disaster recovery plan.
    • Contact list for IT personnel, business personnel, and vendor support.

    1.2 — Create supporting documentation for your disaster recovery plan

    Now that you have a high-level incident response plan, collect the information you need for executing that plan.

    Recovery Workflow

    Write your recovery procedures playbook to be effective and usable. Your playbook documentation should include:

    • Supplementary flowcharts
    • Checklists
    • Topology diagrams
    • Contact lists
    • DRP summary

    Reference vendors’ technical information in your flowcharts and checklists where appropriate.

    Recovery Procedures (Playbook)

    Additional Reference Documentation

    Info-Tech Insight

    Write for your audience. The playbook is for IT; include only the information they need to execute the plan. DRP summaries are for executives and auditors; do not include information intended for IT. Similarly, your disaster recovery plan is not for business units; keep BCP content out of your DRP.

    Use checklists to streamline step-by-step procedures

    Supporting Tool icon 1.2.1 XMPL Medical’s System Recovery Checklists

    Checklists are ideal when staff just need a reminder of what to do, not how to do it.

    XMPL Medical used its high-level flowcharts as a roadmap for creating its Systems Recovery Playbook.

    • Since its Playbook is intended for experienced IT staff, the writing style in the checklists is concise. XMPL includes links to reference material to support recovery, especially for alternate staff who might need additional instruction.
    • XMPL includes key parameters (e.g. IP addresses) rather than assume those details would be memorized, especially in a stressful DR scenario.
    • Similarly, include links to other useful resources such as VM templates.
    Preview of the Info-Tech Template 'Systems Recovery Playbook'.

    Included in the XMPL Systems Recovery Playbook are checklists for recovering XMPL’s virtual desktop infrastructure, mission-critical applications, and core infrastructure components.

    Use flowcharts to document processes with concurrent tasks not easily captured in a checklist

    Supporting Tool icon 1.2.2 XMPL Medical’s Phone Services Recovery Flowchart

    Recovery procedures can consist of flowcharts, checklists, or both, as well as diagrams. The main goal is to be clear and concise.

    • XMPL Medical created a flowchart to capture its phone services recovery procedure to capture concurrent tasks.
    • Additional instructions, where required, could still be captured in a Playbook checklist or other supporting documentation.
    • The flowchart could have also included key settings or other details as appropriate, particularly if the DR team chose to maintain this recovery procedure just in a flowchart format.
    Preview of the Info-Tech Template 'Recovery Workflows'.

    Included in the XMPL DR documentation is an example flowchart for recovering phone systems. This flowchart is in Recovery Workflows.

    Reference this blueprint for more SOP flowchart examples: Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Use topology diagrams to capture network layout, integrations, and system information

    Supporting Tool icon 1.2.4 XMPL Medical’s Data Center and Network Diagrams

    Topology diagrams, key checklists, and configuration settings are often enough for experienced networking staff to carry out their DR tasks.

    • XMPL Medical includes these diagrams with its DRP. Instead of recreating these diagrams, the XMPL Medical DR Manager asked their network team for these diagrams:
      • Primary data center diagram
      • DR site diagram
      • High-level network diagrams
    • Often, organizations already have network topology diagrams for reference purposes.

    “Our network engineers came to me and said our standard SOP template didn't work for them. They're now using a lot of diagrams and flowcharts, and that has worked out better for them.” (Assistant Director-IT Operations, Healthcare Industry)

    Preview of the Info-Tech Template 'Systems Recovery Playbook'.

    You can download a PDF and a VSD version of these Data Center and Network Diagrams from Info-Tech’s website.

    Create a list of organizational, IT, and vendor contacts that may be required to assist with recovery

    If there is something strange happening to your IT infrastructure, who you gonna call?

    Many DR managers have their team on speed dial. However, having the contact info of alternate staff, BCP leads, and vendors can be very helpful during a disaster. XMPL Medical lists the following information in its DRP Workbook:

    • The DR Teams, SMEs critical to disaster recovery, their backups, and key contacts (e.g. BC Management team leads, vendor contacts) that would be involved in:
      • Declaring a disaster.
      • Coordinating a response at an organizational level.
      • Executing recovery.
    • The people that have authority to declare a disaster.
    • Each person’s spending authority.
    • The rules for delegating authority.
    • Primary and alternate staff for each role.
    Example list of alternate staff, BCP leads, and vendors.

    Confirm with your DR team that you have all of the documentation that you need to recover during a disaster

    Associated Activity icon 1.2.7 Group Discussion

    DISCUSS: Is there enough information in your DRP for both primary and backup DR personnel?

    • Is it clear who is responsible for each DR task, including notification steps?
    • Have alternate staff for each role been identified?
    • Does the recovery workflow capture all of the high-level steps?
    • Is there enough documentation for alternate staff (e.g. network specs)?

    Step 1.3: Write the DRP Summary

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Write a DRP summary document.

    This step involves the following participants:

    • DRP Owner

    Outcomes of this step

    • High-level outline of your DRP capabilities for stakeholders such as executives, auditors, and clients.

    Summarize your DR capabilities using a DRP summary document

    Supporting Tool icon 1.3.1 DRP Summary Document

    The sample included on Info-Tech’s website is customized for the XMPL Medical Case Study – use the download as a starting point for your own summary document.

    DRP Summary Document

    XMPL’s DRP Summary is organized into the following categories:

    • DR requirements: This includes a summary of scope, business impact analysis (BIA), risk assessment, and high-level RTOs and achievable RTOs.
    • DR strategy: This includes a summary of XMPL’s recovery procedures, DR site, and backup strategy.
    • Testing and maintenance: This includes a summary of XMPL’s DRP testing and maintenance strategy.

    Be transparent about existing business risks in your DRP summary

    The DRP summary document is business facing. Include information of which business leaders (and other stakeholders) need to be aware.

    • Discrepancies between desired and achievable RTOs? Organizational leadership needs to know this information. Only then can they assign the resources and budget that IT needs to achieve the desired DR capabilities.
    • What is the DRP’s scope? XMPL Medical lists the IT components that will be recovered during a disaster, and components which will not. For instance, XMPL’s DRP does not recover medical equipment, and XMPL has separate plans for business continuity and emergency response coordination.
    Application tier Desired RTO (hh:mm) Desired RPO (hh:mm) Achievable RTO (hh:mm) Achievable RPO (hh:mm)
    Tier 1 4:00 1:00 *90:00 1:00
    Tier 2 8:00 1:00 *40:00 1:00
    Tier 3 48:00 24:00 *96:00 24:00

    The above table to is a snippet from the XMPL DR Summary Document (section 2.1.3.2).

    In the example, the DR team is unable to recover tier 1, 2, and 3 systems within the desired RTO. As such, they clearly communicate this information in the DRP summary, and include action items to address these gaps.

    Phase 2: Select the Optimal DRP Publishing Strategy

    Step 2.1: Select a DRP Publishing Strategy

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Select criteria for assessing DRP tools.
    • Evaluate categories for DRP tools.
    • Optional: Write an RFP for a BCM tool.

    This step involves the following participants:

    • DRP Owner

    Outcomes of this step

    • Identified strategies for publishing your DRP (i.e. making it available to your DR team).

    Info-Tech Insights

    Diversify your publishing strategy to ensure you can access your DRP in a disaster. For example, if you are using a BCM tool or SharePoint Online as your primary documentation repository, also push the DRP to your DR team’s smartphones as a backup in case the disaster affects internet access.

    2.1 — Select a DR publishing and document management strategy that fits your organization

    Publishing and document management considerations:

    Portability/External Access: Assume your primary site is down and inaccessible. Can you still access your documentation? As shown in this chart, traditional strategies of either keeping a copy at another location (e.g. at the failover site) or with staff (e.g. on a USB drive) still dominate, but these aren’t necessarily the best options.
    		A bar chart titled 'Portability Strategy Popularity'. 'External Website (wiki site, cloud-based DRP tool, etc.)' scored 16%. 'Failover Site (network drive or redundant SharePoint, etc.)' scored 53%. 'Distribute to Staff (use USB drive, personal email, etc.)' scored 50%. 'Not Accessible Offsite' scored 7%.
    Note: Percentages total more than 100% due to respondents using more than one portability strategy.
    (Source: Info-Tech Research Group, N=118)
    Maintainability/Usability: How easy is it to create, update, and use the documentation? Is it easy to link to other documents as shown in the flowchart and checklist examples? Is there version control? Lack of version control can create a maintenance nightmare as well as issues in a crisis if staff are questioning whether they have the right version.
    Cost/Effort: Is the cost and effort appropriate? For example, a large enterprise may need a formal solution (e.g. DRP tools or SharePoint), but the cost might be hard to justify for a smaller company.

    Pros and cons of potential strategies

    This section will review the following strategies, their pros and cons, and how they meet publishing and document management requirements:

    • DRP tools (e.g. eBRP, Recovery Planner, LDRPS)
    • In-house solutions combining SharePoint and MS Office (or equivalent)
    • Wiki site
    • “Manual” approaches such as storing documents on a USB drive

    Avoid 42 hours of downtime due to a non-diversified publishing strategy

    CASE STUDY

    Industry Municipality
    Source Interview

    Situation

    • A municipal government has recently completed an end-to-end disaster recovery plan.
    • The team is feeling good about the fact that they were able to identify:
      • Relative criticality of applications.
      • Dependencies for each application.
      • Incident response plans for the current state and desired state.
      • System recovery procedures.

    Challenge

    • While the DR plan itself was comprehensive, the team only published the DR onto the government’s network drives.
    • A power generation issue caused power to be shut down, which in turn cascaded into downtime for the network.
    • Once the network was down, their DRP was inaccessible.

    Insights

    • Each piece of documentation that was created could have contributed to recovery efforts. However, because they were inaccessible, there was a delayed response to the incident. The result was 42 hours of downtime for end users.
    • Having redundant publishing strategies is just like having redundant IT infrastructure. In the event of downtime, not only do you need to have DR documentation, but you also need to make sure that it is accessible.

    Decide on a DR publishing strategy by looking at portability, maintainability, cost, and required effort

    Supporting Tool icon 2.1.1 DRP Publishing and Management Evaluation Tool

    Use the information included in Step 2.1 to guide your analysis of DRP publishing solutions.

    The tool enables you to compare two possible solutions based on these key considerations discussed in this section:

    • Portability/external access
    • Maintainability/usability
    • Cost
    • Effort

    The right choice will depend on factors such as current in-house tools, maturity around document management, the size of your IT department, and so on.

    For example, a small shop may do very well with the USB drive strategy, whereas a multi-national company will need a more formal strategy to manage consistent DRP distribution.

    Preview of Info-Tech's 'DRP Publishing and Management Solution Evaluation Tool'.

    The DRP Publishing and Management Solution Evaluation Tool helps you to evaluate the tools included in this section.

    Don’t think of a business continuity management (BCM) tool as a silver bullet; know what you’re getting out of it

    Portability/External Access:
    • Pros: Typically a SaaS option provides built-in external access with appropriate security and user administration to vary access rights.
    • Cons: Degree of external access is often dependent on the vendor.
    Maintainability/Usability:
    • Pros: Built-in templates encourage consistency and guide initial content development by indicating what details need to be captured.
    • Pros: Built-in document management (e.g. version control, metadata support), centralized access/navigation to required documents, and some automation (e.g. update contacts throughout the system).
    • Cons: Not a silver bullet. You still have to do the work to define and capture your processes.
    • Cons: Requires end-user and administrator training.
    Cost/Effort:
    • Pros: For large enterprises, the convenience of built-in document management and templates can outweigh the cost.
    • Cons: Expect leading DRP tools to cost $20K or more per year.

    About this approach:
    BCM tools are solutions that provide templates, tools, and document management to create BC and DR documentation.

    Info-Tech Insight

    The business case for a BCM tool is built by answering the following questions:

    • Will the BCM tool solve an unmet need?
    • Will the tool be more effective and efficient than an in-house solution?
    • Will the solution provide enhanced capabilities that an in-house solution cannot provide?

    If you cannot get a satisfactory answer to each of these questions, then opt for an in-house solution.

    “We explored a DRP tool, and it was something we might have used, but it was tens of thousands of pounds per year, so it didn’t stack up financially for us at all.” (Rik Toms, Head of Strategy – IP and IT, Cable and Wireless Communications)

    For in-house solutions, leverage tools such as SharePoint to provide document management capabilities

    Portability/External Access:
    • Pros: SharePoint is commonly web-enabled and supports external access with appropriate security and user administration.
    • Cons: Must be installed at redundant sites or be cloud-based to be effective in a crisis that takes down your primary data center.
    Maintainability/Usability:
    • Pros: Built-in document management (e.g. version control, metadata support) as well as centralized access/navigation to required documents.
    • Pros: No tool learning curve – SharePoint and MS Office would be existing solutions already used on a daily basis.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Using existing tools, so this is a sunk cost in terms of capex.
    • Cons: Additional effort required to create templates and manage the documentation library.

    About this approach:
    DRPs and SOPs most often start as MS Office documents, even if there is a DRP tool available. For organizations that elect to bypass a formal DRP tool, and most do, the biggest gap they have to overcome is document management.

    Many organizations are turning to SharePoint to meet this need. For those that already have SharePoint in place, it makes sense to further leverage SharePoint for DR documentation and day-to-day SOPs.

    For SharePoint to be a practical solution, the documentation must still be accessible if the primary data center is down, e.g. by having redundant SharePoint instances at multiple in-house locations, or using a cloud-based SharePoint solution.

    “Just about everything that a DR planning tool does, you can do yourself using homegrown solutions or tools that you're already familiar with such as Word, Excel, and SharePoint.” (Allen Zuk, President and CEO, Sierra Management Consulting)

    A healthcare company uses SharePoint as its DRP and SOP documentation management solution

    CASE STUDY Healthcare

    • This organization is responsible for 50 medical facilities across three states.
    • It explored DRP tools, but didn’t find the right fit, so it has developed an in-house solution based in SharePoint. While DRP tools have improved, the organization no longer needs that type of solution. Its in-house solution is meeting its needs.
    • It has SharePoint instances at multiple locations to ensure availability if one site is down.

    Documentation Strategy

    • Created an IT operations library in SharePoint for DR and SOPs, from basic support to bare-metal restore procedures.
    • SOPs are linked from SharePoint to the virtual help desk for greater accessibility.
    • Where practical, diagrams and flowcharts are used, e.g. DR process flowcharts and network services SOPs dominated by diagrams and flowcharts.

    Management Strategy

    • Directors and the CIO have made finishing off SOPs their performance improvement objective for the year. The result is staff have made time to get this work done.
    • Status updates are posted monthly, and documentation is a regular agenda item in leadership meetings.
    • Regular tabletop testing validates documentation and ensures familiarity with procedures, including where to find required information.

    Results

    • Dependency on a few key individuals has been reduced. All relevant staff know what they need to do and where to access required documentation.
    • SOPs are enabling DR training as well as day-to-day operations training for new staff.
    • The organization has a high confidence in its ability to recovery from a disaster within established timelines.

    Explore using a wiki site as an inexpensive alternative to SharePoint and other content management solutions

    Portability/External Access:
    • Pros: Wiki sites can support external access as with any web solution.
    • Cons: Must be installed at redundant sites, hosted, or cloud-based to be effective in a crisis that takes down your primary data center.
    Maintainability/Usability:
    • Pros: Built-in document management (version control, metadata support, etc.) as well as centralized access/navigation to required information.
    • Pros: Authorized users can make updates dynamically, depending on how much restriction you have on the site.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: An inexpensive option compared to traditional content management solutions such as SharePoint.
    • Cons: Learning curve if wikis are new to your organization.

    About this approach:
    Wiki sites are websites where users collaborate to create and edit the content. Wikipedia is an example.

    While wiki sites are typically used for collaboration and dynamic content development, the traditional collaborative authoring model can be restricted to provide structure and an approval process.

    Several tools are available to create and manage wiki sites (and other collaboration solutions), as outlined in the following research:

    Info-Tech Insight

    If your organization is not already using wiki sites, this technology can introduce a culture shock. Start slow by using a wiki site within a specific department or for a particular project. Then evaluate how well your staff adapt to this technology as well as its potential effectiveness in your organization. Refer to our collaboration strategy research for additional guidance.

    For small IT shops, distributing documentation to key staff (e.g. via a USB drive) can still be effective

    Portability/External Access:
    • Pros: Appropriate staff have the documentation with them; there is no need to log into a remote site or access a tool to get at the information.
    • Cons: Relies on staff to be diligent about ensuring they have the latest documentation and keep it with them (not leave it in their desk drawer).
    Maintainability/Usability:
    • Pros: With this strategy, MS Office (or equivalent) is used to create and maintain the documentation, so there is no learning curve.
    • Pros: Simple, straightforward methodology – keep the master on a network drive, and download a copy to your USB drive.
    • Cons: No built-in automation (e.g. automated updates to contact information) or document management (e.g. version control).
    • Cons: Consistency depends on creating templates and implementing rigid processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Little to no cost and no tool management required.
    • Cons: “Manual” document management requires strict attention to process for version control, updates, approvals, and distribution.

    About this approach:
    With this strategy, your ERT and key IT staff keep a copy of your DRP and relevant documentation with them (e.g. on a USB drive). If the primary site experiences a major event, they have ready access to the documentation.

    Fifty percent of respondents in our recent survey use this strategy. A common scenario is to use a shared network drive or a solution such as SharePoint as the master centralized repository, but distribute a copy to key staff.

    Info-Tech Insight

    This approach can have similar disadvantages as using hard copies. Ensuring the USB drives are up to date, and that all staff who might need access have a copy, can become a burdensome process. More often, USB drives are updated periodically, so there is the risk that the information will be out of date or incomplete.

    Avoid extensive use of paper copies of DR documentation

    DR documents need to be easy to update, accessible from anywhere, and searchable. Paper doesn’t meet these needs.

    Portability/External Access:
    • Pros: Does not rely on technology or power.
    • Cons: Requires all staff who might be involved in a DR to have a copy, and to have it with them at all times, to truly have access at any time from anywhere.
    Maintainability/Usability:
    • Pros: In terms of usability, again there is no dependence on technology.
    • Cons: Updates need to be printed and distributed to all relevant staff every time there is a change to ensure staff have access to the latest, most accurate documentation if a disaster occurred. You can’t schedule disasters, so information needs to be current all the time.
    • Cons: Navigation to other information is manual – flipping through pages, etc. No searching or hyperlinks.
    Cost/Effort:
    • Pros: No technology system to maintain, aside from what you use for printing.
    • Cons: Printing expenses are actually among the highest incurred by organizations, and this adds to it.
    • Cons: Labor intensive due to need to print and physically distribute documentation updates.

    About this approach:
    Traditionally DRPs are printed and distributed to managers and/or kept in a central location at both the primary site and a secondary site. In addition, wallet cards are distributed that contain key information such as contact numbers.

    A wallet card or even a few printed copies of your high-level DRP for general reference can be helpful, but paper is not a practical solution for your overall DR documentation library, particularly when you include SOPs for recovery procedures.

    One argument in favor of paper is there is no dependency on power during a crisis. However, in a power outage, staff can use smartphones and potentially laptops (with battery power) to access electronically stored documentation to get through first response steps. In addition, your DR site should have backup power to be an appropriate recovery site.

    Optional: Partial list of BCM tool vendors

    A partial list of BCM tool vendors, including: Business Protector, catalyst, clearview, ContinuityLogic. Fusion, Logic Manager, Quantivate, RecoveryPlanner.com, MetricStream, SimpleRisk, riskonnect, Strategic BCP - ResilienceONE, RSA, and Sungard Availability Services.

    The list is only a partial list of BCM tool vendors. The order in which vendors are presented, and inclusion in this list, does not represent an endorsement.

    Optional: Use our list of requirements as a foundation for selecting and reviewing BCM tools

    Supporting Tool icon 2.1.2 BCM Tool – RFP Selection Criteria

    If a BCM tool is the best option for your environment, expedite the evaluation process with our BCM Tool – RFP Selection Criteria.

    Through advisory services, workshops, and consulting engagements, we have created this BCM Tool Requirements List. The featured requirements includes the following categories:

    1. Integrations
    2. Planning and Monitoring
    3. Administration
    4. Architecture
    5. Security
    6. Support and Training
    Preview of the Info-Tech template 'BCM Tool – RFP Selection Criteria'.

    This BCM Tool – RFP Selection Criteria can be appended to an RFP. You can leverage Info-Tech’s RFP Template if your organization does not have one.

    Info-Tech can write full RFPs

    As part of a consulting engagement, Info-Tech can write RFPs for BCM tools and provide a customized scoring tool based on your environment’s unique requirements.

    Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices

    Step 3.1: Integrate DRP maintenance into core IT processes

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Integrate DRP maintenance with Project Management.
    • Integrate DRP considerations into Change Management.
    • Integrate with Performance Management.

    This step involves the following participants:

    • DRP Owner
    • Head of Project Management Office
    • Head of Change Advisory Board
    • CIO

    Outcomes of this step

    • Updated project intake form.
    • Updated change management practice.
    • Updated performance appraisals.

    3.1 — Incorporate DRP maintenance into core IT processes

    Focusing on these three processes will help ensure that your plan stays current, accurate, and usable.

    The Info-Tech / COBIT5 'IT Management and Governance Framework' with three processes highlighted: 'MEA01 Performance Measurement', 'BAI06 Change Management', and 'BAI01 Project Management'.

    Info-Tech Best Practice

    Prioritize quick wins that will have large benefits. The advice presented in this section offers easy ways to help keep your DRP up to date. These simple solutions can save a lot of time and effort for your DRP team as opposed to more intricate changes to the processes above.

    Assess how new projects impact service criticality and DR requirements upfront during project intake

    		 Icon for process 'BAI01 Project Management'.
    Supporting Tool icon 3.1.1 Sample Project Intake Form Addendum

    Understand the RTO/RPO requirements and IT impacts for new or enhanced services to ensure appropriate provisioning and overall DRP updates.

    • Have submitters include service continuity requirements. This information can be inserted into your business impact analysis. Use similar language that you use in your own BIA.
      • The submitter should know how critical the resulting project will be. Any items that the submitter doesn’t know, the Project Steering Committee should investigate.
    • Have IT assess the impact on the DRP. The submitter will not know how the DRP will be impacted directly. Ask the project committee to consider how DRP documentation and the DR environment will need to be changed due to the project under consideration.

    Note: The goal is not to make DR a roadblock, but rather to ensure project requirements will be met – including availability and DR requirements.

    Preview of the Info-Tech template 'Project Intake Form'.

    This Project Intake Form asks the submitter to fill out the availability and criticality requirements for the project.

    Leverage your change management process to identify required DRP updates as they occur

    		 Icon for process 'BAI06 Change Management'.

    Avoid the year-end rush to update your DRP. Keeping it up to date as changes occur saves time in the long run and ensures your plan is accurate when you need it.

    • As part of your change management process, identify potential updates to:
      • System documentation (e.g. configuration settings).
      • Recovery procedures (e.g. if a system has been virtualized, that changes the recovery procedure).
      • Your DR environment (e.g. system configuration updates for standby systems).
    • Keep track of how often a system has changed. Relevant DRP documentation might be due for a deeper review:
      • After a system has been changed ten times (even from routine changes), notify your DRP Manager to flag the relevant DRP documentation for review.
      • As part of formal DRP reviews, pay closer attention to DRP documentation for the flagged systems.
    Preview of the Info-Tech template 'Disaster Recovery Change Management'.

    This template asks the submitter to fill out the availability and criticality requirements for the project.

    For change management best practices beyond DRP considerations, please see Optimize Change Management.

    Integrate documentation into performance measurement and performance management

    		 Icon for process 'MEA01 Performance Measurement'.

    Documentation is a necessary evil – few like to create it and more immediate tasks take priority. If it isn’t scheduled and prioritized, it won’t happen.

    Why documentation is such a challenge

    How management can address these challenges
    We all know that IT staff typically do not like to write documentation. That’s not why they were hired, and good documentation is not what gets them promoted. Include documentation deliverables in your IT staff’s performance appraisal to stress the importance of ensuring documentation is up to date, especially where it might impact DR success.
    Similarly, documentation is secondary to more urgent tasks. Time to write documentation is often not allocated by project managers. Schedule time for developing documentation, just like any other project, or it won’t happen.
    Writing manuals is typically a time-intensive task. Focus on what is necessary for another experienced IT professional to execute the recovery. As discussed earlier, often a diagram or checklist is good enough and actually far more usable in a crisis.

    “Our directors and our CIO have tied SOP work to performance evaluations, and SOP status is reviewed during management meetings. People have now found time to get this work done.” (Assistant Director – IT Operations, Healthcare Industry)

    Step 3.2: Conduct an Annual Focused Review

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    1. Identify components of your DRP to refresh.
    2. Identify organizational changes requiring further focus.
    3. Test your DRP and identify problems.
    4. Correct problems identified with DRP.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Backup DR Personnel

    Outcomes of this step

    • An actionable, up-to-date DRP.

    Info-Tech Insight

    Testing is a waste of time and resources if you do not fix what’s broken. Tabletop testing is effective at uncovering gaps in your DR processes, but if you don’t address those gaps, then your DRP will still be unusable in a disaster.

    Set up a safety net to capture changes that slipped through the cracks with a focused review process

    Evaluate documentation supporting high-priority systems, as well as documentation supporting IT systems that have been significantly changed.

    • Ideally you’re maintaining documentation as you go along. But you need to have an annual review to catch items that may have slipped through.
    • Don’t review everything. Instead, review:
      • IT systems that have had 10+ changes: small changes and updates can add up over time. Ensure:
        • The plans for these systems are updated for changes (e.g. configuration changes).
        • SMEs and backup personnel are familiar with the changes.
      • Tier 1 / Gold Systems: Ensure that you can still recover tier 1 systems with your existing DRP documentation.
    • Track documentation issues that you discovered with your ticketing system or service desk tool to ensure necessary documentation changes are made.
    1. Annual Focused Review
    2. Tier 1 Systems
    3. Significantly Changed Systems
    4. Organizational Changes

    Identify larger changes, both organizational and within IT, that necessitate DRP updates

    During your focused review, consider how organizational changes have impacted your DRP.

    The COBIT 5 Enablers provide a foundation for this analysis. Consider:

    • Changes in regulatory requirements: Are there new requirements for IT that are not reflected in your DRP? Is the organization required to comply with any additional regulations?
    • Changes to organizational structures, business processes, and how employees work: Can employees still be productive once tier 1 services are restored or have RTOs changed? Has organizational turnover impacted your DRP?
    • SMEs leaving or changing roles: Can IT still execute your DRP? Are there still people for all the key roles?
    • Changes to IT infrastructure and applications: Can the business still access the information they need during a disaster? Is your BIA still accurate? Do new services need to be considered tier 1?

    Info-Tech Best Practice

    COBIT 5 Enablers
    What changes need to be reflected in your DRP?

    A cycle visualization titled 'Disaster Recovery Plan'. Starting at 'Changes in Regulatory Requirements', it proceeds clockwise to 'Organizational Structure', 'Changes in Business Processes', and 'How Employees Work', before it returns to DRP. Then 'Changes to Applications', 'Changes to Infrastructure', 'SMEs Leaving or Changing Roles', and then back to the DRP.

    Create a plan during your annual focused review to test your DRP throughout the year

    Regardless of your documentation approach, training and familiarity with relevant procedures is critical.

    • Start with tabletop exercises and progress to technology-based testing (simulation, parallel, and full-scale testing).
    • Ask staff to reference documentation while testing, even if they do not need to. This practice helps to confirm documentation accuracy and accessibility.
    • Incorporate cross-training in DR testing. This gives important experience to backup personnel and will further validate that documents are complete and accurate.
    • Track any discovered documentation issues with your ticketing system or project tracking tools to ensure necessary documentation changes are made.

    Example Test Schedule:

    1. Q1: Tabletop testing shadowed by backup personnel
    2. Q2: Tabletop testing led by backup personnel
    3. Q3: Technology-based testing
    4. Annual Focused Review: Review Results

    Reference this blueprint for guidance on DRP testing plans: Reduce Costly Downtime Through DR Testing

    Appendix A: XMPL Case Study

    Follow XMPL Medical’s journey through DR documentation

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

    Outline of the Disaster Recovery Plan

    XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

    Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

    Resulting Disaster Recovery Plan

    XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

    Disaster Recovery Plan
    • Recovery Workflow
    • Business Impact Analysis
    • DRP Summary
    • System Recovery Checklists
    • Communication, Assessment, and Disaster Declaration Plan

    Info-Tech Best Practice

    XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

    Model your disaster recovery documentation off of our example

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Recovery Workflow:

    • Recovery Workflows (PDF, VSDX)

    Recovery Procedures (Systems Recovery Playbook):

    • DR Notification, Assessment, and Disaster Declaration Plan
    • Systems Recovery Playbook
    • Network Topology Diagrams

    Additional Reference Documentation:

    • DRP Workbook
    • Business Impact Analysis
    • DRP Summary Document

    Use our structure to create your practical disaster recovery plan.

    Appendix B: Summary, Next Steps, and Bibliography

    Insight breakdown

    Use visual-based documentation instead of a traditional DRP manual.

    • Flowcharts, checklists, and diagrams are more concise, easier to maintain, and more effective in a crisis.
    • Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.

    Create your DRP in layers to keep the work manageable.

    • Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    Prioritize quick wins to make DRP maintenance easier and more likely to happen.

    • Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Summary of accomplishment

    Knowledge Gained

    • How to create visual-based DRP documentation
    • How to integrate DRP maintenance into core IT processes

    Processes Optimized

    • DRP documentation creation
    • DRP publishing tool selection
    • DRP documentation maintenance

    Deliverables Completed

    • DRP documentation
    • Strategy for publishing your DRP
    • Modified project-intake form
    • Change management checklist for DR considerations

    Project step summary

    Client Project: Document and Maintain Your Disaster Recovery Plan

    • Create a recovery workflow.
    • Create supporting DRP documentation.
    • Write a summary for your DRP.
    • Decide on a publishing strategy.
    • Incorporate DRP maintenance into core IT processes.
    • Conduct an annual focused review.

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery (Info-Tech Guided Implementation).

    Related Info-Tech research

    Create a Right-Sized Disaster Recovery Plan
    Close the gap between your DR capabilities and service continuity requirements.

    Reduce Costly Downtime Through DR Testing
    Improve the accuracy of your DRP and your team’s ability to efficiently execute recovery procedures through regular DR testing.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind
    Go beyond satisfying auditors to drive process improvement, consistent IT operations, and effective knowledge transfer.

    Prepare for a DRP Audit
    Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.

    Bibliography

    A Structured Approach to Enterprise Risk Management (ERM) and the Requirements of ISO 31000. The Association of Insurance and Risk Managers, Alarm: The Public Risk Management Association, and The Institute of Risk Management, 2010.

    “APO012: Manage Risk.” COBIT 5: Enabling Processes. ISACA, 2012.

    Bird, Lyndon, Ian Charters, Mel Gosling, Tim Janes, James McAlister, and Charlie Maclean-Bristol. Good Practice Guidelines: A Guide to Global Good Practice in Business Continuity. Global ed. Business Continuity Institute, 2013.

    COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. ISACA, 2012.

    “EDM03: Ensure Risk Optimisation.” COBIT 5: Enabling Processes. ISACA, 2012.

    Risk Management. ISO 31000:2009.

    Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan. Rothstein Associates: 1 Oct. 2007.

    Societal Security – Business continuity management systems – Guidance. ISO 22313:2012.

    Societal Security – Business continuity management systems – Requirements. ISO 22301:2012.

    Understanding and Articulating Risk Appetite. KPMG, 2008.

    Evaluate and Learn From Your Negotiation Sessions More Effectively

    • Buy Link or Shortcode: {j2store}226|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Forty-eight percent of CIOs believe their budgets are inadequate.
    • CIOs and IT departments are getting more involved with negotiations to reduce costs and risk.
    • Confident negotiators tend to be more successful, but even confident negotiators have room to improve.
    • Skilled negotiators are in short supply.

    Our Advice

    Critical Insight

    • Improving your negotiation skills requires more than practice or experience (i.e. repeatedly negotiating).
    • Creating and updating a negotiations lessons-learned library helps negotiators improve and provides a substantial return for the organization.
    • Failure is a great teacher; so is success … but you have to pay attention to indicators, not just results.

    Impact and Result

    Addressing and managing the negotiation debriefing process will help you:

    • Improve negotiation skills.
    • Implement your negotiation strategy more effectively.
    • Improve negotiation results.

    Evaluate and Learn From Your Negotiation Sessions More Effectively Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create and follow a scalable process for preparing to negotiate with vendors, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Negotiations continuing

    This phase will help you debrief after each negotiation session and identify the parts of your strategy that must be modified before your next negotiation session.

    • Evaluate and Learn From Your Negotiation Sessions More Effectively – Phase 1: Negotiations Continuing

    2. Negotiations completed

    This phase will help you conduct evaluations at three critical points after the negotiations have concluded.

    • Evaluate and Learn From Your Negotiation Sessions More Effectively – Phase 2: Negotiations Completed
    [infographic]

    Workshop: Evaluate and Learn From Your Negotiation Sessions More Effectively

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 12 Steps to Better Negotiation Preparation

    The Purpose

    Improve negotiation skills and outcomes; share lessons learned.

    Understand the value of debriefing sessions during the negotiation process.

    Understand how to use the Info-Tech After Negotiations Tool.

    Key Benefits Achieved

    A better understanding of how and when to debrief during the negotiation process to leverage key insights.

    The After Negotiations Tool will be reviewed and configured for the customer’s environment (as applicable).

    Activities

    1.1 Debrief after each negotiation session

    1.2 Determine next steps

    1.3 Return to preparation phase

    1.4 Conduct Post Mortem #1

    1.5 Conduct Implementation Assessment

    1.6 Conduct Post Mortem #2

    Outputs

    Negotiation Session Debrief Checklist and Questionnaire

    Next Steps Checklist

    Discussion

    Post Mortem #1 Checklist & Dashboard

    Implementation Assessment Checklist and Questionnaire

    Post Mortem #2 Checklist & Dashboard

    Agile Readiness Assessment Survey

    • Buy Link or Shortcode: {j2store}160|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Today’s realities are driving organizations to digitize faster and become more Agile.
    • Agile transformations are difficult and frequently fail for a variety of reasons.
    • To achieve the benefits of Agile, organizations need to be ready for the significant changes that Agile demands.
    • Challenges to your Agile transformation can come from a variety of sources.

    Our Advice

    Critical Insight

    • Use Info-Tech’s CLAIM+G model to examine potential roadblocks to Agile on six different organizational dimensions.
    • Use survey results to identify and address the issues that are most likely to derail your Agile transformation.

    Impact and Result

    • Better understand where and how your organization needs to change to support your Agile transformation.
    • Focus your attention on your organization’s biggest roadblocks to Agile.
    • Improve your organization’s chances of a successful Agile transformation.

    Agile Readiness Assessment Survey Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Agile Readiness Assessment Deck – A guide to help your organization survey its Agile readiness.

    Read this deck to see how an Agile Readiness Assessment can help your organization understand its readiness for Agile transformation. The storyboard guides you through how to collect, consolidate, and examine survey responses and create an actionable list of improvements to make your organization more Agile ready.

    • Agile Readiness Assessment Storyboard

    2. Survey Templates (Excel or MS Forms, available in English and French) – Use these templates to create and distribute the survey broadly within your organization.

    The Agile Readiness Assessment template is available in either Excel or Microsoft Forms (both English and French versions are available). Download the Excel templates here or use the links in the above deck to access the online versions of the survey.

    • Agile Readiness Survey – English
    • Agile Readiness Survey – French

    3. Agile Readiness Assessment Consolidated Results Tool – Use this tool to consolidate and analyze survey responses.

    The Agile Readiness Assessment Consolidated Results Tool allows you to consolidate survey responses by team/role and produces your heatmap for analysis.

    • Agile Readiness Assessment Consolidated Results Tool
    [infographic]

    Further reading

    Agile Readiness Assessment

    Understand how ready your organization is for an Agile transformation.

    Info-Tech Research Group Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.

    Analyst Perspective

    Use the wisdom of crowds to understand how ready you are for Agile transformation.

    Photo of Alex Ciraco, Principal Research Director, Application Delivery and Management, Info-Tech Research Group

    Agile transformations can be difficult and complex to implement. That’s because they require fundamental changes in the way an organization thinks and behaves (and many organizations are not ready for these changes).

    Use Info-Tech’s Agile Readiness Assessment to broadly survey the organization’s readiness for Agile along six dimensions:

    • Culture
    • Learning
    • Automation
    • Integrated teams
    • Metrics
    • Governance

    The survey results will help you to examine and address those areas that are most likely to hinder your move to Agile.

    Alex Ciraco
    Principal Research Director, Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Your organization wants to shorten delivery time and improve quality by adopting Agile practices.
    • Your organization has not yet used Agile successfully.
    • You know that Agile transformations are complex and difficult to implement.
    • You want to maximize your Agile transformation’s chances of success.

    Common Obstacles

    • Risks to your Agile transformation can come from a variety of sources, including:
      • Organizational culture
      • Learning practices
      • Use of automation
      • Ability to create integrated teams
      • Use of metrics
      • Governance practices

    Info-Tech’s Approach

    • Use Info-Tech’s Agile Readiness Assessment to broadly survey your organization’s readiness for Agile.
    • Examine the consolidated results of this survey to identify challenges that are most likely to hinder Agile success.
    • Discuss and address these challenges to increase your chances of success.

    Info-Tech Insight

    By first understanding the numerous challenges to Agile transformations and then broadly surveying your organization to identify and address the challenges that are at play, you are more likely to have a successful Agile transformation.

    Info-Tech’s methodology

    1. Distribute Survey 2. Consolidate Survey Results 3. Examine Results and Problem Solve
    Phase Steps

    1.1 Identify the teams/roles you will survey.

    1.2 Configure the survey to reflect your teams/roles.

    1.3 Distribute the Agile Readiness Assessment Survey broadly in the organization.

    2.1 Collect survey responses from all participants.

    2.2 Consolidate the results using the template provided.

    3.1 Examine the consolidated results (both OVERALL and DETAILED Heatmaps)

    3.2 Identify key challenge areas (those which are most “red”) and discuss these challenges with participants

    3.3 Brainstorm, select and refine potential solutions to these challenges
    Phase Outcomes An appreciation for the numerous challenges associated with Agile transformations Identified challenges to Agile within your organization (both team-specific and organization-wide challenges) An actionable list of solutions/actions to address your organization’s Agile challenges.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Agile Readiness Assessment Survey

    Survey the organization to understand your readiness for an Agile transformation on six dimensions.

    Sample of the Agile Readiness Assessment Survey blueprint deliverable.

    		 Agile Readiness Assessment Consolidated Results

    Examine your readiness for Agile and identify team-specific and organization-wide challenges.

    Sample of the Agile Readiness Assessment Consolidated Results blueprint deliverable.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 8 calls over the course of 1 to 2 months.

    What does a typical GI on this topic look like?

      Phase 1: Distribute Survey

    • Call #1: Scope requirements, objectives, and your specific challenges (identify potential participants).
    • Call #2: First call with participants (introduce Phase 1 and assign survey for completion).
    • Call #3: Gather survey responses (prep for Phase 2 calls).

      • Phase 2: Consolidate Survey Results

    • Call #4: Consolidate all survey responses using the template.
    • Call #5: Conduct initial review of consolidated results (prep for Phase 3 calls).

      • Phase 3: Examine Results and Problem Solve

    • Call #6: Present consolidated results to participants and agree on most pressing challenges.
    • Call #7: Brainstorm, identify, and refine potential solutions to most pressing challenges.
    • Call #8: Conduct closing and communication call.

    Phase 1 — Phase 1 of 3, 'Distribute Survey'.

    Customize and distribute the survey

    Decide which teams/roles will participate in the survey.

    Decide which format and language(s) you will use for your Agile Readiness Assessment Survey.

    Configure the survey templates to reflect your selected teams/roles.

    Distribute the survey for participants to complete.

    • 1.1 The Agile Readiness Assessment Survey will help you to identify both team-specific and organization-wide challenges to your Agile transformation. It is best to distribute the survey broadly across the organization and include several teams and roles. Identify and make note of the teams/roles that will be participating in the survey.
    • 1.2 Select which format of survey you will be using (Excel or online), along with the language(s) you will use (links to the survey templates can be found in the table below). Then configure the survey templates to reflect your list of teams/roles from Step 1.1.
      • Format Language Download Survey Template
      Excel English Agile Readiness Assessment Excel Survey Template – EN and FR
      Excel French
      Online English Agile Readiness Assessment Online Survey Template – EN
      Online French Agile Readiness Assessment Online Survey Template – FR

    • 1.3 Distribute your Agile Readiness Assessment Survey broadly in the organization. Give all participants a deadline date for completion of the survey.

    Phase 2 — Phase 2 of 3, 'Consolidate Results'.

    Consolidate Survey Results

    Collect and consolidate all survey responses using the template provided.

    Review the OVERALL and DETAILED Heatmaps generated by the template.

    • 2.1 Collect the survey responses from all participants. All responses completed using the online form will be anonymous (for responses returned using the Excel form, assign each a unique identifier so that anonymity of responses is maintained).
    • 2.2 Consolidate the survey responses using the template below. Follow the instructions in the template to incorporate all survey responses.

      • Download the Agile Readiness Assessment Consolidated Results Tool

      Sample of the Agile Readiness Assessment Consolidated Results Tool, ranking maturity scores in 'Culture', 'Learning', 'Automation', 'Integrated Teams', 'Metrics', and 'Governance'.

    Phase 3 — Phase 3 of 3, 'Examine Results'.

    Examine Survey Results and Problem Solve

    Review the consolidated survey results as a team.

    Identify the challenges that need the most attention.

    Brainstorm potential solutions. Decide which are most promising and create a plan to implement them.

    • 3.1 Examine the consolidated results (both OVERALL and DETAILED Heatmaps) and look at both team-specific and organization-wide challenge areas.
    • 3.2 Identify which challenge areas need the most attention (typically those that are most red in the heatmap) and discuss these challenges with survey participants.
    • 3.3 As a team, brainstorm potential solutions to these challenges. Select from and refine the solutions that are most promising, then create a plan to implement them.

    3.1 Exercise: Collaborative Problem Solving — Phase 3 of 3, 'Examine Results'.

    60 Mins

    Input: Consolidated survey results

    Output: List of actions to address your most pressing challenges along with a timeline to implement them

    Materials: Agile Readiness Assessment Consolidated Results Tool, Whiteboard and markers

    Participants: Survey participants, Other interested parties

    This exercise will create a plan for addressing your most pressing Agile-related challenges.

    • As a team, agree on which survey challenges are most important to address (typically the most red in the heatmap).
    • Brainstorm potential solutions/actions to address these challenges.
    • Assign solutions/actions to individuals and set a timeline for completion.
    Challenge Proposed Solution Owner Timeline
    Enrichment
    lack of a CoE    		 Establish a service-oriented Agile Center of Excellence (CoE) staffed with experienced Agile practitioners who can directly help new-to-Agile teams be successful. Bill W. 6 Months
    Tool Chain
    (lack of Agile tools)    		 Select a standard Agile work management tool (e.g. Jira, Rally, ADO) that will be used by all Agile teams. Cindy K. 2 Months

    Related Info-Tech Research

    Sample of an Info-Tech blueprint. Modernize Your SDLC
    • Strategically adopt today’s SDLC good practices to streamline value delivery.
    Sample of an Info-Tech blueprint. Implement Agile Practices That Work
    • Guide your organization through its Agile transformation journey.
    Sample of an Info-Tech blueprint. Implement DevOps Practices That Work
    • Streamline business value delivery through the strategic adoption of DevOps practices.
    Sample of an Info-Tech blueprint. Mentoring for Agile Teams
    • Leverage an experience Agile Mentor to give your in-flight Agile project a helping hand.

    Research Contributors and Experts

    • Columbus Brown, Senior Principal – Practice Lead – Business Alignment, Daugherty Business Solutions
    • Saeed Khan, Founder, Transformation Labs
    • Brenda Peshak, Product Owner/Scrum Master/Program Manager, John Deere/Source Allies/Widget Industries LLC
    • Vincent Mirabelli, Principal, Global Project Synergy Group
    • Len O'Neill, Sr. Vice President and Chief Information Officer, The Suddath Companies
    • Shameka A. Jones, MPM, CSM, Lead Business Management Consultant, Mainspring Business Group, LLC
    • Ryland Leyton, Lead Business Analyst, Aptos Retail
    • Ashish Nangia, Lead Business System Analyst, Ashley Furniture Industries
    • Barbara Carkenord, CBAP, IIBA-AAC, PMI-PBA, PMP, SAFe POPM, President, Carkenord Consulting
    • Danelkis Serra, CBAP, Chapter Operations Manager, Regions & Chapters, IIBA (International Institute of Business Analysis)
    • Lorrie Staples-Ellis, CyberSecurity Integration Strategist, Wealth Management, Truist Bank
    • Ginger Sundberg, Independent Consultant
    • Kham Raven, Project Manager, Fraud Strategy & Execution, Truist Bank
    • Sarah Vollett, PMP, Business Analyst, Operations, College of Physicians and Surgeons of British Columbia
    • Nicole J Coyle, ICP-ACC, CEAC, SPC4, SASM, POPM, CSM, ECM, CCMP, CAPM, Team Agile Coach and Team Facilitator, HCQIS Foundational Components
    • Joe Glower, IT Director, Jet Support Services, Inc. (JSSI)
    • Harsh Daharwal, Senior Director, Application Delivery, J.R. Simplot
    • Hans Eckman, Principal Research Director, Info-Tech Research Group
    • Valence Howden, Principal Research Director, Info-Tech Research Group

    Establish a Communication and Collaboration System Strategy

    • Buy Link or Shortcode: {j2store}293|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $6,459 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications
    • Communication and collaboration portfolios are overburdened with redundant and overlapping services. Between Office 365, Slack, Jabber, and WebEx, IT is supporting a collection of redundant apps. This redundancy takes a toll on IT, and on the user.
    • Shadow IT is easier than ever, and cheap sharing tools are viral. Users are literally carrying around computers in their pockets (in the form of smartphones). IT often has no visibility into how these devices – and the applications on them – are used for work.

    Our Advice

    Critical Insight

    • You don’t know what you don’t know. Unstructured conversations with users will uncover insights.
    • Security is meaningless without usability. If security controls make a tool unusable, then users will rush to adopt something that’s free and easy.
    • Training users on a new tool once isn’t effective. Engage with users throughout the collaboration tool’s lifecycle.

    Impact and Result

    • Few supported apps and fewer unsupported apps. This will occur by ensuring that your collaboration tools will be useful to and used by users. Give users a say through surveys, focus groups, and job shadowing.
    • Lower total cost of ownership and greater productivity. Having fewer apps in the workplace, and better utilizing the functionality of those apps, will mean that IT can be much more efficient at managing your ECS.
    • Higher end-user satisfaction. Tools will be better suited to users’ needs, and users will feel heard by IT.

    Establish a Communication and Collaboration System Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a new approach to communication and collaboration apps, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a shared vision on the future of communication and collaboration

    Identify and validate goals and collaboration tools that are used by your users, and the collaboration capabilities that must be supported by your desired ECS.

    • Establish a Communication and Collaboration System Strategy – Phase 1: Create a Shared Vision on the Future of Communication and Collaboration
    • Enterprise Collaboration Strategy Template
    • Building Company Communication and Collaboration Technology Improvement Plan Executive Presentation
    • Communications Infrastructure Stakeholder Focus Group Guide
    • Enterprise Communication and Collaboration System Business Requirements Document

    2. Map a path forward

    Map a path forward by creating a collaboration capability map and documenting your ECS requirements.

    • Establish a Communication and Collaboration System Strategy – Phase 2: Map a Path Forward
    • Collaboration Capability Map

    3. Build an IT and end-user engagement plan

    Effectively engage everyone to ensure the adoption of your new ECS. Engagement is crucial to the overall success of your project.

    • Establish a Communication and Collaboration System Strategy – Phase 3: Proselytize the Change
    • Collaboration Business Analyst
    • Building Company Exemplar Collaboration Marketing One-Pager Materials
    • Communication and Collaboration Strategy Communication Plan
    [infographic]

    Workshop: Establish a Communication and Collaboration System Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify What Needs to Change

    The Purpose

    Create a vision for the future of your ECS.

    Key Benefits Achieved

    Validate and bolster your strategy by involving your end users.

    Activities

    1.1 Prioritize Components of Your ECS Strategy to Improve

    1.2 Create a Plan to Gather Requirements From End Users

    1.3 Brainstorm the Collaboration Services That Are Used by Your Users

    1.4 Focus Group

    Outputs

    Defined vision and mission statements

    Principles for your ECS

    ECS goals

    End-user engagement plan

    Focus group results

    ECS executive presentation

    ECS strategy

    2 Map Out the Change

    The Purpose

    Streamline your collaboration service portfolio.

    Key Benefits Achieved

    Documented the business requirements for your collaboration services.

    Reduced the number of supported tools.

    Increased the effectiveness of training and enhancements.

    Activities

    2.1 Create a Current-State Collaboration Capability Map

    2.2 Build a Roadmap for Desired Changes

    2.3 Create a Future-State Capability Map

    2.4 Identify Business Requirements

    2.5 Identify Use Requirements and User Processes

    2.6 Document Non-Functional Requirements

    2.7 Document Functional Requirements

    2.8 Build a Risk Register

    Outputs

    Current-state collaboration capability map

    ECS roadmap

    Future-state collaboration capability map

    ECS business requirements document

    3 Proselytize the Change

    The Purpose

    Ensure the system is supported effectively by IT and adopted widely by end users.

    Key Benefits Achieved

    Unlock the potential of your ECS.

    Stay on top of security and industry good practices.

    Greater end-user awareness and adoption.

    Activities

    3.1 Develop an IT Training Plan

    3.2 Develop a Communications Plan

    3.3 Create Initial Marketing Material

    Outputs

    IT training plan

    Communications plan

    App marketing one-pagers

    Get the Best Discount Possible With a Data-Driven Negotiation Approach

    • Buy Link or Shortcode: {j2store}610|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Vendors have well-honed negotiation strategies that don’t prioritize the customer’s best interest, and they will take advantage of your weaknesses to extract as much money as they can from the deal.
    • IT teams are often working with time pressure and limited resources or experience in negotiation. Even those with an experienced procurement team aren’t evenly matched with the vendor when it comes to the ins and outs of the product.
    • As a result, many have a poor negotiation experience and fail to get the discount they wanted, ultimately leading to dissatisfaction with the vendor.

    Our Advice

    Critical Insight

    • Requirements should always come first, but IT leaders are under pressure to get discounts and cost ends up playing a big role in decision making.
    • Cost is one of the top factors influencing satisfaction with software and the decision to leave a vendor.
    • The majority of software customers are receiving a discount. If you’re in the minority who are not, there are strategies you can and should be using to improve your negotiating skills. Discounts of up to 40% off list price are available to those who enter negotiations prepared.

    Impact and Result

    • SoftwareReviews data shows that there are multiple benefits to taking a concerted approach to negotiating a discount on your software.
    • The most common ways of getting a discount (e.g. volume purchasing) aren’t necessarily the best methods. Choose a strategy that is appropriate for your organization and vendor relationship and that focuses on maximizing the value of your investment for the long term. Optimizing usage or licenses as a discount strategy leads to the highest software satisfaction.
    • Using a vendor negotiation service or advisory group was one of the most successful strategies for receiving a discount. If your team doesn’t have the right negotiation expertise, Info-Tech can help.

    Get the Best Discount Possible With a Data-Driven Negotiation Approach Research & Tools

    Prepare to negotiate

    Leverage insights from SoftwareReviews data to best position yourself to receive a discount through your software negotiations.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Get the Best Discount Possible with a Data-Driven Negotiation Approach Storyboard
    [infographic]

    Demystify Oracle Licensing and Optimize Spend

    • Buy Link or Shortcode: {j2store}136|cart{/j2store}
    • member rating overall impact: 9.9/10 Overall Impact
    • member rating average dollars saved: $85,754 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • License keys are not needed with optional features accessible upon install. Conducting quarterly checks of the Oracle environment is critical because if products or features are installed, even if they are not actively in use, it constitutes use by Oracle and requires a license.
    • Ambiguous license models and definitions abound: terminology and licensing rules can be vague, making it difficult to purchase licensing even with the best of intentions to keep compliant.
    • Oracle has aggressively started to force new Oracle License and Service Agreements (OLSA) on customers that slightly modify language and remove pre-existing allowances to tilt the contract terms in Oracle's favor.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough requirements assessment and document the results. Well-documented license needs will be your core asset in navigating Oracle licensing and negotiating your agreement.
    • Communicate effectively. Be aware that Oracle will reach out to employees at your organization at various levels. Having your executives on the same page will help send a strong message.
    • Manage the relationship. If Oracle is managing you, there is a high probability you are over paying or providing information that may result in an audit.

    Impact and Result

    • Conducting business with Oracle is not typical compared to other vendors. To emerge successfully from a commercial transaction with Oracle, customers must learn the "Oracle way" of conducting business, which includes a best-in-class sales structure, highly unique contracts and license use policies, and a hyper-aggressive compliance function.
    • Map out the process of how to negotiate from a position of strength, examining terms and conditions, discount percentages, and agreement pitfalls.
    • Develop a strategy that leverages and utilizes an experienced Oracle DBA to gather accurate information, and then optimizes it to mitigate and meet the top challenges.

    Demystify Oracle Licensing and Optimize Spend Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your Oracle licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish licensing requirements

    Begin your proactive Oracle licensing journey by understanding which information to gather and assessing the current state and gaps.

    • Demystify Oracle Licensing and Optimize Spend – Phase 1: Establish Licensing Requirements
    • Oracle Licensing Purchase Reference Guide
    • Oracle Database Inventory Tool
    • Effective Licensing Position Tool
    • RASCI Chart

    2. Evaluate licensing options

    Review current licensing models and determine which licensing models will most appropriately fit your environment.

    • Demystify Oracle Licensing and Optimize Spend – Phase 2: Evaluate Licensing Options

    3. Evaluate agreement options

    Review Oracle’s contract types and assess which best fit the organization’s licensing needs.

    • Demystify Oracle Licensing and Optimize Spend – Phase 3: Evaluate Agreement Options
    • Oracle TCO Calculator

    4. Purchase and manage licenses

    Conduct negotiations, purchase licensing, and finalize a licensing management strategy.

    • Demystify Oracle Licensing and Optimize Spend – Phase 4: Purchase and Manage Licenses
    • Oracle Terms & Conditions Evaluation Tool
    • Controlled Vendor Communications Letter
    • Vendor Communication Management Plan
    [infographic]

    Workshop: Demystify Oracle Licensing and Optimize Spend

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Licensing Requirements

    The Purpose

    Assess current state and align goals; review business feedback

    Interview key stakeholders to define business objectives and drivers

    Key Benefits Achieved

    Have a baseline for requirements

    Assess the current state

    Determine licensing position

    Examine cloud options

    Activities

    1.1 Gather software licensing data

    1.2 Conduct a software inventory

    1.3 Perform manual checks

    1.4 Reconcile licenses

    1.5 Create your Oracle licensing team

    1.6 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Copy of your Oracle License Statement

    Software inventory report from software asset management (SAM) tool

    Oracle Database Inventory Tool

    RASCI Chart

    Oracle Licensing Effective License Position (ELP) Template

    Oracle Licensing Purchase Reference Guide

    2 Evaluate Licensing Options

    The Purpose

    Review licensing options

    Review licensing rules

    Key Benefits Achieved

    Understand how licensing works

    Determine if you need software assurance

    Discuss licensing rules, application to current environment.

    Examine cloud licensing

    Understand the importance of documenting changes

    Meet with desktop product owners to determine product strategies

    Activities

    2.1 Review full, limited, restricted, and AST use licenses

    2.2 Calculate license costs

    2.3 Determine which database platform to use

    2.4 Evaluate moving to the cloud

    2.5 Examine disaster recovery strategies

    2.6 Understand purchasing support

    2.7 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    3 Evaluate Agreement Options

    The Purpose

    Review contract option types

    Review vendors

    Key Benefits Achieved

    Understand why a type of contract is best for you

    Determine if ULA or term agreement is best

    The benefits of other types and when you should change

    Activities

    3.1 Prepare to sign or renew your ULA

    3.2 Decide on an agreement type that nets the maximum benefit

    Outputs

    Type of contract to be used

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    4 Purchase and Manage Licenses

    The Purpose

    Finalize the contract

    Prepare negotiation points

    Discuss license management

    Evaluate and develop a roadmap for future licensing

    Key Benefits Achieved

    Negotiation strategies

    Licensing management

    Introduction of SAM

    Leverage the work done on Oracle licensing to get started on SAM

    Activities

    4.1 Control the flow of communication terms and conditions

    4.2 Use Info-Tech’s readiness assessment in preparation for the audit

    4.3 Assign the right people to manage the environment

    4.4 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Controlled Vendor Communications Letter

    Vendor Communication Management Plan

    Oracle Terms & Conditions Evaluation Tool

    RASCI Chart

    Oracle Licensing Purchase Reference Guide

    Debunk Machine Learning Endpoint Security Solutions

    • Buy Link or Shortcode: {j2store}168|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Endpoint Security
    • Parent Category Link: /endpoint-security
    • Threat actors are more innovative than ever before and developing sophisticated methods of endpoints attacks capable of avoiding detection with traditional legacy anti-virus software.
    • Legacy anti-virus solutions rely on signatures and hence fail at detecting memory objects, and new and mutating malware.
    • Combined with the cybersecurity talent gap and the sheer volume of endpoint attacks, organizations need endpoint security solutions capable of efficiently and accurately blocking never-before-seen malware types and variants.

    Our Advice

    Critical Insight

    • Don’t make machine learning a goal in itself. Think of how machine learning can help you achieve your goals.
    • Determine your endpoint security requirements and goals prior to shopping around for a vendor. Vendors can easily suck you into a vortex of marketing jargon and sell you tools that your organization does not need.
    • Machine learning alone is not a solution to catching malware. It is a computational method that can generalize and analyze large datasets, and output insights quicker than a human security analyst.

    Impact and Result

    • Consider deploying an endpoint protection technology that leverages machine learning into your existing endpoint security strategy to counteract against the unknown and to quickly sift through the large volumes of data.
    • Understand how machine learning methods can help drive your organization’s security goals.
    • Identify vendors that utilize machine learning in their endpoint security products.
    • Understand use cases of where machine learning in endpoint security has been successful.

    Debunk Machine Learning Endpoint Security Solutions Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should consider machine learning in endpoint security solutions, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Demystify machine learning concepts

    Understand basic machine learning concepts used in endpoint security.

    • Debunk Machine Learning Endpoint Security Solutions – Phase 1: Demystify Machine Learning Concepts

    2. Evaluate vendors that leverage machine learning

    Determine feature requirements to evaluate vendors.

    • Debunk Machine Learning Endpoint Security Solutions – Phase 2: Evaluate Vendors That Leverage Machine Learning
    • Endpoint Protection Request for Proposal
    [infographic]

    Effectively Manage CxO Relations

    • Buy Link or Shortcode: {j2store}384|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Manage Business Relationships
    • Parent Category Link: /manage-business-relationships

    With the exponential pace of technological change, an organization's success will depend largely on how well CIOs can evolve from technology evangelists to strategic business partners. This will require CIOs to effectively broker relationships to improve IT's effectiveness and create business value. A confidential journal can help you stay committed to fostering productive relationships while building trust to expand your sphere of influence.

    Our Advice

    Critical Insight

    Highly effective executives have in common the ability to successfully balance three things: time, personal capabilities, and relationships. Whether you are a new CIO or an experienced leader, the relentless demands on your time and unpredictable shifts in the organization’s strategy require a personal game plan to deliver business value. Rather than managing stakeholders one IT project at a time, you need an action plan that is tailored for unique work styles.

    Impact and Result

    A personal relationship journal will help you:

    • Understand the context in which key stakeholders operate.
    • Identify the best communication approach to engage with different workstyles.
    • Stay committed to fostering relationships through difficult periods.

    Effectively Manage CxO Relations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Effectively Manage CxO Relations Storyboard – A guide to creating a personal action plan to help effectively manage relationships across key stakeholders.

    Use this research to create a personal relationship journal in four steps:

    • Effectively Manage CxO Relations Storyboard

    2. Personal Relationship Management Journal Template – An exemplar to help you build your personal relationship journal.

    Use this exemplar to build a journal that is readily accessible, flexible, and easy to maintain.

    • Personal Relationship Management Journal Template

    Infographic

    Further reading

    Effectively Manage CxO Relations

    Make relationship management a daily habit with a personalized action plan.

    Analyst Perspective

    "Technology does not run an enterprise, relationships do." – Patricia Fripp

    As technology becomes increasingly important, an organization's success depends on the evolution of the modern CIO from a technology evangelist to a strategic business leader. The modern CIO will need to leverage their expansive partnerships to demonstrate the value of technology to the business while safeguarding their time and effort on activities that support their strategic priorities. CIOs struggling to transition risk obsolescence with the emergence of new C-suite roles like the Digital Transformation Officer, Chief Digital Officer, Chief Data Officer, and so on.

    CIOs will need to flex new social skills to accommodate diverse styles of work and better predict dynamic situations. This means expanding beyond their comfort level to acquire new social skills. Having a clear understanding of one's own work style (preferences, natural tendencies, motivations, and blind spots) is critical to identify effective communication and engagement tactics.

    Building trust is an art. Striking a balance between fulfilling your own goals and supporting others will require a carefully curated approach to navigate the myriad of personalities and work styles. A personal relationship journal will help you stay committed through these peaks and troughs to foster productive partnerships and expand your sphere of influence over the long term.

    Photo of Joanne Lee
    Joanne Lee
    Principal, Research Director, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    In today's unpredictable markets and rapid pace of technological disruptions, CIOs need to create business value by effectively brokering relationships to improve IT's performance. Challenges they face:

    • Operate in silos to run the IT factory.
    • Lack insights into their stakeholders and the context in which they operate.
    • Competing priorities and limited time to spend on fostering relationships.
    • Relationship management programs are narrowly focused on associated change management in IT project delivery.

    Common Obstacles

    Limited span of influence.

    Mistaking formal roles in organizations for influence.

    Understanding what key individuals want and, more importantly, what they don't want.

    Lack of situational awareness to adapt communication styles to individual preferences and context.

    Leveraging different work styles to create a tangible action plan.

    Perceiving relationships as "one and done."

    Info-Tech's Approach

    A personal relationship journal will help you stay committed to fostering productive relationships while building trust to expand your sphere of influence.

    • Identify your key stakeholders.
    • Understand the context in which they operate to define a profile of their mandate, priorities, commitments, and situation.
    • Choose the most effective engagement and communication strategies for different work styles.
    • Create an action plan to monitor and measure your progress.

    Info-Tech Insight

    Highly effective executives have in common the ability to balance three things: time, personal capabilities, and relationships. Whether you are a new CIO or an experienced leader, the relentless demand on your time and unpredictable shifts in the organization's strategy will require a personal game plan to deliver business value. This will require more than managing stakeholders one IT project at a time: It requires an action plan that fosters relationships over the long term.

    Key Concepts

    Stakeholder Management
    A common term used in project management to describe the successful delivery of any project, program, or activity that is associated with organizational change management. The goal of stakeholder management is intricately tied to the goals of the project or activity with a finite end. Not the focus of this advisory research.

    Relationship Management
    A broad term used to describe the relationship between two parties (individuals and/or stakeholder groups) that exists to create connection, inclusion, and influence. The goals are typically associated with the individual's personal objectives and the nature of the interaction is seen as ongoing and long-term.

    Continuum of Commitment
    Info-Tech's framework that illustrates the different levels of commitment in a relationship. It spans from active resistance to those who are committed to actively supporting your personal priorities and objectives. This can be used to baseline where you are today and where you want the relationship to be in the future.

    Work Style
    A reference to an individual's natural tendencies and expectations that manifest itself in their communication, motivations, and leadership skills. This is not a behavior assessment nor a commentary on different personalities but observable behaviors that can indicate different ways people communicate, interact, and lead.

    Glossary
    CDxO: Chief Digital Officer
    CDO: Chief Data Officer
    CxO: C-Suite Executives

    The C-suite is getting crowded, and CIOs need to foster relationships to remain relevant

    The span of influence and authority for CIOs is diminishing with the emergence of Chief Digital Officers and Chief Data Officers.

    63% of CDxOs report directly to the CEO ("Rise of the Chief Digital Officer," CIO.com)

    44% of organizations with a dedicated CDxO in place have a clear digital strategy versus 22% of those without a CDxO (KPMG/Harvey Nash CIO Survey)

    The "good news": CIOs tend to have a longer tenure than CDxOs.

    A diagram that shows the average tenure of C-Suites in years.
    Source: "Age and Tenure of C-Suites," Korn Ferry

    The "bad news": The c-suite is getting overcrowded with other roles like Chief Data Officer.

    A diagram that shows the number of CDOs hired from 2017 to 2021.
    Source: "Chief Data Officer Study," PwC, 2022

    An image of 7 lies technology executives tell ourselves.

    Info-Tech Insight

    The digital evolution has created the emergence of new roles like the Chief Digital Officer and Chief Data Officer. They are a response to bridge the skill gap that exists between the business and technology. CIOs need to focus on building effective partnerships to better communicate the business value generated by technology or they risk becoming obsolete.

    Create a relationship journal to effectively manage your stakeholders

    A diagram of relationship journal

    Info-Tech's approach

    From managing relationships with friends to key business partners, your success will come from having the right game plan. Productive relationships are more than managing stakeholders to support IT initiatives. You need to effectively influence those who have the potential to champion or derail your strategic priorities. Understanding differences in work styles is fundamental to adapting your communication approach to various personalities and situations.

    A diagram that shows from 1.1 to 4.1

    A diagram of business archetypes

    Summary of Insights

    Insight 1: Expand your sphere of influence
    It's not just about gaining a volume of acquaintances. Figure out where you want to spend your limited time, energy, and effort to develop a network of professional allies who will support and help you achieve your strategic priorities.

    Insight 2: Know thyself first and foremost
    Healthy relationships start with understanding your own working style, preferences, and underlying motivations that drive your behavior and ultimately your expectations of others. A win/win scenario emerges when both parties' needs for inclusion, influence, and connection are met or mutually conceded.

    Insight 3: Walk a mile in their shoes
    If you want to build successful partnerships, you need to understand the context in which your stakeholder operates: their motivations, desires, priorities, commitments, and challenges. This will help you adapt as their needs shift and, moreover, leverage empathy to identify the best tactics for different working styles.

    Insight 4: Nurturing relationships is a daily commitment
    Building, fostering, and maintaining professional relationships requires a daily commitment to a plan to get through tough times, competing priorities, and conflicts to build trust, respect, and a shared sense of purpose.

    Related Info-Tech Research

    Supplement your CIO journey with these related blueprints.

    Photo of First 100 Days as CIO

    First 100 Days as CIO

    Photo of Become a Strategic CIO

    Become a Strategic CIO

    Photo of Improve IT Team Effectiveness

    Improve IT Team Effectiveness

    Photo of Become a Transformational CIO

    Become a Transformational CIO

    Executive Brief Case Study

    Logo of Multicap Limited

    • Industry: Community Services
    • Source: Scott Lawry, Head of Digital

    Conversation From Down Under

    What are the hallmarks of a healthy relationship with your key stakeholders?
    "In my view, I work with partners like they are an extension of my team, as we rely on each other to achieve mutual success. Partnerships involve a deeper, more intimate relationship, where both parties are invested in the long-term success of the business."

    Why is it important to understand your stakeholder's situation?
    "It's crucial to remember that every IT project is a business project, and vice versa. As technology leaders, our role is to demystify technology by focusing on its business value. Empathy is a critical trait in this endeavor, as it allows us to see a stakeholder's situation from a business perspective, align better with the business vision and goals, and ultimately connect with people, rather than just technology."

    How do you stay committed during tough times?
    "I strive to leave emotions at the door and avoid taking a defensive stance. It's important to remain neutral and not personalize the issue. Instead, stay focused on the bigger picture and goals, and try to find a common purpose. To build credibility, it's also essential to fact-check assumptions regularly. By following these principles, I approach situations with a clear mind and better perspective, which ultimately helps achieve success."

    Photo of Scott Lawry, Head Of Digital at Multicap Limited

    Key Takeaways

    In a recent conversation with a business executive about the evolving role of CIOs, she expressed: "It's the worst time to be perceived as a technology evangelist and even worse to be perceived as an average CIO who can't communicate the business value of technology."

    This highlights the immense pressure many CIOs face when evolving beyond just managing the IT factory.

    The modern CIO is a business leader who can forge relationships and expand their influence to transform IT into a core driver of business value.

    Stakeholder Sentiment

    Identify key stakeholders and their perception of IT's effectiveness

    1.1 Identify Key Stakeholders

    A diagram of Identify Key Stakeholders

    Identify and prioritize your key stakeholders. Be diligent with stakeholder identification. Use a broad view to identify stakeholders who are known versus those who are "hidden." If stakeholders are missed, then so are opportunities to expand your sphere of influence.

    1.2 Understand Stakeholder's Perception of IT

    A diagram that shows Info-Tech's Diagnostic Reports and Hospital Authority XYZ

    Assess stakeholder sentiments from Info-Tech's diagnostic reports and/or your organization's satisfaction surveys to help identify individuals who may have the greatest influence to support or detract IT's performance and those who are passive observers that can become your greatest allies. Determine where best to focus your limited time amid competing priorities by focusing on the long-term goals that support the organization's vision.

    Info-Tech Insight

    Understand which individuals can directly or indirectly influence your ability to achieve your priorities. Look inside and out, as you may find influencers beyond the obvious peers or executives in an organization. Influence can result from expansive connections, power of persuasion, and trust to get things done.

    Visit Info-Tech's Diagnostic Programs

    Activity: Identify and Prioritize Stakeholders

    30-60 minutes

    1.1 Identify Key Stakeholders

    Start with the key stakeholders that are known to you. Take a 360-degree view of both internal and external connections. Leverage external professional & network platforms (e.g. LinkedIn), alumni connections, professional associations, forums, and others that can help flush out hidden stakeholders.

    1.2 Prioritize Key Stakeholders

    Use stakeholder satisfaction surveys like Info-Tech's Business Vision diagnostic as a starting point to identify those who are your allies and those who have the potential to derail IT's success, your professional brand, and your strategic priorities. Review the results of the diagnostic reports to flush out those who are:

    • Resisters: Vocal about their dissatisfaction with IT's performance and actively sabotage or disrupt
    • Skeptics: Disengaged, passive observers
    • Ambassadors: Aligned but don't proactively support
    • Champions: Actively engaged and will proactively support your success

    Consider the following:

    • Influencers may not have formal authority within an organization but have relationships with your stakeholders.
    • Influencers may be hiding in many places, like the coach of your daughter's soccer team who rows with your CEO.
    • Prioritize, i.e. three degrees of separation due to potential diverse reach of influence.

    Key Output: Create a tab for your most critical stakeholders.

    A diagram that shows profile tabs

    Download the Personal Relationship Management Journal Template.

    Understand stakeholders' business

    Create a stakeholder profile to understand the context in which stakeholders operate.

    2.1 Create individual profile for each stakeholder

    A diagram that shows different stakeholder questions

    Collect and analyze key information to understand the context in which your stakeholders operate. Use the information to derive insights about their mandate, accountabilities, strategic goals, investment priorities, and performance metrics and challenges they may be facing.

    Stakeholder profiles can be used to help design the best approach for personal interactions with individuals as their business context changes.

    If you are short on time, use this checklist to gather information:

    • Stakeholder's business unit (BU) strategy goals
    • High-level organizational chart
    • BU operational model or capability map
    • Key performance metrics
    • Projects underway and planned
    • Financial budget (if available)
    • Milestone dates for key commitments and events
    • External platforms like LinkedIn, Facebook, Twitter, Slack, Instagram, Meetup, blogs

    Info-Tech Insight

    Understanding what stakeholders want (and more importantly, what they don't) requires knowing their business and the personal and social circumstances underlying their priorities and behaviors.

    Activity: Create a stakeholder profile

    30-60 minutes

    2.1.0 Understand stakeholder's business context

    Create a profile for each of your priority stakeholders to document their business context. Review all the information collected to understand their mandate, core accountability, and business capabilities. The context in which individuals operate is a window into the motivations, pressures, and vested interests that will influence the intersectionality between their expectations and yours.

    2.1.1 Document Observable Challenges as Private Notes

    Crushing demands and competing priorities can lead to tension and stress as people jockey to safeguard their time. Identify some observable challenges to create greater situational awareness. Possible underlying factors:

    • Sudden shifts/changes in mandate
    • Performance (operations, projects)
    • Finance
    • Resource and talent gaps
    • Politics
    • Personal circumstances
    • Capability gaps/limitations
    • Capacity challenges

    A diagram that shows considerations of this activity.

    Analyze Stakeholder's Work Style

    Adapt communication styles to the situational context in which your stakeholders operate

    2.2 Determine the ideal approach for engaging each stakeholder

    Each stakeholder has a preferred modality of working which is further influenced by dynamic situations. Some prefer to meet frequently to collaborate on solutions while others prefer to analyze data in solitude before presenting information to substantiate recommendations. However, fostering trust requires:

    1. Understanding your preferred default when engaging others.
    2. Knowing where you need to expand your skills.
    3. Identifying which skills to activate for different professional scenarios.

    Adapting your communication style to create productive interactions will require a diverse arsenal of interpersonal skills that you can draw upon as situations shift. The ability to adapt your work style to dial any specific trait up or down will help to increase your powers of persuasion and influence.

    "There are only two ways to influence human behavior: you can manipulate it, or you can inspire it." – Simon Sinek

    Activity: Identify Engagement Strategies

    30 minutes

    2.2.0 Establish work styles

    Every individual has a preferred style of working. Determine work styles starting with self-awareness:

    • Express myself - How you communicate and interact with others
    • Expression by others - How you want others to communicate and interact with you

    Through observation and situational awareness, we can make inferences about people's work style.

    • Observations - Observable traits of other people's work style
    • Situations - Personal and professional circumstances that influence how we communicate and interact with one another

    Where appropriate and when opportunities arise, ask individuals directly about their preferred work styles and method for communication. What is their preferred method of communication? During a normal course of interaction vs. for urgent priorities?

    2.2.1 Brainstorm possible engagement strategies

    Consider the following when brainstorming engagement strategies for different work styles.

    A table of involvement, influence, and connection.

    Think engagement strategies in different professional scenarios:

    • Meetings - Where and how you connect
    • Communicating - How and what you communicate to create connection
    • Collaborating - What degree of involved in shared activities
    • Persuading - How you influence or direct others to get things done

    Expand New Interpersonal Skills

    Use the Business Archetypes to brainstorm possible approaches for engaging with different work styles. Additional communication and engagement tactics may need to be considered based on circumstances and changing situations.

    A diagram that shows business archetypes and engagement strategies.

    Communicate Effectively

    Productive communication is a dialogue that requires active listening, tailoring messages to fluid situations, and seeking feedback to adapt.

    A diagram of elements that contributes to better align intention and impact

    Be Relevant

    • Understand why you need to communicate
    • Determine what you need to convey
    • Tailor your message to what matters to the audience and their context
    • Identify the most appropriate medium based on the situation

    Be Consistent and Accurate

    • Say what you mean and mean what you say to avoid duplicity
    • Information should be accurate and complete
    • Communicate truthfully; do not make false promises or hide bad news
    • Don't gossip

    Be Clear and Concise

    • Keep it simple and avoid excessive jargon
    • State asks upfront to set intention and transparency
    • Avoid ambiguity and focus on outcomes over details
    • Be brief and to the point or risk losing stakeholder's attention

    Be Attentive and Authentic

    • Stay engaged and listen actively
    • Be curious and inquire for clarification or explanation
    • Be flexible to adapt to both verbal and non-verbal cues
    • Be authentic in your approach to sharing yourself
    • Avoid "canned" approaches

    A diagram of listen, observe, reflect.


    "Good communication is the bridge between confusion and clarity."– Nat Turner (LinkedIn, 2020)

    Exemplar: Engaging With Jane

    A diagram that shows Exemplar: Engaging With Jane

    Exemplar: Engaging With Ali

    A diagram that shows Exemplar: Engaging With Ali

    Develop an Action Plan

    Moving from intent to action requires a plan to ensure you stay committed through the peaks and troughs.

    Create Your 120-Day Plan

    An action plan example

    Key elements of the action plan:

    • Strategic priorities – Your top focus
    • Objective – Your goals
    • 30-60-90-120 Day Topics – Key agenda items
    • Meeting Progress Notes – Key takeaways from meetings
    • Private Notes – Confidential observations

    Investing in relationships is a long-term process. You need to accumulate enough trust to trade or establish coalitions to expand your sphere of influence. Even the strongest of professional ties will have their bouts of discord. To remain committed to building the relationship during difficult periods, use an action plan that helps you stay grounded around:

    • Shared purpose
    • Removing emotion from the situation
    • Continuously learning from every interaction

    Photo of Angela Diop
    "Make intentional actions to set intentionality. Plans are good to keep you grounded and focused especially when relationship go through ups and down and there are changes: to new people and new relationships."
    – Angela Diop, Senior Director, Executive Services, Info-Tech & former VP of Information Services with Unity Health Care

    Activity: Design a Tailored Action Plan

    30-60 minutes

    3.1.0 Determine your personal expectations

    Establish your personal goals and expectations around what you are seeking from the relationship. Determine the strength of your current connection and identify where you want to move the relationship across the continuum of commitment.

    Use insights from your stakeholder's profile to explore their span of influence and degree of interest in supporting your strategic priorities.

    3.1.1 Determine what you want from the relationship

    Based on your personal goals, identify where you want to move the relationship across the continuum of commitment: What are you hoping to achieve from the relationship? How will this help create a win/win situation for both you and the key stakeholder?

    A diagram of Continuum of Commitment.

    3.1.2 Identify your metrics for progress

    Fostering relationships take time and commitment. Utilizing metrics or personal success criteria for each of your focus areas will help you stay on track and find opportunities to make each engagement valuable instead of being transactional.

    A graph that shows influence vs interest.

    Make your action plan impactful

    Level of Connection

    The strength of the relationship will help inform the level of time and effort needed to achieve your goals.

    • Is this a new or existing relationship?
    • How often do you connect with this individual?
    • Are the connections driven by a shared purpose or transactional as needs arise?

    Focus on Relational Value

    Cultivate your network and relationship with the goal of building emotional connection, understanding, and trust around your shared purpose and organization's vision through regular dialogue. Be mindful of transactional exchanges ("quid pro quo") to be strategic about its use. Treat every interaction as equally important regardless of agenda, duration, or channel of communication.

    Plan and Prepare

    Everyone's time is valuable, and you need to come prepared with a clear understanding of why you are engaging. Think about the intentionality of the conversation:

    • Gain buy-in
    • Create transparency
    • Specific ask
    • Build trust and respect
    • Provide information to clarify, clear, or contain a situation

    Non-Verbal Communication Matters

    Communication is built on both overt expressions and subtext. While verbal communication is the most recognizable form, non-lexical components of verbal communication (i.e. paralanguage) can alter stated vs. intended meaning. Engage with the following in mind:

    • Tone, pitch, speed, and hesitation
    • Facial expressions and gestures
    • Choice of channel for engagement

    Exemplar: Action Plan for VP, Digital

    A diagram that shows Exemplar: Action Plan for VP, Digital

    Make Relationship Management a Daily Habit

    Management plans are living documents and need to be flexible to adapt to changes in stakeholder context.

    Monitor and Adjust to Communicate Strategically

    A diagram that shows Principles for Effective Communication and Key Measures

    Building trust takes time and commitment. Treat every conversation with your key stakeholders as an investment in building the social capital to expand your span of influence when and where you need it to go. This requires making relationship management a daily habit. Action plans need to be a living document that is your personal journal to document your observations, feelings, and actions. Such a plan enables you to make constant adjustments along the relationship journey.

    "Without involvement, there is no commitment. Mark it down, asterisk it, circle it, underline it."– Stephen Convey (LinkedIn, 2016)

    Capture some simple metrics

    If you can't measure your actions, you can't manage the relationship.

    An example of measures: what, why, how - metrics, and intended outcome.

    While a personal relationship journal is not a formal performance management tool, identifying some tangible measures will improve the likelihood of aligning your intent with outcomes. Good measures will help you focus your efforts, time, and resources appropriately.

    Keep the following in mind:

    1. WHAT are you trying to measure?
      Specific to the situation or scenario
    2. WHY is this important?
      Relevant to your personal goals
    3. HOW will you measure?
      Achievable and quantifiable
    4. WHAT will the results tell you?
      Intended outcome that is directional

    Summary of accomplishments

    Knowledge Gained

    • Relationship management is critical to a CIO's success
    • A personal relationship journal will help build:
      • Customized approach to engaging stakeholders
      • New communication skills to adapt to different work styles

    New Concepts

    • Work style assessment framework and engagement strategies
    • Effective communication strategies
    • Continuum of commitment to establish personal goals

    Approach to Creating a Personal Journal

    • Step-by-step approach to create a personal journal
    • Key elements for inclusion in a journal
    • Exemplar and recommendations

    Related Info-Tech Research

    Photo of Tech Trends and Priorities Research Centre

    Tech Trends and Priorities Research Centre

    Access Info-Tech's Tech Trend reports and research center to learn about current industry trends, shifts in markets, and disruptions that are impacting your industry and sector. This is a great starting place to gain insights into how the ecosystem is changing your business and the role of IT within it.

    Photo of Embed Business Relationship Management in IT

    Embed Business Relationship Management in IT

    Create a business relationship management (BRM) function in your program to foster a more effective partnership with the business and drive IT's value to the organization.

    Photo of Become a Transformational CIO

    Become a Transformational CIO

    Collaborate with the business to lead transformation and leave behind a legacy of growth.

    Appendix: Framework

    Content:

    • Adaptation of DiSC profile assessment
    • DiSC Profile Assessment
    • FIRO-B Framework
    • Experience Cube

    Info-Tech's Adaption of DiSC Assessment

    A diagram of business archetypes

    Info-Tech's Business Archetypes was created based on our analysis of the DiSC Profile and Myers-Briggs FIRO-B personality assessment tools that are focused on assessing interpersonal traits to better understand personalities.

    The adaptation is due in part to Info-Tech's focus on not designing a personality assessment tool as this is neither the intent nor the expertise of our services. Instead, the primary purpose of this adaptation is to create a simple framework for our members to base their observations of behavioral cues to identify appropriate communication styles to better interact with key stakeholders.

    Cautionary note:
    Business archetypes are personas and should not be used to label, make assumptions and/or any other biased judgements about individual personalities. Every individual has all elements and aspects of traits across various spectrums. This must always remain at the forefront when utilizing any type of personality assessments or frameworks.

    Click here to learn about DiSC Profile
    Click here learn about FIRO-B
    Click here learn about Experience Cube

    DiSC Profile Assessment

    A photo of DiSC Profile Assessment

    What is DiSC?

    DisC® is a personal assessment tool that was originally developed in 1928 by psychologist William Moulton Marston, who designed it to predict job performance. The tool has evolved and is now widely used by thousands of organizations around the world, from large government agencies and Fortune 500 companies to nonprofit and small businesses, to help improve teamwork, communication, and productivity in the workplace. The tool provides a common language people can use to better understand themselves and those they interact with - and use this knowledge to reduce conflict and improve working relationships.

    What does DiSC mean?

    DiSC is an acronym that stands for the four main personality profiles described in the Everything DiSC model: (D)ominance, (i)nfluence, (S)teadiness, (C)onscientiousness

    People with (D) personalities tend to be confident and emphasize accomplishing bottom-line results.
    People with (i) personalities tend to be more open and emphasize relationships and influencing or persuading others.
    People with (S) personalities tend to be dependable and emphasize cooperation and sincerity.
    People with (C) personalities tend to emphasize quality, accuracy, expertise, and competency.

    Go to this link to explore the DiSC styles

    FIRO-B® – Interpersonal Assessment

    A diagram of FIRO framework

    What is FIRO workplace relations?

    The Fundamental Interpersonal Relations Orientation Behavior (FIRO-B®) tool has been around for forty years. The tool assesses your interpersonal needs and the impact of your behavior in the workplace. The framework reveals how individuals can shape and adapt their individual behaviors, influence others effectively, and build trust among colleagues. It has been an excellent resource for coaching individuals and teams about the underlying drivers behind their interactions with others to effectively build successful working relationships.

    What does the FIRO framework measure?

    The FIRO framework addresses five key questions that revolve around three interpersonal needs. Fundamentally, the framework focuses on how you want to express yourself toward others and how you want others to behave toward you. This interaction will ultimately result in the universal needs for (a) inclusion, (b) control, and (c) affection. The insights from the results are intended to help individuals adjust their behavior in relationships to get what they need while also building trust with others. This will allow you to better predict and adapt to different situations in the workplace.

    How can FIRO influence individual and team performance in the workplace?

    FIRO helps people recognize where they may be giving out mixed messages and prompts them to adapt their exhibited behaviors to build trust in their relationships. It also reveals ways of improving relationships by showing individuals how they are seen by others, and how this external view may differ from how they see themselves. Using this lens empowers people to adjust their behavior, enabling them to effectively influence others to achieve high performance.

    In team settings, it is a rich source of information to explore motivations, underlying tensions, inconsistent behaviors, and the mixed messages that can lead to mistrust and derailment. It demonstrates how people may approach teamwork differently and explains the potential for inefficiencies and delays in delivery. Through the concept of behavioral flexibility, it helps defuse cultural stereotypes and streamline cross-cultural teams within organizations.

    Go to this link to explore FIRO-B for Business

    Experience Cube

    A diagram of experience cube model.

    What is an experience cube?

    The Experience Cube model was developed by Gervase Bushe, a professor of Leadership and Organization at the Simon Fraser University's school of Business and a thought leader in the field of organizational behavior. The experience cube is intended as a tool to plan and manage conversations to communicate more effectively in the moment. It does this by promoting self-awareness to better reduce anxiety and adapt to evolving and uncertain situations.

    How does the experience cube work?

    Using the four elements of the experience cube (Observations, Thoughts, Feelings, and Wants) helps you to separate your experience with the situation from your potential judgements about the situation. This approach removes blame and minimizes defensiveness, facilitating a positive discussion. The goal is to engage in a continuous internal feedback loop that allows you to walk through all four quadrants in the moment to help promote self-awareness. With heightened self-awareness, you may (1) remain curious and ask questions, (2) check-in for understanding and clarification, and (3) build consensus through agreement on shared purpose and next steps.

    Observations: Sensory data (information you take in through your senses), primarily what you see and hear. What a video camera would record.

    Thoughts: The meaning you add to your observations (i.e. the way you make sense of them, including your beliefs, expectations, assumptions, judgments, values, and principles). We call this the "story you make up."

    Feelings: Your emotional or physiological response to the thoughts and observations. Feelings words such as sad, mad, glad, scared, or a description of what is happening in your body.

    Wants: Clear description of the outcome you seek. Wants go deeper than a simple request for action. Once you clearly state what you want, there may be different ways to achieve it.

    Go to this link to explore more: Experience Cube

    Research Contributors and Experts

    Photo of Joanne Lee
    Joanne Lee
    Principal, Research Director, CIO Advisory
    Info-Tech Research Group

    Joanne is a professional executive with over twenty-five years of experience in digital technology and management consulting spanning healthcare, government, municipal, and commercial sectors across Canada and globally. She has successfully led several large, complex digital and business transformation programs. A consummate strategist, her expertise spans digital and technology strategy, organizational redesign, large complex digital and business transformation, governance, process redesign, and PPM. Prior to joining Info-Tech Research Group, Joanne was a Director with KPMG's CIO Advisory management consulting services and the Digital Health practice lead for Western Canada. She brings a practical and evidence-based approach to complex problems enabled by technology.

    Joanne holds a Master's degree in Business and Health Policy from the University of Toronto and a Bachelor of Science (Nursing) from the University of British Columbia.



    Photo of Gord Harrison
    Gord Harrison
    Senior Vice President, Research and Advisory
    Info-Tech Research Group

    Gord Harrison, SVP, Research and Consulting, has been with Info-Tech Research Group since 2002. In that time, Gord leveraged his experience as the company's CIO, VP Research Operations, and SVP Research to bring the consulting and research teams together under his current role, and to further develop Info-Tech's practical, tactical, and value-oriented research product to the benefit of both organizations.

    Prior to Info-Tech, Gord was an IT consultant for many years with a focus on business analysis, software development, technical architecture, and project management. His background of educational game software development, and later, insurance industry application development gave him a well-rounded foundation in many IT topics. Gord prides himself on bringing order out of chaos and his customer-first, early value agile philosophy keeps him focused on delivering exceptional experiences to our customers.



    Photo of Angela Diop
    Angela Diop
    Senior Director, Executive Services
    Info-Tech Research Group

    Angela has over twenty-five years of experience in healthcare, as both a healthcare provider and IT professional. She has spent over fifteen years leading technology departments and implementing, integrating, managing, and optimizing patient-facing and clinical information systems. She believes that a key to a healthcare organization's ability to optimize health information systems and infrastructure is to break the silos that exist in healthcare organizations.

    Prior to joining Info-Tech, Angela was the Vice President of Information Services with Unity Health Care. She has demonstrated leadership and success in this area by fostering environments where business and IT collaborate to create systems and governance that are critical to providing patient care and sustaining organizational health.

    Angela has a Bachelor of Science in Systems Engineering and Design from the University of Illinois and a Doctorate of Naturopathic Medicine from Bastyr University. She is a Certified CIO with the College of Healthcare Information Management Executives. She is a two-time Health Information Systems Society (HIMSS) Davies winner.



    Photo of Edison Barreto
    Edison Barreto
    Senior Director, Executive Services
    Info-Tech Research Group

    Edison is a dynamic technology leader with experience growing different enterprises and changing IT through creating fast-paced organizations with cultural, modernization, and digital transformation initiatives. He is well versed in creating IT and business cross-functional leadership teams to align business goals with IT modernization and revenue growth. Over twenty-five years of Gaming, Hospitality, Retail, and F&B experience has given him a unique perspective on guiding and coaching the creation of IT department roadmaps to focus on business needs and execute successful changes.

    Edison has broad business sector experience, including:
    Hospitality, Gaming, Sports and Entertainment, IT policy and oversight, IT modernization, Cloud first programs, R&D, PCI, GRDP, Regulatory oversight, Mergers acquisitions and divestitures.



    Photo of Mike Tweedie
    Mike Tweedie
    Practice Lead, CIO Strategy
    Info-Tech Research Group

    Michael Tweedie is the Practice Lead, CIO – IT Strategy at Info-Tech Research Group, specializing in creating and delivering client-driven, project-based, practical research, and advisory. He brings more than twenty-five years of experience in technology and IT services as well as success in large enterprise digital transformations.

    Prior to joining Info-Tech, Mike was responsible for technology at ADP Canada. In that role, Mike led several large transformation projects that covered core infrastructure, applications, and services and worked closely with and aligned vendors and partners. The results were seamless and transparent migrations to current services, like public cloud, and a completely revamped end-user landscape that allowed for and supported a fully remote workforce.

    Prior to ADP, Mike was the North American Head of Engineering and Service Offerings for a large French IT services firm, with a focus on cloud adoption and complex ERP deployment and management; he managed large, diverse global teams and had responsibilities for end-to-end P&L management.

    Mike holds a Bachelor's degree in Architecture from Ryerson University.



    Photo of Carlene McCubbin
    Carlene McCubbin
    Practice Lead, People and Leadership
    Info-Tech Research Group

    Carlene McCubbin is a Research Lead for the CIO Advisory Practice at Info-Tech Research Group covering key topics in operating models & design, governance, and human capital development.

    During her tenure at Info-Tech, Carlene has led the development of Info-Tech's Organization and Leadership practice and worked with multiple clients to leverage the methodologies by creating custom programs to fit each organization's needs.

    Before joining Info-Tech, Carlene received her Master of Communications Management from McGill University, where she studied development of internal and external communications, government relations, and change management. Her education honed her abilities in rigorous research, data analysis, writing, and understanding the organization holistically, which has served her well in the business IT world.



    Photo of Anubhav Sharma
    Anubhav Sharma
    Research Director, CIO Strategy
    Info-Tech Research Group

    Anubhav is a digital strategy and execution professional with extensive experience in leading large-scale transformation mandates for organizations both in North America and globally, including defining digital strategies for leading banks and spearheading a large-scale transformation project for a global logistics pioneer across ten countries. Prior to joining Info-Tech Research Group, he held several industry and consulting positions in Fortune 500 companies driving their business and technology strategies. In 2023, he was recognized as a "Top 50 Digital Innovator in Banking" by industry peers.

    Anubhav holds an MBA in Strategy from HEC Paris, a Master's degree in Finance from IIT-Delhi, and a Bachelor's degree in Engineering.



    Photo of Kim Osborne-Rodriguez
    Kim Osborne-Rodriguez
    Research Director, CIO Strategy
    Info-Tech Research Group

    Kim is a professional engineer and Registered Communications Distribution Designer (RCDD) with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach to digital transformation, with a track record of supporting successful implementations.

    Kim holds a Bachelor's degree in Mechatronics Engineering from University of Waterloo.



    Photo of Amanda Mathieson
    Amanda Mathieson
    Research Director, People and Leadership
    Info-Tech Research Group

    Amanda joined Info-Tech Research Group in 2019 and brings twenty years of expertise working in Canada, the US, and globally. Her expertise in leadership development, organizational change management, and performance and talent management comes from her experience in various industries spanning pharmaceutical, retail insurance, and financial services. She takes a practical, experiential approach to people and leadership development that is grounded in adult learning methodologies and leadership theory. She is passionate about identifying and developing potential talent, as well as ensuring the success of leaders as they transition into more senior roles.

    Amanda has a Bachelor of Commerce degree and Master of Arts in Organization and Leadership Development from Fielding Graduate University, as well as a post-graduate diploma in Adult Learning Methodologies from St. Francis Xavier University. She also has certifications in Emotional Intelligence – EQ-i 2.0 & 360, Prosci ADKAR® Change Management, and Myers-Briggs Type Indicator Step I and II.

    Bibliography

    Bacey, Christopher. "KPMG/Harvey Nash CIO Survey finds most organizations lack enterprise-wide digital strategy." Harvey Nash/KPMG CIO Survey. Accessed Jan. 6, 2023. KPMG News Perspective - KPMG.us.com

    Calvert, Wu-Pong Susanna. "The Importance of Rapport. Five tips for creating conversational reciprocity." Psychology Today Magazine. June 30, 2022. Accessed Feb. 10, 2023. psychologytoday.com/blog

    Coaches Council. "14 Ways to Build More Meaningful Professional Relationships." Forbes Magazine. September 16, 2020. Accessed Feb. 20, 2023. forbes.com/forbescoachescouncil

    Council members. "How to Build Authentic Business Relationships." Forbes Magazine. June 15, 2021. Accessed Jan. 15, 2023. Forbes.com/business council

    Deloitte. "Chief Information Officer (CIO) Labs. Transform and advance the role of the CIO." The CIO program. Accessed Feb. 5, 2021.

    Dharsarathy, Anusha et al. "The CIO challenge: Modern business needs a new kind of tech leader." McKinsey and Company. January 27, 2020. Accessed Feb 2023. Mckinsey.com

    DiSC profile. "What is DiSC?" DiSC Profile Website. Accessed Feb. 5, 2023. discprofile.com

    FIRO Assessment. "Better working relationships". Myers Brigg Website. Resource document downloaded Feb. 10, 2023. myersbriggs.com/article

    Fripp, Patricia. "Frippicisms." Website. Accessed Feb. 25, 2023. fripp.com

    Grossman, Rhys. "The Rise of the Chief Digital Officer." Russell Reynolds Insights, January 1, 2012. Accessed Jan. 5, 2023. Rise of the Chief Digital Officer - russellreynolds.com

    Kambil, Ajit. "Influencing stakeholders: Persuade, trade, or compel." Deloitte Article. August 9, 2017. Accessed Feb. 19, 2023. www2.deloitte.com/insights

    Kambil, Ajit. "Navigating the C-suite: Managing Stakeholder Relationships." Deloitte Article. March 8, 2017. Accessed Feb. 19, 2023. www2.deloitte.com/insights

    Korn Ferry. "Age and tenure in the C-suite." Kornferry.com. Accessed Jan. 6, 2023. Korn Ferry Study Reveals Trends by Title and Industry

    Kumthekar, Uday. "Communication Channels in Project". Linkedin.com, 3 March 2020. Accessed April 27, 2023. Linkedin.com/Pulse/Communication Channels

    McWilliams, Allison. "Why You Need Effective Relationships at Work." Psychology Today Magazine. May 5, 2022. Accessed Feb. 11, 2023. psychologytoday.com/blog

    McKinsey & Company. "Why do most transformations fail? A conversation with Harry Robinson." Transformation Practice. July 2019. Accessed Jan. 10, 2023. Mckinsey.com

    Mind Tools Content Team. "Building Good Work Relationships." MindTools Article. Accessed Feb. 11, 2023. mindtools.com/building good work relationships

    Pratt, Mary. "Why the CIO-CFO relationship is key to digital success." TechTarget Magazine. November 11, 2021. Accessed Feb. 2023. Techtarget.com

    LaMountain, Dennis. "Quote of the Week: No Involvement, No Commitment". Linkedin.com, 3 April 2016. Accessed April 27, 2023. Linkedin.com/pulse/quote-week-involvement

    PwC Pulse Survey. "Managing Business Risks". PwC Library. 2022. Accessed Jan. 30, 2023. pwc.com/pulse-survey

    Rowell, Darin. "3 Traits of a Strong Professional Relationship." Harvard Business Review. August 8, 2019. Accessed Feb. 20, 2023. hbr.org/2019/Traits of a strong professional relationship

    Sinek, Simon. "The Optimism Company from Simon Sinek." Website. Image Source. Accessed, Feb. 21, 2023. simonsinek.com

    Sinek, Simon. "There are only two ways to influence human behavior: you can manipulate it or you can inspire it." Twitter. Dec 9, 2022. Accessed Feb. 20, 2023. twitter.com/simonsinek

    Whitbourne, Susan Krauss. "10 Ways to Measure the Health of Relationship." Psychology Today Magazine. Aug. 7, 2021. Accessed Jan. 30, 2023. psychologytoday.com/blog

    Develop an IT Asset Management Strategy

    • Buy Link or Shortcode: {j2store}295|cart{/j2store}
    • member rating overall impact: 8.5/10 Overall Impact
    • member rating average dollars saved: $52,211 Average $ Saved
    • member rating average days saved: 31 Average Days Saved
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management

    You have a mandate to create an accurate and actionable database of the IT assets in your environment, but:

    • The data you have is often incomplete or wrong.
    • Processes are broken or non-existent.
    • Your tools aren’t up to the task of tracking ever more hardware, software, and relevant metadata.
    • The role of stakeholders outside the core ITAM team isn’t well defined or understood.

    Our Advice

    Critical Insight

    ITAM is a foundational IT service that provides accurate, accessible, actionable data on IT assets. But there’s no value in data for data’s sake. Enable collaboration between IT asset managers, business leaders, and IT leaders to develop an ITAM strategy that maximizes the value they can deliver as service providers.

    Impact and Result

    • Develop an approach and strategy for ITAM that is sustainable and aligned with your business priorities.
    • Clarify the structure for the ITAM program, including scope, responsibility and accountability, centralization vs. decentralization, outsourcing vs. insourcing, and more.
    • Create a practical roadmap to guide improvement.
    • Summarize your strategy and approach using Info-Tech’s templates for review with stakeholders.

    Develop an IT Asset Management Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop an IT Asset Management Strategy – A methodology to create a business-aligned, coherent, and durable approach to ITAM.

    This two-phase, step-by-step methodology will guide you through the activities to build a business-aligned, coherent, and durable approach to ITAM. Review the executive brief at the start of the slide deck for an overview of the methodology and the value it can provide to your organization.

    • Develop an IT Asset Management Strategy – Phases 1-2

    2. ITAM Strategy Template – A presentation-ready repository for the work done as you define your ITAM approach.

    Use this template to document your IT asset management strategy and approach.

    • ITAM Strategy Template

    3. IT Asset Estimations Tracker – A rough-and-ready inventory exercise to help you evaluate the work ahead of you.

    Use this tool to estimate key data points related to your IT asset estate, as well as your confidence in your estimates.

    • IT Asset Estimations Tracker

    Infographic

    Workshop: Develop an IT Asset Management Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify ITAM Priorities & Goals, Maturity, Metrics and KPIs

    The Purpose

    Align key stakeholders to the potential strategic value of the IT asset management practice.

    Ensure the ITAM practice is focused on business-aligned goals.

    Key Benefits Achieved

    Define a business-aligned direction and expected outcomes for your ITAM program.

    Activities

    1.1 Brainstorm ITAM opportunities and challenges.

    1.2 Conduct an executive alignment working session.

    1.3 Set ITAM priorities, goals and tactics.

    1.4 Identify target and current state ITAM maturity.

    Outputs

    ITAM opportunities and challenges

    Align executive priorities with ITAM opportunities.

    ITAM metrics and KPIs

    ITAM maturity

    2 Identify Your Approach to Support ITAM Priorities and Goals

    The Purpose

    Translate goals into specific and coherent actions to enable your ITAM practice to deliver business value.

    Key Benefits Achieved

    A business-aligned approach to ITAM, encompassing scope, structure, tools, audits, budgets, documentation and more.

    A high-level roadmap to achieve your vision for the ITAM practice.

    Activities

    2.1 Define ITAM scope.

    2.2 Acquire ITAM services (outsourcing and contracting).

    2.3 Centralize or decentralize ITAM capabilities.

    2.4 Create a RACI for the ITAM practice.

    2.5 Align ITAM with other service management practices.

    2.6 Evaluate ITAM tools and integrations.

    2.7 Create a plan for internal and external audits.

    2.8 Improve your budget processes.

    2.9 Establish a documentation framework.

    2.10 Create a roadmap and communication plan.

    Outputs

    Your ITAM approach

    ITAM roadmap and communication plan

    Further reading

    Develop an IT Asset Management Strategy

    Define your business-aligned approach to ITAM.

    Table of Contents

    4 Analyst Perspective

    5 Executive Summary

    17 Phase 1: Establish Business-Aligned ITAM Goals and Priorities

    59 Phase 2: Support ITAM Goals and Priorities

    116 Bibliography

    Develop an IT Asset Management Strategy

    Define your business-aligned approach to ITAM.

    EXECUTIVE BRIEF

    Analyst Perspective

    Track hardware and software. Seems easy, right?

    It’s often taken for granted that IT can easily and accurately provide definitive answers to questions like “how many laptops do we have at Site 1?” or “do we have the right number of SQL licenses?” or “how much do we need to budget for device replacements next year?” After all, don’t we know what we have?

    IT can’t easily provide these answers because to do so you must track hardware and software throughout its lifecycle – which is not easy. And unfortunately, you often need to respond to these questions on very short notice because of an audit or to support a budgeting exercise.

    IT Asset Management (ITAM) is the solution. It’s not a new solution – the discipline has been around for decades. But the key to success is to deploy the practice in a way that is sustainable, right-sized, and maximizes value.

    Use our practical methodology to develop and document your approach to ITAM that is aligned with the goals of your organization.

    Photo of Andrew Sharp, Research Director, Infrastructure & Operations Practice, Info-Tech Research Group.

    Andrew Sharp
    Research Director
    Infrastructure & Operations Practice
    Info-Tech Research Group

    		Realize the value of asset management

    Cost optimization, application rationalization and reduction of technical debt are all considered valuable to right-size spending and improve service outcomes. Without access to accurate data, these activities require significant investments of time and effort, starting with creation of point-in-time inventories, which lengthens the timeline to reaching project value and may still not be accurate.

    Cost optimization and reduction of technical debt should be part of your culture and technical roadmap rather than one-off projects. Why? Access to accurate information enables the organization to quickly make decisions and pivot plans as needed. Through asset management, ongoing harvest and redeployment of assets improves utilization-to-spend ratios. We would never see any organization saying, “We’ve closed our year end books, let’s fire the accountants,” but often see this valuable service relegated to the back burner. Similar to the philosophy that “the best time to plant a tree is 20 years ago and the next best time is now,” the sooner you can start to collect, validate, and analyze data, the sooner you will find value in it.

    Photo of Sandi Conrad, Principal Research Director, Infrastructure & Operations Practice, Info-Tech Research Group.

    Sandi Conrad
    Principal Research Director
    Infrastructure & Operations Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    You have a mandate to create an accurate and actionable database of the IT assets in your environment, but:

    • The data you have is often incomplete or wrong.
    • Processes are broken or non-existent.
    • Your tools aren’t up to the task of tracking ever more hardware, software, and relevant metadata.
    • The role of stakeholders outside the core ITAM team isn’t well defined or understood.
    		 Common Obstacles

    It is challenging to make needed changes because:

    • There’s cultural resistance to asset tracking, it’s seen as busywork that doesn’t clearly create value.
    • Decentralized IT teams aren’t generating the data required to track hardware and licenses.
    • ITAM can’t direct needed tool improvements because the admins don’t report to ITAM.
    • It’s hard to find time to improve processes given the day-to-day demands on your time.
    		 Info-Tech’s Approach
    • Develop an approach and strategy for ITAM that is sustainable and aligned with your business priorities.
    • Clarify the structure for the ITAM program, including scope, responsibility and accountability, centralization vs. decentralization, outsourcing vs. insourcing, and more.
    • Create a practical roadmap to guide improvement.
    • Summarize your strategy and approach using Info-Tech’s templates for review with stakeholders.

    Info-Tech Insight

    ITAM is a foundational IT service that provides accurate, accessible, actionable data on IT assets. But there’s no value in data for data’s sake. Enable collaboration between IT asset managers, business leaders, and IT leaders to develop an ITAM strategy that maximizes the value they can deliver as service providers.

    Unlock business value with IT asset management

    • IT asset management (ITAM) is the practice of maintaining accurate, accessible, and actionable data on the assets within the organization’s IT estate. Each IT asset will have a record that tracks it across its lifecycle from purchase to disposal.
    • ITAM’s value is realized through other processes and practice areas that can leverage ITAM data to manage risk, improve IT services, and control costs.
    • Develop an approach to ITAM that maximizes the value delivered to the business and IT. ITAM succeeds when its partners succeed at delivering business value, and it fails when it doesn’t show value to those partners.

    This blueprint will help you develop your approach for the management of IT hardware and software, including cloud services. Leverage other Info-Tech methodologies to dive directly into developing hardware asset management procedures, software asset management procedures, or to implement configuration management best practices.

    Info-Tech Members report significant savings from implementing our hardware and software asset management frameworks. In order to maximize value from the process-focused methodologies below, develop your ITAM strategy first.

    Implement Hardware Asset Management (Based on Info-Tech Measured Value Surveys results from clients working through these blueprints, as of February 2022.)

    9.6/10

    $23k

    32
    Overall Impact Average $ Saved Average Days Saved
    Implement Software Asset Management (Based on Info-Tech Measured Value Surveys results from clients working through these blueprints, as of February 2022.)

    9.0/10

    $12k

    5
    Overall Impact Average $ Saved Average Days Saved

    ITAM provides both early and ongoing value

    ITAM isn’t one-and-done. Properly supported, your ITAM practice will deliver up-front value that will help demonstrate the value ongoing ITAM can offer through the maintenance of an accurate, accessible, and actionable ITAM database.

    Example: Software Savings from ITAM



    This chart shows the money saved between the first quote and the final price for software and maintenance by a five-person ITAM team. Over a year and a half, they saved their organization a total of $7.5 million from a first quote total of $21 million over that period.

    This is a perfect example of the direct value that ITAM can provide on an ongoing basis to the organization, when properly supported and integrated with IT and the business.

    Examples of up-front value delivered in the first year of the ITAM practice:

    • Save money by reviewing and renegotiating critical, high-spend, and undermanaged software and service contracts.
    • Redeploy or dispose of clearly unused hardware and software.
    • Develop and enforce standards for basic hardware and software.
    • Improve ITAM data quality and build trust in the results.

    Examples of long-term value from ongoing governance, management, and operational ITAM activities:

    • Optimize spend: Reallocate unused hardware and software, end unneeded service agreements, and manage renewals and audits.
    • Reduce risk: Provide comprehensive asset data for security controls development and incident management; manage equipment disposal.
    • Improve IT service: Support incident, problem, request, and change management with ITAM data. Develop new solutions with an understanding of what you have already.

    Common obstacles

    The rulebook is available, but hard to follow
    • ITAM takes a village, but stakeholders aren’t aware of their role. ITAM processes rely on technicians to update asset records, vendors to supply asset data, administrators to manage tools, leadership to provide direction and support, and more.
    • Constant change in the IT and business environment undermines the accuracy of ITAM records (e.g. licensing and contract changes, technology changes that break discovery tools, personnel and organizational changes).
    • Improvement efforts are overwhelmed by day-to-day activities. One study found that 83% of SAM teams’ time is consumed by audit-related activities. (Flexera State of ITAM Report 2022) A lack of improvement becomes a vicious cycle when stakeholders who don’t see the value of ITAM decline to dedicate resources for improvement.
    • Stakeholders expect ITAM tools to be a cure-all, but even at their best, they can’t provide needed answers without some level of configuration, manual input, and supervision.
    • There’s often a struggle to connect ITAM to value. For example, respondents to Info-Tech’s Management & Governance Diagnostic consistently rank ITAM as less important than other processes that ITAM directly supports (e.g. budget management and budget optimization). (Info-Tech MGD Diagnostic (n=972 unique organizations))
    		 ITAM is a mature discipline with well-established standards, certifications, and tools, but we still struggle with it.
    • Only 28% of SAM teams track IaaS and PaaS spend, and only 35% of SAM teams track SaaS usage.
    • Increasing SAM maturity is a challenge for 76% of organizations.
    • 10% of organizations surveyed have spent more than $5 million in the last three years in audit penalties and true-ups.
    • Half of all of organizations lack a viable SAM tool.
    • Seventy percent of SAM teams have a shortfall of qualified resources.
      • (Flexera State of ITAM Report 2022)

    Info-Tech's IT Asset Management Framework (ITAM)

    Adopt, manage, and mature activities to enable business value thorugh actionable, accessible, and accurate ITAM data

    Logo for Info-Tech Research Group. Enable Business Value Logo for #iTRG.
    Business-Aligned Spend
    Optimization and Transparency
    Facilitate IT Services
    and Products
    Actionable, Accessible,
    and Accurate Data
    Context-Aware Risk Management
    and Security Controls

    Plan & Govern

    Business Goals, Risks, and Structure
    • ITAM Goals & Priorities
    • Roles, Accountability, Responsibilities
    • Scope
    Ongoing Management Commitment
    • Resourcing & Funding
    • Policies & Enforcement
    • Continuous Improvement
    Culture
    • ITAM Education, Awareness & Training
    • Organizational Change Management
    		 Section title 'Operate' with a cycle surrounding key components of Operate: 'Data Collection & Validation', 'Tool Administration', 'License Management', and 'Lease Management'. The cycle consists of 'Request', 'Procure', 'Receive', 'Deploy', 'Manage', 'Retire & Dispose', and back to 'Request'.

    Build & Manage

    Tools & Data
    • ITAM Tool Selection & Deployment
    • Configuration Management Synchronization
    • IT Service Management Integration
    Process
    • Process Management
    • Data & Process Audits
    • Document Management
    People, Policies, and Providers
    • Stakeholder Management
    • Technology Standardization
    • Vendor & Contract Management

    Info-Tech Insight

    ITAM is a foundational IT service that provides actionable, accessible, and accurate data on IT assets. But there's no value in data for data's sake. Use this methodology to enable collaboration between ITAM, the business, and IT to develop an approach to ITAM that maximizes the value the ITAM team can deliver as service providers.

    Key deliverable

    IT asset management requires ongoing practice – you can’t just implement it and walk away.

    Our methodology will help you build a business-aligned strategy and approach for your ITAM practice with the following outputs:

    • Business-aligned ITAM priorities, opportunities, and goals.
    • Current and target state ITAM maturity.
    • Metrics and KPIs.
    • Roles, responsibilities, and accountability.
    • Insourcing, outsourcing, and (de)centralization.
    • Tools and technology.
    • A documentation framework.
    • Initiatives, a roadmap, and a communication plan.
    		 Each step of this blueprint is designed to help you create your IT asset management strategy:
    Sample of Info-Tech's key deliverable 'IT Asset Management' blueprint.

    Info-Tech’s methodology to develop an IT asset management strategy

    1. Establish business-aligned ITAM goals and priorities 2. Identify your approach to support ITAM priorities and goals
    Phase Steps
    • 1.1 Define ITAM and brainstorm opportunities and challenges.
      • Executive Alignment Working Session:
    • 1.2 Review organizational priorities, strategy, and key initiatives.
    • 1.3 Align executive priorities with ITAM opportunities and priorities.
    • 1.4 Identify business-aligned ITAM goals and target maturity.
    • 1.5 Write mission and vision statements.
    • 1.6 Define ITAM metrics and KPIs.
    • 2.1 Define ITAM scope.
    • 2.2 Acquire ITAM services (outsourcing and contracting).
    • 2.3 Centralize or decentralize ITAM capabilities.
    • 2.4 Create a RACI for the ITAM practice.
    • 2.5 Align ITAM with other service management practices.
    • 2.6 Evaluate ITAM tools and integrations.
    • 2.7 Create a plan for internal and external audits.
    • 2.8 Improve your budget processes.
    • 2.9 Establish a documentation framework.
    • 2.10 Create a roadmap and communication plan.
    Phase Outcomes Defined, business-aligned goals and priorities for ITAM. Establish an approach to achieving ITAM goals and priorities including scope, structure, tools, service management integrations, documentation, and more.
    Project Outcomes Develop an approach and strategy for ITAM that is sustainable and aligned with your business priorities.

    Insight Summary

    There’s no value in data for data’s sake

    ITAM is a foundational IT service that provides accurate, accessible, actionable data on IT assets. Enable collaboration between IT asset managers, business leaders, and IT leaders to develop an approach to ITAM that maximizes the value they can deliver as service providers.

    Service provider to a service provider

    ITAM is often viewed (when it’s viewed at all) as a low-value administrative task that doesn’t directly drive business value. This can make it challenging to build a case for funding and resources.

    Your ITAM strategy is a critical component to help you define how ITAM can best deliver value to your organization, and to stop creating data for the sake of data or just to fight the next fire.

    Collaboration over order-taking

    To align ITAM practices to deliver organizational value, you need a very clear understanding of the organization’s goals – both in the moment and as they change over time.

    Ensure your ITAM team has clear line of sight to business strategy, objectives, and decision-makers, so you can continue to deliver value as priorities change

    Embrace dotted lines

    ITAM teams rely heavily on staff, systems, and data beyond their direct area of control. Identify how you will influence key stakeholders, including technicians, administrators, and business partners.

    Help them understand how ITAM success relies on their support, and highlight how their contributions have created organizational value to encourage ongoing support.

    Project benefits

    Benefits for IT
    • Set a foundation and direction for an ITAM practice that will allow IT to manage risk, optimize spend, and enhance services in line with business requirements.
    • Establish accountability and responsibility for essential ITAM activities. Decide where to centralize or decentralize accountability and authority. Identify where outsourcing could add value.
    • Create a roadmap with concrete, practical next steps to develop an effective, right-sized ITAM practice.
    		 Stock image of a trophy. Benefits for the business
    • Plan and control technology spend with confidence based on trustworthy ITAM data.
    • Enhance IT’s ability to rapidly and effectively support new priorities and launch new projects. Effective ITAM can support more streamlined procurement, deployment, and management of assets.
    • Implement security controls that reflect your total technology footprint. Reduce the risk that a forgotten device or unmanaged software turns your organization into the next Colonial Pipeline.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI around 12 calls over the course of 6 months.

    What does a typical GI on this topic look like?

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Review business priorities.

    Call #3: Identify ITAM goals & target maturity.

    		Call #4: Identify metrics and KPIs. Call #5: Define ITAM scope.

    Call #6: Acquire ITAM services.

    		Call #7: ITAM structure and RACI.

    Call #8: ITAM and service management.

    Tools and integrations.

    		Call #10: Internal and external audits.

    Call #11: Budgets & documentation

    Call #12: Roadmap, comms plan. Wrap-up.

    Phase 1 Phase 2

    Workshop Overview
    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Identify ITAM priorities & goals, maturity, metrics and KPIs
    Identify your approach to support ITAM priorities and goals
    Next Steps and wrap-Up (offsite)
    Activities

    1.1 Define ITAM.

    1.2 Brainstorm ITAM opportunities and challenges.

    Conduct an executive alignment working session:

    1.3 Review organizational priorities, strategy, and key initiatives.

    1.4 Align executive priorities with ITAM opportunities.

    1.5 Set ITAM priorities.

    2.1 Translate opportunities into ITAM goals and tactics.

    2.2 Identify target and current state ITAM maturity.

    2.3 Create mission and vision statements.

    2.4 Identify key ITAM metrics and KPIs.

    3.1 Define ITAM scope.

    3.2 Acquire ITAM services (outsourcing and contracting)

    3.3 Centralize or decentralize ITAM capabilities.

    3.4 Create a RACI for the ITAM practice.

    3.5 Align ITAM with other service management practices.

    3.6 Evaluate ITAM tools and integrations.

    4.1 Create a plan for internal and external audits.

    4.2 Improve your budget processes.

    4.3 Establish a documentation framework and identify documentation gaps.

    4.4 Create a roadmap and communication plan.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. ITAM opportunities and challenges.
    2. Align executive priorities with ITAM opportunities.
    3. Set ITAM priorities.
    1. ITAM goals and tactics.
    2. Current and target ITAM maturity.
    3. Mission and vision statements.
    4. ITAM metrics and KPIs.
    1. Decisions that will shape your ITAM approach, including:
      1. What’s in scope (hardware, software, and cloud services).
      2. Where to centralize, decentralize, or outsource ITAM activities.
      3. Accountability, responsibility, and structure for ITAM activities.
      4. Service management alignment, tooling gaps, audit plans, budget processes, and required documentation.
    2. A roadmap and communication plan.
    1. Your completed ITAM strategy template.
    Develop an IT Asset Management Strategy

    Phase 1:

    Establish business-aligned ITAM goals and priorities

    Phase 1

    1.1 Define ITAM and brainstorm opportunities and challenges.

    Executive Alignment Working Session:

    1.2 Review organizational priorities, strategy, and key initiatives.

    1.3 Align executive priorities with ITAM opportunities & priorities.

    1.4 Identify business-aligned ITAM goals and target maturity.

    1.5 Write mission and vision statements.

    1.6 Define ITAM metrics and KPIs.

    Phase 2

    2.1 Define ITAM scope.

    2.2 Acquire ITAM services (outsourcing and contracting).

    2.3 Centralize or decentralize ITAM capabilities.

    2.4 Create a RACI for the ITAM practice.

    2.5 Align ITAM with other service management practices.

    2.6 Evaluate ITAM tools and integrations.

    2.7 Create a plan for internal and external audits.

    2.8 Improve your budget processes.

    2.9 Establish a documentation framework.

    2.10 Create a roadmap and communication plan.

    Phase Outcomes:

    Defined, business-aligned goals, priorities, and KPIs for ITAM. A concise vision and mission statement. The direction you need to establish a practical, right-sized, effective approach to ITAM for your organization.

    Before you get started

    Set yourself up for success with these three steps:
    • This methodology and the related slides are intended to be executed via intensive, collaborative working sessions using the rest of this slide deck.
    • Ensure the working sessions are a success by working through these steps before you start work on your IT asset management strategy.

    1. Identify participants

    Review recommended roles and identify who should participate in the development of your ITAM strategy.

    2. Estimate assets managed today

    Work through an initial assessment to establish ease of access to ITAM data and your level of trust in the data available to you.

    3. Create a working folder

    Create a repository to house your notes and any work in progress, including your copy of the ITAM Strategy Template.

    0.1 Identify participants

    30 minutes

    Output: List of key roles for the strategy exercises outlined in this methodology

    Participants: Project sponsor, Lead facilitator, ITAM manager and SMEs

    This methodology relies on having the right stakeholders in the room to identify ITAM goals, challenges, roles, structure, and more. On each activity slide in this deck, you’ll see an outline of the recommended participants. Use the table below to translate the recommended roles into specific people in your organization. Note that some people may fill multiple roles.

    Role Expectations People
    Project Sponsor Accountable for the overall success of the methodology. Ideally, participates in all exercises in this methodology. May be the asset manager or whoever they report to. Jake Long
    Lead Facilitator Leads, schedules, and manages all working sessions. Guides discussions and ensures activity outputs are completed. Owns and understands the methodology. Has a working knowledge of ITAM. Robert Loblaw
    Asset Manager(s) SME for the ITAM practice. Provides strategic direction to mature ITAM practices in line with organizational goals. Supports the facilitator. Eve Maldonado
    ITAM Team Hands-on ITAM professionals and SMEs. Includes the asset manager. Provide input on tactical ITAM opportunities and challenges. Bruce Wayne, Clark Kent
    IT Leaders & Managers Leaders of key stakeholder groups from across the IT department – the CIO and direct reports. Provide input on what IT needs from ITAM, and the role their teams should play in ITAM activities. May include delegates, particularly those familiar with day-to-day processes relevant to a particular discussion or exercise. Marcelina Hardy, Edmund Broughton
    ITAM Business Partners Non-IT business stakeholders for ITAM. This could include procurement, vendor management, accounting, and others. Zhang Jin, Effie Lamont
    Business Executives Organizational leaders and executives (CFO, COO, CEO, and others) or their delegates. Will participate in a mini-workshop to identify organizational goals and initiatives that can present opportunities for the ITAM practice. Jermaine Mandar, Miranda Kosuth

    0.2 Estimate asset numbers

    1 hour

    Output: Estimates of quantity and spend related to IT assets, Confidence/margin of error on estimates

    Participants: IT asset manager, ITAM team

    What do you know about your current IT environment, and how confident are you in that knowledge?

    This exercise will help you evaluate the size of the challenge ahead in terms of the raw number of assets in your environment, the spend on those assets, and the level of trust your organization has in the ITAM data.

    It is also a baseline snapshot your ability to relay key ITAM metrics quickly and confidently, so you can measure progress (in terms of greater confidence) over time.

    1. Download the estimation tracker below. Add any additional line items that are particularly important to the organization.
    2. Time-box this exercise to an hour. Use your own knowledge and existing data repositories to identify count/spend for each line item, then add a margin of error to your guess. Larger margins of error on larger counts will typically indicate larger risks.
    3. Track any assumptions, data sources used, or SMEs consulted in the comments.

    Download the IT Asset Estimation Tracker

    “Any time there is doubt about the data and it doesn’t get explained or fixed, then a new spreadsheet is born. Data validation and maintenance is critical to avoid the hidden costs of having bad data”

    Allison Kinnaird,
    Operations Practice Lead,
    Info-Tech Research Group

    0.3 Create a working folder

    15 minutes

    Output: A repository for templates and work in progress

    Participants: Lead facilitator

    Create a central repository for collaboration – it seems like an obvious step, but it’s one that gets forgotten about
    1. Download a copy of the ITAM Strategy Template.
      1. This will be the repository for all the work you do in the activities listed in this blueprint; take a moment to read it through and familiarize yourself with the contents.
    2. House the template in a shared repository that can house other related work in progress. Share this folder with participants so they can check in on your progress.
    3. You’ll see this callout box: Add your results to your copy of the ITAM Strategy Template as you work through activities in this blueprint. Copy the output to the appropriate slide in the ITAM Strategy Template.
    		 Stock image of a computer screen with a tiny person putting likes on things.

    Collect action items as you go

    Don’t wait until the end to write down your good ideas.
    • The last exercise in this methodology is to gather everything you’ve learned and build a roadmap to improve the ITAM practice.
    • The output of the exercises will inform the roadmap, as they will highlight areas with opportunities for improvement.
    • Write them down as you work through the exercises, or you risk forgetting valuable ideas.
    • Keep an “idea space” – a whiteboard with sticky notes or a shared document – to which any of your participants can post an idea for improvement and that you can review and consolidate later.
    • Encourage participants to add their ideas at any time during the exercises.
    		 Pad of sticky notes, the top of which reads 'Good ideas go here!'

    Step 1.1: Brainstorm ITAM opportunities and challenges

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers
    • ITAM business partners

    Outcomes

    • Rally the working group around a collection of ideas that, when taken together, create a vision for the future ITAM practice.
    • Identify your organization’s current ITAM challenges.

    “ITAM is a cultural shift more than a technology shift.” (Rory Canavan, SAM Charter)

    What is an IT Asset?

    Any piece of technology can be considered an asset, but it doesn’t mean you need to track everything. Image of three people building a computer from the inside.
    Icon of a power button.

    According to the ISO 19770 standard on ITAM, an IT Asset is “[an] item, thing, or entity that can be used to acquire, process, store and distribute digital information and has potential or actual value to an organization.”
    These are all things that IT is expected to support and manage, or that have the potential to directly impact services that IT supports and manages.

    Icon of a half-full battery.

    IT assets are distinct from capital assets. Some IT assets will also be capital assets, but not all will be. And not all capital assets are IT assets, either.

    Icon of a microphone.

    IT assets are typically tracked by IT, not by finance or accounting.
    IT needs more from their IT asset tracking system than the typical finance department can deliver.
    This can include end-user devices, software, IT infrastructure, cloud-based resources, third-party managed IT services, Internet-of-Things devices, embedded electronics, SCADA equipment, “smart” devices, and more.

    Icon of a fingerprint.

    It’s important to track IT assets in a way that enables IT to deliver value to the business – and an important part of this is understanding what not to track. This list should be aligned to the needs of your organization.

    What is IT asset management?

    • IT asset management is the practice of maintaining accurate, accessible, and actionable data on IT hardware, software, and cloud assets from procurement to disposal.
    • Trustworthy data maintained by an IT asset management practice will help your business meet its goals by managing risk, controlling costs, and enabling IT services and products.
    • ITAM tends to focus on the asset itself – its technical, financial, contractual, lifecycle, and ownership attributes – rather than its interactions or connections to other IT assets, which tends to be part of configuration management.

    What IT Asset Management is NOT:

    Configuration Management: Configuration management databases (CMDBs) often draw from the same data pool as ITAM (many configuration items are assets, and vice versa), but they focus on the interaction, interconnection, and interoperation of configuration items within the IT estate.

    In practice, many configuration items will be IT assets (or parts of assets) and vice versa. Configuration and asset teams should work closely together as they develop different but complementary views of the IT environment. Use Info-Tech’s methodology to harness configuration management superpowers.

    Organizational Data Management: Leverage a different Info-Tech methodology to develop a digital and data asset management program within Info-Tech’s DAM framework.

    “Asset management’s job is not to save the organization money, it’s not to push back on software audits.

    It’s to keep the asset database as up-to-date and as trustworthy as possible. That’s it.” (Jeremy Boerger, Consultant & Author)

    “You can’t make any real decisions on CMDB data that’s only 60% accurate.

    You start extrapolating that out, you’re going to get into big problems.” (Mike Austin, Founder & CEO, MetrixData 360)

    What is an ITAM strategy?

    Our strategy document will outline a coherent, sustainable, business-aligned approach to ITAM.

    No single approach to ITAM fits all organizations. Nor will the same approach fit the same organization at different times. A world-leading research university, a state government, and a global manufacturer all have very different goals and priorities that will be best supported by different approaches to ITAM.

    This methodology will walk you through these critical decisions that will define your approach to ITAM:

    • Business-aligned priorities, opportunities, and goals: What pressing opportunities and challenges do we face as an organization? What opportunities does this create that ITAM can seize?
    • Current and future state maturity, challenges: What is the state of the practice today? Where do we need to improve to meet our goals? What challenges stand in the way of improvement?
    • Responsibility, accountability, sourcing and (de)centralization: Who does what? Who is accountable? Where is there value to outsourcing? What authority will be centralized or decentralized?
    • Tools, policies, and procedures: What technology do we need? What’s our documentation framework?
    • Initiatives, KPIs, communication plan, and roadmap: What do we need to do, in what order, to build the ITAM practice to where we need it to be? How long do we expect this to take? How will we measure success?

    “A good strategy has coherence, coordinating actions, policies, and resources so as to accomplish an important end. Most organizations, most of the time, don’t have this.

    Instead, they have multiple goals and initiatives that symbolize progress, but no coherent approach to accomplish that progress other than ‘spend more and try harder.’” (Good Strategy, Bad Strategy, Richard Rumelt)

    Enable business value with IT asset management

    If you’ve never experienced a mature ITAM program before, it is almost certainly more rewarding than you’d expect once it’s functioning as intended.

    Each of the below activities can benefit from accessible, actionable, and accurate ITAM data.

    • Which of the activities, practices, and initiatives below have value to your organization?
    • Which could benefit most from ITAM data?
    Manage Risk: Effective ITAM practices provide data and processes that help mitigate the likelihood and impact of potentially damaging IT risks.

    ITAM supports the following practices that help manage organizational risk:

    • Security Controls Development
    • Security Incident Response
    • Security Audit Reports
    • Regulatory Compliance Reports
    • IT Risk Management
    • Technical Debt Management
    • M&A Due Diligence
    		 Optimize Spend: Asset data is essential to maintaining oversight of IT spend, ensuring that scarce resources are allocated where they can have the most impact.

    ITAM supports these activities that help optimize spend:

    • Vendor Management & Negotiations
    • IT Budget Management & Variance Analysis
    • Asset Utilization Analysis
    • FinOps & Cloud Spend Optimization
    • Showback & Chargeback
    • Software Audit Defense
    • Application Rationalization
    • Contract Consolidation
    • License and Device Reallocation
    		 Improve IT Services: Asset data can help inform solutions development and can be used by service teams to enhance and improve IT service practices.

    Use ITAM to facilitate these IT services and initiatives:

    • Solution and Enterprise Architecture
    • Service Level Management
    • Technology Procurement
    • Technology Refresh Projects
    • Incident & Problem Management
    • Request Management
    • Change Management
    • Green IT

    1.1 Brainstorm ideas to create a vision for the ITAM practice

    30 minutes

    Input: Stakeholders with a vision of what ITAM could provide, if resourced and funded adequately

    Output: A collection of ideas that, when taken together, create a vision for the future ITAM practice

    Materials: ITAM strategy template, Whiteboard or virtual whiteboard

    Participants: ITAM team, IT leaders and managers, ITAM business partners

    It can be easy to lose sight of long-term goals when you’re stuck in firefighting mode. Let’s get the working group into a forward-looking mindset with this exercise.

    Think about what ITAM could deliver with unlimited time, money, and technology.

    1. Provide three sticky notes to each participant.
    2. Add the headings to a whiteboard, or use a blank slide as a digital whiteboard
    3. On each sticky note, ask participants to outline a single idea as follows:
      1. We could: [idea]
      2. Which would help: [stakeholder]
      3. Because: [outcome]
    4. Ask participants to present their sticky notes and post them to the whiteboard. Ask later participants to group similar ideas together.

    As you hear your peers describe what they hope and expect to achieve with ITAM, a shared vision of what ITAM could be will start to emerge.

    1.1 Identify structural ITAM challenges

    30 minutes

    Input: The list of common challenges on the next slide, Your estimated visibility into IT assets from the previous exercise, The experience and knowledge of your participants

    Output: Identify current ITAM challenges

    Materials: Your working copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers, ITAM business partners

    What’s standing in the way today of delivering the ITAM practices you want to achieve?

    Review the list of common challenges on the next slide as a group.

    1. Delete any challenges that don’t apply to your organization.
    2. Modify any challenges as required to reflect your organization.
    3. Add further challenges that aren’t on the list, as required.
    4. Highlight challenges that are particularly painful.

    Add your results to your copy of the ITAM Strategy Template

    “The problem – the reason why asset management initiatives keep falling on their face – is that people attack asset management as a problem to solve, instead of a practice and epistemological construct.” (Jeremy Boerger, Consultant & Author)

    1.1 Identify structural ITAM challenges

    Review and update the list of common challenges below to reflect your own organization.

    • Leadership and executives don’t understand the value of asset management and don’t fund or resource it.
    • Tools aren’t fit for purpose, don’t scale, or are broken.
    • There’s a cultural tendency to focus on tools over processes.
    • ITAM data is fragmented across multiple repositories.
    • ITAM data is widely viewed as untrustworthy.
    • Stakeholders respond to vendor audits before consulting ITAM, which leads to confusion and risks penalties.
    • No time for improvement; we’re always fighting fires.
    • We don’t audit our own ITAM data for accuracy.
    • End-user equipment is shared, re-assigned, or disposed without notifying or involving IT.
    • No dedicated resources.
    • Lack of clarity on roles and responsibilities.
    • Technicians don’t track assets consistently; ITAM is seen as administrative busywork.
    • Many ITAM tasks are manual and prone to error.
    • Inconsistent organizational policies and procedures.
    • We try to manage too many hardware types/software titles.
    • IT is not involved in the procurement process.
    • Request and procurement is seen as slow and excessively bureaucratic.
    • Hardware/software standards don’t exist or aren’t enforced.
    • Extensive rogue purchases/shadow IT are challenging to manage via ITAM tools and processes.
    What Else?

    Copy results to your copy of the ITAM Strategy Template

    Step 1.2: Review organizational priorities, strategy, initiatives

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers
    • Business executives or their delegates

    Outcomes

    • Review organizational priorities and strategy.
    • Identify key initiatives.

    Enter the executives

    Deliver on leadership priorities

    • Your business’ major transformative projects and executive priorities might seem far removed from hardware and software tracking. Why would we start with business strategy and executive priorities as we’re setting goals for the ITAM program?
    • While business executives have (likely) no interest in how software and hardware is tracked, they are accountable for the outcomes ITAM can enable. They are the most likely to understand why and how ITAM can deliver value to the organization.
    • ITAM succeeds by enabling its stakeholders to achieve business outcomes. The next three activities are designed to help you identify how you can enable your stakeholders, and what outcomes are most important from their point of view. Specifically:
      • What are the business’ planned transformational initiatives?
      • What are your highest priority goals?
      • What should the priorities of the ITAM practice be?
    • The answers to these questions will shape your approach to ITAM. Direct input from your leadership and executives – or their delegates – will help ensure you’re setting a solid foundation for your ITAM practice.

    “What outcomes does the organization want from IT asset management? Often, senior managers have a clear vision for the organization and where IT needs to go, and the struggle is to communicate that down.” (Kylie Fowler, ITAM Intelligence)

    Stock image of many hands with different puzzle pieces.

    Executive Alignment Session Overview

    ITAM Strategy Working Sessions

    • Discover & Brainstorm
    • Executive Alignment Working Session
      • 1.2 Review organizational strategy, priorities, and key initiatives
      • 1.3 Align executive priorities with ITAM opportunities, set ITAM priorities
    • ITAM Practice Maturity, Vision & Mission, Metrics & KPIs
    • Scope, Outsourcing, (De)Centralization, RACI
    • Service Management Integration
    • ITAM Tools
    • Audits, Budgets, Documents
    • Roadmap & Comms Plan

    A note to the lead facilitator and project sponsor:
    Consider working through these exercises by yourself ahead of time. As you do so, you’ll develop your own ideas about where these discussions may go, which will help you guide the discussion and provide examples to participants.

    1.2 Review organizational strategy and priorities

    30 minutes

    Input: Organizational strategy documents

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: The diagram in the next slide, and/or a whiteboard, Your copy of the ITAM Strategy Template

    Participants: Asset manager, IT leadership, Business executives or delegates

    Welcome your group to the working session and outline the next few exercises using the previous slide.

    Ask the most senior leader present to provide a summary of the following:

    1. What is the vision for the organization?
    2. What are our priorities and what must we absolutely get right?
    3. What do we expect the organization to look like in three years?

    The facilitator or a dedicated note-taker should record key points on a whiteboard or flipchart paper.

    1.2 Identify transformational initiatives

    30 minutes

    Input: Organizational strategy documents

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: The diagram in the next slide, and/or a whiteboard, Your copy of the ITAM Strategy Template

    Participants: Asset manager, IT leadership, Business executives or delegates

    Ask the most senior leader present to provide a summary of the following: What transformative business and IT initiatives are planned? When will they begin and end?

    Using one box per initiative, draw the initiatives in a timeline like the one below.

    Sample timeline for ITAM initiatives.

    Add your results to your copy of the ITAM Strategy Template

    Step 1.3: Set business-aligned ITAM priorities

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers
    • Business executives

    Outcomes

    • Connect executive priorities to ITAM opportunities.
    • Set business-aligned priorities for the ITAM practice.

    1.3 Align executive priorities with ITAM opportunities

    45 minutes

    Input: Organizational strategy documents

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: The diagram in the next slide, and/or a whiteboard, Your copy of the ITAM Strategy Template

    Participants: Asset manager, IT leaders and managers, Business executives or delegates

    In this exercise, we’ll use the table on the next slide to identify the top priorities of key business and IT stakeholders and connect them to opportunities for the ITAM practice.

    1. Ask your leadership or executive delegates – what are their goals? What are they trying to accomplish? List roles and related goals in the table.
    2. Brainstorm opportunities for IT asset management to support listed goals:
      1. Can ITAM provide an enhanced level of service, access, or insight?
      2. Can ITAM address an existing issue or mitigate an existing risk?

    Add your results to your copy of the ITAM Strategy Template

    1.3 Align executive priorities with ITAM opportunities (example)

    ITAM is for the… Who wants to… Which presents these ITAM opportunities
    CEO Deliver transformative business initiatives Acquire the right tech at the right time to support transformational initiatives.
    Establish a data-driven culture of stewardship Improve data to increase IT spend transparency.
    COO Improve organizational efficiency Increase asset use.
    Consolidate major software contracts to drive discounts.
    CFO Accurately forecast spending Track and anticipate IT asset spending.
    Control spending Improve data to increase IT spend transparency.
    Consolidate major software contracts to drive discounts.
    CIO Demonstrate IT value Use data to tell a story about value delivered by IT assets.
    Govern IT use Improve data to increase IT spend transparency.
    CISO Manage IT security and compliance risks Identify abandoned or out-of-spec IT assets.
    Provide IT asset data to support controls development.
    Respond to security incidents Support security incident teams with IT asset data.
    Apps Leader Build, integrate, and support applications Identify opportunities to retire applications with redundant functionality.
    Connect applications to relevant licensing and support agreements.
    IT Infra Leader Build and support IT infrastructure. Provide input on opportunities to standardize hardware and software.
    Provide IT asset data to technicians supporting end users.

    1.3 Categorize ITAM opportunities

    10-15 minutes

    Input: The outputs from the previous exercise

    Output: Executive priorities, sorted into the three categories at the right

    Materials: The table in this slide, The outputs from the previous exercise

    Participants: Lead facilitator

    Give your participants a quick break. Quickly sort the identified ITAM opportunities into the three main categories below as best you can.

    We’ll use this table as context for the next exercise.

    Example: Optimize Spend Enhance IT Services Manage Risk
    ITAM Opportunities
    • Improve data to increase IT spend transparency.
    • Consolidate major software contracts to drive discounts.
    • Increase asset utilization.
    • Identify opportunities to retire applications with redundant functionality
    • Acquire the right tech at the right time to support transformational initiatives.
    • Provide IT asset data to technicians supporting end users.
    • Identify abandoned or out-of-spec IT assets.
    • Provide IT asset data to support controls development.
    • Support security incident teams with IT asset data.

    Add your results to your copy of the ITAM Strategy Template

    1.3 Set ITAM priorities

    30 minutes

    Input: Organizational strategy documents

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: Whiteboard, The template on the next slide, Your copy of the ITAM Strategy Template

    Participants: Asset manager, IT leaders and managers, Business executives or delegates

    The objective of this exercise is to prioritize the outcomes your organization wants to achieve from its ITAM practice, given the context from the previous exercises.

    Review the image below. The three points of the triangle are the three core goals of ITAM: Enhance IT Service, Manage Risk, and Optimize Spend. This exercise was first developed by Kylie Fowler of ITAM Intelligence. It is an essential exercise to understand ITAM priorities and the tradeoffs associated with those priorities. These priorities aren’t set in stone and should be revisited periodically as technology and business priorities change.

    Draw the diagram on the next slide on a whiteboard. Have the most senior leader in the room place the dot on the triangle – the closer it is to any one of the goals, the more important that goal is to the organization. Note: The center of the triangle is off limits! It’s very rarely possible to deliver on all three at once.
    Track notes on what’s being prioritized – and why – in the template on the next slide.     		Triangle with the points labelled 'Enhance IT Service', 'Manage Risk', and 'Optimize Spend'.

    Add your results to your copy of the ITAM Strategy Template

    1.3 Set ITAM Priorities

    The priorities of the ITAM practice are to:
    • Optimize Spend
    • Manage Risk
    Why?
    • We believe there is significant opportunity right now to rationalize spend by consolidating key software contracts.
    • Major acquisitions are anticipated in the near future. Effective ITAM processes are expected to mitigate acquisition risk by supporting due diligence and streamlined integration of acquired organizations.
    • Ransomware and supply chain security threats have increased demands for a comprehensive accounting of IT assets to support security controls development and security incident response.
    (Update this section with notes from your discussion.)     		Triangle with the points labelled 'Enhance IT Service', 'Manage Risk', and 'Optimize Spend'. There is a dot close to the 'Optimize Spend' corner, a legend labelling the dot as 'Our Target', and a note reading 'Move this dot to reflect your priorities'.

    Step 1.4: Identify ITAM goals, target maturity

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers

    Outcomes

    • Connect executive priorities to ITAM opportunities.
    • Set business-aligned priorities for the ITAM practice.

    “ITAM is really no different from the other ITIL practices: to succeed, you’ll need some ratio of time, treasure, and talent… and you can make up for less of one with more of the other two.” (Jeremy Boerger, Consultant and Author)

    1.4 Identify near- and medium-term goals

    15-30 minutes

    Input: Organizational strategy documents

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers

    Narrow down the list of opportunities to identify specific goals for the ITAM practice.

    1. Use one color to highlight opportunities you will seize in the next year.
    2. Use a second color to highlight opportunities you plan to address in the next three years.
    3. Leave blank anything you don’t intend to address in this timeframe.

    The highlighted opportunities are your near- and medium-term objectives.

    Optimize Spend Enhance IT Services Manage Risk
    Priority Critical Normal High
    ITAM Opportunities
    • Improve data to increase IT spend transparency.
    • Increase asset utilization.
    • Consolidate major software contracts to drive discounts.
    • Identify opportunities to retire applications with redundant functionality
    • Acquire the right tech at the right time to support transformational initiatives.
    • Provide IT asset data to technicians supporting end users.
    • Identify abandoned or out-of-spec IT assets.
    • Provide IT asset data to support controls development.
    • Support security incident teams with IT asset data.

    1.4 Connect ITAM goals to tactics

    30 minutes

    Input: Organizational strategy documents

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers

    Let’s dig down a little deeper. Connect the list of opportunities from earlier to specific ITAM tactics that allow the team to seize those opportunities.

    Add another row to the earlier table for ITAM tactics. Brainstorm tactics with your participants (e.g. sticky notes on a whiteboard) and align them with the priorities they’ll support.

    Optimize SpendEnhance IT ServicesManage Risk
    PriorityCriticalNormalHigh
    ITAM Opportunities
    • Improve data to increase IT spend transparency.
    • Increase asset utilization.
    • Consolidate major software contracts to drive discounts.
    • Identify opportunities to retire applications with redundant functionality
    • Acquire the right tech at the right time to support transformational initiatives.
    • Provide IT asset data to technicians supporting end users.
    • Identify abandoned or out-of-spec IT assets.
    • Provide IT asset data to support controls development.
    • Support security incident teams with IT asset data.
    ITAM Tactics to Seize Opportunities
    • Review and improve hardware budgeting exercises.
    • Reallocate unused licenses, hardware.
    • Ensure ELP reports are up to date.
    • Validate software usage.
    • Data to support software renewal negotiations.
    • Use info from ITAM for more efficient adds, moves, changes.
    • Integrate asset records with the ticket intake system, so that when someone calls the service desk, the list of their assigned equipment is immediately available.
    • Find and retire abandoned devices or services with access to the organization’s network.
    • Report on lost/stolen devices.
    • Develop reliable disposal processes.
    • Report on unpatched devices/software.

    Add your results to your copy of the ITAM Strategy Template

    1.4 Identify current and target state

    20 minutes

    Input: Organizational strategy documents

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers

    We’ll use this exercise to identify the current and one-year target state of ITAM using Info-Tech’s ITAM maturity framework.

    1. Review the maturity framework on the next slide as a group.
    2. In one color, highlight statements that reflect your organization today. Summarize your current state. Are you in firefighter mode? Between “firefighter” and “trusted operator”?
    3. In a second color, highlight statements that reflect where you want to be one year from today, taking into consideration the goals and tactics identified in the last exercise.
    4. During a break, copy the highlighted statements to the table on the slide after next, then add this final slide to your working copy of the ITAM Strategy Template.

    Add your results to your copy of the ITAM Strategy Template

    Establish current and target ITAM maturity

    IT maturity ladder with five color-coded levels. Innovator – Optimized Asset Management
    • All items from Business & Technology Partner, plus:
    • Business and IT stakeholders collaborate regularly with the ITAM team to identify new opportunities to leverage or deploy ITAM practices and data to mitigate risks, optimize spend, and improve service. The ITAM program scales with the business.
    Business & Technology Partner – Proactive Asset Management
    • All items from Trusted Operator, plus:
    • The ITAM data is integral to decisions related to budget, project planning, IT architecture, contract renewal, and vendor management. Software and cloud assets are reviewed as frequently as required to manage costs. ITAM data consumers have self-serve access to ITAM data.
    • Continuous improvement practices strengthen ITAM efficiency and effectiveness.
    • ITAM processes, standards, and related policies are regularly reviewed and updated. ITAM teams work closely with SMEs for key tools/systems integrated with ITAM (e.g. AD, ITSM, monitoring tools) to maximize the value and reliability of integrations.
    Trusted Operator – Controls Assets
    • ITAM data for deployed hardware and software is regularly audited for accuracy.
    • Sufficient staff and skills to support asset tracking, including a dedicated IT asset management role. Teams responsible for ITAM data collection cooperate effectively. Policies and procedures are documented and enforced. Key licenses and contracts are available to the ITAM team. Discovery, tracking, and analysis tools support most important use cases.
    Firefighter – Reactive Asset Tracking
    • Data is often untrustworthy, may be fragmented across multiple repositories, and typically requires significant effort to translate or validate before use.
    • Insufficient staff, fragmented or incomplete policies or documentation. Data tracking processes are extremely highly manual. Effective cooperation for ITAM data collection is challenging.
    • ITAM tools are in place, but additional configuration or tooling is needed.
    Unreliable - Struggles to Support
    • No data, or data is typically unusable.
    • No allocated staff, no cooperation between parties responsible for ITAM data collection.
    • No related policies or documentation.
    • Tools are non-existent or not fit-for-purpose.

    Current and target ITAM maturity

    Today:
    Firefighter
    • Data is often untrustworthy, is fragmented across multiple repositories, and typically requires significant effort to translate or validate before use.
    • Insufficient staff, fragmented or incomplete policies or documentation.
    • Tools are non-existent.
    In One Year:
    Trusted Operator
    • ITAM data for deployed hardware and software is regularly audited for accuracy.
    • Sufficient staff and skills to support asset tracking, including a dedicated IT asset management role.
    • Teams responsible for ITAM data collection cooperate effectively.
    • Discovery, tracking, and analysis tools support most important use cases.
    		IT maturity ladder with five color-coded levels.

    Innovator – Optimized Asset Management

    Business & Technology Partner – Proactive Asset Management

    Trusted Operator – Controls Assets

    Firefighter – Reactive Asset Tracking

    Unreliable - Struggles to Support

    Step 1.5: Write mission and vision statements

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers

    Outcomes

    • Write a mission statement that encapsulates the purpose and intentions of the ITAM practice today.
    • Write a vision statement that describes what the ITAM practice aspires to become and achieve.

    Write vision and mission statements

    Create two statements to summarize the role of the ITAM practice today – and where you want it to be in the future.

    Create two short, compelling statements that encapsulate:
    • The vision for what we want the ITAM practice to be in the future; and
    • The mission – the purpose and intentions – of the ITAM practice today.

    Why bother creating mission and vision statements? After all, isn’t it just rehashing or re-writing all the work we’ve just done? Isn’t that (at best) a waste of time?

    There are a few very important reasons to create mission and vision statements:

    • Create a compass that can guide work today and your roadmap for the future.
    • Focus on the few things you must do, rather than the many things you could do.
    • Concisely communicate a compelling vision for the ITAM practice to a larger audience who (let’s face it) probably won’t read the entire ITAM Strategy deck.

    “Brevity is the soul of wit.” (Hamlet, Act 2, Scene 2)

    “Writing is easy. All you have to do is cross out the wrong words.” (Mark Twain)

    1.5 Write an ITAM vision statement

    30 minutes

    Input: Organizational strategy documents

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: A whiteboard, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT Leaders and managers

    Your vision statement describes the ITAM practice as it will be in the far future. It is a target to aspire to, beyond your ability to achieve in the near or medium term.

    Examples of ITAM vision statements:

    Develop the single accurate view of IT assets, available to anyone who needs it.

    Indispensable data brokers that support strategic decisions on the IT environment.

    Provide sticky notes to participants. Write out the three questions below on a whiteboard side by side. Have participants write their answers to the questions and post them below the appropriate question. Give everyone 10 minutes to write and post their ideas.

    1. What’s the desired future state of the ITAM practice?
    2. What needs to be done to achieved this desired state?
    3. How do we want ITAM to be perceived in this desired state?

    Review the answers and combine them into one focused vision statement. Use the 20x20 rule: take no more than 20 minutes and use no more than 20 words. If you’re not finished after 20 minutes, the ITAM manager should make any final edits offline.

    Document your vision statement in your ITAM Strategy Template.

    Add your results to your copy of the ITAM Strategy Template

    1.5 Write an ITAM mission statement

    30 minutes

    Input: Organizational strategy documents

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers

    Your ITAM mission statement is an expression of what your IT asset management function brings to your organization today. It should be presented in straightforward language that is compelling, easy to understand, and sharply focused.

    Examples of ITAM mission statements:

    Maintain accurate, actionable, accessible on data on all IT assets.

    Support IT and the business with centralized and integrated asset data.

    Provide sticky notes to participants. Write out the questions below on a whiteboard side by side. Have participants write their answers to the questions and post them below the appropriate question. Give everyone 10 minutes to write and post their ideas.

    1. What is our role as the asset management team?
    2. How do we support the IT and business strategies?
    3. What does our asset management function offer that no one else can?

    Review the answers and combine them into one focused vision statement. Use the 20x20 rule: take no more than 20 minutes and use no more than 20 words. If you’re not finished after 20 minutes, the ITAM manager should make any final edits offline.

    Document your vision statement in your ITAM Strategy Template.

    Add your results to your copy of the ITAM Strategy Template

    Step 1.6: Define ITAM metrics and KPIs

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers

    Outcomes

    • Identify metrics, data, or reports that may be of interest to different consumers of ITAM data.
    • Identify the key performance indicators (KPIs) for the ITAM practice, based on the goals and priorities established earlier.

    Navigate a universe of ITAM metrics

    When you have the data, how will you use it?

    • There’s a dizzying array of potential metrics you can develop and track across your ITAM environment.
    • Different stakeholders will need different data feeds, metrics, reports, and dashboards.
    • Different measures will be useful at different times. You will often need to filter or slice the data in different ways (by department, timeframe, equipment type, etc.)
    • We’ll use the next few exercises to identify the types of metrics that may be useful to different stakeholders and the KPIs to measure progress towards ITAM goals and priorities.

    ITAM Metrics

    • Quantity
      e.g. # of devices or licenses
    • Cost
      e.g. average laptop cost
    • Compliance
      e.g. effective license position reports
    • Progress
      e.g. ITAM roadmap items completed
    • Quality
      e.g. ITAM data accuracy rate
    • Time
      e.g. time to procure/ deploy

    Drill down by:

    • Vendor
    • Date
    • Dept.
    • Product
    • Location
    • Cost Center

    Develop different metrics for different teams

    A few examples:

    • CIOs — CIOs need asset data to govern technology use, align to business needs, and demonstrate IT value. What do we need to budget for hardware and software in the next year? Where can we find money to support urgent new initiatives? How many devices and software titles do we manage compared to last year? How has IT helped the business achieve key goals?
    • Asset Managers — Asset managers require data to help them oversee ITAM processes, technology, and staff, and to manage the fleet of IT assets they’re expected to track. What’s the accuracy rate of ITAM data? What’s the state of integrations between ITAM and other systems and processes? How many renewals are coming up in the next 90 days? How many laptops are in stock?
    • IT Leaders — IT managers need data that can support their teams and help them manage the technology within their mandate. What technology needs to be reviewed or retired? What do we actually manage?
    • Technicians — Service desk technicians need real-time access to data on IT assets to support service requests and incident management – for example, easy access to the list of equipment assigned to a particular user or installed in a particular location.
    • Business Managers and Executives — Business managers and executives need concise, readable dashboards to support business decisions about business use of IT assets. What’s our overall asset spend? What’s our forecasted spend? Where could we reallocate spend?

    1.6 Identify useful ITAM metrics and reports

    60 minutes

    Input: Organizational strategy documents

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers

    Use this exercise to identify as many potentially useful ITAM metrics and reports as possible, and narrow them down to a few high-priority metrics. Leverage the list of example metrics on the next slide for your own exercise. If you have more than six participants, consider splitting into two or more groups, and divide the table between groups to minimize overlap.

    1. List potential consumers of ITAM data in the column on the left.
    2. What type of information do we think this role needs? What questions about IT assets do we get on a regular basis from this role or team?
    3. Review and consolidate the list as a group. Discuss and highlight any metrics the group thinks are a particularly high priority for tracking.
    Role Compliance Quality Quantity Cost Time Progress
    IT Asset Manager Owned devices not discovered in last 60 days Discrepancies between discovery data and ITAM DB records # of corporate-owned devices Spend on hardware (recent and future/ planned) Average time, maximum time to deploy end-user devices Number of ITAM roadmap items in progress
    Service Desk

    Add your results to your copy of the ITAM Strategy Template

    Examples of ITAM metrics

    Compliance Quality Quantity Cost Time/Duration/Age Progress
    Owned devices not discovered in last 60 days Discrepancies between discovery data and ITAM DB records # of corporate-owned devices Spend on hardware (recent and future/planned) Average time, maximum time to deploy end-user devices Number of ITAM roadmap items in progress or completed
    Disposed devices without certificate of destruction Breakage rates (in and out of warranty) by vendor # of devices running software title X, # of licenses for software title X Spend on software (recent and future/planned) Average time, maximum time to deploy end user software Number of integrations between ITAM DB and other sources
    Discrepancies between licenses and install count, by software title RMAs by vendor, model, equipment type Number of requests by equipment model or software title Spend on cloud (recent and future/planned) Average & total time spent on software audit responses Number of records in ITAM database
    Compliance reports (e.g. tied to regulatory compliance or grant funding) Tickets by equipment type or software title Licenses issued from license pool in the last 30 days Value of licenses issued from license pool in the last 30 days (cost avoidance) Devices by age Software titles with an up-to-date ELP report
    Reports on lost and stolen devices, including last assigned, date reported stolen, actions taken User device satisfaction scores, CSAT scores Number of devices retired or donated in last year Number of IT-managed capital assets Number of hardware/software request tickets beyond time-to-fulfil targets Number of devices audited (by ITAM team via self-audit)
    Number of OS versions, unpatched systems Number of devices due for refresh in the next year Spend saved by harvesting unused software Number of software titles, software vendors managed by ITAM team
    Audit accuracy rate Equipment in stock Cost savings from negotiations
    # of users assigned more than one device Number of non-standard devices or requests Dollars charged during audit or true-up

    Differentiate between metrics and KPIs

    Key performance indicators (KPIs) are metrics with targets aligned to goals.

    Targets could include one or more of:

    • Target state (e.g. completed)
    • Target magnitude (e.g. number, percent, rate, dollar amount)
    • Target direction (e.g. trending up or down)

    You may track many metrics, but you should have only a few KPIs (typically 2-3 per objective).

    A breached KPI should be a trigger to investigate and remediate the root cause of the problem, to ensure progress towards goals and priorities can continue.

    Which KPIs you track will change over the life of the practice, as ITAM goals and priorities shift. For example, KPIs may initially track progress towards maturing ITAM practices. Once you’ve reached target maturity, KPIs may shift to track whether the key service targets are being met.

    1.6 Identify ITAM KPIs

    20 minutes

    Input: Organizational strategy documents

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers

    Good KPIs are a more objective measure of whether you’re succeeding in meeting the identified priorities for the ITAM practice.

    Identify metrics that can measure progress or success against the priorities and goals set earlier. Aim for around three metrics per goal. Identify targets for the metric you think are SMART (specific, measurable, achievable, relevant, and timebound). Track your work using the example table below.

    Goal Metric Target
    Consolidate major software contracts to drive discounts Amount spent on top 10 software contracts Decrease by 10% by next year
    Customer satisfaction scores with enterprise software Satisfaction is equal to or better than last year
    Value of licenses issued from license pool 30% greater than last year
    Identify abandoned or out-of-spec IT assets # of security incidents involving undiscovered assets Zero
    % devices with “Deployed” status in ITAM DB but not discovered for 30+ days ‹1% of all records in ITAM DB
    Provide IT asset data to technicians for service calls Customer satisfaction scores Satisfaction is equal to or better than last year
    % of end-user devices meeting minimum standards 97%

    Add your results to your copy of the ITAM Strategy Template

    Develop an IT Asset Management Strategy

    Phase 2:

    Identify your approach to support ITAM priorities and goals

    Phase 1

    1.1 Define ITAM and brainstorm opportunities and challenges.

    Executive Alignment Working Session:

    1.2 Review organizational priorities, strategy, and key initiatives.

    1.3 Align executive priorities with ITAM opportunities & priorities.

    1.4 Identify business-aligned ITAM goals and target maturity.

    1.5 Write mission and vision statements.

    1.6 Define ITAM metrics and KPIs.

    Phase 2

    2.1 Define ITAM scope.

    2.2 Acquire ITAM services (outsourcing and contracting).

    2.3 Centralize or decentralize ITAM capabilities.

    2.4 Create a RACI for the ITAM practice.

    2.5 Align ITAM with other service management practices.

    2.6 Evaluate ITAM tools and integrations.

    2.7 Create a plan for internal and external audits.

    2.8 Improve your budget processes.

    2.9 Establish a documentation framework.

    2.10 Create a roadmap and communication plan.

    Phase Outcomes:

    Establish an approach to achieving ITAM goals and priorities, including scope, structure, tools, service management integrations, documentation, and more.

    Create a roadmap that enables you to realize your approach.

    Step 2.1: Define ITAM Scope

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers
    • ITAM business partners

    Outcomes

    • Establish what types of equipment and software you’ll track through the ITAM practice.
    • Establish which areas of the business will be in scope of the ITAM practice.

    Determine ITAM Scope

    Focus on what’s most important and then document it so everyone understands where they can provide the most value.

    Not all categories of assets require the same level of tracking, and some equipment and software should be excluded from the ITAM practice entirely.

    In some organizations, portions of the environment won’t be tracked by the asset management team at all. For example, some organizations will choose to delegate tracking multi-function printers (MFPs) or proprietary IoT devices to the department or vendor that manages them.

    Due to resourcing or technical limitations, you may decide that certain equipment or software is out of scope for the moment.

    What do other organizations typically track in detail?
    • Installs and entitlements for major software contracts that represent significant spend and/or are highly critical to business goals.
    • Equipment managed directly by IT that needs to be refreshed on a regular cycle:
      • End-user devices such as laptops, desktops, and tablets.
      • Server, network, and telecoms devices.
    • High value equipment that is not regularly refreshed may also be tracked, but in less detail – for example, you may not refresh large screen TVs, but you may need to track date of purchase, deployed location, vendor, and model for insurance or warranty purposes.

    2.1 Establish scope for ITAM

    45 minutes

    Input: Organizational strategy documents

    Output: ITAM scope, in terms of types of assets tracked and not tracked

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers, ITAM business partners

    Establish the hardware and software that are within the scope of the ITAM program by updating the tables below to reflect your own environment. The “out of scope” category will include asset types that may be of value to track in the future but for which the capability or need don’t exist today.

    Hardware Software Out of Scope
    • End-user devices housing data or with a dollar value of more than $300, which will be replaced through lifecycle refresh.
    • Infrastructure devices, including network, telecom, video conferencing, servers and more
    • End-user software purchased under contract
    • Best efforts on single license purchases
    • Infrastructure software, including solutions used by IT to manage the infrastructure
    • Enterprise applications
    • Cloud (SaaS, IaaS, PaaS)
    • Departmental applications
    • Open-source applications
    • In-house developed applications
    • Freeware & shareware
    • IoT devices

    The following locations will be included in the ITAM program: All North and South America offices and retail locations.

    Add your results to your copy of the ITAM Strategy Template

    Step 2.2: Acquire ITAM Services

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers
    • ITAM business partners

    Outcomes

    • Define the type of work that may be more effectively or efficiently delivered by an outsourcer or contractor.

    “We would like our clients to come to us with an idea of where they want to get to. Why are you doing this? Is it for savings? Because you want to manage your security attack surface? Are there digital initiatives you want to move forward? What is the end goal?” (Mike Austin, MetrixData 360)

    Effectively acquire ITAM services

    Allow your team to focus on strategic, value-add activities by acquiring services that free them from commodity tasks.
    • When determining which asset capabilities and activities are best kept in-house and which ones are better handled by a supplier, it is imperative to keep the value to the business in mind.
    • Activities/capabilities that are challenging to standardize and are critical to enabling business goals are better kept in-house.
    • Activities/capabilities that are (or should be) standardized and automated are ideal candidates for outsourcing.
    • Outsourcing can be effective and successful with a narrow scope of engagement and an alignment to business outcomes.
    • Organizations that heavily weigh cost reduction as a significant driver for outsourcing are far less likely to realize the value they expected to receive.
    		 Business Enablement
    • Supports business-aligned ITAM opportunities & priorities
    • Highly specialized
    • Offers competitive advantages
    		 Map with axes 'Business Enablement' and 'Vendor's Performance Advantage' for determining whether or not to outsource.
    Vendor’s Performance Advantage
    • Talent or access to skills
    • Economies of scale
    • Access to technology
    • Does not require deep knowledge of your business

    Decide what to outsource

    It’s rarely all or nothing.

    Ask yourself:
    • How important is this activity or capability to ITAM, IT, and business priorities and goals?
    • Is it a non-commodity IT service that can improve customer satisfaction?
    • Is it a critical service to the business and the specialized knowledge must remain in-house?
    • Does the function require access to talent or skills not currently available in-house, and is cost-prohibitive to obtain?
    • Are there economies of scale that can help us meet growing demand?
    • Does the vendor provide access to best-of-breed tools and solutions that can handle the integration, management, maintenance and support of the complete system?

    You may ultimately choose to engage a single vendor or a combination of multiple vendors who can best meet your ITAM needs.

    Establishing effective vendor management processes, where you can maximize the amount of service you receive while relying on the vendor’s expertise and ability to scale, can help you make your asset management practice a net cost-saver.

    		ITAM activities and capabilities
    • Contract review
    • Software audit management
    • Asset tagging
    • Asset disposal and recycling
    • Initial ITAM record creation
    • End-user device imaging
    • End-user device deployment
    • End-user software provisioning
    • End-user image management
    • ITAM database administration
    • ELP report creation
    • ITAM process management
    • ITAM report generation
    		 ITAM-adjacent activities and capabilities
    • Tier 1 support/service desk
    • Deskside/field support
    • Tier 3 support
    • IT Procurement
    • Device management/managed IT services
    • Budget development
    • Applications development, maintenance
    • Infrastructure hosting (e.g. cloud or colocation)
    • Infrastructure management and support
    • Discovery/monitoring tools management and support

    2.2 Identify outsourcing opportunities

    1-2 hours

    Input: Understanding of current ITAM processes and challenges

    Output: Understanding of potential outsourcing opportunities

    Materials: The table in this slide, and insight in previous slides, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers, ITAM business partners

    At a high level, discuss which functions of ITAM are good candidates for outsourcing.

    Start with the previous slide for examples of outsourcing activities or capabilities directly related to or adjacent to the ITAM practice. Categorize these activities as follows:

    Outsource Potentially Outsource Insource
    • Asset disposal/recycling
    • ELP report creation
    • ITAM process management

    Go through the list of activities to potentially or definitely outsource and confirm:

    1. Will outsourcing solve a resourcing need for an existing process, or can you deliver this adequately in-house?
    2. Will outsourcing improve the effectiveness and efficiency of current processes? Will it deliver more effective service channels or improved levels of reliability and performance consistency?
    3. Will outsourcing provide or enable enhanced service capabilities that your IT customers could use, and which you cannot deliver in-house due to lack of scale or capacity?

    Answering “no” to more than one of these questions suggests a need to further review options to ensure the goals are aligned with the potential value of the service offerings available.

    Add your results to your copy of the ITAM Strategy Template

    Step 2.3: Centralize or decentralize ITAM capabilities

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers
    • ITAM business partners

    Outcomes

    • Outline where the team(s) responsible for ITAM sit across the organization, who they report to, and who they need to work with across IT and the business.

    Align ITAM with IT’s structure

    ITAM’s structure will typically align with the larger business and IT structure. The wrong structure will undermine your ability to meet ITAM goals and lead to frustration, missed work, inefficiency, and loss of value.

    Which of the four archetypes below reflects the structure you need?

    1. Centralized — ITAM is entirely centralized in a single function, which reports into a central IT department.
    2. Decentralized — Local IT groups are responsible and accountable for ITAM. They may coordinate informally but do not report to any central team.
    3. Hybrid-Shared Services — Local IT can opt in to shared services but must follow centrally set ITAM practices to do so, usually with support from a shared ITAM function.
    4. Hybrid-Federated — Local IT departments are free to develop their own approach to ITAM outside of core, centrally set requirements.

    Centralized ITAM

    Total coordination, control, and oversight

    • ITAM accountability, policies, tools, standards, and expertise – in this model, they’re all concentrated in a single, specialized IT asset management practice. Accountability, authority, and oversight are concentrated in the central function as well.
    • A central ITAM team will benefit from knowledge sharing and task specialization opportunities. They are a visible single point of contact for ITAM-related questions
    • The central ITAM team will coordinate ITAM activities across the organization to optimize spend, manage risk, and enhance service. Any local IT teams are supported by and directly answerable to the central ITAM team for ITAM activities.
    • There is a single, centrally managed ITAM database. Wherever possible, this database should be integrated with other tools to support cross-solution automation (e.g. integrate AD to automatically reflect user identity changes in the ITAM database).
    • This model drives cross-organization coordination and oversight, but it may not be responsive to specific and nuanced local requirements.
    		 Example: Centralized
    Example of a Centralized ITAM.

    Solid line. Direct reporting relationship

    Dotted line. Dotted line working or reporting relationship

    Decentralized ITAM

    Maximize choice

    • ITAM accountability and oversight are entirely devolved to local or regional IT and/or ITAM organizations, which are free to set their own priorities, goals, policies, and standards. This model maximizes the authority of local groups to build practices that meet local requirements.
    • It may be challenging to resource and mature local practices. ITAM maturity will vary from one local organization to the next.
    • It is more likely that ITAM managers are a part-time role, and sometimes even a non-IT role. Local ITAM teams or coordinators may coordinate and share knowledge informally, but specialization can be challenging to build or leverage effectively across the organization.
    • There is likely no central ITAM tool. Local tools may be acquired, implemented, and integrated by local IT departments to suit their own needs, which can make it very difficult to report on assets organization-wide – for example, to establish compliance on an enterprise software contract.
    		Example: Decentralized


    Example of a Decentralized ITAM.

    Solid line. Direct reporting relationship

    Dotted line. Dotted line working or reporting relationship

    Blue dotted line. Informal working relationships, knowledge sharing

    Hybrid: Federation

    Centralization with a light touch

    • A middle ground between centralized and decentralized ITAM, this model balances centralized decision making, specialization, and governance with local autonomy.
    • A central team will define organization-wide ITAM goals, develop capabilities, policies, and standards, and monitor compliance by local and central teams. All local teams must comply with centrally defined requirements, but they can also develop further capabilities to meet local goals.
    • For example, there will typically be a central ITAM database that must be used for at least a subset of assets, but other teams may build their own databases for day-to-day operations and export data to the central database as required.
    • There are often overlapping responsibilities in this model. A strong collaborative relationship between central and local ITAM teams is especially important here, particularly after major changes to requirements, processes, tools, or staffing when issues and breakdowns are more likely.
    		Example: Federation


    Example of a Federation ITAM.

    Solid line. Direct reporting relationship

    Purple solid line. Oversight/governance

    Dotted line. Dotted line working or reporting relationship

    Hybrid: Shared Services

    Optional centralization

    • A special case of federated ITAM that balances central control and local autonomy, but with more power given to local IT to opt out of centralized shared services that come with centralized ITAM requirements.
    • ITAM requirements set by the shared services team will support management, allocation, and may have showback or chargeback implications. Following the ITAM requirements is a condition of service. If a local organization chooses to stop using shared services, they are (naturally) no longer required to adhere to the shared services ITAM requirements.
    • As with the federated model, local teams may develop further capabilities to meet local goals.
    		Example: Shared Services


    Example of a Shared Services ITAM.

    Solid line. Direct reporting relationship

    Dotted line. Dotted line working relationship

    Blue dotted line. Informal working relationships, knowledge sharing

    Structure data collection & analysis

    Consider the implications of structure on data.

    Why centralize?
    • There is a need to build reports that aggregate data on assets organization-wide, rather than just assets within a local environment.
    • Decentralized ITAM tracking isn’t producing accurate or usable data, even for local purposes.
    • Tracking tools have overlapping functionality. There’s an opportunity to rationalize spend, management and support for ITAM tools.
    • Contract centralization can optimize spend and manage risks, but only with the data required to manage those contracts.
    		 Why decentralize?
    • Tracking and reporting on local assets is sufficient to meet ITAM goals; there is limited or no need to track assets organization-wide.
    • Local teams have the skills to track and maintain asset data; subsidiaries have appropriate budgets and tools to support ITAM tracking.
    • Decentralized ITSM/ITAM tools are in place, populated, and accurate.
    • The effort to consolidate tools and processes may outweigh the benefits to data centralization.
    • Lots of variability in types of assets and the environment is stable.
    Requirements for success:
    • A centralized IT asset management solution is implemented and managed.
    • Local teams must understand the why and how of centralized data tracking and be held accountable for assigned responsibilities.
    • The asset tool should offer both centralized and localized views of the data.
    		 Requirements for success:
    • Guidelines and expectations for reporting to centralized asset management team will be well defined and supported.
    • Local asset managers will have opportunity to collaborate with others in the role for knowledge transfer and asset trading, where appropriate.

    Structure budget and contract management

    Contract consolidation creates economies of scale for vendor management and license pooling that strengthen your negotiating position with vendors and optimize spend.

    Why centralize?
    • Budgeting, governance, and accountability are already centralized. Centralized ITAM practices can support the existing governance practices.
    • Centralizing contract management and negotiation can optimize spend and/or deliver access to better service.
    • Centralize management for contracts that cover most of the organization, are highly complex, involve large spend and/or higher risk, and will benefit from specialization of asset staff.
    		 Why decentralize?
    • Budgeting, governance, and accountability rest with local organizations.
    • There may be increased need for high levels of customer responsiveness and support.
    • Decentralize contract management for contracts used only by local groups (e.g. a few divisions, a few specialized functions), and that are smaller, low risk, and come with standard terms and conditions.
    Requirements for success:
    • A centralized IT asset management solution is implemented and managed.
    • Contract terms must be harmonized across the organization.
    • Centralized fulfillment is as streamlined as possible. For example, software contracts should include the right to install at any time and pay through a true-up process.
    		 Requirements for success:
    • Any expectations for harmonization with the centralized asset management team will be well defined and supported.
    • Local asset managers can collaborate with other local ITAM leads to support knowledge transfer, asset swapping, etc.

    Structure technology management

    Are there opportunities to centralize or decentralize support functions?

    Why centralize?
    • Standard technologies are deployed organization-wide.
    • There are opportunities to improve service and optimize costs by consolidating knowledge, service contracts, and support functions.
    • Centralizing data on product supply allows for easier harvest and redeployment of assets by a central support team.
    • A stable, central support function can better support localized needs during seasonal staffing changes, mergers and acquisitions.
    		 Why decentralize?
    • Technology is unique to a local subset of users or customers.
    • Minimal opportunity for savings or better support by consolidating knowledge, service contracts, or support functions.
    • Refresh standards are set at a local level; new tech adoption may be impeded by a reliance on older technologies, local budget shortfalls, or other constraints.
    • Hardware may need to be managed locally if shipping costs and times can’t reasonably be met by a distant central support team.
    Requirements for success:
    • Ensure required processes, technologies, skills, and knowledge are in place to enable centralized support.
    • Keep a central calendar of contract renewals, including reminders to start work on the renewal no less than 90 days prior. Prioritize contracts with high dollar value or high risk.
    • The central asset management solution should be configured to provide data that can enable the central support team.
    		 Requirements for success:
    • Ensure required processes, technologies, skills, and knowledge are in place to enable decentralized support.
    • Decentralized support teams must understand and adhere to ITAM activities that are part of support work (e.g. data entry, data audits).
    • The central asset management solution should be configured to provide data that can enable the central support team, or decentralized asset solutions must be funded, and teams trained on their use.

    2.3 Review ITAM Structure

    1-2 hours

    Input: Understanding of current organizational structure, Understanding of challenges and opportunities related to the current structure

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers, ITAM business partners

    Outline the current model for your organization and identify opportunities to centralize or decentralize ITAM-related activities.

    1. What model best describes how ITAM should be structured in your organization? Modify the slide outlining structure as a group to outline your own organization, as required.
    2. In the table below, outline opportunities to centralize or decentralize data tracking, budget and contract management, and technology management activities.
    Centralize Decentralize
    Data collection & analysis
    • Make better use of central ITAM database.
    • Support local IT departments building runbooks for data tracking during lifecycle activities (create templates, examples)
    Budget and contract management
    • Centralize Microsoft contracts.
    • Create a runbook to onboard new companies to MSFT contracts.
    • Create tools and data views to support local department budget exercises.
    Technology management
    • Ensure all end-user devices are visible to centrally managed InTune, ConfigMgr.
    • Enable direct shipping from vendor to local sites.
    • Establish disposal/pickup at local sites.

    Add your results to your copy of the ITAM Strategy Template

    Step 2.4: Create a RACI

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers
    • ITAM business partners

    Outcomes

    • Review the role of the IT asset manager.
    • Identify who’s responsible, accountable, consulted, and informed for key ITAM activities.

    Empower your asset manager

    The asset manager is the critical ITAM role. Ensure they’re positioned to succeed.

    There’s too much change in the technology and business environment to expect ITAM to be “a problem to solve.” It is a practice that requires care and feeding through regular iteration to achieve success. At the helm of this practice is your asset manager, whose approach and past experience will have a significant impact on how you approach ITAM.

    The asset manager role requires a variety of skills, knowledge, and abilities including:

    • Operations, process, and practice management.
    • An ability to communicate, influence, negotiate, and facilitate.
    • Organizational knowledge and relationship management.
    • Contract and license agreement analysis, attention to detail.
    • Natural curiosity and a willingness to learn.
    • A strong understanding of technologies in use by the organization, and how they fit into the asset management program.
    Where the asset manager sits in the organization will also have an impact on their focus and priorities. When the asset manager reports into a service team, their focus will often reflect their team’s focus: end-user devices and software, customer satisfaction, request fulfillment. Asset teams that report into a leadership or governance function will be more likely to focus on organization-wide assets, governance, budget management, and compliance.

    “Where your asset manager sits, and what past experience they have, is going to influence how they do asset management.” (Jeremy Boerger, Consultant & Author)

    “It can be annoying at times, but a good IT asset manager will poke their nose into activities that do not obviously concern them, such as programme and project approval boards and technical design committees. Their aim is to identify and mitigate ITAM risks BEFORE the technology is deployed as well as to ensure that projects and solutions ‘bake in’ the necessary processes and tools that ensure IT assets can be managed effectively throughout their lifecycle.” (Kylie Fowler, ITAM by Design, 2017)

    IT asset managers must have a range of skills and knowledge

    • ITAM Operations, Process, and Practice Management
      The asset manager is typically responsible for managing and improving the ITAM practice and related processes and tools. The asset manager may administer the ITAM tool, develop reports and dashboards, evaluate and implement new technologies or services to improve ITAM maturity, and more.
    • Organizational Knowledge
      An effective IT asset manager has a good understanding of your organization and its strategy, products, stakeholders, and culture.
    • Technology & Product Awareness
      An IT asset manager must learn about new and changing technologies and products adopted by the organization (e.g. IoT, cloud) and develop recommendations on how to track and manage them via the ITAM practice.
    		 A book surrounded by icons corresponding to the bullet points.
    • People Management
      Asset managers often manage a team directly and have dotted-line reports across IT and the business.
    • Communication
      Important in any role, but particularly critical where learning, listening, negotiation, and persuasion are so critical.
    • Finance & Budgeting
      A foundational knowledge of financial planning and budgeting practices is often helpful, where the asset manager is asked to contribute to these activities.
    • Contract Review & Analysis
      Analyze new and existing contracts to evaluate changes, identify compliance requirements, and optimize spend.

    Assign ITAM responsibilities and accountabilities

    Align authority and accountability.
    • A RACI exercise will help you discuss and document accountability and responsibility for critical ITAM activities.
    • When responsibility and accountability are not currently well documented, it’s often useful to invite a representative of the roles identified to participate in this alignment exercise. The discussion can uncover contrasting views on responsibility and governance, which can help you build a stronger management and governance model.
    • The RACI chart can help you identify who should be involved when making changes to a given activity. Clarify the variety of responsibilities assigned to each key role.
    • In the future, you may need to define roles in more detail as you change your hardware and software asset management procedures.

    R

    		 Responsible: The person who actually gets the job done.

    Different roles may be responsible for different aspects of the activity relevant to their role.

    A

    		 Accountable: The one role accountable for the activity (in terms completion, quality, cost, etc.)

    Must have sufficient authority to be held accountable; responsible roles are often accountable to this role.

    C

    		 Consulted: Must have the opportunity to provide meaningful input at certain points in the activity.

    Typically, subject matter experts or stakeholders. The more people you must consult, the more overhead and time you’ll add to a process.

    I

    		 Informed: Receives information regarding the task, but has no requirement to provide feedback.

    Information might relate to process execution, changes, or quality.

    2.4 Conduct a RACI Exercise

    1-2 hours

    Input: An understanding of key roles and activities in ITAM practices, An understanding of your organization, High-level structure of your ITAM program

    Output: A RACI diagram for IT asset management

    Materials: The table in the next slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers, ITAM business partners

    Let’s face it – RACI exercises can be dry. We’ve found that the approach below is more collaborative, engaging, and effective compared to filling out the table as a large group.

    1. Create a shared working copy of the RACI charts on the following slides (e.g. write it out on a whiteboard or provide a link to this document and work directly in it).
    2. Review the list of template roles and activities as a group. Add, change, or remove roles and activities from the table as needed.
    3. Divide into small groups. Assign each group a set of roles, and have them define whether that role is accountable, responsible, consulted, or informed for each activity in the chart. Refer to the previous slide for context on RACI. Give everyone 15 minutes to update their section of the chart.
    4. Come back together as a large group to review the chart. First, check for accountability – there should generally be just one role accountable for each activity. Then, have each small group walk through their section, and encourage participants to ask questions. Is there at least one role responsible for each task, and what are they responsible for? Does everyone listed as consulted or informed really need to be? Make any necessary adjustments.

    Add your results to your copy of the ITAM Strategy Template

    Define ITAM governance activities

    RACI Chart for ITAM governance activities. In the first column is a list of governance activities, and the row headers are positions within a company. Fields are marked with an R, A, C, or I.

    Document asset management responsibilities and accountabilities

    RACI Chart for ITAM asset management responsibilities and accountabilities. In the first column is a list of responsibilities and accountabilities, and the row headers are positions within a company. Fields are marked with an R, A, C, or I.

    Step 2.5: Align ITAM with other Service Management Practices

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers

    Outcomes

    • Establish shared and separate responsibilities for asset and configuration management.
    • Identify how ITAM can support other practices, and how other practices can support ITAM.

    Asset vs. Configuration

    Asset and configuration management look at the same world through different lenses.
    • IT asset management tends to focus on each IT asset in its own right: assignment or ownership, its lifecycle, and related financial obligations and entitlements.
    • Configuration management is focused on configuration items (CIs) that must be managed to deliver a service and the relationships and integrations to other CIs.
    • ITAM and configuration management teams and practices should work closely together. Though asset and configuration management focus on different outcomes, they tend use overlapping tools and data sets. Each practice, when working effectively, can strengthen the other.
    • Many objects will exist in both the CMDB and AMDB, and the data on those shared objects will need to be kept in sync.
    Asset and Configuration Management: An Example

    Configuration Management Database (CMDB)

    A database of uniquely identified configuration items (CIs). Each CI record may include information on:
    Service Attributes

    Supported Service(s)
    Service Description, Criticality, SLAs
    Service Owners
    Data Criticality/Sensitivity

    CI Relationships

    Physical Connections
    Logical Connections
    Dependencies

    		Arrow connector.

    Discovery, Normalization, Dependency Mapping, Business Rules*

    Manual Data Entry
    Arrow connector.
    This shared information could be attached to asset records, CI records, or both, and it should be synchronized between the two databases where it’s tracked in both.
    Hardware Information

    Serial, Model and Specs
    Network Address
    Physical Location

    Software Installations

    Hypervisor & OS
    Middleware & Software
    Software Configurations

    		Arrow connector.

    Asset Management Database (AMDB)

    A database of uniquely identified IT assets. Each asset record may include information on:
    Procurement/Purchasing

    Purchase Request/Purchase Order
    Invoice and Cost
    Cost Center
    Vendor
    Contracts and MSAs
    Support/Maintenance/Warranties

    Asset Attributes

    Model, Title, Product Info, License Key
    Assigned User
    Lifecycle Status
    Last ITAM Audit Date
    Certificate of Disposal

    Arrows connecting multiple fields.

    IT Security Systems

    Vulnerability Management
    Threat Management
    SIEM
    Endpoint Protection

    IT Service Management (ITSM) System

    Change Tickets
    Request Tickets
    Incident Tickets
    Problem Tickets
    Project Tickets
    Knowledgebase

    Financial System/ERP

    General Ledger
    Accounts Payable
    Accounts Receivable
    Enterprise Assets
    Enterprise Contract Database

    (*Discovery, dependency mapping, and data normalization are often features or modules of configuration management, asset management, or IT service management tools.)

    2.5 Integrate ITAM and configuration practices

    45 minutes

    Input: Knowledge of the organization’s configuration management processes

    Output: Define how ITAM and configuration management will support one another

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers, Configuration manager

    Work through the table below to identify how you will collaborate and synchronize data across ITAM and configuration management practices and tools.

    What are the goals (if any currently exist) for the configuration management practice? Connect configuration items to services to support service management.
    How will configuration and asset management teams collaborate? Weekly status updates. As-needed working sessions.
    Shared visibility on each others’ Kanban tracker.
    Create tickets to raise and track issues that require collaboration or attention from the other team.
    How can config leverage ITAM? Connect CIs to financial, contractual, and ownership data.
    How can ITAM leverage config? Connect assets to services, changes, incidents.
    What key fields will be primarily tracked/managed by ITAM? Serial number, unique ID, user, location, PO number, …
    What key fields will be primarily tracked/managed by configuration management? Supported service(s), dependencies, service description, service criticality, network address…

    Add your results to your copy of the ITAM Strategy Template

    ITAM supports service management

    Decoupling asset management from other service management practices can result in lost value. Establish how asset management can support other service management practices – and how those practices can support ITAM.

    Incident Management

    What broke?
    Was it under warranty?
    Is there a service contract?
    Was it licensed?
    Who was it assigned to?
    Is it end-of-life?

    ITAM
    Practice

    		 Request Management

    What can this user request or purchase?
    What are standard hardware and software offerings?
    What does the requester already have?
    Are there items in inventory to fulfil the request?
    Did we save money by reissuing equipment?
    Is this a standard request?
    What assets are being requested regularly?

    What IT assets are related to the known issue?
    What models and vendors are related to the issue?
    Are the assets covered by a service contract?
    Are other tickets related to this asset?
    What end-of-life assets have been tied to incidents recently?

    Problem Management

    What assets are related to the change?
    Is the software properly licensed?
    Has old equipment been properly retired and disposed?
    Have software licenses been returned to the pool?
    Is the vendor support on the change part of a service contract?

    Change Enablement

    2.5. Connect with other IT service practices

    45 minutes

    Input: Knowledge of existing organizational IT service management processes

    Output: Define how ITAM will help other service management processes, and how other service management processes will help ITAM

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers, Service leads

    Complete the table below to establish what ITAM can provide to other service management practices, and what other practices can provide to ITAM.

    Practice ITAM will help Will help ITAM
    Incident Management Provide context on assets involved in an incident (e.g. ownership, service contracts). Track when assets are involved in incidents (via incident tickets).
    Request Management Oversee request & procurement processes. Help develop asset standards. Enter new assets in ITAM database.
    Problem Management Collect information on assets related to known issues. Report back on models/titles that are generating known issues.
    Change Enablement Provide context on assets for change review. Ensure EOL assets are retired and licenses are returned during changes.
    Capacity Management Identify ownership, location for assets at capacity. Identify upcoming refreshes or purchases.
    Availability Management Connect uptime and reliability to assets. Identify assets that are causing availability issues.
    Monitoring and Event Management Provide context to events with asset data. Notify asset of unrecognized software and hardware.
    Financial Management Establish current and predict future spending. Identify upcoming purchases, renewals.

    Add your results to your copy of the ITAM Strategy Template

    Step 2.6: Evaluate ITAM tools and integrations

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers

    Outcomes

    • Create a list of the ITAM tools currently in use, how they’re used, and their current limitations.
    • Identify new tools that could provide value to the ITAM practice, and what needs to be done to acquire and implement them.

    “Everything is connected. Nothing is also connected.” (Dirk Gently’s Holistic Detective Agency)

    Establish current strengths and gaps in your ITAM toolset

    ITAM data quality relies on tools and integrations that are managed by individuals or teams who don’t report directly to the ITAM function.

    Without direct line of sight into tools management, the ITAM team must influence rather than direct improvement initiatives that are in some cases critical to the performance of the ITAM function. To more effectively influence improvement efforts, you must explicitly identify what you need, why you need it, from which tools, and from which stakeholders.

    Data Sources
    Procurement Tools
    Discovery Tools
    Active Directory
    Purchase Documents
    Spreadsheets     		Input To Asset System(s) of Record
    ITAM Database
    ITSM Tool
    CMDB     		Output To Asset Data Consumption
    ITFM Tools
    Security Tools
    TEM Tools
    Accounting Tools
    Spreadsheets
    		“Active Directory plays a huge role in audit defense and self-assessment, but no-one really goes out there and looks at Active Directory.

    I was talking to one organization that has 1,600,000 AD records for 100,000 employees.” (Mike Austin, Founder, MetrixData 360)

    2.6 Evaluate ITAM existing technologies

    30 minutes

    Input: Knowledge of existing ITAM tools

    Output: A list of prioritized organizational goals, An initial assessment of how ITAM can support these goals

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers

    Identify the use, limitations, and next steps for existing ITAM tools, including those not directly managed by the ITAM team.

    1. What tools do we have today?
    2. What are they used for? What are their limitations?
    3. Who manages them?
    4. What actions could we take to maximize the value of the tools?
    Existing Tool Use Constraints Owner Proposed Action?
    ITAM Module
    • Track HW/SW
    • Connect assets to incident, request
    • Currently used for end-user devices only
    • Not all divisions have access
    • SAM capabilities are limited
    		 ITAM Team/Service Management
    • Add license for additional read/write access
    • Start tracking infra in this tool
    Active Directory
    • Store user IDs, organizational data
    		 Major data quality issues IT Operations
    • Work with AD team to identify issues creating data issues

    Add your results to your copy of the ITAM Strategy Template

    2.6 Identify potential new tools

    30 minutes

    Input: Knowledge of tooling gaps, An understanding of available tools that could remediate gaps

    Output: New tools that can improve ITAM capabilities, including expected value and proposed next steps

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers

    Identify tools that are required to support the identified goals of the ITAM practice.

    1. What types of tools do we need that we don’t have?
    2. What could these tools help us do?
    3. What needs to be done next to investigate or acquire the appropriate tool?
    New Tool Expected Value Proposed Next Steps
    SAM tool
    • Automatically calculate licensing entitlements from contract data.
    • Automatically calculate licensing requirements from discovery data.
    • Support gap analyses.
    • Further develop software requirements.
    • Identify vendors in the space and create a shortlist.

    Add your results to your copy of the ITAM Strategy Template

    Step 2.7: Create a plan for internal and external audits

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers
    • ITAM business partners

    Outcomes

    • Establish your approach to internal data audits.
    • Create a high-level response plan for external audits.

    Validate ITAM data via internal audits

    Data audits provide assurance that the records in the ITAM database are as accurate as possible. Consider these three approaches:

    Compare Tool Records

    Audit your data by comparing records in the ITAM system to other discovery sources.

    • Ideally, use three separate data sources (e.g. ITAM database, discovery tool, security tool). Use a common field, such as the host name, to compare across fields. (To learn more about discovery tool analysis, see Jeremy Boerger’s book, Rethinking IT Asset Management.)
    • Run reports to compare records and identify discrepancies. This could include assets missing from one system or metadata differences such as different users or installed software.
    • Over time, discrepancies between tools should be well understood and accepted; otherwise, they should be addressed and remediated.
    		 IT-led Audit

    Conduct a hands-on investigation led by ITAM staff and IT technicians.

    • In-person audits require significant effort and resources. Each audit should be scoped and planned ahead of time to focus on known problem areas.
    • Provide the audit team with exact instructions on what needs to be verified and recorded. Depending on the experience and attention to detail of the audit team, you may need to conduct spot checks to ensure you’re catching any issues in the audit process itself.
    • Automation should be used wherever possible (e.g. through barcodes, scanners, and tables for quick access to ITAM records).
    		 User-led audit

    Have users validate the IT assets assigned to them.

    • Even more than IT-led audits: don’t use this approach too frequently; keep the scope as narrow as possible and the process as simple as possible.
    • Ensure users have all the information and tools they’ll need readily available to complete this task, or the result will be ineffective and will only frustrate your users.
    • Consider a process integrated with your ITSM tool: once a year, when a user logs in to the portal, they will be asked to enter the asset code for their laptop (and provided with instructions on where to find that code). Investigate discrepancies between assignments and ITAM records.

    2.7 Set an approach to internal data audits

    30 minutes

    Input: An understanding of current data audit capabilities and needs

    Output: An outline of how you’ll approach data audits, including frequency, scope, required resources

    Materials: Your copy of the ITAM Strategy Template

    Participants: ITAM team

    Review the three internal data audit approaches outlined on the previous slide, and identify which of the three approaches you’ll use. For each approach, complete the fields in the table below.

    Audit Approach How often? What scope? Who’s involved? Comments
    Compare tool records Monthly Compare ITAM DB, Intune/ConfigMgr, and Vulnerability Scanner Data; focus on end-user devices to start Asset manager will lead at first.
    Work with tool admins to pull data and generate reports.
    IT-led audit Annual End-user devices at a subset of locations Asset manager will work with ITSM admins to generate reports. In-person audit to be conducted by local techs.
    User-led audit Annual Assigned personal devices (start with a pilot group) Asset coordinator to develop procedure with ITSM admin. Run pilot with power users first.

    Add your results to your copy of the ITAM Strategy Template

    Prepare for and respond to external audits and true-ups

    Are you ready when software vendors come knocking?

    • Vendor audits are expensive.
    • If you’re out of compliance, you will at minimum be required to pay the missing license fees. At their discretion, vendors may choose to add punitive fees and require you to cover the hourly cost of their audit teams. If you choose not to pay, the vendor could secure an injunction to cut off your service, which in many cases will be far more costly than the fines. And this is aside from the intangible costs of the disruption to your business and damaged relationships between IT, ITAM, your business, and other partners.
    • Having a plan to respond to an audit is critical to reducing audit risk. Preparation will help you coordinate your audit response, ensure the audit happens on the most favorable possible terms, and even prevent some audits from happening in the first place.
    • The best defense, as they say, is a good offense. Good ITAM and SAM processes will allow you to track acquisition, allocation, and disposal of software licenses; understand your licensing position; and ensure you remain compliant whenever possible. The vendor has no reason to audit you when there’s nothing to find.
    • Know when and where your audit risk is greatest, so you can focus your resources where they can deliver the most value.
    		“If software audits are a big part of your asset operations, you have problems. You can reduce the time spent on audits and eliminate some audits by having a proactive ITAM practice.” (Sandi Conrad, Principal Research Director)

    Info-Tech Insight

    Audit defense starts long before you get audited. For an in-depth review of your audit approach, see Info-Tech’s Prepare and Defend Against a Software Audit.

    Identify areas of higher audit risk

    Watch for these warning signs
    • Your organization is visibly fighting fires. Signs of disorder may signal to vendors that there are opportunities to exploit via an audit. Past audit failures make future audits more likely.
    • You are looking for ways to decrease spend. Vendors may counter attempts to true-down licensing by launching an audit to try to find unlicensed software that provides them leverage to negotiate maintained or even increased spending.
    • Your license/contract terms with the vendor are particularly complex or highly customized. Very complex terms may make it harder to validate your own compliance, which may present opportunities to the vendor in an audit.
    • The vendor has earned a reputation for being particularly aggressive with audits. Some vendors include audits as a standard component of their business model to drive revenue. This may include acquiring smaller vendors or software titles that may not have been audit-driven in the past, and running audits on their new customer base.

    “The reality is, software vendors prey on confusion and complication. Where there’s confusion, there’s opportunity.” (Mike Austin, Founder, MetrixData 360)

    Develop an audit response plan

    You will be on the clock once the vendor sends you an audit request. Have a plan ready to go.
    • Don’t panic: Resist knee-jerk reactions. Follow the plan.
    • Form an audit response team and centralize your response: This team should be led by a member of the ITAM group, and it should include IT leadership, software SMEs, representatives from affected business areas, vendor management, contract management, and legal. You may also need to bring on a contractor with deep expertise with the vendor in question to supplement your internal capabilities. Establish clearly who will be the point of contact with the vendor during the audit.
    • Clarify the scope of the audit: Clearly establish what the audit will cover – what products, subsidiaries, contracts, time periods, geographic regions, etc. Manage the auditors to prevent scope creep.
    • Establish who covers audit costs: Vendors may demand the auditee cover the hourly cost of their audit team if you’re significantly out of compliance. Consider asking the vendor to pay for your team’s time if you’re found to be compliant.
    • Know your contract: Vendors’ contracts change over time, and it’s no guarantee that even your vendor’s licensing experts will be aware of the rights you have in your contract. You must know your entitlements to negotiate effectively.
    1. Bring the audit request received to the attention of ITAM and IT leadership. Assemble the response team.
    2. Acknowledge receipt of audit notice.
    3. Negotiate timing and scope of the audit.
    4. Direct staff not to remove or acquire licenses for software under audit without directly involving the ITAM team first.
    5. Gather installation data and documentation to establish current entitlements, including original contract, current contract, addendums, receipts, invoices.
    6. Compare entitlements to installed software.
    7. Investigate any anomalies (e.g. unexpected or non-compliant software).
    8. Review results with the audit response team.

    2.7 Clarify your vendor audit response plan

    1 hour

    Input: Organizational knowledge on your current audit response procedures

    Output: Audit response team membership, High-level audit checklist, A list of things to start, stop, and continue doing as part of the audit response

    Materials: Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers, ITAM business partners

    1. Who’s on the audit response team, and what’s their role? Who will lead the team? Who will be the point of contact with the auditor?
    2. What are the high-level steps in our audit response workflow? Use the example checklist below as a starting point.
    3. What do we need to start, stop, and continue doing in response to audit requests?

    Example Audit Checklist

    • Bring the audit request received to the attention of ITAM and IT leadership. Assemble the response team.
    • Acknowledge receipt of audit notice.
    • Negotiate timing and scope of the audit.
    • Direct staff not to remove or acquire licenses for software under audit without directly involving the ITAM team first.
    • Gather installation data and documentation to establish current entitlements, including original contract, current contract, addendums, receipts, invoices.
    • Compare entitlements to installed software.
    • Investigate any anomalies (e.g. unexpected or non-compliant software).
    • Review results with the audit response team.

    Add your results to your copy of the ITAM Strategy Template

    Step 2.8: Improve budget processes

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers
    • ITAM business partners

    Outcomes

    • Identify what you need to start, stop, and continue to do to support budgeting processes.

    Improve budgeting and forecasting

    Insert ITAM into budgeting processes to deliver significant value.

    Some examples of what ITAM can bring to the budgeting table:
    • Trustworthy data on deployed assets and spending obligations tied to those assets.
    • Projections of hardware due for replacement in terms of quantity and spend.
    • Knowledge of IT hardware and software contract terms and pricing.
    • Lists of unused or underused hardware and software that could be redeployed to avoid spend.
    • Comparisons of spend year-over-year.

    Being part of the budgeting process positions ITAM for success in other ways:

    • Helps demonstrate the strategic value of the ITAM practice.
    • Provides insight into business and IT strategic projects and priorities for the year.
    • Strengthens relationships with key stakeholders, and positions the ITAM team as trusted partners.

    “Knowing what you have [IT assets] is foundational to budgeting, managing, and optimizing IT spend.” (Dave Kish, Info-Tech, Practice Lead, IT Financial Management)

    Stock image of a calculator.

    2.8 Build better budgets

    20 minutes

    Input: Context on IT budgeting processes

    Output: A list of things to start, stop, and continue doing as part of budgeting exercises

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers, ITAM business partners

    What should we start, stop, and continue doing to support organizational budgeting exercises?

    Start Stop Continue
    • Creating buckets of spend and allocating assets to those buckets.
    • Zero-based review on IaaS instances quarterly.
    • Develop dashboards plugged into asset data for department heads to view allocated assets and spend.
    • Create value reports to demonstrate hard savings as well as cost avoidance.
    • Waiting for business leaders to come to us for help (start reaching out with reports proactively, three months before budget cycle).
    • % increases on IT budgets without further review.
    • Monthly variance budget analysis.
    • What-if analysis for asset spend based on expected headcount increases.

    Add your results to your copy of the ITAM Strategy Template

    Step 2.9: Establish a documentation framework

    Participants

    • Project sponsor and lead facilitator
    • ITAM team

    Outcomes

    • Identify key documentation and gaps in your documentation.
    • Establish where documentation should be stored, who should own it, who should have access, and what should trigger a review.

    Create ITAM documentation

    ITAM documentation will typically support governance or operations.

    Long-term planning and governance
    • ITAM policy and/or related policies (procurement policy, security awareness policy, acceptable use policy, etc.)
    • ITAM strategy document
    • ITAM roadmap or burndown list
    • Job descriptions
    • Functional requirements documents for ITAM tools

    Operational documentation

    • ITAM SOPs (hardware, software) and workflows
    • Detailed work instructions/knowledgebase articles
    • ITAM data/records
    • Contracts, purchase orders, invoices, MSAs, SOWs, etc.
    • Effective Licensing Position (ELP) reports
    • Training and communication materials
    • Tool and integration documentation
    • Asset management governance, operations, and tools typically generate a lot of documentation.
    • Don’t create documentation for the sake of documentation. Prioritize building and maintaining documentation that addresses major risks or presents opportunities to improve the consistency and reliability of key processes.
    • Maximize the value of ITAM documentation by ensuring it is as current, accessible, and usable as it needs to be.
    • Clearly identify where documentation is stored and who should have access to it.
    • Identify who is accountable for the creation and maintenance of key documentation, and establish triggers for reviews, updates, and changes.

    Consider ITAM policies

    Create policies that can and will be monitored and enforced.
    • Certain requirements of the ITAM practice may need to be backed up by corporate policies: formal statements of organizational expectations that must be recognized by staff, and which will lead to sanctions/penalties if breached.
    • Some organizations will choose to create one or more ITAM-specific policies. Others will include ITAM-related statements in other existing policies, such as acceptable use policies, security training and awareness policies, procurement policies, configuration policies, e-waste policies, and more.
    • Ensure that you are prepared to monitor compliance with policies and evenly enforce breaches of policy. Failing to consistently enforce your policies exposes you and your organization to claims of negligence or discriminatory conduct.
    • For a template for ITAM-specific policies, see Info-Tech’s policy templates for Hardware Asset Management and Software Asset Management.

    2.9 Establish documentation gaps

    15-30 minutes

    Input: An understanding of existing documentation gaps and risks

    Output: Documentation gaps, Identified owners, repositories, access rights, and review/update protocols

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, Optional: IT managers, ITAM business partners

    Discuss and record the following:

    • What planning/governance, operational, and tooling documentation do we still need to create? Who is accountable for the creation and maintenance of these documents?
    • Where will the documentation be stored? Who can access these documents?
    • What will trigger reviews or changes to the documents?
    Need to Create Owner Stored in Accessible by Trigger for review
    Hardware asset management SOP ITAM manager ITAM SharePoint site › Operating procedures folder
    • All IT staff
    • Annual review
    • As-needed for major tooling changes that require a documentation update

    Add your results to your copy of the ITAM Strategy Template

    Step 2.10: Create a roadmap and communication plan

    Participants

    • Project sponsor and lead facilitator
    • ITAM team
    • IT leaders and managers

    Outcomes

    • A timeline of key ITAM initiatives.
    • Improvement ideas aligned to key initiatives.
    • A communication plan tailored to key stakeholders.
    • Your ITAM Strategy document.

    “Understand that this is a journey. This is not a 90-day project. And in some organizations, these journeys could be three or five years long.” (Mike Austin, MetrixData 360)

    2.10 Identify key ITAM initiatives

    30-45 minutes

    Input: Organizational strategy documents

    Output: A roadmap that outlines next steps

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers, Project sponsor

    1. Identify key initiatives that are critical to improving practice maturity and meeting business goals.
    2. There should only be a handful of really key initiatives. This is the work that will have the greatest impact on your ability to deliver value. Too many initiatives muddy the narrative and can distract from what really matters.
    3. Plot the target start and end dates for each initiative in the business and IT transformation timeline you created in Phase 1.
    4. Review the chart and consider – what new capabilities should the ITAM practice have once the identified initiatives are complete? What transformational initiatives will you be better positioned to support?

    Add your results to your copy of the ITAM Strategy Template

    Transformation Timeline

    Example transformation timeline with row headers 'Business Inititiaves', 'IT Initiatives', and 'ITAM Initiatives'. Each initiative is laid out along the timeline appropriately.

    2.10 Align improvement ideas to initiatives

    45 minutes

    Input: Key initiatives, Ideas for ITAM improvement collected over the course of previous exercises

    Output: Concrete action items to support each initiative

    Materials: The table in the next slide, Your copy of the ITAM Strategy Template

    Participants: ITAM team, IT leaders and managers, Project sponsor

    As you’ve been working through the previous exercises, you have been tracking ideas for improvement – now we’ll align them to your roadmap.

    1. Review the list of ideas for improvement you’ve produced over the working sessions. Consolidate the list – are there any ideas that overlap or complement each other? Record any new ideas. Frame each idea as an action item – something you can actually do.
    2. Connect the action items to initiatives. It may be that not every action item becomes part of a key initiative. (Don’t lose ideas that aren’t part of key initiatives – track them in a separate burndown list or backlog.)
    3. Identify a target completion date and owner for each action item that’s part of an initiative.

    Add your results to your copy of the ITAM Strategy Template

    Example ITAM initiatives

    Initiative 1: Develop hardware/software standards
    Task Target Completion Owner
    Laptop standards Q1-2023 ITAM manager
    Identify/eliminate contracts for unused software using scan tool Q2-2023 ITAM manager
    Review O365 license levels and standard service Q3-2023 ITAM manager

    Initiative 2: Improve ITAM data quality
    Task Target Completion Owner
    Implement scan agent on all field laptops Q3-2023 Desktop engineer
    Conduct in person audit on identified data discrepancies Q1-2024 ITAM team
    Develop and run user-led audit Q1-2024 Asset manager

    Initiative 3: Acquire & implement a new ITAM tool
    Task Target Completion Owner
    Select an ITAM tool Q3-2023 ITAM manager
    Implement ITAM tool, incl. existing data migration Q1-2024 ITAM manager
    Training on new tool Q1-2024 ITAM manager
    Build KPIs, executive dashboards in new tool Q2-2024 Data analyst
    Develop user-led audit functionality in new tool Q3-2024 ITAM coordinator

    2.10 Create a communication plan

    45 minutes

    Input: Proposed ITAM initiatives, Stakeholder priorities and goals, and an understanding of how ITAM can help them meet those goals

    Output: A high-level communication plan to communicate the benefits and impact of proposed changes to the ITAM program

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: IT asset manager, Project sponsor

    Develop clear, consistent, and targeted messages to key ITAM stakeholders.

    1. Modify the list of stakeholders in the first column.
    2. What benefits should those stakeholders realize from ITAM? What impact may the proposed improvements have on them? Refer back to exercises from Phase 1, where you identified key stakeholders, their priorities, and how ITAM could help them.
    3. Identify communication channels (in-person, email, all-hands meeting, etc.) and timing – when you’ll distribute the message. You may choose to use more than one channel, and you may need to convey the message more than once.
    Group ITAM Benefits Impact Channel(s) Timing
    CFO
    • More accurate IT spend predictions
    • Better equipment utilization and value for money
    • Sponsor integration project between ITAM DB and financial system
    • Support procurement procedures review
    		 Face-to-face – based on their availability Within the next month
    CIO
    • Better oversight into IT spend
    • Data to help demonstrate IT value
    • Resources required to support tool and ITAM process improvements
    		 Standing bi-monthly 1:1 meetings Review strategy at next meeting
    IT Managers
    Field Techs

    Add your results to your copy of the ITAM Strategy Template

    2.10 Put the final touches on your ITAM Strategy

    30 minutes

    Input: Proposed ITAM initiatives, Stakeholder priorities and goals, and an understanding of how ITAM can help them meet those goals

    Output: A high-level communication plan to communicate the benefits and impact of proposed changes to the ITAM program

    Materials: The table in this slide, Your copy of the ITAM Strategy Template

    Participants: IT asset manager, Project sponsor

    You’re almost done! Do a final check of your work before you send a copy to your participants.

    1. Summarize in three points the key findings from the activities you’ve worked through. What have you learned? What are your priorities? What key message do you need to get across? Add these to the appropriate slide near the start of the ITAM Strategy Template.
    2. What are your immediate next steps? Summarize no more than five and add them to the appropriate slide near the start of the ITAM Strategy Template.
      1. Are you asking for something? Approval for ITAM initiatives? Funding? Resources? Clearly identify the ask as part of your next steps.
    3. Are the KPIs identified in Phase 1 still valid? Will they help you monitor for success in the initiatives you’ve identified in Phase 2? Make any adjustments you think are required to the KPIs to reflect the additional completed work.

    Add your results to your copy of the ITAM Strategy Template

    Research Contributors and Experts

    Kylie Fowler
    Principal Consultant
    ITAM Intelligence

    Kylie is an experienced ITAM/FinOps consultant with a track record of creating superior IT asset management frameworks that enable large companies to optimize IT costs while maintaining governance and control.

    She has operated as an independent consultant since 2009, enabling organizations including Sainsbury's and DirectLine Insurance to leverage the benefits of IT asset management and FinOps to achieve critical business objectives. Recent key projects include defining an end-to-end SAM strategy, target operating model, policies and processes which when implemented provided a 300% ROI.

    She is passionate about supporting businesses of all sizes to drive continuous improvement, reduce risk, and achieve return on investment through the development of creative asset management and FinOps solutions.

    		Rory Canavan
    Owner and Principal Consultant
    SAM Charter

    Rory is the founder, owner, and principal consultant of SAM Charter, an internationally recognized consultancy in enterprise-wide Software & IT Asset Management. As an industry leader, SAM Charter is uniquely poised to ensure your IT & SAM systems are aligned to your business requirements.

    With a technical background in business and systems analysis, Rory has a wide range of first-hand experience advising numerous companies and organizations on the best practices and principles pertaining to software asset management. This experience has been gained in both military and civil organizations, including the Royal Navy, Compaq, HP, the Federation Against Software Theft (FAST), and several software vendors.

    Research Contributors and Experts

    Jeremy Boerger
    Founder, Boerger Consulting
    Author of Rethinking IT Asset Management

    Jeremy started his career in ITAM fighting the Y2K bug at the turn of the 21st century. Since then, he has helped companies in manufacturing, healthcare, banking, and service industries build and rehabilitate hardware and software asset management practices.

    These experiences prompted him to create the Pragmatic ITAM method, which directly addresses and permanently resolves the fundamental flaws in current ITAM and SAM implementations.

    In 2016, he founded Boerger Consulting, LLC to help business leaders and decision makers fully realize the promises a properly functioning ITAM can deliver. In his off time, you will find him in Cincinnati, Ohio, with his wife and family.

    		Mike Austin
    Founder and CEO
    MetrixData 360

    Mike Austin leads the delivery team at MetrixData 360. Mike brings more than 15 years of Microsoft licensing experience to his clients’ projects. He assists companies, from Fortune 500 to organizations with as few as 500 employees, with negotiations of Microsoft Enterprise Agreements (EA), Premier Support Contracts, and Select Agreements. In addition to helping negotiate contracts, he helps clients build and implement software asset management processes.

    Previously, Mike was employed by Microsoft for more than 8 years as a member of the global sales team. With Microsoft, Mike successfully negotiated more than a billion dollars in new and renewal EAs. Mike has also negotiated legal terms and conditions for all software agreements, developed Microsoft’s best practices for global account management, and was awarded Microsoft’s Gold Star Award in 2003 and Circle of Excellence in 2008 for his contributions.

    Bibliography

    “Asset Management.” SFIA v8. Accessed 17 March 2022.

    Boerger, Jeremy. Rethinking IT Asset Management. Business Expert Press, 2021.

    Canavan, Rory. “C-Suite Cheat Sheet.” SAM Charter, 2021. Accessed 17 March 2022.

    Fisher, Matt. “Metrics to Measure SAM Success.” Snow Software, 26 May 2015. Accessed 17 March 2022.

    Flexera (2021). “State of ITAM Report.” Flexera, 2021. Accessed 17 March 2022.

    Fowler, Kylie. “ITAM by design.” BCS, The Chartered Institute for IT, 2017. Accessed 17 March 2022.

    Fowler, Kylie. “Ch-ch-ch-changes… Is It Time for an ITAM Transformation?” ITAM Intelligence, 2021. Web. Accessed 17 March 2022.

    Fowler, Kylie. “Do you really need an ITAM policy?” ITAM Accelerate, 15 Oct. 2021. Accessed 17 March 2022.

    Hayes, Chris. “How to establish a successful, long-term ITAM program.” Anglepoint, Sept. 2021. Accessed 17 March 2022.

    ISO/IEC 19770-1-2017. IT Asset Management Systems – Requirements. Third edition. ISO, Dec 2017.

    Joret, Stephane. “IT Asset Management: ITIL® 4 Practice Guide”. Axelos, 2020.

    Jouravlev, Roman. “IT Service Financial Management: ITIL® 4 Practice Guide”. Axelos, 2020.

    Pagnozzi, Maurice, Edwin Davis, Sam Raco. “ITAM Vs. ITSM: Why They Should Be Separate.” KPMG, 2020. Accessed 17 March 2022.

    Rumelt, Richard. Good Strategy, Bad Strategy. Profile Books, 2013.

    Stone, Michael et al. “NIST SP 1800-5 IT Asset Management.” Sept, 2018. Accessed 17 March 2022.

    Drive Digital Transformation With Platform Strategies

    • Buy Link or Shortcode: {j2store}78|cart{/j2store}
    • member rating overall impact: 8.5/10 Overall Impact
    • member rating average dollars saved: $3,750 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • Enterprise is grappling with the challenges of existing business models and strategies not leading to desired outcomes.
    • Enterprise is struggling to remain competitive.
    • Enterprise wants to understand how to leverage platform strategies and a digital platform.

    Our Advice

    Critical Insight

    To remain competitive enterprises must renew and refresh their business model strategies and design/develop digital platforms – this requires enterprises to:

    • Understand how digital-native enterprises are using platform business models and associated strategies.
    • Understand their core assets and strengths and how these can be leveraged for transformation.
    • Understand the core characteristics and components of a digital platform so that they can design digital platform(s) for their enterprise.
    • Ask if the client’s digital transformation (DX) strategy is aligned with a digital platform enablement strategy.
    • Ask if the enterprise has paid attention to the structure, culture, principles, and practices of platform teams.

    Impact and Result

    Organizations that implement this project will gain benefits in five ways:

    • Awareness and understanding of various platform strategies.
    • Application of specific platform strategies within the context of the enterprise.
    • Awareness of their existing business mode, core assets, value proposition, and strengths.
    • Alignment between DX themes and platform enablement themes so enterprises can develop roadmaps that gauge successful DX.
    • Design of a digital platform, including characteristics, components, and team characteristics, culture, principles, and practices.

    Drive Digital Transformation With Platform Strategies Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should consider the platform business model and a digital platform to remain competitive.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set goals for your platform business model

    Understand the platform business model and strategies and then set your platform business model goals.

    • Drive Digital Transformation With Platform Strategies – Phase 1: Set Goals for Your Platform Business Model
    • Business Platform Playbook

    2. Configure digital platform

    Define design goals for your digital platform. Align your DX strategy with digital platform capabilities and understand key components of the digital platform.

    • Drive Digital Transformation With Platform Strategies – Phase 2: Configure Your Digital Platform
    • Digital Platform Playbook
    [infographic]

    Workshop: Drive Digital Transformation With Platform Strategies

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Platform Business Model and Strategies

    The Purpose

    Understand existing business model, value proposition, and key assets.

    Understand platform business model and strategies.

    Key Benefits Achieved

    Understanding the current assets helps with knowing what can be leveraged in the new business model/transformation.

    Understanding the platform strategies can help the enterprise renew/refresh their business model.

    Activities

    1.1 Document the current business model along with value proposition and key assets (that provide competitive advantage).

    1.2 Transformation narrative.

    1.3 Platform model canvas.

    1.4 Document the platform strategies in the context of the enterprise.

    Outputs

    Documentation of current business model along with value proposition and key assets (that provide competitive advantage).

    Documentation of the selected platform strategies.

    2 Planning for Platform Business Model

    The Purpose

    Understand transformation approaches.

    Understand various layers of platforms.

    Ask fundamental and evolutionary questions about the platform.

    Key Benefits Achieved

    Understanding of the transformational model so that the enterprise can realize the differences.

    Understanding of the organization’s strengths and weaknesses for a DX.

    Extraction of strategic themes to plan and develop a digital platform roadmap.

    Activities

    2.1 Discuss and document decision about DX approach and next steps.

    2.2 Discuss and document high-level strategic themes for platform business model and associated roadmap.

    Outputs

    Documented decision about DX approach and next steps.

    Documented high-level strategic themes for platform business model and associated roadmap.

    3 Digital Platform Strategy

    The Purpose

    Understand the design goals for the digital platform.

    Understand gaps between the platform’s capabilities and the DX strategy.

    Key Benefits Achieved

    Design goals set for the digital platform that are visible to all stakeholders.

    Gap analysis performed between enterprise’s digital strategy and platform capabilities; this helps understand the current situation and thus informs strategies and roadmaps.

    Activities

    3.1 Discuss and document design goals for digital platform.

    3.2 Discuss DX themes and platform capabilities – document the gaps.

    3.3 Discuss gaps and strategies along with timelines.

    Outputs

    Documented design goals for digital platform.

    Documented DX themes and platform capabilities.

    DX themes and platform capabilities map.

    4 Digital Platform Design: Key Components

    The Purpose

    Understanding of key components of a digital platform, including technology and teams.

    Key Benefits Achieved

    Understanding of the key components of a digital platform and designing the platform.

    Understanding of the team structure, culture, and practices needed for successful platform engineering teams.

    Activities

    4.1 Confirmation and discussion on existing UX/UI and API strategies.

    4.2 Understanding of microservices architecture and filling of microservices canvas.

    4.3 Real-time stream processing data pipeline and tool map.

    4.4 High-level architectural view.

    4.5 Discussion on platform engineering teams, including culture, structure, principles, and practices.

    Outputs

    Filled microservices canvas.

    Documented real-time stream processing data pipeline and tool map.

    Documented high-level architectural view.

    Voka 2025 Resilience Scores

     

    Test uw digitale slagkracht!

    Jammer! U bent te laat.

    De VOKA Bedrijven Contact Dagen 2025 zijn voorbij en onze winnaars zijn bekend!

    Liguris: 80 points
    Keiretsu: 71 points
    Staffler: 69 points
    Xpo group: 67 points
    Actief: 66 points

    Continue reading

    The Small Enterprise Guide to People and Resource Management

    • Buy Link or Shortcode: {j2store}602|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • 52% of small business owners agree that labor quality is their most important problem, and 76% of executives expect the talent market to get even more challenging.
    • The problem? You can't compete on salary, training budgets are slim, you need people skilled in all areas, and even one resignation represents a large part of your workforce.

    Our Advice

    Critical Insight

    • The usual, reactive approach to workforce management is risky:
      • Optimizing tactics helps you hire faster, train more, and negotiate better contracts.
      • But fulfilling needs as they arise costs more, has greater risk of failure, and leaves you unprepared for future needs.
    • In a small enterprise where every resource counts, in which one hire represents 10% of your workforce, it is essential to get it right.

    Impact and Result

    • Workforce planning helps you anticipate future needs.
    • More lead time means better decisions at lower cost.
    • Small Enterprises benefit most, since every resource counts.

    The Small Enterprise Guide to People and Resource Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. The Small Enterprise Guide to People and Resource Management Deck – Find out why workforce planning is critical for small enterprises.

    Use this storyboard to lay the foundation of people and resources management practices in your small enterprise IT department.

    • The Small Enterprise Guide to People and Resource Management – Phases 1-3

    2. Workforce Planning Workbook – Use the tool to successfully complete all of the activities required to define and estimate your workforce needs for the future.

    Use these concise exercises to analyze your department’s talent current and future needs and create a skill sourcing strategy to fill the gaps.

    • Workforce Planning Workbook for Small Enterprises

    3. Knowledge Transfer Tools – Use these templates to identify knowledge to be transferred.

    Work through an activity to discover key knowledge held by an employee and create a plan to transfer that knowledge to a successor.

    • IT Knowledge Identification Interview Guide Template
    • IT Knowledge Transfer Plan Template

    4. Development Planning Tools – Use these tools to determine priority development competencies.

    Assess employees’ development needs and draft a development plan that fits with key organizational priorities.

    • IT Competency Library
    • Leadership Competencies Workbook
    • IT Employee Career Development Workbook
    • Individual Competency Development Plan
    • Learning Methods Catalog for IT Employees

    Infographic

    Workshop: The Small Enterprise Guide to People and Resource Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Your Foundations

    The Purpose

    Set project direction and analyze workforce needs.

    Key Benefits Achieved

    Planful needs analysis ensures future workforce supports organizational goals.

    Activities

    1.1 Set workforce planning goals and success metrics.

    1.2 Identify key roles and competency gaps.

    1.3 Conduct a risk analysis to identify future needs.

    1.4 Determine readiness of internal successors.

    Outputs

    Work with the leadership team to:

    Extract key business priorities.

    Set your goals.

    Assess workforce needs.

    2 Create Your Workforce Plan

    The Purpose

    Conduct a skill sourcing analysis, and determine competencies to develop internally.

    Key Benefits Achieved

    A careful analysis ensures skills are being sourced in the most efficient way, and internal development is highly aligned with organizational objectives.

    Activities

    2.1 Determine your skill sourcing route.

    2.2 Determine priority competencies for development.

    Outputs

    Create a workforce plan.

    2.Determine guidelines for employee development.

    3 Plan Knowledge Transfer

    The Purpose

    Discover knowledge to be transferred, and build a transfer plan.

    Key Benefits Achieved

    Ensure key knowledge is not lost in the event of a departure.

    Activities

    3.1 Discover knowledge to be transferred.

    3.2 Identify the optimal knowledge transfer methods.

    3.3 Create a knowledge transfer plan.

    Outputs

    Discover tacit and explicit knowledge.

    Create a knowledge transfer roadmap.

    4 Plan Employee Development

    The Purpose

    Create a development plan for all staff.

    Key Benefits Achieved

    A well-structured development plan helps engage and retain employees while driving organizational objectives.

    Activities

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins.

    4.3 Build manager coaching skills.

    Outputs

    Assess employees.

    Prioritize development objectives.

    Plan development activities.

    Build management skills.

    Further reading

    The Small Enterprise Guide to People and Resource Management

    Quickly start getting the right people, with the right skills, at the right time

    Is this research right for you?

    Research Navigation

    Managing the people in your department is essential, whether you have three employees or 300. Depending on your available time, resources, and current workforce management maturity, you may choose to focus on the overall essentials, or dive deep into particular areas of talent management. Use the questions below to help guide you to the right Info-Tech resources that best align with your current needs.

    Question If you answered "no" If you answered "yes"

    Does your IT department have fewer than 15 employees, and is your organization's revenue less than $25 million (USD)?

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Follow the guidance in this blueprint.

    Does your organization require a more rigorous and customizable approach to workforce management?

    Follow the guidance in this blueprint.

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Analyst Perspective

    Workforce planning is even more important for small enterprises than large organizations.

    It can be tempting to think of workforce planning as a bureaucratic exercise reserved for the largest and most formal of organizations. But workforce planning is never more important than in small enterprises, where every individual accounts for a significant portion of your overall productivity.

    Without workforce planning, organizations find themselves in reactive mode, hiring new staff as the need arises. They often pay a premium for having to fill a position quickly or suffer productivity losses when a critical role goes unexpectedly vacant.

    A workforce plan helps you anticipate these challenges, come up with solutions to mitigate them, and allocate resources for the most impact, which means a greater return on your workforce investment in the long run.

    This blueprint will help you accomplish this quickly and efficiently. It will also provide you with the essential development and knowledge transfer tools to put your plan into action.

    This is a picture of Jane Kouptsova

    Jane Kouptsova
    Senior Research Analyst, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    52% of small business owners agree that labor quality is their most important problem.1

    Almost half of all small businesses face difficulty due to staff turnover.

    76% of executives expect the talent market to get even more challenging.2

    Common Obstacles

    76% of executives expect workforce planning to become a top strategic priority for their organization.2

    But…

    30% of small businesses do not have a formal HR function.3

    Small business leaders are often left at a disadvantage for hiring and retaining the best talent, and they face even more difficulty due to a lack of support from HR.

    Small enterprises must solve the strategic workforce planning problem, but they cannot invest the same time or resources that large enterprises have at their disposal.

    Info-Tech's Approach

    A modular, lightweight approach to workforce planning and talent management, tailored to small enterprises

    Clear activities that guide your team to decisive action

    Founded on your IT strategy, ensuring you have not just good people, but the right people

    Concise yet comprehensive, covering the entire workforce lifecycle from competency planning to development to succession planning and reskilling

    Info-Tech Insight

    Every resource counts. When one hire represents 10% of your workforce, it is essential to get it right.

    1CNBC & SurveyMonkey. 2ADP. 3Clutch.

    Labor quality is small enterprise's biggest challenge

    The key to solving it is strategic workforce planning

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in today's workforce, including pinpointing the human capital needs of the future.

    Linking workforce planning with strategic planning ensures that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    52%

    of small business owners agree that labor quality is their most important problem.1

    30%

    30% of small businesses have no formal HR function.2

    76%

    of senior leaders expect workforce planning to become the top strategic challenge for their organization.3

    1CNBC & SurveyMonkey. 2Clutch. 3ADP.

    Workforce planning matters more for small enterprises

    You know that staffing mistakes can cost your department dearly. But did you know the costs are greater for small enterprises?

    The price of losing an individual goes beyond the cost of hiring a replacement, which can range from 0.5 to 2 times that employee's salary (Gallup, 2019). Additional costs include loss of productivity, business knowledge, and team morale.

    This is a major challenge for large organizations, but the threat is even greater for small enterprises, where a single individual accounts for a large proportion of IT's productivity. Losing one of a team of 10 means 10% of your total output. If that individual was solely responsible for a critical function, your department now faces a significant gap in its capabilities. And the effect on morale is much greater when everyone is on the same close-knit team.

    And the threat continues when the staffing error causes you not to lose a valuable employee, but to hire the wrong one instead. When a single individual makes up a large percentage of your workforce, as happens on small teams, the effects of talent management errors are magnified.

    A group of 100 triangles is shown above a group of 10 triangles. In each group, one triangle is colored orange, and the rest are colored blue.

    Info-Tech Insight

    One bad hire on a team of 100 is a problem. One bad hire on a team of 10 is a disaster.

    This is an image of Info-Tech's small enterprise guide o people and resource management.

    Blueprint pre-step: Determine your starting point

    People and Resource management is essential for any organization. But depending on your needs, you may want to start at different stages of the process. Use this slide as a quick reference for how the activities in this blueprint fit together, how they relate to other workforce management resources, and the best starting point for you.

    Your IT strategy is an essential input to your workforce plan. It defines your destination, while your workforce is the vessel that carries you there. Ensure you have at least an informal strategy for your department before making major workforce changes, or review Info-Tech's guidance on IT strategy.

    This blueprint covers the parts of workforce management that occur to some extent in every organization:

    • Workforce planning
    • Knowledge transfer
    • Development planning

    You may additionally want to seek guidance on contract and vendor management, if you outsource some part of your workload outside your core IT staff.

    Track metrics

    Consider these example metrics for tracking people and resource management success

    Project Outcome Metric Baseline Target
    Reduced training costs Average cost of training (including facilitation, materials, facilities, equipment, etc.) per IT employee
    Reduced number of overtime hours worked Average hours billed at overtime rate per IT employee
    Reduced length of hiring period Average number of days between job ad posting and new hire start date
    Reduced number of project cancellations due to lack of capacity Total of number of projects cancelled per year
    Increased number of projects completed per year (project throughput) Total number of project completions per year
    Greater net recruitment rate Number of new recruits/Number of terminations and departures
    Reduced turnover and replacement costs Total costs associated with replacing an employee, including position coverage cost, training costs, and productivity loss
    Reduced voluntary turnover rate Number of voluntary departures/Total number of employees
    Reduced productivity loss following a departure or termination Team or role performance metrics (varies by role) vs. one year ago

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1:

    Scope requirements, objectives, and your specific challenges.

    Call #2: Assess current workforce needs.

    Call #4: Determine skill sourcing route.

    Call #6:

    Identify knowledge to be transferred.

    Call #8: Draft development goals and select activities.

    Call #3: Explore internal successor readiness.

    Call #5:Set priority development competencies.

    Call #7: Create a knowledge transfer plan.

    Call #9: Build managers' coaching & feedback skills.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 4 to 6 calls over the course of 3 to 4 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5
    1.Lay Your Foundations 2. Create Your Workforce Plan 3. Plan Knowledge Transfer 3. Plan Employee Development Next Steps and Wrap-Up (offsite)
    Activities

    1.1 Set workforce planning goals and success metrics

    1.2 Identify key roles and competency gaps

    1.3 Conduct a risk analysis to identify future needs

    1.4 Determine readiness of internal successors

    1.5 Determine your skill sourcing route

    1.6 Determine priority competencies for development

    3.1 Discover knowledge to be transferred

    3.2 Identify the optimal knowledge transfer methods

    3.3 Create a knowledge transfer plan

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins

    4.3 Build manager coaching skills

    Outcomes

    Work with the leadership team to:

    1. Extract key business priorities
    2. Set your goals
    3. Assess workforce needs

    Work with the leadership team to:

    1. Create a workforce plan
    2. Determine guidelines for employee development

    Work with staff and managers to:

    1. Discover tacit and explicit knowledge
    2. Create a knowledge transfer roadmap

    Work with staff and managers to:

    1. Assess employees
    2. Prioritize development objectives
    3. Plan development activities
    4. Build management skills

    Info-Tech analysts complete:

    1. Workshop report
    2. Workforce plan record
    3. Action plan

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Each onsite day is structured with group working sessions from 9-11 a.m. and 1:30-3:30 p.m. and includes Open Analyst Timeslots, where our facilitators are available to expand on scheduled activities, capture and compile workshop results, or review additional components from our comprehensive approach.

    This is a calendar showing days 1-4, and times from 8am-5pm

    Phase 1

    Workforce Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Human resource partner (if applicable)

    Additional Resources

    Workforce Planning Workbook for Small Enterprises

    Phase pre-step: Gather resources and participants

    1. Ensure you have an up-to-date IT strategy. If you don't have a formal strategy in place, ensure you are aware of the main organizational objectives for the next 3-5 years. Connect with executive stakeholders if necessary to confirm this information.
      If you are not sure of the organizational direction for this time frame, we recommend you consult Info-Tech's material on IT strategy first, to ensure your workforce plan is fully positioned to deliver value to the organization.
    2. Consult with your IT team and gather any documentation pertaining to current roles and skills. Examples include an org chart, job descriptions, a list of current tasks performed/required, a list of company competencies, and a list of outsourced projects.
    3. Gather the right participants. Most of the decisions in this section will be made by senior leadership, but you will also need input from front-line managers. Ensure they are available on an as-needed basis. If your organization has an HR partner, it can also be helpful to involve them in your workforce planning process.

    Formal workforce planning benefits even small teams

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in your workforce today and plan for the human capital needs of the future.

    Your workforce plan is an extension of your IT strategy, ensuring that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    The smaller the business, the more impact each individual's performance has on the overall success of the organization. When a given role is occupied by a single individual, the organization's performance in that function is determined wholly by one employee. Creating a workforce plan for a small team may seem excessive, but it ensures your organization is not unexpectedly hit with a critical competency gap.

    Right-size your workforce planning process to the size of your enterprise

    Small organizations are 2.2 times more likely to have effective workforce planning processes.1 Be mindful of the opportunities and risks for organizations of your size as you execute the project. How you build your workforce plan will not change drastically based on the size of your organization; however, the scope of your initiative, the size of your team, and the tactics you employ may vary.

    Small Organization

    Medium Organization

    Large Organization

    Project Opportunities

    • Project scope is much more manageable.
    • Communication and planning can be more manageable.
    • Fewer roles can clarify prioritization needs and promotability.
    • Project scope is more manageable.
    • Moderate budget for workforce planning initiatives is needed.
    • Communication and enforcement is easier.
    • Larger candidate pool to pull from.
    • Greater career path options for staff.
    • In-house expertise may be available

    Project Risks

    • Limited resources and time to execute the project.
    • In-house expertise is unlikely.
    • Competencies may be informal and not documented.
    • Limited overlap in responsibilities, resulting in fewer redundancies.
    • Limited staff with experience for the project.
    • Workforce planning may be a lower priority and difficult to generate buy-in for.
    • Requires more staff to manage workforce plan and execute initiatives.
    • Less collective knowledge on staff strengths may make career planning difficult.
    • Geographically dispersed business units make collaboration and communication difficult.

    1 McLean & Company Trends Report 2014

    1.1 Set project outcomes and success metrics

    1-3 hours

    1. As a group, brainstorm key pain points that the IT department experiences due to the lack of a workforce plan. Ask them to consider turnover, retention, training, and talent acquisition.
    2. Discuss any key themes that arise and brainstorm your desired project outcomes. Keep a record of these for future reference and to aid in stakeholder communication.
    3. Break into smaller groups (or if too small, continue as a single group):
      1. For each desired outcome, consider what metrics you could use to track progress. Keep your initial list of pain points in mind as you brainstorm metrics.
      2. Write each of the metric suggestions on a whiteboard and agree to track 3-5 metrics. Set targets for each metric. Consider the effort required to obtain and track the metric, as well as its reliability.
      3. Assign one individual for tracking the selected metrics. Following the meeting, that individual will be responsible for identifying the baseline and targets, and reporting on metrics progress.

    Input

    Output

    • List of workforce data available
    • List of workforce metrics to track the workforce plan's impact

    Materials

    Participants

    • Whiteboard/flip charts
    • Leadership team
    • Human resource partner (if applicable)

    1.2 Identify key roles and competency gaps

    1-3 hours

    1. As a group, identify all strategic, core, and supporting roles by reviewing the organizational chart:
      1. Strategic: What are the roles that must be filled by top performers and cannot be left vacant in order to meet strategic objectives?
      2. Core: What roles are important to drive operational excellence?
      3. Supporting: What roles are required for day-to-day work, but are low risk if the role is vacant for a period of time?
    2. Working individually or in small groups, have managers for each identified role define the level of competence required for the job. Consider factors such as:
      1. The difficulty or criticality of the tasks being performed
      2. The impact on job outcomes
      3. The impact on the performance of other employees
      4. The consequence of errors if the competency is not present
      5. How frequently the competency is used on the job
      6. Whether the competency is required when the job starts or can be learned or acquired on the job within the first six months
    3. Continue working individually and rate the level of proficiency of the current incumbent.
    4. As a group, review the assessment and make any adjustments.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Download the Workforce Planning Workbook for Small Enterprises

    1.2 Identify key roles and competency gaps

    Input Output
    • Org chart, job descriptions, list of current tasks performed/required, list of company competencies
    • List of competency gaps for key roles
    Materials Participants
    • Leadership team
    • Managers

    Conduct a risk-of-departure analysis

    A risk-of-departure analysis helps you plan for future talent needs by identifying which employees are most likely to leave the organization (or their current role).

    A risk analysis takes into account two factors: an employee's risk for departure and the impact of departure:

    Employees are high risk for departure if they:

    • Have specialized or in-demand skills (tenured employees are more likely to have this than recent hires)
    • Are nearing retirement
    • Have expressed career aspirations that extend outside your organization
    • Have hit a career development ceiling at your organization
    • Are disengaged
    • Are actively job searching
    • Are facing performance issues or dismissal OR promotion into a new role

    Employees are low risk for departure if they:

    • Are a new hire or new to their role
    • Are highly engaged
    • Have high potential
    • Are 5-10 years out from retirement

    If you are not sure where an employee stands with respect to leaving the organization, consider having a development conversation with them. In the meantime, consider them at medium risk for departure.

    To estimate the impact of departure, consider:

    • The effect of losing the employee in the near- and medium-term, including:
      • Impact on the organization, department, unit/team and projects
      • The cost (in time, resources, and productivity loss) to replace the individual
      • The readiness of internal successors for the role

    1.3 Conduct a risk analysis to identify future needs

    1-3 hours

    Preparation: Your estimation of whether key employees are at risk of leaving the organization will depend on what you know of them objectively (skills, age), as well as what you learn from development conversations. Ensure you collect all relevant information prior to conducting this activity. You may need to speak with employees' direct managers beforehand or include them in the discussion.

    • As a group, list all your current employees, and using the previous slide for guidance, rank them on two parameters: risk of departure and impact of departure, on a scale of low to high. Record your conclusions in a chart like the one on the right. (For a more in-depth risk assessment, use the "Risk Assessment Results" tab of the Key Roles Succession Planning Tool.)
    • Employees that fall in the "Mitigate" quadrant represent key at-risk roles with at least moderate risk and moderate impact. These are your succession planning priorities. Add these roles to your list of key roles and competency gaps, and include them in your workforce planning analysis.
    • Employees that fall in the "Manage" quadrants represent secondary priorities, which should be looked at if there is capacity after considering the "Mitigate" roles.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    This is an image of the Risk analysis for risk of departure to importance of departure.

    Info-Tech Insight

    Don't be afraid to rank most or all your staff as "high impact of departure." In a small enterprise, every player counts, and you must plan accordingly.

    1.3 Conduct a risk analysis to identify future needs

    Input Output
    • Employee data on competencies, skills, certifications, and performance. Input from managers from informal development conversations.
    • A list of first- and second-priority at-risk roles to carry forward into a succession planning analysis
    Materials Participants
    • Leadership team
    • Managers

    Determine your skill sourcing route

    The characteristics of need steer hiring managers to a preferred choice, while the marketplace analysis will tell you the feasibility of each option.

    Sourcing Options

    Preferred Options

    Final Choice

    four blue circles

    A right facing arrow

    		Two blue circles A right facing arrow One blue circle
    State of the Marketplace

    State of the Marketplace

    Urgency: How soon do we need this skill? What is the required time-to-value?

    Criticality: How critical, i.e. core to business goals, are the services or systems that this skill will support?

    Novelty: Is this skill brand new to our workforce?

    Availability: How often, and at what hours, will the skill be needed?

    Durability: For how long will this skill be needed? Just once, or indefinitely for regular operations?

    Scarcity: How popular or desirable is this skill? Do we have a large enough talent pool to draw from? What competition are we facing for top talent?

    Cost: How much will it cost to hire vs. contract vs. outsource vs. train this skill?

    Preparedness: Do we have internal resources available to cultivate this skill in house?

    1.4 Determine your skill sourcing route

    1-3 hours

    1. Identify the preferred sourcing method as a group, starting with the most critical or urgent skill need on your list. Use the characteristics of need to guide your discussion. If more than one option seems adequate, carry several over to the next step.
    2. Consider the marketplace factors applicable to the skill in question and use these to narrow down to one final sourcing decision.
      1. If it is not clear whether a suitable internal candidate is available or ready, refer to the next activity for a readiness assessment.
    3. Be sure to document the rationale supporting your decision. This will ensure the decision can be clearly communicated to any stakeholders, and that you can review on your decision-making process down the line.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Info-Tech Insight

    Consider developing a pool of successors instead of pinning your hopes on just one person. A single pool of successors can be developed for either one key role that has specialized requirements or even multiple key roles that have generic requirements.

    Input

    Output

    • List of current and upcoming skill gaps
    • A sourcing decision for each skill

    Materials

    Participants

    • Leadership team
    • Human resource partner (if applicable)

    1.5 Determine readiness of internal successors

    1-3 hours

    1. As a group, and ensuring you include the candidates' direct managers, identify potential successors for the first role on your list.
    2. Ask how effectively the potential successor would serve in the role today. Review the competencies for the key role in terms of:
      1. Relationship-building skills
      2. Business skills
      3. Technical skills
      4. Industry-specific skills or knowledge
    3. Determine what competencies the succession candidate currently has and what must be learned. Be sure you know whether the candidate is open to a career change. Don't assume – if this is not clear, have a development conversation to ensure everyone is on the same page.
    4. Finally, determine how difficult it will be for the successor to acquire missing skills or knowledge, whether the resources are available to provide the required development, and how long it will take to provide it.
    5. As a group, decide whether training an internal successor is a viable option for the role in question, considering the successor's readiness and the characteristics of need for the role. If a clear successor is not readily apparent, consider:
      1. If the development of the successor can be fast-tracked, or if some requirements can be deprioritized and the successor provided with temporary support from other employees.
      2. If the role in question is being discussed because the current incumbent is preparing to leave, consider negotiating an arrangement that extends the incumbent's employment tenure.
    6. Record the decision and repeat for the next role on your list.

    Info-Tech Insight

    A readiness assessment helps to define not just development needs, but also any risks around the organization's ability to fill a key role.

    Input

    Output

    • List of roles for which you are considering training internally
    • Job descriptions and competency requirements for the roles
    • List of roles for which internal successors are a viable option

    Materials

    Participants

    • Leadership team
    • Candidates' direct managers, if applicable

    Use alternative work arrangements to gain time to prepare successors

    Alternative work arrangements are critical tools that employers can use to achieve a mutually beneficial solution that mitigates the risk of loss associated with key roles.

    Alternative work arrangements not only support employees who want to keep working, but more importantly, they allow the business to retain employees that are needed in key roles who are departure risks due to retirement.

    Viewing retirement as a gradual process can help you slow down skill loss in your organization and ensure you have sufficient time to train successors. Retiring workers are becoming increasingly open to alternative work arrangements. Among employed workers aged 50-75, more than half planned to continue working part-time after retirement.
    Source: Statistics Canada.

    Flexible work options are the most used form of alternative work arrangement

    A bar graph showing the percent of organizations who implemented alternate work arrangement, for Flexible work options; Contract based work; Part time roles; Graduated retirement programs; Part year jobs or job sharing; Increased PTO for employees over a certain age.

    Source: McLean & Company, N=44

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Flexible work options Employees work the same number of hours but have flexibility in when and where they work (e.g. from home, evenings). Employees who work fairly independently with no or few direct reports. Employee may become isolated or disconnected, impeding knowledge transfer methods that require interaction or one-on-one time.
    Contract-based work Working for a defined period of time on a specific project on a non-salaried or non-wage basis. Project-oriented work that requires specialized knowledge or skills. Available work may be sporadic or specific projects more intensive than the employee wants. Knowledge transfer must be built into the contractual arrangement.
    Part-time roles Half days or a certain number of days per week; indefinite with no end date in mind. Employees whose roles can be readily narrowed and upon whom people and critical processes are not dependent. It may be difficult to break a traditionally full-time job down into a part-time role given the size and nature of associated tasks.
    Graduated retirement Retiring employee has a set retirement date, gradually reducing hours worked per week over time. Roles where a successor has been identified and is available to work alongside the incumbent in an overlapping capacity while he or she learns. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Part-year jobs or job sharing Working part of the year and having the rest of the year off, unpaid. Project-oriented work where ongoing external relationships do not need to be maintained. The employee is unavailable for knowledge transfer activities for a large portion of the year. Another risk is that the employee may opt not to return at the end of the extended time off with little notice.
    Increased paid time off Additional vacation days upon reaching a certain age. Best used as recognition or reward for long-term service. This may be a particularly useful retention incentive in organizations that do not offer pension plans. The company may not be able to financially afford to pay for such extensive time off. If the role incumbent is the only one in the role, this may mean crucial work is not being done.
    Altered roles Concentration of a job description on fewer tasks that allows the employee to focus on his or her specific expertise. Roles where a successor has been identified and is available to work alongside the incumbent, with the incumbent's new role highly focused on mentoring. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Phase 2

    Knowledge Transfer

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership/management team
    • Incumbent & successor

    Additional Resources

    IT Knowledge Identification Interview Guide Template

    Knowledge Transfer Plan Template

    Determine your skill sourcing route

    Knowledge transfer plans have three key components that you need to complete for each knowledge source:

    Define what knowledge needs to be transferred

    Each knowledge source has unique information which needs to be transferred. Chances are you don't know what you don't know. The first step is therefore to interview knowledge sources to find out.

    Identify the knowledge receiver

    Depending on who the information is going to, the knowledge transfer tactic you employ will differ. Before deciding on the knowledge receiver and tactic, consider three key factors:

    • How will this knowledge be used in the future?
    • What is the next career step for the knowledge receiver?
    • Are the receiver and the source going to be in the same location?

    Identify which knowledge transfer tactics you will use for each knowledge asset

    Not all tactics are good in every situation. Always keep the "knowledge type" (information, process, skills, and expertise), knowledge sources' engagement level, and the knowledge receiver in mind as you select tactics.

    Don't miss tacit knowledge

    There are two basic types of knowledge: "explicit" and "tacit." Ensure you capture both to get a well-rounded overview of the role.

    Explicit Tacit
    • "What knowledge" – knowledge can be articulated, codified, and easily communicated.
    • Easily explained and captured – documents, memos, speeches, books, manuals, process diagrams, facts, etc.
    • Learn through reading or being told.
    • "How knowledge" – intangible knowledge from an individual's experience that is more from the process of learning, understanding, and applying information (insights, judgments, and intuition).
    • Hard to verbalize, and difficult to capture and quantify.
    • Learn through observation, imitation, and practice.

    Types of explicit knowledge

    Types of tacit knowledge

    Information Process Skills Expertise

    Specialized technical knowledge.

    Unique design capabilities/methods/models.

    Legacy systems, details, passwords.

    Special formulas/algorithms/ techniques/contacts.

    • Specialized research & development processes.
    • Proprietary production processes.
    • Decision-making processes.
    • Legacy systems.
    • Variations from documented processes.
    • Techniques for executing on processes.
    • Relationship management.
    • Competencies built through deliberate practice enabling someone to act effectively.
    • Company history and values.
    • Relationships with key stakeholders.
    • Tips and tricks.
    • Competitor history and differentiators.

    e.g. Knowing the lyrics to a song, building a bike, knowing the alphabet, watching a YouTube video on karate.

    e.g. Playing the piano, riding a bike, reading or speaking a language, earning a black belt in karate.

    Embed your knowledge transfer methods into day-to-day practice

    Multiple methods should be used to transfer as much of a person's knowledge as possible, and mentoring should always be one of them. Select your method according to the following criteria:

    Info-Tech Insight

    The more integrated knowledge transfer is in day-to-day activities, the more likely it is to be successful, and the lower the time cost. This is because real learning is happening at the same time real work is being accomplished.

    Type of Knowledge

    • Tacit knowledge transfer methods are often informal and interactive:
      • Mentoring
      • Multi-generational work teams
      • Networks and communities
      • Job shadowing
    • Explicit knowledge transfer methods tend to be more formal and one way:
      • Formal documentation of processes and best practices
      • Self-published knowledge bases
      • Formal training sessions
      • Formal interviews

    Incumbent's Preference/Successor's Preference

    Ensure you consult the employees, and their direct manager, on the way they are best prepared to teach and learn. Some examples of preferences include:

    1. Prefer traditional classroom learning, augmented with participation, critical reflection, and feedback.
    2. May get bored during formal training sessions and retain more during job shadowing.
    3. Prefer to be self-directed or self-paced, and highly receptive to e-learning and media.
    4. Prefer informal, incidental learning, tend to go immediately to technology or direct access to people. May have a short attention span and be motivated by instant results.
    5. May be uncomfortable with blogs and wikis, but comfortable with SharePoint.

    Cost

    Consider costs beyond the monetary. Some methods require an investment in time (e.g. mentoring), while others require an investment in technology (e.g. knowledge bases).

    The good news is that many supporting technologies may already exist in your organization or can be acquired for free.

    Methods that cost time may be difficult to get underway since employees may feel they don't have the time or must change the way they work.

    2.1 Create a knowledge transfer plan

    1-3 hours

    1. Working together with the current incumbent, brainstorm the key information pertaining to the role that you want to pass on to the successor. Use the IT Knowledge Identification Interview Guide Template to ensure you don't miss anything.
      • Consider key knowledge areas, including:
        • Specialized technical knowledge.
        • Specialized research and development processes.
        • Unique design capabilities/methods/models.
        • Special formulas/algorithms/techniques.
        • Proprietary production processes.
        • Decision-making criteria.
        • Innovative sales methods.
        • Knowledge about key customers.
        • Relationships with key stakeholders.
        • Company history and values.
      • Ask questions of both sources and receivers of knowledge to help determine the best knowledge transfer methods to use.
        • What is the nature of the knowledge? Explicit or tacit?
        • Why is it important to transfer?
        • How will the knowledge be used?
        • What knowledge is critical for success?
        • How will the users find and access it?
        • How will it be maintained and remain relevant and usable?
        • What are the existing knowledge pathways or networks connecting sources to recipients?
    2. Once the knowledge has been identified, use the information on the following slides to decide on the most appropriate methods. Be sure to consult the incumbent and successor on their preferences.
    3. Prioritize your list of knowledge transfer activities. It's important not to try to do too much too quickly. Focus on some quick wins and leverage the success of these initiatives to drive the project forward. Follow these steps as a guide:
      1. Take an inventory of all the tactics and techniques which you plan to employ. Eliminate redundancies where possible.
      2. Start your implementation with your highest risk role or knowledge item, using explicit knowledge transfer tactics. Interviews, use cases, and process mapping will give you some quick wins and will help gain momentum for the project.
      3. Then move forward to other tactics, the majority of which will require training and process design. Pick 1-2 other key tactics you would like to employ and build those out. For tactics that require resources or monetary investment, start with those that can be reused for multiple roles.

    Record your plan in the IT Knowledge Transfer Plan Template.

    Download the IT Knowledge Identification Interview Guide Template

    Download the Knowledge Transfer Plan Template

    Info-Tech Insight

    Wherever possible, ask employees about their personal learning styles. It's likely that a collaborative compromise will have to be struck for knowledge transfer to work well.

    2.1 Create a knowledge transfer plan

    Input

    Output

    • List of roles for which you need to transfer knowledge
    • Prioritized list of knowledge items and chosen transfer method

    Materials

    Participants

    • Leadership team
    • Incumbent
    • Successor

    Not every transfer method is effective for every type of knowledge

    Knowledge Type
    Tactic Explicit Tacit
    Information Process Skills Expertise
    Interviews Very Strong Strong Strong Strong
    Process Mapping Medium Very Strong Very Weak Very Weak
    Use Cases Medium Very Strong Very Weak Very Weak
    Job Shadow Very Weak Medium Very Strong Very Strong
    Peer Assist Strong Medium Very Strong Very Strong
    Action Review Medium Medium Strong Strong
    Mentoring Weak Weak Strong Very Strong
    Transition Workshop Strong Strong Strong Weak
    Storytelling Weak Weak Strong Very Strong
    Job Share Weak Weak Very Strong Very Strong
    Communities of Practice Strong Weak Very Strong Very Strong

    This table shows the relative strengths and weaknesses of each knowledge transfer tactic compared against four different knowledge types.

    Not all techniques are effective for all types of knowledge; it is important to use a healthy mixture of techniques to optimize effectiveness.

    Employees' engagement can impact knowledge transfer effectiveness

    Level of Engagement
    Tactic Disengaged/ Indifferent Almost Engaged - Engaged
    Interviews Yes Yes
    Process Mapping Yes Yes
    Use Cases Yes Yes
    Job Shadow No Yes
    Peer Assist Yes Yes
    Action Review Yes Yes
    Mentoring No Yes
    Transition Workshop Yes Yes
    Storytelling No Yes
    Job Share Maybe Yes
    Communities of Practice Maybe Yes

    When considering which tactics to employ, it's important to consider the knowledge holder's level of engagement. Employees who you would identify as being disengaged may not make good candidates for job shadowing, mentoring, or other tactics where they are required to do additional work or are asked to influence others.

    Knowledge transfer can be controversial for all employees as it can cause feelings of job insecurity. It's essential that motivations for knowledge transfer are communicated effectively.

    Pay particular attention to your communication style with disengaged and indifferent employees, communicate frequently, and tie communication back to what's in it for them.

    Putting disengaged employees in a position where they are mentoring others can be a risk, as their negativity could influence others not to participate, or it could negate the work you're doing to create a positive knowledge sharing culture.

    Employees' engagement can impact knowledge transfer effectiveness

    Effort by Stakeholder

    Tactic

    Business Analyst

    IT Manager

    Knowledge Holder

    Knowledge Receiver

    Interviews

    These tactics require the least amount of effort, especially for organizations that are already using these tactics for a traditional requirements gathering process.

    Medium

    N/A

    Low

    Low

    Process Mapping

    Medium

    N/A

    Low

    Low

    Use Cases

    Medium

    N/A

    Low

    Low

    Job Shadow

    Medium

    Medium

    Medium

    Medium

    Peer Assist

    Medium

    Medium

    Medium

    Medium

    Action Review

    These tactics generally require more involvement from IT management and the BA in tandem for preparation. They will also require ongoing effort for all stakeholders. It's important to gain stakeholder buy-in as it is key for success.

    Low

    Medium

    Medium

    Low

    Mentoring

    Medium

    High

    High

    Medium

    Transition Workshop

    Medium

    Low

    Medium

    Low

    Storytelling

    Medium

    Medium

    Low

    Low

    Job Share

    Medium

    High

    Medium

    Medium

    Communities of Practice

    High

    Medium

    Medium

    Medium

    Phase 3

    Development Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Employees

    Additional Resources

    Effective development planning hinges on robust performance management

    Your performance management framework is rooted in organizational goals and defines what it means to do any given role well.

    Your organization's priority competencies are the knowledge, skills and attributes that enable an employee to do the job well.

    Each individual's development goals are then aimed at building these priority competencies.

    Mission Statement

    To be the world's leading manufacturer and distributor of widgets.

    Business Goal

    To increase annual revenue by 10%.

    IT Department Objective

    To ensure reliable communications infrastructure and efficient support for our sales and development teams.

    Individual Role Objective

    To decrease time to resolution of support requests by 10% while maintaining quality.

    Info-Tech Insight

    Without a performance management framework, your employees cannot align their development with the organization's goals. For detailed guidance, see Info-Tech's blueprint Setting Meaningful Employee Performance Measures.

    What is a competency?

    The term "competency" refers to the collection of knowledge, skills, and attributes an employee requires to do a job well.

    Often organizations have competency frameworks that consist of core, leadership, and functional competencies.

    Core competencies apply to every role in the organization. Typically, they are tied to organizational values and business mission and/or vision.

    Functional competencies are at the department, work group, or job role levels. They are a direct reflection of the function or type of work carried out.

    Leadership competencies generally apply only to people managers in the organization. Typically, they are tied to strategic goals in the short to medium term

    Generic Functional
    • Core
    • Leadership
    • IT
    • Finance
    • Sales
    • HR

    Use the SMART model to make sure goals are reasonable and attainable

    S

    Specific: Be specific about what you want to accomplish. Think about who needs to be involved, what you're trying to accomplish, and when the goal should be met.

    M

    Measurable: Set metrics that will help to determine whether the goal has been reached.

    A

    Achievable: Ensure that you have both the organizational resources and employee capability to accomplish the goal.

    R

    Relevant: Goals must align with broader business, department, and development goals in order to be meaningful.

    T

    Time-bound: Provide a target date to ensure the goal is achievable and provide motivation.

    Example goal:

    "Learn Excel this summer."

    Problems:

    Not specific enough, not measurable enough, nor time bound.

    Alternate SMART goal:

    "Consult with our Excel expert and take the lead on creating an Excel tool in August."

    3.2 Identify target competencies & draft development goals

    1 hour

    Pre-work: Employees should come to the career conversation having done some self-reflection. Use Info-Tech's IT Employee Career Development Workbook to help employees identify their career goals.

    1. Pre-work: Managers should gather any data they have on the employee's current proficiency at key competencies. Potential sources include task-based assessments, performance ratings, supervisor or peer feedback, and informal conversation.

      Prioritize competencies. Using your list of priority organizational competencies, work with your employees to help them identify two to four competencies to focus on developing now and in the future. Use the Individual Competency Development Plan template to document your assessment and prioritize competencies for development. Consider the following questions for guidance:
      1. Which competencies are needed in my current role that I do not have full proficiency in?
      2. Which competencies are related to both my career interests and the organization's priorities?
      3. Which competencies are related to each other and could be developed together or simultaneously?
    2. Draft goals. Ask your employee to create a list of multiple simple goals to develop the competencies they have selected to work on developing over the next year. Identifying multiple goals helps to break development down into manageable chunks. Ensure goals are concrete, for example, if the competency is "communication skills," your development goals could be "presentation skills" and "business writing."
    3. Review goals:
      1. Ask why these areas are important to the employee.
      2. Share your ideas and why it is important that the employee develop in the areas identified.
      3. Ensure that the goals are realistic. They should be stretch goals, but they must be achievable. Use the SMART framework on the previous slide for guidance.

    Info-Tech Insight

    Lack of career development is the top reason employees leave organizations. Development activities need to work for both the organization and the employee's own development, and clearly link to advancing employees' careers either at the organization or beyond.

    Download the IT Employee Career Development Workbook

    Download the Individual Competency Development Plan

    3.2 Identify target competencies & draft development goals

    Input

    Output

    • Employee's career aspirations
    • List of priority organizational competencies
    • Assessment of employee's current proficiency
    • A list of concrete development goals

    Materials

    Participants

    • Employee
    • Direct manager

    Apply a blend of learning methods

    • Info-Tech recommends the 70-20-10 principle for learning and development, which places the greatest emphasis on learning by doing. This experiential learning is then supported by feedback from mentoring, training, and self-reflection.
    • Use the 70-20-10 principle as a guideline – the actual breakdown of your learning methods will need to be tailored to best suit your organization and the employee's goals.

    Spend development time and effort wisely:

    70%

    On providing challenging on-the-job opportunities

    20%

    On establishing opportunities for people to develop learning relationships with others, such as coaching and mentoring

    10%

    On formal learning and training programs

    Internal initiatives are a cost-effective development aid

    Internal Initiative

    What Is It?

    When to Use It

    Special Project

    Assignment outside of the scope of the day-to-day job (e.g. work with another team on a short-term initiative).

    As an opportunity to increase exposure and to expand skills beyond those required for the current job.

    Stretch Assignment

    The same projects that would normally be assigned, but in a shorter time frame or with a more challenging component.

    Employee is consistently meeting targets and you need to see what they're capable of.

    Training Others

    Training new or more junior employees on their position or a specific process.

    Employee wants to expand their role and responsibility and is proficient and positive.

    Team Lead On an Assignment

    Team lead for part of a project or new initiative.

    To prepare an employee for future leadership roles by increasing responsibility and developing basic managerial skills.

    Job Rotation

    A planned placement of employees across various roles in a department or organization for a set period of time.

    Employee is successfully meeting and/or exceeding job expectations in their current role.

    Incorporating a development objective into daily tasks

    What do we mean by incorporating into daily tasks?

    The next time you assign a project to an employee, you should also ask the employee to think about a development goal for the project. Try to link it back to their existing goals or have them document a new goal in their development plan.

    For example: A team of employees always divides their work in the same way. Their goal for their next project could be to change up the division of responsibility so they can learn each other's roles.

    Another example:

    "I'd like you to develop your ability to explain technical terms to a non-technical audience. I'd like you to sit down with the new employee who starts tomorrow and explain how to use all our software, getting them up and running."

    Info-Tech Insight

    Employees often don't realize that they are being developed. They either think they are being recognized for good work or they are resentful of the additional workload.

    You need to tell your employees that the activity you are asking them to do is intended to further their development.

    However, be careful not to sell mundane tasks as development opportunities – this is offensive and detrimental to engagement.

    Establish manager and employee accountability for following up

    Ensure that the employee makes progress in developing prioritized competencies by defining accountabilities:

    Tracking Progress

    Checking In

    Development Meetings

    Coaching & Feedback

    Employee accountability:

    • Employees need to keep track of what they learn.
    • Employees should take the time to reflect on their progress.

    Manager accountability:

    • Managers need to make the time for employees to reflect.

    Employee accountability:

    • Employees need to provide managers with updates and ask for help.

    Manager accountability:

    • Managers need to check in with employees to see if they need additional resources.

    Employee accountability:

    • Employees need to complete assessments again to determine whether they have made progress.

    Manager accountability:

    • Managers should schedule monthly meetings to discuss progress and identify next steps.

    Employee accountability:

    • Employees should ask their manager and colleagues for feedback after development activities.

    Manager accountability:

    • Managers can use both scheduled meetings and informal conversations to provide coaching and feedback to employees.

    3.3 Select development activities and schedule check-ins

    1-3 hours

    Pre-work: Employees should research potential development activities and come prepared with a range of suggestions.

    Pre-work: Managers should investigate options for employee development, such as internal training/practice opportunities for the employee's selected competencies and availability of training budget.

    1. Communicate your findings about internal opportunities and external training allowance to the employee. This can also be done prior to the meeting, to help guide the employee's own research. Address any questions or concerns.
    2. Review the employee's proposed list of activities, and identify priority ones based on:
      1. How effectively they support the development of priority competencies.
      2. How closely they match the employee's original goals.
      3. The learning methods they employ, and whether the chosen activities support a mix of different methods.
      4. The degree to which the employee will have a chance to practice new skills hands-on.
      5. The amount of time the activities require, balanced against the employee's work obligations.
    3. Guide the employee in selecting activities for the short and medium term. Establish an understanding that this list is tentative and subject to ongoing revision during future check-ins.
      1. If in doubt about whether the employee is over-committing, err on the side of fewer activities to start.
    4. Schedule a check-in for one month out to review progress and roadblocks, and to reaffirm priorities.
    5. Check-ins should be repeated regularly, typically once a month.

    Download the Learning Methods Catalog

    Info-Tech Insight

    Adopt a blended learning approach using a variety of techniques to effectively develop competencies. This will reinforce learning and accommodate different learning styles. See Info-Tech's Learning Methods Catalog for a description of popular experiential, relational, and formal learning methods.

    3.3 Select development activities and schedule check-ins

    Input

    Output

    • List of potential development activities (from employee)
    • List of organizational resources (from manager)
    • A selection of feasible development activities
    • Next check-in scheduled

    Materials

    Participants

    • Employee
    • Direct manager

    Tips for tricky conversations about development

    What to do if…

    Employees aren't interested in development:

    • They may have low aspiration for advancement.
    • Remind them about the importance of staying current in their role given increasing job requirements.
    • Explain that skill development will make their job easier and make them more successful at it; sell development as a quick and effective way to learn the skill.
    • Indicate your support and respond to concerns.

    Employees have greater aspiration than capability:

    • Explain that there are a number of skills and capabilities that they need to improve in order to move to the next level. If the specific skills were not discussed during the performance appraisal, do not hesitate to explain the improvements that you require.
    • Inform the employee that you want them to succeed and that by pushing too far and too fast they risk failure, which would not be beneficial to anyone.
    • Reinforce that they need to do their current job well before they can be considered for promotion.

    Employees are offended by your suggestions:

    • Try to understand why they are offended. Before moving forward, clarify whether they disagree with the need for development or the method by which you are recommending they be developed.
    • If it is because you told them they had development needs, then reiterate that this is about helping them to become better and that everyone has areas to develop.
    • If it is about the development method, discuss the different options, including the pros and cons of each.

    Coaching and feedback skills help managers guide employee development

    Coaching and providing feedback are often confused. Managers often believe they are coaching when they are just giving feedback. Learn the difference and apply the right approach for the right situation.

    What is coaching?

    A conversation in which a manager asks questions to guide employees to solve problems themselves.

    Coaching is:

    • Future-focused
    • Collaborative
    • Geared toward growth and development

    What is feedback?

    Information conveyed from the manager to the employee about their performance.

    Feedback is:

    • Past-focused
    • Prescriptive
    • Geared toward behavior and performance

    Info-Tech Insight

    Don't forget to develop your managers! Ensure coaching, feedback, and management skills are part of your management team's development plan.

    Understand the foundations of coaching to provide effective development coaching:

    Knowledge Mindset Relationship
    • Understand what coaching is and how to apply it:
    • Identify when to use coaching, feedback, or other people management practices, and how to switch between them.
    • Know what coaching can and cannot accomplish.
    • When focusing on performance, guide an employee to solve problems related to their work. When focusing on development, guide an employee to reach their own development goals.
    • Adopt a coaching mindset by subscribing to the following beliefs:
    • Employees want to achieve higher performance and have the potential to do so.
    • Employees have a unique and valuable perspective to share of the challenges they face as well as the possible solutions.
    • Employees should be empowered to realize solutions themselves to motivate them in achieving goals.
    • Develop a relationship of trust between managers and employees:
    • Create an environment of psychological safety where employees feel safe to be open and honest.
    • Involve employees in decision making and inform employees often.
    • Invest in employees' success.
    • Give and expect candor.
    • Embrace failure.

    Apply the "4A" behavior-focused coaching model

    Using a model allows every manager, even those with little experience, to apply coaching best practices effectively.

    Actively Listen

    Ask

    Action Plan

    Adapt

    Engage with employees and their message, rather than just hearing their message.

    Key active listening behaviors:

    • Provide your undivided attention.
    • Observe both spoken words and body language.
    • Genuinely try to understand what the employee is saying.
    • Listen to what is being said, then paraphrase back what you heard.

    Ask thoughtful, powerful questions to learn more information and guide employees to uncover opportunities and/or solutions.

    Key asking behaviors:

    • Ask open-ended questions.
    • Ask questions to learn something you didn't already know.
    • Ask for reasoning (the why).
    • Ask "what else?"

    Hold employees and managers accountable for progress and results.

    During check-ins, review each development goal to ensure employees are meeting their targets.

    Key action planning behaviors:

    Adapt to individual employees and situations.

    Key adapting behaviors:

    • Recognize employees' unique characteristics.
    • Appreciate the situation at hand and change your behavior and communication in order to best support the individual employee.

    Use the following questions to have meaningful coaching conversations

    Opening Questions

    • What's on your mind?
    • Do you feel you've had a good week/month?
    • What is the ideal situation?
    • What else?

    Problem-Identifying Questions

    • What is most important here?
    • What is the challenge here for you?
    • What is the real challenge here for you?
    • What is getting in the way of you achieving your goal?

    Problem-Solving Questions

    • What are some of the options available?
    • What have you already tried to solve this problem? What worked? What didn't work?
    • Have you considered all the possibilities?
    • How can I help?

    Next-Steps Questions

    • What do you need to do, and when, to achieve your goal?
    • What resources are there to help you achieve your goal? This includes people, tools, or even resources outside our organization.
    • How will you know when you have achieved your goal? What does success look like?

    The purpose of asking questions is to guide the conversation and learn something you didn't already know. Choose the questions you ask based on the flow of the conversation and on what information you would like to uncover. Approach the answers you get with an open mind.

    Info-Tech Insight

    Avoid the trap of "hidden agenda" questions, whose real purpose is to offer your own advice.

    Use the following approach to give effective feedback

    Provide the feedback in a timely manner

    • Plan the message you want to convey.
    • Provide feedback "just-in-time."
    • Ensure recipient is not preoccupied.
    • Try to balance the feedback; refer to successful as well as unsuccessful behavior.

    Communicate clearly, using specific examples and alternative behaviors

    • Feedback must be honest and helpful.
    • Be specific and give a recent example.
    • Be descriptive, not evaluative.
    • Relate feedback to behaviors that can be changed.
    • Give an alternative positive behavior.

    Confirm their agreement and understanding

    • Solicit their thoughts on the feedback.
    • Clarify if not understood; try another example.
    • Confirm recipient understands and accepts the feedback.

    Manager skill is crucial to employee development

    Development is a two-way street. This means that while employees are responsible for putting in the work, managers must enable their development with support and guidance. The latter is a skill, which managers must consciously cultivate.

    For more in-depth management skills development, see the Info-Tech "Build a Better Manager" training resources:

    Bibliography

    Anderson, Kelsie. "Is Your IT Department Prepared for the 4 Biggest Challenges of 2017?" 14 June 2017.
    Atkinson, Carol, and Peter Sandiford. "An Exploration of Older Worker Flexible Working Arrangements in Smaller Firms." Human Resource Management Journal, vol. 26, no. 1, 2016, pp. 12–28. Wiley Online Library.
    BasuMallick, Chiradeep. "Top 8 Best Practices for Employee Cross-Training." Spiceworks, 15 June 2020.
    Birol, Andy. "4 Ways You Can Succeed With a Staff That 'Wears Multiple Hats.'" The Business Journals, 26 Nov. 2013.
    Bleich, Corey. "6 Major Benefits To Cross-Training Employees." EdgePoint Learning, 5 Dec. 2018.
    Cancialosi, Chris. "Cross-Training: Your Best Defense Against Indispensable Employees." Forbes, 15 Sept. 2014.
    Cappelli, Peter, and Anna Tavis. "HR Goes Agile." Harvard Business Review, Mar. 2018.
    Chung, Kai Li, and Norma D'Annunzio-Green. "Talent Management Practices of SMEs in the Hospitality Sector: An Entrepreneurial Owner-Manager Perspective." Worldwide Hospitality and Tourism Themes, vol. 10, no. 4, Jan. 2018.
    Clarkson, Mary. Developing IT Staff: A Practical Approach. Springer Science & Business Media, 2012.
    "CNBC and SurveyMonkey Release Latest Small Business Survey Results." Momentive, 2019. Press Release. Accessed 6 Aug. 2020.
    Cselényi, Noémi. "Why Is It Important for Small Business Owners to Focus on Talent Management?" Jumpstart:HR | HR Outsourcing and Consulting for Small Businesses and Startups, 25 Mar. 2013.
    dsparks. "Top 10 IT Concerns for Small Businesses." Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support, 16 May 2017.
    Duff, Jimi. "Why Small to Mid-Sized Businesses Need a System for Talent Management | Talent Management Blog | Saba Software." Saba, 17 Dec. 2018.
    Employment and Social Development Canada. "Age-Friendly Workplaces: Promoting Older Worker Participation." Government of Canada, 3 Oct. 2016.
    Exploring Workforce Planning. Accenture, 23 May 2017.
    "Five Major IT Challenges Facing Small and Medium-Sized Businesses." Advanced Network Systems. Accessed 25 June 2020.
    Harris, Evan. "IT Problems That Small Businesses Face." InhouseIT, 17 Aug. 2016.
    Heathfield, Susan. "What Every Manager Needs to Know About Succession Planning." Liveabout, 8 June 2020.
    ---. "Why Talent Management Is an Important Business Strategy." Liveabout, 29 Dec. 2019.
    Herbert, Chris. "The Top 5 Challenges Facing IT Departments in Mid-Sized Companies." ExpertIP, 25 June 2012.
    How Smaller Organizations Can Use Talent Management to Accelerate Growth. Avilar. Accessed 25 June 2020.
    Krishnan, TN, and Hugh Scullion. "Talent Management and Dynamic View of Talent in Small and Medium Enterprises." Human Resource Management Review, vol. 27, no. 3, Sept. 2017, pp. 431–41.
    Mann Jackson, Nancy. "Strategic Workforce Planning for Midsized Businesses." ADP, 6 Feb. 2017.
    McCandless, Karen. "A Beginner's Guide to Strategic Talent Management (2020)." The Blueprint, 26 Feb. 2020.
    McFeely, Shane, and Ben Wigert. "This Fixable Problem Costs U.S. Businesses $1 Trillion." Gallup.com, 13 Mar. 2019.
    Mihelič, Katarina Katja. Global Talent Management Best Practices for SMEs. Jan. 2020.
    Mohsin, Maryam. 10 Small Business Statistics You Need to Know in 2020 [May 2020]. 4 May 2020.
    Ramadan, Wael H., and B. Eng. The Influence of Talent Management on Sustainable Competitive Advantage of Small and Medium Sized Establishments. 2012, p. 15.
    Ready, Douglas A., et al. "Building a Game-Changing Talent Strategy." Harvard Business Review, no. January–February 2014, Jan. 2014.
    Reh, John. "Cross-Training Employees Strengthens Engagement and Performance." Liveabout, May 2019.
    Rennie, Michael, et al. McKinsey on Organization: Agility and Organization Design. McKinsey, May 2016.
    Roddy, Seamus. "The State of Small Business Employee Benefits in 2019." Clutch, 18 Apr. 2019.
    SHRM. "Developing Employee Career Paths and Ladders." SHRM, 28 Feb. 2020.
    Strandberg, Coro. Sustainability Talent Management: The New Business Imperative. Strandberg Consulting, Apr. 2015.
    Talent Management for Small & Medium-Size Businesses. Success Factors. Accessed 25 June 2020.
    "Top 10 IT Challenges Facing Small Business in 2019." Your IT Department, 8 Jan. 2019.
    "Why You Need Workforce Planning." Workforce.com, 24 Oct. 2022.

    2021 CIO Priorities Report

    • Buy Link or Shortcode: {j2store}83|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • It is a new year, but the challenges of 2020 remain: COVID-19 infection rates continue to climb, governments continue to enforce lockdown measures, we continue to find ourselves in the worst economic crisis since the Great Depression, and civil unrest grows in many democratic societies.
    • At the start of 2020, no business leader predicted the disruption that was to come. This left IT in a reactive but critical role as the health crisis hit. It was core to delivering the organization’s products and services, as it drove the radical shift to work-from-home.
    • For the year ahead, IT will continue to serve a critical function in uncertain times. However, unlike last year, CIOs can better prepare for 2021. That said, in the face of the uncertainty and volatility of the year ahead, what they need to prepare for is still largely undefined.
    • But despite the lack of confidence on knowing specifically what is to come, most business leaders will admit they need to get ready for it. This year’s priority report will help.

    Our Advice

    Critical Insight

    • “Resilience” is the theme for this year’s CIO Priorities Report. In this context, resilience is about building up the capacity and the capabilities to effectively respond to emergent and unforeseen needs.
    • Early in 2021 is a good time to develop resilience in several different areas. As we explore in this year’s Report, CIOs can best facilitate enterprise resilience through strategic financial planning, proactive risk management, effective organizational change management and capacity planning, as well as through remaining tuned into emergent technologies to capitalize on innovations to help weather the uncertainty of the year ahead.

    Impact and Result

    • Use Info-Tech’s 2021 CIO Priorities Report to prepare for the uncertainty of the year ahead. Across our five priorities we provide five avenues through which CIOs can demonstrate resilient planning, enabling the organization as a whole to better confront what’s coming in 2021.
    • Each of our priorities is backed up by a “call to action” that will help CIOs start to immediately implement the right drivers of resilience for their organization.
    • By building up resilience across our five key areas, CIOs will not only be able to better prepare for the year to come, but also strengthen business relations and staff morale in difficult times.

    2021 CIO Priorities Report Research & Tools

    Read the 2021 CIO Priorities Report

    Use Info-Tech’s 2021 CIO Priorities Report to prepare for the uncertainty of the year ahead. Across our five priorities we provide five avenues through which CIOs can demonstrate resilient planning, enabling the organization as a whole to better confront what’s coming in 2021.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an appropriate budget reserve

    Identifying and planning sources of financial contingency will help ensure CIOs can meet unforeseen and emergent operational and business needs throughout the year.

    • 2021 CIO Priorities Report: Priority 1 – Create an Appropriate Budget Reserve

    2. Refocus IT risk planning

    The start of 2021 is a time to refocus and redouble IT risk management and business continuity planning to bring it up to the standards of our “new normal.” Indeed, if last year taught us anything, it’s that no “black swan” should be off the table in terms of scenarios or possibilities for business disruption.

    • 2021 CIO Priorities Report: Priority 2 – Refocus IT Risk Planning

    3. Strengthen organizational change management capabilities

    At its heart, resilience is having the capacity to deal with unexpected change. Organizational change management can help build up this capacity, providing the ability to strategically plot known changes while leaving some capacity to absorb the unknowns as they present themselves.

    • 2021 CIO Priorities Report: Priority 3 – Strengthen Organizational Change Management Capabilities

    4. Establish capacity awareness

    Capacity awareness facilitates resilience by providing capital in the form of resource data. With this data, CIOs can make better decisions on what can be approved and when it can be scheduled for.

    • 2021 CIO Priorities Report: Priority 4 – Establish Capacity Awareness

    5. Keep emerging technologies in view

    Having an up-to-date view of emerging technologies will enable the resilient CIO to capitalize on and deploy leading-edge innovations as the business requires.

    • 2021 CIO Priorities Report: Priority 5 – Keep Emerging Technologies in View
    [infographic]

    Capture and Market the ROI of Your VMO

    • Buy Link or Shortcode: {j2store}212|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $108,234 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • All IT organizations are dependent on their vendors for technology products, services, and solutions to support critical business functions.
    • Measuring the impact of and establishing goals for the vendor management office (VMO) to maximize its effectiveness requires an objective and quantitative approach whenever possible.
    • Sharing the VMO’s impact internally is a balancing act between demonstrating value and self-promotion.

    Our Advice

    Critical Insight

    • The return on investment (ROI) calculation for your VMO must be customized. The ROI components selected must match your VMO ROI maturity, resources, and roadmap. There is no one-size-fits-all approach to calculating VMO ROI.
    • ROI contributions come from many areas and sources. To maximize the VMO’s ROI, look outside the traditional framework of savings and cost avoidance to vendor-facing interactions and the impact the VMO has on internal departments.

    Impact and Result

    • Quantifying the contributions of the VMO takes the guess work out of whether the VMO is performing adequately.
    • Taking a comprehensive approach to measuring the value created by the VMO and the ROI associated with it will help the organization appreciate the importance of the VMO.
    • Establishing goals for the VMO with the help of the executives and key stakeholders ensures that the VMO is supporting the needs of the entire organization.

    Capture and Market the ROI of Your VMO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should calculate and market internally your VMO’s ROI, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get organized

    Begin the process by identifying your VMO’s ROI maturity level and which calculation components are most appropriate for your situation.

    • Capture and Market the ROI of the VMO – Phase 1: Get Organized
    • VMO ROI Maturity Assessment Tool
    • VMO ROI Calculator and Tracker
    • VMO ROI Data Source Inventory and Evaluation Tool
    • VMO ROI Summary Template

    2. Establish baseline

    Set measurement baselines and goals for the next measurement cycle.

    • Capture and Market the ROI of the VMO – Phase 2: Establish Baseline
    • VMO ROI Baseline and Goals Tool

    3. Measure and monitor results

    Measure the VMO's ROI and value created by the VMO’s efforts and the overall internal satisfaction with the VMO.

    • Capture and Market the ROI of the VMO – Phase 3: Measure and Monitor Results
    • RFP Cost Estimator
    • Improvements in Working Capital Estimator
    • Risk Estimator
    • General Process Cost Estimator and Delta Estimator
    • VMO Internal Client Satisfaction Survey
    • Vendor Security Questionnaire
    • Value Creation Worksheet
    • Deal Summary Report Template

    4. Report results

    Report the results to key stakeholders and executives in a way that demonstrates the value added by the VMO to the entire organization.

    • Capture and Market the ROI of the VMO – Phase 4: Report Results
    • Internal Business Review Agenda Template
    • IT Spend Analytics
    • VMO ROI Reporting Worksheet
    • VMO ROI Stakeholder Report Template
    [infographic]

    Workshop: Capture and Market the ROI of Your VMO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Get Organized

    The Purpose

    Determine how you will measure the VMO’s ROI.

    Key Benefits Achieved

    Focus your measurement on the appropriate activities.

    Activities

    1.1 Determine your VMO’s maturity level and identify applicable ROI measurement categories.

    1.2 Review and select the appropriate ROI formula components for each applicable measurement category.

    1.3 Compile a list of potential data sources, evaluate the viability of each data source selected, and assign data collection and analysis responsibilities.

    1.4 Communicate progress and proposed ROI formula components to executives and key stakeholders for feedback and/or approval/alignment.

    Outputs

    VMO ROI maturity level and first step of customizing the ROI formula components.

    Second and final step of customizing the ROI formula components…what will actually be measured.

    Viable data sources and assignments for team members.

    A progress report for key stakeholders and executives.

    2 Establish Baseline

    The Purpose

    Set baselines to measure created value against.

    Key Benefits Achieved

    ROI contributions cannot be objectively measured without baselines.

    Activities

    2.1 Gather baseline data.

    2.2 Calculate/set baselines.

    2.3 Set SMART goals.

    2.4 Communicate progress and proposed ROI formula components to executives and key stakeholders for feedback and/or approval/alignment.

    Outputs

    Data to use for calculating baselines.

    Baselines for measuring ROI contributions.

    Value creation goals for the next measurement cycle.

    An updated progress report for key stakeholders and executives.

    3 Measure and Monitor Results

    The Purpose

    Calculate the VMO’s ROI.

    Key Benefits Achieved

    An understanding of whether the VMO is paying for itself.

    Activities

    3.1 Assemble the data and calculate the VMO’s ROI.

    3.2 Organize the data for the reporting step.

    Outputs

    The VMO’s ROI expressed in terms of how many times it pays for itself (e.g. 1X, 3X, 5X).

    Determine which supporting data will be reported.

    4 Report Results

    The Purpose

    Report results to stakeholders.

    Key Benefits Achieved

    Stakeholders understand the value of the VMO.

    Activities

    4.1 Create a reporting template.

    4.2 Determine reporting frequency.

    4.3 Decide how the reports will be distributed or presented.

    4.4 Send out a draft report and update based on feedback.

    Outputs

    A template for reporting ROI and supporting data.

    A decision about quarterly or annual reports.

    A decision regarding email, video, and in-person presentation of the ROI reports.

    Final ROI reports.

    Enable Organization-Wide Collaboration by Scaling Agile

    • Buy Link or Shortcode: {j2store}174|cart{/j2store}
    • member rating overall impact: 8.3/10 Overall Impact
    • member rating average dollars saved: $12,989 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Your organization is realizing benefits from adopting Agile principles and practices in pockets of your organization.
    • You are starting to investigate opportunities to extend Agile beyond these pilot implementations into other areas of the organization. You are looking for a coordinated approach aligned to business priorities.

    Our Advice

    Critical Insight

    • Not all lessons from a pilot project are transferable. Pilot processes are tailored to a specific project’s scope, team, and tools, and they may not account for the diverse attributes in your organization.
    • Control may be necessary for coordination. More moving parts means enforcing consistent cadences, reporting, and communication is a must if teams are not disciplined or lack good governance.
    • Scale Agile in departments tolerable to change. Incrementally roll Agile out in departments where its principles are accepted (e.g. a culture of continuous improvement, embracing failures as lessons).

    Impact and Result

    • Complete an Agile capability assessment of your pilot functional group to gauge anticipated Agile benefits. Identify the business objectives and the group drivers that are motivating a scaled Agile implementation.
    • Understand the challenges that you may face when scaling Agile. Investigate the root causes of inefficiencies that can derail your scaling initiatives.
    • Brainstorm solutions to your scaling challenges and envision a target state for your growing Agile environment. Your target state will discover new opportunities to drive more business value and eliminate current activities driving down productivity.
    • Coordinate the implementation and execution of scaling Agile initiatives with a Scaling Agile Playbook. This organic and collaborative document will lay out the process, roles, goals, and objectives needed to successfully manage your Agile environment.

    Enable Organization-Wide Collaboration by Scaling Agile Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should scale up Agile, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gauge readiness to scale up Agile

    Evaluate the readiness of the pilot functional group and Agile development processes to adopt scaled Agile practices.

    • Enable Organization-Wide Collaboration by Scaling Agile – Phase 1: Gauge Readiness to Scale Up Agile
    • Scaling Agile Playbook Template
    • Scrum Development Process Template

    2. Define scaled Agile target state

    Alleviate scaling issues and risks and introduce new opportunities to enhance business value delivery with Agile practices.

    • Enable Organization-Wide Collaboration by Scaling Agile – Phase 2: Define Scaled Agile Target State

    3. Create implementation plan

    Roll out scaling Agile initiatives in a gradual, iterative approach and define the right metrics to demonstrate success.

    • Enable Organization-Wide Collaboration by Scaling Agile – Phase 3: Create Implementation Plan
    [infographic]

    Workshop: Enable Organization-Wide Collaboration by Scaling Agile

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Gauge Your Readiness to Scale Up Agile

    The Purpose

    Identify the business objectives and functional group drivers for adopting Agile practices to gauge the fit of scaling Agile.

    Select the pilot project to demonstrate the value of scaling Agile.

    Review and evaluate your current Agile development process and functional group structure.

    Key Benefits Achieved

    Understanding of the notable business and functional group gaps that can derail the scaling of Agile.

    Selection of a pilot program that will be used to gather metrics to continuously improve implementation and obtain buy-in for wider rollout.

    Realization of the root causes behind functional group and process issues in the current Agile implementation.

    Activities

    1.1 Assess your pilot functional group

    Outputs

    Fit assessment of functional group to pilot Agile scaling

    Selection of pilot program

    List of critical success factors

    2 Define Your Scaled Agile Target State

    The Purpose

    Think of solutions to address the root causes of current communication and process issues that can derail scaling initiatives.

    Brainstorm opportunities to enhance the delivery of business value to customers.

    Generate a target state for your scaled Agile implementation.

    Key Benefits Achieved

    Defined Agile capabilities and services of your functional group.

    Optimized functional group team structure, development process, and program framework to support scaled Agile in your context.

    Identification and accommodation of the risks associated with implementing and executing Agile capabilities.

    Activities

    2.1 Define Agile capabilities at scale

    2.2 Build your scaled Agile target state

    Outputs

    Solutions to scaling issues and opportunities to deliver more business value

    Agile capability map

    Functional group team structure, Agile development process and program framework optimized to support scaled Agile

    Risk assessment of scaling Agile initiatives

    3 Create Your Implementation Plan

    The Purpose

    List metrics to gauge the success of your scaling Agile implementation.

    Define the initiatives to scale Agile in your organization and to prepare for a wider rollout.

    Key Benefits Achieved

    Strategic selection of the right metrics to demonstrate the value of scaling Agile initiatives.

    Scaling Agile implementation roadmap based on current resource capacities, task complexities, and business priorities.

    Activities

    3.1 Create your implementation plan

    Outputs

    List of metrics to gauge scaling Agile success

    Scaling Agile implementation roadmap

    Security Strategy

    • Buy Link or Shortcode: {j2store}42|cart{/j2store}
    • Related Products: {j2store}42|crosssells{/j2store}
    • member rating overall impact: 9.4/10
    • member rating average dollars saved: $33,431
    • member rating average days saved: 29
    • Parent Category Name: Security and Risk
    • Parent Category Link: /security-and-risk
    • byline: Embed security thinking through aligning your security strategy to business goals and values.

    The challenge

    You may be experiencing one or more of the following:

    • You may not have sufficient security resources to handle all the challenges.
    • Security threats are prevalent. Yet many businesses struggle to embed systemic security thinking into their culture.
    • The need to move towards strategic planning of your security landscape is evident. How to get there is another matter.

    Our advice

    Insight

    To have a successful information security strategy, take these three factors into account:

    • Holistic: your view must include people, processes, and technology.
    • Risk awareness: Base your strategy on the actual risk profile of your company. And then add the appropriate best practices.
    • Business-aligned: When your strategic security plan demonstrates alignment with the business goals and supports it, embedding will go much more straightforward.

    Impact and results 

    • We have developed a highly effective approach to creating your security strategy. We tested and refined this for more than seven years with hundreds of different organizations.
    • We ensure alignment with business objectives.
    • We assess organizational risk and stakeholder expectations.
    • We enable a comprehensive current state assessment.
    • And we prioritize initiatives and build out a right-sized security roadmap.

     

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get up to speed

    Read up on why you should build your customized information security strategy. Review our methodology and understand the four ways we can support you.

    Assess the security requirements

    It all starts with risk appetite, yes, but security is something you want to get right. Determine your organizations' security pressures and business goals, and then determine your security program's goals.

    • Build an Information Security Strategy – Phase 1: Assess Requirements
    • Information Security Requirements Gathering Tool (xls)
    • Information Security Pressure Analysis Tool (xls)

    Build your gap initiative

    Our best-of-breed security framework makes you perform a gap analysis between where you are and where you want to be (your target state). Once you know that, you can define your goals and duties.

    • Build an Information Security Strategy – Phase 2: Assess Gaps
    • Information Security Program Gap Analysis Tool (xls)

    Plan the implementation of your security strategy 

    With your design at this level, it is time to plan your roadmap.

    • Build an Information Security Strategy – Phase 3: Build the Roadmap

    Let it run and continuously improve. 

    Learn to use our methodology to manage security initiatives as you go. Identify the resources you need to execute the evolving strategy successfully.

    • Build an Information Security Strategy – Phase 4: Execute and Maintain
    • Information Security Strategy Communication Deck (ppt)
    • Information Security Charter (doc)

     

    Implement Your Negotiation Strategy More Effectively

    • Buy Link or Shortcode: {j2store}225|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Forty-eight percent of CIOs believe their budgets are inadequate.
    • CIOs and IT departments are getting more involved with negotiations to reduce costs and risk.
    • Not all negotiators are created equal, and the gap between a skilled negotiator and an average negotiator is not always easy to identify objectively.
    • Skilled negotiators are in short supply.

    Our Advice

    Critical Insight

    • Preparation is critical for the success of your negotiation, but you cannot prepare for every eventuality.
    • Communication is the heart and soul of negotiations, but what is being “said” is only part of the picture.
    • Skilled negotiators separate themselves based on skillsets, and outcomes alone may not provide an accurate assessment of a negotiator.

    Impact and Result

    Addressing and managing critical negotiation elements helps:

    • Improve negotiation skills.
    • Implement your negotiation strategy more effectively.
    • Improve negotiation results.

    Implement Your Negotiation Strategy More Effectively Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create and follow a scalable process for preparing to negotiate with vendors, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. During

    Throughout this phase, ten essential negotiation elements are identified and reviewed.

    • Implement Your Negotiation Strategy More Effectively – Phase 1: During
    • During Negotiations Tool
    [infographic]

    Workshop: Implement Your Negotiation Strategy More Effectively

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 12 Steps to Better Negotiation Preparation

    The Purpose

    Improve negotiation skills and outcomes.

    Understand how to use the Info-Tech During Negotiations Tool.

    Key Benefits Achieved

    A better understanding of the subtleties of the negotiation process and an identification of where the negotiation strategy can go awry.

    The During Negotiation Tool will be reviewed and configured for the customer’s environment (as applicable).

    Activities

    1.1 Manage six key items during the negotiation process.

    1.2 Set the right tone and environment for the negotiation.

    1.3 Focus on improving three categories of intangibles.

    1.4 Improve communication skills to improve negotiation skills.

    1.5 Customize your negotiation approach to interact with different personality traits and styles.

    1.6 Maximize the value of your discussions by focusing on seven components.

    1.7 Understand the value of impasses and deadlocks and how to work through them.

    1.8 Use concessions as part of your negotiation strategy.

    1.9 Identify and defeat common vendor negotiation ploys.

    1.10 Review progress and determine next steps.

    Outputs

    Sample negotiation ground rules

    Sample vendor negotiation ploys

    Sample discussion questions and evaluation matrix

    Right-Size the Service Desk for Small Enterprise

    • Buy Link or Shortcode: {j2store}487|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk

    The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.

    Determining the right level of documentation to provide backup and getting the right level of data for good reporting may seem like a waste of time when the team is small, but this is key to knowing when to invest in more people, upgraded technology, and whether your efforts to improve service are successful.

    Our Advice

    Critical Insight

    It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer centric service desk and a change to the way the technicians think about providing support.

    • Make the best use of the team. Clearly define roles and responsibilities and monitor those wearing multiple hats to make sure they don’t burn out.
    • Build cross training and documentation into your culture to preserve service levels while giving team members time off to recharge.
    • Don’t discount the benefit of good tools. As volume increases, so does the likelihood of issues and requests getting missed. Look for tools that will help to keep a customer focus.

    Impact and Result

    • Improved workload distribution for technicians and enable prioritization based on work type, urgency, and impact.
    • Improved communications methods and messaging will help the technicians to set expectations appropriately and reduce friction between each other and their supported end users.
    • Best practices and use of industry standard tools will reduce administrative overhead while improving workload management.

    Right-Size the Service Desk for Small Enterprise Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Right-Size the Service Desk for Small Enterprise Storyboard – A step-by-step guide to help you identify and prioritize initiatives to become more customer centric.

    This blueprint provides a framework to quickly identify a plan for service desk improvements. It also provides references to build out additional skills and functionality as a continual improvement initiative.

    • Right-Size the Service Desk for Small Enterprise Storyboard

    2. Maturity Assessment – An assessment to determine baseline maturity.

    The maturity assessment will provide a baseline and identify areas of focus based on level of current and target maturity.

    • IT Service Desk Maturity Assessment for Small Enterprise

    3. Standard Operating Procedure – A template to build out a clear, concise SOP right-sized for a small enterprise.

    The SOP provides an excellent guide to quickly inform new team members or contractors of your support approach.

    • Incident Management and Service Desk SOP for Small Enterprise

    4. Categorization Scheme – A template to build out an effective categorization scheme.

    The categorization scheme template provides examples of asset-based categories, resolution codes and status.

    • Service Desk Asset-Based Categories Template

    5. Improvement Plan – A template to present the improvement plan to stakeholders.

    This template provides a starting point for building your communications on planned improvements.

    • Service Desk Improvement Initiative
    [infographic]

    Further reading

    Right-Size the Service Desk for Small Enterprise

    Turn your help desk into a customer-centric service desk.

    Analyst Perspective

    Small enterprises have many of the same issues as large ones, but with far fewer resources. Focus on the most important aspects to improve customer service.

    The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.

    Evaluate documentation to ensure there is always redundancy built in to cover absences. Determining coverage will be an important factor, especially if vendors will be brought into the organization to assist during shortages. They will not have the same level of knowledge as teammates and may have different requirements for documentation.

    It is important to be customer centric, thinking about how services are delivered and communicated with a focus on providing self-serve at the appropriate level for your users and determining what information the business needs for expectation-setting and service level agreements, as well as communications on incidents and changes.

    And finally, don’t discount the value of good reporting. There are many reasons to document issues besides just knowing the volume of workload and may become more important as the organization evolves or grows. Stakeholder reporting, regulatory reporting, trend spotting, and staff increases are all good reasons to ensure minimum documentation standards are defined and in use.

    Photo of Sandi Conrad, Principal Research Director, Info-Tech Research Group. Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Table of Contents

    Title Page Title Page
    Blueprint benefits 6 Incident management 25
    Start / Stop / Continue exercise 10 Prioritization scheme 27
    Complete a maturity assessment 11 Define SLAs 29
    Select an ITSM tool 13 Communications 30
    Define roles & responsibilities 15 Reporting 32
    Queue management 17 What can you do to improve? 33
    Ticket handling best practices 18 Staffing 34
    Customer satisfaction surveys 19 Knowledge base & self-serve 35
    Categorization 20 Customer service 36
    Separate ticket types 22 Ticket analysis 37
    Service requests 23 Problem management 38
    Roadmap 39

    Insight summary

    Help desk to service desk

    It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer-centric service desk and a change to the way the technicians think about providing support.

    Make the best use of the team

    • Clearly define primary roles and responsibilities, and identify when and where escalations should occur.
    • Divide the work in a way that makes the most sense based on intake patterns and categories of incidents or service requests.
    • Recognize who is wearing multiple hats, and monitor to make sure they don’t burn out or struggle to keep up.
    • Determine the most appropriate areas to outsource based on work type and skills required.

    Build cross-training into your culture

    • Primary role holders need time off and need to know the day-to-day work won’t be waiting for them when they come back.
    • The knowledge base is your first line of defense to make sure incidents don’t have to wait for resolution and to avoid having technicians remote in on their day off.
    • When volumes spike for incidents and service requests, everyone needs to be prepared to pitch in. Train the team to recognize and step up to the call to action.

    Don’t discount the benefit of good tools

    • When volume increases, so does the likelihood of missing issues and requests.
    • Designate a single solution to manage the workload, so there is one place to go for work orders, incident reporting, asset data, and more.
    • Set up self-serve for users so they have access to how-to articles and can check the status of tickets themselves.
    • Create a service catalog to make it easy for them to request the most frequent items easily.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Standard Operating Procedures

    Sample of the Standard Operating Procedures deliverable.

    Maturity Assessment

    Sample of the Maturity Assessment deliverable.

    Categorization scheme

    Sample of the Categorization scheme deliverable.

    Improvement Initiative

    Sample of the Improvement Initiative deliverable.
    Create a standard operating procedure to ensure the support team has a consistent understanding of how they need to engage with the business.

    Blueprint benefits

    IT benefits

    • Improve workload distribution for technicians and enable prioritization based on work type, urgency, and impact.
    • Improved communications methods and messaging will help the technicians set expectations appropriately and reduce friction between each other and their supported end users.
    • Best practices and use of industry-standard tools will reduce administrative overhead while improving workload management.

    Business benefits

    • IT taking a customer-centric approach will improve access to support and reduce interruptions to the way they do business.
    • Expectation setting and improved communications will allow the business to better plan their work around new requests and will have a better understanding of service level agreements.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of three to four months.

    The current state discussion will determine the path.

    What does a typical GI on this topic look like?

    Current State & Vision

    Best Practices

    Service Requests & Incidents

    Communications

    Next Steps & Roadmap
    Call #1: Discuss current state & create a vision

    Call #2: Document roles & responsibilities

    		 Call #3:Review and define best practices for ticket handling Call #4: Review categorization

    Call #5: Discuss service requests & self-serve

    Call #6: Assess incident management processes    		 Call #7: Assess and document reporting and metrics

    Call #8: Discuss communications methods

    		 Call #9: Review next steps

    Call #10: Build roadmap for updates
    For a workshop on this topic, see the blueprint Standardize the Service Desk

    Executive Brief Case Study

    Southwest CARE Center    		 Logo for Southwest Care.
    INDUSTRY
    Healthcare

    Service Desk Project

    After relying on a managed service provider (MSP) for a number of years, the business hired Kevin to repatriate IT. As part of that mandate, his first strategic initiative was to build a service desk. SCC engaged Info-Tech Research Group to select and build a structure; assign roles and responsibilities; implement incident management, request fulfilment, and knowledge management processes; and integrate a recently purchased ITSM tool.

    Over the course of a four-day onsite engagement, SCC’s IT team worked with two Info-Tech analysts to create and document workflows, establish ticket handling guidelines, and review their technological requirements.

    Results

    The team developed a service desk standard operating procedure and an implementation roadmap with clear service level agreements.

    		 Southwest CARE Center (SCC) is a leading specialty healthcare provider in New Mexico. They offer a variety of high-quality services with a focus on compassionate, patient-centered healthcare.

    “Info-Tech helped me to successfully rebrand from an MSP help desk to an IT service desk. Sandi and Michel provided me with a customized service desk framework and SOP that quickly built trust within the organization. By not having to tweak and recalibrate my service desk processes through trial and error, I was able to save a year’s worth of work, resulting in cost savings of $30,000 to $40,000.” (Kevin Vigil, Director of Information Technology, Southwest CARE Center)

    The service desk is the cornerstone for customer satisfaction

    Bar charts comparing 'Dissatisfied' vs 'Satisfied End Users' in both 'Service Desk Effectiveness' and 'Timeliness'.
    N=63, small enterprise organizations from the End-User Satisfaction Diagnostic, at December 2021
    Dissatisfied was classified as those organizations with an average score less than 7.
    Satisfied was classified as those organizations with an average score greater or equal to 8.
    • End users who were satisfied with service desk effectiveness rated all other IT processes 36% higher than dissatisfied end users.
    • End users who were satisfied with service desk timeliness rated all other IT processes 34% higher than dissatisfied end-users.

    Improve the service desk with a Start, Stop, Continue assessment

    Use this exercise as an opportunity to discuss what’s working and what isn’t with your current help desk. Use this to define your goals for the improvement project, with a plan to return to the results and rerun the exercise on a regular basis.

    STOP
    • What service desk processes are counterproductive?
    • What service blockers exist that consistently undermine good results?
    • Are end-user relationships with individual team members negatively impacting satisfaction?
    • Make notes on initial ideas for improvement.

    START
    • What service process improvements could be implemented immediately?
    • What technical qualifications do individual staff members need to improve?
    • What opportunities exist to improve service desk communications with end users?
    • How can escalation and triage be more efficient?

    CONTINUE
    • What aspects of your current service desk are positive?
    • What processes are efficient and can be emulated elsewhere?
    • Where can you identify high levels of end-user satisfaction?

    Complete a maturity assessment to create a baseline and areas of focus

    The Service Desk Maturity Assessment tool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

    The tool will help guide improvement efforts and measure your progress.

    • The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
    • The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
    • Document the results of the efficiency assessment in the Service Desk Improvement Initiative.
    • The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.
    		 Sample of the Service Desk Maturity Assessment.

    Define your vision for the support structure

    Use this vision for communicating with the business and your IT team

    Consider service improvements and how those changes can be perceived by the organization. For example, offering multiple platforms, such as adding Macs to end-user devices, could translate to “Providing the right IT solutions for the way our employees want to work.”

    To support new platforms, you might need to look at the following steps to get there:
    • Evaluate skills needed – can you upskill generalists quickly, or will specialists be required? Determine training needs for support staff on new platforms.
    • Estimate uptake of the new platform and adjusting budgets – will these mostly be role-based decisions?
    • Determine what applications will work on the new platform and which will have a parity offering, which will require a solution like Parallels or VirtualBox, and which might need substitute applications.
    • What utilities will be needed to secure your solutions such as for encryption, antivirus, and firewalls?
    • What changes in the way you deploy and patch machines?
    • What level of support do you need to provide – just platform, or applications as well? What self-serve training can be made available?
    If you need to change the way you deploy equipment, you may want to review the blueprint Simplify Remote Deployment With Zero-Touch Provisioning

    Info-Tech Insight

    Identify some high-level opportunities and plan out how these changes will impact the way you provide support today. Document steps you’ll need to follow to make it happen. This may include new offerings and product sourcing, training, and research.

    Facilitate service desk operations with an ITSM tool

    You don’t need to spend a fortune. Many solutions are free or low-cost for a small number of users, and you don’t necessarily have to give up functionality to save money.

    Encourage users to submit requests through email or self-serve to keep organized. Ensure that reporting will provide you with the basics without effort, but ensure report creation is easy enough if you need to add more.

    Consider tools that do more than just store tickets. ITSM tools for small enterprises can also assist with:
    • Equipment and software license management
    • Self-serve for password reset and improving the experience for end users to submit tickets
    • Software deployment
    • Onboarding and offboarding workflows
    • Integration with monitoring tools
    Info-Tech Insight Buying rather than building allows you the greatest flexibility and can provide enterprise-level functionality at small-enterprise pricing. Use Info-Tech’s IT Service Management Selection Guide to create a business case and list of requirements for your ITSM purchase.
    Logo for Spiceworks.
    Logo for ZenDesk. Logo for SysAid.
    Logo for ManageEngine.
    Logo for Vector Networks.
    Logo for Freshworks.
    Logo for Squadcast.
    Logo for Jira Software.
    Logos contain links

    ITSM implementations are the perfect time to fix processes

    Consider engaging a partner for the installation and setup as they will have the expertise to troubleshoot and get you to value quickly.

    Even with a partner, don’t rely on them to set up categories, prioritizations, and workflows. If you have unique requirements, you will need to bring your design work to the table to avoid getting a “standard install” that will need to be modified later.

    When we look at what makes a strong and happy product launch, it boils down to a few key elements:
    • Improving customer service, or at least avoiding a decline
    • Improving access to information for technical team and end users
    • Successfully taking advantage of workflows, templates, and other features designed to improve the technician and user experience
    • Using existing processes with the new tools, without having to completely reengineer how things are done
    For a complete installation guide, visit the blueprint Build an ITSM Implementation Plan    		 To prepare for a quick time to value in setting up the new ITSM tool, prioritize in this order:
    1. Categorization and status codes
    2. Prioritization
    3. Divide tickets into incidents and service requests
    4. Create workflows for onboarding and offboarding (automate where you can)
    5. Track escalations to vendors
    6. Reporting
    7. Self-serve
    8. Equipment inventory (leading to hardware asset management)

    Define roles looking to balance between customer service and getting things done

    The team will need to provide backfill for each other with high volume, vacations, and leave, but also need to proactively manage interruptions appropriately as they work on projects.
    Icon of a bullseye. First contact – customer service, general knowledge
    Answers phones, chats, responds to email, troubleshooting, creates knowledge articles for end users.
    Icon of a pie chart. Analyst – experienced troubleshooter, general knowledge
    Answers phone when FC isn’t available, responds to email, troubleshooting, creates knowledge articles for first contact, escalates to other technicians or vendors.
    Icon of a lightbulb. Analyst – experienced troubleshooter, specialist
    Answers phones only when necessary, troubleshooting, creates knowledge articles for anyone in IT, consults with peers, escalates to vendors.
    Icon of gear on a folder. Engineer – deep expertise, specialist
    Answers phones only when necessary, troubleshooting, creates knowledge articles for anyone in IT, consults with peers, escalates to vendors.
    Icon of a handshake. Vendor, Managed Service Providers
    Escalation point per contract terms, must meet SLAs, communicate regularly with analysts and management as appropriate. Who escalates and who manages them?
    		Row of colorful people.

    Note roles in the Incident Management and Service Desk – Standard Operating Procedure Template

    Keep customers happy and technicians calm by properly managing your queue

    If ticket volume is too high or too dispersed to effectively have teams self-select tickets, assign a queue manager to review tickets throughout the day to ensure they’re assigned and on the technician’s schedule. This is particularly important for technicians who don’t regularly work out of the ticketing system. Follow up on approaching or missed SLAs.

    • Separate incidents (break fix) and service requests: Prioritize incidents over service requests to focus on getting users doing business as soon as possible. Schedule service requests for slower times or assign to technicians who are not working the front lines.
    • First in/first out…mostly: We typically look to prioritize incidents over service requests and only prioritize incidents if there are multiple people or VIPs affected. Where everything is equal, deal with the oldest first. Pause occasionally to deal with quick wins such as password resets.
    • Update ticket status and notes: Knowing what tickets are in progress and which ones are waiting on information or parts is important for anyone looking to pick up the next ticket. Make sure everyone is aware of the benefits of keeping this information up to date, so technicians know what to work on next without duplicating each other’s work.
    • Implement solutions quickly by using knowledge articles: Continue to build out the knowledge base to be able to resolve end-user issues quickly, check to see if additional information is needed before escalating tickets to other technicians.
    • Encourage end users to create tickets through the portal: Issues called in are automatically moved to the front of the queue, regardless of urgency. Make it easy for users to report issues using the portal and save the phone for urgent issues to allow appropriate prioritization of tickets.
    • Create a process to add additional resources on a regular basis to keep control of the backlog: A few extra hours once a week may be enough if the team is focused without interruptions.
    • Determine what backlog is acceptable to your users: Set that as a maximum time to resolve. Ideally, set up automated escalations for tickets that are approaching target SLAs, and build flexibility into schedules to have an “all hands on deck” option if the volume gets too high.

    Info-Tech Insight

    Make sure your queue manager has an accurate escalation list and has the authority to assign tickets and engage with the technical team to manage SLAs; otherwise, SLAs will never be consistently managed.

    Best practices for ticket handling

    Accurate data leads to good decisions. If working toward adding staff members, reducing recurring incidents, gaining access to better tools, or demonstrating value to the business, tickets will enable reporting and dashboards to manage your day-to-day business and provide reports to stakeholders.
    • Provide an easy way for end users to electronically submit tickets and encourage them to do so. This doesn’t mean you shouldn’t still accept phone calls, but that should be encouraged for time sensitive issues.
    • Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
    • Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along to the next technician.
    • Update user of ETA if issue cannot be resolved quickly.
    • Update categories to reflect the actual issue and resolution.
    • Reference or link to the knowledge base article as the documented steps taken to resolve the incident.
    • Validate incident is resolved with client. Automate this process with ticket closure after a certain time.
    • Close or resolve the ticket on time.
    		 Ticket templates (or quick tickets) for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
    Sample ticket template.

    Create a right-sized self-service portal

    Review tickets and talk to the team to find out the most frequent requests and the most frequent incidents that could be solved by the end user if there were clear instructions. Check with your user community to see what they would like to see in the portal.

    A portal is only as attractive as it is useful. Enabling ticket creation and review is the bare minimum and may not entice users to the portal if email is just as easy to use for ticket creation.

    Consider opening the portal to groups other than IT. HR, finance, and others may have information they want to share or forms to fill in or download where an employee portal rather than an IT portal could be helpful. Work with other departments to see if they would find value. Make sure your solution is easy to use when adding content. Low-code options are useful for this.

    Portals could be built in the ITSM solution or SharePoint/Teams and should include:

    • Easy ways to create and see status on all tickets
    • Manuals, how-to articles, links to training
    • Answers to common questions, could be a wiki or Q&A for users to help each other as well as IT
    • Could have a chatbot to help people find documents or to create a ticket

    Info-Tech Insight

    Consider using video capture software to create short how-to videos for common questions. Vendors such as TechSmith Snagit , Vimeo Screen Recorder, Screencast-O-Matic Video Recording, and Movavi Screen Recording may be quick and easy to learn.

    49%

    49% of employees have trouble finding information at work

    35%

    Employees can cut time spent looking for information by 35% with quality intranet

    (Source: Liferay)

    Use customer satisfaction surveys to monitor service levels

    Transactional surveys are tied to specific interactions and provide a means of communication to help users communicate satisfaction or dissatisfaction with single interactions.
    • Keep it simple: One question to rate the service with opportunity to add a comment is enough to understand the sentiment and potential issues, and it will be more likely that the user will fill it out.
    • Follow up: Feedback will only be provided if customers think it’s being read and actioned. Set an alert to receive notification of any negative feedback and follow up within one or two business days to show you’re listening.

    A simple customer feedback form with smiley face scale.

    		 Relationship surveys can be run annually to obtain feedback on the overall customer experience.

    Inform yourself of how well you are doing or where you need improvement in the broad services provided.

    Provide a high-level perspective on the relationship between the business and IT.

    Help with strategic improvement decisions.

    Should be sent over a duration of time and to the entire customer base after they’ve had time to experience all the services provided by the service desk. This can be done on an annual basis.

    For example: Info-Tech’s End User Satisfaction Diagnostic. Included in your membership.

    Keep categorizations simple

    Asset categorization provides reports that are straightforward and useful for IT and that are typically used where the business isn’t demanding complex reports.

    Too many options can cause confusion; too few options provide little value. Try to avoid using “miscellaneous” – it’s not useful information. Test your tickets against your new scheme to make sure it works for you. Effective classification schemes are concise, easy to use correctly, and easy to maintain.

    Build out the categories with these questions:
    • What kind of asset am I working on? (type)
    • What general asset group am I working on? (category)
    • What particular asset am I working on? (sub-category)

    Create resolution codes to further modify the data for deeper reporting. This is typically a separate field, as you could use the same code for many categories. Keep it simple, but make sure it’s descriptive enough to understand the type of work happening in IT.

    Create and define simple status fields to quickly review tickets and know what needs to be actioned. Don’t stop the clock for any status changes unless you’re waiting on users. The elapsed time is important to measure from a customer satisfaction perspective.

    Info-Tech Insight

    Think about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value.

    		Example table of categorizations.


    Need to make quick progress? Use Info-Tech Research Group’s Service Desk Asset-Based Categories template.

    1.1 Build or review your categories

    1-3 hours

    Input: Existing tickets

    Output: Categorization scheme

    Materials: Whiteboard/Flip charts, Markers, Sample categorization scheme

    Participants: CIO, Service desk manager, Technicians

    Discuss:

    • How can you use categories and resolution information to enhance reporting?
    • What level of detail do you need to be able to understand the data and take action? What level of detail is too much?
    • Are current status fields allowing you to accurately assess pending work at a glance?

    Draft:

    1. Start with existing categories and review, identifying duplicates and areas of inconsistency.
    2. Write out proposed resolution codes and status fields and critically assess their value.
    3. Test categories and resolution codes against a few recent tickets.
    4. Record the ticket categorization scheme in the Incident Management and Service Desk – Standard Operating Procedure.

    Download the Incident Management and Service Desk – Standard Operating Procedure Template

    Separate tickets into service requests and incidents

    Tickets should be separated into different ticket types to be able to see briefly what needs to be prioritized. This may seem like a non-issue if you have a small team, but if you ever need to report how quickly you’re solving break-fix issues or whether you’re doing root cause analysis, this will save on future efforts. Separating ticket types may make it easier to route tickets automatically or to a new provider in the future.

    INCIDENTS

    SERVICE REQUESTS
    Icon of a bullseye.

    PRIORITIZATION

    		 Incidents will be prioritized based on urgency and impact to the organization. Service requests will be scheduled and only increase in prioritization if there is an issue with the request process (e.g. new hire start).
    Icon of a handshake.

    SLAs

    		 Did incidents get resolved according to prioritization rules? REPONSE & RESOLUTION Did service requests get completed on time? SCHEDULING & FULFILMENT
    Icon of a lightbulb.

    TRIAGE & ROOT CAUSE ANALYSIS

    		 Incidents will typically need triage at the service desk unless something is set up to go directly to a specialist. Service requests don’t need triage and can be routed automatically for approvals and fulfillment.

    “For me, the first key question is, is this keeping you from doing business? Is this a service request? Is it actually something that's broken? Well, okay. Now let's have the conversation about what's broken and keeping you from doing business.” (Anonymous CIO)

    Determine how service requests will be fulfilled

    Process steps for service requests: 'Request, Approve, Schedule, Fulfill, Notify requester, Close ticket'.

    • Identify standard requests, meaning any product approved for use and deployment in the organization.
    • Determine whether this should be published and how. Consider a service catalog with the ability to create tickets right from the request page. If there is an opportunity to automate fulfillment, build that into your workflow and project plans.
    • Create workflows for complicated requests such as onboarding, and build them into a template in the service desk tool. This will allow you to reduce the administrative work to deploy tasks.
    • Who will fulfill requests? There may be a need for more than one technician to be able to fulfill if volume dictates, but it’s important to determine what will be done by each level to quickly assign those tickets for scheduling. Define what will be done by each group of technicians.
    • Determine reasonable SLAs for most service requests. Identify which ones will not meet “normal” SLAs. As you build out a service catalog or automate fulfillment, SLAs can be refined.

    Info-Tech Insight

    Service requests are not as urgent as incidents and should be scheduled.

    Set the SLA based on time to fulfill, plus a buffer to schedule around more urgent service requests.

    1.2 Identify service requests and routing needs

    2-3 hours

    Input: Ticket data, Existing workflow diagrams

    Output: Workflow diagrams

    Materials: Whiteboard/Flip charts, Markers, Visio

    Participants: CIO, Service desk manager, Technicians

    Identify:

    1. Create your list of typical service requests and identify the best person to fulfill, based on complexity, documentation, specialty, access rights.
    2. Review service requests which include multiple people or departments, such as onboarding and offboarding
    3. Draw existing processes.
    4. Discuss challenges and critique existing process.
    5. Document proposed changes and steps that will need to be taken to improve the process.

    Download the Incident Management and Service Desk – Standard Operating Procedure Template

    Incident management

    Critical incidents and normal incidents

    Even with a small team, it’s important to define a priority for response and resolution time for SLA and uptime reporting and extracting insights for continual improvement efforts.

    • Mission-critical systems or problems that affect many people should always come first (i.e. Severity Level 1).
    • The bulk of reported problems, however, are often individual problems with desktop PCs (i.e. Severity Level 3 or 4).
    • Some questions to consider when deciding on problem severity include:
      • How is productivity affected?
      • How many users are affected?
      • How many systems are affected?
      • How critical are the affected systems to the organization?
    • Decide how many severity levels the organization needs the service desk to have. Four levels of severity is ideal for most organizations.
    		 Go to incident management for SE

    Super-specialization of knowledge is also a common factor in smaller teams and is caused by complex architectures. While helpful, if that knowledge isn’t documented, it can walk out the door with the resource and the rest of the team is left scrambling.

    Lessons learned may be gathered for critical incidents but often are not propagated, which impacts the ability to solve recurring incidents.

    Over time, repeated incidents can have a negative impact on the customer’s perception that the service desk is a credible and essential service to the business.

    Cover image for 'Incident Management for Small Enterprise'.
    Click picture for a link to the blueprint

    1.3 Activity: Identify critical systems

    1 hour

    Input: Ticket data, Business continuity plan

    Output: Service desk SOP

    Materials: Whiteboard/Flip charts, Markers

    Participants: CIO, Service desk manager, Technicians

    Discuss and document:

    1. Create a list of the most critical systems, and identify and document the escalation path.
    2. Review inventory of support documents for critical systems and identify any that require runbooks to ensure quick resolution in the event of an outage or major performance issue. Refer to the blueprint Incident Management for Small Enterprise to prioritize and document runbooks as needed.
    3. Review vendor agreements to determine if SLAs are appropriate to support needs. If there is a need for adjustments, determine options for modifying or renegotiating SLAs.

    Download the Incident Runbook Prioritization Tool

    Prioritization scheme

    Keep the priority scheme simple and meaningful, using this framework to communicate and report to stakeholders and set SLAs for response and resolution.
    1. Focus primarily on incidents. Service requests should always be medium urgency, unless there is a valid reason to move one to high level.
    2. Separate major outages from all other tickets as these are a major factor in business impact.
    3. Decide how many levels of severity are appropriate for your organization.
    4. Build a prioritization matrix, breaking down priority levels by impact and urgency.
    5. Build out the definitions of “impact” and “urgency” to complete the prioritization matrix.
    6. Run through examples of each priority level to make sure everyone is on the same page.
    		 A matrix of prioritization with rows as levels of 'IMPACT' and columns as levels of 'URGENCY'. Ratings range from 'Critical' at 'Extensive/Critical' to 'Low' at 'Low Impact/Low'.

    Document escalation rules and contacts

    Depending on the size of the team, escalations may be mostly to internal technical colleagues or could be primarily to vendors.

    • Ensure the list of escalation rules and contacts is accurate and available, adding expected SLAs for quick reference
    • If tickets are being escalated but shouldn’t be, ensure knowledge articles and training materials are up to date
    • Follow up on all external escalations, ensuring SLAs are respected
    • Publish an escalation path for clients if service is not meeting their needs (for internal and external providers) and automate escalations for tickets breaching SLAs
    Escalation rules strung together.
    User doesn’t know who will fix the issue but expects to see it done in a reasonable time. If issue cannot be resolved right away, set expectations for resolution time.
    • Document information so next technician doesn’t need to ask the same questions.
    • Escalate to the right technician the first time.
    • Check notes to catch up on the issue.
    • Run tests if necessary.
    • Contact user to troubleshoot and fix.
    • Meet SLAs or update client on new ETA.
    • Provide complete information to vendor.
    • Monitor resolution.
    • Follow up with vendor if delays.
    • Update client as needed.
    • Vendor will provide support according to agreement.
    • Encourage vendor to provide regular updates to IT.
    • Review vendor performance regularly.
    • IT will validate issue is resolved and close ticket.
    		 Validate user is happy with the experience

    Define, measure, and report on service level agreements

    Improving communications is the most effective way to improve customer service
    1. Set goals for time to respond and time to resolve for different incident levels, communicate to the technical team, and test ability to meet these goals.
    2. Set goals for time to fulfil for most service requests, document exceptions (e.g. onboarding).
    3. Create reports to measure against goals and determine what information will be most effective for reporting to the business.
    4. Management: Communicate expectations to the business leaders and end users.
    5. Management: Set regular cadence to meet with stakeholders to discuss expectations and review relevant metrics.
    6. Management: Determine how metrics will be tracked and reviewed to manage technical partners.
    		 Keep messaging simple
    • Be prepared with detailed reporting if needed, but focus on a few key metrics to inform stakeholders of progress against goals.
    • Use trending to tell a story, especially when presenting success stories.
    • Use appropriate media for each type of message. For example: SLAs can be listed on automated ticket responses or in a banner on the portal.

    Determine what communications are most important and who will do them

    Icon of a bperson ascending a staircase.

    PROACTIVE, PLANNED CHANGES

    		 From: Service Desk

    Messaging provided by engineer or director, sent to all employees; proactive planning with business unit leaders.
    Icon of a bullseye.

    OUTAGES & UPDATES

    		 From: Service Desk

    Use templates to send out concise messaging and updates hourly, with input from technical team working on restoring services to all; director to liaise with business stakeholders.
    Icon of a lightbulb.

    UPDATES TO SERVICES, SELF-SERVE

    		 From: Director

    Send announcements no more than monthly about new services and processes.
    Icon of a handshake.

    REGULAR STAKEHOLDER COMMUNICATIONS

    		 From: Director

    Monthly reporting to business and IT stakeholders on strategic and project goals, manage escalations.

    1.4 Create communications plan

    2 hours

    Input: Sample past communications

    Output: Communications templates

    Materials: Whiteboard/flip charts, Markers

    Participants: CIO, Service desk manager, Technicians

    Determine where templates are needed to ensure quick and consistent communications. Review sample templates and modify to suit your needs:

    1. Proactive, planned changes
    2. Outages and updates
    3. Updates to services, self-serve
    4. Regular stakeholder communications

    Download the communications templates

    Create reports that are useful and actionable

    Reporting serves two purposes:

    1. Accountability to stakeholders
    2. Identification of items that need action

    To determine what reports are needed, ask yourself:

    • What are your goals?
    • What story are you trying to tell?
    • What do you need to manage day to day?
    • What do you need to report to get funding?
    • What do you need to report to your stakeholders for service updates?

    Determine which metrics will be most useful to suit your strategic and operational goals

    STRATEGIC GOAL (stakeholders): Improve customer service evidenced by:

    TIME

    • Aged backlog
    • Service requests solved within SLA (could also look for quick ones, e.g. tickets solved in one day, % solved within one hour)
    • Volume of incidents and time to solve each type
    • Critical incidents solved in 4 hours
    • Incidents solved same day

    QUALITY

    • Percentage of tickets solved at first contact
    • SLAs missed
    • Percentage of services available to request through catalog
    • Percentage of tickets created through portal (speaks to quality of experience)
    • Customer satisfaction survey results – transactional and annual

    RESOURCES

    • Knowledge articles used by technicians
    • Knowledge articles used by end users
    • Tickets resolved at each technician level (volume)
    • Non-standard requests evaluated and fulfilled by volume & time served
    • Volume of recurring incidents
    OPERATIONAL GOALS: Report to director & technicians

    What else can you do to improve service?

    Review the next few pages to see if you need additional blueprints to help you:
    • Evaluate staffing and training needs to ensure the right number of resources are available and they have the skills they need for your environment.
    • Create self-service for end users to get quick answers and create tickets.
    • Create a knowledge base to ensure backup for technical expertise.
    • Develop customer service skills through training.
    • Perform ticket analysis to better understand your technical environment.

    Be agile in your approach to service

    It’s easy for small teams to get overwhelmed when covering for vacations, illness, or leave. Determine where priorities may be adjusted during busy or short-staffed times.

    • Have a plan to cross-train technicians and create comprehensive knowledge articles for coverage during vacations and unexpected absences.
    • Know where it makes sense to bring in vendors, such as for managed print services, or to cover for extended absences.
    • Look for opportunities to automate functions or reduce administrative overhead through workflows.
    • Identify any risks and determine how to mitigate, such as managing or changing administrative passwords.
    • Create self-serve to enable ticket creation and self-solve for those users who wish to use it.

    Staff the service desk to meet demand

    • With increasing complexity of support and demand on service desks, staff are often left feeling overwhelmed and struggling to keep up with ticket volume, resulting in long resolution times and frustrated end users.
    • However, it’s not as simple as hiring more staff to keep up with ticket volume. IT managers must have the data to support their case for increasing resources or even maintaining their current resources in an environment where many executives are looking to reduce headcount.
    • Without changing resources to match demand, IT managers will need to determine how to maximize the use of their resources to deliver better service.

    Cover image for 'Staff the Service Desk to Meet Demand'.
    Click picture for a link to the blueprint

    Create and manage a knowledge base

    With a small team, it may seem redundant to create a knowledge base, but without key system and process workflows and runbooks, an organization is still at risk of bottlenecks and knowledge failure.

    • Use a knowledge base to document pre-escalation troubleshooting steps, known errors and workarounds, and runbook solutions.
    • Where incidents may have many root causes, document which are the most frequent solutions and where variations are typically used.
    • Start with an inventory of personal documents, compare and consolidate into the knowledge base, and ensure they are accurate and up to date.
    • Assign someone to review articles on a regular basis and flag for editing and archiving as the technical environment changes.
    • Supplement with vendor-provided or purchased content. Two options for purchased content include RightAnswers or Netformx.

    Info-Tech Insight

    Appeal to a broad audience. Use non-technical language whenever possible to help less technical readers. Identify error messages and use screenshots where it makes sense. Take advantage of social features like voting buttons to increase use.

    Optimize the service desk with a shift-left strategy

    • “Shift left” is a strategy which moves appropriate technical work to users through knowledge articles, automation and service catalogs, freeing up time for technicians to work on more complex issues.
    • Many organizations have built a great knowledge base but fail to see the value of it over time as it becomes overburdened with overlapping and out-of-date information. Knowledge capture, updating, and review must be embedded into your processes if you want to keep the knowledge base useful.
    • Similarly, the self-service portal is often deployed out of the box with little input from end users and fails to deliver its intended benefits. The portal needs to be designed from the end user’s point of view with the goal of self-resolution if it will serve its purpose of deflecting tickets.

    Cover image for 'Optimize the Service Desk With a Shift-Left Strategy'.
    Click picture for a link to the blueprint

    Customer service isn’t just about friendliness

    Your team will all need to deal with end users at some point, and that may occur in times of high stress. Ensure the team has the skills they need to actively listen, stay positive, and de-escalate.

    Info-Tech’s customer service program is a modular approach to improve skills one area at a time. Delivering good customer service means being effective in these areas:
    • Customer focus – Focus on the customer and use a positive, caring, and helpful attitude.
    • Listening and verbal communication skills – Demonstrate empathy and patience, actively listen, and speak in user-friendly ways to help get your point across.
    • Written communication skills – Use appropriate tone, language, and terms in writing (whether via chat, email, or other).
    • Manage difficult situations – Remain calm and in control when dealing with difficult customers and situations.
    • Go the extra mile – Go beyond simply resolving the request to make each interaction positive and memorable.

    Deliver a customer service training program to your IT department

    • There’s a common misconception that customer service skills can’t be taught, so no effort is made to improve those skills.
    • Even when there is a desire to improve customer service, it’s hard for IT teams to make time for training and improvement when they’re too busy trying to keep up with tickets.
    • A talented service desk agent with both great technical and customer service skills doesn’t have to be a rare unicorn, and an agent without innate customer service skills isn’t a lost cause. Relevant and impactful customer service habits, techniques, and skills can be taught through practical, role-based training.
    • IT leaders can make time for this training through targeted, short modules along with continual on-the-job coaching and development.

    Cover image for 'Deliver Customer Service Training Program to Your IT Department'.
    Click picture for a link to the blueprint

    Improve your ticket analysis

    Once you’ve got great data coming into the ticketing system, it’s important to rethink your metrics and determine if there are more insights to be found.

    Analyzing ticket data involves:
    • Collecting ticket data and keeping it clean. Based on the metrics you’re analyzing, define ticket expectations and keep the data up to date.
    • Showing the value of the service desk. SLAs are meaningless if they are not met consistently. The prerequisite to implementing proper SLAs is fully understanding the proper workload of the service desk.
    • Understanding – and improving – the user experience. You cannot improve the user experience without meaningful metrics that allow you to understand the user experience. Different user groups will have different needs and different expectations of the level of service. Your metrics should reflect those needs and expectations.

    Analyze your service desk ticket data

    Properly analyzing ticket data is challenging for the following reasons:
    • Poor ticket hygiene and unclear ticket handling
    • Service desk personnel are not sure where to start with analysis
    • Too many metrics are tracked to parse actionable data from the noise
    Ticket data won’t give you a silver bullet, but it can help point you in the right direction.

    Cover image for 'Analyze Your Service Desk Ticket Data'.
    Click picture for a link to the blueprint

    Start doing problem management

    Proactively focusing on root cause analysis will reduce the most disruptive incidents to the organization.

    • A focus on elimination of critical incidents and the more disruptive recurring incidents will reduce future workloads for the team and improve customer satisfaction.
    • This can be challenging when the team is already struggling with workload; however, setting a regular cadence to review tickets, looking for trends, and identifying at least one focus area a month can be a positive outcome for everyone.
    • Focus on the most impactful ticket or service first. The initial goal should be to reduce or eliminate critical and high-impact incidents. Once the high-stress situations are reduced, proactively scheduling the smaller but still time-consuming repeatable incidents can be done.
    • Where you have vendors involved, work with them to determine when root cause analysis must happen and where they’ll need to coordinate with your team or other supporting vendors.

    Problem management

    Problem management can be challenging because it requires skills and knowledge to go deep into a problem and troubleshoot the root cause of an issue, but it also requires uninterrupted time.
    • Problem management, however, can be taught, and the issue isn’t always hard to spot if you have time to look.
    • Using tried and true methods for walking through an issue step by step will enable the team to improve their investigative and troubleshooting skills.
    • Reduction of one or two major incidents and recurring incidents per month will pay off quickly in reducing reactive ticket volume and improve customer satisfaction.

    Cover image for 'Problem Management'.
    Click picture for a link to the blueprint

    Create your roadmap with high-level requirements

    Determine what tasks and projects need to be completed to meet your improvement goals. Create a high-level project plan and balance with existing resources.

    Roadmap of high-level requirements with 'Goals' as row headers and their timelines mapped out across fiscal quarters.

    Bibliography

    Taylor, Sharon and Ivor Macfarlane. ITIL Small Scale Implementation. Office of Government Commerce, 2005.

    “Share, Collaborate, and Communicate on One Consistent Platform.” Liferay, n.d. Accessed 19 July 2022.

    Rodela, Jimmy. “A Beginner’s Guide to Customer Self-Service.” The Ascent, 18 May 2022. Web.

    IT Diversity & Inclusion Tactics

    • Buy Link or Shortcode: {j2store}517|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • Although inclusion is key to the success of a diversity and inclusion (D&I) strategy, the complexity of the concept makes it a daunting pursuit.
    • This is further complicated by the fact that creating inclusion is not a one-and-done exercise. Rather, it requires the ongoing commitment of employees and managers to reassess their own behaviors and to drive a cultural shift.

    Our Advice

    Critical Insight

    Realize the benefits of a diverse workforce by embedding inclusion into work practices, behaviors, and values, ensuring accountability throughout the department.

    Impact and Result

    Understand what it means to be inclusive: reassess work practices and learn how to apply leadership behaviors to create an inclusive environment

    IT Diversity & Inclusion Tactics Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Mobilize inclusion efforts

    Learn, evaluate, and understand what it means to be inclusive, examine biases, and apply inclusive leadership behaviors.

    • Diversity & Inclusion Initiatives Catalog
    • Inclusive IT Work Practices Examples
    • Inclusive Work Practices Template
    • Equip Managers to Adopt Inclusive Leadership Behaviors
    • Workbook: Equip Managers to Adopt Inclusive Leadership Behaviors
    • Standard Focus Group Guide
    [infographic]

    Manage End-User Devices

    • Buy Link or Shortcode: {j2store}307|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $45,499 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: End-User Computing Devices
    • Parent Category Link: /end-user-computing-devices
    • Desktop and mobile device management teams use separate tools and different processes.
    • People at all levels of IT are involved in device management.
    • Vendors are pushing unified endpoint management (UEM) products, and teams struggling with device management are hoping that UEM is their savior.
    • The number and variety of devices will only increase with the continued advance of mobility and emergence of the Internet of Things (IoT).

    Our Advice

    Critical Insight

    • Many problems can be solved by fixing roles, responsibilities, and process. Standardize so you can optimize.
    • UEM is not a silver bullet. Your current solution can image computers in less than 4 hours if you use lean images.
    • Done with, not done to. Getting input from the business will improve adoption, avoid frustration, and save everyone time.

    Impact and Result

    • Define the benefits that you want to achieve and optimize based on those benefits.
    • Take an evolutionary, rather than revolutionary, approach to merging end-user support teams. Process and tool unity comes first.
    • Define the roles and responsibilities involved in end-user device management, and create a training plan to ensure everyone can execute their responsibilities.
    • Stop using device management practices from the era of Windows XP. Create a plan for lean images and app packages.

    Manage End-User Devices Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize end-user device management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the business and IT benefits of optimizing endpoint management

    Get your desktop and mobile device support teams out of firefighting mode by identifying the real problem.

    • Manage End-User Devices – Phase 1: Identify the Business and IT Benefits
    • End-User Device Management Standard Operating Procedure
    • End-User Device Management Executive Presentation

    2. Improve supporting teams and processes

    Improve the day-to-day operations of your desktop and mobile device support teams through role definition, training, and process standardization.

    • Manage End-User Devices – Phase 2: Improve Supporting Teams and Processes
    • End-User Device Management Workflow Library (Visio)
    • End-User Device Management Workflow Library (PDF)

    3. Improve supporting technologies

    Stop using management tools and techniques from the Windows XP era. Save yourself, and your technicians, from needless pain.

    • Manage End-User Devices – Phase 3: Improve Supporting Technologies
    [infographic]

    Workshop: Manage End-User Devices

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Business and IT Benefits of Optimizing End-User Device Management

    The Purpose

    Identify how unified endpoint management (UEM) can improve the lives of the end user and of IT.

    Key Benefits Achieved

    Cutting through the vendor hype and aligning with business needs.

    Activities

    1.1 Identify benefits you can provide to stakeholders.

    1.2 Identify business and IT goals in order to prioritize benefits.

    1.3 Identify how to achieve benefits.

    1.4 Define goals based on desired benefits.

    Outputs

    Executive presentation

    2 Improve the Teams and Processes That Support End-User Device Management

    The Purpose

    Ensure that your teams have a consistent approach to end-user device management.

    Key Benefits Achieved

    Developed a standard approach to roles and responsibilities, to training, and to device management processes.

    Activities

    2.1 Align roles to your environment.

    2.2 Assign architect-, engineer-, and administrator-level responsibilities.

    2.3 Rationalize your responsibility matrix.

    2.4 Ensure you have the necessary skills.

    2.5 Define Tier 2 processes, including patch deployment, emergency patch deployment, device deployment, app deployment, and app packaging.

    Outputs

    List of roles involved in end-user device management

    Responsibility matrix for end-user device management

    End-user device management training plan

    End-user device management standard operating procedure

    Workflows and checklists of end-user device management processes

    3 Improve the Technologies That Support End-User Device Management

    The Purpose

    Modernize the toolset used by IT to manage end-user devices.

    Key Benefits Achieved

    Saving time and resources for many standard device management processes.

    Activities

    3.1 Define the core image for each device/OS.

    3.2 Define app packages.

    3.3 Gather action items for improving the support technologies.

    3.4 Create a roadmap for improving end-user device management.

    3.5 Create a communication plan for improving end-user device management.

    Outputs

    Core image outline

    Application package outline

    End-user device management roadmap

    End-user device management communication plan

    Choose Your Mobile Platform and Tools

    • Buy Link or Shortcode: {j2store}281|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Mobile Development
    • Parent Category Link: /mobile-development
    • Organizations see the value of mobile applications in improving productivity and reach of day-to-day business and IT operations. This motivates leaders to begin the planning of their first application.
    • However, organizations often lack the critical foundational knowledge and skills to deliver and maintain high quality and valuable applications that meet business and user priorities and technical requirements.
    • Mobile technologies and trends are continually evolving and maturing. It is hard to predict which trends will make a significant impact and to prepare current mobile investments to harness their value of these trends.

    Our Advice

    Critical Insight

    • Mobile applications can stress the stability, reliability, and overall quality of your enterprise systems and services. They will also increase your security risks because of the exposure of your enterprise technology assets to unsecured networks and devices.
    • High costs of entry may restrict what built-in features your users can have in their mobile experience. Workarounds may not be sufficient to offset the costs of certain built-in feature needs.
    • Many operating models do not enable or encourage the collaboration required to fully understand user needs and behaviors and evaluate mobile opportunities and underlying operational systems from multiple perspectives.

    Impact and Result

    • Establish the right expectations. Understand your mobile users by learning their needs, challenges, and behaviors. Discuss the current state of your systems and your high priority non-functional requirements to determine what to expect from your mobile applications.
    • Choose the right mobile platform approach and shortlist your mobile delivery solutions. Obtain a thorough view of the business and technical complexities of your mobile opportunities, including current mobile delivery capabilities and system compatibilities.
    • Create your mobile roadmap. Describe the gradual rollout of your mobile technologies through minimal valuable products (MVPs).

    Choose Your Mobile Platform and Tools Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Choose Your Mobile Platform and Tools Storyboard

    This blueprint helps you develop an approach to understand the mobile experience your stakeholders want your users to have and select the appropriate platform and delivery tools to meet these expectations.

    • Choose Your Mobile Platform and Tools Storyboard

    2. Mobile Application Delivery Communication Template – Clearly communicate the goal and approach of your mobile application implementation in a language your audience understands.

    This template narrates a story to describe the need and expectations of your low- and no-code initiative to get buy-in from stakeholders and interested parties.

    • Mobile Application Delivery Communication Template

    Infographic

    Workshop: Choose Your Mobile Platform and Tools

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Choose Your Platform and Delivery Solution

    The Purpose

    Choose the right mobile platform.

    Shortlist your mobile delivery solution and desired features and services.

    Key Benefits Achieved

    A chosen mobile platform that meets user and enterprise needs.

    Candidate mobile delivery solutions that meet your delivery needs and capacity of your teams.

    Activities

    1.1 Select your platform approach.

    1.2 Shortlist your mobile delivery solution.

    1.3 Build your feature and service lists.

    Outputs

    Desired mobile platform approach.

    Shortlisted mobile delivery solutions.

    Desired list of vendor features and services.

    2 Create Your Roadmap

    The Purpose

    Design the mobile application minimal viable product (MVP).

    Create your mobile roadmap.

    Key Benefits Achieved

    An achievable and valuable mobile application that is scalable for future growth.

    Clear intent of business outcome delivery and completing mobile delivery activities.

    Activities

    2.1 Define your MVP release.

    2.2 Build your roadmap.

    Outputs

    MVP design.

    Mobile delivery roadmap.

    3 Set the Mobile Context

    The Purpose

    Understand your user’s environment needs, behaviors, and challenges.

    Define stakeholder expectations and ensure alignment with the holistic business strategy.

    Identify your mobile application opportunities.

    Key Benefits Achieved

    Thorough understanding of your mobile user and opportunities where mobile applications can help.

    Level set stakeholder expectations and establish targeted objectives.

    Prioritized list of mobile opportunities.

    Activities

    3.1 Generate user personas with empathy maps.

    3.2 Build your mobile application canvas.

    3.3 Build your mobile backlog.

    Outputs

    User personas.

    Mobile objectives and metrics.

    Mobile opportunity backlog.

    4 Identify Your Technical Needs

    The Purpose

    Define the mobile experience you want to deliver and the features to enable it.

    Understand the state of your current system to support mobile.

    Identify your definition of mobile application quality.

    List the concerns with mobile delivery.

    Key Benefits Achieved

    Clear understanding of the desired mobile experience.

    Potential issues and risks with enabling mobile on top of existing systems.

    Grounded understanding of mobile application quality.

    Holistic readiness assessment to proceed with mobile delivery.

    Activities

    4.1 Discuss your mobile needs.

    4.2 Conduct a technical assessment.

    4.3 Define mobile application quality.

    4.4 Verify your decision to deliver mobile applications.

    Outputs

    List of mobile features to enable the desired mobile experience.

    System current assessment.

    Mobile application quality definition.

    Verification to proceed with mobile delivery.

    Further reading

    Choose Your Mobile Platform and Tools

    Maximize the value of your mobile investments by prioritizing technology decisions on user experience, business priorities, and system quality.

    EXECUTIVE BRIEF

    Analyst Perspective

    Mobile is the way of working.

    Workers require access to enterprise products, data, and services anywhere at anytime on any device. Give them the device-specific features, offline access, desktop-like interfaces, and automation capabilities they need to be productive.

    To be successful, you need to instill a collaborative business-IT partnership. Only through this partnership will you be able to select the right mobile platform and tools to balance desired outcomes with enterprise security, performance, integration, quality, and other delivery capacity concerns.

    This is a picture of Andrew Kum-Seun Senior Research Analyst, Application Delivery and Application Management Info-Tech Research Group

    Andrew Kum-Seun
    Senior Research Analyst,
    Application Delivery and Application Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Organizations see the value of mobile applications in improving productivity and reach of day-to-day business and IT operations. This motivates leaders to begin the planning of their first application.
    • However, organizations often lack the critical foundational knowledge and skills to deliver and maintain high quality and valuable applications that meet business and user priorities and technical requirements.
    • Mobile technologies and trends are continually evolving and maturing. It is hard to predict which trends will make a significant impact and to prepare current mobile investments to harness the value of these trends.

    Common Obstacles

    • Mobile applications can stress the stability, reliability and overall quality of your enterprise systems and services. They will also increase your security risks because of the exposure of your enterprise technology assets to unsecured networks and devices.
    • High costs of entry may restrict what native features your users can have in their mobile experience. Workarounds may not be sufficient to offset the costs of certain native feature needs.
    • Many operating models do not enable or encourage the collaboration required to fully understand user needs and behaviors and evaluate mobile opportunities and underlying operational systems from multiple perspectives.

    Info-Tech's Approach

    • Establish the right expectations. Understand your mobile users by learning their needs, challenges, and behaviors. Discuss the current state of your systems and your high priority non-functional requirements to determine what to expect from your mobile applications.
    • Choose the right mobile platform approach and shortlist your mobile delivery solutions. Obtain a thorough view of the business and technical complexities of your mobile opportunities, including current mobile delivery capabilities and system compatibilities.
    • Create your mobile roadmap. Describe the gradual rollout of your mobile technologies through minimal valuable products (MVPs).

    Insight Summary

    Overarching Info-Tech Insight

    Treat your mobile applications as digital products. Digital products are continuously modernized to ensure they are fit-for-purpose, secured, accessible, and immersive. A successful mobile experience involves more than just the software and supporting system. It involves good training and onboarding, efficient delivery turnaround, and a clear and rational vision and strategy.

    Phase 1: Set the Mobile Context

    • Build applications your users need and desire – Design the right mobile application that enables your users to address their frustrations and productivity challenges.
    • Maximize return on your technology investments – Build your mobile applications with existing web APIs, infrastructure, and services as much as possible.
    • Prioritize mobile security, performance and integration requirements – Understand the unique security, performance, and integration influences has on your desired mobile user experience. Find the right balance of functional and non-functional requirements through business and IT collaboration.

    Phase 2: Define Your Mobile Approach

    • Start with a mobile web platform - Minimize disruptions to your existing delivery process and technical stack by building against common web standards. Select a hybrid platform or cross-platform if you need device hardware access or have complicated non-functional requirements.
    • Focus your mobile solution decision on vendor support and functional complexity – Verify that your solution is not only compatible with the architecture, data, and policies of existing business systems, but satisfies IT's concerns with access to restricted technology and data, and with IT's ability to manage and operate your applications.
    • Anticipate changes, defects & failures in your roadmap - Quickly shift your mobile roadmaps according to user feedback, delivery challenges, value, and stability.

    Mobile is how the business works today

    Mobile adoption continues to grow in part due to the need to be a mobile workforce, and the shift in customer behaviors. This reality pushed the industry to transform business processes and technologies to better support the mobile way of working.

    Mobile Builds Interests
    61%
    Mobile devices drove 61% of visits to U.S. websites
    Source: Perficient, 2021

    Mobile Maintains Engagement
    54%
    Mobile devices generated 54.4% of global website traffic in Q4 2021.
    Source: Statista, 2022

    Mobile Drives Productivity
    82%
    According to 82% of IT executives, smartphones are highly important to employee productivity
    Source: Samsung and Oxford Economics, 2022

    Mobile applications enable and drive your digital business strategy

    Organizations know the criticality of mobile applications in meeting key business and digital transformation goals, and they are making significant investments. Over half (58%) of organizations say their main strategy for driving application adoption is enabling mobile access to critical enterprise systems (Enterprise CIO, 2016). The strategic positioning and planning of mobile applications are key for success.

    Mobile Can Motivate, Support and Drive Progress in Key Activities Underpinning Digital Transformation Goals

    Goal: Enhance Customer Experience

    • A shift from paper to digital communications
    • Seamless, omni-channel client experiences across devices
    • Create Digital interactive documents with sections that customers can customize to better understand their communications

    Goal: Increase Workflow Throughput & Efficiency

    • Digitized processes and use of data to improve process efficiency
    • Modern IT platforms
    • Automation through robotic process automation (RPA) where possible
    • Use of AI and machine learning for intelligent automation

    Source: Broadridge, 2022

    To learn more, visit Info-Tech's Define Your Digital Business Strategy blueprint.

    Well developed mobile applications bring unique opportunities to drive more value

    Role

    Opportunities With Mobile Applications

    Expected Value

    Stationary Worker

    Design flowcharts and diagrams, while abandoning paper and desktop applications in favor of easy-to-use, drawing tablet applications.

    Multitask by checking the application to verify information given by a vendor during their presentation or pitch.

    • Reduce materials cost to complete administrative responsibilities.
    • Digitally and automatically store and archive frequently used documents.

    Roaming Worker
    (Engineer)

    Replace physical copies of service and repair manuals with digital copies, and access them with mobile applications.

    Scan or input product bar code to determine whether a replacement part is available or needs to be ordered.

    • Readily access and update corporate data anywhere at anytime.
    • Expand employee responsibilities with minimal skills impact.

    Roaming Worker
    (Nurse)

    Log patient information according to HIPAA standards and complete diagnostics live to propose medication for a patient.

    Receive messages from senior staff about patients and scheduling while on-call.

    • Quickly and accurately complete tasks and update patient data at site.
    • Be readily accessible to address urgent issues.

    Info-Tech Insight

    If you build it, they may not come. Design and build the applications your user wants and needs, and ensure users are properly onboarded and trained. Learn how your applications are leveraged, capture feedback from the user and system dashboards, and plan for enhancements, fixes, and modernizations.

    Workers expect IT to deliver against their high mobile expectations

    Workers want sophisticated mobile applications like what they see their peers and competitors use.

    Why is IT considering building their own applications?

    • Complex and Unique Workflows: Canned templates and shells are viewed as incompatible to the workflows required to complete worker responsibilities outside the office, with the same level of access to corporate data as on premise.
    • Supporting Bring Your Own Device (BYOD): Developing your own mobile applications around your security protocols and standards can help mitigate the risks with personal devices that are already in your workforce.
    • Long-Term Architecture Misalignment: Outsourcing mobile development risks the mobile application misaligned with your quality standards or incompatible with other enterprise and third-party systems.

    Continuously meeting aggressive user expectations will not be easy

    Value Quickly Wears Off
    39.9% of users uninstall an application because it is not in use.
    40%
    Source: n=2,000, CleverTap, 2021

    Low Tolerance to Waiting
    Keeping a user waiting for 3 seconds is enough to dissatisfy 43% of users.
    43%
    Source: AppSamurai, 2018

    Quick Fixes Are Paramount
    44% of defects are found by users
    44%
    Source: Perfecto Mobile, 2014

    Mobile emphasizes the importance of good security, performance, and integration

    Today's mobile workers are looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile devices, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.

    Cloud Solutions: Can I use my existing APIs?. Solutions in Corporate Networks: Do my legacy systems have the capacity to support mobile?; How do I integrate solutions and data from multiple sources into a single view?; Third Party Solutions: Will I have a significant performance bottleneck?; Single View on Mobile Devices: How is corporate data stored on the device?; What new technology dependencies must I account for in my architecture and operational support capabilities?

    Accept change as the norm

    IT is challenged with keeping up with disruptive technologies, such as mobile, which are arriving and changing faster and faster.

    What is the issue? Mobile priorities, concepts, and technologies do not remain static. For example, current Google's Pixels benefit from at least three versions of Android updates and at least three years of monthly security patches after their release (NextPit, 2022). Keeping up to date with anything mobile is difficult if you do not have the right delivery and product management practices in place.

    What is the impact on IT? Those who fail to prepare for changing requirements and technologies will quickly run into maintainability, extensibility, and flexibility issues. Mobile applications will quickly become stale and misaligned with the maturity of other enterprise infrastructure and applications.

    Continuously look at the trends, vendor roadmaps, and your user's feedback to envision where your mobile applications should be. Learning from your past attempts gives you insights on the opportunities and impacts changes will have on your people, process, and technology.

    How do I address this issue? A well-defined mobile vision and roadmap ensures your initiatives are aligned with your holistic business and technology strategies, the right problem is being solved, and resources are available to deliver high priority changes.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Address the difficulties in managing enterprise mobile technologies

    Adaptability During Development

    Teams must be ready to alter their mobile approach when new insights and issues arise during and after the delivery of your mobile application and its updates.

    High Cybersecurity Standards

    Cybersecurity should be a top priority given the high security exposure of mobiles and the sensitive data mobile applications need to operate. Role-based access, back-up systems, advanced scanning, and protection software and encryption should all be implemented.

    Integration with Other Systems

    Your application will likely be integrated with other systems to expand service offerings and optimize performance and user experience. Your enterprise integration strategy ensures all systems connect against a common pattern with compatible technologies.

    Finding the Right Mobile Developers

    Enterprise mobile delivery requires a broad skillset to build valuable applications against extensive non-functional requirements in complex and integration environments. The right resources are even harder to find when native applications are preferred over web-based ones.

    Source: Radoslaw Szeja, Netguru, 2022.

    Build and manage the right experience by treating mobile as digital products

    Digital products are continuously modernized to ensure they are fit-for-purpose, secured, insightful, accessible, and interoperable. A good experience involves more than just technology.

    First, deliver the experience end users want and expect by designing the application against digital application principles.

    Business Value

    Continuous modernization

    • Fit for purpose
    • User-centric
    • Adaptable
    • Accessible
    • Private and secured
    • Informative and insightful
    • Seamless application connection
    • Relationship and network building

    To learn more, visit Info-Tech's Modernize Your Applications blueprint.

    Then, deliver a long-lasting experience by supporting your applications with key governance and management capabilities.

    • Product Strategy and Roadmap
    • External Relationships
    • User Adoption and Organizational Change Management
    • Funding
    • Knowledge Management
    • Stakeholder Management
    • Product Governance
    • Maintenance & Enhancement
    • User Support
    • Managing and Governing Data
    • Requirements Analysis and Design
    • Research & Development

    To learn more, visit Info-Tech's Make the Case for Product Delivery blueprint.

    Choose Your Mobile Platform and Tools

    Maximize the value of your mobile investments by prioritizing technology decisions on user experience, business priorities, and system quality.

    WORKFLOW

    1. Capture Your User Personas and Journey workflow: Trigger: Step 1; Step 2; Step 3; Step 4; Outcome
    2. Select Your Platform Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.
    3. Shortlist Your Solutions A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Strategic Perspective
    Business and Product Strategies

    1. End-User Perspective

    End User Needs

    • Productivity
    • Innovation
    • Transformation

    Native User Experience

    • Anytime, Anywhere
    • Visually Pleasing & Fulfilling
    • Personalized & Insightful
    • Hands-Off & Automated
    • Integrated Ecosystem

    2. Platform Perspective

    Technical Requirements

    Security

    Performance

    Integration

    Mobile Platform

    3. Solution Perspective

    Vendor Support

    Services

    Stack Mgmt.

    Quality & Risk

    Mobile Delivery Solutions

    Make user experience (UX) the standard

    User experience (UX) focuses on a user's emotions, beliefs, and physical and psychological responses that occur before, during, or after interacting with a service or product.

    For a mobile application to be meaningful, the functions, aesthetics and content must be:

    • Usable
      • Users can intuitively navigate through your mobile application and complete their desired tasks.
    • Desirable
      • The application elements are used to evoke positive emotions and appreciation.
    • Accessible
      • Users can easily use your mobile application, including those with disabilities.
    • Valuable
      • Users find the content useful, and it fulfills a need.

    Enable a greater experience with UX-driven thinking

    Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.

    To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.

    A Venn diagram is depicted, demonstrating the inputs that lead to an interactive design, with interactive elements, usability, and accessibility. This work by Mark Roden is licensed under a Creative Commons Attribution 3.0 Unported License.

    Source: Marky Roden, Xomino, 2018

    Define the mobile experience your end users want

    • Anytime, Anywhere
      • The user can access, update and analyze data and corporate products and services whenever they want, in all networks, and on any device.
    • Hands-Off and Automated
      • The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.
    • Personalized and Insightful
      • Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware, or predicted actions.
    • Integrated Ecosystem
      • The application supports a seamless experience across various third-party and enterprise applications and services the user needs.
    • Visually Pleasing and Fulfilling
      • The UI is intuitive and aesthetically gratifying, with little security and performance trade-offs to use the full breadth of its functions and services.

    Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.

    Mobile value is dependent on the platform you choose

    What is a platform?

    "A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely-coupled API architecture, whether the supporting system is managed and supported by your organization or by third-party providers.

    Web

    Mobile web applications are deployed and executed within the mobile web browser. They are often developed with a combination of web and scripting languages, such as HTML, CSS, and JavaScript. Web often takes two forms on mobile:

    • Progressive Web Applications (PWA)
    • Mobile Web Sites

    Hybrid

    Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container. It uses the device's browser runtime engine to support more sophisticated designs and features than to the web approach.

    Cross-Platform

    Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. The solution compiles the code into device-specific builds for native deployment.

    Native

    Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.

    Start mobile development on a mobile web platform

    Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first. Then consider a cross-platform application if you require device access or need to meet specific non-functional requirements.

    Why choose a mobile web platform?

    Pros

    The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g. geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.

    Cons

    Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices. This requires resources with specific skillsets and different tools to support development and testing.

    Other Notable Benefits with Web Languages

    • Modern browsers in most mobile devices can execute and render many mobile features developed in web languages, allowing for greater portability and sophistication of code across multiple devices. However, this flexibility comes at the cost of performance since the browser's runtime engine will not perform as well as a native engine.
    • Web languages are well known by developers, minimizing skills and resourcing impacts. Consequently, changes can be quickly accommodated and updated uniformly across all end users.

    Select your mobile platform

    Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).

    When does a platform makes sense to use?

    Web

    • Desire to maximize current web technologies investments (people, process, and technologies).
    • Use cases do not require significant computational resources on the device or are tightly constrained by non-functional requirements.
    • Limited budget to acquire mobile development resources.
    • Access to device hardware is not a high priority.

    Hybrid / Cross-Platform

    • The need to quickly spin up native-like applications for multiple platforms and devices.
    • Desire to leverage existing web development skills, but also a need for device access and meeting specific non-functional requirements.
    • Vendor support is needed for the entire mobile delivery process.

    Native

    • Developers are experts in the target programming language and with the device's hardware.
    • Strong need for high performance, security, and device-specific access and customizations.
    • Application use cases require significant computing resources.

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.

    Understand the common attributes of a mobile delivery solution

    • Source Code Management – Built-in or having the ability to integrate with code management solutions for branching, merging, and versioning. Debugging and coding assistance capabilities may be available.
    • Single Code Base – Capable of programming in a standard coding and scripting language for deployment into several platforms and devices. This code base is aligned to a common industry framework (e.g. AngularJS, Java) or a vendor-defined one.
    • Out-of-the-Box Connectors & Plug-ins – Pre-built APIs enhance the solution's capabilities with third-party tools and systems to deliver and manage high quality and valuable mobile applications.
    • Emulators – Ability to virtualize an application's execution on a target platform and device.
    • Support for Native Features – Supports plug-ins and APIs for access to device-specific features.

    What are mobile delivery solutions?

    A mobile delivery solution provides the tools, resources, and support to enable or build your mobile application. It can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Solutions can be barebone software development kits (SDKs), or comprehensive suites offering features to support the entire software delivery lifecycle, such as:

    • Mobile application management
    • Testing and publishing to app stores
    • Content management
    • Cloud hosting
    • Application performance management

    Info-Tech Insight

    Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need to acquire new tools.

    Select your mobile delivery solutions

    1. Set the scope of your framework.
    • The initial context of this framework is based on the mobile functions needed to support your desired mobile experience and on the current state of your enterprise and 3rd party systems.
  • Define the decision factors for your solution selection.
    • Review the decision factors that will influence the selection of your mobile delivery solution for each mobile opportunity:
    • Stack Management – Who will be hosting and supporting your mobile application stack?
    • Workflows Complexity & Native Experience – How complex is your desired mobile experience and how will native device features be leveraged?
  • Select your solution type.
    • Mobile delivery solutions are broadly defined in the following groups:
    • Commercial-Off-The-Shelf (COTS) – Pre-built mobile applications requiring little to no configurations or implementation effort.
    • Vendor Hosted Mobile Platform – Back-end and mid-tier infrastructure and operational support are managed by a vendor.
    • Cross-Platform Development – Frameworks that transform a single code base into platform-specific builds.
    • Hybrid Development – Tools that wrap a single code base into a locally deployable build.
    • Custom Web Development – Environment enabling full stack development for mobile web applications.
    • Custom Native Development – Environment enabling full stack development for mobile native applications.
    • A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Optimize your software delivery process

    Mobile brings new delivery and management challenges that are often difficult for organizations that are tied to legacy systems, hindered by rigid and slow delivery lifecycles, and are unable to adopt leading-edge technologies. Many of these challenges stem from the fact that mobile is a significant shift from desktop development:

    • Mobile devices and operating systems are heavily fragmented, especially in the Android space.
    • Test coverage is significantly expanded to include physical environments and multiple network connections.
    • Mobile devices do not have the same performance capabilities and memory storage as their desktop counterparts.
    • The user interface must be strategically designed to accommodate the limited screen size.
    • Mobile applications are highly susceptible to security breaches.
    • Mobile users often expect quick turnaround time on fixes and enhancements due to continuously changing technology, business priorities, and user needs.

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    How should the process change?

    • Cross-functional collaboration – Bringing business and IT together at the most opportune times to clarify user needs and business priorities, and set realistic expectations given technology and capacity constraints. The appropriate tactics and techniques are used to improve decision making and delivery effectiveness according to the type of work.
    • Iterative delivery – Frequent delivery of progressive changes minimizes the risk of low-quality features by containing and simplifying scope, and enables responsive turnarounds of fixes, enhancements, and priority changes.
    • Feedback loops –Mobile application owners constantly review, update and refine their backlog of mobile features and changes to reflect user feedback and system performance metrics. Delivery teams proactively prepare the application for future scaling based on lessons and feedback learned from earlier releases.

    Achieve mobile success with MVPs

    By delivering mobile capabilities in small iterations, teams recognize value sooner and reduce accumulated risk. Both benefits are realized as the iteration enters validation testing and release.

    This image depicts a graph of the learn-build-measure cycle over time, adapted from Managing the Development of Large Software Systems, Dr. Winston W. Royce, 1970

    An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:

    • Maximize learning.
    • Evaluate the value and acceptance of mobile applications.
    • Inform the building of a mobile delivery practice.

    The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.

    Gauge the value with the right metrics

    Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.

    What should I measure?

    1. Mobile Application Engagement, Retention and User Satisfaction
      1. The activeness of users on the applications, the number of returning users, and the happiness of the users.
      2. Example: Number of tasks completed, number of active and returning users, session length and intervals, user satisfaction
    2. Value Driven from Mobile Applications
      1. The business value that the user directly or indirectly receives with the mobile application.
      2. Example: Mobile application revenue, business operational costs, worker productivity, business reputation and image
    3. Delivery Throughput and Quality
      1. The health and quality of your mobile applications throughout their lifespan and the speed to deliver working applications that meet stakeholder expectations.
      2. Example: Frequency of release, lead time, request turnaround, escaped defects, test coverage.

    Use Info-Tech's diagnostic to evaluate the reception of your mobile applications

    Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end-user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.

    This image contains a screenshot from Info-Tech's Application Portfolio Assessment (APA) Diagnostic

    USE THE PROGRAM DIAGNOSTIC TO:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    INTEGRATE DIAGNOSTIC RESULTS TO:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Grow your mobile delivery practice

    Level 1: Mobile Delivery Foundations

    You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.

    Level 2: Scaled Mobile Delivery

    New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.

    Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.

    Level 3: Leading-Edge Mobile Delivery

    Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.

    Hit a home run with your stakeholders

    Use a data-driven approach to select the right tooling vendor for your needs – fast.

    Awareness Education & Discovery Evaluation Selection

    Negotiation & Configuration

    1.1 Proactively Lead Technology Optimization & Prioritization 2.1 Understand Marketplace Capabilities & Trends 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics 4.1 Create a Weighted Selection Decision Model 5.1 Initiate Price Negotiation with Top Two Venders
    1.2 Scope & Define the Selection Process for Each Selection Request Action 2.2 Discover Alternate Solutions & Conduct Market Education 3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors 5.2 Negotiate Contract Terms & Product Configuration

    1.3 Conduct an Accelerated Business Needs Assessment

    		2.3 Evaluate Enterprise Architecture & Application Portfolio Narrow the Field to Four Top Contenders 4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks 5.3 Finalize Budget Approval & Project
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation 2.4 Validate the Business Case 5.4 Invest in Training & Onboarding Assistance

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.

    Pitch your mobile delivery approach with Info-Tech's template

    Communicate the justification of your approach to mobile applications with Info-Tech's Mobile Application Delivery Communication Template:

    • Level set your mobile application goals and objectives by weighing end user expectations with technical requirements.
    • Define the high priority opportunities for mobile applications.
    • Educate decision makers of the limitations and challenges of delivering specific mobile experiences with the various mobile platform options.
    • Describe your framework to select the right mobile platform and delivery tools.
    • Lay out your mobile delivery roadmap and initiatives.

    INFO-TECH DELIVERABLE

    This is a screenshot from Info-Tech's Mobile Application Delivery Communication Template

    Info-Tech's methodology for mobile platform and delivery solution selection

    1. Set the Mobile Context

    2. Define Your Mobile Approach

    Phase Steps

    Step 1.1 Build Your Mobile Backlog

    Step 1.2 Identify Your Technical Needs

    Step 1.3 Define Your Non-Functional Requirements

    Step 2.1 Choose Your Platform Approach

    Step 2.2 Shortlist Your Mobile Delivery Solution

    Step 2.3 Create a Roadmap for Mobile Delivery

    Phase Outcomes

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Readiness for mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Understand the case and motivators for mobile applications.

    Call #2: Discuss the end user and desired mobile experience.

    Call #5: Discuss the desired mobile platform.

    Call #8: Discuss your mobile MVP.

    Call #3: Review technical complexities and non-functional requirements.

    Call #6: Shortlist mobile delivery solutions and desired features.

    Call #9: Review your mobile delivery roadmap.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 9 calls over the course of 2 to 3 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Module 1 Module 2 Module 3 Module 4 Post-Workshop
    Activities Set the Mobile Context Identify Your Technical Needs Choose Your Platform & Delivery Solution Create Your Roadmap Next Steps andWrap-Up (offsite)

    1.1 Generate user personas with empathy maps

    1.2 Build your mobile application canvas

    1.3 Build your mobile backlog

    2.1 Discuss your mobile needs

    2.2 Conduct a technical assessment

    2.3 Define mobile application quality

    2.4 Verify your decision to deliver mobile applications

    3.1 Select your platform approach

    3.2 Shortlist your mobile delivery solution

    3.3 Build your feature and service lists

    4.1 Define your MVP release

    4.2 Build your roadmap

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Verification to proceed with mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap
    • Completed workshop output deliverable
    • Next steps

    Phase 1

    Set the Mobile Context

    Choose Your Mobile Platform and Tools

    This phase will walk you through the following steps:

    • Step 1.1 – Build Your Mobile Backlog
    • Step 1.2 – Identify Your Technical Needs
    • Step 1.3 – Define Your Non-Functional Requirements

    This phase involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Step 1.1

    Build Your Mobile Backlog

    Activities

    1.1.1 Generate user personas with empathy maps

    1.1.2 Build your mobile application canvas

    1.1.3 Build your mobile backlog

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog

    Users expect your organization to support their mobile way of working

    Today, users expect sophisticated and personalized features, immersive interactions, and cross-platform capabilities from their mobile applications and be able to access information and services anytime, anywhere and on any device. These demands are pushing organizations to become more user-driven, placing greater importance on user experience (UX) with enterprise-grade technologies.

    How has technologies evolved to easily enable mobile capabilities?

    • Desktop-Like Features
      • Native-like features, such as geolocation and local caching, are supported through web language or third-party plugins and extensions.
    • Extendable & Scalable
      • Plug-and-play architecture is designed to allow software delivery teams to explore new use cases and mobile capabilities with out-of-the-box connectors and/or customizable REST APIs.
    • Low Barrier to Entry
      • Low- and no-code development tools, full-stack solutions, and plug-and-play architectures allow non-technical users to easily build and implement applications without direct IT involvement.
    • Templates & Shells
      • Vendors provide UI templates and application shells that contain pre-built native features and multiple aesthetic layouts in a publishing-friendly and configurable way.
    • Personalized Content
      • Content can be uniquely tailored to a user's preference or be automatically generated based on the user's profile or activity history.
    • Hands-Off Operations
      • Many mobile solutions operate in a as-a-service model where the underlying and integrated technologies are managed by the vendor and abstracted away.

    Make user experience (UX) the standard

    User experience (UX) focuses on a user's emotions, beliefs, and physical and psychological responses that occur before, during, or after interacting with a service or product.

    For a mobile application to be a meaningful experience, the functions, aesthetics and content must be:

    • Usable
      • Users can intuitively navigate through your mobile application and complete their desired tasks.
    • Desirable
      • The application elements are used to evoke positive emotions and appreciation.
    • Accessible
      • Users can easily use your mobile application, including those with disabilities.
    • Valuable
      • Users find the content useful, and it fulfills a need.

    Enable a greater experience with UX-driven thinking

    Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.

    To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.

    A Venn diagram is depicted, demonstrating the inputs that lead to an interactive design, with interactive elements, usability, and accessibility. This work by Mark Roden is licensed under a Creative Commons Attribution 3.0 Unported License.

    Source: Marky Roden, Xomino, 2018

    UX-driven mobile apps bring together a compelling UI with valuable functionality

    Info-Tech Insight

    Organizations often over-rotate on the UI. Receptive and satisfying applications require more than just pretty pictures, bold colors, and flashy animations. UX-driven mobile applications require the seamless merging of enticing design elements and valuable functions that are specifically tailored to the behaviors of the users. Take a deep look at how each design element and function is used and perceived by the user, and how your application can sufficiently support user needs.

    UI-Function Balance to Achieve Highly Satisfying Mobile Applications

    An application's UI and function both contribute to UX, but they do so in different ways.

    • The UI generates the visual, audio, and vocal cues to draw the attention of users to key areas of the application while stimulating the user's emotions.
    • Functions give users the means to satisfy their needs effortlessly.

    Finding the right balance of UI and function is dependent on the organization's understanding of user emotions, needs, and tendencies. However, these factors are often left out of an application's design. Having the right UX competencies is key in assuring user behaviors are appropriately accommodated early in the delivery process.

    To learn more, visit Info-Tech's Modernize Your Corporate Website to Drive Business Value blueprint.

    Focus your efforts on all items that drive high user experience and satisfaction

    UX-driven mobile applications involve all interaction points and system components working together to create an immersive experience while being actively supported by delivery and operations teams. Many organizations commonly focus on visual and content design to improve the experience, but this is only a small fraction of the total UX design. Look beyond the surface to effectively enhance your application's overall UX.

    Typical Focus of Mobile UX

    Aesthetics
    What Are the Colors & Fonts?

    Relevance & Modern
    Will Users Receive Up to Date Content and Trending Features?

    UI Design
    Where Are the Interaction Points?

    Content Layout
    How Is Content Organized?

    Critical Areas of Mobile UX That Are Often Ignored

    Web Infrastructure
    How Will Your Application Be Operationally Supported?

    Human Behavior
    What Do the Users Feel About Your Application?

    Coding Language
    What Is the Best Language to Use?

    Cross-Platform Compatibility
    How Does It Work in a Browser Versus Each Mobile Platform?

    Application Quality
    How are Functional and Non-Functional Needs Balanced?

    Adoption & Retention
    How Do I Promote Adoption and Maintain User Engagement?

    Application Support
    How Will My Requests and Issues Be Handled?

    Use personas to envision who will be using your mobile application

    What Are Personas?

    Personas are detailed descriptions of the targeted audience of your mobile application. It represents a type of user in a particular scenario. Effective personas:

    • Express and focus on the major needs and expectations of the most important user groups.
    • Give a clear picture of the typical user's behavior.
    • Aid in uncovering critical features and functionalities.
    • Describe real people with backgrounds, goals, and values.

    Why Are Personas Important to UX?

    They are important because they help:

    • Focus the development of mobile application features on the immediate needs of the intended audience.
    • Detail the level of customization needed to ensure content is valuable to and resonates with the user.
    • Describe how users may behave when certain audio and visual stimulus are triggered from the mobile application.
    • Outline the special design considerations required to meet user accessibility needs.

    Key Elements of a Persona:

    • Professional and Technical Skills and Experiences (e.g., knowledge of mobile applications, area of expertise)
    • Persona Group (e.g., executives)
    • Technological Environment of User (e.g., devices, browsers, network connection)
    • Demographics (e.g., nationality, age, language spoken)
    • Typical Behaviors and Tendencies (e.g., goes to different website when cannot find information in 20 seconds)
    • Purpose of Using the Mobile Application (e.g., search for information, submit registration form)

    Create empathy maps to gain a deeper understanding of stakeholder personas

    Empathy mapping draws out the characteristics, motivations, and mannerisms of a potential end user.

    This image contains an image of an empathy map from XPLANE, 2017. it includes the following list: 1. Who are we empathizing with; 2. What do they need to DO; 3. What do they SEE; 4. What do they SAY?; 5. What do they DO; 6. What do they HEAR; 7. What do they THINK and FEEL.

    Source: XPLANE, 2017

    Empathy mapping focuses on identifying the problems, ambitions, and frustrations they are looking to resolve and describes their motivations for wanting to resolve them. This analysis helps your teams:

    • Better understand the reason behind the struggles, frustrations and motivators through a user's perspective.
    • Verify the accuracy of assertions made about the user.
    • Pinpoint the specific problem the mobile application will be designed to solve and the constraints to its successful adoption and on-going use.
    • Read more about empathy mapping and download the empathy map PDF template here.

    To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.

    1.1.1 Generate user personas with empathy maps

    1-3 hours

    1. Download the Empathy Map Canvas and draw the map on a whiteboard or project it on the screen.
    2. Choose an end user to be the focus of your empathy map. Using sticky notes, fill out the sections of the empathy map in the following order:
      1. Start by filling out the goals section. State who the subject of the empathy map will be and what activity or task you would like them to do.
        1. Focus on activities and tasks that may benefit from mobile.
      2. Next, complete the outer sections in clockwise order (see, say, do, hear). The purpose of this is to think in terms of what the subject of your empathy map is observing, sensing, and experiencing.
        1. Indicate the mobile devices and OS users will likely use and the environments they will likely be in (e.g., places with poor connections)
        2. Discuss accessibility needs and how user prefer to consume content.
      3. Last, complete the inner circle of the empathy map (pains and gains). Since you spent the last step of the exercise thinking about the external influences on your stakeholder, you can think about how those stimuli affect their emotions.
    3. Document your end user persona into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    		Output
    • List of potential mobile application users
    • User personas
    Materials Participants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.1.1 cont'd

    This image contains an image of an empathy map from XPLANE, 2017. it includes the following list: 1. Who are we empathizing with; 2. What do they need to DO; 3. What do they SEE; 4. What do they SAY?; 5. What do they DO; 6. What do they HEAR; 7. What do they THINK and FEEL.

    Download the Empathy Map Canvas

    Many business priorities are driving mobile

    Mobile Applications

    • Product Roadmap
      • Upcoming enterprise technology releases and updates offer mobile capabilities to expand its access to a broader userbase.
    • Cost Optimization
      • Maximizing business value in processes and technologies through disciplined and strategic cost and spending reduction practices with mobile applications.
    • Competitive Differentiation
      • Developing and optimizing your organization's distinct products and services quickly with mobile applications.
    • Digital Transformation
      • Transitioning processes, data and systems to a digital environment to broaden access to enterprise data and services anywhere at anytime.
    • Operational Efficiency
      • Improving software delivery and business process throughput by increasing worker productivity with mobile applications.
    • Other Business Priorities
      • New corporate products and services, business model changes, application rationalization and other priorities may require modernization, innovation and a mobile way of working.

    Focus on the mobile business and end user problem, not the solution

    People are naturally solution-focused. The onus isn't on them to express their needs in the form of a problem statement!

    When refining your mobile problem statement, attempt to answer the following four questions:

    • Who is impacted?
    • What is the (user or organizational) challenge that needs to be addressed?
    • Where does it happen?
    • Why does it matter?

    There are many ways of writing problem statements, a clear approach follows the format:

    • "Our (who) has the problem that (what) when (where). Our solution should (why)."
    • Example: "Our system analysts has the problem that new tickets take too long to update when working on user requests. Our approach should enable the analyst to focus on working with customers and not on administration."

    Adapted from: "Design Problem Statements – What and How to Frame Them"

    How to write a vision statement

    It's ok to dream a little!

    When thinking about a vision statement, think about:

    • Who is it for?
    • What does the customer need?
    • What can we do for them?
    • And why is this special?

    There are different statement templates available to help form your vision statements. Some include:

    1. For [our target customer], who [customer's need], the [product] is a [product category or description] that [unique benefits and selling points]. Unlike [competitors or current methods], our product [main differentiators]. (Crossing the Chasm)
    2. "We believe (in) a [noun: world, time, state, etc.] where [persona] can [verb: do, make, offer, etc.], for/by/with [benefit/goal].
    3. To [verb: empower, unlock, enable, create, etc.] [persona] to [benefit, goal, future state].
    4. Our vision is to [verb: build, design, provide], the [goal, future state], to [verb: help, enable, make it easier to...] [persona]."

    (Numbers 2-4 from: How to define a product vision)

    Info-Tech Best Practice

    A vision shouldn't be so far out that it doesn't feel real and so short term that it gets bogged down in minutiae and implementation details. Finding that right balance will take some trial and error and will be different depending on your organization.

    Ensure mobile supports ongoing value delivery and stakeholder expectations

    Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.

    Business value defines the success criteria of an organization, and it is interpreted from four perspectives:

    • Profit Generation – The revenue generated from a business capability with mobile applications.
    • Cost Reduction – The cost reduction when performing business capabilities with mobile applications.
    • Service Enablement – The productivity and efficiency gains of internal business operations with mobile applications.
    • Customer and Market Reach – Metrics measuring the improved reach and insights of the business in existing or new markets.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    This image contains a quadrant analysis with the following labels: Left - Improved Capabilities; Top - Outward; Right - Financial Benefit; Bottom - Inward. the quadrants are labeled the following, in order from left to right, top to bottom. Customer and Market Reach; Profit Generation; Service Enhancement; Cost Reduction

    Set realistic mobile goals

    Mobile applications enables the exploration of new and different ways to improve worker productivity and deliver business value. However, the realities of mobile applications may limit your ability to meet some of your objectives:

    • On the day of installation, the average retention rate for public-facing applications was 25.3%. By day 30, the retention rate drops to 5.7%. (Source: Statista, 2020)
    • 63% of 3,335 most popular Android mobile applications on the Google Play Store contained open-source components with known security vulnerabilities and other pervasive security concerns including exposing sensitive data (Source: Synopsys, 2021)
    • 62% of users would delete the application because of performance issues, such as crashes, freezes and other errors (Source: Intersog, 2021).

    These realities are not guaranteed to occur or impede your ability to deliver valuable mobile applications, but they can lead to unachievable expectations. Ensure your stakeholders are not oversold on advertised benefits and hold you accountable for unrealistic objectives. Recognize that the organization must also change how it works and operates to see the full benefit and adoption of mobile applications and overcome the known and unknown challenges and hurdles that often come with mobile delivery.

    Benchmarks present enticing opportunities, but should be used to set reasonable expectations

    66%
    Improve Market Reach
    66% of the global population uses a mobile device
    Source: DataReportal, 2021

    20%
    Connected Workers are More Productive
    Nearly 20 percent of mobile professionals estimate they miss more than three hours of working time a week not being able to get connected to the internet
    Source: iPass, 2017

    80%
    Increase Brand Recognition
    80% of smartphone users are more likely to purchase from companies whose mobile sites of apps help them easily find answers to their questions
    Source: Google, 2018

    Gauge the value with the right metrics

    Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.

    What should I measure?

    1. Mobile Application Engagement, Retention and User Satisfaction
      • The activeness of users on the applications, the number of returning users, and the happiness of the users.
      • Example: Number of tasks completed, number of active and returning users, session length and intervals, user satisfaction
    2. Value Driven from Mobile Applications
      • The business value that the user directly or indirectly receives with the mobile application.
      • Example: Mobile application revenue, business operational costs, worker productivity, business reputation and image
    3. Delivery Throughput and Quality
      • The health and quality of your mobile applications throughout their lifespan and the speed to deliver working applications that meet stakeholder expectations.
      • Example: Frequency of release, lead time, request turnaround, escaped defects, test coverage.

    Use Info-Tech's diagnostic to evaluate the reception of your mobile applications

    Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.

    This image contains a screenshot from Info-Tech's Application Portfolio Assessment (APA) Diagnostic

    USE THE PROGRAM DIAGNOSTIC TO:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    INTEGRATE DIAGNOSTIC RESULTS TO:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Use a canvas to define key elements of your mobile initiative

    Mobile Application Initiative Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    Problem Statement

    Vision

    The problem or need mobile applications are addressing

    Vision, unique value proposition, elevator pitch, or positioning statement

    Business Goals & Metrics

    Capabilities, Processes & Application Systems

    List of business objectives or goals for the mobile application initiative.

    List of business capabilities, processes and application systems related to this initiative.

    Personas/Customers/Users

    Stakeholders

    List of groups who consume the mobile application

    List of key resources, stakeholders, and teams needed to support the process, systems and services

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    1.1.2 Build your mobile application canvas

    1-3 hours

    1. Complete the following fields to build your mobile application canvas:
      • Mobile application initiative name
      • Mobile application owner
      • Parent initiative name
      • Problem that mobile applications are intending to solve and your vision. See the outcome from the previous exercise.
      • Mobile application business goals and metrics.
      • Capabilities, processes and application systems involved
      • Primary customers/users (For additional help with your product personas, download and complete to Deliver on Your Digital Product Vision.)
    2. Stakeholders
    3. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    		Output
    • User personas
    • Business strategy
    • Problem and vision statements
    • Mobile objectives and metrics
    • Mobile application canvas
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.1.2 cont'd

    Mobile Application Initiative Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    Problem Statement

    Vision

    [Problem Statement]

    [Vision]

    Business Goals & Metrics

    Capabilities, Processes & Application Systems

    [Business Goal 1, Metric]
    [Business Goal 2, Metric]
    [Business Goal 3, Metric]

    [Business Capability]
    [Business Process]
    [Application System]

    Personas/Customers/Users

    Stakeholders

    [User 1]
    [User 2]
    [User 3]

    [Stakeholder 1]
    [Stakeholder 2]
    [Stakeholder 3]

    Create your mobile backlog

    Your backlog gives you a holistic understanding of the demand for mobile applications across your organization.

    Opportunities
    Trends
    MVP

    External Sources

    Internal Sources

    • Market Trends Analysis
    • Competitive Analysis
    • Regulations & Industry Standards
    • Customer & Reputation Analysis
    • Application Rationalization
    • Capability & Value Stream Analysis
    • Business Requests & Incidents
    • Discovery & Mining Capabilities

    A mobile application minimum viable product (MVP) focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to maximize learning, evaluate value and acceptance, and inform the development of a full-fledged mobile delivery practice.

    Find your mobile opportunities

    Modern mobile technologies enable users to access, analyze and change data anywhere with native device features, which opens the door to enhanced processes and new value sources.

    Examples of Mobile Opportunities:

    • Mobile Payment
      • Cost alternative to credit card transaction fees.
      • Loyalty systems are updated upon payment without need of a physical card.
      • Quicker completion of transactions.
    • Inventory Management
      • Update inventory database when shipments arrive or deliveries are made.
      • Inform retailers and consumers of current stock on website.
      • Alert staff of expired or outdated products.
    • Quick and Small Data Transfer
      • Embed tags into posters to transfer URIs, which sends users to sites containing product or location information.
      • Replace entry tags, fobs, or smart cards at doors.
      • Exchange contact details.
    • Location Sensitive Information
      • Proactively send promotions and other information (e.g. coupons, event details) to users within a defined area.
      • Inform employees of nearby prospective clients.
    • Supply Chain Management
      • Track the movement and location of goods and delivery trucks.
      • Direct drivers to the most optimal route.
      • Location-sensitive billing apps such as train and bus ticket purchases.
    • Education and Learning
      • Educate users about real-world objects and places with augmented books and by pushing relevant learning materials.
      • Visualize theories and other text with dynamic 3D objects.
    • Augmented Reality (AR)
      • Provide information about the user's surroundings and the objects in the environment through the mobile device.
      • Interactive and immersive experiences with the inclusion of virtual reality.
    • Architecture and Planning
      • Visualize historic buildings or the layout of structural projects and development plans.
      • Develop a digital tour with location-based audio initiated with location-based services or a camera.
    • Navigation
      • Provide directions to users to navigate and provide contextual travelling instructions.
      • Push traffic notifications and route changes to travelling users.
    • Tracking User Movement
      • Predict the future location of users based on historic information and traffic modelling.
      • Proactively push information to users before they reach their destination.

    1.1.3 Build your mobile backlog

    1-3 hours

    1. As a group, discuss the use and value mobile already has within your organization for each persona.
      1. What are some of the apps being used?
      2. What enterprise systems and applications are already exposed to the web and accessible by mobile devices?
      3. How critical is mobile to business operations, marketing campaigns, etc.?
    2. Discuss how mobile can bring additional business value to other areas of your organization for each persona.
      1. Can mobile enhance your customer reach? Do your customers care that your services are offered through mobile?
      2. Are employees asking for better access to enterprise systems in order to improve their productivity?
    3. Write your mobile opportunities in the following form: As a [end user persona], I want to [process or capability to enable with mobile applications], so that [organizational benefit]. Prioritize each opportunity against feasibility, desirability, and viability.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    		Output
    • Problem and vision statements
    • Mobile objectives and metrics
    • Mobile application canvas
    • Mobile opportunities backlog
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Manage your mobile backlog

    Your backlog stores and organizes your mobile opportunities at various stages of readiness. It must be continuously refined to address new requests, maintenance and changing priorities.

    3 – IDEAS
    Composed of raw, vague, and potentially large ideas that have yet to go through any formal valuation.

    2 – QUALIFIED
    Researched and qualified opportunities awaiting refinement.

    1 READY
    Discrete, refined opportunities that are ready to be placed in your team's delivery plans.

    Adapted from Essential Scrum

    A well-formed backlog can be thought of as a DEEP backlog

    • Detailed Appropriately: opportunities are broken down and refined as necessary
    • Emergent: The backlog grows and evolves over time as opportunities are added and removed.
    • Estimated: The effort an opportunity requires is estimated at each tier.
    • Prioritized: The opportunity's value and priority are determined at each tier.

    (Source Perforce, 2018)

    See our Deliver on Your Digital Product Vision for more information on backlog practices.

    Step 1.2

    Identify Your Technical Needs

    Activities

    1.2.1 Discuss your mobile needs

    1.2.2 Conduct a technical assessment

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • List of mobile features to enable the desired mobile experience
    • System current assessment

    Describe your desired mobile experiences with journey maps

    A journey map tells the story of the user's experience with an existing or prospective product or service, starting with a trigger, through the process of engagement, to create an outcome. Journey maps can focus on a particular part of the user's or the entire experience with your organization's products or services. All types of maps capture key interactions and motivations of the user in chronological order.

    Why are journey maps an important for mobile application delivery?

    Everyone has their own preferred method for completing their tasks on mobile devices – often, what differentiates one persona from another has to do with how users privately behave. Understand that the activities performed outside of IT's purview develop context for your persona's pain points and position IT to meet their needs with the appropriate solution.

    To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.

    Two charts are depicted, the first shows the path from Trigger, through steps 1-4, to the outcome, and the Activities and Touchpoints for each. The second chart shows the Expectation analysis, showing which steps are must-haves, nice-to-haves, and hidden-needs.

    Pinpoint specific mobile needs in your journey map

    Realize that mobile applications may not precisely fit with your personas workflow or align to their expectations due to device and system limitations and restrictions. Flag the mobile opportunities that require significant modifications to underlying systems.

    Consider these workflow scenarios that can influence your persona's desire for mobile:

    Workflow Scenarios Ask Yourself The Key Questions Technology Constraints or Restrictions to Consider Examples of Mobile Opportunities

    Data View – Data is queried, prepared and presented to make informed decisions, but it cannot be edited.

    Where is the data located and can it be easily gathered and prepared?

    Is the data sensitive and can it be locally stored?

    What is the level of detail in my view?

    Multi-factor authentication required.

    Highly sensitive data requires encryption in transit and at rest.

    Minor calculations and preparation needed before data view.

    Generate a status report.

    View social media channels.

    View contact information.

    Data Collection – Data is inputted directly into the application and updates back-end system or integrated 3rd party services.

    Do I need special permission to add, delete and overwrite data?

    How much data can I edit?

    Is the data automatically gathered?

    Bandwidth restrictions.

    Multi-factor authentication required.

    Native device access required (e.g., camera).

    Multiple types and formats of gathered data.

    Manual and automatic data gathering

    Book appointments with clients.

    Update inventory.

    Tracking movement of company assets.

    Data Analysis & Modification – Data is evaluated, manipulated and transformed through the application, back-end system or 3rd party service.

    How complex are my calculations?

    Can computations be offloaded?

    What resources are needed to complete the analysis?

    Memory and processing limitations on device.

    Inability to configure device and enterprise hardware to support system resource demand.

    Scope and precision of analysis and modifications.

    Evaluate and propose trends.

    Gauge user sentiment.

    Propose next steps and directions.

    Define the mobile experience your end users want

    Anytime, Anywhere
    The user can access, update and analyze data, and corporate products and services whenever they want, in all networks, and on any device.

    Hands-Off & Automated
    The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.

    Personalized & Insightful
    Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware or predicted actions.

    Integrated Ecosystem
    The application supports a seamless experience across various 3rd party and enterprise applications and services the user needs.

    Visually Pleasing & Fulfilling
    The UI is intuitive and aesthetically gratifying with little security and performance trade-offs to use the full breadth of its functions and services.

    Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.

    1.2.1 Discover your mobile needs

    1-3 hours

    1. Define the workflow of a high priority opportunity in your mobile backlog. This workflow can be pertaining to an existing mobile application or a workflow that can benefit with a mobile application.
      1. Indicate the trigger that will initiate the opportunity and the desired outcome.
      2. Break down the persona's desired outcome into small pieces of value that are realized in each workflow step.
    2. Identify activities and touchpoints the persona will need to complete to finish each step in the workflow. Indicate the technology used to complete the activity or to facilitate the touchpoint.
    3. Indicate which activities and touchpoints can be satisfied, complimented or enhanced with mobile.

    Input

    		Output
    • User personas
    • Mobile application canvas
    • Desired mobile experience
    • List of mobile features
    • Journey map
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.2.1 cont'd

    Workflow

    Trigger

    Conduct initial analysis

    Get planning help

    Complete and submit RFP

    Design and implement solution

    Implement changes

    Activities, Channels, and Touchpoints

    Need is recognized in CIO council meeting

    See if we have a sufficient solution internally

    Seek planning help (various channels)

    *Meet with IT shared services business analyst

    Select the appropriate vendor

    Follow action plan

    Compliance rqmt triggered by new law

    See if we have a sufficient solution internally

    *Hold in-person initial meeting with IT shared services

    *Review and approve rqmts (email)

    Seek miscellaneous support

    Implement project and manage change

    Research potential solutions in the marketplace

    Excess budget identified for utilization

    Pick a "favorite" solution

    *Negotiate and sign statement of work (email)

    Prime organization for the change

    Create action plan

    If solution is unsatisfactory, plan remediation

    Current Technology

    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • ERP
    • IT asset management
    • Internet browser for research
    • Virtual environment to demonstrate solutions
    • Email
    • Vendor assessment and procurement solution
    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • PDF documents and reader
    • Digital signature
    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • PDF documents and reader
    • Digital signature
    • Email
    • Video conferencing
    • Phone
    • Vendor assessment and procurement solution
    • Project management solution
    • Team collaboration solution
    • Email
    • Video conferencing
    • Phone
    • Project management solution
    • Team collaboration solution
    • Vendor's solution

    Legend:

    Bold – Touchpoint

    * – Activities or Touchpoints That Can Benefit with Mobile

    1.2.1 cont'd

    1-3 hours

    1. Analyze persona expectations. Identify the persona's must-haves, then nice-to-haves, and then hidden needs to effectively complete the workflow.
      1. Must-haves. The necessary outcomes, qualities, and features of the workflow step.
      2. Nice-to-haves. Desired outcomes, qualities, or features that your persona is able to articulate or express.
      3. Hidden needs. Outcomes, qualities, or features that your persona is not aware they have a desire for; benefits that they are pleasantly surprised to receive. These will usually be unknown for your first-iteration journey map.
    2. Indicate which persona expectations can be satisfied with mobile. Discuss what would the desired mobile experience be.
    3. Discuss feedback and experiences your team has heard from the personas they engage with regularly.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    1.2.1 cont'd

    Example

    This image contains an example workflow for determining mobile needs.

    1.2.1 cont'd

    Template:

    Workflow

    		TriggerStep 1Step 2Step 3Step 4

    Desired Outcome

    Journey Map

    Activities & Touch-points

    <>

    <>

    <>

    <>

    <>

    <>

    Must-Haves

    <>

    <>

    <>

    <>

    <>

    <>

    Nice-to-Haves

    <>

    <>

    <>

    <>

    <>

    <>

    Hidden Needs

    <>

    <>

    <>

    <>

    <>

    <>

    Emotional Journey

    <>

    <>

    <>

    <>

    <>

    <>

    If you need more than four steps in the workflow, duplicate this slide.

    Understand how mobile fits with your current system

    Evaluate the risks and impacts of your desired mobile features by looking at your enterprise system architecture from top to bottom. Is your mobile vision and needs compatible with your existing business capabilities and technologies?

    An architecture is usually represented by one or more architecture views that together provide a coherent description of the application system, including demonstrating the full impact mobile will have. A single, comprehensive model is often too complex to be understood and communicated in its most detailed form, and a model too high level hides the underlying complexity of an application's structure and deployment (The Open Group, TOGAF 8.1.1 - Developing Architecture Views). Obtain a complete understanding of your architecture by assessing it through multiple levels of views to reveal different sets of concerns:

    Application Architecture Views

    1. Use Case View
    • How does your business operate, and how will users interact with your mobile applications?
  • . Process View
    • What is the user workflow impacted by mobile, and how will it change?
  • Component View
    • How are my existing applications structured? What are its various components? How will mobile expand the costs of the existing technical debt?
  • Data View
    • What is the relationship of the data and information consumed, analyzed, and transmitted? Will mobile jeopardize the quality and reliability of the data?
  • Deployment View
    • In what environment are your mobile application components deployed? How will the existing systems operate with your mobile applications?
  • System View
    • How does your mobile application communicate with other internal and external systems? How will dependencies change with mobile?

    • See our Enhance Your Solution Architecture for more information.

    Ask key questions in your current system assessment

    • How do the various components of your system communicate with each other (e.g., web APIs, middleware, and point to point)?
    • What information is exchanged during the conversation?
    • How does the data flow from one component to the next? Is the data read-only or can application and users edit and modify it?
    • What are the access points to your mid- and back-tier systems (e.g., user access through web interface, corporate networks and third-party application access through APIs)?
    • Who has access to your enterprise systems?
    • Which components are managed and operated by third-party providers? What is your level of control?
    • What are the security protocols currently enforced in your system?
    • How often are your databases updated? Is it real-time or periodic extract, transfer, and load (ETL)?
    • What are the business rules?
    • Is your mobile stack dependent on other systems?
    • Is a mobile middleware, web server, or API gateway needed to help facilitate the integration between devices and your back-end support?

    1.2.2 Conduct a technical assessment

    1-3 hours

    1. Evaluate your current systems that will support the journey map of your mobile opportunities based on two categories: system quality and system management. Use the tables on the following slides and modify the questions if needed.
    2. Discuss if the current state of your system will impede your ability to succeed with mobile. Use this discussion to verify the decision to continue with mobile applications in your current state.
    3. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    		Output
    • Journey map
    • Understanding of current system
    • Assessment of current system
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.2.2 cont'd

    Current State System Quality Assessment

    Factors Definitions Survey Responses
    Fit-for-Purpose System functionalities, services and integrations are designed and implemented for the purpose of satisfying the end users' needs and technology compatibilities. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Response Rate The system completes computation and processing requests within acceptable timeframes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Data Quality The system delivers consumable, accurate, and trustworthy data. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Usability The system provides functionalities, services and integrations that are rewarding, engaging, intuitive, and emotionally satisfying. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Reliability The system is resilient or quickly recovers from issues and defects. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Accessible The system is available on demand and on the end user's preferred interface and device. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Secured End-user activity and data is protected from unauthorized access. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Adaptable The system can be quickly tailored to meet changing end-user and technology needs with reusable and customizable components. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)

    1.2.2 cont'd

    Current State System Management Assessment

    Factors Definitions Survey Responses
    Documentation The system is documented, accurate, and shared in the organization. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Measurement The system is continuously measured against clearly defined metrics tied to business value. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Compliance The system is compliant with regulations and industry standards. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Continuous Improvement The system is routinely rationalized and enhanced. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Architecture There is a shared overview of how the process supports business value delivery and its dependencies with technologies and other processes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Ownership & Accountability The process has a clearly defined owner who is accountable for its risks and roadmap. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Support Resources are available to address adoption and execution challenges. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Organizational Change Management Communication, onboarding, and other change management capabilities are available to facilitate technology and related role and process changes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)

    Step 1.3

    Define Your Non-Functional Requirements

    Activities

    1.3.1 Define mobile application quality

    1.3.2 Verify your decision to deliver mobile applications

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams

    Outcomes of this step

    • Mobile application quality definition
    • Readiness for mobile delivery

    Build a strong foundation of mobile application quality

    Functionality and aesthetics often take front seats in mobile application delivery. Applications are then frequently modified and changed, not because they are functionally deficient or visually displeasing, but because they are difficult to maintain or scale, too slow, vulnerable or compromised. Implementing clear quality principles (i.e., non-functional requirements) and strong quality assurance practices throughout delivery are critical to minimize the potential work of future maintenance and to avoid, mitigate and manage IT risks.

    What is Mobile Application Quality?

    • Quality requirements (i.e., non-functional requirements) are properties of a system or product that dictate how it should behave at runtime and how it should be designed, implemented, and maintained.
    • These requirements should be involved in decision making around architecture, UI and functional design changes.
    • Functionality should not dictate the level of security, availability, or performance of a product, thereby risking system quality. Functionality and quality are viewed orthogonally, and trade-offs are discussed when one impacts the other.
    • Quality attributes should never be achieved in isolation as one attribute can have a negative or positive impact on another (e.g. security and availability).

    Why is Mobile Quality Assurance Critical?

    • Quality assurance (QA) is a necessity for the validation and verification of mobile delivery, whether you are delivering applications in an Agile or Waterfall fashion. Effective QA practices implemented across the software development lifecycle (SDLC) are vital, as all layers of the mobile stack need to readily able to adjust to suddenly evolving and changing business and user needs and technologies without risking system stability and breaking business standards and expectations.
    • However, investments in QA optimizations are often afterthoughts. QA is commonly viewed as a lower priority compared to other delivery capabilities (e.g., design and coding) and is typically the first item cut when delivery is under pressure.

    See our Build a Software Quality Assurance Program for more information.

    Mobile emphasizes the importance of good security, performance and integration

    Today's mobile workforce is looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile device, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.

    Cloud Solutions: Can I use my existing APIs?. Solutions in Corporate Networks: Do my legacy systems have the capacity to support mobile?; How do I integrate solutions and data from multiple sources into a single view?; Third Party Solutions: Will I have a significant performance bottleneck?; Single View on Mobile Devices: How is corporate data stored on the device?; What new technology dependencies must I account for in my architecture and operational support capabilities?

    Mobile risks opening and widening existing security gaps

    New mobile technologies and the continued expansion of the enterprise environment increase the number of entry points attackers to your corporate data and networks. The ever-growing volume, velocity, and variety of new threats puts significant pressure on mobile delivery teams who are responsible for implementing mobile security measures and maintaining alignment to your security policies and those of app stores.

    Mobile attacks can come from various vectors:

    Attack Surface: Mobile Device

    Attack Surface: Network

    Attack Surface: Data Center

    Browser:
    Phishing
    Buffer Overflow
    Data Caching

    System:
    No Passcode
    Jailbroken and Rooted OS
    No/Weak Encryption
    OS Data Caching

    Phone:
    SMSishing
    Radio Frequency Attacks

    Apps:
    Configuration Manipulation
    Runtime Injection
    Improper SSL Validation

    • Packet Sniffing
    • Session Hijacking
    • Man-in-the-Middle (circumvent password verification systems)
    • Fake SSL Certificate
    • Rogue Access Points

    Web Server:
    Cross-Site Scripting (XSS)
    Brute Force Attacks
    Server Misconfigurations

    Database:
    SQL Injection
    Data Dumping

    Understand the top web security risks and vulnerabilities seen in the industry

    Recognize mobile applications are exposed to the same risks and vulnerabilities as web applications. Learn of OWASP's top 10 web security risks.

    • Broken Access Control
      • Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.
    • Cryptographic Failures
      • Improper and incorrect protection of data in transit and at rest, especially proprietary and confidential data and those that fall under privacy laws.
    • Injection
      • Execution of malicious code and injection of hostile or unfiltered data on the mobile device via the mobile application.
    • Insecure Design
      • Missing or ineffective security controls in the application design. An insecure design cannot be fixed by a perfect implementation,. Needed security controls were never created to defend against specific attacks.
    • Security Misconfiguration
      • The security settings in the application are not securely set or configured, including poor security hardening and inadequate system upgrading practices.
    • Vulnerable and Outdated Components
      • System components are vulnerable because they are unsupported, out of date, untested or not hardened against current security concerns.
    • Identification and Authentication Failures
      • Improper or poor protection against authentication-related attacks, particularly to the user's identity, authentication and session management.
    • Software and Data Integrity Failures
      • Failures related to code and infrastructure that does not protect against integrity violations, such as an application relying upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks
    • Security Logging and Monitoring Failures
      • Insufficient logging, detection, monitoring, and active response that hinders the ability to detect, escalate, and respond to active breaches.
    • Server-Side Request Forgery (SSRF)
      • SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL.

    Good mobile application performance drives satisfaction and value delivery

    Underperforming mobile applications can cause your users to be unproductive. Your mobile applications should always aim to satisfy the productivity requirements of your end users.

    Users quickly notice applications that are slow and difficult to use. Providing a seamless experience for the user is now heavily dependent on how well your application performs. Optimizing your mobile application's processing efficiency can help your users perform their jobs properly in various environment conditions.

    Productive Users Need
    Performant Mobile Applications

    Persona

    Mobile Application Use Case

    Optimized Mobile Application

    Stationary Worker

    • Design flowcharts and diagrams, while abandoning paper and desktop apps in favor of easy-to-use, drawing tablet applications.
    • Multitask by checking the application to verify information given by a vendor during their presentation or pitch.
    • Flowcharts and diagrams are updated in real time for team members to view and edit
    • Compare vendors under assessment with a quick look-up app feature

    Roaming Worker (Engineer)

    • Replace physical copies of service and repair manuals physically stored with digital copies and access them with mobile applications.
    • Scan or input product bar code to determine whether a replacement part is available or needs to be ordered.
    • Worker is capable of interacting with other features of the mobile web app while product bar code is being verified

    Enhance the performance of the entire mobile stack

    Due to frequently changing mobile hardware, users' high performance expectations and mobile network constraints, mobile delivery teams must focus on the entire mobile stack for optimizing performance.

    Fine tune your enterprise mobile applications using optimization techniques to improve performance across the full mobile stack.

    This image contains a bar graph ranking the importance of the following datapoints: Minimize render blocking resources; Configure the mobile application viewport; Determine the right image file format ; Determine above-the-fold content; Minimize browser reflow; Adopt UI techniques to improve perceived latency; Resource minification; Data compression; Asynchronous programming; Resource HTTP caching; Minimize network roundtrips for first time to render.

    Info-Tech Insight

    Some user performance expectations can be managed with clever UI design (e.g., spinning pinwheels to indicate loading in progress and directing user focus to quick loading content) and operational choices (e.g. graceful degradation and progressive enhancements).

    Create an API-centric integration strategy

    Mobile delivery teams are tasked to keep up with the changing needs of end users and accommodate the evolution of trending mobile features. Ensuring scalable APIs is critical in quickly releasing changes and ensuring availability of corporate services and resources.

    As your portfolio of mobile applications grows, and device platforms and browsers diversify, it will become increasingly complex to provide all the data and service capabilities your mobile apps need to operate. It is important that your APIs are available, reliable, reusable, and secure for multiple uses and platforms.

    Take an API-centric approach to retain control of your mobile development and ensure reliability.

    APIs are the underlying layer of your mobile applications, enabling remote access of company data and services to end users. Focusing design and development efforts on the maintainability, reliability and scalability of your APIs enables your delivery teams to:

    • Reuse tried-and-tested APIs to deliver, test and harden applications and systems quicker by standardizing on the use and structure of REST APIs.
    • Ensure a consistent experience and performance across different applications using the same API.
    • Uniformly apply security and access control to remain compliant to security protocols, industry standards and regulations.
    • Provide reliable integration points when leveraging third-party APIs and services.

    See our Build Effective Enterprise Integration on the Back of Business Process for more information.

    Guide your integration strategy with principles

    Craft your principles around good API management and integration practices

    Expose Enterprise Data And Functionality in API-Friendly Formats
    Convert complex on-premises application services into developer-friendly RESTful APIs

    Protect Information Assets Exposed Via APIs to Prevent Misuse
    Ensure that enterprise systems are protected against message-level attack and hijack

    Authorize Secure, Seamless Access for Valid Identities
    Deploy strong access control, identity federation and social login functionality

    Optimize System Performance and Manage the API Lifecycle
    Maintain the availability of backend systems for APIs, applications and end users

    Engage, Onboard, Educate and Manage Developers
    Give developers the resources they need to create applications that deliver real value

    Source: 5 Pillars of API Management, Broadcom, 2021

    Clarify your definition of mobile quality

    Quality does not mean the same thing to everyone

    Do not expect a universal definition of mobile quality. Each department, person and industry standard will have a different interpretation of quality, and they will perform certain activities and enforce policies that meet those interpretations. Misunderstanding of what is defined as a high quality mobile application within business and IT teams can lead to further confusion behind governance, testing priorities and compliance.

    Each interpretation of quality can lead to endless testing, guardrails and constraints, or lack thereof. Be clear on the priority of each interpretation and the degree of effort needed to ensure they are met.

    For example:

    Mobile Application Owner
    What does an accessible mobile application mean?

    Persona: Customer
    I can access it on mobile phones, tablets and the web browser

    Persona: Developer
    I have access to each layer of the mobile stack including the code & data

    Persona: Operations
    The mobile application is accessible 24/7 with 95% uptime

    Example: A School Board's Quality Definition

    Quality Attribute Definitions
    Usability The product is an intuitive solution. Usability is the ease with which the user accomplishes a desired task in the application system and the degree of user support the system provides. Limited training and documentation are required.
    Performance Usability and performance are closely related. A solution that is slow is not usable. The application system is able to meet timing requirements, which is dependent on stable infrastructure to support it regardless of where the application is hosted. Baseline performance metrics are defined and changes must result in improvements. Performance is validated against peak loads.
    Availability The application system is present, accessible, and ready to carry out its tasks when needed. The application is accessible from multiple devices and platforms, is available 24x7x365, and teams communicate planned downtimes and unplanned outages. IT must serve teachers international student's parents, and other users who access the application outside normal business hours. The application should never be down when it should be up. Teams must not put undue burden on end users accessing the systems. Reasonable access requirements are published.
    Security Applications handle both private and personal data, and must be able to segregate data based on permissions to protect privacy. The application system is able to protect data and information from unauthorized access. Users want it to be secure but seamless. Vendors need to understand and implement the District School Board's security requirements into their products. Teams ensure access is authorized, maintain data integrity, and enforce privacy.
    Reusability Reusability is the capability for components and subsystems to be suitable for use in other applications and in other scenarios. This attribute minimizes the duplication of components and implementation time. Teams ensure a modular design that is flexible and usable in other applications.
    Interoperability The degree to which two or more systems can usefully exchange meaningful information via interfaces in a particular context.

    Scalability

    There are two kinds of scalability:

    • Horizontal scalability (scaling out): Adding more resources to logical units, such as adding another server to a cluster of servers.
    • Vertical scalability (scaling up): Adding more resources to a physical unit, such as adding more memory to a single computer.

    Ease of maintenance and enhancements are critical. Additional care is given to custom code because of the inherent difficulty to make it scale and update.

    Modifiability The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable.
    Testability The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases.
    Supportability The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system.
    Cost Efficiency The application system is executed and maintained in such a way that each area of cost is reduced to what is critically needed. Cost efficiency is critical (e.g. printers cost per page, TCO, software what does downtime cost us), and everyone must understand the financial impact of their decisions.
    Self-Service End users are empowered to make configurations, troubleshoot and make changes to their application without the involvement of IT. The appropriate controls are in place to manage the access to unauthorized access to corporate systems.
    Modifiability The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable.
    Testability The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases.
    Supportability The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system.

    1.3.1 Define mobile application quality

    1-3 hours

    1. List 5 quality attributes that your organization sees as important for a successful mobile application.
    2. List the core personas that will support mobile delivery and that will consume the mobile application. Start with development, operations and support, and end user.
    3. Describe each quality attributes from the perspective of each persona by asking, "What does quality mean to you?".
    4. Review each description from each persona to come to an acceptable definition.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    		Output
    • User personas
    • Mobile application canvas
    • Journey map
    • Mobile application quality definition
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.3.1 cont'd

    Example: Info-Tech Guided Implementation with a Legal and Professional Services Organization

    Quality AttributeDeveloperOperations & Support TeamEnd Users

    Usability

    • Architecture and frameworks are aligned with industry best practices
    • Regular feedback through analytics and user feedback
    • Faster development and less technical debt
    • Pride in the product
    • Satisfaction that the product is serving its purpose and is actually being used by the user
    • Increased update of product use and feedback for future lifecycle
    • Standardization and positive perception of IT processes
    • Simpler to train users to adopt products and changes
    • Trust in system and ability to promote the product in a positive light
    • Trusted list of applications
    • Intuitive (easy to use, no training required)
    • Encourage collaboration and sharing ideas between end users and delivery teams
    • The information presented is correct and accurate
    • Users understand where the data came from and the algorithms behind it
    • Users learn features quickly and retain their knowledge longer, which directly correlates to decreased training costs and time
    • High uptake in use of the product
    • Seamless experience, use less energy to work with product

    Security

    • Secure by design approach
    • Testing across all layers of the application stack
    • Security analysis of our source code
    • Good approach to security requirement definition, secure access to databases, using latest libraries and using semantics in code
    • Standardized & clear practices for development
    • Making data access granular (not all or none)
    • Secure mission critical procedures which will reduce operational cost, improve compliance and mitigate risks
    • Auditable artifacts on security implementation
    • Good data classification, managed secure access, system backups and privacy protocols
    • Confidence of protection of user data
    • Encryption of sensitive data
    Availability
    • Good access to the code
    • Good access to the data
    • Good access to APIs and other integration technologies
    • Automatic alerts when something goes wrong
    • Self-repairing/recovering
    • SLAs and uptimes
    • Code documentation
    • Proactive support from the infrastructure team
    • System availability dashboard
    • Access on any end user device, including mobile and desktop
    • 24/7 uptime
    • Rapid response to reported defects or bugs
    • Business continuity

    1.3.2 Verify your decision to deliver mobile applications

    1-3 hours

    1. Review the various end user, business and technical expectations for mobile its achievability given the current state of your system and non-functional requirements.
    2. Complete the list of questions on the following slide as an indication for your readiness for mobile delivery.

    Input

    		Output
    • Mobile application canvas
    • Assessment to proceed with mobile
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.3.2 cont'd

    Skill Sets
    Software delivery teams have skills in creating mobile applications that stakeholders are expecting in value and quality. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Architects look for ways to reuse existing technical asset and design for future growth and maturity in mobile. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Resources can be committed to implement and manage a mobile platform. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Software delivery teams and resources are adaptable and flexible to requirements and system changes. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Delivery Process
    My software delivery process can accommodate last minute and sudden changes in mobile delivery tasks. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business and IT requirements for the mobile are clarified through collaboration between business and IT representatives. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Mobile will help us fill the gaps and standardize our software delivery process process. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    My testing practices can be adapted to verify and validate the mobile functional and non-functional requirements. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Technical Stack
    My mid-tier and back-end support has the capacity to accommodate additional traffic from mobile. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    I have access to my web infrastructure and integration technologies, and I am capable of making configurations. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    My security approaches and capabilities can be enhanced address specific mobile application risks and vulnerabilities. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    I have a sound and robust integration strategy involving web APIs that gives me the flexibility to support mobile applications. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    Phase 2

    Define Your Mobile Approach

    Choose Your Mobile Platform and Tools

    This phase will walk you through the following activities:

    • Step 2.1 – Choose Your Platform Approach
    • Step 2.2 – Shortlist Your Mobile Delivery Solution
    • Step 2.3 – Create a Roadmap for Mobile Delivery

    This phase involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Step 2.1

    Choose Your Platform Approach

    Activities

    2.1.1 Select your platform approach

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • Desired mobile platform approach

    Mobile value is dependent on the platform you choose

    What is a platform?

    "A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely coupled API architecture whether the supporting system is managed and supported by your organization or by 3rd party providers.

    Web

    The mobile web often takes on one of the following two approaches:

    • Responsive websites – Content, UI and other website elements automatically adjusts itself according to the device, creating a seamless experience regardless of the device.
    • Progressive web applications (PWAs) – PWAs uses the browser's APIs and features to offer native-like experiences.

    Mobile web applications are often developed with a combination of HTML, CSS, and JavaScript languages.

    Hybrid

    Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container, and it uses the device's browser runtime engine to support more sophisticated designs and features compared to the web approach. Hybrid mobile solutions allows teams to code once and deploy to multiple platforms.

    Some notable examples:

    • Gmail
    • Instagram

    Cross-Platform

    Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. Then the solution will compile the code into device-specific builds for native deployment.

    Some notable examples:

    • Facebook
    • Skype
    • Slack

    Native

    Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.

    With this platform, developers have direct access to local device features allowing customized operations. This enables the use of local resources, such as memory and runtime engines, which will achieve a higher performance than hybrid and cross-platform applications.

    Each platform offers unique pros and cons depending on your mobile needs

    WebHybridCross-PlatformNative

    Pros

    Cons

    Pros

    Cons

    Pros

    Cons

    Pros

    Cons

    • Modern browsers support the popular of web languages (HTML, CSS, and JavaScript).
    • Ubiquitous across multiple form factors and devices.
    • Mobile can be easily integrated into traditional web development processes and technical stacks.
    • Installations are not required, and updates are immediate.
    • Sensitive data can be wiped from memory after app is closed.
    • Limited access to local device hardware and software.
    • Local caching is available for limited offline capabilities, but the scope of tasks that can be completed in this scenario is restricted.
    • The browser's runtime engine is limited in computing power.
    • Not all browsers fully support the latest versions of HTML, CSS, or JavaScript.
    • Web languages can be used to develop a complete application.
    • Code can be reused for multiple platforms, including web.
    • Access to commonly-used native features that are not available through the web platform.
    • Quick delivery and maintenance updates compared to native and cross-platform platforms.
    • Consistent internet access is needed due to its reliance heavily reliance on web technologies to operate.
    • Limited ability to support complex workflows and features.
    • Sluggish performance compared to cross-platform and native applications.
    • Certain features may not operate the same across all platforms given the code once, deploy everywhere approach.
    • More cost-effective to develop than using native development approaches to gain similar features. Platform-specific developers are not needed.
    • Common codebase to develop applications on different applications.
    • Enables more complex application functionalities and technical customizations compared to hybrid applications.
    • Code is not portable across cross-platform delivery solutions.
    • The framework is tied to the vendor solution which presents the risk of vendor lock-in.
    • Deployment is dependent on an app store and the delivery solution may not guarantee the application's acceptance into the application store.
    • Significant training and onboarding may be needed using the cross-platform framework.
    • Tight integration with the device's hardware enables high performance and greater use of hardware features.
    • Computationally-intensive and complex tasks can be completed on the device.
    • Available offline access.
    • Apps are available through easy-to-access app stores.
    • Requires additional investments, such as app stores, app-specific support, versioning, and platform-specific extensions.
    • Developers skilled in a device-specific language are difficult to acquire and costly to train.
    • Testing is required every time a new device or OS is introduced.
    • Higher development and maintenance costs are tradeoffs for native device features.

    Start mobile development on a mobile web platform

    Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first and then consider a cross-platform application if you require device access or the need to meet specific non-functional requirements.

    Why choose a mobile web platform?

    Pros

    The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g., geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.

    Cons

    Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices requiring resources with specific skillsets and different tools to support development and testing.

    Other Notable Benefits with Web Languages

    • Modern browsers in most mobile devices are capable of executing and rendering many mobile features developed in web languages, allowing for greater portability and sophistication of code across multiple devices. However, this flexibility comes at the cost of performance since the browser's runtime engine will not perform as well as a native engine.
    • Web languages are well known by developers, minimizing skills and resourcing impacts. Consequently, changes can be quickly accommodated and updated uniformly across all end users.

    Do you need a native platform?

    Consider web workarounds if you choose a web platform but require some native experiences.

    The web platform does not give you direct access or sophisticated customizations to local device hardware and services, underlying code and integrations. You may run into the situation where you need some native experiences, but the value of these features may not offset the costs to undertake a native, hybrid or cross-platform application. When developing hybrid and cross-platform applications with a mobile delivery solution, only the APIs of the commonly used device features are available. Note that some vendors may not offer a particular native feature across all devices, inhibiting your ability to achieve feature parity or exploiting device features only available in certain devices. Workarounds are then needed.

    Consider the following workarounds to address the required native experiences on the web platform:

    Native Function Description Web Workaround Impact
    Camera Takes pictures or records videos through the device's camera. Create an upload form in the web with HTML5. Break in workflow leading to poor user experience (UX).
    Geolocation Detects the geographical location of the device. Available through HTML5. Not Applicable.
    Calendar Stores the user's calendar in local memory. Integrate with calendaring system or manually upload contacts. Costly integration initiative. Poor user experience.
    Contacts Stores contact information in local memory. Integrate app with contact system or manually upload contacts. Costly integration initiative. Poor user experience.
    Near Field Communication (NFC) Communication between devices by touching them together or bringing them into proximity. Manual transfer of data. A lot of time is consumed transferring simple information.
    Native Computation Computational power and resources needed to complete tasks on the device. Resource-intensive requests are completed by back-end systems and results sent back to user. Slower application performance given network constraints.

    Info-Tech Insight

    In many cases, workarounds are available when evaluating the gaps between web and native applications. For example, not having application-level access to the camera does not negate the user option to upload a picture taken by the camera through a web form. Tradeoffs like this will come down to assessing the importance of each platform gap for your organization and whether a workaround is good enough as a native-like experience.

    Architect and configure your entire mobile stack with a plan

    • Assess your existing technology stack that will support your mobile platform. Determine if it has the capacity to handle mobile traffic and the necessary integration between devices and enterprise and 3rd party systems are robust and reliable. Reach out to your IT teams and vendors if you are missing key mobile components, such as:
    • The acquisition and provisioning of physical or virtual mobile web servers and middleware from existing vendors.
    • Cloud services [e.g., Mobile Back-end as a Service (mBaaS)] that assists in the mobilization of back-end data sources with API SDKs, orchestration of data from multiple sources, transformation of legacy APIs to mobile formats, and satisfaction of other security, integration and performance needs.
    • Configure the services of your web server or middleware to facilitate the translation, transformation, and transfer of data between your mobile front-end and back-end. If your plan involves scripts, maintenance and other ongoing costs will likely increase.
    • Leverage the APIs or adapters provided by your vendors or device manufacturers to integrate your mobile front-end and back-end support to your web server or middleware. If you are reusing a web server, the back-end integration should already be in place. Remember, APIs implement business rules to maintain the integrity of data exchange within your mobile stack.
    • See Appendix A for examples of reference architectures of mobile platforms.

    See our Enhance Your Solution Architecture for more information.

    Do Not Forget Your Security and Performance Requirements

    Security: New threats from mobile put organizations into a difficult situation beyond simply responding to them in a timely matter. Be careful not to take the benefits of security out of the mobile context. You need to make security a first-order citizen during the scoping, design, and optimization of your systems supporting mobile. It must also be balanced with other functional and non-functional requirements with the right roles taking accountability for these decisions.

    See our Strengthen the SSDLC for Enterprise Mobile Applications for more information.

    Performance: Within a distributed mobile environment, performance has a risk of diminishing due to limited device capacity, network hopping, lack of server scalability, API bottlenecks, and other device, network and infrastructure issues. Mobile web APIs suffer from the same pain points as traditional web browsing and unplanned API call management in an application will lead to slow performance.

    See our Develop Enterprise Mobile Applications With Realistic and Relevant Performance for more information.

    Enterprise platform selection requires a shift in perspective

    Your mobile platform selection must consider both user and enterprise (i.e., non-functional) needs. Use a two-step process for your analysis:

    Begin Platform Selection with a User-Centric Approach

    Organizations appealing to end users place emphasis on the user experience: the look and appeal of the user interface, and the satisfaction, ease of use, and value of its functionalities. In this approach, IT concerns and needs are not high priorities, but many functions are completed locally or isolated from mission critical corporate networks and sensitive data. Some needs include:

    • Performance: quick execution of tasks and calculations made on the device or offloaded to web servers or the cloud.
    • User Interface: cross-platform compatibility and feature-rich design and functionality. The right native experience is critical to the user adoption and satisfaction.
    • Device Access: use of local device hardware and software to complete app use cases, such as camera, calendar, and contact lists.

    Refine Platform Selection with an Enterprise-Centric Approach

    From the enterprise perspective, emphasis is on security, system performance, integration, reuse and other non-functional requirements as the primary motivations in the selection of a mobile platform. User experience is still a contributing factor because of the mobile application's need to drive value but its priority is not exclusive. Some drivers include:

    • Openness: agreed-upon industry standards and technologies that can be applied to serve enterprise needs which support business processes.
    • Integration: increase the reuse of legacy investments and existing applications and services with integration capabilities.
    • Flexibility: support for multiple data types from applications such as JSON format for mobile.
    • Capacity: maximize the utilization of your software delivery resources beyond the initial iteration of the mobile application.

    Info-Tech Insight

    Selecting a mobile platform should not solely be made on business requirements. Key technical stakeholders should be at the table in this discussion to provide insight on the implementation and ongoing costs and benefits of each platform. Both business and technical requirements should be considered when deciding on a final platform.

    Select your mobile platform

    Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).

    When does a platform makes sense to use?

    Web

    • Desire to maximize current web technologies investments (people, process, and technologies).
    • Use cases do not require significant computational resources on the device or are tightly constrained by non-functional requirements.
    • Limited budget to acquire mobile development resources.
    • Access to device hardware is not a high priority.

    Hybrid / Cross-Platform

    • The need to quickly spin up native-like applications for multiple platforms and devices.
    • Desire to leverage existing web development skills, but also a need for device access and meeting specific non-functional requirements.
    • Vendor support is needed for the entire mobile delivery process.

    Native

    • Developers are experts in the target programming language and with the device's hardware.
    • Strong need for high performance, security and device-specific access and customizations.
    • Application use cases requiring significant computing resources.

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.

    2.1.1 Select your platform approach

    1-3 hours

    1. Review your mobile objectives, end user needs and non-functional requirements.
    2. Determine which mobile platform is appropriate for each mobile opportunity or use case by answering the following questions on the following slides against two factors: user-centric and enterprise-centric needs.
    3. Calculate an average score for user-centric and one for enterprise-centric. Then, map them on the matrix to indicate possible platform options. Consider all options around the plotted point.
    4. Further discuss which platforms should be the preferred choice.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    		Output
    • Desired mobile experience
    • List of desired mobile features
    • Current state assessments
    • Mobile platform approach
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.1.1 cont'd

    User-Centric Needs: Functional Requirements

    Factors Definitions Survey Responses
    Device Hardware Access The scope of access to native device hardware features. Basic features include those that are available through current web languages (e.g., geolocation) whereas comprehensive features are those that are device-specific. 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive)
    Customized Execution of Device Hardware The degree of changes to the execution of local device hardware to satisfy functional needs. 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize)
    Device Software Access The scope of access to software on the user's device, such as calendars and contact. 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive)
    Customized Execution of Device Software The degree of changes to the execution of local device software to satisfy functional needs. 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize)
    Use Case Complexity Workflow tasks and decisions are simple and straightforward. Complex computation is not needed to acquire the desired outcome. 1 (Strongly Agree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Disagree)
    Computational Resources The resources needed on the device to complete desired functional needs. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Use Case Ambiguity The mobile use case and technical requirements are well understood and documented. Changes to the mobile application is likely. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Mobile Application Access Enterprise systems and data are accessible to the broader organization through the mobile application. This factor does not necessarily mean that anyone can access it untracked. You may still need to identify yourself or log in, etc. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Scope of Adoption & Impact The extent to which the mobile application is leveraged in the organization. 1 (Enterprise) – 2 – 3 (Department) – 4 – 5 (Team)
    Installable The need to locally install the mobile application. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Targeted Devices & Platforms Mobile applications are developed for a defined set of mobile platform versions and types and device. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Output Audience The mobile application transforms an input into a valuable output for high-priority internal or external stakeholders. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    2.1.1 cont'd

    User-Centric Needs: Native User Experience Factors

    Factors Definitions Survey Responses
    Immersive Experience The need to bridge physical world with the virtual and digital environment, such as geofencing and NFC. 1 (Internally Delivered) – 2 – 3 (3rd Party Supported) – 4 – 5 (Business Implemented)
    Timeliness of Content and Updates The speed of which the mobile application (and supporting system) responds with requested information, data and updates from enterprise systems and 3rd party services. 1 (Reasonable Delayed Response) – 2 – 3 (Partially Outsourced) – 4 – 5 (Fully Outsourced)
    Application Performance The speed of which the mobile application completes tasks is critical to its success. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Network Accessibility The needed ability to access and use the mobile application in various network conditions. 1 (Only Available When Online) – 2 – 3 (Partially Available When Online) – 4 – 5 (Available Online)
    Integrated Ecosystem The approach to integrate the mobile application with enterprise or 3rd party systems and services. 1 (Out-of-the-Box Connectors) – 2 – 3 (Configurable Connectors) – 4 – 5 (Customized Connectors)
    Desire to Have a Native Look-and-Feel The aesthetics and UI features (e.g., heavy animations) that are only available through native and cross-platform applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    User Tolerance to Change The degree of willingness and ableness for a user to change their way of working to maximize the value of the mobile application. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Mission Criticality The business could not execute its main strategy if the mobile application was removed. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business Value The mobile application directly adds business value to the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Industry Differentiation The mobile application provides a distinctive competitive advantage or is unique to your organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    2.1.1 cont'd

    Enterprise-Centric Needs: Non-Functional Requirements

    Factors Definitions Survey Responses
    Legacy Compatibility The need to integrate and operate with legacy systems. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Code Portability The need to enable the "code once and deploy everywhere" approach. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Vendor & Technology Lock-In The tolerance to lock into a vendor mobile delivery solution or technology framework. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Data Sensitivity The data used by the mobile application does not fall into the category of sensitive data – meaning nothing financial, medical, or personal identity (GDPR and worldwide equivalents). The disclosure, modification, or destruction of this data would cause limited harm to the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Data Policies Policies of the mobile application's data are mandated by internal departmental standards (e.g. naming standards, backup standards, data type consistency). Policies only mandated in this way usually have limited use in a production capacity. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Security Risks Mobile applications are connected to private data sources and its intended use will be significant if underlying data is breached. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business Continuity & System Integrity Risks The mobile application in question does not have much significance relative to the running of mission critical processes in the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    System Openness Openness of enterprise systems to enable mobile applications from the user interface to the business logic and backend integrations and database. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Mobile Device Management The organization's policy for the use of mobile devices to access and leverage enterprise data and services. 1 (Bring-Your-Own-Device) – 2 – 3 (Hybrid) – 4 – 5 (Corporate Devices)

    2.1.1 cont'd

    Enterprise-Centric Needs: Delivery Capacity

    Factors Definitions Survey Responses
    Ease of Mobile Delivery The desire to have out-of-the-box and packaged tools to expedite mobile application delivery using web technologies. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Solution Competency The capability for internal staff to and learn how to implement and administer mobile delivery tools and deliver valuable, high-quality applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Ease of Deployment The desire to have the mobile applications delivered by the team or person without specialized resources from outside the team. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Delivery Approach The capability to successfully deliver mobile applications given budgetary and costing, resourcing, and supporting services constraints. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Maintenance & Operational Support The capability of the resources to responsibly maintain and operate mobile applications, including defect fixes and the addition and extension of modules to base implementations of the digital product. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Domain Knowledge Support The availability and accessibility of subject and domain experts to guide facilitate mobile application implementation and adoption. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Delivery Urgency The desire to have the mobile application delivered quickly. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Reusable Components The desire to reuse UI elements and application components. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)

    2.1.1 cont'd

    Example:

    Score Factors (Average) Mobile Opportunity 1: Inventory Management Mobile Opportunity 2: Remote Support
    User-Centric Needs 4.25 3
    Functional Requirements 4.5 2.25
    Native User Experience Factors 4 1.75
    Enterprise-Centric Needs 4 2
    Non-Functional Requirements 3.75 3.25
    Delivery Capacity 4.25 2.75
    Possible Mobile Platform Cross-Platform Native PWA Hybrid

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform. Two yellow circles are overlaid, one containing the phrase: Remote Support - over the box containing Progressive Web Applications (PWA) or Hybrid; and a yellow circle containing the phrase Inventory MGMT, partly covering the box containing Native; and the box containing Cross-Platform.

    Build a scalable and manageable platform

    Long-term mobile success depends on the efficiency and reliability of the underlying operational platform. This platform must support the computational and performance demands in a changing business environment, whether it is composed of off-the-self or custom-developed solutions, or a single vendor or best-of-breed.

    • Application
      • The UI design and content language is standardized and consistently applied
      • All mobile configurations and components are automatically versioned
      • Controlled administration and tooling access, automation capabilities, and update delivery
      • Holistic portfolio management
    • Data
      • Automated data management to preserve data quality (e.g. removal of duplications)
      • Defined single source of truth
      • Adherence to data governance, and privacy and security policies
      • Good content management practices, governance and architecture
    • Infrastructure
      • Containers and sandboxes are available for development and testing
      • Self-healing and self-service environments
      • Automatic system scaling and load balancing
      • Comply to budgetary and licensing constraints
    • Integration
      • Backend database and system updates are efficient
      • Loosely coupled architecture to minimize system regressions and delivery effort
      • Application, system and data monitoring

    Step 2.2

    Shortlist Your Mobile Delivery Solution

    Activities

    2.2.1 Shortlist your mobile delivery solution

    2.2.2 Build your feature and service lists

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services

    Ask yourself: should I build or buy?

    Build Buy

    Multi-Source Best-of-Breed

    Vendor Add-Ons & Integrations

    Integrate various technologies that provide subset(s) of the features needed for supporting the business functions.

    Enhance an existing vendor's offerings by using their system add-ons either as upgrades, new add-ons or integrations.

    Pros

    • Flexibility in choice of tools.
    • In some cases, cost may be lower.
    • Easier to enhance with in-house teams.

    Cons

    • Introduces tool sprawl.
    • Requires resources to understand tools and how they integrate.
    • Some of the tools necessary may not be compatible with each other.

    Pros

    • Reduces tool sprawl.
    • Supports consistent tool stack.
    • Vendor support can make enhancement easier.
    • Total cost of ownership may be lower.

    Cons

    • Vendor Lock-In.
    • The processes to enhance may require tweaking to fit tool capability.

    Multi-Source Custom

    Single Source

    Integrate systems built in-house with technologies developed by external organizations.

    Buy an application/system from one vendor only.

    Pros

    • Flexibility in choice of tools.
    • In some cases, cost may be lower.
    • Easier to enhance with in-house teams.

    Cons

    • May introduce tool sprawl.
    • Requires resources to have strong technical skills
    • Some of the tools necessary may
    • not be compatible with each other.

    Pros

    • Reduces tool sprawl.
    • Supports consistent tool stack.
    • Vendor support can make enhancement easier.
    • Total cost of ownership may be lower.

    Cons

    • Vendor Lock-In.
    • The processes to enhance may require tweaking to fit tool capability.

    Weigh the pros and cons of mobile enablement versus development

    Mobile Enablement

    Mobile Development

    Description Mobile interfaces that heavily rely on enterprise or 3rd party systems to operate. Mobile does not expand the functionality of the system but complements it with enhanced access, input and consumption capabilities. Mobile applications that are custom built or configured in a way that can operate as a standalone entity, whether they are locally deployed to a user's device or virtually hosted.
    Mobile Platform Mobile web, locally installed mobile application provided by vendor Mobile web, hybrid, cross-platform, native
    Typical Audience Internal staff, trusted users Internal and external users, general public
    Examples of Tooling Flavors Enterprise applications, point solutions, robotic & process automation Mobile enterprise application platform, web development, low and no code development, software development kits (SDKs)
    Technical Skills Required Little to no mobile delivery experience and skillsets are needed, but teams must be familiar with the supporting system to understand how a mobile interface can improve the value of the system. Have good UX-driven and quality-first practices in the mobile context. In-depth coding, networking, system and UX design, data management and security skills are needed for complex designs, functions, and architectures.
    Architecture & Integration Architecture is standardized by the vendor or enterprise with UI elements that are often minimally configurable. Extensions and integrations must be done through the system rather than the mobile interface. Much of application stack and integration approach can be customized to meet the specific functional and non-functional needs. It should still leverage web and design standards and investments currently used.
    Functional Scope Functionality is limited to the what the underlying system allows the interface to do. This often is constrained to commodity web application features (e.g., reporting) or tied to minor configurations to the vendor-provided point solution Functionality is only constrained by the platform and the targeted mobile devices whether it is performance, integration, access or security related. Teams should consider feature and content parity across all products within the organization portfolio.
    Delivery Pipeline End-to-end delivery and automated pipeline is provided by the vendor to ensure parity across all interfaces. Many vendors provide cloud-based services for hosting. Otherwise, it is directly tied to the SDLC of the supporting system. End-to-end delivery and automated pipeline is directly tied to enterprise SDLC practices or through the vendor. Some vendors provide cloud-based services for hosting. Updates are manually or automatically (through a vendor) published to app stores and can be automatically pushed to corporate users through mobile application management capabilities.
    Standards & Guardrails Quality standards and technology governance are managed by the vendor or IT with limited capabilities to tailor them to be mobile specific. Quality standards and technology governance are managed by the mobile delivery teams. The degree of customizations to these standards and guardrails is dependent on the chosen platform and delivery team competencies.

    Understand the common attributes of a mobile delivery solution

    • Source Code Management – Built-in or having the ability to integrate with code management solutions for branching, merging, and versioning. Debugging and coding assistance capabilities may be available.
    • Single Code Base – Capable of programming in a standard coding and scripting language for deployment into several platforms and devices. This code base is aligned to a common industry framework (e.g., AngularJS, Java) or a vendor-defined one.
    • Out-of-the-Box Connectors & Plug-ins – Pre-built APIs enhance the solution's capabilities with 3rd party tools and systems to deliver and manage high quality and valuable mobile applications.
    • Emulators – Ability to virtualize an application's execution on a target platform and device.
    • Support for Native Features – Supports plug-ins and APIs for access to device-specific features.

    What are mobile delivery solutions?

    A mobile delivery solution gives you the tools, resources and support to enable or build your mobile application. They can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Some solutions can be barebone software development kits (SDKs) or comprehensive suites offering features to support the entire software delivery lifecycle, such as:

    • Mobile application management
    • Testing and publishing to app stores
    • Content management
    • Cloud hosting
    • Application performance management

    Info-Tech Insight

    Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need of acquiring new tools.

    Select your mobile delivery solutions

    1. Set the scope of your framework.
    • The initial context of this framework is based on the mobile functions needed to support your desired mobile experience and on the current state of your enterprise and 3rd party systems.
  • Define the decision factors for your solution selection.
    • Review the decision factors that will influence the selection of your mobile delivery solution for each mobile opportunity:
    • Stack Management – Who will be hosting and supporting your mobile application stack?
    • Workflows Complexity & Native Experience – How complex is your desired mobile experience and how will native device features be leveraged?
  • Select your solution type.
    • Mobile delivery solutions are broadly defined in the following groups:
    • Commercial-Off-The-Shelf (COTS) – Pre-built mobile applications requiring little to no configurations or implementation effort.
    • Vendor Hosted Mobile Platform – Back-end and mid-tier infrastructure and operational support are managed by a vendor.
    • Cross-Platform Development – Frameworks that transform a single code base into platform-specific builds.
    • Hybrid Development – Tools that wrap a single code base into a locally deployable build.
    • Custom Web Development – Environment enabling full stack development for mobile web applications.
    • Custom Native Development – Environment enabling full stack development for mobile native applications.

    • A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Explore the various solution options

    Vendor Hosted Mobile Platform

    • Cloud Services (Mobile Backend-as-a-Service) (Amazon Amplify, Kinvey, Back4App, Google Firebase, Apache Usergrid)
    • Low Code Mobile Platforms (Outsystems, Mendix, Zoho Creator, IBM Mobile Foundation, Pega Mobile, HCL Volt MX, Appery)
    • Mobile Development via Enterprise Application (SalesForce Heroku, Oracle Application Accelerator MAX, SAP Mobile Development Kit, NetSuite Mobile)
    • Mobile Development via Business Process Automation (PowerApps, Appian, Nintex, Quickbase)

    Cross-Platform Development SDKs

    React Native, NativeScript, Xamarin Forms, .NET MAUI, Flutter, Kotlin Multiplatform Mobile, jQuery Mobile, Telerik, Temenos Quantum

    Custom Native Development Solutions

    • Native Development Languages and Environments (Swift, Java, Objective-C, Kotlin, Xcode, NetBeans, Android Studio, AppCode, Microsoft Visual Studio, Eclipse, DriodScript, Compose, Atom)
    • Mobile Application Utilities (Unity, MonoGame, Blender, 3ds Max Design, Maya, Unreal Engine, Amazon Lumberyard, Oculus)

    Commercial-Off-the-Shelf Solutions

    • No Code Mobile Platforms (Swiftic, Betty Blocks, BuildFire, Appy Pie, Plant an App, Microsoft Power Apps, AppSheet, Wix, Quixy)
    • Mobile Application Point Solutions and Enablement via Enterprise Applications

    Hybrid Development SDKs

    Cordova Project, Sencha Touch, Electron, Ionic, Capacitor, Monaca, Voltbuilder

    Custom Web Development Solutions

    Web Development Frameworks (React, Angular, Vue, Express, Django, Rails, Spring, Ember, Backbone, Bulma, Bootstrap, Tailwind CSS, Blade)

    Get the most out of your solutions by understanding their core components

    While most of the heavy lifting is handled by the vendor or framework, understanding how the mobile application is built and operates can identify where further fine-tuning is needed to increase its value and quality.

    Platform Runtime

    Automatic provisioning, configurations, and tuning of organizational and 3rd party infrastructure for high availability, performance, security and stability. This can include cloud management and non-production environments.

    Extensions

    • Mobile delivery solutions can be extended to allow:
    • Custom development of back-end code
    • Customizable integrations and hooks where needed
    • Integrations with CI/CD pipelines and administrative services
    • Integrations with existing databases and authentication services

    Platform Services

    The various services needed to support mobile delivery and enable continuous delivery, such as:

    • Configuration & Change Management – Verifies, validates, and monitors builds, deployments and changes across all components.
    • Code Generator – Transforms UI and data models into native application components that are ready to be deployed.
    • Deployment Services – Deploys application components consistently across all target environments and app stores.
    • Application Services – Manages the mobile application at runtime, including executing scheduled tasks and instrumentation.

    Application Architecture

    Fundamentally, mobile application architecture is no different than any other application architecture so much of your design standards still applies. The trick is tuning it to best meet your mobile functional and non-functional needs.

    This image contains an example of mobile application architecture.

    Source: "HCL Volt MX", HCL.

    Build your shortlist decision criteria

    The decision on which type of mobile delivery solution to use is dependent on several key questions?

    Who is the Mobile Delivery Team?

    • Is it a worker, business or IT?
    • What skills and knowledge does this person have?
    • Who is supporting mobile delivery and management?
    • Are other skills and tools needed to support, extend or mature mobile delivery adoption?

    What are the Use Cases?

    • What is the value and priority of the use cases?
    • What native features do we need?
    • Who is the audience of the output and who is impacted?
    • What systems, data and services do I need access?
    • Is it best to build it or buy it?
    • What are the quality standards?
    • How strategic is the use case?

    How Complex is the System?

    • Is the mobile application a standalone or integrated with enterprise systems?
    • What is the system's state and architecture?
    • What 3rd party services do we need integrated?
    • Are integrations out-of-the-box or custom?
    • Is the data standardized and who can edit its definition?
    • Is the system monolithic or loosely coupled?

    How Much Can We Tolerate?

    • Risks: What are the business and technical risks involved?
    • Costs: How much can we invest in implementation, training and operations?
    • Change: What organizational changes am I expecting to make? Will these changes be accepted and adopted?

    2.2.1 Shortlist your mobile delivery solution

    1-3 hours

    1. Determine which mobile delivery solutions is appropriate for each mobile opportunity or use case by answering the following questions on the following slides against two factors: complexity of mobile workflows and native features and management of the mobile stack.
      1. Take the average of the enterprise-centric and user-centric scores from step 2.1 for your complexity of mobile workflows and native features scores.
    2. Calculate an average score for the management of the mobile stack. Then, map them on the matrix to indicate possible solution options alongside your user-centric scores. Consider all options around the plotted point.
    3. Further discuss which solution should be the preferred choice and compare those options with your selected platform approach.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    		Output
    • Current state assessment
    • Mobile platform approach
    • Shortlist of mobile delivery solution
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.2.1 cont'd

    Stack Management

    Factors Definitions Survey Responses
    Cost of Delayed Delivery The expected cost if a vendor solution or update is delayed. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Vendor Negotiation Organization's ability to negotiate favorable terms from vendors. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Controllable Delivery Timeline Organization's desire to control when solutions and updates are delivered. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Solution Hosting The desired approach to host the mobile application. 1 (Fully Outsourced) – 2 – 3 (Partially Outsourced) – 4 – 5 (Internally Hosted)
    Vendor Lock-In The tolerance to be locked into a specific technology stack or vendor ecosystem. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Operational Cost Target The primary target of the mobile application's operational budget. 1 (External Resources) – 2 – 3 (Hybrid) – 4 – 5 (Internal Resources)
    Platform Management The desired approach to manage the mobile delivery solution, platform or underlying technology. 1 (Decentralized) – 2 – 3 (Federated) – 4 – 5 (Centralized)
    Skill & Competency of Mobile Delivery Team The ability of the team to create and manage valuable and high-quality mobile applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Current Investment in Enterprise Technologies The need to maximize the ROI of current enterprise technologies or integrate with legacy technologies. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Ease of Extensibility Need to have out-of-the-box connectors and plug-ins to extend the mobile delivery solution beyond its base implementation. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Holistic Application Strategy Organizational priorities on the types of applications the portfolio should be comprised. 1 (Buy) – 2 – 3 (Hybrid) – 4 – 5 (Build)
    Control of Delivery Pipeline The desire to control the software delivery pipeline from design to development, testing, publishing and support. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Specific Quality Requirements Software and mobile delivery is constrained to your unique quality standards (e.g., security, performance, availability) 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)

    2.2.1 cont'd

    Example:

    Score Factors (Average) Mobile Opportunity 1: Inventory Management Mobile Opportunity 2: Remote Support
    User-Centric & Enterprise Centric Needs (From Step 2.1) 4.125 2.5
    Stack Management 2 2.5
    Desired Mobile Delivery Solution Vendor-Hosted Mobile Platform

    Commercial-Off-the-Shelf Solution

    Hybrid Development Solution

    A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions.

    Consider the following in your solution selection and implementation

    • Vendor lock in – Each solution has its own approach, frameworks, and data schemas to convert designs and logic into an executable build that is stable in the targeted environment. Consequently, moving application artifacts (e.g., code and designs) from one solution or environment to another may not be easily accomplished without significant modifications or the use of application modernization or migration services.
    • Conflicting priorities and viewpoints of good delivery practices – Mobile delivery solutions are very particular on how they generate applications from designs and configurations. The solution's approach may not accommodate your interpretation of high-quality code (e.g., scalability, maintainability, extensibility, security). Technical experts should be reviewing and refactoring the generated code.
    • Incompatibility with enterprise applications and systems – The true benefit of mobile delivery solutions is their ability to connect your mobile application to enterprise and 3rd party technologies and services. This capability often requires enterprise technologies and services to be architected in a way that is compatible with your delivery solution while ensuring data, security protocols and other standards and policies are consistently enforced.
    • Integration with current application development and management tools – Mobile delivery solutions should be extensions from your existing application development and management tools that provides the versioning, testing, monitoring, and deployment capabilities to sustain a valuable application portfolio. Without this integration, IT will be unable to:
      • Root cause issues found on IT dashboards or reported to help desk.
      • Rollback defective applications to a previous stable state.
      • Obtain a complete application portfolio inventory.
      • Execute comprehensive testing for high-risk applications.
      • Trace artifacts throughout the development lifecycle.
      • Generate reports of the status of releases.

    Enhance your SDLC to support mobile delivery

    What is the SDLC?

    The software development lifecycle (SDLC) is a process that ensures valuable software products are efficiently delivered to customers. It contains a repeatable set of activities needed to intake and analyze requirements to design, build, test, deploy, and maintain software products.

    How will mobile delivery influence my SDLC?

    • Cross-functional collaboration – Bringing business and IT together at the most opportune times to clarify user needs and business priorities, and set realistic expectations given technology and capacity constraints. The appropriate tactics and techniques are used to improve decision making and delivery effectiveness according to the type of work.
    • Iterative delivery – Frequent delivery of progressive changes minimizes the risk of low-quality features by containing and simplifying scope, and enables responsive turnarounds of fixes, enhancements, and priority changes.
    • Feedback loops –Mobile application owners constantly review, update and refine their backlog of mobile features and changes to reflect user feedback and system performance metrics. Delivery teams proactively prepare the application for future scaling based on lessons and feedback learned from earlier releases.

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    Example: Low- & No-Code Mobile Delivery Pipeline

    Low Code

    		Data Modeling & Configuration

    No Code

    Visual Interface with Complex Data Models

    		Data Modeling & Configuration

    Visual Interfaces with Simple Data Models

    GUI Designer with Customizable Components & Entities

    UI Definition & Design

    GUI Designer with Canned Templates

    Visual Workflow and Custom Scripting

    		Business Logic Rules and Workflow Specification

    Visual Workflow and Natural Language Scripting

    Out-of-the-Box Plugins & Custom Integrations

    		Integration of External Services (via 3rd Party APIs)

    Out-of-the-Box Plugins

    Automated and Manual Build & Packaging

    		Build & Package

    Automated Build & Packaging

    Automated & Manual Testing

    		Test

    Automated Testing

    One-Click Push or IT Push to App Store

    		Publish to App Store

    One-Click Push to App Store

    Use Info-Tech's research to address your delivery gaps

    Mobile success requires more than a set of good tools.

    Overcome the Common Challenges Faced with Building Mobile Applications

    Common Challenges with Digital Applications

    Suggested Solutions

    • Time & Resource Constraints
    • Buy-In From Internal Stakeholders
    • Rapidly Changing Requirements
    • Legacy Systems
    • Low-Priority for Internal Tools
    • Insufficient Data Access

    Source: DronaHQ, 2021

    Learn the differentiators of mobile delivery solutions

    • Native Program Languages – Supports languages other than web (Java, Ruby, C/C++/C#, Objective-C).
    • IDE Integration – Available plug-ins for popular development suites and editors.
    • Debugging Tools – Finding and eliminating bugs (breakpoints, single stepping, variable inspection, etc.).
    • Application Packaging via IDE – Digitally sign applications through the IDE for it to be packaged and published in app stores.
    • Automated Testing Tools – Native or integration with automated functional and unit testing tools.
    • Low- and No- Code Designer – Tools for designing graphical user interfaces and features and managing data with drag-and-drop functionalities.
    • Publishing and Deployment Capabilities – Automated deployment to mobile device management (MDM) systems, mobile application management (MAM) systems, mobile application stores, and web servers.
    • Third-Party and Open-Source Integration – Integration with proprietary and open-source third-party modules, development tools, and systems.
    • Developer Marketplace – Out-of-the-box plug-ins, templates, and integration are available through a marketplace.
    • Mobile Application Support Capabilities – Ability to gather, manage, and address application issues and defects.
    • API Gateway, Monitoring, and Management – Services that enable the creation, publishing, maintenance, monitoring, and securing of APIs through a common interface.
    • Mobile Analytics and Monitoring – View the adoption, usage, and performance of deployed mobile applications through graphical dashboards.
    • Mobile Content Management – Publish and manage mobile content through a centralized system.
    • Mobile Application Security – Supports the securing of application access and usage, data encryption, and testing of security controls.

    Define your mobile delivery vendor selection criteria

    Focus on the key vendor attributes and capabilities that enable mobile delivery scaling and growth in your organization

    Considerations in Mobile Delivery Vendor Selection
    Platform Features & Capabilities Price to Implement & Operate Platform
    Types of Mobile Applications That Can Be Developed Ease of IT Administration & Management
    User Community & Marketplace Size Security, Privacy & Access Control Capabilities
    SME in Industry Verticals & Business Functions Vendor Product Roadmap & Corporate Strategy
    Pre-Built Designs, Templates & Application Shells Scope of Device- and OS-Specific Compatibilities
    Regulatory & Industry Compliance Integration & Technology Partners
    Importing Artifacts From and Exporting to Other Solutions Platform Architecture & Underlying Technology
    End-to-End Support for the Entire Mobile SDLC Relevance to Current Mobile Trends & Practices

    Build your features list

    Incorporate different perspectives when defining the list of mandatory and desired features of your target solution.

    Appendix B contains a list of features for low- and no-code solutions that can be used as a starting point.

    Visit Info-Tech's Implement a Proactive and Consistent Vendor Selection Process blueprint.

    Mobile Developer

    • Visual, drag-and-drop models to define data models, business logic, and user interfaces.
    • One-click deployment.
    • Self-healing capabilities.
    • Vendor-managed infrastructure.
    • Active community and marketplace.
    • Pre-built templates and libraries.
    • Optical character recognition and natural language processing.
    • Knowledgebase and document management.
    • Business value, operational costs, and other KPI monitoring.
    • Business workflow automation.

    Mobile IT Professional

    • Audit and change logs.
    • Theme and template builder.
    • Template management.
    • Role-based access.
    • Regulatory compliance.
    • Consistent design and user experience across applications.
    • Application and system performance monitoring.
    • Versioning and code management.
    • Automatic application and system refactoring and recovery.
    • Exception and error handling.
    • Scalability (e.g. load balancing) and infrastructure management.
    • Real-time debugging.
    • Testing capabilities.
    • Security management.
    • Application integration management.

    2.2.2 Build your feature and service lists

    1-3 hours

    Review the key outcomes in the previous exercises to help inform the features and vendor support you require to support your mobile delivery needs:

    End user personas and desired mobile experience

    Objectives and expectations

    Desired mobile features and platform

    Mobile delivery solutions

    Brainstorm a list of features and functionalities you require from your ideal solution vendors. Prioritize these features and functionalities. See our Implement a Proactive and Consistent Vendor Selection Process blueprint for more information on vendor procurement.

    Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    		Output
    • Shortlist of mobile solutions
    • Quality definitions
    • Mobile objectives and metrics
    • List of desired features and services of mobile delivery solution vendors
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Hit a home run with your stakeholders

    Use a data-driven approach to select the right tooling vendor for your needs – fast.

    AwarenessEducation & DiscoveryEvaluationSelection

    Negotiation & Configuration

    1.1 Proactively Lead Technology Optimization & Prioritization2.1 Understand Marketplace Capabilities & Trends3.1 Gather & Prioritize Requirements & Establish Key Success Metrics4.1 Create a Weighted Selection Decision Model5.1 Initiate Price Negotiation with Top Two Venders
    1.2 Scope & Define the Selection Process for Each Selection Request Action2.2 Discover Alternate Solutions & Conduct Market Education3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors5.2 Negotiate Contract Terms & Product Configuration

    1.3 Conduct an Accelerated Business Needs Assessment

    		2.3 Evaluate Enterprise Architecture & Application PortfolioNarrow the Field to Four Top Contenders4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks5.3 Finalize Budget Approval & Project
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation2.4 Validate the Business Case5.4 Invest in Training & Onboarding Assistance

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.

    Step 2.3

    Create a Roadmap for Mobile Delivery

    Activities

    2.3.1 Define your MVP release

    2.3.2 Build your roadmap

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • MVP design
    • Mobile delivery roadmap

    Achieve mobile success with MVPs

    By delivering mobile capabilities in small iterations, teams recognize value sooner and reduce accumulated risk. Both benefits are realized as the iteration enters validation testing and release.

    This image depicts a graph of the learn-build-measure cycle over time, adapted from Managing the Development of Large Software Systems, Dr. Winston W. Royce, 1970

    An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:

    • Maximize learning.
    • Evaluate the value and acceptance of mobile applications.
    • Inform the building of a mobile delivery practice.

    The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.

    Leverage a canvas to detail your MVP

    Use the release canvas to organize and align the organization around your MVP!

    This is an example of a release canvas which can be used to detail your MVP.

    2.3.1 Define your MVP release

    1-3 hours

    1. Create a list of high priority use cases slated for mobile application delivery. Brainstorm the various supporting activities required to implement your use cases including the shortlisting of mobile delivery tools.
    2. Prioritize these use cases based on business priority (from your canvas). Size the effort of these use cases through collaboration.
    3. Define your MVPs using a release canvas as shown on the following slide.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    		Output
    • High priority mobile opportunities
    • Mobile platform approach
    • Shortlist of mobile solutions
    • List of potential MVPs
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.3.1 cont'd

    MVP Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    MVP Theme/Goals

    [Theme / Goal]

    Use Cases

    Value

    Costs

    [Use Case 1]
    [Use Case 2]
    [Use Case 3]

    [Business Value 1]
    [Business Value 2]
    [Business Value 3]

    [Cost Item 1]
    [Cost Item 2]
    [Cost Item 3]

    Impacted Personas

    Impacted Workflows

    Stakeholders

    [Persona 1]
    [Persona 2]
    [Persona 3]

    [Workflow 1]
    [Workflow 2]
    [Workflow 3]

    [Stakeholder 1]
    [Stakeholder 2]
    [Stakeholder 3]

    Build your mobile roadmap

    It's more than a set of colorful boxes. It's the map to align everyone to where you are going

    Your mobile roadmap

    • Lays out a strategy for your mobile application, platform and practice implementation and scaling.
    • Is a statement of intent for your mobile adoption.
    • Communicates direction for the implementation and use of mobile delivery tools, mobile applications and supporting technologies.
    • Directly connects to the organization's goals

    However, it is not:

    • Representative of a hard commitment.
    • A simple combination of your current product roadmaps

    Roadmap your MVPs against your milestones and release dates

    This is an image of an example of a roadmap for your MVPS, with milestones across Jan 2022, Feb 2022, Mar 2022, Apr 2022. under milestones, are the following points: Points in the timeline when an established set of artifacts is complete (feature-based), or to check status at a particular point in time (time-based); Typically assigned a date and used to show progress; Plays an important role when sequencing different types of artifacts. Under Release Dates are the following points: Releases mark the actual delivery of a set of artifacts packaged together in a new version of processes and applications or new mobile application and delivery capabilities. ; Release dates, firm or not, allow stakeholders to anticipate when this is coming.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Understand what is communicated in your roadmap

    WHY is the work being done?

    Explains the overarching goal of work being done to a specific audience.

    WHO is doing the work?

    Categorizes the different groups delivering the work on the product.

    WHAT is the work being done?

    Explains the artifacts, or items of work, that will be delivered.

    WHEN is the work being done?

    Explains when the work will be delivered within your timeline.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Pay attention to organizational changes

    Be prepared to answer:

    "How will mobile change the way I do my job?"

    • Plan how workers will incorporate mobile applications into their way of working and maximize the features it offers.
    • Address the human concerns regarding the transition to a digital world involving modern and mobile technologies and automation.
    • Accept changes, challenges and failures with open arms and instill tactics to quickly address them.
    • Build and strengthen business-IT trust, empowerment, and collaborative culture by adopting the right practices throughout the mobile delivery process.
    • Ensure continuous management and leadership support for business empowerment, operational changes, and shifts in role definitions to best support mobile delivery.
    • Establish a committee to manage the growth, adoption, and delivery of mobile as part of a grandeur digital application portfolio and address conflicts among business units and IT.

    Anticipate and prepare for changes and issues

    Verify and validate the flexibility and adaptability of your mobile applications, strategy and roadmap against various scenarios

    • Scenarios
      • Application Stores Rejecting the Application
      • Security Incidents & Risks
      • Low User Adoption, Retention & Satisfaction
      • Incompatibility with User's Device & Other Systems
      • Device & OS Patches & Updates
      • Changes in Industry Standards & Regulations

    Use the "Now, Next, Later" roadmap

    Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

    Now

    What are you going to do now?

    Next

    What are you going to do very soon?

    Later

    What are you going to do in the future?

    This is a roadmap showing various points in the following categories: Now; Next; Later

    Adapted From: "Tips for Agile product roadmaps & product roadmap examples," Scrum.org, 2017

    2.3.2 Build your roadmap

    1-3 hours

    1. Identify the business outcomes your mobile application delivery and MVP is expected to deliver.
    2. Build your strategic roadmap by grouping each business outcome by how soon you need to deliver it:
      1. Now: Let's achieve this ASAP.
      2. Next: Sometime very soon, let's achieve these things.
      3. Later: Much further off in the distance, let's consider these things.
    3. Identify what the critical steps are for the organization to embrace mobile application delivery and deliver your MVP.
    4. Build your tactical roadmap by grouping each critical step by how soon you need to address it:
      1. Now: Let's do this ASAP.
      2. Next: Sometime very soon, let's do these things.
      3. Later: Much further off in the distance, let's consider these things.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    		Output
    • List of potential MVPs
    • Mobile roadmap
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.3.2 cont'd

    Example: Tactical Roadmap

    Milestone 1

    • Modify the business processes of the MVP to best leverage mobile technologies. Streamline the business processes by removing the steps that do not directly support value delivery.
    • Develop UI templates using the material design framework and the organization's design standards. Ensure it is supported on mobile devices through the mobile browser and satisfy accessibility design standards.
    • Verify and validate current security controls against latest security risks using the W3C as a starting point. Install the latest security patches to maintain compliance.
    • Acquire the Ionic SDK and upskill delivery teams.

    Milestone 2

    • Update the current web framework and third-party libraries with the latest version and align web infrastructure to latest W3C guidelines.
    • Verify and validate functionality and stability of APIs with third-party applications. Begin transition to REST APIs where possible.
    • Make minor changes to the existing data architecture to better support the data volume, velocity, variety, and veracity the system will process and deliver.
    • Update the master data management with latest changes. Keep changes to a minimum.
    • Develop and deliver the first iteration of the MVP with Ionic.

    Milestone 3

    • Standardize the initial mobile delivery practice.
    • Continuously monitor the system and proactively address business continuity, system stability and performance, and security risks.
    • Deliver a hands-on and facilitated training session to end users.
    • Develop intuitive user manuals that are easily accessible on SharePoint.
    • Consult end users for their views and perspectives of suggested business model and technology changes.
    • Regularly survey end users and the media to gauge industry sentiment toward the organization.

    Pitch your roadmap initiatives

    There are multiple audiences for your pitch, and each audience requires a different level of detail when addressed. Depending on the outcomes expected from each audience, a suitable approach must be chosen. The format and information presented will vary significantly from group to group.

    Audience

    Key Contents

    Outcome

    Outcome

    • Costs or benefits estimates

    Sign off on cost and benefit projections

    Executives and decision makers

    • Business value and financial benefits
    • Notable business risks and impacts
    • Business rationale and strategic roadmap

    Revisions, edits, and approval

    IT teams

    • Notable technical and IT risks
    • IT rationale and tactical roadmap
    • Proposed resourcing and skills capacity

    Clarity of vision and direction and readiness for delivery

    Business workers

    • Business rationale
    • Proposed business operations changes
    • Application roadmap

    Verification on proposed changes and feedback

    Continuously measure the benefits and value realized in your mobile applications

    Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.

    Business value defines the success criteria of an organization, and it is interpreted from four perspectives:

    • Profit Generation – The revenue generated from a business capability with mobile applications.
    • Cost Reduction – The cost reduction when performing business capabilities with mobile applications.
    • Service Enablement – The productivity and efficiency gains of internal business operations with mobile applications.
    • Customer and Market Reach – Metrics measuring the improved reach and insights of the business in existing or new markets.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    Business Value Matrix

    This image contains a quadrant analysis with the following labels: Left - Improved Capabilities; Top - Outward; Right - Financial Benefit; Bottom - Inward. the quadrants are labeled the following, in order from left to right, top to bottom. Customer and Market Reach; Profit Generation; Service Enhancement; Cost Reduction

    Grow your mobile delivery practice

    We are Here
    Level 1: Mobile Delivery Foundations Level 2: Scaled Mobile Delivery Level 3: Leading-Edge Mobile Delivery

    You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.

    New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.

    Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.

    Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.

    Grow your mobile delivery practice (cont'd)

    Ask yourself the following questions:
    Level 1: Mobile Delivery Foundations Level 2: Scaled Mobile Delivery Level 3: Leading-Edge Mobile Delivery

    Checkpoint questions shown at the end of step 1.2 of this blueprint

    You should be at this point upon the successful delivery of your first mobile application.

    Security

    • Your mobile stack (application, data, and infrastructure) is updated to incorporate the security risks mobile apps will have on your systems and business operations.
    • Leading edge encryption, authentication management (e.g., multi-factor), and access control systems are used to bolster existing mobile security infrastructure.
    • Network traffic to and from mobile application is monitored and analyzed.

    Performance Optimization

    • Performance enhancements are made with the entire mobile stack in mind.
    • Mobile performance is monitored and assessed with both proactive (data flow) and retroactive (instrumentation) approaches.
    • Development and testing practices and technologies accommodate the performance differences between mobile and desktop applications.

    API Development

    • Existing web APIs are compatible with mobile applications, or a gateway / middleware is used to facilitate communication with backend and third-party services.
    • APIs are secured to prevent unauthorized access and misuse.
    • Web APIs are documented and standardized for reuse in multiple mobile applications.
    • Implementing APIs of native features in native and/or cross-platform and/or hybrid platforms is well understood.
    • All leading-edge mobile features are mapped to and support business requirements and objectives.
    • The new mobile use cases are well understood and account for the various scenarios/environments a user may encounter with the leading-edge mobile features.
    • The relevant non-mobile devices, readers, sensors, and other dependent systems are shortlisted and acquired to enable and support your new mobile capabilities.
    • Delivery teams are prepared to accommodate the various security, performance, and integration risks associated with implementing leading-edge mobile features. Practices and mechanisms are established to minimize the impact to business operations.
    • Metrics are used to measure the success of your leading-edge mobile features implementation by comparing its performance and acceptance against past projects.
    • Business stakeholders and development teams are up to date with the latest mobile technologies and delivery techniques.

    Summary of Accomplishment

    Choose Your Mobile Platform and Tools

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Readiness for mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap

    If you would like additional support, have our analysts guide you through other phases as part of Info-Tech workshop.

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Research Contributors and Experts

    This is a picture of Chaim Yudkowsky, Chief Information Officer for The American Israel Public Affairs Committee

    Chaim Yudkowsky
    Chief Information Officer
    The American Israel Public Affairs Committee

    Chaim Yudkowsky is currently Chief information Officer for American Israel Public Affairs Committee (AIPAC), the DC headquartered not-for-profit focused on lobbying for a strong US-Israel relationship. In that role, Chaim is responsible for all traditional IT functions including oversight of IT strategy, vendor relationships, and cybersecurity program. In addition, Chaim also has primary responsibility for all physical security technology and strategy for US offices and event technology for the many AIPAC events.

    Bibliography

    "5 Pillars of API Management". Broadcom, 2021. Web.

    Bourne, James. "Apperian research shows more firms pushing larger numbers of enterprise apps". Enterprise CIO, 17 Feb 2016. Web.

    Ceci, L. "Mobile app user retention rate worldwide 2020, by vertical". Statista, 6 Apr 2022. Web.

    Clement, J. "Share of global mobile website traffic 2015-2021". Statista, 18 Feb 2022. Web

    DeVos, Jordan. "Design Problem Statements – What They Are and How to Frame Them." Toptal, n.d. Web.

    Enge, Eric. "Mobile vs. Desktop Usage in 2020". Perficient, 23 March 2021. Web.

    Engels, Antoine. "How many Android updates does Samsung, Xiaomi or OnePlus offer?" NextPit, Mar 2022. Web.

    "Fast-tracking digital transformation through next-gen technologies". Broadridge, 2022. Web.

    Gayatri. "The Pulse of Digital Transformation 2021 – Survey Results." DronaHQ, 2021. Web.

    Gray, Dave. "Updated Empathy Map Canvas." The XPLANE Collection, 15 July 2017. Web.

    "HCL Volt MX". HCL, n.d. Web.

    "iPass Mobile Professional Report 2017". iPass, 2017. Web.

    Karlsson, Johan. "Backlog Grooming: Must-Know Tips for High-Value Products." Perforce, 2019. Web.

    Karnes, KC. "Why Users Uninstall Apps: 28% of People Feel Spammed [Survey]". CleverTap, 27 July 2021. Web.

    Kemp, Simon. "Digital 2021: Global Overview Report". DataReportal, 27 Jan 2021. Web.

    Kleinberg, Sara. "Consumers are always shopping and eager for your help". Google, Aug 2018. Web.

    MaLavolta, Ivano. "Anatomy of an HTML 5 mobile web app". University of L'Aquila, 16 Apr 2012. Web.

    "Maximizing Mobile Value: To BYOD or not to BYOD?" Samsung and Oxford Economics, 2022. Web.

    "Mobile App Performance Metrics For Crash-Free Apps." AppSamurai, 27 June 2018. Web.

    "Mobile Application Development Statistics: 5 Facts". Intersog, 23 Nov 2021. Web.

    Moore, Geoffrey A. "Crossing the Chasm, 3rd Edition: Marketing and Selling Disruptive Products to Mainstream Customers." Harper Business, 3rd edition, 2014. Book.

    "OWASP Top Ten". OWASP, 2021. Web.

    "Personas". Usability.gov, n.d. Web.

    Roden, Marky. "PSC Tech Talk: UX Design – Not just making things pretty". Xomino, 18 Mar 2018. Web.

    Royce, Dr. Winston W. "Managing the Development of Large Software Systems." USC Student Computing Facility, 1970. Web.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012. Book.

    Sahay, Apurvanand et al. "Supporting the understanding and comparison of low-code development platforms." Universit`a degli Studi dell'Aquila, 2020. Web.

    Schuurman, Robbin. "Tips for Agile product roadmaps & product roadmap examples." Scrum.org, 2017. Web.

    Strunk, Christian. "How to define a product vision (with examples)." Christian Strunk. n.d. Web.

    Szeja, Radoslaw. "14 Biggest Challenges in Mobile App Development in 2022". Netguru, 4 Jan 2022. Web.

    "Synopsys Research Reveals Significant Security Concerns in Popular Mobile Apps Amid Pandemic". Synopsys, 25 Mar 2021. Web.

    "TOGAF 8.1.1 Online, Part IV: Resource Base, Developing Architecture Views." The Open Group, n.d. Web.

    Wangen, Emilie Nøss. "What Is a Software Platform & How Is It Different From a Product?" HubSpot, 2021. Web.

    "Mobile App Retention Rate: What's a Good Retention Rate?" Localytics, July 2021. Web.

    "Why Mobile Apps Fail: Failure to Launch". Perfecto Mobile, 26 Jan 2014. Web.

    Appendix A

    Sample Reference Frameworks

    Reference Framework: Web Platform

    Most of the operations of the applications on a web platform are executed in the mid-tier or back-end servers. End users interact with the platform through the presentation layer, developed with web languages, in the browser.

    This is an image of the Reference Framework: Web Platform

    Reference Framework: Mobile Web Application

    Many mobile web applications are composed of JavaScript (the muscle of the app), HTML5 (the backbone of the app), and CSS (the aesthetics of the app). The user will make a request to the web server which will interact with the application to provide a response. Since each device has unique attributes, consider a device detection service to help adjust content for each type of device.

    this is an image of the Reference Framework: Mobile Web Application

    Source: MaLavolta, Ivono, 2012.

    Web Platform: Anatomy of a Web Server

    Web Server Services

    • Mediation Services: Perform transformation of data/messages.
    • Boundary Services: Provide interface protocol and data/message conversion capabilities.
    • Event Distribution: Provides for the enterprise-wide adoption of content and topic-based publish/subscribe event distribution.
    • Transport Services: Facilitate data transmission across the middleware/server.
    • Service Directory: Manages multiple service identifiers and locations.

    This image shows the relationships of the various web server services listed above

    Reference Framework: Hybrid Platform

    Unlike the mobile web platform, most of an application's operations on the hybrid platform is on the device within a native container. The container leverages the device browser's runtime engine and is based on the framework of the mobile delivery solution.

    This is an image of the Reference Framework: Hybrid Platform

    Reference Framework: Native Platform

    Applications on a native platform are installed locally on the device giving it access to native device hardware and software. The programming language depends on the operating system's or device's SDK.

    This is an image of the Reference Framework: Native Platform

    Appendix B

    List of Low- and No- Code Software Delivery Solution Features

    Supplementary List of Features

    Graphical user interface

    • Drag-and-drop designer - This feature enhances the user experience by permitting to drag all the items involved in making an app including actions, responses, connections, etc.
    • Point and click approach - This is similar to the drag-and-drop feature except it involves pointing on the item and clicking on the interface rather than dragging and dropping the item.
    • Pre-built forms/reports - This is off-the-shelf and most common reusable editable forms or reports that a user can use when developing an application.
    • Pre-built dashboards - This is off-the-shelf and most common dashboards that a user can use when developing an application.
    • Forms - This feature helps in creating a better user interface and user experience when developing applications. A form includes dashboards, custom forms, surveys, checklists, etc. which could be useful to enhance the usability of the application being developed.
    • Progress tracking - This features helps collaborators to combine their work and track the development progress of the application.
    • Advanced Reporting - This features enables the user to obtain a graphical reporting of the application usage. The graphical reporting includes graphs, tables, charts, etc.
    • Built-in workflows - This feature helps to concentrate the most common reusable workflows when creating applications.
    • Configurable workflows - Besides built-in workflows, the user should be able to customize workflows according to their needs.

    Interoperability support

    • Interoperability with external services - This feature is one of the most important features to incorporate different services and platforms including that of Microsoft, Google, etc. It also includes the interoperability possibilities among different low-code platforms.
    • Connection with data sources - This features connects the application with data sources such as Microsoft Excel, Access and other relational databases such as Microsoft SQL, Azure and other non-relational databases such as MongoDB.

    Security Support

    • Application security - This feature enables the security mechanism of an application which involves confidentiality, integrity and availability of an application, if and when required.
    • Platform security - The security and roles management is a key part in developing an application so that the confidentiality, integrity and authentication (CIA) can be ensured at the platform level.

    Collaborative development support

    • Off-line collaboration - Different developers can collaborate on the specification of the same application. They work off-line locally and then they commit to a remote server their changes, which need to be properly merged.
    • On-line collaboration - Different developers collaborate concurrently on the specification of the same application. Conflicts are managed at run-time.

    Reusability support

    • Built-in workflows - This feature helps to concentrate the most common reusable workflows in creating an application.
    • Pre-built forms/reports - This is off-the-shelf and most common reusable editable forms or reports that a user might want to employ when developing an application.
    • Pre-built dashboards - This is off-the-shelf and most common dashboards that a user might want to employ when developing an application.

    Scalability

    • Scalability on number of users - This features enables the application to scale-up with respect to the number of active users that are using that application at the same time.
    • Scalability on data traffic - This features enables the application to scale-up with respect to the volume of data traffic that are allowed by that application in a particular time.
    • Scalability on data storage - This features enables the application to scale-up with respect to the data storage capacity of that application.

    Business logic specification mechanisms

    • Business rules engine - This feature helps in executing one or more business rules that help in managing data according to user's requirements.
    • Graphical workflow editor - This feature helps to specify one or more business rules in a graphical manner.
    • AI enabled business logic - This is an important feature which uses Artificial Intelligence in learning the behavior of an attributes and replicate those behaviors according to learning mechanisms.

    Application build mechanisms

    • Code generation - According to this feature, the source code of the modeled application is generated and subsequently deployed before its execution.
    • Models at run-time - The model of the specified application is interpreted and used at run-time during the execution of the modeled application without performing any code generation phase.

    Deployment support

    • Deployment on cloud - This features enables an application to be deployed online in a cloud infrastructure when the application is ready to deployed and used.
    • Deployment on local infrastructures - This features enables an application to be deployed locally on the user organization's infrastructure when the application is ready to be deployed and used.

    Kinds of supported applications

    • Event monitoring - This kind of applications involves the process of collecting data, analyzing the event that can be caused by the data, and signaling any events occurring on the data to the user.
    • Process automation - This kind of applications focuses on automating complex processes, such as workflows, which can take place with minimal human intervention.
    • Approval process control - This kind of applications consists of processes of creating and managing work approvals depending on the authorization of the user. For example, payment tasks should be managed by the approval of authorized personnel only.
    • Escalation management - This kind of applications are in the domain of customer service and focuses on the management of user viewpoints that filter out aspects that are not under the user competences.
    • Inventory management - This kind of applications is for monitoring the inflow and outflow of goods and manages the right amount of goods to be stored.
    • Quality management - This kind of applications is for managing the quality of software projects, e.g., by focusing on planning, assurance, control and improvements of quality factors.
    • Workflow management - This kind of applications is defined as sequences of tasks to be performed and monitored during their execution, e.g., to check the performance and correctness of the overall workflow.

    Source: Sahay, Apurvanand et al., 2020

    Develop and Implement a Security Incident Management Program

    • Buy Link or Shortcode: {j2store}316|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $105,346 Average $ Saved
    • member rating average days saved: 39 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Tracked incidents are often classified into ready-made responses that are not necessarily applicable to the organization. With so many classifications, tracking becomes inefficient and indigestible, allowing major incidents to fall through the cracks.
    • Outcomes of incident response tactics are not formally tracked or communicated, resulting in a lack of comprehensive understanding of trends and patterns regarding incidents, leading to being re-victimized by the same vector.
    • Having a formal incident response document to meet compliance requirements is not useful if no one is adhering to it.

    Our Advice

    Critical Insight

    • You will experience incidents. Don’t rely on ready-made responses. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases.
    • Analyze, track, and review results of incident response regularly. Without a comprehensive understanding of incident trends and patterns, you can be re-victimized by the same attack vector.
    • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and exchange information with other organizations to stay ahead of incoming threats.

    Impact and Result

    • Effective and efficient management of incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities.
    • This blueprint will walk through the steps of developing a scalable and systematic incident response program relevant to your organization.

    Develop and Implement a Security Incident Management Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop and implement a security incident management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare

    Equip your organization for incident response with formal documentation of policies and processes.

    • Develop and Implement a Security Incident Management Program – Phase 1: Prepare
    • Security Incident Management Maturity Checklist ‒ Preliminary
    • Information Security Requirements Gathering Tool
    • Incident Response Maturity Assessment Tool
    • Security Incident Management Charter Template
    • Security Incident Management Policy Template
    • Security Incident Management RACI Tool

    2. Operate

    Act with efficiency and effectiveness as new incidents are handled.

    • Develop and Implement a Security Incident Management Program – Phase 2: Operate
    • Security Incident Management Plan
    • Security Incident Runbook Prioritization Tool
    • Security Incident Management Runbook: Credential Compromise
    • Security Incident Management Workflow: Credential Compromise (Visio)
    • Security Incident Management Workflow: Credential Compromise (PDF)
    • Security Incident Management Runbook: Distributed Denial of Service
    • Security Incident Management Workflow: Distributed Denial of Service (Visio)
    • Security Incident Management Workflow: Distributed Denial of Service (PDF)
    • Security Incident Management Runbook: Malware
    • Security Incident Management Workflow: Malware (Visio)
    • Security Incident Management Workflow: Malware (PDF)
    • Security Incident Management Runbook: Malicious Email
    • Security Incident Management Workflow: Malicious Email (Visio)
    • Security Incident Management Workflow: Malicious Email (PDF)
    • Security Incident Management Runbook: Ransomware
    • Security Incident Management Workflow: Ransomware (Visio)
    • Security Incident Management Workflow: Ransomware (PDF)
    • Security Incident Management Runbook: Data Breach
    • Security Incident Management Workflow: Data Breach (Visio)
    • Security Incident Management Workflow: Data Breach (PDF)
    • Data Breach Reporting Requirements Summary
    • Security Incident Management Runbook: Third-Party Incident
    • Security Incident Management Workflow: Third-Party Incident (Visio)
    • Security Incident Management Workflow: Third-Party Incident (PDF)
    • Security Incident Management Runbook: Blank Template

    3. Maintain and optimize

    Manage and improve the incident management process by tracking metrics, testing capabilities, and leveraging best practices.

    • Develop and Implement a Security Incident Management Program – Phase 3: Maintain and Optimize
    • Security Incident Metrics Tool
    • Post-Incident Review Questions Tracking Tool
    • Root-Cause Analysis Template
    • Security Incident Report Template
    [infographic]

    Workshop: Develop and Implement a Security Incident Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare Your Incident Response Program

    The Purpose

    Understand the purpose of incident response.

    Formalize the program.

    Identify key players and escalation points.

    Key Benefits Achieved

    Common understanding of the importance of incident response.

    Various business units becoming aware of their roles in the incident management program.

    Formalized documentation.

    Activities

    1.1 Assess the current process, obligations, scope, and boundaries of the incident management program.

    1.2 Identify key players for the response team and for escalation points.

    1.3 Formalize documentation.

    1.4 Prioritize incidents requiring preparation.

    Outputs

    Understanding of the incident landscape

    An identified incident response team

    A security incident management charter

    A security incident management policy

    A list of top-priority incidents

    A general security incident management plan

    A security incident response RACI chart

    2 Develop Incident-Specific Runbooks

    The Purpose

    Document the clear response procedures for top-priority incidents.

    Key Benefits Achieved

    As incidents occur, clear response procedures are documented for efficient and effective recovery.

    Activities

    2.1 For each top-priority incident, document the workflow from detection through analysis, containment, eradication, recovery, and post-incident analysis.

    Outputs

    Up to five incident-specific runbooks

    3 Maintain and Optimize the Program

    The Purpose

    Ensure the response procedures are realistic and effective.

    Identify key metrics to measure the success of the program.

    Key Benefits Achieved

    Real-time run-through of security incidents to ensure roles and responsibilities are known.

    Understanding of how to measure the success of the program.

    Activities

    3.1 Limited scope tabletop exercise.

    3.2 Discuss key metrics.

    Outputs

    Completed tabletop exercise

    Key success metrics identified

    Further reading

    Develop and Implement a Security Incident Management Program

    Create a scalable incident response program without breaking the bank.

    ANALYST PERSPECTIVE

    Security incidents are going to happen whether you’re prepared or not. Ransomware and data breaches are just a few top-of-mind threats that all organizations deal with. Taking time upfront to formalize response plans can save you significantly more time and effort down the road. When an incident strikes, don’t waste time deciding how to remediate. Rather, proactively identify your response team, optimize your response procedures, and track metrics so you can be prepared to jump to action.

    Céline Gravelines,
    Senior Research Analyst
    Security, Risk & Compliance Info-Tech Research Group

    Picture of Céline Gravelines

    Céline Gravelines,
    Senior Research Analyst
    Security, Risk & Compliance Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For

    • A CISO who is dealing with the following:
      • Inefficient use of time and money when retroactively responding to incidents, negatively affecting business revenue and workflow.
      • Resistance from management to adequately develop a formal incident response plan.
      • Lack of closure of incidents, resulting in being re-victimized by the same vector.

    This Research Will Help You

    • Develop a consistent, scalable, and usable incident response program that is not resource intensive.
    • Track and communicate incident response in a formal manner.
    • Reduce the overall impact of incidents over time.
    • Learn from past incidents to improve future response processes.

    This Research Will Also Assist

    • Business stakeholders who are responsible for the following:
    • Improving workflow and managing operations in the event of security incidents to reduce any adverse business impacts.
    • Ensuring that incident response compliance requirements are being adhered to.

    This Research Will Help Them

    • Efficiently allocate resources to improve incident response in terms of incident frequency, response time, and cost.
    • Effectively communicate expectations and responsibilities to users.

    Executive Summary

    Situation

    • Security incidents are inevitable, but how they’re dealt with can make or break an organization. Poor incident response negatively affects business practices, including workflow, revenue generation, and public image.
    • The incident response of most organizations is ad hoc at best. A formal management plan is rarely developed or adhered to, resulting in ineffective firefighting responses and inefficient allocation of resources.

    Complication

    • Tracked incidents are often classified into ready-made responses that are not necessarily applicable to the organization. With so many classifications, tracking becomes inefficient and indigestible, allowing major incidents to fall through the cracks.
    • Outcomes of incident response tactics are not formally tracked or communicated, resulting in a lack of comprehensive understanding of trends and patterns regarding incidents, leading to being revictimized by the same vector.
    • Having a formal incident response document to meet compliance requirements is not useful if no one is adhering to it.

    Resolution

    • Effective and efficient management of incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities.
    • This blueprint will walk through the steps of developing a scalable and systematic incident response program relevant to your organization.

    Info-Tech Insight

    • You will experience incidents. Don’t rely on ready-made responses. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases.
    • Analyze, track, and review results of incident response regularly. Without a comprehensive understanding of incident trends and patterns, you can be re-victimized by the same attack vector.
    • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and exchange information with other organizations to stay ahead of incoming threats.

    Data breaches are resulting in major costs across industries

    Per capita cost by industry classification of benchmarked companies (measured in USD)

    This is a bar graph showing the per capita cost by industry classification of benchmarked companies(measured in USD). the companies are, in decreasing order of cost: Health; Financial; Services; Pharmaceutical; Technology; Energy; Education; Industrial; Entertainment; Consumer; Media; Transportation; Hospitality; Retail; Research; Public

    Average data breach costs per compromised record hit an all-time high of $148 (in 2018).
    (Source: IBM, “2018 Cost of Data Breach Study)”

    % of systems impacted by a data breach
    1%
    No Impact     		19%
    1-10% impacted     		41%
    11-30% impacted     		24%
    31-50% impacted     		15%
    > 50% impacted
    % of customers lost from a data breach
    61% Lost
    < 20%     		21% Lost 20-40% 8% Lost
    40-60%     		6% Lost
    60-80%     		4% Lost
    80-100%
    % of customers lost from a data breach
    58% Lost
    <20%     		25% Lost
    20-40%     		9% Lost
    40-60%     		5% Lost
    60-80%     		4% Lost
    80-100%

    Source: Cisco, “Cisco 2017 Annual Cybersecurity Report”

    Defining what is security incident management

    IT Incident

    Any event not a part of the standard operation of a service which causes, or may cause, the interruption to, or a reduction in, the quality of that service.

    Security Event:

    A security event is anything that happens that could potentially have information security implications.

    • A spam email is a security event because it may contain links to malware.
    • Organizations may be hit with thousands or perhaps millions of identifiable security events each day.
    • These are typically handled by automated tools or are simply logged.

    Security Incident:

    A security incident is a security event that results in damage such as lost data.

    • Incidents can also include events that don't involve damage but are viable risks.
    • For example, an employee clicking on a link in a spam email that made it through filters may be viewed as an incident.

    It’s not a matter of if you have a security incident, but when

    The increasing complexity and prevalence of threats have finally caught the attention of corporate leaders. Prepare for the inevitable with an incident response program.

    1. A formalized incident response program reduced the average cost of a data breach (per capita) from $148 to $134, while third-party involvement increased costs by $13.40.
    2. US organizations lost an average of $7.91 million per data breach as a result of increased customer attrition and diminished goodwill. Canada and the UK follow suit at $1.57 and $1.39 million, respectively.
    3. 73% of breaches are perpetrated by outsiders, 50% are the work of criminal groups, and 28% involve internal actors.
    4. 55% of companies have to manage fallout, such as reputational damage after a data breach.
    5. The average cost of a data breach increases by $1 million if left undetected for > 100 days.

    (Sources: IBM, “2018 Cost of Data Breach Study”; Verizon, “2017 Data Breach Investigations Report”; Cisco, “Cisco 2018 Annual Cybersecurity Report”)

    Threat Actor Examples

    The proliferation of hacking techniques and commoditization of hacking tools has enabled more people to become threat actors. Examples include:
    • Organized Crime Groups
    • Lone Cyber Criminals
    • Competitors
    • Nation States
    • Hacktivists
    • Terrorists
    • Former Employees
    • Domestic Intelligence Services
    • Current Employees (malicious and accidental)

    Benefits of an incident management program

    Effective incident management will help you do the following:

    Improve efficacy
    Develop structured processes to increase process consistency across the incident response team and the program as a whole. Expose operational weak points and transition teams from firefighting to innovating.

    Improve threat detection, prevention, analysis, and response
    Enhance your pressure posture through a structured and intelligence-driven incident handling and remediation framework.

    Improve visibility and information sharing
    Promote both internal and external information sharing to enable good decision making.

    Create and clarify accountability and responsibility
    Establish a clear level of accountability throughout the incident response program, and ensure role responsibility for all tasks and processes involved in service delivery.

    Control security costs
    Effective incident management operations will provide visibility into your remediation processes, enabling cost savings from misdiagnosed issues and incident reduction.

    Identify opportunities for continuous improvement
    Increase visibility into current performance levels and accurately identify opportunities for continuous improvement with a holistic measurement program.

    Impact

    Short term:
    • Streamlined security incident management program.
    • Formalized and structured response process.
    • Comprehensive list of operational gaps and initiatives.
    • Detailed response runbooks that predefine necessary operational protocol.
    • Compliance and audit adherence.
    Long term:
    • Reduced incident costs and remediation time.
    • Increased operational collaboration between prevention, detection, analysis, and response efforts.
    • Enhanced security pressure posture.
    • Improved communication with executives about relevant security risks to the business.
    • Preserved reputation and brand equity.

    Incident management is essential for organizations of any size

    Your incidents may differ, but a standard response ensures practical security.

    Certain regulations and laws require incident response to be a mandatory process in organizations.

    Compliance Standard Examples Description
    Federal Information Security Modernization Act (FISMA)
    • Organizations must have “procedures for detecting, reporting, and responding to security incidents” (2002).
    • They must also “inform operators of agency information systems about current and potential information security threats and vulnerabilities.”
    Federal Information Processing Standards (FIPS)
    • “Organizations must: (i) establish an operational incident handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.”
    Payment Card Industry Data Security Standard (PCI DSS v3)
    • 12.5.3: “Establish, document, and distribute security incident response and escalation procedures to ensure timely and effective handling of all situations.”
    Health Insurance Portability and Accountability Act (HIPAA)
    • 164.308: Response and Reporting – “Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity; and document security incidents and their outcomes.”

    Security incident management is applicable to all verticals

    Examples:
    • Finance
    • Insurance
    • Healthcare
    • Public administration
    • Education services
    • Professional services
    • Scientific and technical services

    Maintain a holistic security operations program

    Legacy security operations centers (SOCs) fail to address gaps between data sources, network controls, and human capital. There is limited visibility and collaboration between departments, resulting in siloed decisions that do not support the best interests of the organization.

    Security operations is part of what Info-Tech calls a threat collaboration environment, where members must actively collaborate to address cyberthreats affecting the organization’s brand, business operation, and technology infrastructure on a daily basis.

    Prevent: Defense in depth is the best approach to protect against unknown and unpredictable attacks. Diligent patching and vulnerability management, endpoint protection, and strong human-centric security (amongst other tactics) are essential. Detect: There are two types of companies – those who have been breached and know it, and those who have been breached and don’t know it. Ensure that monitoring, logging, and event detection tools are in place and appropriate to your organizational needs.
    Analyze: Raw data without interpretation cannot improve security and is a waste of time, money, and effort. Establish a tiered operational process that not only enriches data but also provides visibility into your threat landscape. Respond: Organizations can’t rely on an ad hoc response anymore – don’t wait until a state of panic. Formalize your response processes in a detailed incident runbook to reduce incident remediation time and effort.

    Info-Tech’s incident response blueprint is one of four security operations initiatives

    Design and Implement a Vulnerability Management Program Vulnerability Management
    Vulnerability management revolves around the identification, prioritization, and remediation of vulnerabilities. Vulnerability management teams hunt to identify which vulnerabilities need patching and remediating.
    • Vulnerability Tracking Tool
    • Vulnerability Scanning Tool RFP Template
    • Penetration Test RFP Template
    • Vulnerability Mitigation Process Template
    Integrate Threat Intelligence Into Your Security Operations Vulnerability Management
    Vulnerability management revolves around the identification, prioritization, and remediation of vulnerabilities. Vulnerability management teams hunt to identify which vulnerabilities need patching and remediating.
    • Threat Intelligence Maturity Assessment Tool
    • Threat Intelligence RACI Tool
    • Threat Intelligence Management Plan Template
    • Threat Intelligence Policy Template
    • Threat Intelligence Alert Template
    • Threat Intelligence Alert and Briefing Cadence Schedule Template
    Develop Foundational Security Operations Processes Operations
    Security operations include the real-time monitoring and analysis of events based on the correlation of internal and external data sources. This also includes incident escalation based on impact. These analysts are constantly tuning and tweaking rules and reporting thresholds to further help identify which indicators are most impactful during the analysis phase of operations.
    • Security Operations Maturity Assessment Tool
    • Security Operations Event Prioritization Tool
    • Security Operations Efficiency Calculator
    • Security Operations Policy
    • In-House vs. Outsourcing Decision-Making Tool
    • Seccrimewareurity Operations RACI Tool
    • Security Operations TCO & ROI Comparison Calculator
    Develop and Implement a Security Incident Management Program Incident Response (IR)
    Effective and efficient management of incidents involves a formal process of analysis, containment, eradication, recovery, and post-incident activities. Incident response teams coordinate root cause and incident gathering while facilitating post-incident lessons learned. Incident response can provide valuable threat data that ties specific indicators to threat actors or campaigns.     		Security Incident Management Policy
    • Security Incident Management Plan
    • Incident Response Maturity Assessment Tool
    • Security Incident Runbook Prioritization Tool
    • Security Incident Management RACI Tool
    • Various Incident Management Runbooks

    Understand how incident response ties into related processes

    Info-Tech Resources:
    Business Continuity Plan Develop a Business Continuity Plan
    Disaster Recovery Plan Create a Right-Sized Disaster Recovery Plan
    Security Incident Management Develop and Implement a Security Incident Management Program
    Incident Management Incident and Problem Management
    Service Desk Standardize the Service Desk

    Develop and Implement a Security Incident Management Program – project overview

    1. Prepare 2. Operate 3. Maintain and Optimize
    Best-Practice Toolkit 1.1 Establish the Drivers, Challenges, and Benefits.

    1.2 Examine the Security Incident Landscape and Trends.

    1.3 Understand Your Security Obligations, Scope, and Boundaries.

    1.4 Gauge Your Current Process to Identify Gaps.

    1.5 Formalize the Security Incident Management Charter.

    1.6 Identify Key Players and Develop a Call Escalation Tree.

    1.7 Develop a Security Incident Management Policy.

    		 2.1 Understand the Incident Response Framework.

    2.2 Understand the Purpose of Runbooks.

    2.3 Prioritize the Development of Incident-Specific Runbooks.

    2.4 Develop Top-Priority Runbooks.

    2.5 Fill Out the Root-Cause Analysis Template.

    2.6 Customize the Post-Incident Review Questions Tracking Tool to Standardize Useful Questions for Lessons-Learned Meetings.

    2.7 Complete the Security Incident Report Template.

    		 3.1 Conduct Tabletop Exercises.

    3.2 Initialize a Security Incident Management Metrics Program.

    3.3 Leverage Best Practices for Continuous Improvement.
    Guided Implementations Understand the incident response process, and define your security obligations, scope, and boundaries.

    Formalize the incident management charter, RACI, and incident management policy.     		Use the framework to develop a general incident management plan.

    Prioritize and develop top-priority runbooks.     		Develop and facilitate tabletop exercises.

    Create an incident management metrics program, and assess the success of the incident management program.
    Onsite Workshop Module 1:
    Prepare for Incident Response     		Module 2:
    Handle Incidents     		Module 3:
    Review and Communicate Security Incidents
    Phase 1 Outcome:
  • Formalized stakeholder support
  • Security Incident Management Policy
  • Security Incident Management Charter
  • Call Escalation Tree
    		•  Phase 2 Outcome:
    • A generalized incident management plan
    • A prioritized list of incidents
    • Detailed runbooks for top-priority incidents
    		 Phase 3 Outcome:
    • A formalized tracking system for benchmarking security incident metrics.
    • Recommendations for optimizing your security incident management processes.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities
    • Kick off and introductions.
    • High-level overview of weekly activities and outcomes.
    • Understand the benefits of security incident response management.
    • Formalize stakeholder support.
    • Assess your current process, obligations, and scope.
    • Develop RACI chart.
    • Define impact and scope.
    • Identify key players for the threat escalation protocol.
    • Develop a security incident response policy.
    • Develop a general security incident response plan.
    • Prioritize incident-specific runbook development.
    • Understand the incident response process.
    • Develop general and incident-specific call escalation trees.
    • Develop specific runbooks for your top-priority incidents (e.g. ransomware).
      • Detect the incident.
      • Analyze the incident.
      • Contain the incident.
      • Eradicate the root cause.
      • Recover from the incident.
      • Conduct post-incident analysis and communication.
    • Develop specific runbooks for your next top-priority incidents:
      • Detect the incident.
      • Analyze the incident.
      • Contain the incident.
      • Eradicate the root cause.
      • Recover from the incident.
      • Conduct post-incident analysis and communication.
    • Determine key metrics to track and report.
    • Develop post-incident activity documentation.
    • Understand best practices for both internal and external communication.
    • Finalize key deliverables created during the workshop.
    • Present the security incident response program to key stakeholders.
    • Workshop executive presentation and debrief.
    • Finalize main deliverables.
    • Schedule subsequent Analyst Calls.
    • Schedule feedback call.
    Deliverables
    • Security Incident Management Maturity Checklist ‒ Preliminary
    • Security Incident Management RACI Tool
    • Security Incident Management Policy
    • General incident management plan
    • Security Incident Management Runbook
    • Development prioritization
    • Prioritized list of runbooks
    • Understanding of incident handling process
    • Incident-specific runbooks for two incidents (including threat escalation criteria and Visio workflow)
    • Discussion points for review with response team
    • Incident-specific runbooks for two incidents (including threat escalation criteria and Visio workflow)
    • Discussion points for review with response team
    • Security Incident Metrics Tool
    • Post-Incident Review Questions Tracking Tool
    • Post-Incident Report Analysis Template
    • Root Cause Analysis Template
    • Post-Incident Review Questions Tracking Tool
    • Communication plans
    • Workshop summary documentation
  • All final deliverables
    		•

    Measured value for Guided Implementations

    Engaging in GIs doesn’t just offer valuable project advice – it also results in significant cost savings.

    GI Purpose Measured Value
    Section 1: Prepare

    Understand the need for an incident response program.
    Develop your incident response policy and plan.
    Develop classifications around incidents.
    Establish your program implementation roadmap.

    Time, value, and resources saved using our classification guidance and templates: 2 FTEs*2 days*$80,000/year = $1,280
    Time, value, and resources saved using our classification guidance and templates:
    2 FTEs*5 days*$80,000/year = $3,200

    Section 2: Operate

    Prioritize runbooks and develop the processes to create your own incident response program:

  • Detect
  • Analyze
  • Contain
  • Eradicate
  • Recover
  • Post-Incident Activity
    		•

    Time, value, and resources saved using our guidance:
    4 FTEs*10 days*$80,000/year = $12,800 (if done internally)

    Time, value, and resources saved using our guidance:
    1 consultant*15 days*$2,000/day = $30,000 (if done by third party)
    Section 3: Maintain and Optimize Develop methods of proper reporting and create templates for communicating incident response to key parties. Time, value, and resources saved using our guidance, templates, and tabletop exercises:
    2 FTEs*3 days*$80,000/year = $1,920
    Total Costs To just get an incident response program off the ground. $49,200

    Insurance company put incident response aside; executives were unhappy

    Organization implemented ITIL, but formal program design became less of a priority and turned more ad hoc.

    Situation

    • Ad hoc processes created management dissatisfaction around the organization’s ineffective responses to data breaches.
    • Because of the lack of formal process, an entirely new security team needed to be developed, costing people their positions.

    Challenges

    • Lack of criteria to categorize and classify security incidents.
    • Need to overhaul the long-standing but ineffective program means attempting to change mindsets, which can be time consuming.
    • Help desk is not very knowledgeable on security.
    • New incident response program needs to be in alignment with data classification policy and business continuity.
    • Lack of integration with MSSP’s ticketing system.

    Next steps:

    • Need to get stakeholder buy-in for a new program.
    • Begin to establish classification/reporting procedures.

    Follow this case study to Phase 1

    Phase 1

    Prepare

    Develop and Implement a Security Incident Management Program

    Phase 1: Prepare

    PHASE 1 PHASE 2 PHASE 3
    Prepare Operate Optimize

    This phase walks you through the following activities:

    1.1 Establish the drivers, challenges, and benefits.
    1.2 Examine the security incident landscape and trends.
    1.3 Understand your security obligations, scope, and boundaries.
    1.4 Gauge your current process to identify gaps.
    1.5 Formalize a security incident management charter.
    1.6 Identify key players and develop a call escalation tree.
    1.7 Develop a security incident management policy.

    This phase involves the following participants:

    • CISO
    • Security team
    • IT staff
    • Business leaders

    Outcomes of this phase

    • Formalized stakeholder support.
    • Security incident management policy.
    • Security incident management charter.
    • Call escalation tree.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Prepare for Incident Response
    Proposed Time to Completion: 3 Weeks
    Step 1.1-1.3 Understand Incident Response Step 1.4-1.7 Begin Developing Your Program
    Start with an analyst kick-off call:
  • Discuss your current incident management status.
    		•  Review findings with analyst:
  • Review documents.
    		•
    Then complete these activities…
    • Establish your security obligations, scope, and boundaries.
    • Identify the drivers, challenges, and benefits of formalized incident response.
    • Review any existing documentation.
    		 Then complete these activities…
    • Discuss further incident response requirements.
    • Identify key players for escalation and notifications.
    • Develop the policy.
    • Develop the plan.

    With these tools & templates:
    Security Incident Management Maturity Checklist ‒ Preliminary Information Security Requirements Gathering Tool

    		With these tools & templates:
    Security Incident Management Policy
    Security Incident Management Plan
    Phase 1 Results & Insights:

    Ready-made incident response solutions often contain too much coverage: too many irrelevant cases that are not applicable to the organization are accounted for, making it difficult to sift through all the incidents to find the ones you care about. Develop specific incident use cases that correspond with relevant incidents to quickly identify the response process and eliminate ambiguity when handled by different individuals.

    Ice breaker: What is a security incident for your organization?

    1.1 Whiteboard Exercise – 60 minutes

    How do you classify various incident types between service desk, IT/infrastructure, and security?

    • Populate sticky notes with various incidents and assign them to the appropriate team.
      • Who owns the remediation? When are other groups involved? What is the triage/escalation process?
      • What other groups need to be notified (e.g. cyber insurance, Legal, HR, PR)?
      • Are there dependencies among incidents?
      • What are we covering in the scope of this project?

    Build a More Effective Go-to-Market Strategy

    • Buy Link or Shortcode: {j2store}559|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • A weak or poorly defined Go-to-Market strategy is often the root cause of slow product revenue growth or missed product revenue targets.
    • Many agile-driven product teams rush to release, skipping key GTM steps leaving Sales and Marketing misaligned and not ready to fully monetize precious product investments.
    • Guessing at buyer persona and journey or competitive SWOT analyses – two key deliverables of an effective GTM strategy – cause poor marketing and sales outcomes.
    • Without the sales and product-aligned business case for launch called for in a successful GTM strategy, companies see low buyer adoption, wasted sales and marketing investments, and a failure to claim product and launch campaign success.

    Our Advice

    Critical Insight

    • Having an updated and compelling Go-to-Market strategy is a critical capability – as important as financial strategy, sales operations, and even corporate business development, given its huge impact on the many drivers of sustainable growth.
    • Establishing alignment through the GTM process builds long-term operational strength.
    • With a sound GTM strategy, marketers give themselves a 50% greater chance of product launch success.

    Impact and Result

    • Align stakeholders on a common vision and execution plan prior to the Build and Launch phases.
    • Build a foundation of buyer and competitive understanding to drive a successful product hypothesis, then validate with buyers.
    • Deliver a team-aligned launch plan that enables launch readiness and outlines commercial success.

    Build a More Effective Go-to-Market Strategy Research & Tools

    Build Your Go-to-Market Strategy

    Use this storyboard and its deliverables to build a baseline market, understand your buyer, and gain competitive insights. It will also help you design your initial product and business case, and align stakeholder plans to prep for build.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Build a More Effective Go-to-Market Strategy – Executive Brief

      Almost there!

      Please enter your email and a few details and you're on your way to an efficient process.

      Download

      You can always get support via our Contact options.

      ×
    • Build a More Effective Go-to-Market Strategy – Phases 1-3
    • Go-to-Market Strategy Presentation Template
    • Go-to-Market Strategy RACI and Launch Checklist Workbook
    • Product Market Opportunity Sizing Workbook
    • Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Infographic

    Workshop: Build a More Effective Go-to-Market Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Align on GTM Vision & Plan, Craft Initial Strategy

    The Purpose

    Align on GTM vision and plan; craft initial strategy.

    Key Benefits Achieved

    Confidence that market opportunity is sufficient.

    Deeper buyer understanding to drive product design and messaging and launch campaign asset design.

    Steering committee approval for next phase.

    Activities

    1.1 Outline a vision for GTM, roles required, identify Steering Committee lead, workstream leads, and teams.

    1.2 Capture GTM strategy hypothesis by working through initial draft of the Go-to-Market Strategy Presentation and business case.

    1.3 Capture team knowledge on buyer persona and journey and competitive SWOT.

    1.4 Identify info./data gaps, sources, and plan for capturing/gathering including buyer interviews.

    Outputs

    Documented Steering Committee and Working team.

    Aligned on GTM vision and process.

    Documented buyer persona and journey. Competitive SWOT analysis.

    Document team knowledge on initial GTM strategy, buyer personas, and business case.

    2 Identify Initial Business Case, Sales Forecast, and Launch Plan

    The Purpose

    Identify Initial Business Case, Sales Forecast, and Launch Plan.

    Key Benefits Achieved

    Confidence in size of market opportunity.

    Alignment of Sales and Product on product forecast.

    Assessment of marketing tech stack.

    Initial business case.

    Activities

    2.1 Size Product Market Opportunity and initial revenue forecast.

    2.2 Craft initial product hypothesis from buyer interviews including feature priorities, pricing, packaging, competitive differentiation, channel/route to market.

    2.3 Craft initial launch campaign, product release and sales and CX readiness plans.

    2.4 Identify launch budgets across each investment area.

    2.5 Discuss initial product launch business case and key activities.

    Outputs

    Product Serviceable Obtainable Market (SOM), Serviceable Available Market (SAM) and Total Available Market (TAM).

    Definition of product-market fit, uniqueness, and competitive differentiation.

    Preliminary campaign, targets, and readiness plans.

    Incremental budgets for each key stakeholder area.

    Preliminary product launch business case.

    3 Develop Launch Plans (I of II)

    The Purpose

    Develop final Launch plans and budgets in product and marketing.

    Key Benefits Achieved

    Align Product release/launch plans with the marketing campaign for launch.

    Understand incremental budgets from product and marketing for launch.

    Activities

    3.1 Apply product interviews to scope, MVP, roadmap, competitive differentiation, pricing, feature prioritization, routes to market, and sales forecast.

    3.2 Develop a more detailed launch campaign plan complete with asset-types, messaging, digital plan to support buyer journey, media buy plan and campaign metrics.

    Outputs

    Minimally Viable Product defined with feature prioritization. Product competitive differentiation documented Routes to market identified Sales forecast aligned with product team expectations.

    Marketing campaign launch plan Content marketing asset-creation/acquisition plan Campaign targets and metrics.

    4 Develop Launch Plans (II of II)

    The Purpose

    Develop final Launch Plans and budgets for remaining areas.

    Key Benefits Achieved

    Align Product release/launch plans with the marketing campaign for launch.

    Understand incremental budgets from Product and Marketing for launch.

    Activities

    4.1 Develop detailed launch/readiness plans with final budgets for: Sales enablement , Sales training, Tech stack, Customer onboarding & success, Product marketing, AR, PR, Corp Comms/Internal Comms, Customer Events, Employee Events, etc.

    Outputs

    Detailed launch plans, budgets for Product Marketing, Sales, Customer Success, and AR/PR/Corp. Comms.

    5 Present Final Business Case

    The Purpose

    To gain approval to move to Build and Launch phases.

    Key Benefits Achieved

    Align business case with Steering Committee expectations

    Approvals to Build and Launch targeted offering

    Activities

    5.1 Review final launch/readiness plans with final budgets for all key areas.

    5.2 Move all key findings into Steering Committee presentation slides.

    5.3 Present to Steering Committee; receive feedback.

    5.4 Incorporate Steering Committee feedback; update finial business case.

    Outputs

    Combined budgets across all areas. Final launch/readiness plans.

    Final Steering Committee-facing slides.

    Final approvals for Build and Launch.

    Further reading

    Build a More Effective Go-to-Market Strategy

    Maximize GTM success through deeper market and buyer understanding and competitive differentiation and launch team readiness that delivers target revenues.

    Table of Contents

    Section Title
    1 Executive Brief
    • Executive Summary
    • Analyst Perspective
    • Go-to-Market (GTM) strategy critical success factors
    • Key GTM challenges
    • Essential deliverables for GTM success
    • Benefits of a more effective GTM Strategy
    • Our methodology to support your success
    • Insight Summary
    • Blueprint deliverables and guided implementation steps
    2 Build baseline market, buyer, and competitive insights
    • Establish your team
    • Build buyer personas and journeys – develop initial messaging
    • Build initial product hypothesis
    • Size product market opportunity
    • Outline your key tech, app, and digital requirements
    • Develop your competitive differentiation
    • Select routes to market
    3 Design initial product and business case
    • Branding check
    • Formulate packaging and pricing
    • Craft buyer-valid product concept
    • Build campaign plan and targets
    • Develop budgets for creative, content, and media purchases
    • Draft product business case
    • Update GTM Strategy deck
    4 Align stakeholder plans to prep for build
    • Assess tech/tools support for all GTM phases
    • Outline sales enablement and customer success plan
    • Build awareness plan
    • Finalize business case
    • Final GTM plan deck

    Executive Brief

    Analyst Perspective

    Go-to-Market Strategy.

    A successful go-to-market (GTM) strategy aligns marketing, product, sales and customer success, sees decision making based on deep buyer understanding, and tests many basic assumptions often overlooked in today’s agile-driven product development/management environment.

    The disciplines you build using our methodology will not only support your team’s effort building and launching more successful products, but also can be modified for use in other strategic initiatives such as branding, M&A integration, expanding into new markets, and other initiatives that require a cross-functional and multidisciplined process.

    Photo of Jeff Golterman, Managing Director, SoftwareReviews Advisory.

    Jeff Golterman
    Managing Director
    SoftwareReviews Advisory

    Executive Summary

    An ineffective go-to-market strategy is often a root cause of:
    • Failure to attain new product revenue targets.
    • A loss of customer focus and poor new product/feature release buyer adoption.
    • Product releases misaligned with marketing, sales, and customer success readiness.
    • Low win rates compared to key competitors’.
    • Low contact-to-lead conversion rates.
    • Loss of executive/investor support for further new product development and marketing investments.
    		 Hurdles to go-to-market success include:
    • An unclear product-market opportunity.
    • A lack of well defined and prioritized buyer personas and needs that are well understood.
    • Poor competitive analysis that fails to pinpoint key areas of competitive differentiation.
    • Guessing at buyer journey and buyer-described ideal engagement within your lead gen engine.
    • A business case that calls for levels of customer value delivery (vs. feature MVPs) that can actually deliver wins and targeted revenue goals.
    		 Apply SoftwareReviews approach for greater GTM success.

    Our blueprint is designed to help you:

    • Align stakeholders on a common vision and execution plan prior to the build and launch phases.
    • Build a foundation of buyer and competitive understanding to drive a successful product hypothesis, then validate with buyers.
    • Deliver a team-aligned launch plan that enables launch readiness and outlines commercial success.

    SoftwareReviews Insight

    Creating a compelling go-to-market strategy, and keeping it current, is a critical software company function – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth.

    Go-to-Market Strategy Critical Success Factors

    Your GTM Strategy is where a multi-disciplined team builds a strong foundation for overall product plan, build, launch, and manage success

    A GTM Strategy is not all art and not all science but requires both. Software leaders will establish a set of core capabilities upon which they will plan, build, launch and manage product success. Executives, when resourcing their GTM strategies, will begin with:
    • Strong Program Leadership – An experienced Program Manager will guide the team through each step of GTM Strategy and test team readiness before advancing to the next step.
    • Few Shortcuts – Successful teams will have navigated the process through all steps together at least once. Then future launches can skip steps where prior decisions still hold.
    • Stakeholder Buy-In – Strong collaboration among Sales, Marketing, and Product wins the day.
    • Strong Team Skills – Success depends on having the right talent, making the right decisions, and delivering the right outcomes enabled with the right set of technologies and integrated to reach the right buyers at the right moment.
    • Discipline and perseverance – Given that GTM Strategy is not easy, it’s not surprising that 75% of marketers cite a significant level of dissatisfaction with the outcomes of their GTM plan, build, and launch phases.
    		 Diagram titled 'Go-to-Market Phases' with phases 'Manage', 'Launch', 'Build', and highlighted as 'This blueprint focus': 'Plan'.

    SoftwareReviews Advisory Insight:
    Marketers who get GTM Strategy “right” give themselves a 50% greater chance of Build and Launch success.

    Sample of the 'PLAN' section of the GTM Strategy optimization diagram shown later.

    Go-to-Market Success is Challenging

    Getting GTM right is like winning an Olympic first-place crew finish. It takes teamwork, practice, and well-functioning tools and equipment.

    Stock image of a rowing team.

    • The goal of any Go-to-Marketing Strategy is not only to do it right once, but to do it over and over consistently.
    • A lack of GTM consistency often results in decelerating growth, and a weak GTM Strategy is likely the root cause when companies observe any of the following challenges:
      • Product opportunity is unclear and well-defined business cases are lacking
      • Buyer adoption slows of new features and launch revenue targets are missed
      • Sales and marketing are not ready when development releases new features
      • Sales win/loss ratios drop as customers tell us products are not competitively differentiated
      • Loss of executive support for new product investments
    • A company experiencing any one of these symptoms will find a remedy in plugging gaps in the way they Go-to-Market.

    “Figuring out a Go-to-Market approach is no trivial exercise – it separates the companies that will be successful and sustainable from those that won’t.” (Harvard Business Review)

    Slowing growth may be due to missing GTM Strategy essentials

    Marketers – Large and Small – will further test their GTM Strategy strength by asking “Are we missing any of the following?”

    • Product, Marketing, and Sales Alignment
    • Buyer personas and journeys
    • Product market opportunity size
    • Competitively differentiated product hypothesis
    • Buyer validated commercial concept
    • Sales revenue plan and program cost budget
    • Compelling business case for build and launch

    SoftwareReviews Advisory Insight:

    Marketers will go through the GTM Strategy process together across all disciplines at least once in order to establish a consistent process, make key foundational decisions (e.g. tech stack, channel strategy, pricing structure, etc.), and assess strengths and weaknesses to be addressed. Future releases to existing products don’t need to be re-thought but instead check-listed against prior foundational decisions.

    Is Your GTM Strategy Led and Staffed Properly?

    Staffing tree outlining GTM Strategy essentials. At the top are 'Steering Committee: CEO/GM in larger company, CFO/Senior Finance, Key functional leaders'. Next is 'Program Manager: Leads the GTM program. Workstream leads are “dotted line” for the program.' Followed by 'Workstream Leads: (PM) Product Marketing – Program leadership, (PD) Product Mgt. – Aligned with PM, (MO) Marketing Ops – SMB optional, (BR) Branding/Creative – SMB optional, (CI) Competitive Intel. – SMB optional, (DG) Demand Gen./Field Marketing. – crucial, (SE) Sales Enablement – crucial, (PR) PR/AR/Comms – SMB optional, and (CS) Customer Success – SMB optional'. In a 'Large Enterprise' each role is assigned to a separate person, but in a 'Small' Enterprise each person has multiple roles. 'SMB – as employees wear many hats, teams comprise members with requisite skills vs. specific roles/titles.'

    Benefits of a more effective go-to-market strategy

    Our research shows a more effective GTM Strategy delivers key benefits, including:
    • Increased product development ROI – with a finance-aligned business case, a buyer-validated value proposition, and the readiness of marketing and sales to product launch.
    • Launch campaign effectiveness – increases dramatically when messaging resonates with buyers and where they are in their journey.
    • Seller effectiveness – increases with buyer validated value proposition, competitive differentiation, and the ability to articulate to buyers.
    • Executive support – is achieved when an aligned sales, marketing, and product team proves consistent in delivering against release targets over and over again.

    SoftwareReviews Advisory Insight:
    Many marketers experiencing the value of the GTM Steering Committee, extend its use into a “Product and Pricing Council” (PPC) in order to move product-related decision making from ad-hoc to structured, and to reinforce GTM Strategy guardrails and best practices across the company.

    		“Go-to-Market Strategies aren’t just for new products or services, they can also be used for:
    • Acquiring other businesses
    • Changing your business’s focus
    • Announcing a new feature
    • Entering a new market
    • Rebranding
    • Positioning or repositioning

    And while each GTM strategy is unique, there are a series of steps that every product marketer should follow.” (Product Marketing Alliance)

    Is your GTM Strategy optimized?

    Large detailed layout of the steps needed to 'Make Your Go-to-Market Strategy More Successful'. 'GTM Planning Success Can Be Elusive'; '75% of high-tech marketers desire a more effective GTM strategy...'. Steps: '1 Your Challenges - Are You Feeling Any of These Pains?', '2 Framework - Stay Aligned', '3 Planning - Check Your GTM Plan Steps', '4 Insight - Deliver Key Output', and '5 Results - Reap Key Benefits'. Source: SoftwareReviews, powered by Info-Tech Research Group.

    Marketers, in order to optimize a go-to-market strategy, will:

    1. Self assess for symptoms of a sub-optimized approach.
    2. Align marketing, sales, product, and customer success with a common vision and execution plan.
    3. Diagnose for missing steps.
    4. Ensure creation of key deliverables.
    5. And then be able to reap the rewards.

    Who benefits from an optimized go-to-market strategy?

    This research is designed for:
    • High-tech marketers who are:
      • Looking to improve any aspect of their go-to-market strategy.
      • Looking for a checklist of roles and responsibilities across the product planning, build, and launch processes.
      • Looking to foster better alignment among key stakeholders such as product marketing, product management, sales, field marketing/campaigners, and customer success.
      • Looking to build a stronger business case for new product development and launch.
    		 This research will help you:
    • Explain the benefits of a more effective go-to-market strategy to stakeholders.
    • Size the market opportunity for a product/solution.
    • Organize stakeholders for GTM operational success.
    • More easily present the GTM strategy to executives and colleagues.
    • Build and present a solid business case for product build and launch.
    This research will also assist:
    • High-tech marketing and product leaders who are:
      • Looking for a framework of best practices to improve and scale their GTM planning.
      • Looking to align team members from all the key teams that support high-tech product planning, build, launch, and manage.
    		 This research will help them:
    • Align stakeholders on an overall GTM strategy.
    • Coordinate tasks and activities involved across plan, build, launch, and manage – the product lifecycle.
    • Avoid low market opportunity pursuits.
    • Avoid poorly defined product launch business cases.
    • Build competence in managing cross-functional complex programs.

    SoftwareReviews’ Approach

    1

    		 Build baseline market, buyer, and competitive insights

    Sizing your opportunity, building deep buyer understanding, competitive differentiation, and routes to market are fundamental first steps.

    2

    		 Design initial product and business case

    Validate positioning and messaging against brand, develop packaging and pricing, and develop digital approach, launch campaign approach and supporting budgets across all areas.

    3

    		 Align stakeholder plans to prep for build

    Rationalize product release and concept to sales/financial plan and further develop customer success, PR/AR, MarTech, and analytics/metrics plans.

    Our methodology provides a step-by-step approach to build a more effective go-to-market strategy

    1.Build baseline market, buyer, and competitive insights 2. Design initial product and business case 3. Align stakeholder plans to prep for build
    Phase Steps
    1. Select Steering Committee, GTM team, and outline roles and responsibilities. Build an aligned vision.
    2. Build initial product hypothesis based on sales and buyer “jobs to be done” research.
    3. Size the product market opportunity.
    4. Outline digital and tech requirements to support the full GTM process.
    5. Clarify target buyer personas and the buyer journey.
    6. Identify competitive gaps, parity, and differentiators.
    7. Select the most effective routes to market.
    8. Craft initial GTM Strategy presentation for executive review and status check.
    1. Compare emerging messaging and positioning with existing brand for consistency.
    2. Formulate packaging and pricing.
    3. Build a buyer-validated product concept.
    4. Build an initial campaign plan and targets.
    5. Develop initial budgets across all areas.
    6. Draft an initial product business case.
    7. Update GTM Strategy for executive review and status check.
    1. Assess technology and tools support for GTM strategy as well as future phases of GTM build, launch, and manage.
    2. Outline support for customer onboarding and ongoing engagement.
    3. Build an awareness plan covering media, social media, and industry analysts.
    4. Finalize product business case with collaborative input from product, sales, and marketing.
    5. Develop a final executive presentation for request for approval to proceed to GTM build phase.
    Phase Outcomes
    1. Properly sized market opportunity and a unique buyer value proposition
    2. Buyer persona and journey mapping with buyer needs and competitive SWOT
    3. Tech stack modernization requirements
    4. First draft of business case
    1. Customer-validated value proposition and product-market fit
    2. Initial product business case with sales alignment
    3. Initial launch plans including budgets across all areas
    1. Key stakeholders and their plans are fully aligned
    2. Executive sign-off to move to GTM build phases

    Insight summary

    Your go-to-market strategy ability is a strategic asset

    Having an updated and compelling go-to-market strategy is a critical capability – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth.

    Build the GTM Steering Committee into a strategic decision-making body

    Many marketers experiencing the value of the GTM Steering Committee extend its use into a “Product and Pricing Council” (PPC) in order to move product-related decision making from ad-hoc to structured, and to reinforce GTM Strategy guardrails and best practices across the company.

    A strong MarTech apps and analytics stack differentiates GTM leaders from laggards

    Marketers that collaborate closely with Marketing Ops., Sales Ops., and IT early in the process of a go-to-market strategy will be best able to assess whether current website/digital, marketing applications, CRM/sales automation apps, and tools can support the complete Go-to-Market process effectively.

    Establishing alignment through the GTM process builds long term operational strength

    Marketers will go through the GTM Strategy process together across all disciplines at least once in order to establish a consistent process, make key foundational decisions (e.g. tech stack, channel strategy, pricing structure, etc.), and assess strengths and weaknesses to be addressed.

    Build speed and agility

    Future releases to existing products don’t need be re-thought but instead check-listed against prior foundational decisions.

    GTM Strategy builds launch success

    Marketers who get GTM Strategy “right” give themselves a 50% greater chance of build and launch success.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Go-to-Market Strategy Presentation Template

    Capture key findings for your GTM Strategy within the Go-to-Market Strategy Presentation Template.

    Sample of the key deliverable, the Go-to-Market Strategy Presentation Template.

    Go-to-Market Strategy RACI and Launch Checklist Workbook

    Includes a RACI model and launch checklist that helps scope your working team’s roles and responsibilities.

    		Sample of the Go-to-Market Strategy RACI and Launch Checklist Workbook deliverable.

    Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Capture launch incremental costs that, when weighed against the forecasted revenue, illustrate gross margins as a crucial part of the business case.

    		Sample of the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook deliverable.

    Product Market Opportunity Sizing

    While not a deliverable of this blueprint per se, the Product Market Opportunity blueprint is required.

    		Sample of the Product Market Opportunity Sizing deliverable. This blueprint calls for downloading the following additional blueprint:

    Buyer Persona and Journey blueprint

    While not a deliverable of this blueprint per se, the Buyer Persona and Journey blueprint is required

    		Sample of the Buyer Persona and Journey blueprint deliverable.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
    Included within advisory membership Optional add-ons

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.

    For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.

    Your engagement managers will work with you to schedule analyst calls.

    What does our GI on Build a More Effective Go-to-Market Strategy look like?

    Build baseline market, buyer, and competitive insights

    Design initial product and business case

    Align stakeholder plans to prep for build
    Call #1: Share GTM vision and outline team activities for the GTM Strategy process. Plan next call – 1 week.

    Call #2: Outline product market opportunity approach and steps to complete. Plan next call – 1 week.

    Call #3: Hold a series of inquiries to do a modernization check on tech stack. Plan next call – 2 weeks.

    Call #4: Discuss buyer interview process, persona, and journey steps. Plan next call – 2 weeks.

    Call #5: Outline competitive differentiation analysis, routes to market, and review of to-date business case. Plan next call – 1 week.

    		Call #6: Discuss brand strength/weakness, pricing, and packaging approach. Plan next call – 3 weeks.

    Call #7: Outline needs to craft assets with right messaging across campaign launch plan and budget. Outline needs to create plans and budgets across rest of marketing, sales, CX, and product. Plan next call – 1 week.

    Call #8: Review template and approach for initial business case and sales and product alignment. Plan next call – 1 week.

    Call #9: Review initial business case and launch plans across marketing, sales, CX, and product. Plan next call – 1 week.

    		Call #10: Discuss plans/needs/budgets for tech stack modernization. Plan next call – 3 days.

    Call #11: Discuss plans/needs/budgets for CX readiness for launch. Plan next call – 3 days.

    Call #12: Discuss plans/needs/budgets for digital readiness for launch. Plan next call – 3 days.

    Call #13: Discuss plans/needs/budgets for marketing and sales readiness for launch. Plan next call – 3 days.

    Call #14: Review final business case and coach on Steering Committee Presentation. Plan next call – 1 week.

    A Go-to-Market Workshop Overview
    Contact your engagement manager for more information.
    Day 1 Day 2 Day 3 Day 4 Day 5
    Align on GTM Vision & Plan, Craft Initial Strategy
    Identify Initial Business Case, Sales Forecast and Launch Plan
    Develop Launch Plans (i of ii)
    Develop Launch Plans (ii of ii)
    Present Final Business Case to Steering Committee
    Activities

    1.1 Outline a vision for GTM and roles required, identify Steering Committee lead, workstream leads, and teams.

    1.2 Capture GTM strategy hypothesis by working through initial draft of GTM Strategy Presentation and business case.

    1.3 Capture team knowledge on buyer persona and journey and competitive SWOT.

    1.4 Identify information/data gaps and sources and plan for capturing/gathering including buyer interviews.

    Plan next day 2-3 weeks after buyer persona/journey interviews.

    2.1 Size product market opportunity and initial revenue forecast.

    2.2 Craft initial product hypothesis from buyer interviews including feature priorities, pricing, packaging, competitive differentiation, and channel/route to market.

    2.3 Craft initial launch campaign, product release, sales, and CX readiness plans.

    2.4 Identify launch budgets across each investment area.

    2.5 Discuss initial product launch business case and key activities.

    Plan next day 2-3 weeks after product hypothesis-validation interviews with customers and prospects.

    3.1 Apply product interviews to scope, MVP, and roadmap competitive differentiation, pricing, feature prioritization, routes to market and sales forecast.

    3.2 Develop more detailed launch campaign plan complete with asset-types, messaging, digital plan to support buyer journey, media buy plan and campaign metrics.

    4.1 Develop detailed launch/readiness plans with final budgets for:

    • Sales enablement
    • Sales training
    • Tech stack
    • Customer onboarding & success
    • Product marketing
    • AR
    • PR
    • Corp comms/Internal comms
    • Customer events
    • Employee events
    • etc.

    5.1 Review final launch/readiness plans with final budgets for all key areas.

    5.2 Move all key findings up into Steering Committee presentation slides.

    5.3 Present to Steering Committee, receive feedback.

    5.4 incorporate Steering Committee feedback; update finial business case.

    Deliverables
    1. Documented Steering Committee and working team, aligned on GTM vision and process.
    2. Document team knowledge on initial GTM strategy, buyer persona and business case.
    1. Definition of product market fit, uniqueness and competitive differentiation.
    2. Preliminary product launch business case, campaign, targets, and readiness plans.
    1. Detailed launch plans, budgets for product and marketing launch.
    1. Detailed launch plans, budgets for product marketing, sales, customer success, and AR/PR/Corp. comms.
    1. Final GTM Strategy, launch plan and business case.
    2. Approvals to move to GTM build and launch phases.

    Build a More Effective Go-to-Market Strategy

    Phase 1

    Build baseline market, buyer, and competitive insights

    Phase 1

    1.1 Select Steering Cmte/team, build aligned vision for GTM

    1.2 Buyer personas, journey, initial messaging

    1.3 Build initial product hypothesis

    1.4 Size market opportunity

    1.5 Outline digital/tech requirements

    1.6 Competitive SWOT

    1.7 Select routes to market

    1.8 Craft GTM Strategy deck

    		Phase 2

    2.1 Brand consistency check

    2.2 Formulate packaging and pricing

    2.3 Craft buyer-valid product concept

    2.4 Build campaign plan and targets

    2.5 Develop cost budgets across all areas

    2.6 Draft product business case

    2.7 Update GTM Strategy deck

    		Phase 3

    3.1 Assess tech/tools support for all GTM phases

    3.2 Outline sales enablement and Customer Success plan

    3.3 Build awareness plan

    3.4 Finalize business case

    3.5 Final GTM Plan deck

    This phase will walk you through the following activities:

    • Steering Committee and Team formulation
    • A vision for go-to-market strategy
    • Initial product hypothesis
    • Market Opportunity sizing
    • Tech stack/digital requirements
    • Buyer persona and journey
    • Competitive gaps, parity, differentiators
    • Routes to market
    • GTM Strategy deck

    This phase involves the following stakeholders:

    • Steering Committee
    • Working group leaders

    To complete this phase, you will need:

    Go-to-Market Strategy Presentation Template Go-to-Market Strategy RACI and Launch Checklist Workbook Buyer Persona and Journey blueprint Product Market Opportunity Sizing Workbook
    Sample of the Go-to-Market Strategy Presentation Template deliverable. Sample of the Go-to-Market Strategy RACI and Launch Checklist Workbook deliverable. Sample of the Buyer Persona and Journey blueprint deliverable. Sample of the Product Market Opportunity Sizing Workbook deliverable.
    Use the Go-to-Market Strategy Presentation Template to document the results from the following activities:
    • Documenting your GTM Strategy stakeholders
    • Documenting your GTM Strategy working team
    		 Use the Go-to-Market Strategy RACI and Launch Checklist Workbook to:
    • Review the scope of roles and responsibilities required
    • Document the roles and responsibilities of your teams
    		 Use the Buyer Persona and Journey blueprint to:
    • Interview sales and customers/prospects to inform product concepts, understand persona and later, flush out buyer journey
    		 Use the Product Market Opportunity Sizing blueprint to:
    • Project Serviceable Obtainable Market (SOM), Serviceable Available Market (SAM), and Total Available Market (TAM) from your current penetrated market

    Step 1.1

    Identify a GTM Program Steering Committee and Team. Build an Aligned Vision for Your Go-to-Market Strategy Approach

    Activities
    • 1.1.1 Identify the Steering Committee of key stakeholders whose support will be critical to success
    • 1.1.2 Select your go-to-market strategy program team
    • 1.1.3 Discuss an overview of the GTM process and program roles and responsibilities with stakeholders and GTM workstream leads
    • 1.1.4 Develop a Go-to-Market launch, tiering, time-line, and overall program plan
    • 1.1.5 Work with each workstream lead on their overall project plan and incremental budget requirements

    This step will walk you through the following activities:

    • Identify stakeholders – your Steering Committee
    • Identify team members
    • Present a vision of GTM Strategy

    This step involves the following participants:

    • Steering Committee
    • Program workstream leads

    Outcomes of this step

    • Steering Committee identified
    • Team members identified
    • All aligned on the GTM process
    • Go-to-market strategy timeline and program plan
    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals
    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    1.1.1 Identify stakeholders critical to success

    1-2 hours

    Input: Steering Committee interviews, Recognition of Steering Committee interest

    Output: List of GTM Strategy stakeholders as Steering Committee members

    Materials: Following slide outlining the key responsibilities required of the Steering Committee members, A high-Level timeline of GTM Strategy phases and key milestone meetings

    Participants: CMO, sponsoring executive, Functional leads - Marketing, Product Marketing, Product Management, Sales, Customer Success

    1. The GTM Strategy initiative manager should meet with the CMO to determine who will comprise the Steering Committee for your GTM Strategy.
    2. Finalize selection of steering committee members.
    3. Meet with members to outline their roles and responsibilities and ensure their willingness to participate.
    4. Document the steering committee members and the milestone/presentation expectations for reporting project progress and results.

    SoftwareReviews Advisory Insight:
    Go To Market Steering Committee’s can become an important ongoing body to steer overall product, pricing and other GTM decisions. Some companies have done so by adding the CEO and CFO to this committee and designated it as a permanent body that meets monthly to give go/no decisions to “all things product related” across all products and business units. Leaders that use this tool well, stay aligned, demonstrate consistency across business units and leverage outcomes across business units to drive greater scale.

    Go-to-Market Strategy Stakeholders

    Understand that aligning key stakeholders around the way your company goes to market is an essential company function.

    Title Key Roles Supporting an Effective Go-to-Market Strategy
    Go-to-Market Strategy Sponsor
    • Owns the function at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with organizational strategy
    • CMO, VP of Marketing, and in SMB Providers, the CEO
    Go-to-Market Strategy Program Manager
    • Typically a senior member of the marketing team
    • Responsible for organizing the GTM Strategy process, preparing summary executive-level communications and approval requests
    • Program manages the GTM Strategy process, and in many cases, the continued phases of build and launch.
    • Product Marketing Director, or other marketing director, that has strong program management skills, has run large scale marketing and/or product programs, and is familiar with the stakeholder roles and enabling technologies
    Functional Workstream Leads
    • Works alongside the Go-to-Market Strategy Initiative Manager on a specific product launch, campaign, rebranding, new market development, etc. and ensures their functional workstreams are aligned with the GTM Strategy
    • With typical GTM B2B a representative from each of the following functions will comprise the team:
      • Product Marketing, Product Management, Field Marketing, Creative, Marketing Ops/Digital, PR/Corporate Comms/AR, Social Media Marketing, Sales Operations, Sales Enablement/Training, and Customer Success
    Digital, Marketing/Sales Ops/IT Team
    • Comprised of individuals whose application and tech tools knowledge and skills are crucial to supporting the entire marketing tech stack and its integration with Sales/CRM
    • Responsible for choosing technology that supports the business requirements behind Go-to-Market Strategy, and eventually the build and launch phases as well
    • Digital Platforms, CRM, Marketing Applications and Analytics managers
    Steering Committee
    • Comprised of C-suite/management-level individuals that guide key decisions, approve of requests, and mitigate any functional conflicts
    • Responsible for validating goals and priorities, defining the scope, enabling adequate resourcing, and managing change especially among C-level leaders in Sales & Product
    • CMO, CTO/CPO, CRO, Head of Customer Success

    Download the Go-to-Market Strategy Presentation Template

    Roles vary by company size. Launch success depends on clear responsibilities

    Sample of the Go-to-Market Strategy RACI and Launch Checklist Workbook.

    Download the Go-to-Market Strategy RACI and Launch Checklist Workbook

    		Success improves when you align & assign
    • Go-to-Market, build, and launch success improves when:
      • Phases and steps are outlined
      • Key activities are documented
      • Roles/functions are described
      • At the intersection of activities and role, whether the role is “Responsible,” “Accountable,” “Consulted,” or “Informed” is established across the team
    • Leaders will hold a workshop to establish RACI that fits with the scope and scale of your organization.
    • Confusion, conflict, and friction can be dramatically reduced/eliminated with RACI adoption and practice.
    • Review the RACI model and launch checklist within the Go-to-Market Strategy RACI and Launch Checklist Workbook in order to identify the full scope of roles and responsibilities needed.

    Go-to-Market Strategy Working Team

    Consider the skills and knowledge required for GTM Strategy as well as build and launch functions when choosing teams.

    Work with functional leaders to select workstream leads

    Workstream leads should be strong in collaboration, coordination of effort among others, knowledgeable about their respective function, and highly organized as they may be managing a team of colleagues within their function to deliver their responsible portion of GTM.

    Required Skills/Knowledge

    • Target Buyer
    • Product Roadmap
    • Brand
    • Competitors
    • Campaigns/Lead Gen
    • Sales Enablement
    • Media/Analysts
    • Customer satisfaction

    Suggested Functions

    • Product Marketing
    • Product Management
    • Creative Director
    • Competitive Intelligence
    • Demand Gen./Field Marketing
    • Sales Ops/Training/Enablement
    • PR/AR/Corporate Comms.
    • Customer Success
    Roles Required in Successful GTM Strategy
    For SMB companies, as employees wear many different hats, assign people that have the requisite skills and knowledge vs. the role title.

    Download the Go-to-Market Strategy RACI and Launch Checklist Workbook

    1.1.2 Select the GTM Strategy working team

    1-2 hours

    Input: Stakeholders and leaders across the various functions outlined to the left

    Output: List of go-to-market strategy team members

    Materials: Go-to-Market Strategy Workbook

    Participants: Initiative Manager, CMO, Sponsoring executive, Departmental Leads – Sales, Marketing, Product Marketing, Product Management (and others), Marketing Applications Director, Senior Digital Business Analyst

    1. The GTM Strategy Initiative Manager should meet with the GTM Strategy Sponsor and functional leaders of workstream areas/functions to determine which team members will serve as Steering Committee members and who will serve as workstream leads.
    2. The working team for your go-to-market strategy should have the following roles represented in the working team:
      • Depending on the initiative and the size of the organization, the team will vary.
      • Key business leaders in key areas – Product Marketing, Field Marketing, Digital Marketing, Inside Sales, Sales, Marketing Ops., Product Management, and IT – should be involved.
    3. Document the members of your go-to-market strategy team in the Go-to-Market Strategy Presentation slide entitled “Our Team.”

    Download the Go-To-Market Strategy RACI and Launch Checklist Workbook

    1.1.3 Develop a timeline for key milestones

    1 hour

    Timeline for Key Milestones with row headers 'Go-to-Market Phases', 'Major Milestones', and 'Key Phase Activities'. The phases (each column) and their associated activities are 'PLAN - Create buyer-validated product concept, size opportunity, and build business case', 'BUILD - Build product and enable readiness across the rest of marketing sales and customer success', 'LAUNCH - Release product, launch campaigns, and measure progress toward objectives', and then post-phase is 'MANAGE'. Notes in the 'Major Milestones' row: 'Outline key dates', 'Update with 'Today's Date' as you make progress', and 'Use GTM Plan major milestones or create your own'.

    GTM Program Managers:

    1. Will establish key program milestones working collaboratively with the Steering Cmte. and workstream leads.
    2. Outline key ”Market-facing” or external deliverables & dates, as well as internal.
    3. More detailed deliverable plans are called for working with workstream leads.
    4. This high-level overview will be used in regular Steering Cmte. and working team meets
    5. Record in the Go-to-Market Strategy Presentation

    Download the Go-to-Market Strategy Presentation Template

    1.1.5 Share your GTM strategy vision with your team

    1-2 hours

    Input: N/A

    Output: Team understanding of an effective go-to-market strategy, team roles and responsibilities and initial product and launch concept.

    Materials: The Build a More Effective Go-to-Market Strategy Executive Brief

    Participants: GTM Program Manager, CMO, Sponsoring executive, Workstream leads

    1. Download the Build a More Effective Go-to-Market Strategy Executive Brief and add the additional slides on Team Composition and Key Milestones you have created in prior steps as appropriate.
    2. Convene the Steering Committee and Working Team and take them through the Build a More Effective Go-to-Market Strategy Executive Brief with your additional slides to:
      1. Communicate team composition, roles and responsibilities, and key GTM Strategy program milestones.
      2. Educate them on what comprises a complete GTM Strategy from the Executive Brief.
    3. Optional: As a SoftwareReviews Advisory client, invite a SoftwareReviews analyst to present the Executive Brief if that is of help to you and your team.

    Go to the Build a More Effective Go-to-Market Strategy Executive Brief

    GTM program managers and workstream leads will collaborate on detailed project plans

    Timeline titled 'Workstreams Status' with a legend of shapes and colors, activities listed as row headers, timeline sections 'EXPLORE', 'DESIGN', 'ALIGN', and 'BUILD', and a column at the end of the timelines for the name of the workstream lead. Notes: 'Change names to actual workstream. Create separate pages for each', 'Overlay colored bars to indicate on/off track', 'Describe major deliverables & due dates', 'Outline major milestones', 'Update with your actual month and week-ending dates', 'Add workstream lead names'.

    Program managers will:

    • Outline an overall more detailed way of tracking GTM program workstreams, key dates and on/off track status

    Program managers & workstream leads will:

    • Call out each key workstream and workstream lead
    • Outline key deliverables and due dates
    • Track weekly for communicating status to Steering Cmte and working team meetings

    Use the Launch Checklist when building out full project plans

    Sample Launch Checklist table with project info above, and table columns 'Component', 'Owner', 'Start Date', 'Finish Date', 'G2M Plan', and 'Build'.

    Download the Go-to-Market Strategy RACI and Launch Checklist Workbook

    		Continuous improvement is enabled with a repeatable process
    • With ownership assigned and set-back schedules in place, product marketing and management leaders can take the guesswork out of the GTM plan and build and launch process for the entire team.
    • “Lighter” versions are created for lower-tier releases.
    • Checklists ensure “we haven’t missed anything” and drive clarity among the team.
    • Articulating where we are now and what’s next increases management confidence.
    • Rinse and repeat improves overall quality and drives scale.

    1.1.6 Develop a project plan for each workstream

    Work with your workstream leads to see them develop a detailed project plan that spans all their deliverables for a GTM Strategy
    1. It’s essential that GTM initiative managers can rely upon workstream leads to provide the status of their respective workstreams in a shared environment for easy weekly updating and reporting.
    2. We suggest the following approach:
      1. GTM initiative managers should maintain a copy of the GTM Strategy Presentation in a shared drive so workstream leads can provide updates.
      2. Workstream leads should work with their GTM initiative manager to populate a version of the workstream tracker shown on the previous slide that enables team status reporting.
      3. Additional slides that actually show “work completed” (e.g. images of assets created, training plans, screen caps of software functionality, etc.) should be reviewed each week as well.
      4. GTM initiative leaders/program managers are advised to summarize the to-date work completed across the team into the Go-To-Market Product and Launch Business Case slides to demonstrate progress to the Steering Committee.
    3. The goal is to keep tracking manageable. Because status is most easily shown during Steering Committee and Working Team meetings using PowerPoint, we recommend a simple approach to program management by using PowerPoint.
    		 Using the Go-to-Market Strategy Presentation:
    3-4 hours Initial, 1-2 hours weekly
    1. Work with your workstream leads to create a slide for each workstream that will contain all the key milestones.
    2. Some teams will choose to use project management software, others a PowerPoint representation, which makes for easy presentation during status meets.
    3. Use the following resources:
      • In the Go-to-Market Strategy RACI and Launch Checklist Workbook, reference the Launch Checklist.
      • In the Go-to-Market Presentation, use the Appendix slides and complete for each workstream.
    4. The GTM initiative manager must be able to track status with workstream leads and present status to the rest of the team during Steering Committee and workstream lead meetings.

    Download the Go-to-Market Strategy Presentation Template

    Download the Go-To-Market Strategy RACI and Launch Checklist Workbook

    Step 1.2

    Hold Interviews With Sales Then Customers and Prospects to Inform Your Initial Product Concept

    Activities
    • 1.2.1 Use the SoftwareReviews Buyer Persona and Journey Interview Guide and Data Capture Tool found within the SoftwareReviews Buyer Persona and Journey blueprint.
    • 1.2.2 Follow the instructions within the above blueprint and hold interviews with Sales and customers and prospects to inform your buyer persona, initial product hypothesis, and buyer journey.
    • 1.2.3 Flush out the initial product and launch concept using the slides found within the Go-to-Market Strategy Presentation Template. You will continually refine the Go-to-Market Strategy Presentation Template such that you turn the Product and Launch descriptions into a business case for product build and launch. We advise you and your team to populate the slides to begin to inform an initial concept, then hold interviews with Sales, customers, and prospects to refine. The best way to capture customer and prospect insights is to use the Buyer Persona and Journey blueprint.

    This step will walk you through the following activities:

    • Schedule time with sales/sales advisory to flush out the product concept
    • Develop your customer and prospect interviewee list
    • Consolidate findings for your GTM Strategy program slide deck

    This step involves the following participants:

    • Sales/sales advisory, product management, initiative leader (product marketing)
    • Customers and prospects

    Outcomes of this step

    • Guidance from sales on product concept
    • Initial guidance from customers and prospective buyers
    • Agreement to proceed further

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    Documenting buyer personas enables success beyond marketing

    Documenting buyer personas has several essential benefits to marketing, sales, and product teams:
    • Achieve a better understanding of your target buyer – by building a detailed buyer persona for each type of buyer and keeping it fresh, you take a giant step in becoming a customer-centric organization.
    • Align the team on a common definition – will happen when you build buyer personas collaboratively and among teams that touch the customer.
    • Improved lead generation – increases dramatically when messaging and marketing assets across your lead generation engine better resonate with buyers because you have taken the time to understand them deeply.
    • More effective selling – is possible when sellers apply persona development output to their interactions with prospects and customers.
    • Better product-market fit – increases when product teams more deeply understand for whom they are designing products. Documenting buyer challenges, pain points, and unmet buyer needs gives product teams what they need to optimize product adoption.
    		 “It’s easier buying gifts for your best friend or partner than it is for a stranger, right? You know their likes and dislikes, you know the kind of gifts they’ll have use for, or the kinds of gifts they’ll get a kick out of. Customer personas work the same way. By knowing what your customer wants and needs, you can present them with content targeted specifically to those wants and needs.” (Emma Bilardi, Product Marketing Alliance, July 8, 2020)

    Buyer persona attributes that need defining

    A well defined buyer persona enables us to:

    • Clarify target org-types, identify buying decision makers and key personas, and determine how they make decisions
    • Align colleagues around a common definition of target buyer(s) to drive improvements in messaging and engagement across marketing, sales, and customer success
    • Identify specific asset-types and tools that, when activated within our lead gen engine and in the hands of sellers, helps a buyer move through a decision process
    Functional – “to find them”
    Job Role Titles Org Chart Dynamics Buying Center Firmographics

    Emotive – “what they do and jobs to be done”
    Initiatives – What programs/projects the persona is tasked with and what are their feelings and aspirations about these initiatives? Motivations? Build credibility? Get promoted? Challenges – Identify the business issues, problems, and pain points, that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? Buyer need – They may have multiple needs; which need is most likely met with the offering? Terminology – What are the keywords/phrases they organically use to discuss the buyer need or business issue?

    Decision Criteria – “how they decide”
    Buyer role – List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). Evaluation and decision criteria – The lens, either strategic, financial, or operational, through which the persona evaluates the impact of purchase.

    Solution Attributes – “what the ideal solution looks like”
    Steps in “Jobs to be Done” Elements of the “Ideal Solution” Business outcomes from ideal solution Opportunity scope – other potential users Acceptable price for value delivered Alternatives that see consideration Solution sourcing – channel, where to buy

    Behavioral Attributes – “how to approach them successfully”
    Content preferences – List the persona’s content preferences, could be blog, infographic, demo, video, or other, vs. long-form assets (e.g. white paper, presentation, analyst report). Interaction preferences – Which among in-person meetings, phone calls, emails, video conferencing, conducting research via web, mobile, and social. Watering holes – Which physical or virtual places do they go to network or exchange info with peers e.g. LinkedIn, etc.

    Buyer journeys are constantly shifting

    If you haven’t re-mapped buyer journeys recently, you may be losing to competitors that have. Leaders re-map buyer journeys frequently.
    • The multi-channel buyer journey is constantly changing – today’s B2B buyer uses industry research sites, vendor content marketing assets, software reviews sites, contacts with vendor salespeople, events participation, peer networking, consultants, emails, social media sites, and electronic media to research purchasing decisions.
    • COVID has dramatically decreased face-to-face – we estimate a B2B buyer spent between 20-25% more time online researching software buying decisions in 2021 than they did pre-COVID. This has diminished the importance of face-to-face selling and has given dramatic rise to digital selling and outbound marketing.
    • Content marketing has exploded – but without mapping the buyer journey and knowing where (by channel) and when (which buyer journey step) to offer content marketing assets, we will fail to convert prospects into buyers.

    SoftwareReviews Advisory Insight:
    Marketers are advised to update their buyer journey annually and with greater frequency when the human vs. digital mix is effected due to events such as COVID, and as emerging media such as Augmented Reality shifts asset-type usage and engagement options.

    		“Two out of three B2B buyers today prefer remote human interactions or digital self service.

    And during August 2020-February 2021, use of digital self service leapt by 10%” (McKinsey & Company, 2021.)

    Challenges of not mapping persona and journey

    A lack of buyer persona and journey understanding is frequently the root cause of the following symptoms:
    • Lead generation results are way below expectations.
    • Inconsistent product-market fit.
    • Sellers have low success rates doing discovery with new prospects.
    • Website abandonment rates are really high.
      •

    These challenges are often attributed to messaging and talk tracks that fail to resonate with prospects and products that fail to meet the needs of targeted buyers.

    SoftwareReviews Advisory Insight:
    Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.

    		“Forty-four percent of B2B marketers have already discovered the power of personas.” (Boardview, 2016.)

    1.2.1 Interview Sales and customers/prospects

    12 - 15 Hours, over course of 2-3 weeks

    Input: Insights from Sellers, Insights from customers and prospects

    Output: Completed slides outlining buyer persona, buyer journey, overall product concept, and detailed features and capabilities needed

    Materials: Create a Buyer Persona and Journey blueprint, Go-to-Market Strategy Presentation

    Participants: Product management lead, GTM Program Manager, Select sellers, Workstream leads that wish to participate in interviews

    1. Using the Create a Buyer Journey and Persona Journey blueprint:
      • Follow the instructions to interview a group of Sellers, and most importantly, several customers and prospects
        • For this stage in the GTM Strategy process, the goal is to validate your initial product and launch concept.
        • We urge getting through all the interview questions with interviewees as the answers inform:
          • Product market fit and Minimal Viable Product
          • Competitive differentiation
          • Messaging, positioning, and campaign targeting
          • Launch campaign asset creation.
      • Place summary findings into the Go-to-Market Strategy Presentation, and for reference, place the Buyer Persona and Journey Summaries into the Go-to-Market Strategy Presentation Appendix.

    Download the Go-to-Market Strategy Presentation Template

    Download the Create a Buyer Journey and Persona Journey blueprint

    Step 1.3

    Update Your Product Concept

    Activities
    • 1.3.1 Based on Sales and Customer/Prospect interviews, update:
      • Your product concept slide
      • Detailed prioritization of features and capabilities

    This step calls for the following activities:

    • Update the product concept slide based on interview findings
    • Update/create the stack-ranking of buyer requested feature and capability priorities

    This step involves the following participants:

    • Product management lead
    • GTM initiative leader
    • Select workstream leads who sat in on interview findings

    Outcomes of this step

    • Advanced product concept
    • Prioritized features for development during Build phase
    • Understanding of MVP to deliver customer value and deal “wins”

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    1.3.1 Update Product and Launch concept

    2 Hours

    Input: Insights from Sellers, Insights from customers and prospects

    Output: Completed slides outlining product concept and detailed features and capabilities needed

    Materials: Go-to-Market Strategy Presentation

    Participants: Product management lead, GTM Program Manager, Select sellers, Workstream leads that wish to participate in interviews

    1. Using the Go-to-Market Strategy Presentation:
      • With interview findings, update the Product and Launch Concept, Buyer Journey, and Capture Key Features/Capabilities of High Importance to Buyers slides

    Download the Go-to-Market Strategy Presentation Template

    Product and Launch Concept

    At this early stage, summarize findings from concept interviews to guide further discovery, as well as go-to-market concepts and initial campaign concepts in upcoming steps.

    Job Function Attributes

    Target Persona(s):
    Typical Title:
    Buying Center/functional area/dept.:

    Firmographics:
    Industry specific/All:
    Industry subsegments:
    Sizes (by revenues, # of employees):
    Geographical focus:

    Emotive Attributes

    Initiative descriptions: Buyer description of project/program/initiative. What terms used?

    Business issues: What are the business issues related to this initiative? How is this linked to a CEO-level mission-critical priority?

    Key challenges: What business/process hurdles need to be overcome?

    Pain points: What are the pain points to the business/personally in their role related to the challenges that drove them to seek a solution?

    Success motivations: What motivates our persona to be successful in this area?

    Solution and Opportunity

    Steps to do the job: What are the needed steps to do this job today?

    Key features and capabilities: What are the key solution elements the buyer sees in the ideal solution? (See additional detail slide with prioritized features.)

    Key business outcomes: In business terms, what value (e.g. cost/time/FTE savings, deals won, smarter, etc.) is expected by implementing this solution?

    Other users/opportunities: Are there other users in the role team/company that would benefit from this solution?

    Pricing/Packaging

    What is an acceptable price to pay for this solution? Based on financial benefits and ROI hurdles, what’s a good price to pay? A high price? What are packaging options? Any competitive pricing to compare?

    Alternatives/Competition

    What are alternatives to this solution: How else would you solve this problem? Are there other solutions you’ve investigated?

    Channel Preferences

    Where would it be most convenient to buy?: Direct from provider? Channel partner/reseller? Download from the web?

    Decision Criteria Attributes

    Decision maker – Role, criteria/decision lens:
    User(s) – Role, criteria/decision lens:
    Influencer(s) – Role, criteria/decision lens:
    Ratifier(s) – Role, criteria/decision lens:

    Behavioral Attributes

    Interaction preferences: Best way for us to reach this role? Email? At events? Texting? Video calls?

    Content types: Which content types (specifics; videos, short blog/article, longer whitepapers, etc.) help us stay educated about this initiative area?

    Content sources: What news, data, and insight sources (e.g. specifics) do you use to stay abreast of what’s important for this initiative area?

    Update the Go-to-Market Strategy Presentation with findings from Sales and customer/prospect interviews.

    Capture key features/capabilities of high importance to buyers

    Ask buyers during interviews, as outlined in the Buyer Persona and Journey blueprint, to describe and rate key features by need. You will also review with buyers during the GTM Build phase, so it’s important to establish high priority features now.

    Example bar chart for 'Buyer Feature Importance Ratings' where 'Buyer Need' is rated for each 'Feature'.
    • List key feature areas for buyer importance rating.
    • Establish a rating scheme.
        E.g. a rating of:
      • 4.5 or higher = critical ROI driver
      • 3.5 to 4.5 = must haves
      • 2 to 3.5 = nice to have
      • Less than 2 = low importance
    • Have buyers rate each possible feature 0-5 after explaining the rating scheme. Ask – are we missing any key features?
    • Update this slide, found within the Go-to-Market Strategy Presentation, with customer/prospect interview findings.
    Perform the same buyer interviews for non-feature “capabilities” such as:
    • Ease of use, security, availability of training, service model, etc. – and other “non-feature” areas that you need for your product hypothesis.

    Step 1.4

    Size the Product Market Opportunity

    Activities
    • 1.3.1 Based on the product concept, size, and the product market opportunity and with a focus on your “Obtainable Market”:
      • Clarify the definitions used to size market opportunity.
      • Source data both internally and externally.
      • Calculate the available, obtainable market for your software product.

    This step will walk you through the following activities:

    • Review market sizing definitions and identify required data
    • Identify the target market for your software application
    • Source market and internal data that will support your market sizing
    • Document and validate with team members

    This step involves the following participants:

    • GTM initiative leader
    • CMO, select workstream leads

    Outcomes of this step

    • Definitions on market sizing views
    • Data sourcing established
    • Market sizing and estimated penetration calculations

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    Market opportunity sizing definitions

    Your goal is to assess whether or not the opportunity is significantly sized and if you are well positioned to capture it

    1. This exercise is designed to help size the market opportunity for this particular product GTM launch and not the market opportunity for the entire product line or company. First a few market sizes to define:
      1. Penetrated – is your current revenues and can be expressed in your percentage vs. competitors’.
      2. Serviceable Obtainable Market (SOM) – larger than your currently penetrated market, and a percentage of SAM that can realistically be achieved. It accounts for your current limitations to reach and your ability to sell to buyers. It is restricted by your go-to-market ability and reduced by competitive market share. SOM answers: What increased market can we obtain by further penetrating accounts within current geographical coverage and go-to-market abilities and within our ability to finance our growth?
      3. Serviceable Available Market (SAM) – larger than SOM yet smaller than TAM, SAM accounts for current products and current go-to-market capabilities and answers: What if every potential buyer bought the products we have today and via the type of go-to-market (GTM) especially geographical coverage, we have today? SAM calls for applying our current GTM into unpenetrated portions of currently covered customer segments and regions.
      4. Total Available Market (TAM) – larger than SAM, TAM sizes a market assuming we could penetrate other customer segments within currently covered regions without regard for resources, capabilities, or competition. It answers the question: If every potential buyer within our available market – covered regions – bought, how big would the market be?
      5. Total Global Market – estimates market opportunity if all orgs in all segments and regions bought – with full disregard for resources and without the restrictions of our current GTM abilities.
      6. Develop your market opportunity sizing using the Product Market Opportunity Sizing Workbook.

    Download the Product Market Opportunity Sizing Workbook

    SoftwareReviews Advisory Insight:
    Product marketers that size the product market opportunity and account for the limitations posed by competitors, current sales coverage, brand permission, and awareness, provide their organizations with valuable insights into which inhibitors to growth should be addressed.

    Visualization of market opportunity sizes as circles within bigger circles, 'Penetrated Market' being the smallest and 'Global Market' being the largest.

    1.4.1 Size the product market opportunity

    Your goal is two-fold: Determine the target market size, and develop a realistic 12–24 month forecast to support your business case
    1. Open the Product Market Opportunity Sizing Workbook.
    2. Follow the instructions within.
    3. When finished, download the Go-to-Market Strategy Presentation and update the Product Market Opportunity Size slide with your calculated Product Market Opportunity Size.

    Download the Product Market Opportunity Sizing Workbook

    Download the Go-to-Market Strategy Presentation Template

    “Segmentation, targeting and positioning are the three pillars of modern marketing. Great segmentation is the bedrock for GTM success but is overlooked by so many.” (Product Marketing Alliance)

    Step 1.5

    Outline Digital and Tech Requirements

    Activities

    Designing your go-to-market strategy does not require a robust customer experience management (CXM) platform, but implementing your strategy during the next steps of Go-to-Market – Build then Launch – certainly does.

    Review info-Tech’s CXM blueprint to build a more complete, end-to-end customer interaction solution portfolio that encompasses CRM alongside other critical components.

    The CXM blueprint also allows you to develop strategic requirements for CRM based on customer personas and external market analysis called for during your GTM Strategy design.

    Diagram of 'Customer Relationship Management' surrounded by its components: 'Web Experience Management Platform', 'E-Commerce & Point-of-Sale Solutions', 'Social Media Management Platform', 'Customer Intelligence Platform', 'Customer Service Management Tools', and 'Marketing Management Suite'.

    These steps outlined in the CXM blueprint, will help you:

    • Assess your CRM application(s) and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.
    • Validate CRM capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy
    • Pull this all together to develop a prioritized optimization roadmap.

    This step involves the following participants:

    • Marketing Operations, Digital, IT
    • Project workstream leads as appropriate

    Outcomes of this step

    • After inquiries with appropriate analysts, client will be able to assess what new application and technology support is required to support Go To Market process.

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    Step 1.6

    Identify features and capabilities that will drive competitive differentiation

    Activities
    • 1.6.1 Hold a session with key stakeholders including sales, customer success, product, and product marketing to develop a hypothesis of features and capabilities vs. competitors: differentiators, parity areas, and gaps (DPG).
    • Optional for clients with buyer reviews and key competitive reviews within target product category:
      • 1.6.2 Request from SoftwareReviews a 2X2 Matrix Report of Importance vs. Satisfaction for both features and capabilities within your product market/category to identify areas of competitive DPG.
      • 1.6.3 Hold an Inquiry with covering ITRG analysts in your product category to have them validate key areas of competitive DPG.
    • 1.6.4 Document competitive DPG and build out your hypothesis for product build as you ready for customer interviews to validate that hypothesis.

    This step will provide processes to help you:

    • Understand and document competitive differentiation, parity, and gaps

    This step involves the following participants:

    • Project workstream leads in product marketing, competitive intelligence, product management, and customer success

    Outcomes of this step

    • Develop a clear understanding of what differentiated capabilities to promote, which parity items to mention in marketing, and which areas are competitive gaps
    • Develop a hypothesis of what areas need to be developed during the Build phase of the Go-to-Market lifecycle

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    Assess current capabilities and competitive differentiation vs. buyer needs

    Taking buyer needs ratings from step 1.3, assess your current and key competitive capabilities against buyer needs for both feature and non-feature capabilities. Incorporate into your initial product hypothesis.

    Example bar chart for 'Competitive Differentiation, Parity and Gaps – Features' comparing ratings of 'Buyer Need', 'Our Current Capabilities', and 'Competitive Capabilities' for each 'Feature'.

    • Rank features in order of buyer need from step 1.3.
    • Prioritize development needs where current capabilities are rated low. Spot areas for competitive differentiation especially in high buyer-need areas.
    Perform the analysis for non-feature capabilities such as:
    • ease of use
    • security
    • availability of training
    • service model

    Optional: Validate feature and capability importance with buyer reviews

    Request from your SoftwareReviews Engagement Manager the “Importance vs. Satisfaction” analysis for your product(s) feature and non-feature capabilities under consideration for your GTM Strategy

    Satisfaction
    Fix Promote
    Importance

    Low Satisfaction
    High Importance

    These features are important to their market and will highlight any differentiators to avoid market comparison.

    High Satisfaction
    High Importance

    These are real strengths for the organization and should be promoted as broadly as possible.

    Low Satisfaction
    Low Importance

    These features are not important for the market and are unlikely to drive sales if marketing material focuses on them. Rationalize investment in these areas.

    High Satisfaction
    Low Importance

    Features are relatively strong, so highlight that these features can meet customer needs
    Review Maintain

    Overall Category Product Feature Satisfaction Importance

    • Importance is based on how strongly satisfaction for a feature of a software suite correlates to the overall Likeliness to Recommend
    • Importance is relative – low scores do not necessarily indicate the product is not important, just that it’s not as important as other features

    (Optional for clients with buyer reviews and key competitive reviews within target product category.)

    Optional: Feature importance vs. satisfaction

    Example: ERP “Vendor A” ratings and recommended key actions. Incorporate this analysis into your product concept if updating an existing solution. Have versions of the below run for specific competitors.

    Importance vs. Satisfaction map for Features, as shown on the previous slide, but with examples mapped onto it using a legend, purple squares are 'Enterprise Resource Planning' and green triangles are 'Vendor A'.

    Features in the “Fix” quadrant should be addressed in this GTM Strategy cycle.

    Features in the “Review” quadrant are low in both buyer satisfaction and importance, so vendors are wise to hold on further investments and instead focus on “Fix.”

    Features in the “Promote” quadrant are high in buyer importance and satisfaction, and should be called out in marketing and selling.

    Features in the “Maintain” quadrant are high in buyer satisfaction, but lower in importance than other features – maintain investments here.

    (Optional for clients with buyer reviews and key competitive reviews within target product category.)

    Optional: Capabilities importance vs. satisfaction

    Example: ERP “Vendor A” capabilities ratings and recommended key actions. Incorporate this analysis into your product concept for non-feature areas if updating an existing solution. Have versions of the below run for specific competitors.

    Importance vs. Satisfaction map for Capabilities with examples mapped onto it using a legend, purple squares are 'Enterprise Resource Planning' and green triangles are 'Vendor A'.

    Capabilities in the “Fix” quadrant should be addressed in this GTM Strategy cycle.

    Capabilities in the “Review” quadrant are low in both buyer satisfaction and importance, so vendors are wise to hold on further investments and instead focus on “Fix.”

    Capabilities in the “Promote” quadrant are high in buyer importance and satisfaction, and should be called out in marketing and selling.

    Capabilities in the “Maintain” quadrant are high in buyer satisfaction, but lower in importance than other features – maintain investments here.

    (Optional for clients with buyer reviews and key competitive reviews within target product category.)

    Develop a competitively differentiated value proposition

    Combining internal competitive knowledge with insights from buyer interviews and buyer reviews; establish which key features that will competitively differentiate your product when delivered

    Example bar chart for 'Competitive Differentiation, Parity and Gaps – Features and Capabilities' comparing ratings of 'Your Product' and 'Competitor A' with high buyer importance at the top, low at the bottom, and rankings of each 'Differentiator', 'Parity', and 'Gap'.

    • Identify what buyers need that will differentiate your product features and company capabilities from key competitors.
    • Determine which features and company capabilities, ideally lower in buyer importance, can achieve/maintain competitive parity.
    • Determine which features and company capabilities, ideally much lower in buyer importance, that can exist in a state of competitive gap.

    Step 1.7

    Select the Most Effective Routes to Market

    Activities
    • 1.7.1 Understand a framework for deciding how to approach evaluating each available channel including freemium/ecommerce, inside sales, field sales, and channel partner.
    • 1.7.2 Gather data that will inform option consideration.
    • 1.7.3 Apply to decision framework and present to key stakeholders for a decision.

    This step will provide processes to help you:

    • Understand the areas to consider when choosing a sales channel
    • Support your decision by making a specific channel recommendation

    This step involves the following participants:

    • Project workstream leads in Sales, Sales Operations, Product Marketing, and Customer Success

    Outcomes of this step

    • Clarity around channel choice for this specific go-to-market strategy cycle
    • Pros and cons of choices with rationale for selected channel

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    Your “route-to-market” – channel strategy

    Capture buyer channel preferences in Step 1.3, and research alternatives using the following framework

    Inside vs. Field Sales – Selling software during COVID has taught us that you can successfully sell software using virtual conferencing tools, social media, the telephone, and even texting and webchat – so is the traditional model of field/territory-based sellers being replaced with inside/virtual sellers who can either work at home, or is there a benefit to being in the office with colleagues?

    Solutions vs. Individual Products – Do your buyers prefer to buy a complete solution from a channel partner or a solutions integrator that puts all the pieces together, and can handle training and servicing, for a more complete buyer solution?

    Channel Partner vs. Build Sales Force – Are there channel partners that, given your product is targeting a new buyer with whom you have no relationship, can leverage their existing relationships, quicken adoption of your products, and lower your cost of sales?

    Fully Digital – Is your application one where users can get started for free then upgrade with more advanced features without the use of a field or inside sales person? Do you possess the e-commerce platform to support this?

    While there are other considerations beyond the above to consider, decide which channel approach will work best for this GTM Strategy.

    Flowchart on how to capture 'Buyer Channel Preferences' with five possible outcomes: 'Freemium/e-commerce', 'Use specified channel partner', 'Establish channel partner', 'Use Inside Sales', and 'Use Field Sales'.

    Channel Partnerships are Expanding

    “One estimate is that for every dollar a firm spends on its SaaS platform, it spends four times that amount with systems integrators and other channel partners.

    And as technologies are embedded inside other products, services, and solutions, effective selling requires more partners.

    Salesforce, for example, is recruiting thousands of new partners, while Microsoft is reportedly adding over 7,000 partners each month.” (HBR, 2021)

    Step 1.8

    Craft an Initial GTM Strategy Presentation for Executive Review and Status Check

    Activities
    • 1.8.1 Finalize the set of slides within the Go-to-Market Strategy Presentation that best illustrates the many key findings and recommended decisions that have been made during the Explore phase of the GTM Strategy.
      • Test whether all key deliverables have been created, especially those that must be in place in order to support future phases and steps.
      • Schedule a Steering Committee meeting and present your findings with the goal to gain support to proceed to the Design phase of GTM Strategy.

    This step will provide processes to help you:

    • Work with your colleagues to consolidate the findings from Phase 1 of the GTM Strategy
    • Create a slide deck with your colleagues for presentation to the Steering Committee to gain approvals to proceed to Phase 2

    This step involves the following participants:

    • Project workstream leads in Sales, Sales Operations, Product Marketing, and Customer Success
    • Steering Committee

    Outcomes of this step

    • Slide deck to present to the Steering Committee
    • Approvals to move to Phase 2 of the GTM Strategy

    Phase 1 - Formulate a hypothesis and run discovery on key fundamentals

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5 Step 1.6 Step 1.7 Step 1.8

    1.8.1 Build your GTM Strategy deck for Steering Committee approval

    1. As you near completion of the Go-to-Market Strategy Phase, Explore Step, an important test to pass before proceeding to the Design step of GTM Strategy, is to answer several key questions:
      1. Have you properly sized the market opportunity for the focus of this GTM cycle?
      2. Have you defined a unique value proposition of what buyers are looking for?
      3. And have you aligned stakeholders on the target customer persona and flushed out an accurate buyer journey?
    2. If the answer is “no” you need to return to these steps and ensure completion.
    3. Pull together a summary review deck, schedule a meeting with the Steering Committee, present to-date findings for approval to move on to Phase 2.

    Download the Go-to-Market Strategy Presentation Template

    Sample of the 'PLAN' section of the GTM Strategy optimization diagram with 'GTM Explore Review' circled in red.

    The presentation you create contains:

    • Team composition and roles and responsibilities
    • Steps in overall process
    • Goals and objectives
    • Timelines and work plan
    • Initial product and launch concept
    • Buyer persona and journey
    • Competitive differentiation
    • Channel strategy

    Build a More Effective Go-to-Market Strategy

    Phase 2

    Design your initial product and business case

    Phase 1

    1.1 Select Steering Cmte/team, build aligned vision for GTM

    1.2 Buyer personas, journey, initial messaging

    1.3 Build initial product hypothesis

    1.4 Size market opportunity

    1.5 Outline digital/tech requirements

    1.6 Competitive SWOT

    1.7 Select routes to market

    1.8 Craft GTM Strategy deck

    		Phase 2

    2.1 Brand consistency check

    2.2 Formulate packaging and pricing

    2.3 Craft buyer-valid product concept

    2.4 Build campaign plan and targets

    2.5 Develop cost budgets across all areas

    2.6 Draft product business case

    2.7 Update GTM Strategy deck

    		Phase 3

    3.1 Assess tech/tools support for all GTM phases

    3.2 Outline sales enablement and Customer Success plan

    3.3 Build awareness plan

    3.4 Finalize business case

    3.5 Final GTM Plan deck

    This phase will walk you through the following activities:

    • Branding consistency check
    • Formulate packaging and pricing
    • Craft buyer-validated product concept
    • Build initial campaign plan and targets
    • Develop budgets for creative, content, and media purchases
    • Draft product business case
    • Update GTM Strategy deck

    This phase involves the following stakeholders:

    • Steering Committee
    • Working group leaders

    To complete this phase, you will need:

    Go-to-Market Strategy Presentation TemplateGo-to-Market Strategy RACI and Launch Checklist WorkbookBuyer Persona and Journey blueprintGo-to-Market Strategy Cost Budget and Revenue Forecast Workbook
    Sample of the Go-to-Market Strategy Presentation Template deliverable.Sample of the Go-to-Market Strategy RACI and Launch Checklist Workbook deliverable.Sample of the Buyer Persona and Journey blueprint deliverable.Sample of the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook deliverable.
    Use the Go-to-Market Strategy Presentation Template to document the results from the following activities:
    • Documenting your GTM strategy stakeholders
    • Documenting your GTM strategy working team
    		Use the Go-to-Market Strategy RACI and Launch Checklist Workbook to:
    • Review the scope of roles and responsibilities required
    • Document the roles and responsibilities of your teams
    		Use the Buyer Persona and Journey blueprint to:
    • Interview sales and customers/prospects to inform product concepts, understand persona and later, flesh out buyer journeys
    		Use the Go-to-Market Cost Budget and Revenue Forecast Workbook to:
    • Tally budgets from across key functions involved in GTM Strategy
    • Compare with forecasted revenues to assess gross margins

    Step 2.1

    Compare Emerging Messaging and Positioning With Existing Brand for Consistency

    Activities

    Share messaging documented with the buyer journey with branding/creative and/or Marketing VP/CMO to ensure consistency with overall corporate messaging. Use the “Brand Diagnostic” on the following slide as a quick check.

    For those marketers that see the need for a re-brand, please:
    Download the Go-to-Market Strategy Presentation Template

    Later during the Build phase of GTM, marketing assets, digital platforms, sales enablement, and sales training will be created where actual messaging can be written with brand guidelines aligned.

    This step is to assess whether you we need to budget extra funds for any rebranding.

    This step will walk you through the following activities:

    • After completing the buyer journey and identifying messaging, test with branding/CMO that new messaging aligns with current:
      • Company positioning
      • Messaging
      • Brand imagery

    This step involves the following participants:

    • Project lead
    • Product marketing
    • Branding/creative
    • CMO

    Outcomes of this step

    • Check – Y/N on brand alignment
    • Adjustments made to current branding or new product messaging to gain alignment

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    Brand identity

    Re-think tossing a new product into the same old marketing engine. Ask if your branding today and on this new offering needs help.

    If you answer “no” to any of the following questions, you may need to re-think your brand. Does your brand:

    • recognize buyer pain points and convey clear pain-relief?
    • convey unique value that is clearly distanced from key competitors?
    • resonate with how target personas see themselves (e.g. rebellious, intelligent, playful, wise, etc.) and convey the “feeling” (e.g. relief, security, confidence, inspiration, etc.) buyers seek?
    • offer proof points via customer testimonials (vs. claimed value)?
    • tell a truly customer-centric story that is all about them (vs. what you want them to know about you)?
    • use words (e.g. quality, speed, great service, etc.) that equate to how buyers actually see you? Is your tone of voice going to resonate with your target buyer?
    • present in a clean, simple, and truly unique way? And will your brand identity stand the test of time?
    • represent feedback gleaned from prospects as well as customers?

    “Nailing an impactful brand identity is a critical part of Growth Marketing.

    Without a well-crafted and maintained brand identity, your marketing will always feel flat and one-dimensional.” (Lean Labs, 2021)

    Step 2.2

    Formulate Packaging and Pricing

    Activities
    • 2.2.1 Leverage what was learned in Phase 1 from buyer interviews to create an initial packaging and initial pricing approach.
      • Packaging success is driven by knowing what the buyer values are, how newly proposed functionality may work with other applications, and how well the buyer(s) work in teams.
      • Develop pricing using cost-plus, value/ROI, and competitive/market pricing comparisons.

    This step will walk you through the following activities:

    • Approaches to establishing price points for software products
    • Checking if pricing supports emerging product revenue plan

    This step involves the following participants:

    • Project lead
    • Product Marketing
    • Product Management
    • Pricing (if a function)

    Outcomes of this step

    • Pricing that is validated through buyer interviews and consistent with overall company pricing guardrails
    • Packaging that can be delivered

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    2.2.1 Formulate packaging and pricing

    Goal: Incorporate buyer benefits into your MVP that delivers the buyer value that compels them to purchase and drives the business case

    1. Leverage findings from buyer interviews and feature prioritization found in Step 1.3 to arrive at initial feature inclusion.
    2. Leverage feedback from customer interviews and competitive pricing analysis to arrive at an initial target price offer.
    3. Go to the Go-to-Market Strategy Presentation and use the slides labeled “Go-to-Market Strategy, Overall Project Plan.”

    Download the Go-to-Market Strategy Presentation Template

    		Refer to the findings from buyer persona interviews

    Sample of the Buyer Persona and Journey blueprint deliverable.

    Step 2.3

    Build a Buyer-Validated Product Concept

    Activities
    • 2.2.1 Add to your initial product concept from Phase 1, the pricing and packaging approach.
      • Take the concept out to buyers to get their feedback – not on UX design, that will come later, but to ensure the value is clear to the buyers, and to raise confidence in the product concept.
      • As with previous customer and prospect interviews, use the Buyer Persona and Journey blueprint with its accompanying interview guide and focus on the product related questions.
      • Generate your slides to present and discuss with buyers, capture feedback, and refine the product concept.

    This step will walk you through the following activities:

    • Hold buyer interviews to review the product design
    • Validate concept and commercial variables – not UX design, that comes later

    This step involves the following participants:

    • Project lead
    • Product Marketing
    • Product Management

    Outcomes of this step

    • Customer validated product concept that meets the business plan

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    2.3.1 The best new product hypothesis doesn’t always come from your best customers

    Goal: Validate your product concept and business case

    1. Key areas to validate during product concept feedback:
      1. Feature/capability-build priorities – Which set of features and capabilities (i.e. service model, etc.) must be delivered in a minimum viable product (MVP) that delivers unique and competitively differentiating buyer value so we have win rates that support the business case?
      2. Packaging/Pricing – Are their features/capabilities that are not in base offering but offered as add-ons or not at all? Are their different packaging options that must be delivered given different customer segments and appropriate price points? (E.g. a small- to-medium sized business (SMB) version, Freemium, or Basic vs. Premium offerings?
      3. Routes to Market/Channel – Ensure you validate your channel strategy as work/effort will be needed to arrive at channel sales and marketing enablement.

    Download the Go-to-Market Strategy Presentation Template

    “Innovation opportunities almost always come from understanding a company’s worst customers or customers it doesn’t serve” (Harvard Business School Press, 1997)

    2.3.2 How your prospects buy will inform upcoming campaign design

    Goal: During product validation interviews, further validate the buyer journey to identify asset types to be created/sourced for launch campaign design

    1. Leverage findings from buyer interviews with a focus on buyer journey questions/answers found in Step 1.3 and further validated during product concept feedback in step 2.3.
    2. Your goal is to uncover the following key areas (see next slide for illustration):
      1. Validate the steps buyers take throughout the buyer journey – when you validate buyer steps and what the buyer is doing and thinking as they make a buying decision determines if you are supporting the right process.
      2. Validate the human vs. non-human/digital interaction type for each step – this determines whether your lead gen engine or your salesforce (or channel partner) will deliver the marketing assets and sales collateral.
      3. Describe the asset-types most valued by buyers during each step – this will provide the guidance your demand gen/field marketers need to either work with product marketing and creative to design and build, or source the right marketing asset and sales collateral for your lead gen engine and to support sales enablement.
      4. Identify which channels – this will give your digital team the guidance they need to design the “where” to place the assets within your lead gen engine. Feedback from customer interviews and competitive pricing analysis to arrive at an initial target price for offering is shown on the next slide.
    3. Use the Go-to-Market Strategy Presentation to complete the buyer journey slide with key findings.

    Download the Go-to-Market Strategy Presentation Template

    		Refer to the findings from buyer persona interviews

    Sample of the Buyer Persona and Journey blueprint deliverable.

    Answers you need to map buyer journey

    Your buyer interviews – whether during earlier steps or here during product concept validation – will give specific answers to all areas in green text below. Understanding channels, asset-types, and crafting your key messaging are essential for next steps.

    Table outlining an example buyer's journey with fields in green text that are to be to replaced with answers from your buyer interviews.

    Step 2.4

    Build Your Initial Campaign Plan and Targets

    Activities
    • 2.4.1. While product management and marketing is working on the business case, the campaign team is designing their launch campaign.
    • Expand from the product concept and build out the entire launch campaign identifying dates, CTA’s, channels, and asset types needed that will be built during the Build phase.

    This step will walk you through the following activities:

    • Outline deployment plan of activities and outcomes
    • Draw up specs for needed assets, web-page changes, emails, target segments, and targets for leads generated

    This step involves the following participants:

    • Project lead
    • Field Marketing
    • Product Marketing

    Outcomes of this step

    • The initial draft of the campaign plan that outlines multichannel activities, dates, and assets that need to be sourced and/or created

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    2.4.1 Document your campaign plan

    2 hours

    On the following Awareness and Lead Gen Engine slide:
    1. Tailor the slide to describe your lead generation engine as you will use it when you get to latter steps to describe the activities in your lead gen engine and weigh them for go-to-market strategy.
    2. Use the template to see what makes up a typical lead gen and awareness building engine to see what you may be missing, as well as to record your current engine “parts.”
      • Note: The “Goal” image in upper right is meant as a reminder that marketers should establish a goal for Sales Qualified Leads (SQL’s) delivered to field sales for each campaign.

    On the Product and Launch Concept slides:

    1. Update the slides with findings from 2.3 and 2.4.

    Download the Go-to-Market Strategy Presentation Template

    “Only 32% of marketers – and 29% of B2B marketers – said the process of planning campaigns went very well. Just over half were sure they had selected the right business goal for a given marketing project and only 42% were confident they identified the right audience – which is, of course, a critical determinant for achieving success.” (MIT Sloan Management Review)

    Launch campaign

    Our Goal for [Campaign name] is to generate X SQL’s

    Flowchart of the steps to take when a campaign is launched, from 'Organic Website Visits' and 'Go Live' to future 'Sales Opportunities'. A key is present to decipher various icons.

    Awareness

    PR/EXTERNAL COMMS:

    Promote release in line with company story

    • [Executive Name] interview with [Publication Y] on [Launch Topic X] – Mo./Day
    • Press Release on new enhancements – Mo./Day
    • [Executive Name] interview with [Publication Z] on [Launch Topic X] – Mo./Day
    ANALYST RELATIONS:

    Receive analyst feedback pre-launch and brief with final releases messaging/positioning

    • Inquiry with [Key Analysts] on [Launch Topic X] – Mo./Day, pre launch
    • Press Release shared on new enhancements – Launch day minus two days
    • Analyst briefing with [Key Analysts] on [Launch Topic X] – Launch day minus two days

    Download the Go-to-Market Strategy Presentation Template

    2.4.2 Campaign targets

    Goal: Establish a Marketing-Influenced Win target that will be achieved for this launch

    We advise setting a target for the launch campaign. Here is a suggested approach:
    1. Understand what % of all sales wins are touched by marketing either through first or last touch attribution. This is the % of Marketing-Influenced Wins (MIWs).
    2. Determine what sales wins are needed to attain product revenue targets for this launch.
    3. Apply the actual company MIW % to the number of deals that must be closed to achieve target product launch revenues. This becomes the MIW target for this launch campaign.
    4. Then, using your average marketing funnel conversion rates working backwards from MIWs to Opportunities, Sales Accepted Leads (SALs), Sales Qualified Leads (SQLs), Marketing Qualified Leads (MQLs), up to website visits.
    5. Update the slides with findings from 2.3 and 2.4.

    Download the Go-to-Market Strategy Presentation Template

    “Marketing should quantify its contribution to the business. One metric many clients have found valuable is Marketing Influenced Wins (MIW). Measured by what % of sales wins had a last-touch marketing attribution, marketers in the 30% – 40% MIW range are performing well.” (SoftwareReviews Advisory Research)

    Step 2.5

    Develop Initial Budgets Across All Areas

    Activities
    • 2.5.1 Use the Go-to-Market Budget Workbook and work with your workstream leads.
      • Capture the costs associated with this GTM Strategy and Launch.
      • Summarize your GTM budget in the Go-to-Market Strategy Presentation, including the details behind the gross margin calculation for your GTM Strategy/campaign if required.

    This step will walk you through the following activities:

    • Field marketing, product marketing, creative, others to identify the specific budget elements needed for this campaign/launch

    This step involves the following participants:

    • Project lead
    • Field Marketing
    • Product Marketing
    • Branding/creative

    Outcomes of this step

    • The initial marketing budget for this campaign/launch

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    2.5.1 Develop your GTM Strategy/product launch campaign budget

    Goal: Work with your workstream leads to identify all incremental costs associated with this GTM strategy and product launch

    1. Use the Go-to-Market Budget Workbook and adjust to include the areas that are identified by your workstream leads as being applicable to this GTM Strategy and Launch.
      • These should be incremental costs to normal operating and capital budgets and those areas that are fully approved for inclusion by your Steering Committee/Sponsoring Executive.
    2. Begin to Catalog all applicable costs to include all key areas such as:
      • Technology costs for internal use (typically from Marketing Ops), and “core” to product technology costs working with the product team
      • Channel marketing programs, agency (e.g. branding, naming, web design, SEO, content marketing, etc.), T&E, paid media, events, marketing assets, etc.

      3. Note that in the Align Step – Step 3, you will see your workstream leads each develop their individual contributions to both the launch plan as well a budget.

    3. Summarize your initial GTM budget findings in the Go-to-Market Strategy Presentation, including the details behind the gross margin calculation for your GTM Strategy/campaign if required. Again, you will flush out the final costs within each workstream areas in Phase 3, ”Align.”

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    Step 2.6

    Draft Initial Product Business Case

    Activities
    • 2.6.1 Here’s where you begin to pull together all the essential elements of your final business case.
      • For many organizations that require a view of return on investment, you will begin here to shape the key elements that your organization requires for a complete business case to go ahead with the needed investments.
      • The goal is to compare estimated costs to estimated revenues to ensure acceptable margins will be delivered for this GTM strategy/product launch.
      • The culmination of work to get to this calculation will continue through Phase 3; however, the following slide illustrates the kind of visualization that will be possible with our approach.

    This step will walk you through the following activities:

    • A product revenue forecast is created, alignment with sales/sales targets is created for a minimum viable product (MVP) that meets the buyer’s needs at the price point established/validated

    This step involves the following participants:

    • Project lead
    • Product management
    • Product marketing
    • Sales leadership

    Outcomes of this step

    • The important measures of:
      • Product revenue forecast
      • Supported MVP features

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    Gross Margin Estimates – part of a complete product business case

    Your goal: Earn more than you spend! This projection of estimated gross margins should be part of your product launch business case. The GTM initiative lead and workstream leads are charged with estimating incremental costs, and product and sales must work together on the revenue forecast.

    Net Return

    We estimate our 12 month gross profit to be ….

    Quarterly Revenues

    Based on sales forecast, our quarterly/monthly revenues are ….

    Estimated Expenses

    Incremental up-front costs are expected to be ….

    		Example 'P&L waterfall for Product X Launch' with notes. Green bars are 'Increase', red bars are 'Decrease', and blue bars are 'Total'. Red bar note: 'Your estimated incremental up-front costs', Green bar note: 'Your estimated net incremental revenues vs. costs', Blue bar note: 'Your estimated net gross profit for this product launch and campaign', 'END' note: 'Extend for suitable period'.

    2.6.1 Develop your initial product business case

    Goal: Focused on the Product Concept areas related to product Market Fit, Buyer Needs and Market Opportunity, Product Managers will summarize in order to gain approval for Build

    1. Using the Go-to-Market Strategy Presentation, product managers should ensure the product concept slide(s) support the rationale to move to Build phase. Key areas include:
      1. Adequate market opportunity size – that is worth the incremental investment
      2. Acceptable costs/investment to pursue the opportunity – design, creative services for branding, web design, product naming, asset creation, copywriting, translation services not available in-house
      3. Well-defined product market fit – review buyer interviews that identify buyer pain points and ideas that will deliver needed business value
      4. Buyer-validated commercials – buyer-validated pricing and packaging
      5. Product development budget and staffing support to build viable MVP & beyond roadmap – development budget and staffing is in place/budgeted to deliver MVP by target date and continue to ensure attainment of product revenue targets
      6. Unique product value proposition that is competitively differentiated – to drive acceptable win rates
      7. Product Sales Forecast – that when compared to costs meets company investment hurdle rates
      8. Sales Leadership support for achieving sales forecast and supported sales/channel resourcing plan – sales leadership has taken on forecasted revenues as an incremental sales quota and has budget for additional hiring, enablement, and training for attainment.
    2. Go to the Go-to-Market Strategy Presentation and complete the slides summarizing these key areas that support the business case for the next phases of Build and Launch.

    Product Business Case Checklist:

    • Acceptably large enough product market opportunity
    • Well-defined competitive differentiation
    • Buyer-validated product-market fit
    • Buyer-validated and competitive commercials (i.e. pricing, packaging)
    • An MVP with roadmap that aligns to buyer needs and buyer-validated price points
    • A 24–36 month sales forecast with CRO sign-up and support for attainment
    • Costs of launch vs. forecasted revenues to gauge gross margins

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    Step 2.7

    Update the GTM Strategy Presentation Deck for Executive Review and Sign-off

    Activities
    • 2.7.1 Update the deck with Phase 2 findings culminating in the business case.

    This step will walk you through the following activities:

    • Drop into the GTM Strategy deck the summary findings from the team’s work
    • Write an executive summary that garners executive support for needed funds, signed-up-for sales targets, agreed upon launch timing
    • Steering Committee alignment on above and next steps

    This step involves the following participants:

    • Project lead
    • Steering Committee
    • Workstream leads

    Outcomes of this step

    • Executive support for the GTM Strategy plan and approval to proceed to Phase 3

    Phase 2 – Validate designs with buyers and solidify product business case

    Step 2.1 Step 2.2 Step 2.3 Step 2.4 Step 2.5 Step 2.6 Step 2.7

    2.7.1 Update your GTM Strategy deck for Design Steering Committee approval

    1. As you near completion of the Go-to-Market Strategy Phase – Design Step, while your emerging business case is important, it will be finalized in the Align Step.
    2. An important test to pass before proceeding to the Align step of the GTM Strategy, is to answer several key questions:
      1. Have you validated the product value proposition with buyers?
      2. Is the competitive differentiation clear for this offering?
      3. Did Sales support the business case by signing up for the incremental quota?
      4. Has product defined an MVP that aligns with the buyer value needed to drive purchases?
      • If the answer is “no” you need to return to these steps and ensure completion
    3. Pull together a summary review deck, schedule a meeting with the Steering Committee, and present to-date findings for approval to move onto Phase 3.

    Download the Go-to-Market Strategy Presentation Template

    Sample of the 'PLAN' section of the GTM Strategy optimization diagram with 'GTM Design Review' circled in red.

    The presentation you create contains:

    • Timelines and a work plan
    • Expanded product concept to include your packaging and pricing approach
    • Feedback from buyers on validated product concept especially commercial elements
    • Expanded campaign plan and marketing budget
    • Initial product business case

    Build a More Effective Go-to-Market Strategy

    Phase 3

    Align stakeholder plans to prep for build

    Phase 1

    1.1 Select Steering Cmte/team, build aligned vision for GTM

    1.2 Buyer personas, journey, initial messaging

    1.3 Build initial product hypothesis

    1.4 Size market opportunity

    1.5 Outline digital/tech requirements

    1.6 Competitive SWOT

    1.7 Select routes to market

    1.8 Craft GTM Strategy deck

    		Phase 2

    2.1 Brand consistency check

    2.2 Formulate packaging and pricing

    2.3 Craft buyer-valid product concept

    2.4 Build campaign plan and targets

    2.5 Develop cost budgets across all areas

    2.6 Draft product business case

    2.7 Update GTM Strategy deck

    		Phase 3

    3.1 Assess tech/tools support for all GTM phases

    3.2 Outline sales enablement and Customer Success plan

    3.3 Build awareness plan

    3.4 Finalize business case

    3.5 Final GTM Plan deck

    This phase will walk you through the following activities:

    1. Assess tech/tools support for all GTM phases
    2. Map lead generation plan
    3. Outline Customer Success plan
    4. Build awareness plan (PR/AR, etc.)
    5. Finalize product business case
    6. Final GTM planning deck and Steering Committee review

    This phase involves the following stakeholders:

    • Steering Committee
    • Working group leaders

    To complete this phase, you will need:

    Go-to-Market Strategy Presentation Template Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook
    Sample of the Go-to-Market Strategy Presentation Template deliverable. Sample of the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook deliverable.
    Use the Go-to-Market Strategy Presentation Template to document the results from the following activities:
    • Documenting your GTM Strategy Stakeholders
    • Documenting your GTM Strategy Working Team
    		 Use the Go-to-Market Cost Budget and Revenue Forecast Workbook to:
    • Tally budgets from across key functions involved in the GTM Strategy
    • Compare with forecasted revenues to assess gross margins

    Step 3.1

    Assess Technology and Tools Support for Your GTM Strategy as Well as Future Phases of GTM

    Activities
    • 3.1.1 Have Marketing Operations document what tech stack improvements are required in order to get the team to a successful launch. Understand costs and implementation timelines and work it into the Go-to-Market Budget Workbook.

    This step will walk you through the following activities:

    • After completing your initial survey in Step 1, complete requirements building for needed technology and tools acquisition/upgrade in campaign management, sales opportunity management, and analytics.

    This step involves the following participants:

    • Project lead
    • Marketing operations/digital
    • IT

    Outcomes of this step

    • Build a business requirement against which to evaluate new/upgraded vendor tools to support the entire GTM process

    Phase 3 – Align functional plans with a compelling business case for product build

    Step 3.1 Step 3.2 Step 3.3 Step 3.4 Step 3.5

    3.1.1 Technology plan and investments

    Goal: Outline the results of our analysis and Info-Tech analyst guidance regarding supporting systems, tools, and technologies to support our go-to-market strategy

    1. Plans, timings, and incremental costs related to, but not limited to, the following apps/tools/technologies:
      1. Lead management/Marketing automation
      2. Marketing analytics
      3. Sales Opportunity Management System (OMS) and Configure, Price, and Quote (CPQ) applications
      4. Sales engagement
      5. Sales analytics
      6. Customer service and support/Customer interaction hub
      7. Customer data management and analytics
      8. Customer experience platforms
      9. Marketing content management
      10. Creative tools
      11. Share of voice and social platform management
      12. Etc.
    2. Go to the Go-to-Market Budget Workbook and complete by adding costs identified in above areas that are specific to this go-to-market strategy, Build, and Launch initiative. Record in the Go-to-Market Strategy Presentation completing the areas within the slides related to the Product and Launch Concepts and Business Case.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    Step 3.2

    Outline Sales Enablement and Support for Customer Success to Include Onboarding and Ongoing Engagement

    Activities
    • 3.3.1 Sales Enablement – develop the sales enablement and training plan for Launch to include activities, responsible parties, dates for delivery, etc.

    This step will walk you through the following activities:

    • Finalize the customer success training and support plan
    • Onboarding scripts
    • Changes to help screens in application
    • Timing to plan for Quality Acceptance

    This step involves the following participants:

    • Project lead
    • Customer Success lead
    • Product management
    • Product marketing

    Outcomes of this step

    • Plan for creation of copy, assets, and rollout pan to support clients and client segments for Launch

    Phase 3 – Align functional plans with a compelling business case for product build

    Step 3.1 Step 3.2 Step 3.3 Step 3.4 Step 3.5

    3.2.1 Outline sales enablement

    Goal: Outline sales collateral, updates to sales proposals, CPQ, Opportunity Management Systems, and sales training

    1. Describe the requirements for sales enablement to include elements such as:
      1. Sales collateral
      2. Client-facing presentations
      3. Sales proposal updates
      4. Updates to Configure, Price, and Quote (CPQ) applications
      5. Updates to Opportunity Management System (OMS) applications
      6. Sales demo versions of the new product
      7. Sales communication plans
      8. Sales training and certification programs
    2. Go to the Go-to-Market Budget Workbook and add the costs identified in above areas that are specific to this go-to-market strategy, Build, and Launch initiative. Record as well in the Go-to-Market Strategy Presentation completing the areas within the slides related to the Product and Launch Concepts and Business Case.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    3.2.2 Outline customer success

    Goal: Outline customer support/success requirements and plan

    1. Plans, timings, and incremental costs for the following:
      1. Onboarding scripts for the new solution
      2. Updates to retention lifecycle
      3. FAQ answers
      4. Updates to online help/support system
      5. “How-to” videos
      6. Live chat updates
      7. Updates to “provide feedback” system
      8. Updates to Quarterly Business Review slides
    2. Go to the Go-to-Market Budget Workbook and add the costs identified in above areas that are specific to this go-to-market strategy, Build, and Launch initiative. Record in the Go-to-Market Strategy Presentation and complete the areas within the slides related to the Product and Launch Concepts and Business Case.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    Step 3.3

    Build an Awareness Plan Covering Media, Social Media, and Industry Analysts

    Activities
    • 3.4.1 Corp Comms/PR/AR – develop the overall awareness plans for executive interviews, articles placed, social drops, analyst briefing dates, and internal associate comms if required.

    This step will walk you through the following activities:

    • Outline outbound communications plans including press releases, social posts, etc.
    • Describe dates for AR outreach to covering analysts
    • Develop the internal communications plan

    This step involves the following participants:

    • Project lead
    • Corporate Comms lead
    • Creative
    • Analyst relations
    • Social media marketing lead

    Outcomes of this step

    • Plan for creation of copy, assets, and rollout pan to support awareness building, external communications, and internal communications if required

    Phase 3 – Align functional plans with a compelling business case for product build

    Step 3.1 Step 3.2 Step 3.3 Step 3.4 Step 3.5

    3.3.1 Internal communications plan

    Goal: Outline complete internal communications plan. For large-scale changes (i.e. rebranding, M&A, etc.) HR may drive significant volume of employee communications working with Corporate Comms

    1. Plans, timings, and incremental costs for the following:
      1. Complete a comms plan with dates, messages, and channels
      2. Team member roles and responsibilities
      3. Intranet article and posting schedules
      4. Creation of new office signage, merchandise, etc. for employee kits
      5. Pre-launch announcements schedule
      6. Launch day communications, events, and activities
      7. Post launch update schedule and messages for launch success
      8. Incremental staffing and resources/budget requirements
    2. Go to the Go-to-Market Budget Workbook and add costs identified in above areas that are specific to this go-to-market strategy, Build, and Launch initiative. Record as well in the Go-to-Market Strategy Presentation completing the areas related to the Product and Launch Concepts and Business Case.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    3.3.2 PR and External Communications Plan

    Goal: Outline complete internal communications plan. For large scale changes (i.e. rebranding, M&A, etc.) HR may drive significant volume of employee communications working with Corporate Comms

    1. Plans, timings, and incremental costs for the following:
      1. List of Tier 1 and Tier 2 media authors covering the [product/initiative] market area
      2. Schedule of launch briefings, with any non-analyst influencers
      3. Timing of press releases
      4. Required supporting executives and stakeholders for each of the above meetings
      5. Slide deck/media kit for the above and planned questions to support needed feedback
      6. Media Site materials especially to support media questions and requests for briefings
      7. Social postings calendar of activities and key messages plan
      8. Publish data of [product/initiative] relevant articles with set-back schedules
      9. Cultivation of reference customers and client testimonials for media outreach
      10. Requirements for additional staffing to cover product/initiative new market and analysts
      11. Internal and external events calendar to invite media
    2. Go to the Go-to-Market Budget Workbook and add the costs identified in the above areas that are specific to this go-to-market strategy, Build, and Launch initiative. Record in the Go-to-Market Strategy Presentation by completing the areas related to the Product and Launch Concepts and Business Case.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    3.3.3 Analyst relations plan

    Goal: Outline incremental costs in analyst communications, engagement, and access to research

    1. Plans, timings, and incremental costs for the following:
      1. List of Tier 1 and Tier 2 analysts for the [product/initiative] market area
      2. Schedule of inquiries, pre-launch briefings, launch briefings, and post-launch feedback
      3. Required supporting executives and stakeholders for each of the above meetings
      4. Analyst deck for each of the above and planned questions to support needed feedback
      5. Analyst Site materials to support 2nd and 3rd Tier analysts’ questions and requests for briefings
      6. Social postings calendar of activities and key messages
      7. Resources to respond to analyst blogs and/or social posts regarding your product/initiative area
      8. Timing of important and relevant analyst document/methodology publishing dates with set-back schedules
      9. Cultivation of reference customers and client testimonials to coincide with analyst outreach for research and for buyer review sites/reviews data gathering
      10. Requirements for additional staffing to cover product/initiative new market and analysts
      11. Events calendar where analysts will be presenting on this product/initiative market
    2. Go to the Go-to-Market Budget Workbook and add the costs identified in the above areas that are specific to this go-to-market strategy, Build and Launch initiative. Record in the Go-to-Market Strategy Presentation by completing the areas related to the Product and Launch Concepts and Business Case.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    Step 3.4

    Finalize Product Business Case With Collaborative Input From Product, Sales, and Marketing

    Activities
    • 3.5.1 Convene the team to align sales, marketing, and product around the business case.

    This step will walk you through the following activities:

    • Refine the product business case initiated in Phase 2
    • Align product revenue forecast with sales revenue forecast
    • Align MVP features to be developed during “GTM – Build” with customer validated product-market fit

    This step involves the following participants:

    • Project lead
    • Product management
    • Product marketing

    Outcomes of this step

    • Product business case

    Phase 3 – Align functional plans with a compelling business case for product build

    Step 3.1 Step 3.2 Step 3.3 Step 3.4 Step 3.5

    3.4.1 Final product Build and Launch business case

    Goal: Beyond the product business case, factor in costs for technology, campaigning, sales enablement, and customer success in order to gain approval for Build and Launch

    1. Using the Go-to-Market Strategy Presentation, workstream leads and Go-to-Market Initiative leaders will finalize the anticipated incremental costs, and when compared to projected product revenues, present to the Steering Committee including CFO for final approval before moving to Build and Launch.
    2. To present a complete business case, key cost areas include:
      1. All the areas outlined up through Step 3.4 plus:
      2. Technology/MarTech Stack incremental costs
      3. Channel programs, branding/agency, pricing, packaging/product, and T&E incremental costs
      4. Campaign related – creative, content marketing, paid media, events, SEO, lists/data
      5. Sales Enablement, Customer Support/Success incremental costs
      6. Internal communications/events/activities/signage costs
      7. PR/AR/Media incremental costs
    3. Compare to final Sales/Product agreed projected revenues, in order to calculate estimated gross margins

    Go to the Go-to-Market Budget Workbook as outlined in prior steps and document final incremental costs and projected revenues and summarize within the Go-to-Market Strategy Presentation.

    Download the Go-to-Market Strategy Cost Budget and Revenue Forecast Workbook

    Download the Go-to-Market Strategy Presentation Template

    Product Build and Launch Business Case Checklist:

    • Acceptably large enough product market opportunity
    • Well-defined competitive differentiation
    • Buyer-validated product-market fit
    • Buyer-validated and competitive commercials (i.e. pricing, packaging)
    • An MVP with roadmap that aligns with buyer needs and buyer validated price points
    • A 24–36 month sales forecast with CRO sign-up and support for attainment
    • Incremental product development, tech, marketing, sales, customer success, AR/PR costs vs. forecasted revenues fall within acceptable margins

    Step 3.5

    Develop Your Final Executive Presentation to Request Approval and Proceed to GTM Build Phase

    Activities
    • 3.6.1 Update the Product, Launch, Journey, and Business Case slides included within the Go-to-Market Strategy Presentation Template with Phase 3 findings culminating in the business case.

    This step will walk you through the following activities:

    • Update the previously created slides with findings from Phase 3
    • Hold a Steering Committee meeting and present findings for approval

    This step involves the following participants:

    • Steering Committee
    • Workstream leads

    Outcomes of this step

    • GTM Strategy approved to move to GTM Build

    Phase 3 – Align functional plans with a compelling business case for product build

    Step 3.1 Step 3.2 Step 3.3 Step 3.4 Step 3.5

    3.5.1 Update your GTM Strategy deck for Align Steering Committee approval

    1. As you near completion of the Go-to-Market Strategy Phase – Align Step, an important test to pass before proceeding to the Design step of GTM Strategy, is to answer several key questions:
      1. Are Sales, Product, and Marketing all aligned and in agreement on the business case?
      2. Are the gross margin calculations acceptable to the Steering Committee? CFO? CEO?
    2. If the answer is “no” you need to return to prior steps and ensure completion.
    3. Pull together a summary review deck, schedule a meeting with the Steering Committee, present to-date findings for approval to move on to Build Phase.
    4. Once your final business case is accepted, you are ready to move on to the GTM Build and Launch phases. These phases are covered in sperate SoftwareReviews blueprints.

    Download the Go-to-Market Strategy Presentation Template

    Sample of the 'PLAN' section of the GTM Strategy optimization diagram with 'GTM Align Review' circled in red.

    The presentation you create contains:

    • Timelines and work plan updates
    • Tech stack needs/modifications
    • An expanded product concept to include packaging and pricing approach
    • Asset-type concepts for marketing campaigns, sales collateral, website, and social
    • Outline of initial Launch dates
    • Outline of initial customer success, awareness/PR/AR plans, and sales training plans
    • Final business case

    Summary of Accomplishment

    Problem Solved – A More Effective Go-to-Market Strategy

    By guiding your team through the Go-to-Market planning process applied to an actual GTM Strategy, you have built an important set of capabilities that underpins today’s well-managed software companies. By following the step-by-step process outlined in this blueprint, you have delivered a host of benefits that include the following:

    • Alignment of Product, Marketing, Sales, and Customer Success around a deeper understanding of your target buyers and what it takes to build competitive differentiation.
    • You have calculated your product market opportunity and whether it’s worth the investment in the long-term, and for the short term you have estimated gross margins as an important part of the business case.
    • Built executive support and confidence by leading a disparate team in complex decision making that is fact and evidence based to make more effective go/no go decisions related to investing in new products.
    • And finally, because you and your team have demonstrated their ability to align programs toward a common goal and program-manage a complex initiative through to successful completion, you have led your team to develop the “institutional muscle” to take on equally complex initiatives such as acquisition integration, rebranding, launching in a new region, etc.

    Therefore, developing the capabilities to manage a complex go-to-market strategy is akin to building company scalability and is sought after as a professional development opportunity that each executive should have on his/her résumé.

    If you would like additional support, contact us and we’ll make sure you get the professional expertise you need.

    Contact your account representative for more information.

    info@softwarereviews.com 1-888-670-8889

    Bibliography

    Acosta, Danette. “Average Customer Retention Rate by Industry.” Profitwell.com. Accessed Jan. 2022.

    Ashkenas, Ron, and Patrick Finn. “The Go-To-Market Approach Startups Need to Adopt.” Harvard Business Review, June 2016. Accessed Jun. 2021.

    Bilardi, Emma. “ How to Create Buyer Personas.” Product Marketing Alliance, July 2020. Accessed Dec. 2021.

    Cespedes, Frank V. “Defining a Post-Pandemic Channel Strategy.” Harvard Business Review, Apr. 2021. Accessed Jul. 2021.

    Chapman, Lawrence. “A Visual Guide to Product Launches.” Product Marketing Alliance. Accessed Jul. 2021.

    Chapman, Lawrence. “Everything You Need To Know About Go-To-Market Strategies.” Product Marketing Alliance. Accessed Jul. 2021.

    Christiansen, Clayton. “The Innovators Dilemma.” Harvard Business School Press, 1997.

    Drzewicki, Matt. “Digital Marketing Maturity: The Path to Success.” MIT Sloan Management Review. Accessed Dec. 2021.

    “Go-To-Market Refresher,” Product Marketing Alliance. Accessed Jul. 2021

    Harrison, Liz; Dennis Spillecke, Jennifer Stanley, and Jenny Tsai. “Omnichannel in B2B sales: The new normal in a year that has been anything but.” McKinsey & Company, 15 March, 2021. Accessed Dec. 2021.

    Jansen, Hasse. “Buyer Personas – 33 Mind Blowing Stats.” Boardview, 19 Feb. 2016. Accessed Jan. 2022.

    Scott, Ryan. “Creating a Brand Identity: 20 Questions to Consider.” Lean Labs, Jun 2021. Accessed Jul. 2021.

    Smith, Michael L., and James Erwin. “Role and Responsibility Charting (RACI).” DOCSearch. Accessed Jan. 2022. Web.

    “What is the Total Addressable Market (TAM).” Corporate Finance Institute (CFI), n.d. Accessed Jan. 2022.

    Related Software Reviews Research

    Sample of the Create a Buyer Persona and Journey research Create a Buyer Persona and Journey
    • A successful go-to-market strategy depends upon deep buyer understanding. Our Create a Buyer Persona and Journey blueprint will give you a step-by-step process that when followed will provide you and your team with that deep buyer understanding you need.
    • The Create a Buyer Persona and Journey blueprint provides you with an interview containing over 75 questions that, after capturing buyer answers and insights during interviews, will strengthen your value proposition, product market fit, lead gen engine and sales effectiveness.
    Sample of the Optimize Lead Generation With Lead Scoring research Optimize Lead Generation With Lead Scoring
    • Save time and money and improve your sales win rates when you apply our methodology to score contacts with your lead gen engine more accurately and pass better qualified leads over to your sellers.
    • Our methodology teaches marketers to develop your own lead scoring approach based upon lead/contact profile vs. your Ideal Customer Profile (ICP) and scores contact engagement. Applying the methodology to arrive at your own approach to scoring will mean reduced lead gen costs, higher conversion rates, and increased marketing influenced wins.

    What is resilience?

    What is resilience
    • Large vertical image:
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    Aside from the fact that operational resilience is mandated by law as of January 2025 (yes, next year), having your systems and applications available to your customers whenever they need your services is always a good idea. Customers, both existing and new ones, typically prefer smooth operations over new functionality. If you have any roadblocks in your current customer journey, then solving those is also part of operational resilience (and excellence).

    Does this mean you should not market new products or services? Of course not! Solving a customer journey roadblock is ensuring that your company is resilient. The Happy Meal is a prime example: it solved a product roadblock for small children and a profits roadblock for the company. For more info, just google it. But before you bring a new service online, be sure that it can withstand the punches that will be thrown at it. 

    What is resilience? 

    Resilience is the art of making sure your services are available to your customers whenever they can use them. Note I did not say 24/7/365. Your business may require that, but perhaps your systems need "only" to be available during "normal" business hours.

    Resilient systems can withstand adverse events that impair their ability to perform normal functions, and, like in the case the Happy Meals, increased peak demands. Events can include simple breakdowns (like a storage device, an internet connection that fails, or a file that fails to load) or something worse, like a cyber attack or a larger failure in your data center.

    Your client does not care what the cause is; what counts for the client is, "Can I access your service? (or buy that meal for my kid.)"

    Resilience entails several aspects:

    • availability
    • performance
    • right-sizing
    • hardening
    • restore-ability
    • testing
    • monitoring
    • management and governance

    It is now tempting to apply these aspects only to your organization's IT or technical parts. That is insufficient. Your operations, management, and even e.g. sales must ensure that services rendered result in happy clients and happy shareholders/owners. The reason is that resilient operations are a symphony. Not one single department or set of actions will achieve this. When you have product development working with the technical teams to develop a resilient flow at the right level for its earning potential, then you maximize profits.

    This synergy ensures that you invest exactly the right level of resources. There are no exaggerated technical or operational elements for ancillary services. That frees resources to ensure your main services receive the full attention they deserve.

    Resilience, in other words, is the result of a mindset and a way of operating that helps your business remain at the top of its game and provides a top service to clients while keeping the bottom line in the black. 

    Why do we need to spend on this?

    I mean, if it ain't broke, don't fix it. That old adage is true, and yet not. Services can remain up and running for a long time with single points of failure. But can you afford to have them break at any time? If yes, and your customers don't mind waiting for you to patch things up, then you can "risk-accept" that situation. But how realistic is that these days? If I cannot buy it at your shop today, I'll more than likely get it from another. If I'm in a contract with you, yet you cannot deliver, we will have a conversation, or at the very least, a moment of disappointment. If you have enough "disappointments," you will lose the customer. Lose enough customers, and you will have a reputational problem or worse.

    We don't like to spend resources on something that "may"go wrong. We do risk assessments to determine the true cost of non-delivery and the likelihood of that happening. And there are different ways to deal with that assessment's outcome. Not everything needs to have double the number of people working on it, just in case one resignes. Not every system needs an availability of 99,999%.

    But sometimes, we do not have a choice. When lives are at stake, like in medical or aviation services, being sorry is not a good starting point. The same goes for financial services. the DORA and NIS2 legislation in the EU, the CEA, FISMA, and GLBA in the US, and ESPA in Japan, to name a few, are legislations that require your company, if active in the relevant regulated sectors, to comply and ensure that your services continue to perform.

    Most of these elements have one thing in common: we need to know what is important for our service delivery and what is not.

    Business service

    That brings us to the core subject of what needs to be resilient. The answer is very short and very complex at the same time. It is the service that you offer to your customers which must meet reliance levels.

    Take the example of a hospital. When there is a power outage, the most critical systems must continue operating for a given period. That also means that sufficient capable staff must be present to operate said equipment; it even means that the paths leading to said hospital should remain available; if not by road, then, e.g., by helicopter. If these inroads are unavailable, an alternate hospital should be able to take on the workload. 

    Not everything here in this example is the responsibility of the hospital administrators! This is why the management and governance parts of the resilience ecosystem are so important in the bigger picture. 

    If we look at the financial sector, the EU DORA (Digital Operational Resilience Act) specifically states that you must start with your business services. Like many others, the financial sector can no longer function without its digital landscape. If a bank is unexpectedly disconnected from its payment network, especially SWIFT, it will not be long before there are existential issues. A trading department stands to lose millions if the trading system fails. 

    Look in your own environment; you will see many such points. What if your internet connection goes down, and you rely on it for most of your business? How long can you afford to be out? How long before your clients notice and take action? Do you supply a small but critical service to an institution? Then, you may fall under the aforementioned laws (it's called third-party requirements, and your client may be liable to follow them.)

    But also, outside of the technology, we see points in the supply chain that require resilience. Do you still rely on a single person or provider for a critical function? Do you have backup procedures if the tech stops working, yet your clients require you to continue to service them? 

    In all these and other cases, you must know what your critical services are so that you can analyze the requirements and put the right measures in place.

    Once you have defined your critical business services and have analyzed their operational requirements, you can start to look at what you need to implement the aforementioned areas of availability, monitoring, hardening, and others. Remember we're still at the level of business service. The tech comes later and will require a deeper analysis. 

    In conclusion.

    Resilient operations ensure that you continue to function, at the right price, in the face of adverse events. If you can, resilience starts at the business level from the moment of product conception. If the products have long been developed, look at how they are delivered to the client and upgrade operations, resources, and tech where needed.

    In some cases, you are legally required to undertake this exercise. But in all cases, it is important that you understand your business services and the needs of your clients and put sufficient resources in the right places of your delivery chain. 

    If you want to discuss this further, please contact me for a free talk.

     

    IT Operations

    Embed Business Relationship Management in IT

    • Buy Link or Shortcode: {j2store}270|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $21,960 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Manage Business Relationships
    • Parent Category Link: /manage-business-relationships
    • While organizations realize they need to improve business relationships, they often don’t know how.
    • IT doesn’t know what their business needs and so can’t add as much value as they’d like.
    • They find that their partners often reach out to third parties before they connect with internal IT.

    Our Advice

    Critical Insight

    • Business relationship management (BRM) is not just about communication, it’s about delivering on business value.
    • Build your BRM program on establishing trust.

    Impact and Result

    • Drive business value into the organization via innovative technology solutions.
    • Improve ability to meet and exceed business goals and objectives, resulting in more satisfied stakeholders (C-suite, board of directors).
    • Enhance ability to execute business activities to meet end customer requirements and expectations, resulting in more satisfied customers.

    Embed Business Relationship Management in IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Embed Business Relationship Management Deck – A step-by-step document that walks you through how to establish a practice with well-embedded business relationships, driving IT success.

    This blueprint helps you to establish a relationship with your stakeholders, both within and outside of IT. You’ll learn how to embed relationship management throughout your organization.

    • Embed Business Relationship Management in IT – Phases 1-5

    2. BRM Workbook Deck – A workbook for you to capture the results of your thinking on the BRM practice.

    Use this tool to capture your findings as you work through the blueprint.

    • Embed Business Relationship Management in IT Workbook

    3. BRM Buy-In and Communication Template – A template to help you communicate what BRM is to your organization, that leverages feedback from your business stakeholders and IT.

    Customize this tool to obtain buy in from leadership and other stakeholders. As you continue through the blueprint, continue to leverage this template to communicate what your BRM program is about.

    • BRM Buy-In and Communication Template

    4. BRM Role Expectations Worksheet – A tool to help you establish how the BRM role and/or other roles will be managing relationships.

    This worksheet template is used to outline what the BRM practice will do and associate the expectations and tasks with the roles throughout your organization. Use this to communicate that while your BRM role has a strategic focus and perspective of the relationship, other roles will continue to be important for relationship management.

    • Role Expectations Worksheet

    5. BRM Stakeholder Engagement Plan Worksheet – A tool to help you establish your stakeholders and your engagement with them.

    This worksheet allows you to list the stakeholders and their priority in order to establish how you want to engage with them.

    • BRM Stakeholder Engagement Plan Worksheet

    6. Business Relationship Manager Job Descriptions – These templates can be used as a guide for defining the BRM role.

    These job descriptions will provide you with list of competencies and qualifications necessary for a BRM operating at different levels of maturity. Use this template as a guide, whether hiring internally or externally, for the BRM role.

    • Business Relationship Manager – Level 1
    • Business Relationship Manager – Level 2
    • Business Relationship Manager – Level 3
    [infographic]

    Workshop: Embed Business Relationship Management in IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Foundation: Assess and Situate

    The Purpose

    Set the foundation for your BRM practice – understand your current state and set the vision.

    Key Benefits Achieved

    An understanding of current pain points and benefits to be addressed through your BRM practice. Establish alignment on what your BRM practice is – use this to start obtaining buy-in from stakeholders.

    Activities

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    1.4 Create Vision

    1.5 Create the BRM Mission

    1.6 Establish Goals

    Outputs

    BRM definition

    Identify areas to be addressed through the BRM practice

    Shared vision, mission, and understanding of the goals for the brm practice

    2 Plan

    The Purpose

    Determine where the BRM fits and how they will operate within the organization.

    Key Benefits Achieved

    Learn how the BRM practice can best act on your goals.

    Activities

    2.1 Establish Guiding Principles

    2.2 Determine Where BRM Fits

    2.3 Establish BRM Expectations

    2.4 Identify Roles With BRM Responsibilities

    2.5 Align Capabilities

    Outputs

    An understanding of where the BRM sits in the IT organization, how they align to their business partners, and other roles that support business relationships

    3 Implement

    The Purpose

    Determine how to identify and work with key stakeholders.

    Key Benefits Achieved

    Determine ways to engage with stakeholders in ways that add value.

    Activities

    3.1 Brainstorm Sources of Business Value

    3.2 Identify Key Influencers

    3.3 Categorize the Stakeholders

    3.4 Create the Prioritization Map

    3.5 Create Your Engagement Plan

    Outputs

    Shared understanding of business value

    A plan to engage with stakeholders

    4 Reassess and Embed

    The Purpose

    Determine how to continuously improve the BRM practice.

    Key Benefits Achieved

    An ongoing plan for the BRM practice.

    Activities

    4.1 Create Metrics

    4.2 Prioritize Your Projects

    4.3 Create a Portfolio Investment Map

    4.4 Establish Your Annual Plan

    4.5 Build Your Transformation Roadmap

    4.6 Create Your Communication Plan

    Outputs

    Measurements of success for the BRM practice

    Prioritization of projects

    BRM plan

    Further reading

    Embed Business Relationship Management in IT

    Show that IT is worthy of Trusted Partner status.

    Executive Brief

    Analyst Perspective

    Relationships are about trust.

    As long as humans are involved in enabling technology, it will always remain important to ensure that business relationships support business needs. At the cornerstone of those relationships is trust and the establishment of business value. Without trust, you won’t be believed, and without value, you won’t be invited to the business table.

    Business relationship management can be a role, a capability, or a practice – either way it’s essential to ensure it exists within your organization. Show that IT can be a trusted partner by showing the value that IT offers.

    Photo of Allison Straker, Research Director, CIO Practice, Info-Tech Research Group.

    Allison Straker
    Research Director, CIO Practice
    Info-Tech Research Group

    Your challenge: Why focus on business relationship management?

    Is IT saying this about business partners?

    I don’t know what my business needs and so we can’t add as much value as we’d like.

    My partners don’t give us the opportunity to provide new ideas to solve business problems

    My partners listen to third parties before they listen to IT.

    We’re too busy and don’t have the capacity to help my partners.

    		Three stamps with the words 'Value', 'Innovation', and 'Advocacy'. Are business partners saying this about IT?

    IT does not create and deliver valuable services/solutions that resolve my business pain points.

    IT does not come to me with innovative solutions to my business problems/challenges/issues.

    IT blocks my efforts to drive the business forward using innovative technology solutions.

    IT does not advocate for my needs with the decision makers in the organization.

    Common obstacles

    While organizations realize they need to do better, they often don’t know how to improve.

    Organizations want to:
    • Understand and strategically align to business goals
    • Ensure stakeholders are satisfied
    • Show project value/success

    … these are all things that a mature business relationship can do to improve your organization.

    Key improvement areas identified by business leaders and IT leaders

    Bar chart comparing 'CXO' and 'CIO' responses to multiple areas one whether they need significant improvement or only some improvement. Areas in question are 'Understand Business Goals', 'Define and align IT strategy', 'Measure stakeholder satisfaction with IT', and 'Measure IT project success'. Source: CEO/CIO Alignment Diagnostic, N=446 organizations.

    Info-Tech’s approach

    BRMs who focus on achieving business value can improve organizational results.

    Visualization of a piggy bank labelled 'Business Value' with a person on a ladder labelled 'Strategic Tactical Operational' putting coins into the bank which are labelled 'External & internal views', 'Applied knowledge of the business', 'Strategic perspective', 'Trusted relationship', and 'Empathetic engagements “What’s in it for me/them?”'.

    Business relationships can take a strategic, tactical, or operational perspective.

    While all levels are needed, focus on a strategic perspective for optimal outcomes.

    Create business value through:

    • Applying your knowledge of the business so that conversations aren’t about what IT provides. Focus on what the overall business requires.
    • Ensuring your knowledge includes what is going on internally at your organization and also what occurs externally within and outside the industry (e.g. vendors, technologies used in similar industries or with similar customer interactions).
    • Discussing with the perspective of “what’s in it for [insert business partner here]” – don’t just present IT’s views.
    • Building a trusted strategic relationship – don’t just do well at the basics but also focus on the strategy that can move the organization to where it needs to be.

    Neither you nor your partners can view IT as separate from your overall business…

    …your IT goals need to be aligned with those of the overall business

    IT Maturity Pyramid with 'business goals' and 'IT goals' moving upward along its sides. It has five levels, 'unstable - Ad hoc – IT is too busy and the business is unsatisfied (too expensive, too long, not delivering on needs)', 'firefighter - Order taker – IT engaged on as-needed basis. IT unable to forecast demand to manage own resources', 'trusted operator - IT and business are not always sure of each other’s direction/priorities’, ‘business partner - IT understands and delivers on business needs', and 'innovator - Business and IT work together to achieve shared goals'.

    IT and other lines of business need to partner together – they are all part of the same overall business.

    Four puzzle pieces fitting together representing 'IT' and three other Lines of Business '(LOB)'

    <

    Why it’s important to establish a BRM program

    IT Benefits

    • Provides IT with a view of the lines of business they empower
    • Allows IT to be more proactive in providing solutions that help business partner teams
    • Allows IT to better manage their workload, as new requests can be prioritized and understood

    Business Benefits

    • Provides business teams with a view of the services that IT can help them with
    • Brings IT to the table with value-driven solutions
    • Creates an overall roadmap aligning both partners
    Ladder labelled 'Strategic Tactical Operational'.
    • Drive business value into the organization via innovative technology solutions.
    • Improve ability to meet and exceed business goals and objectives, resulting in more satisfied stakeholders (C-suite, board of directors).
    • Enhance ability to execute business activities to meet end-customer requirements and expectations, resulting in more satisfied customers.

    Increase your business benefits by moving up higher – from operational to tactical to strategic.

    		Piggy bank labelled 'Business Value'.

    When IT understands the business, they provide better value

    Understanding all parties – including the business needs and context – is critical to effective business relationships.

    Establishing a focus on business relationship management is key to improving IT satisfaction.

    When business partners are satisfied that IT understands their needs, they have a higher perception of the value of overall IT

    Bar chart with axes 'Business satisfaction with IT understanding of needs' and 'Perception of IT value'. There is an upward trend.

    The relationship between the perception of IT value and business satisfaction is strong (r=0.89). Can you afford not to increase your understanding of business needs?

    (Source: Info-Tech Research Group diagnostic data/Business-Aligned IT Strategy blueprint (N=652 first-year organizations that completed the CIO Business Vision diagnostic))

    A tale of two IT partners

    Teleconference with an IT partner asking them to 'Tell me everything'.

    One IT partner approached their business partner without sufficient background knowledge to provide insights.

    The relationship was not strong and did not provide the business with the value they desired.

    Research your business and be prepared to apply your knowledge to be a better partner.

    Teleconference with an IT partner that approached with knowledge of your business and industry.

    The other IT partner approached with knowledge of the business and external parties (vendors, competitors, industry).

    The business partners received this positively. They invited the IT partners to meetings as they knew IT would bring value to their sessions.

    BRM success is measurable Measuring tape.

    1) Survey your stakeholders to measure improvements in customer satisfaction 2) Measure BRM success against the goals for the practice

    Business satisfaction survey

    • Audience: Business leaders
    • Frequency: Annual
    • Metrics:
      • Overall Satisfaction score
      • Overall Value score
      • Relationship Satisfaction:
        • Understand needs
        • Meet needs
        • Communication
    		 Two small tables showing example 'Value' and 'Satisfaction' scores. Dart board with five darts, each representing a goal, 'Demand Shaping', 'Value Realization', 'Servicing', 'Exploring', and 'Other Goal(s)'.
    Table with a breakdown of the example 'Satisfaction' score, with individual scores for 'Needs', 'Execution', and 'Communication'.

    Maturing your BRM practice is a journey

    Info-Tech has developed an approach that can be used by any organization to improve or successfully implement BRM. The same ladder as before with words 'Strategic', 'Tactical', 'Operational', and a person climbing on it. Become a Trusted Partner and Advisor
    KNOWLEDGE OF INDUSTRY

    STRATEGIC

    		 Value Creator and Innovator

    Strategic view of IT and the business with knowledge of the market and trends; a connector driving value-added services.

    KNOWLEDGE OF FUNCTIONS

    TACTICAL

    		 Influencer and Advocate

    Two-way voice between IT and business, understanding business processes and activities including IT touchpoints and growing tactical and strategic view of services and value.

    TABLE STAKES:
    COMMUNICATION
    SERVICE DELIVERY
    PROJECT DELIVERY

    OPERATIONAL

    		 Deliver

    Communication, service, and project delivery and fulfillment, initial engagement with and knowledge of the business.

    Foundation: Define and communicate the meaning and vision of BRM

    At each level, keep maturing your BRM practice

    ITPartnerWhat to do to move to the next level

    Strategic Partner

    Shared goals for maximizing value and shared risk and reward

    5

    Strategic view of IT and the business with knowledge of the market and trends; a connector driving value-added services.

    Value Creator and Innovator

    See partners as integral to business success and growth

    Focus on continuous learning and improvement.

    Trusted Advisor

    Cooperation based on mutual respect and understanding

    4

    Partners understand, work with, and help improve capabilities.

    Influencer and Advocate

    Sees IT as helpful and reliable

    Strategic: IT needs to demonstrate and apply knowledge of business, industry, and external influences.

    Service Provider

    Routine – innovation is a challenge

    3

    Two-way voice between IT and business; understanding business processes and activities including IT touchpoints and growing tactical and strategic view of services and value.

    Priorities set but still always falling behind.

    Views IT as helpful but they don’t provide guidance

    IT needs to excel in portfolio and transition management.

    Business needs to engage IT in strategy.

    Order Taker

    Distrust, reactive

    2

    Focuses on communication, service, and project delivery and fulfillment, initial engagement with and knowledge of the business.

    Delivery Service

    Engages with IT on an as-needed basis

    Improve Tactical: IT needs to demonstrate knowledge of the business they are in. IT to improve BRM and service management.

    Business needs to embrace BRM role and service management.

    Ad Hoc

    Loudest in, first out

    1

    Too busy doing the basics; in firefighter mode.

    Low satisfaction (cost, duration, quality)

    Improve Operational Behavior: IT to show value with “table stakes” – communication, service delivery, project delivery.

    IT needs to establish intake/demand management.


    Business to embrace a new way of approaching their partnership with IT.

    (Adapted from BRM Institute Maturity Model and Info-Tech’s own model)

    The Info-Tech path to implement BRM

    Use Info-Tech’s ASPIRe method to create a continuously improving BRM practice.

    Info-Tech's ASPIRe method visualized as a winding path. It begins with 'Role Definition', goes through many 'Role Refinements' and ends with 'Metrics'. The main steps to which the acronym refers are 'Assess', 'Situate', 'Plan', 'Implement', and 'Reassess & Embed'.

    Insight summary

    BRM is not just about communication, it’s about delivering on business value.

    Business relationship management isn’t just about having a pleasant relationship with stakeholders, nor is it about just delivering things they want. It’s about driving business value in everything that IT does and leveraging relationships with the business and IT, both within and outside your organization.

    Understand your current state to determine the best direction forward.

    Every organization will apply the BRM practice differently. Understand what’s needed within your organization to create the best fit.

    BRM is not just a communication conduit between IT and the business.

    When implemented properly, a BRM is a value creator, advocate, innovator, and influencer.

    The BRM role must be designed to match the maturity level of the IT organization and the business.

    Before you can create incremental business value, you must master the fundamentals of service and project delivery.

    Info-Tech Insight

    Knowledge of your current situation is only half the battle; knowledge of the business/industry is key.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Executive Buy-In and Communication Presentation Template

    Explain the need for the BRM practice and obtain buy-in from leadership and staff across the organization.

    Sample of Info-Tech's key deliverable, the Executive Buy-In and Communication Presentation Template.

    BRM Workbook

    Capture the thinking behind your organization’s BRM program.

    		Sample of Info-Tech's BRM Workbook deliverable.

    BRM Stakeholder Engagement Plan Worksheet

    Worksheet to capture how the BRM practice will engage with stakeholders across the organization.

    		Sample of Info-Tech's BRM Stakeholder Engagement Plan Worksheet deliverable.

    BRM Role Expectations Worksheet

    How business relationship management will be supported throughout the organization at a strategic, tactical, and operational level.

    		Sample of Info-Tech's BRM Role Expectations Worksheet deliverable.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Phase 5
    Call #1: Discuss goals, current state, and an overview of BRM.

    Call #2: Examine business satisfaction and discuss results of SWOT.

    		Call #3: Establish BRM mission, vision, and goals. Call #4: Develop guiding principles.

    Call #5: Establish the BRM operating model and role expectations.

    		Call #6: Establish business value. Discuss stakeholders and engagement planning. Call #7: Develop metrics. Discuss portfolio management.

    Call #8: Develop a communication or rollout plan.

    Workshop Overview

    Complete the CIO-Business Vision diagnostic prior to the workshop.
    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Post-Workshop
    Activities
    Set the Foundation
    Assess & Situate
    Define the Operating Model
    Plan
    Define Engagement
    Implement
    Implement BRM
    Reassess
    Next steps and Wrap-Up (offsite)

    1.1 Discuss rationale and importance of business relationship management

    1.2 Review CIO BV results

    1.3 Conduct SWOT analysis (analyze strengths, weaknesses, opportunities, and threats)

    1.4 Establish BRM vision and mission

    1.5 Define objectives and goals for maturing the practice

    2.1 Create your list of guiding principles (optional)

    2.2 Define business value

    2.3. Establish the operating model for the BRM practice

    2.4 Define capabilities

    3.1. Identify key stakeholders

    3.2 Map, prioritize, and categorize the stakeholders

    3.4 Create an engagement plan

    4,1 Define metrics

    4.2 Identify remaining enablers/blockers for practice implementation

    4.3 Create roadmap

    4.4 Create communication plan

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. Summary of CIO Business Vision results
    2. Vision and list of objectives for the BRM program
    3. List of business and IT pain points
    1. BRM role descriptions, capabilities, and ownership definitions
    1. BRM reporting structure
    2. BRM engagement plans
    1. BRM communication plan
    2. BRM metrics tracking plan
    3. Action plan and next step
    1. Workshop Report

    ASSESS

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    		Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    		Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    		Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    To assess BRM, clarify what it means to you

    Who are BRM relationships with? Octopus holding icons with labels 'Tech Partners', 'Lines of Business', and 'External Partners'. The BRM has multiple arms/legs to ensure they’re aligned with multiple parties – the partners within the lines of business, external partners, and technology partners.
    What does a BRM do? Engage the right stakeholders – orchestrate key roles, resources, and capabilities to help stimulate, shape, and harvest business value.

    Connect partners (IT and other business) with the resources needed.

    Help stakeholders navigate the organization and find the best path to business value.

    		Three figures performing different actions, labelled 'orchestrate', 'connect', and 'navigate'.
    What does a BRM focus on? Circle bisected at many random points to create areas of different colors with four color-coded circles surrounding it. Demand Shaping – Surfacing and shaping business demand
    Value Harvesting – Identifying ways to increase business value and providing insights
    Exploring – Rationalizing demand and reviewing new business, technology, and industry insights
    Servicing – Managing expectations and facilitating business strategy; business capability road mapping

    Determine what business relationship management is

    Many organizations face business dissatisfaction because they do not understand what the role of a BRM should be.

    A BRM Is NOT:
    • Order taker
    • Service desk
    • Project manager
    • Business analyst
    • Service delivery manager
    • Service owner
    • Change manager
    		 A BRM Is:
    • Value creator
    • Innovator
    • Trusted advisor
    • Strategic partner
    • Influencer
    • Business subject matter expert
    • Advocate for the business
    • Champion for business process improvement
    Business relationship management does not mean a go-between for the business and IT. Its focus should be on delivering VALUE and INNOVATIVE SOLUTIONS to the business.

    1.1 What is BRM?

    1 hour

    Input: Your preliminary thoughts and ideas on BRM

    Output: Themes summarizing what BRM will be at your organization

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Each team member will take a colored sticky note to capture what BRM is and what it isn’t.
    2. As a group, review and discuss the sticky notes.
    3. Group them into themes summarizing what BRM will be at your organization.
    4. Leverage the workbook to brainstorm the definition of BRM at your organization.
    5. Create a refined summary statement and capture it in the Executive Buy-In and Communication Template.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    It’s important to understand what the business thinks; ask them the right questions

    Leverage the CIO Business Vision Diagnostic to provide clarity on:
    • The organization’s view on satisfaction and importance of core IT services
    • Satisfaction across business priorities
    • IT’s capacity to meet business needs

    Contact your Account Representative to get started

    		Sample of various scorecards from the CIO Business Vision Diagnostic.

    1.2 Use their responses to help guide your BRM program

    1 hour

    Input: CIO-Business Vision Diagnostic, Other business feedback

    Output: Summary of your partners’ view of the IT relationship

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: CIO, IT management team

    1. Complete the CIO Business Vision diagnostic.
    2. Analyze the findings from the Business Vision diagnostic or other business relationship and satisfaction surveys. Key areas to look at include:
      • Overall IT Satisfaction
      • IT Value
      • Relationship (Understands Needs, Communicates Effectively, Executes Requests, Trains Effectively)
      • Shadow IT
      • Capacity Needs
      • Business Objectives
    3. Capture the following on your analysis:
      • Success stories – what your business partners are satisfied with
      • Challenges – are the responses consistent across departments?
    4. Leverage the workbook to capture your findings the goals. Key highlights should be documented in the Executive Buy-In and Communication Template.

    Use the BRM Workbook to capture ideas

    Polish the goals in the Executive Buy-In and Communication Template

    Perform a SWOT analysis to explore internal and external business factors

    A SWOT analysis is a structured planning method organizations use to evaluate the effects of internal strengths and weaknesses and external opportunities and threats on a project or business venture.

    Why It Is Important

    • Business SWOT reveals internal and external trends that affect the business. You may uncover relevant information about the business that the other analysis methods did not reveal.
    • The organizational strengths or weaknesses will shed some light on implications that you might not have considered otherwise, such as brand perception or internal staff capability to change.

    Key Tips/Information

    • Although this activity is simple in theory, there is much value to be gained when performed effectively.
    • Focus on weaknesses that can cause a competitive disadvantage and strengths that can cause a competitive advantage.
    • Rank your opportunities and threats based on impact and probability.
    • Info-Tech members who have derived the most insights from a business SWOT analysis usually involved business stakeholders in the analysis.

    SWOT diagram split into four quadrants representing 'Strengths' at top left, 'Opportunities' at bottom left, 'Weaknesses' at top right, and 'Threats' at bottom right.

    Review these questions to help you conduct your SWOT analysis on the business

    Strengths (Internal)
    • What competitive advantage does your organization have?
    • What do you do better than anyone else?
    • What makes you unique (human resources, product offering, experience, etc.)?
    • Do you have location, price, cost, or quality advantages?
    • Does your organizational culture offer an advantage (hiring the best people, etc.)?
    • Do you have a high level of customer engagement or satisfaction?
    Weaknesses (Internal)
    • What areas of your business require improvement?
    • Are there gaps in capabilities?
    • Do you have financial vulnerabilities?
    • Are there leadership gaps (succession, poor management, etc.)?
    • Are there reputational issues?
    • Are there factors contributing to declining sales?
    Opportunities (External)
    • Are there market developments or new markets?
    • Are there industry or lifestyle trends (move to mobile, etc.)?
    • Are there geographical changes in the market?
    • Are there new partnerships or mergers and acquisitions (M&A) opportunities?
    • Are there seasonal factors that can be used to the advantage of the business?
    • Are there demographic changes that can be used to the advantage of the business?
    Threats (External)
    • Are there obstacles that the organization must face?
    • Are there issues with respect to sourcing of staff or technologies?
    • Are there changes in market demand?
    • Are your competitors making changes that you are not making?
    • Are there economic issues that could affect your business?

    1.3 Analyze internal and external business factors using a SWOT analysis

    1 hour

    Input: IT and business stakeholder expertise

    Output: Analysis of internal and external factors impacting the IT organization

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: CIO, IT management team

    1. Break the group into two teams:
      • Assign team A internal strengths and weaknesses.
      • Assign team B external opportunities and threats.
    2. Think about strengths, weaknesses, opportunities, and threats as they pertain to the IT-business relationship. Consider people, process, and technology elements.
    3. Have the teams brainstorm items that fit in their assigned grids. Use the prompt questions on the previous slide as guidance.
    4. Pick someone from each group to fill in the SWOT grid.
    5. Conduct a group discussion about the items on the list; identify implications for the BRM/IT.

    Capture in the BRM Workbook

    SITUATE

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    		Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    		Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    		Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    Your strategy informs your BRM program

    Your strategy is a critical input into your program. Extract critical components of your strategy and convert them into a set of actionable principles that will guide the selection of your operating model.

    Sample of Info-Tech's 'Build a Business-Aligned IT Strategy' blueprint.

    Vision, Mission & Principles Chevron pointing right.
    • Leverage your vision and mission statements that communicate aspirations and purpose for key information that can be turned into design principles.
    Business Goal Implications Chevron pointing right.
    • Implications are derived from your business goals and will provide important context about the way BRM needs to change to meet its overarching objectives.
    • Understand how those implications will change the way that work needs to be done – new capabilities, new roles, new modes of delivery, etc.
    Target-State Maturity Chevron pointing right.
    • Determine your target-state relationship maturity for your organization using the BRM goals that have been uncovered.

    Outline your mission and vision for your BRM practice

    If you don’t know where you’re trying to go, how do you know if you’ve arrived?

    Establish the vision of what your BRM practice will achieve.

    Your vision will paint a picture for your stakeholders, letting them know where you want to go with your BRM practice.

    Stock image of a hand painting on a large canvas.

    The vision will also help motivate and inspire your team members so they understand how they contribute to the organization.

    Your strategy must align with and support your organization’s strategy.

    		Good Visions
    • Attainable – Aspirational but still within reach
    • Communicable – Easy to comprehend
    • Memorable – Not easily forgotten
    • Practical – Solid, realistic
    • Shared – Create a culture of shared ownership across the team/company
    		 When Visions Fail
    • Not Shared: Lack of buy-in, no alignment with stakeholders
    • Impractical: No plan or strategy to deliver on the vision
    • Unattainable: Set too far in the future
    • Forgettable: Not championed, not kept in mind
    (Source: UX Magazine, 2011)

    Derive the BRM vision statement

    Stock image of an easel with a bundle of paint brushes beside it. Begin the process of deriving the business relationship management vision statement by examining your business and user concerns. These are the problems your organization is trying to solve.
    Icon of one person asking another a question.
    Problem Statements
    First, ask what problems your organization hopes to solve.     		Icon of a magnifying glass on a box.
    Analysis
    Second, ask what success would look like when those problems were solved.     		Icon of two photos in quotes.
    Vision Statement
    Third, polish the answer into a short but meaningful phrase.

    Paint the picture for your team and stakeholders so that they align on what BRM will achieve.

    Vision statements demonstrate what your practice “aspires to be”

    Your vision statement communicates a desired future state of the BRM organization. The statement is expressed in the present tense. It seeks to articulate the desired role of business relationship management and how it will be perceived.

    Sample vision statements:

    • To be a trusted advisor and partner in enabling business innovation and growth through an engaged design practice.
    • The group will strive to become a world-class value center that is a catalyst for innovation.
    • Apple: “We believe that we are on the face of the earth to make great products and that’s not changing.” (Mission Statement Academy, May 2019.)
    • Coca-Cola: “To refresh the world in mind, body, and spirit, to inspire moments of optimism and happiness through our brands and actions, and to create value and make a difference.” (Mission Statement Academy, August 2019.)

    2.1 Vision generation

    1 hour

    Input: IT and business strategies

    Output: Vision statement

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review the goals and the sample vision statements provided on the previous slide.
    2. Brainstorm possible vision statements that can apply to your practice. Refer to the guidance provided on the previous page – ensure that it paints a picture for the reader to show the desired target state.
    3. Leverage the workbook to brainstorm the vision. Capture the refined statement in the Executive Buy-In and Communication Template.
    Strong vision statements have the following characteristics
    • Describe a desired future
    • Focus on ends, not means
    • Communicate promise
    • Concise, no unnecessary words
    • Compelling
    • Achievable
    • Inspirational
    • Memorable

    Use the BRM Workbook to capture ideas

    Polish the goals in the Executive Buy-In and Communication Template

    Create the mission statement from the problems and the vision statement

    Your mission demonstrates your current intent and the purpose driving you to achieve your vision.

    It reflects what the organization does for users/customers.

    The main word 'Analysis' is sandwiched between 'Goals and Problems' and 'Vision Statement', each with arrow pointing to the middle. Make sure the practice’s mission statement reflects answers to the questions below:

    The questions:

    • What does the organization do?
    • How does the organization do it?
    • For whom does the organization do it?
    • What value is the organization bringing?

    “A mission statement illustrates the purpose of the organization, what it does, and what it intends on achieving. Its main function is to provide direction to the organization and highlight what it needs to do to achieve its vision.” (Joel Klein, BizTank (in Hull, “Answer 4 questions to get a great mission statement.”))

    Sample mission statements

    To enhance the lives of our end users through our products so that our brand becomes synonymous with user-centricity.

    To enable innovative services that are seamless and enjoyable to our customers so that together we can inspire change.

    Apple’s mission statement: “To bring the best user experience to its customers through its innovative hardware, software, and services.” (Mission Statement Academy, May 2019.)

    Coca Cola’s mission statement: “To refresh the world in mind, body, and spirit, to inspire moments of optimism and happiness through our brands and actions, and to create value and make a difference.” (Mission Statement Academy, August 2019.)

    Tip: Using the “To … so that” format helps to keep your mission focused on the “why.”

    2.2 Develop your own mission statement

    1 hour

    Input: IT and business strategies, Vision

    Output: Mission statement

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review the goals and the vision statement generated in the previous activities.
    2. Brainstorm possible mission statements that can apply to your BRM practice. Capture this in your BRM workbook.
    3. Refine your mission statement. Refer to the guidance provided on the previous page – ensure that the mission provides “the why”. Document the refined mission statement in the Executive Buy-In and Communication Template.

    “People don't buy what you do; they buy why you do it and what you do simply proves what you believe.” (Sinek, Transcript of “How Great Leaders Inspire Action.”)

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    Areas that BRMs focus on include:

    Establish how much of these your practice will focus on.

    VALUE HARVESTING
    • Tracks and reviews performance
    • Identifies ways to increase business value
    • Provides insights on the results of business change/initiatives
    		 Circle bisected at many random points to create areas of different colors with four color-coded circles surrounding it. DEMAND SHAPING
    • Isn’t just demand/intake management
    • Surfaces and shapes business demand
    • Is influenced by knowledge of the overall business and external entities
    SERVICING
    • Coordinates resources
    • Manages expectations
    • Facilitates business strategy, business capability road-mapping, and portfolio and program management
    		 EXPLORING
    • Identifies and rationalizes demand
    • Reviews new business, technology, and industry insights
    • Identifies business value initiatives

    Establish what success means for your focus areas

    Brainstorm objectives and success areas for your BRM practice.

    Circle bisected at many random points to create areas of different colors with four color-coded circles surrounding it. VALUE HARVESTING
    Success may mean that you:
    • Understand the drivers and what the business needs to attain
    • Demonstrate focus on value in discussions
    • Ensure value is achieved, tracking it during and beyond deployment
    		 DEMAND SHAPING
    Success may mean that you:
    • Understand the business
    • Are engaged at business meetings (invited to the table)
    • Understand IT; communicate clarity around IT to the business
    • Help IT prioritize needs
    SERVICING
    Success may mean that you:
    • Understand IT services and service levels that are required
    • Provide clarity around services and communicate costs and risks
    		 EXPLORING
    Success may mean that you:
    • Surface new opportunities based on understanding of pain points and growth needs
    • Research and partner with others to further the business
    • Engage resources with a focus on the value to be delivered

    2.3 Establish BRM goals

    1 hour

    Input: Mission and vision statements

    Output: List of goals

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: CIO, IT management team, BRM team

    1. Use the previous slides as a starting point – review the focus areas and sample associated objectives.
    2. Determine if all apply to your role.
    3. Brainstorm the objectives for your BRM practice.
    4. Discuss and refine the objectives and goals until the team agrees on your starting set.
    5. Leverage the workbook to establish the goals. Capture refined goals in the Executive Buy-In and Communication Template.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    PLAN

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    		Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    		Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    		Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    Guiding principles help you focus the development of your practice

    Your guiding principles should define a set of loose rules that can be used to design your BRM practice to the specific needs of the organization and work that needs to be done.

    These rules will guide you through the establishment of your BRM practice and help you explain to your stakeholders the rationale behind organizing in a specific way.

    		Sample Guiding Principles

    Principle Name

    Principle Statement
    Customer Focus We will prioritize internal and external customer perspectives
    External Trends We will monitor and liaise with external organizations to bring best practices and learnings into our own
    Organizational Span We embed relationship management across all levels of leadership in IT
    Role If the resource does not have a seat at the table, they are not performing the BRM role

    3.1 Establish guiding principles (optional activity)

    Input: Mission and vision statements

    Output: BRM guiding principles

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Think about strengths, weaknesses, opportunities, and threats as well as the overarching goals, mission, and vision.
    2. Identify a set of principles that the BRM practice should have. Guiding principles are shared, long-lasting beliefs that guide the use of business relationship management in your organization.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    Establish the BRM partner model and alignment

    Having the right model and support is just as important as having the right people.

    Gears with different BRM model terms: 'BRM Capabilities', 'BRM & Other Roles', 'Scope (pilot)', 'Operating Unit', 'BRM Expectations Across the organization', and 'Delivery & Support'.

    Don’t boil the ocean: Start small

    It may be useful to pilot the BRM practice with a small group within the organization – this gives you the opportunity to learn from the pilot and share best practices as you expand your BRM practice.

    You can leverage the pilot business unit’s feedback to help obtain buy-in from additional groups.

    Evaluate the approaches for your pilot:         		Work With an Engaged Business Unit
    Icon of a magnifying glass over a group of people.

    This approach can allow you to find a champion group and establish quick wins.

    		Target Underperforming Area(s)
    Icon of an ambulance.

    This approach can allow you to establish significant wins, providing new opportunities for value.

    Target the Area(s) Driving the Most Business Value
    Icon of an arrow in a bullseye.

    Provide the largest positive impact on your portfolio’s ability to drive business value; for large strategic or transformative goals.

    		Work Across a Single Business Process
    Icon of a process tree.

    This approach addresses a single business process or operation that exists across business units, departments, or locations. This, again, will allow you to limit the number of stakeholders.

    Leverage BRM goals to determine where the role fits within the organization

    Organization tree with a strategic BRM.

    Strategic BRMs are considered IT leaders, often reporting to the CIO.


    Organization tree with an operational BRM.

    In product-aligned organizations, the product owners will own the strategic business relationship from a product perspective (often across LOB), while BRMs will own the strategic role for the line(s) of businesses (often across products) that they hold a relationship with. The BRM role may be played by a product family leader.


    Organization tree with a BRM in a product-aligned organization.

    BRMs may take on a more operational function when they are embedded within another group, such as the PMO. This manifests in:

    • Accountability for projects and programs
    • BRM conversations around projects and programs rather than overall needs
    • Often, there is less focus on stimulating need, more about managing demand
    • This structure may be useful for smaller organizations or where organizations are piloting the relationship capability

    Use the IT structure and the business structure to determine how to align BRM and business partners. Many organizations ensure that each LOB has a designated BRM, but each BRM may work with multiple LOBs. Ensure your alignment provides an even and manageable distribution of work.

    Don’t be intimidated by those who play a significant role in relationship management

    Layers representing the BRM, BA, and Product Owner. Business Relationship Manager: Portfolio View
    • Ongoing with broader organization-wide objectives
    • A BRM’s strategic perspective is focused across projects and products
    		 The BRM will look holistically across a portfolio, rather than on specific projects or products. Their focus is ensuring value is delivered that impacts the overall organization. Multiple BRMs may be responsible for lines of businesses and ensure that products and project enable LOBs effectively.
    Business Analyst: Product or Project View
    • Works within a project or product
    • Accomplishes specific objectives within the project/product
    		 The BA tends to be involved in project work – to that end, they are often brought in a bit before a project begins to better understand the context. They also often remain after the project is complete to ensure project value is delivered. However, their main focus is on delivering the objectives within the project.
    Product Owner: Product View
    • Ongoing and strategic view of entire product, with product-specific objectives
    		 The Product Owner bridges the gap between the business and delivery to ensure their product continuously delivers value. Their focus is on the product.

    3.2 Establish the BRM’s place in the organizational structure

    Input: BRM goals, IT organizational structure, Business organizational structure

    Output: BRM operating model

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review the current organizational structure – both IT and overall business.
    2. Think about the maturity of the IT organization and what you and your partners will be able to support at this stage in the relationship or journey. Establish whether it is necessary to start with a pilot.
    3. Consider the reporting relationship that is required to support the desired maturity of your practice – who will your BRM function report into?
    4. Consider the distribution of work from your business partners. Establish which BRM is responsible for which partners.
    5. Document where the BRM fits in the organization in the Executive Buy-In and Communication Template.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    Align your titles to your business partners and ensure it demonstrates your strategic goals

    Some titles that may reflect alignment with your partners:
    • Business Capability Manager
    • Business Information Officer
    • Business Relationship Manager
    • Director, Technology Partner
    • IT Business Relationship Manager
    • People Relationship Manager
    • Relationship and Strategy Officer
    • Strategic Partnership Director
    • Technology Partner/People Partner/Finance Partner/etc.
    • Value Management Officer

    Support BRM team members might have “analyst” or “coordinator” as part of their titles.

    		Caution when using these titles:
    • Account Manager (do you see your stakeholders as accounts or as partners?)
    • Customer Relationship Manager (do you see your stakeholders as customers or as partners?)
    • People Partner (differentiate your role from HR)

    Determine the expectations for your BRM role(s)

    Below are standard expectations from BRM job descriptions. Establish whether there are changes required for your organization.

    Act as a Relationship Manager
    • Build strong, collaborative relationships with business clients
    • Build strong, collaborative relationships with IT service owners
    • Track client satisfaction with services provided
    • Continuously improve, based on feedback from clients
    Communicate With Business Stakeholders
    • Ensure that effective communication occurs related to service delivery and project delivery (e.g. planned downtime, changes, open tickets)
    • Manage expectations of multiple business stakeholders
    • Provide a clear point of contact within IT for each business stakeholder
    • Act as a bridge between IT and the business
    		 Service Delivery

    Service delivery breaks out into three activities: service status, changes, and service desk tickets

    • Understand at a high level the services and technologies in use
    • Work with clients to plan and make sure they understand the relevance and impact of IT changes to their operations
    • Define, agree to, and report on key service metrics
    • Act as an escalation point for major issues with any aspect of service delivery
    • Work with service owners to develop and monitor service improvement plans
    Project/Product Delivery
    • Ensure that the project teams provide regular reports regarding project status, issues, and changes
    • Work with project managers and clients to ensure project requirements are well understood and documented and approved by all stakeholders
    • Ensure that the project teams provide key project metrics on a regular basis to all relevant stakeholders

    Determine role expectations (slide 2 of 3)

    Knowledge of the Business

    Understand the main business activities for each department:

    • Understand which IT services are required to complete each business activity
    • Understand business processes and associated business activities for each user group within a department
    Advocate for Your Business Clients
    • Act as an advocate for the client – be invested in client success
    • Understand the strategies and plans of the clients and help develop an IT strategic plan/roadmap that maps to business strategies
    • Help the business understand project governance processes
    • Help clients to develop proposals and advance them through the project intake and assessment process
    		 Influence Business and IT Stakeholders
    • Influence business and IT stakeholders at multiple levels of the organization to help clients achieve their business objectives
    • Leverage existing relationships to convince decision makers to move forward with business and IT initiatives that will benefit the department and the organization as a whole
    • Understand and solve issues and challenges such as differing agendas, political considerations, and resistance to change
    Knowledge of the Market
    • Understand the industry – trends, competition, future direction
    • Leverage what others are doing to bring innovative ideas to the organization
    • Understand what end customers expect with regards to IT services and bring this intelligence to business leaders and decision makers

    Determine role expectations (slide 3 of 3)

    Value Creator
    • Understand how services currently offered by IT can be put to best use and create value for the business
    • Work collaboratively with clients to define and prioritize technology initiatives (new or enhanced services) that will bring the most business benefit
    • Lead initiatives that help the business achieve or exceed business goals and objectives
    • Lead initiatives that create business value (increased revenue, lower costs, increased efficiency) for the organization
    Innovator
    • Lead initiatives that result in new and better ways of doing business
    • Identify opportunities for using IT in new and innovative ways to bring value to the business and drive the business forward
    • Leverage knowledge of the business, knowledge of the industry, and knowledge of leading-edge technological solutions to transform the way the business operates and provides services to its customers

    3.3 Establish BRM expectations

    Input: BRM goals

    Output: BRM expectations

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review the BRM expectations on the previous slides.
    2. Customize them – are they the appropriate set of expectations needed for your organization? What needs to be edited in or out?
    3. Add relevant expectations – what are the things that need to be done in the BRM practice at your organization?
    4. Leverage the workbook to brainstorm BRM expectations. Make sure you update them in the BRM Role Expectation Spreadsheet.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    Various roles and levels within your organization may have a part of the BRM pie

    Where the BRM sits will impact what they are able to get done.

    The BRM role is a strategic one, but other roles in the organization have a part to play in impacting IT-partner relationship.

    Some roles may have a more strategic focus, while others may have a more tactical or operational focus.

    3.4 Identify roles with BRM responsibilities

    Input: BRM goals

    Output: BRM-aligned roles

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Various roles can play a part in the BRM practice, managing business relationships. Which ones make sense in your organization, given the BRM goals?
    2. Identify the roles and capture in the BRM Role Expectation Spreadsheet. Use the Role Expectation Alignment tab, row 1.


    Download the Role Expectations Worksheet

    Determine the focus for each role that may manage business relationships

    Icon of a telescope. STRATEGIC Sets Direction: Focus of the activities is at the holistic, enterprise business level “relating to the identification of long-term or overall aims and interests and the means of achieving them” e.g. builds overarching relationships to enable and support the organization’s strategy; has strategic conversations
    Icon of a house in a location marker. TACTICAL Figures Out the How: Focuses on the tactics required to achieve the strategic focus “skillful in devising means to ends” e.g. builds relationships specific to tactics (projects, products, etc.)
    Icon of a gear cog with a checkmark. OPERATIONAL Executes on the Direction: Day-to-day operations; how things get done “relating to the routine functioning and activities of a business or organization” e.g. builds and leverages relationships to accomplish specific goals (within a project or product)

    3.5 Align BRM capabilities to roles

    Input: Current-state model, Business value matrix, Objectives and goals

    Output: BRM-aligned roles

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review each group of role expectations – Act as a Relationship Manager, Communicate with Business Stakeholders, etc. For each group, determine the focus each role can apply to it – strategic, tactical, or operational. Refer to the previous slide for examples.
    2. Capture on the spreadsheet:
      • S – This role is required to have a strategic view of the capabilities. They are accountable and set direction for this aspect of relationship management.
      • T – Indicate if the role is required to have a tactical view of the capabilities. This would include whether the role is required to figure out how the capabilities will be done; for example, is the role responsible for carrying out service management or are they just involved to ensure that that set of expectations are being performed?
      • O – Indicate if the role will have an operational view – are they the ones responsible for doing the work?
      • Note: In some organizations, a role may have more than one of these.
    3. The spreadsheet will highlight the cells in green if the role plays more of the strategic role, yellow for tactical, and brown for operational. This provides an overall visual of each role’s part in relationship management.
    4. (Optional) Review each detailed expectation within the group. Evaluate whether specific roles will have a different focus on the unique role expectations.

    Leverage the Role Expectations Worksheet

    Sample role expectation alignment

    Sample of a role expectation alignment table with expectation names and descriptions on the left and a matrix of which roles should have a Strategic (S), Tactical (T), or Operational (O) view of the capabilities.

    IMPLEMENT

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    		Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    		Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    		Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    Speak the same language as your partners: Business Value

    Business value represents the desired outcome from achieving business priorities.

    Value is not only about revenue or reduced expenses. Use this internal-external and capability-financial business value matrix to more holistically consider what is valuable to stakeholders.

    Improved Capabilities
    Enhance Services
    Products and services that enable business capabilities and improve an organization’s ability to perform its internal operations.
    Increase Customer Satisfaction
    Products and services that enable and improve the interaction with customers or produce practical market information and insights.
    Inward Outward
    Save Money
    Products and services that reduce overhead. They typically are less related to broad strategic vision or goals and more simply limit expenses that would occur had the product or service not put in place.
    Make money
    (Return on Investment)
    Products and services that are specifically related to the impact on an organization’s ability to create a return on investment.
    Financial Benefits

    Business Value Matrix Axes:

    Financial Benefits vs. Improved Capabilities
    • Improved capabilities refers to the enhancement of business capabilities and skill sets.
    • Financial Benefits refers to the degree in which the value source can be measured through monetary metrics and is often highly tangible.
    Inward vs. Outward Orientation
    • Inward refers to value sources that have an internal impact an organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from interactions with external factors, such as the market or your customers.

    4.1 Activity: Brainstorm sources of business value

    Input: Product and service knowledge, Business process knowledge

    Output: Understanding of different sources of business value

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Identify your key stakeholders. These individuals are the critical business strategic partners in the organization’s governing bodies.
    2. Brainstorm the different types of business value that the BRM practice can produce.
    3. Is the item more focused on improving capabilities or generating financial benefits?
    4. Is the item focused on the customers you serve or the IT team?
    5. Enter your value item into a cell on the Business Value Matrix based on where it falls on these axes.
    6. Start to think about metrics you can use to measure how effective the product or service is at generating the value source.
    Simplified version of the Business Value Matrix on the previous slide.

    Use the BRM Workbook to capture sources of business value

    Brainstorm the different sources of business value (continued)

    See appendix for more information on value drivers:
    		 Example:
    Enhance Services
    • Dashboards/IT Situational Awareness
    • Improve measurement of services for data-driven analytics that can improve services
    • Collaborate to support Enterprise Architecture
    • Approval for and support of new applications per customer demand
    • Provide consultation for IT issues
    		 Axis arrow with 'Improved Capabilities'.
    Axis arrow with 'Financial Benefits'.     		Reach Customers
    • Provide technology roadmaps for IT services and devices
    • Improved "PR" presence: websites, service catalog, etc.
    • Enhance customer experience
    • Faster Time-to-market delivering innovative technologies and current services
    Axis arrow with 'Inward'.Axis arrow with 'Outward'.
    Reduce Costs
    • Achieve better pricing through enterprise agreements for IT services that are duplicated across several orgs
    • Prioritization/ development of roadmap
    • Portfolio management / reduce duplication of services
    • Evolve resourcing strategies to integrate teams (e.g. do more with less)
    		 Return on Investment
    • Customer -focused dashboards
    • Encourage use of centralized services through external collaboration capabilities that fit multiple use cases
    • Devise strategies for measured/supported migration from older IT systems/software

    Implications of ineffective stakeholder management

    A stakeholder is any group or individual who is impacted by (or impacts) your objectives.

    Challenges with stakeholder management can result from a self-focused point of view. Avoid these challenges by taking on the other’s perspectives – what’s in it for them.

    The key objectives of stakeholder management are to improve outcomes, increase confidence, and enhance trust in IT.

    • Obtain commitment of executive management for IT-related objectives.
    • Enhance alignment between IT and the business.
    • Improve understanding of business requirements.
    • Improve implementation of technology to support business processes.
    • Enhance transparency of IT costs, risks, and benefits.

    Challenges

    • Stakeholders are missed or new stakeholders are identified too late.
    • IT has a tendency to only look for direct stakeholders. Indirect and hidden stakeholders are not considered.
    • Stakeholders may have conflicting priorities, different visions, and different needs. Keeping every stakeholder happy is impossible.
    • IT has a lack of business understanding and uses jargon and technical language that is not understood by stakeholders.

    Implications

    • Unanticipated stakeholders and negative changes in stakeholder sentiment can derail initiatives.
    • Direct stakeholders are identified, but unidentified indirect or hidden stakeholders cause a major impact to the initiative.
    • The CIO attempts to trade off competing agendas and ends up caught in the middle and pleasing no one.
    • There is a failure in understanding and communications, leading stakeholders to become disenchanted with IT.

    Cheat Sheet: Identify stakeholders

    Ask stakeholders “who else should I be talking to?” to discover additional stakeholders and ensure you don’t miss anyone.

    List the people who are identified through the following questions: Take a 360-degree view of potential internal and external stakeholders who might be impacted by the initiative.
    • Who will be adversely affected by potential environmental and social impacts in areas of influence that are affected by what you are doing?
    • At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)?
    • Will other stakeholders emerge as the phases are started and completed?
    • Who is sponsoring the initiative?
    • Who benefits from the initiative?
    • Who loses from the initiative?
    • Who can make approvals?
    • Who controls resources?
    • Who has specialist skills?
    • Who implements the changes?
    • Who are the owners, governors, customers, and suppliers to impacted capabilities or functions?

    Executives

    Peers

    Direct reports

    Partners

    Customers

    		Stock image of a world.

    Subcontractors

    Suppliers

    Contractors

    Lobby groups

    Regulatory agencies

    Establish your stakeholder network “map”

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Your stakeholder map defines the influence landscape your BRM team operates in. It is every bit as important as the teams who enhance, support, and operate your products directly.

    Notes on the network map

    • Pay special attention to influencers who have many arrows; they are called “connectors,” and due to their diverse reach of influence, should themselves be treated as significant stakeholders.
    • Don’t forget to consider the through-lines from one influencer through intermediate stakeholders or influencers to the final stakeholder – a single influencer may have additional influence via multiple, possibly indirect paths to a single stakeholder.

    Legend for the example stakeholder network map below. 'Black arrows indicate the direction of professional influence'. 'Dashed green arrows indicate bidirectional, informal influence relationships'

    Example stakeholder network map visualizing relationships between different stakeholders.

    4.2 Visualize interrelationships among stakeholders to identify key influencers

    Input: List of stakeholders

    Output: Relationships among stakeholders and influencers

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. List direct stakeholders for your area. Ensure it includes stakeholders across the organization (both IT and business units).
    2. Determine the stakeholders of your stakeholders. Consider adding each of them to the stakeholder list: assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    3. Create a stakeholder network map to visualize relationships.
      • (Optional) Use black arrows to indicate the direction of professional influence.
      • (Optional) Use dashed green arrows to indicate bidirectional, informal influence relationships.
    4. Capture the list or diagram of your stakeholders in your workbook.

    Use the BRM Workbook to capture stakeholders

    Categorize your stakeholders with a stakeholder prioritization map

    A stakeholder prioritization map help teams categorize their stakeholders by their level or influence and ownership.

    There are four areas in the map and the stakeholders within each area should be treated differently.

    • Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical and a lack of support can cause significant impediment to the objectives.
    • Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
    • Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.
    • Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    Stakeholder prioritization map with axes 'Influence' and 'Ownership/Interest' splitting the map into four quadrants: 'Spectators Low/Low', 'Noisemakers Low/High', 'Mediators High/Low', and 'Players High/High'.

    4.3 Group your stakeholders into categories

    Input: Stakeholder Map

    Output: Categorization of stakeholders and influencers

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Identify your stakeholder’s interest in and influence on your BRM program.
    2. Map your results to the quadrant in your workbook to determine each stakeholder’s category.

    Stakeholder prioritization map with example 'Stakeholders' placed in or across the four quadrants.

    Level of Influence

    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.

    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Use the BRM Workbook to map your stakeholders

    Define strategies for engaging stakeholders by type

    Each group of stakeholders draws attention and resources away from critical tasks.

    By properly identifying your stakeholder groups, you can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of the Mediators and Players are met.

    Type Quadrant Actions
    Players High influence; high interest Actively Engage
    Keep them engaged through continuous involvement. Maintain their interest by demonstrating their value to its success.
    Mediators High influence; low interest Keep Satisfied
    They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust, and include them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence; high interest Keep Informed
    Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence; low interest Monitor
    They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Apply a third dimension for stakeholder prioritization: support.

    Support, in addition to interest and influence, is used to prioritize which stakeholders are should receive the focus of your attention. This table indicates how stakeholders are ranked:

    Table with 'Stakeholder Categories' and their 'Level of Support' for prioritizing. Support levels are 'Supporter', 'Evangelist', 'Neutral', and 'Blocker'.

    Support can be determined by rating the following question: how likely is it that your stakeholder would recommend IT at your organization/your group? Our four categories of support:

    • Blocker – beware of the blocker. These stakeholders do not support your cause and have the necessary drive to impede the achievement of your objectives.
    • Semi-Supporter – while these stakeholders are committed to your objectives, they are somewhat apathetic to advocate on your behalf. They will support you so long as it does not require much effort from them to do so.
    • Neutral – neutrals do not have much commitment to your objectives and are not willing to expend much energy to either support or detract from them.
    • Supporter – these stakeholders are committed to your initiative and are willing to whole-heartedly provide you with support.

    4.4 Update your stakeholder quadrant to include the three dimensions

    Input: Stakeholder Map

    Output: Categorization of stakeholders and influencers

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Identify the level of support of each stakeholder by answering the following question: how likely is it that your stakeholder would support your initiative/endeavor?
    2. Map your results to the model in your workbook to determine each stakeholder’s category.
    Stakeholder prioritization map with example 'Persons' placed in or across the four quadrants. with The third dimension, 'Level of Support', is color-coded.

    Use the BRM Workbook to map your stakeholders

    Leverage your map to think about how to engage with your stakeholders

    Not all stakeholders are equal, nor can they all be treated the same. Your stakeholder quadrant highlights areas where you may need to engage differently.

    Blockers

    Pay attention to your “blockers,” especially those that appear in the high influence and high interest part of the quadrant. Consider how your engagement with them varies from supporters in this quadrant. Consider what is valuable to these stakeholders and focus your conversations on “what’s in this for them.”

    Neutral & Evangelists

    Stakeholders that are neutral or evangelists do not require as much attention as blockers and supporters, but they still can’t be ignored – especially those who are players (high influence and engagement). Focus on what’s in it for them to move them to become supporters.

    Supporters

    Do not neglect supporters – continue to engage with them to ensure that they remain supporters. Focus on the supporters that are influential and impacted, rather than the “spectators.”

    4.5 Create your engagement plan

    Input: Stakeholder Map/list of stakeholders

    Output: Categorization of stakeholders and influencers

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Leverage the BRM Stakeholder Engagement Plan spreadsheet. List your key stakeholders.
    2. Consider: how do you show value at your current maturity level so that you can gain trust and your relationship can mature? Establish where your relationship lacks maturity, and consider whether you need to engage with them on a more strategic, tactical, or even operational manner.
      • At lower levels of maturity (Table Stakes), focus on service delivery, project delivery, and communication.
      • At mid-level maturity (Influencer/Advocate), focus on business pain points and a deeper knowledge of the business.
      • At higher maturity levels (Value Creator/Innovator), focus on creating value by leading innovative initiatives that drive the business forward.
    3. Review the stakeholder quadrant. Update the frequency of your communication accordingly.
    4. Capture the agenda for your engagements with them.

    Download and use the BRM Stakeholder Engagement Plan

    Your agenda should vary with the maturity of your relationship

    Agenda
    Stakeholder Information Type Meeting Frequency Lower Maturity Mid-Level Maturity Higher Maturity
    VP Strategic Quarterly
    • Summary of current and upcoming projects and initiatives
    • Business pain points for the department
    • Proposed solutions to address business pain points
    • Innovative solutions to improve business processes and drive value for the department and the organization
    Director Strategic, Tactical Monthly
    • Summary of recent and upcoming changes
    • Summary of current and upcoming projects and initiatives
    • Business pain points for the department
    • Proposed business process improvements
    • Current and upcoming project proposals to address business pain points
    • Innovative solutions to help the department achieve its business goals and objectives
    Manager Tactical Monthly
    • Summary of service desk tickets
    • Summary of recent and upcoming changes
    • Summary of current and upcoming projects and initiatives
    • Business pain points for the team
    • Proposed business activity improvements
    • Current and upcoming projects to address business pain points
    • Innovative solutions to help business users perform their daily business activities more effectively and efficiently

    Lower Maturity – Focus on service delivery, project delivery, and communication

    Mid-Level Maturity – Focus on business pain points and a deeper knowledge of the business

    Higher Maturity – Focus on creating value by leading innovative initiatives that drive the business forward

    Stakeholder – Include both IT and business stakeholders at appropriate levels

    Agenda – Manage stakeholders expectations, and clarify how your agenda will progress as the partnership matures

    REASSESS & EMBED

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    		Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    		Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    		Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    Measure your BRM practice success

    • Metrics are powerful because they drive behavior.
    • Metrics are also dangerous because they often lead to unintended negative outcomes.
    • Metrics should be chosen carefully to avoid getting “what you asked for” instead of “what you intended.”

    Stock image of multiple business people running off the end of a pointed finger like lemmings.

    Questions to ask Are your metrics achievable?
    1. What are the leading indicators of BRM effectively supporting the business’ strategic direction?
    2. How are success metrics aligned with the objectives of other functional groups?

    S pecific

    M easurable

    A chievable

    R ealistic

    T ime-bound

    		Embedding the BRM practice within your organization must be grounded in achievable outcomes.

    Ensure that the metrics your practice is measured against reflect realistic and tangible business expectations. Overpromising the impact the practice will have can lead to long-term implementation challenges.

    Determine whether your business is satisfied with IT

    Measuring tape.

    1

    		Survey your stakeholders to measure improvements in customer satisfaction.

    Leverage the CIO Business Vision on a regular interval – most find that annual assessments drive success.

    Evaluate whether the addition or increased maturity of your BRM practice has improved satisfaction with IT.

    Business satisfaction survey

    • Audience: Business leaders
    • Frequency: Annual
    • Metrics:
      • Overall Satisfaction score
      • Overall Value score
      • Relationship Satisfaction:
        • Understand needs
        • Meet needs
        • Communication
    		Two small tables showing example 'Value' and 'Satisfaction' scores.
    Table with a breakdown of the example 'Satisfaction' score, with individual scores for 'Needs', 'Execution', and 'Communication'.

    Check if you’ve met the BRM goals you set out to achieve

    Measuring tape.

    2

    		 Measure BRM success against the goals for the practice.

    Evaluate whether the BRM practice has helped IT to meet the goals that you’ve established.

    For each of your goals, create metrics to establish how you will know if you’ve been successful. This might be how many or what type of interactions you have with your stakeholders, and/or it could be new connections with internal or external partners.

    Ensure you have established metrics to measure success at your goals.

    Dart board with five darts, each representing a goal, 'Demand Shaping', 'Value Realization', 'Servicing', 'Exploring', and 'Other Goal(s)'.

    5.1 Create metrics

    Input: Goals, The attributes which can align to goal success

    Output: Measurements of success

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Start with a consideration of your goals and objectives.
    2. Identify key aspects that can support confirming if the goal was successful.
    3. For each aspect, develop a method to measure success with a specific measurement.
    4. When creating the KPI consider:
      • How you know if you are achieving your objective (performance)?
      • How frequently will you be measuring this?
      • Are you looking for an increase, decrease, or maintenance of the metric?
    Table with columns 'BRM Goals', 'Measurement', 'KPI', and 'Frequency'.

    Use the BRM Workbook

    Don’t wait all year to find out if you’re on track

    Leverage the below questions to quickly poll your business partners on a more frequent basis.

    Partner instructions:

    Please indicate how much you agree with each of the following statements. Use a scale of 1-5, where 1 is low agreement and 5 indicates strong agreement:

    Demand Shaping: My BRM is at the table and seeks to understand my business. They help me understand IT and helps IT prioritize my needs.

    Exploring: My BRM surfaces new opportunities based on their understanding of my pain points and growth needs. They engage resources with a focus on the value to be delivered.

    Servicing: The BRM obtains an understanding of the services and service levels that are required, clarifies them, and communicates costs and risks.

    Value Harvesting: Focus on value is evident in discussions – the BRM supports IT in ensuring value realization is achieved and tracks value during and beyond deployment.

    Embedding the BRM practice also includes acknowledging the BRM’s part in balancing the IT portfolio

    IT needs to juggle “keeping the lights on” initiatives with those required to add value to the organization.

    Partner with the appropriate resources (Project Management Office, Product Owners, System Owners, and/or others as appropriate within your organization) to ensure that all initiatives focus on value.

    Info-Tech Insight

    Not every organization will balance their portfolio in the same way. Some organizations have higher risk tolerance and so their higher priority goals may require that they accept more risk to potentially reap more returns.

    		Stock image of a man juggling business symbols.

    80% of organizations feel their portfolios are dominated by low-value initiatives that do not deliver value to the business. (Source: Stage-Gate International and Product Development Institute, March/April 2009)

    All new requests are not the same; establish a process for intake and manage expectations and IT’s capacity to deliver value.

    Ensure you communicate your process to support new ideas with your stakeholders. They’ll be clear on the steps to bring new initiatives into IT and will understand and be engaged in the process to demonstrate value.

    Flowchart for an example intake process.

    For support creating your intake process, go to Optimize Project Intake, Approval and Prioritization Sample of Info-Tech's Optimize Project Intake, Approval and Prioritization.

    Use value as your criteria to evaluate initiatives

    Work with project managers to ensure that all projects are executed in a way that meets business expectations.

    Sample of Info-Tech’s Project Value Scorecard Development Tool.

    Download Info-Tech’s Project Value Scorecard Development Tool.

    Enter risk/compliance criteria under operational alignment: projects must be aligned with the operational goals of the business and IT.

    Business value matrix.

    		Enter these criteria under strategic alignment: projects must be aligned with the strategic goals of the business, customer, and IT.
    Enter financial criteria under financial: projects must realize monetary benefits, in increased revenue or decreased costs, while posing as little risk of cost overrun as possible.
    And don’t forget about feasibility: practical considerations for projects must be taken into account in selecting projects.

    5.2 Prioritize your investments/ projects (optional activity)

    Input: Value criteria

    Output: Prioritized project listing

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review and edit (if necessary) the criteria on tab 2 the Project Value Scorecard Development Tool.
      Screenshot from tab 2 of Info-Tech’s Project Value Scorecard Development Tool.
    2. Score initiatives and investments on tab 3 using your criteria.
      Screenshot from tab 3 of Info-Tech’s Project Value Scorecard Development Tool.
    Download Info-Tech’s Project Value Scorecard Development Tool.

    Visualize where investments add value through an initiative portfolio map

    An initiative portfolio map is a graphic visualization of strategic initiatives overlaid on a business capability map.

    Leverage the initiative portfolio map to communicate the value of what IT is working on to your stakeholders.

    Info-Tech Insight

    Projects will often impact one or more capabilities. As such, your portfolio map will help you identify cross-dependencies when scaling up or scaling down initiatives.

    		Example initiative portfolio map


    Example initiative portfolio map with initiatives in categories like 'Marketing Strategy' and 'Brand Mgmt.'. Certain groups of initiatives have labels detailing when they achieve collectively.

    5.3 Create a portfolio investment map (optional activity)

    Input: Business capability map

    Output: Portfolio investment map

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Build a capability map, outlining the value streams that support your organization’s goals and the high-level capabilities (level 1) that support the value stream (and goals).
      For more support in establishing the capability map, see Document Your Business Architecture.
      Example table for outlining 'Value Streams' and 'Level 1 Capabilities' through 'Goals'.
    2. Identify high-value capabilities for the organization.
    3. What are the projects and initiatives that will address the critical capabilities? Add these under the high-value capabilities.
    4. This process will help you demonstrate how projects align to business goals. Enter your capabilities and projects in Info-Tech’s Initiative Portfolio Map Template.
    Download Info-Tech’s Initiative Portfolio Map Template.

    Establish your annual BRM plan

    To support the BRM capability at your organization, you’ll want to communicate your plan. This will include:
    • Business Feedback and Engagement
      • Engaging with your partners includes meeting with them on a regular basis. Establish this frequency and capture it in your plan. This engagement must include an understanding of their goals and challenges.
      • As Bill Gates said, “We all need people who will give us feedback. That’s how we improve” (Inc.com, 2013). There are various points in the year which will provide you with the opportunity to understand your business partners’ views of IT or the BRM role. List the opportunities to reflect on this feedback in your plan.
    • Business-IT Alignment
      • Bring together the views and perspectives of IT and the business.
      • List the activities that will be required to reflect business goals in IT. These include IT goals, budget, and planning.
    • BRM Improvement
      • The practices put in place to support the BRM practice need to continuously evolve to support a maturing organization. The feedback from stakeholders throughout the organization will provide input into this. Ensure there are activities and time put aside to evaluate the improvements required.
    		 Stock image of someone discovering a calendar in a jungle with a magnifying glass.

    5.4 Establish your year-in-the-life plan

    Input: Engagement plan, BRM goals

    Output: Annual BRM plan

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Start with your business planning activities – what will you as a BRM be doing as your business establishes their plans and strategies? These could include:
      • Listening and feedback sessions
      • Third-party explorations
    2. Then look at your activities required to integrate within IT – what activities are required to align business directives within your IT groups? Examples can include:
      • Business strategy review
      • Capability map creation
      • Input into the Business-aligned IT strategy
      • IT budget input
    3. What activities are required to continuously improve the BRM role? This may consist of:
      • Feedback discussions with business partners
      • Roadshow with colleagues to communicate and refine the practice
    4. Map these on your annual calendar that can be shared with your colleagues.
    Capture in the BRM Workbook

    Communicate using the Executive Buy-In and Communication Template

    		Sample of a slide titled 'BRM Annual Cycle'.

    Sample BRM annual cycle

    Sample BRM annual cycle with row headers 'Business Feedback and Engagement', 'Business-IT Alignment', and 'BRM Improvement' mapped across a Q1 to Q4 timeline with individual tasks in each category.

    5.5 Build your transformation roadmap

    Input: SWOT analysis

    Output: Transformation roadmap

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Brainstorm and discuss the key enablers that are needed to help promote and ease your BRM program.
    2. Brainstorm and discuss the key blockers (or risks) that may interrupt or derail your BRM program.
    3. Brainstorm mitigation activities for each blocker.
    4. Enablers and mitigation activities can be listed on your transformation roadmap.

    Example:

    Enablers

    • High business engagement and buy-in
    • Supportive BRM leadership
    • Organizational acceptance for change
    • Development process awareness by development teams
    • Collaborative culture
    • Existing tools can be customized for BRM

    Blockers

    • Pockets of management resistance
    • Significant time is required to implement BRM and train resources
    • Geographically distributed resources
    • Difficulty injecting customers in demos

    Mitigation

    • BRM workshop training with all teams and stakeholders to level set expectations
    • Limit the scope for pilot project to allow time to learn
    • Temporarily collocate all resources and acquire virtual communication technology

    Capture in the BRM Workbook

    5.5 Build your transformation roadmap (cont’d)

    1. Roadmap Elements:
      • List the artifacts, changes, or actions needed to implement the new BRM program.
      • For each item, identify how long it will take to implement or change by moving it into the appropriate swim lane. Use timing that makes sense for your organization: Quick Wins, Short Term, and Long Term; Now, Next, and Later; or Q1, Q2, Q3, and Q4.

    Example transformation roadmap with BRM programs arranged in columns 'Now', 'Next (3-6 months)', 'Later (6+ months)', and 'Deferred'.

    Communicate the BRM changes to set your practice up for success

    Leaders of successful change spend considerable time developing a powerful change message, i.e. a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

    The change message should:

    • Explain why the change is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed.
    • Explain how change will be implemented.
    • Address how change will affect various roles in the organization.
    • Discuss the staff’s role in making the change successful.
    		 Five elements of communicating change
    Diagram titled 'COMMUNICATING THE CHANGE' surrounded by useful questions: 'What is the change?', 'What will the role be for each department and individual?', 'Why are we doing it?', 'How long will it take us to do it?', and 'How are we going to go about it?'.
    (Source: The Qualities of Leadership: Leading Change)

    Apply the following communication principles to make your BRM changes relevant to stakeholders

    “We tend to use a lot of jargon in our discussions, and that is a sure fire way to turn people away. We realized the message wasn’t getting out because the audience wasn’t speaking the same language. You have to take it down to the next level and help them understand where the needs are.” (Jeremy Clement, Director of Finance, College of Charleston, Info-Tech Interview, 2018)

    Be Relevant

    • Talk about what matters to the stakeholder. Think: “what’s in it for them?
    • Tailor the details of the message to each stakeholder’s specific concerns.
    • Often we think in processes but stakeholders only care about results: talk in terms of results.

    Be Clear

    • Don’t use jargon.
    • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”

    Be Concise

    • Keep communication short and to the point so key messages are not lost in the noise.
    • There is a risk of diluting your key message if you include too many other details.

    Be Consistent

    • The core message must be consistent regardless of audience, channel, or medium. A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.
    • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.

    5.6 Create a communications plan tailored to each of your stakeholders

    Input: Prioritized list of stakeholders

    Output: Communication Plan

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. List stakeholders in order of importance in the first column.
    2. Identify the frequency with which you will communicate to each group.
    3. Determine the scope of the communication:
      • What key information needs to be included in the message to ensure they are informed and on board?
      • Which medium(s) will you use to communicate to that specific group?
    4. Develop a concrete timeline that will be followed to ensure that support is maintained from the key stakeholders.

    Audience

    All BRM Staff

    Purpose

    • Introduce and explain operating model
    • Communicate structural changes

    Communication Type

    • Team Meeting

    Communicator

    CIO

    Timing

    • Sept 1 – Introduce new structure
    • Sept 15 – TBD
    • Sept 29 – TBD

    Related Blueprints

    Business Value
    Service Catalog
    Intake Management
    		 Sample of Info-Tech's 'Document Your Business Architecture' blueprint.
    Sample of Info-Tech's 'Design and Build a User-Facing Service Catalog' blueprint.     		Sample of Info-Tech's 'Manage Stakeholder Relations' blueprint.
    Sample of Info-Tech's 'Document Business Goals and Capabilities for Your IT Strategy' blueprint.
    Sample of Info-Tech's 'Fix Your IT Culture' blueprint.

    Selected Bibliography

    “Apple Mission and Vision Analysis.” Mission Statement Academy, 23 May 2019. Accessed 5 November 2020.

    Barnes, Aaron. “Business Relationship Manager and Plan Build Run.” BRM Institute, 8 April 2014.

    Barnes, Aaron. “Starting a BRM Team - Business Relationship Management Institute.” BRM Institute, 5 June 2013. Web.

    BRM Institute. “Business Partner Maturity Model.” Member Templates and Examples, Online Campus, n.d. Accessed 3 December 2021.

    BRM Institute. “BRM Assessment Templates and Examples.” Member Templates and Examples, Online Campus, n.d. Accessed 24 November 2021.

    Brusnahan, Jim, et al. “A Perfect Union: BRM and Agile Development and Delivery.” BRM Institute, 8 December 2020. Web.

    Business Relationship Management: The BRMP Guide to the BRM Body of Knowledge. Second printing ed., BRM Institute, 2014.

    Chapman, Chuck. “Building a Culture of Trust - Remote Leadership Institute.” Remote Leadership Institute, 10 August 2021. Accessed 27 January 2022.

    “Coca Cola Mission and Vision Analysis.” Mission Statement Academy, 4 August 2019. Accessed 5 November 2020.

    Colville, Alan. “Shared Vision.” UX Magazine, 31 October 2011. Web.

    Cooper, Robert, G. “Effective Gating: Make product innovation more productive by using gates with teeth.” Stage-Gate International and Product Development Institute, March/April 2009. Web.

    Heller, Martha. “How CIOs Can Make Business Relationship Management (BRM) Work.” CIO, 1 November 2016. Accessed 27 January 2022.

    “How Many Business Relationship Managers Should You Have.” BRM Institute, 20 March 2013. Web.

    Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 January 2013. Web.

    Kasperkevic, Jana. “Bill Gates: Good Feedback Is the Key to Improvement.” Inc.com, 17 May 2013. Web.

    Merlyn, Vaughan. “Relationships That Matter to the BRM.” BRM Institute, 19 October 2016. Web.

    “Modernizing IT’s Business Relationship Manager Role.” The Hackett Group, 22 November 2019. Web.

    Monroe, Aaron. “BRMs in a SAFe World...That Is, a Scaled Agile Framework Model.” BRM Institute, 5 January 2021. Web.

    Selected Bibliography

    “Operational, adj." OED Online, Oxford University Press, December 2021. Accessed 29 January 2022.

    Sinek, Simon. “Transcript of ‘How Great Leaders Inspire Action.’” TEDxPuget Sound, September 2009. Accessed 7 November 2020.

    “Strategic, Adj. and n.” OED Online, Oxford University Press, December 2016. Accessed 27 January 2022.

    “Tactical, Adj.” OED Online, Oxford University Press, September 2018. Accessed 27 January 2022.

    “The Qualities of Leadership: Leading Change.” Cornelius & Associates, 23 September 2013. Web.

    “Twice the Business Value in Half the Time: When Agile Methods Meet the Business Relationship Management Role.” BRM Institute, 10 April 2015. Web.

    “Value Streams.” Scaled Agile Framework, 30 June 2020. Web.

    Ward, John. “Delivering Value from Information Systems and Technology Investments: Learning from Success.” Information Systems Research Centre, August 2006. Web.

    Appendix

    • Business Value Drivers
    • Service Blueprint
    • Stakeholder Communications
    • Job Descriptions

    Understand business value drivers for ROI and cost

    Make Money

    This value driver is specifically related to the impact a product or service has on your organization’s ability to show value for the investments. This is usually linked to the value for money for an organization.

    Return on Investment can be derived from:

    • Sustaining or increasing funding.
    • Enabling data monetization.
    • Improving the revenue generation of an existing service.
    • Preventing the loss of a funding stream.

    Be aware of the difference among your products and services that enable a revenue source and those which facilitate the flow of funding.

    Save Money

    This value driver relates to the impact of a product or service on cost and budgetary constraints.

    Reduce costs value can be derived from:

    • Reducing the cost to provide an existing product or service.
    • Replacing a costly product or service with a less costly alternative.
    • Bundling and reusing products or services to reduce overhead.
    • Expanding the use of shared services to generate more value for the cost of existing investment.
    • Reducing costs through improved effectiveness and reduction of waste.

    Budgetary pressures tied to critical strategic priorities may defer or delay implementation of initiatives and revision of existing products and services.

    Understand Business Value Drivers that Enhance Your Services

    Operations

    Some products and services are in place to facilitate and support the structure of the organization. These vary depending on what is important to your organization, but should be assessed in relation to the organizational culture and structure you have identified.

    • Adds or improves effectiveness for a particular service or the process and technology enabling its success.

    Risk and Compliance

    A product or service may be required in order to meet a regulatory requirement. In these cases, you need to be aware of the organizational risk of NOT implementing or maintaining a service in relation to those risks.

    In this case, the product or service is required in order to:

    • Prevent fines.
    • Allow the organization to operate within a specific jurisdiction.
    • Remediate audit gaps.
    • Provide information required to validate compliance.

    Internal Information

    Understanding internal operations is also critical for many organizations. Data captured through your operations provides critical insights that support efficiency, productivity, and many other strategic goals.

    Internal information value can be derived by:

    • Identifying areas of improvement in the development of core offerings.
    • Monitoring and tracking employee behavior and productivity.
    • Monitoring resource levels.
    • Monitoring inventory levels.

    Collaboration and Knowledge Transfer

    Communication is integral and products and services can be the link that ties your organization together.

    In this case, the value generated from products and services can be to:

    • Align different departments and multiple locations.
    • Enable collaboration.
    • Capture trade secrets and facilitate organizational learning.

    Understand Business Value Drivers that Connect the Business to Your Customers

    Policy

    Products and services can also be assessed in relation to whether they enable and support the required policies of the organization. Policies identify and reinforce required processes, organizational culture, and core values.

    Policy value can be derived from:

    • The service or initiative will produce outcomes in line with our core organizational values.
    • It will enable or improve adherence and/or compliance to policies within the organization.

    Customer Relations

    Products and services are often designed to facilitate goals of customer relations; specifically, improve satisfaction, retention, loyalty, etc. This value type is most closely linked to brand management and how a product or service can help execute brand strategy. Customers, in this sense, can also include any stakeholders who consume core offerings.

    Customer satisfaction value can be derived from:

    • Improving the customer experience.
    • Resolving a customer issue or identified pain point.
    • Providing a competitive advantage for your customers.
    • Helping to retain customers or prevent them from leaving.

    Market Information

    Understanding demand and market trends is a core driver for all organizations. Data provided through understanding the ways, times, and reasons that consumers use your services is a key driver for growth and stability.

    Market information value can be achieved when an app:

    • Addresses strategic opportunities or threats identified through analyzing trends.
    • Prevents failures due to lack of capacity to meet demand.
    • Connects resources to external sources to enable learning and growth within the organization.

    Market Share

    Market share represents the percentage of a market or market segment that your business controls. In essence, market share can be viewed as the potential for more or new revenue sources.

    Assess the impact on market share. Does the product or service:

    • Increase your market share?
    • Open access to a new market?
    • Help you maintain your market share?

    Service Blueprint

    Service design involves an examination of the people, process and technology involved in delivering a service to your customers.

    Service blueprinting provides a visual of how these are connected together. It enables you to identify and collaborate on improvements to an existing service.

    The main components of a service blueprint are:

    Customer actions – this anchors the service in the experiences of the customer

    Front-stage – this shows the parts of the service that are visible to the customer

    Back-stage – this is the behind-the-scenes actions necessary to deliver the experience to the customer

    Support processes – this is what’s necessary to deliver the back-stage (and front-stage/customer experience), but is not aligned from a timing perspective (e.g. it doesn’t matter if the fridge is stocked when the order is put in, as long as the supplies are available for the chef to use)

    Example service blueprint with the main components listed above as row headers.

    Physical Evidence and Time are blueprint components can be added in to provide additional context & support

    Example service blueprint with the main components plus added components 'Physical Evidence' and 'Time'.

    Stakeholder Communications

    Personalize
    • “What’s in it for me” & Persona development – understanding what the concerns are from the community that you will want to communicate about
    • Get to know the cultures of each persona to identify how they communicate. For the faculty, Teams might not be the answer, but faculty meetings might be, or sending messages via email. Each persona group may have unique/different needs
    • Meet them “where they are”: Be prepared to provide 5-minute updates (with “what’s in it for me” and personas in mind) at department meetings in cases where other communications (Teams etc.) aren’t reaching the community
    • Review the business vision diagnostic report to understand what’s important to each community group and what their concerns are with IT. Definitely review the comments that users have written.
    		 Show Proof
    • Share success stories tailored to users needs – e.g. if they have a concern with security, and IT implemented a new secure system to better meet their needs, then telling them about the success is helpful – shows that you’re listening and have responded to meet their concerns. Demonstrates how interacting with IT has led to positive results. People can more easily relate to stories

    Reference
    • Consider establishing a repository (private/unlisted YouTube channel, Teams, etc.) so that the community can search to view the tip/trick they need
    • Short videos are great to provide a snippet of the information you want to share
    Responses
    • Engage in 2-way communications – it’s about the messages IT wants to convey AND the messages you want them to convey to you. This helps to ensure that your messages aren’t just heard but are understood/resonate.
    • Let people know how they should communicate with IT – whether it’s engaging through Teams, via email to a particular address, or through in person sessions
    		 Test & Learn
    • Be prepared to experiment with the content and mediums, and use analytics to assess the results. For example if videos are posted on a site like SharePoint that already has analytics functionality, you can capture the number of views to determine how much they are viewed
    Multiple Mediums
    • Use a combination of one-on-one interviews/meetings and focus groups to obtain feedback. You may want to start with some of the respondents who provided comments on surveys/diagnostics

    BRM Job Descriptions

    Download the Job Descriptions:

    Create a Buyer Persona and Journey

    • Buy Link or Shortcode: {j2store}558|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Contacts fail to convert to leads because messaging fails to resonate with buyers.
    • Products fail to reach targets given shallow understanding of buyer needs.
    • Sellers' emails go unopened and attempts at discovery fail due to no understanding of buyer challenges, pain points, and needs.

    Our Advice

    Critical Insight

    • Marketing leaders in possession of well-researched and up-to-date buyer personas and journeys dramatically improve product market fit, lead gen, and sales results.
    • Success starts with product, marketing, and sales alignment on targeted personas.
    • Speed to deploy is enabled via initial buyer persona attribute discovery internally.
    • However, ultimate success requires buyer interviews, especially for the buyer journey.
    • Leading marketers update journey maps every six months as disruptive events such as COVID-19 and new media and tech platform advancements require continual innovation.

    Impact and Result

    • Reduce time and treasure wasted chasing the wrong prospects.
    • Improve product-market fit.
    • Increase open and click-through rates in your lead gen engine.
    • Perform more effective sales discovery and increase eventual win rates.

    Create a Buyer Persona and Journey Research & Tools

    Start here – read the Executive Brief

    Our Executive Brief summarizes the challenges faced when buyer persona and journeys are ill-defined. It describes the attributes of, and the benefits that accrue from, a well-defined persona and journey and the key steps to take to achieve success.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive an aligned initial draft of buyer persona

    Define and align your team on target persona, outline steps to capture and document a robust buyer persona and journey, and capture current team buyer knowledge.

    • Buyer Persona Creation Template
    • Buyer Persona and Journey Interview Guide and Data Capture Tool

    2. Interview buyers and validate persona and journey

    Hold initial buyer interviews, test initial results, and continue with interviews.

    3. Prepare communications and educate stakeholders

    Consolidate interview findings, present to product, marketing, and sales teams. Work with them to apply to product design, marketing launch/campaigning, and sales and customer success enablement.

    • Buyer Persona and Journey Summary Template
    [infographic]

    Workshop: Create a Buyer Persona and Journey

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Align Team, Identify Persona, and Document Current Knowledge

    The Purpose

    Organize, drive alignment on target persona, and capture initial views.

    Key Benefits Achieved

    Steering committee and project team roles and responsibilities clarified.

    Product, marketing, and sales aligned on target persona.

    Build initial team understanding of persona.

    Activities

    1.1 Outline a vision for buyer persona and journey creation and identify stakeholders.

    1.2 Identify buyer persona choices and settle on an initial target.

    1.3 Document team knowledge about buyer persona (and journey where possible).

    Outputs

    Documented steering committee and working team

    Executive Brief on personas and journey

    Personas and initial targets

    Documented team knowledge

    2 Validate Initial Work and Identify Buyer Interviewees

    The Purpose

    Build list of buyer interviewees, finalize interview guide, and validate current findings with analyst input.

    Key Benefits Achieved

    Interview efficiently using 75-question interview guide.

    Gain analyst help in persona validation, reducing workload.

    Activities

    2.1 Share initial insights with covering industry analyst.

    2.2 Hear from industry analyst their perspectives on the buyer persona attributes.

    2.3 Reconcile differences; update “current understanding.”

    2.4 Identify interviewee types by segment, region, etc.

    Outputs

    Analyst-validated initial findings

    Target interviewee types

    3 Schedule and Hold Buyer Interviews

    The Purpose

    Validate current persona hypothesis and flush out those attributes only derived from interviews.

    Key Benefits Achieved

    Get to a critical mass of persona and journey understanding quickly.

    Activities

    3.1 Identify actual list of 15-20 interviewees.

    3.2 Hold interviews and use interview guides over the course of weeks.

    3.3 Hold review session after initial 3-4 interviews to make adjustments.

    3.4 Complete interviews.

    Outputs

    List of interviewees; calls scheduled

    Initial review – “are you going in the right direction?”

    Completed interviews

    4 Summarize Findings and Provide Actionable Guidance to Colleagues

    The Purpose

    Summarize persona and journey attributes and provide activation guidance to team.

    Key Benefits Achieved

    Understanding of product market fit requirements, messaging, and marketing, and sales asset content.

    Activities

    4.1 Summarize findings.

    4.2 Create action items for supporting team, e.g. messaging, touch points, media spend, assets.

    4.3 Convene steering committee/executives and working team for final review.

    4.4 Schedule meetings with colleagues to action results.

    Outputs

    Complete findings

    Action items for team members

    Plan for activation

    5 Measure Impact and Results

    The Purpose

    Measure results, adjust, and improve.

    Key Benefits Achieved

    Activation of outcomes; measured results.

    Activities

    5.1 Review final copy, assets, launch/campaign plans, etc.

    5.2 Develop/review implementation plan.

    5.3 Reconvene team to review results.

    Outputs

    Activation review

    List of suggested next steps

    Further reading

    Create a Buyer Persona and Journey

    Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    B2B marketers without documented personas and journeys often experience the following:

    • Contacts fail to convert to leads because messaging fails to resonate with buyers.
    • Products fail to reach targets given shallow understanding of buyer needs.
    • Sellers’ emails go unopened, and attempts at discovery fail due to no understanding of buyer challenges, pain points, and needs.

    Without a deeper understanding of buyer needs and how they buy, B2B marketers will waste time and precious resources targeting the incorrect personas.

    Common Obstacles

    Despite being critical elements, organizations struggle to build personas due to:

    • A lack of alignment and collaboration among marketing, product, and sales.
    • An internal focus; or a lack of true customer centricity.
    • A lack of tools and techniques for building personas and buyer journeys.

    In today’s Agile development environment, combined with the pressure to generate revenues quickly, high tech marketers often skip the steps necessary to go deeper to build buyer understanding.

    SoftwareReviews’ Approach

    With a common framework and target output, clients will:

    • Align marketing, sales, and product, and collaborate together to share current knowledge on buyer personas and journeys.
    • Target 12-15 customers and prospects to interview and validate insights. Share that with customer-facing staff.
    • Activate the insights for more customer-centric lead generation, product development, and selling.

    Clients who activate findings from buyer personas and journeys will see a 50% results improvement.

    SoftwareReviews Insight:
    Buyer personas and buyer journeys are essential ingredients in go-to-market success, as they inform for product, marketing, sales, and customer success who we are targeting and how to engage with them successfully.

    Buyer personas and journeys: A go-to-market critical success factor

    Marketers – large and small – will fail to optimize product-market fit, lead generation, and sales effectiveness without well-defined buyer personas and a buyer journey.

    Critical Success Factors of a Successful G2M Strategy:

    • Opportunity size and business case
    • Buyer personas and journey
    • Competitively differentiated product hypothesis
    • Buyer-validated commercial concept
    • Sales revenue plan and program cost budget
    • Consolidated communications to steering committee

    Jeff Golterman, Managing Director, SoftwareReviews Advisory

    “44% of B2B marketers have already discovered the power of Personas.”
    – Hasse Jansen, Boardview.io!, 2016

    Documenting buyer personas enables success beyond marketing

    Documenting buyer personas has several essential benefits to marketing, sales, and product teams:

    • Achieve a better understanding of your target buyer – by building a detailed buyer persona for each type of buyer and keeping it fresh, you take a giant step toward becoming a customer-centric organization.
    • Team alignment on a common definition – will happen when you build buyer personas collaboratively and among those teams that touch the customer.
    • Improved lead generation – increases dramatically when messaging and marketing assets across your lead generation engine better resonate with buyers because you have taken the time to understand them deeply.
    • More effective selling – is possible when sellers apply persona development output to their interactions with prospects and customers.
    • Better product-market fit – increases when product teams more deeply understand for whom they are designing products. Documenting buyer challenges, pain points, and unmet needs gives product teams what they need to optimize product adoption.

    “It’s easier buying gifts for your best friend or partner than it is for a stranger, right? You know their likes and dislikes, you know the kind of gifts they’ll have use for, or the kinds of gifts they’ll get a kick out of. Customer personas work the same way, by knowing what your customer wants and needs, you can present them with content targeted specifically to their wants and needs.”
    – Emma Bilardi, Product Marketing Alliance, 2020

    Buyer understanding activates just about everything

    Without the deep buyer insights that persona and journey capture enables, marketers are suboptimized.

    Buyer Persona and Journey

    • Product design
    • Customer targeting
    • Personalization
    • Messaging
    • Content marketing
    • Lead gen & scoring
    • Sales Effectiveness
    • Customer retention

    “Marketing eutopia is striking the all-critical sweet spot that adds real value and makes customers feel recognized and appreciated, while not going so far as to appear ‘big brother’. To do this, you need a deep understanding of your audience coming from a range of different data sets and the capability to extract meaning.”
    – Plexure, 2020

    Does your organization need buyer persona and journey updating?

    “Yes,” if experiencing one or more key challenges:

    • Sales time is wasted on unqualified leads
    • Website abandon rates are high
    • Lead gen engine click-through rates are low
    • Ideal customer profile is ill defined
    • Marketing asset downloads are low
    • Seller discovery with prospects is ineffective
    • Sales win/loss rates drop due to poor product-market fit
    • Higher than desired customer churn

    SoftwareReviews Advisory Insight:
    Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.

    Outcomes and benefits

    Building your buyer persona and journey using our methodology will enable:

    • Greater stakeholder alignment – when marketing, product, and sales agree on personas, less time is wasted on targeting alternate personas.
    • Improved product-market fit – when buyers see both pain-relieving features and value-based pricing, “because you asked vs. guessed,” win rates increase.
    • Greater open and click-through rates – because you understood buyer pain points and motivations for solution seeking, you’ll see higher visits and engagement with your lead gen engine, and because you asked “what asset types do you find most helpful” your CTAs become ”lead-gen magnets” because you’ve offered the right asset types in your content marketing strategy.
    • More qualified leads – because you defined a more accurate ideal customer profile (ICP) and your lead scoring algorithm has improved, sellers see more qualified leads.
    • Increased sales cycle velocity – since you learned from personas their content and engagement preferences and what collateral types they need during the down-funnel sales discussions, sales calls are more productive and sales cycles shrink.

    Our methodology for buyer persona and journey creation

    1. Document Team Knowledge of Buyer Persona and Drive Alignment 2. Interview Target Buyer Prospects and Customers 3. Create Outputs and Apply to Marketing, Sales, and Product
    Phase Steps
    1. Outline a vision for buyer persona and journey creation and identify stakeholders.
    2. Pull stakeholders together, identify initial buyer persona, and begin to document team knowledge about buyer persona (and journey where possible).
    3. Validate with industry and marketing analyst’s initial buyer persona, and identify list of buyer interviewees.
    1. Hold interviews and document and share findings.
    2. Validate initial drafts of buyer persona and create initial documented buyer journey. Review findings among key stakeholders, steering committee, and supporting analysts.
    3. Complete remaining interviews.
    1. Summarize findings.
    2. Convene steering committee/exec. and working team for final review.
    3. Communicate to key stakeholders in product, marketing, sales, and customer success for activation.
    Phase Outcomes
    1. Steering committee and team selection
    2. Team insights about buyer persona documented
    3. Buyer persona validation with industry and marketing analysts
    4. Sales, marketing, and product alignment
    1. Interview guide
    2. Target interviewee list
    3. Buyer-validated buyer persona
    4. Buyer journey documented with asset types, channels, and “how buyers buy” fully documented
    1. Education deck on buyer persona and journey ready for use with all stakeholders: product, field marketing, sales, executives, customer success, partners
    2. Activation will update product-market fit, optimize lead gen, and improve sales effectiveness

    Our approach provides interview guides and templates to help rebuild buyer persona

    Our methodology will enable you to align your team on why it’s important to capture the most important attributes of buyer persona including:

    • Functional – helps you find and locate your target personas
    • Emotive – deepens team understanding of buyer initiatives, motivations for seeking alternatives, challenges they face, pain points for your offerings to address, and terminology that describes the “space”
    • Solution – enables greater product market fit
    • Behavioral – clarifies how to communicate with personas and understand their content preferences
    Functional – “to find them”
    Job Role Title Org. Chart Dynamics Buying Center Firmographics
    Emotive – “what they do and jobs to be done”
    Initiatives: What programs/projects the persona is tasked with and their feelings and aspirations about these initiatives. Motivations? Build credibility? Get promoted? Challenges: Identify the business issues, problems, and pain points that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? Buyer Need: They may have multiple needs; which need is most likely met with the offering? Terminology: What are the keywords/phrases they organically use to discuss the buyer need or business issue?
    Decision Criteria – “how they decide”
    Buyer Role: List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). Evaluation and Decision Criteria: Which lens – strategic, financial, or operational – does the persona evaluate the impact of purchase through?
    Solution Attributes – “what does the ideal solution look like”
    Steps in “Jobs to Be Done” Elements of the “Ideal Solution” Business outcomes from ideal solution Opportunity scope; other potential users Acceptable price for value delivered Alternatives that see consideration Solution sourcing: channel, where to buy
    Behavioral Attributes – “how to approach them successfully”
    Content Preferences: List the persona’s content preferences – blog, infographic, demo, video – vs. long-form assets (e.g. white paper, presentation, analyst report). Interaction Preferences: Which are preferred among in-person meetings, phone calls, emails, videoconferencing, conducting research via Web, mobile, and social? Watering Holes: Which physical or virtual places do they go to network or exchange info with peers (e.g. LinkedIn)?

    Buyer journeys are constantly shifting

    If you didn’t remap buyer journeys in 2021, you may be losing to competitors that did. Leaders remap buyer journey frequently.

    • The multi-channel buyer journey is constantly changing. Today’s B2B buyer uses industry research sites, vendor content marketing assets, software reviews sites, contacts with vendor salespeople, events participation, peer networking, consultants, emails, social media sites, and electronic media to research purchasing decisions.
    • COVID-19 has dramatically decreased face-to-face interaction. We estimate a B2B buyer spent 20-25% more time online in 2021 than pre-COVID-19 researching software buying decisions. This has diminished the importance of face-to-face selling and given dramatic rise to digital selling and outbound marketing.
    • Content marketing has exploded, but without mapping the buyer journey and knowing where – by channel –and when – by buyer journey step – to offer content marketing assets, we will fail to convert prospects into buyers.

    “~2/3 of [B2B] buyers prefer remote human interactions or digital self-service.” And during Aug. ‘20 to Feb. ‘21, use of digital self-service to interact with sales reps leapt by more than 10% for both researching and evaluating new suppliers.”
    – Liz Harrison, Dennis Spillecke, Jennifer Stanley, and Jenny Tsai McKinsey & Company, 2021

    SoftwareReviews Advisory Insight:
    Marketers are advised to update their buyer journey annually and with greater frequency when the human vs. digital mix is affected due to events such as COVID-19 and as emerging media such as AR shifts asset-type usage and engagement options.

    Our approach helps you define the buyer journey

    Because marketing leaders need to reach buyers through the right channel with the right message at the right time during their decision cycle, you’ll benefit by using questionnaires that enable you to build the below easily and quickly.

    You’ll be more successful by following our overall guidance

    Overarching insight

    Buyer personas and buyer journeys are essential ingredients in go-to-market success, as they inform for product, marketing, sales, and customer success who we are targeting and how to engage with them successfully.

    Align Your Team

    Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.

    Jump-Start Persona Development

    Marketing leaders leverage the buyer persona knowledge not only from in-house experts in areas such as sales and executives but from analysts that speak with their buyers each and every day.

    Buyer Interviews Are a Must

    While leaders will get a fast start by interviewing sellers, executives, and analysts, you will fail to craft the right messages, build the right marketing assets, and design the best buyer journey if you skip buyer interviews.

    Watch for Disruption

    Leaders will update their buyer journey annually and with greater frequency when the human vs. digital mix is effected due to events such as COVID-19 and as emerging media such as AR and VR shifts the way buyers engage.

    Advanced Buyer Journey Discovery

    Digital marketers that ramp up lead gen engine capabilities to capture “wins” and measure engagement back through the lead gen and nurturing engines will build a more data-driven view of the buyer journey. Target to build this advanced capability in your initial design.

    Tools and templates to speed your success

    This blueprint is accompanied by supporting deliverables to help you gather team insights, interview customers and prospects, and summarize results for ease in communications.

    To support your buyer persona and journey creation, we’ve created the enclosed tools

    Buyer Persona Creation Template

    A PowerPoint template to aid the capture and summarizing of your team’s insights on the buyer persona.

    Buyer Persona and Journey Interview Guide and Data Capture Tool

    For interviewing customers and prospects, this tool is designed to help you interview personas and summarize results for up to 15 interviewees.

    Buyer Persona and Journey Summary Template

    A PowerPoint template into which you can drop your buyer persona and journey interviewees list and summary findings.

    SoftwareReviews offers two levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    The "do-it-yourself" step-by-step instructions begin with Phase 1.

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    A Guided Implementation is a series of analysts inquiries with you and your team.

    Diagnostics and consistent frameworks are used throughout each option.

    Guided Implementation

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.

    For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.

    Your engagement managers will work with you to schedule analyst calls.

    What does our GI on buyer persona and journey mapping look like?

    Drive an Aligned Initial Draft of Buyer Persona

    • Call #1: Collaborate on vision for buyer persona and the buyer journey. Review templates and sample outputs. Identify your team.
    • Call #2: Review work in progress on capturing working team knowledge of buyer persona elements.
    • Call #3: (Optional) Review Info-Tech’s research-sourced persona insights.
    • Call #4: Validate the persona WIP with Info-Tech analysts. Review buyer interview approach and target list.

    Interview Buyers and Validate Persona and Journey

    • Call #5: Revise/review interview guide and final interviewee list; schedule interviews.
    • Call #6: Review interim interview finds; adjust interview guide.
    • Call #7: Use interview findings to validate/update persona and build journey map.
    • Call #8: Add supporting analysts to final stakeholder review.

    Prepare Communications and Educate Stakeholders

    • Call #9: Review output templates completed with final persona and journey findings.
    • Call #10: Add supporting analysts to stakeholder education meetings for support and help with addressing questions/issues.

    Workshop overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day1 Day 2 Day 3 Day 4 Day 5
    Align Team, Identify Persona, and Document Current Knowledge Validate Initial Work and Identify Buyer Interviewees Schedule and Hold Buyer interviews Summarize Findings and Provide Actionable Guidance to Colleagues Measure Impact and Results
    Activities

    1.1 Outline a vision for buyer persona and journey creation and identify stakeholders.

    1.2 Identify buyer persona choices and settle on an initial target.

    1.3 Document team knowledge about buyer persona (and journey where possible).

    2.1 Share initial insights with covering industry analyst.

    2.2 Hear from industry analyst their perspectives on the buyer persona attributes.

    2.3 Reconcile differences; update “current understanding.”

    2.4 Identify interviewee types by segment, region, etc.

    3.1 Identify actual list of 15-20 interviewees.

    A gap of up to a week for scheduling of interviews.

    3.2 Hold interviews and use interview guides (over the course of weeks).

    3.3 Hold review session after initial 3-4 interviews to make adjustments.

    3.4 Complete interviews.

    4.1 Summarize findings.

    4.2 Create action items for supporting team, e.g. messaging, touch points, media spend, assets.

    4.3 Convene steering committee/exec. and working team for final review.

    4.4 Schedule meetings with colleagues to action results.

    5.1 Review final copy, assets, launch/campaign plans, etc.

    5.2 Develop/review implementation plan.

    A period of weeks will likely intervene to execute and gather results.

    5.3 Reconvene team to review results.

    Deliverables
    1. Documented steering committee and working team
    2. Executive Brief on personas and journey
    3. Personas and initial targets
    4. Documented team knowledge
    1. Analyst-validated initial findings
    2. Target interviewee types
    1. List of interviewees; calls scheduled
    2. Initial review – “are we going in the right direction?”
    3. Completed interviews
    1. Complete findings
    2. Action items for team members
    3. Plan for activation
    1. Activation review
    2. List of suggested next steps

    Phase 1
    Drive an Aligned Initial Draft of Buyer Persona

    This Phase walks you through the following activities:

    • Develop an understanding of what comprises a buyer persona and journey, including their importance to overall go-to-market strategy and execution.
    • Sample outputs.

    This Phase involves the following stakeholders:

    • Program leadership
    • Product Marketing
    • Product Management
    • Representative(s) from Sales
    • Executive Leadership

    1.1 Establish the team and align on shared vision

    Input

    • Typically a joint recognition that buyer personas have not been fully documented.
    • Identify working team members/participants (see below), and an executive sponsor.

    Output

    • Communication of team members involved and the make-up of steering committee and working team
    • Alignment of team members on a shared vision of “Why Build Buyer Personas and Journey” and what key attributes define both.

    Materials

    • N/A

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • SoftwareReviews marketing analyst

    60 minutes

    1. Schedule inquiry with working team members and walk the team through the Buyer Persona and Journey Executive Brief PowerPoint presentation.
    2. Optional: Have the (SoftwareReviews Advisory) SRA analyst walk the team through the Buyer Persona and Journey Executive Brief PowerPoint presentation as part of your session.

    Review the Create a Buyer Persona Executive Brief (Slides 3-14)

    1.2 Document team knowledge of buyer persona

    Input

    • Working team member knowledge

    Output

    • Initial draft of your buyer persona

    Materials

    • Buyer Persona Creation Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive (optional)
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    2-3 sessions of 60 minutes each

    1. Schedule meeting with working team members and, using the Buyer Persona Template, lead the team in a discussion that documents current team knowledge of the target buyer persona.
    2. Lead the team to prioritize an initial, single, most important persona and to collaborate to complete the template (and later, the buyer journey). Once the team learns the process for working on the initial persona, the development of additional personas will become more efficient.
    3. Place the PowerPoint template in a shared drive for team collaboration. Expect to schedule several 60-minute meets. Quicken collaboration by encouraging team to “do their homework” by sharing persona knowledge within the shared drive version of the template. Your goal is to get to an initial agreed upon version that can be shared for additional validation with industry analyst(s) in the next step.

    Download the Buyer Persona Creation Template

    1.3 Validate with industry analysts

    Input

    • Identify gaps in persona from previous steps

    Output

    • Further validated buyer persona

    Materials

    • Bring your Buyer Persona Creation Template to the meeting to share with analysts

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive (Optional)
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • Info-Tech analyst covering your product category and SoftwareReviews marketing analyst

    30 minutes

    1. Schedule meeting with working team members and discuss which persona areas require further validation from an Info-Tech analyst who has worked closely with those buyers within your persona.

    60 minutes

    1. Schedule an inquiry with the appropriate Info-Tech analyst and SoftwareReviews Advisory analyst to share current findings and see:
      1. Info-Tech analyst provide content feedback given what they know about your target persona and product category.
      2. SoftwareReviews Advisory analyst provide feedback on persona approach and to coach any gaps or important omissions.
    2. Tabulate results and update your persona summary. At this point you will likely require additional validation through interviews with customers and prospects.

    1.4 Identify interviewees and prepare for interviews

    Input

    • Identify segments within which you require persona knowledge
    • Understand your persona insight gaps

    Output

    • List of interviewees

    Materials

    • Interviewee recording template on following slide
    • Interview guide questions found within the Buyer Persona and Journey Interview Guide and data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 weeks

    1. Identify the types of customers and prospects that will best represent your target persona. Choose interviewees that when interviewed will inform key differences among key segments (geographies, company size, mix of customers and prospects, etc.).
    2. Recruit interviewees and schedule interviews for 45 minutes.
    3. Keep track of Interviewees using the slide following this one.
    4. In preparation for interviews, review the Buyer Persona and Journey Interview Guide and Data Capture Tool. Review the two sets of questions:
      1. Buyer Persona-Related – use to validate areas where you still have gaps in your persona, OR if you are starting with a blank persona and wish to build your personas entirely based on customer and prospect interviews.
      2. Buyer-Journey Related, which we will focus on in the next phase.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    The image shows a table titled ‘Interviewee List.’ A note next to the title indicates: Here you will document your interviewee list and outreach plan. A note in the Segment column indicates: Ensure you are interviewing personas across segments that will give you the insights you need, e.g. by size, by region, mix of customers and prospects. A note in the Title column reads: Vary your title types up or down in the “buying center” if you are seeking to strengthen buying center dynamics understanding. A note in the Roles column reads: Vary your role types according to decision-making roles (decision maker, influencer, ratifier, coach, user) if you are seeking to strengthen decision-making dynamics understanding.

    Phase 2
    Interview Buyers and Validate Persona and Journey

    This Phase walks you through the following activities:

    • Developing final interview guide.
    • Interviewing buyers and customers.
    • Adjusting approach.
    • Validating buyer persona.
    • Crafting buyer journey
    • Gaining analyst feedback.

    This Phase involves the following stakeholders:

    • Program leadership
    • Product Marketing
    • Representative(s) from Sales

    2.1 Hold interviews

    Input

    • List of interviewees
    • Final list of questions

    Output

    • Buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona and Journey Interview Guide and data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 weeks

    1. Hold interviews and adjust your interviewing approach as you go along. Uncover where you are not getting the right answers, check with working team and analysts, and adjust.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    2.2 Use interview findings to validate what’s needed for activation

    Input

    • List of interviewees
    • Final list of questions

    Output

    • Buyer perspectives on their personas and buyer journeys
    • Stakeholder feedback that actionable insights are resulting from interviews

    Materials

    • Buyer Persona Creation Template
    • Buyer Persona and Journey Interview Guide and Data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • SoftwareReviews marketing analyst

    2 hours

    1. Convene your team, with marketing analysts, and test early findings: It’s wise to test initial interview results to check that you are getting the right insights to understand and validate key challenges, pain points, needs, and other vital areas pertaining to the buyer persona. Are the answers you are getting enabling you to complete the Summary slides for later communications and training for Sales?
    2. Check when doing buyer journey interviews that you are getting actionable answers that drive messaging, what asset types are needed, what the marketing channel mix is, and other vital insights to activate the results. Are the answers you are getting adequate to give guidance to campaigners, content marketers, and sales enablement?
    3. See the following slides for detailed questions that need to be answered satisfactorily by your team members that need to “activate” the results.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    2.2.1 Are you getting what you need from interviews to inform the buyer persona?

    Test that you are on the right track:

    1. Are you getting the functional answers so you can guide sellers to the right roles? Can you guide marketers/campaigners to the right “Ideal Customer Profile” for lead scoring?
    2. Are you capturing the right emotive areas that will support message crafting? Solutioning? SEM/SEO?
    3. Are you capturing insights into “how they decide” so sellers are well informed on the decision-making dynamics?
    4. Are you getting a strong understanding of content, interaction preferences, and news and information sources so sellers can outreach more effectively, you can pinpoint media spend, and content marketing can create the right assets?
    Functional – “to find them”
    Job Role Title Org. Chart Dynamics Buying Center Firmographics
    Emotive – “what they do and jobs to be done”
    Initiatives: What programs/projects the persona is tasked with and their feelings and aspirations about these initiatives. Motivations? Build credibility? Get promoted? Challenges: Identify the business issues, problems, and pain points that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? Buyer Need: They may have multiple needs; which need is most likely met with the offering? Terminology: What are the keywords/phrases they organically use to discuss the buyer need or business issue?
    Decision Criteria – “how they decide”
    Buyer Role: List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). Evaluation and Decision Criteria: Which lens – strategic, financial, or operational – does the persona evaluate the impact of purchase through?
    Solution Attributes – “what does the ideal solution look like”
    Steps in “Jobs to Be Done” Elements of the “Ideal Solution” Business outcomes from ideal solution Opportunity scope; other potential users Acceptable price for value delivered Alternatives that see consideration Solution sourcing: channel, where to buy
    Behavioral Attributes – “how to approach them successfully”
    Content Preferences: List the persona’s content preferences – blog, infographic, demo, video – vs. long-form assets (e.g. white paper, presentation, analyst report). Interaction Preferences: Which are preferred among in-person meetings, phone calls, emails, videoconferencing, conducting research via Web, mobile, and social? Watering Holes: Which physical or virtual places do they go to network or exchange info with peers (e.g. LinkedIn)?

    2.2.2 Are you getting what you need from interviews to support the buyer journey?

    Our approach helps you define the buyer journey

    Because marketing leaders need to reach buyers through the right channel with the right message at the right time during their decision cycle, you’ll benefit by using questionnaires that enable you to build the below easily and quickly.

    2.3 Continue interviews

    Input

    • Final adjustments to list of interview questions

    Output

    • Final buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona Creation Template
    • Buyer Persona and Journey Interview Guide and data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 weeks

    1. Continue customer and prospect interviews.
    2. Ensure you are gaining the segment perspectives needed.
    3. Complete the “Summary” columns within the Buyer Persona and Journey Interview Guide and Data Capture Tool.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    Phase 3
    Prepare Communications and Educate Stakeholders

    This Phase walks you through the following activities:

    • Creating outputs for key stakeholders
    • Communicating final findings and supporting marketing, sales, and product activation.

    This Phase involves the following stakeholders:

    • Program leadership
    • Product Marketing
    • Product Management
    • Sales
    • Field Marketing/Campaign Management
    • Executive Leadership

    3.1 Summarize interview results and convene full working team and steering committee for final review

    Input

    • Buyer persona and journey interviews detail

    Output

    • Buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona and Journey Interview Guide and Data Capture Tool
    • Buyer Persona and Journey Summary Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive (Optional)
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • SoftwareReviews marketing analyst

    1-2 hours

    1. Summarize interview results within the Buyer Persona and Journey Summary Template.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    Download the Buyer Persona and Journey Summary Template

    3.2 Convene executive steering committee and working team to review results

    Input

    • Buyer persona and journey interviews summary

    Output

    • Buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona and Journey Summary Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 hours

    1. Present final persona and journey results to the steering committee/executives and to working group using the summary slides interview results within the Buyer Persona and Journey Summary Template to finalize results.

    Download the Buyer Persona and Journey Summary Template

    3.3 Convene stakeholder meetings to activate results

    Input

    • Buyer persona and journey interviews summary

    Output

    Activation of key learnings to drive:

    • Better product –market fit
    • Lead gen
    • Sales effectiveness
    • Awareness

    Materials

    • Buyer Persona and Journey Summary Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • Stakeholder team members (see left)

    4-5 hours

    Present final persona and journey results to each stakeholder team. Key presentations include:

    1. Product team to validate product market fit.
    2. Content marketing to provide messaging direction for the creation of awareness and lead gen assets.
    3. Campaigners/Field Marketing for campaign-related messaging and to identify asset types required to be designed and delivered to support the buyer journey.
    4. Social media strategists for social post copy, and PR for other awareness-building copy.
    5. Sales enablement/training to enable updating of sales collateral, proposals, and sales training materials. Sellers to help with their targeting, prospecting, and crafting of outbound messaging and talk tracks.

    Download the Buyer Persona and Journey Summary Template

    Summary of Accomplishment

    Problem Solved

    With the help of this blueprint, you have deepened your and your colleagues’ buyer understanding at both the persona “who they are” level and the buyer journey “how do they buy” level. You are among the minority of marketing leaders that have fully documented a buyer persona and journey – congratulations!

    The benefits of having led your team through the process are significant and include the following:

    • Better alignment of customer/buyer-facing teams such as in product, marketing, sales, and customer success.
    • Messaging that can be used by marketing, sales, and social teams that will resonate with buyer initiatives, pain points, sought-after “pain relief,” and value.
    • Places in the digital and physical universe where your prospects “hang out” so you can optimize your media spend.
    • More effective use of marketing assets and sales collateral that align with the way your prospect needs to consume information throughout their buyer journey to make a decision in your solution area.

    And by capturing and documenting your buyer persona and journey even for a single buyer type, you have started to build the “institutional strength” to apply the process to other roles in the decision-making process or for when you go after new and different buyer types for new products. And finally, by bringing your team along with you in this process, you have also led your team in becoming a more customer-focused organization – a strategic shift that all organizations should pursue.

    If you would like additional support, contact us and we’ll make sure you get the professional expertise you need.

    Contact your account representative for more information.

    info@softwarereviews.com

    1-888-670-8889

    Related Software Reviews Research

    Optimize Lead Generation With Lead Scoring

    • Save time and money and improve your sales win rates when you apply our methodology to score contacts with your lead gen engine more accurately and pass better qualified leads over to your sellers.
    • Our methodology teaches marketers to develop your own lead scoring approach based upon lead/contact profile vs. your Ideal Customer Profile (ICP) and scores contact engagement. Applying the methodology to arrive at your own approach to scoring will mean reduced lead gen costs, higher conversion rates, and increased marketing-influenced wins.

    Bibliography

    Bilardi, Emma. “How to Create Buyer Personas.” Product Marketing Alliance, July 2020. Accessed Dec. 2021.

    Harrison, Liz, Dennis Spillecke, Jennifer Stanley, and Jenny Tsai. “Omnichannel in B2B sales: The new normal in a year that has been anything but.” McKinsey & Company, 15 March 2021. Accessed Dec. 2021.

    Jansen, Hasse. “Buyer Personas – 33 Mind Blowing Stats.” Boardview.io!, 19 Feb. 2016. Accessed Jan. 2022.

    Raynor, Lilah. “Understanding The Changing B2B Buyer Journey.” Forbes Agency Council, 18 July 2021. Accessed Dec. 2021.

    Simpson, Jon. “Finding Your Audience: The Importance of Developing a Buyer Persona.” Forbes Agency Council, 16 May 2017. Accessed Dec. 2021.

    “Successfully Executing Personalized Marketing Campaigns at Scale.” Plexure, 6 Jan. 2020. Accessed Dec 2020.

    Ulwick, Anthony W. JOBS TO BE DONE: Theory to Practice. E-book, Strategyn, 1 Jan. 2017. Accessed Jan. 2022.

    Select an Enterprise Application

    • Buy Link or Shortcode: {j2store}588|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Enterprise Applications
    • Parent Category Link: /enterprise-applications
    • Organizations rarely have both the sufficient knowledge and resources to properly evaluate, select, and implement an enterprise application software (EAS), forcing them to turn to external partnerships.
    • Inadequate and incomplete requirements skew the EAS selection in one direction or another. Many EAS projects fail due to a lack of clear description and specification of functional requirements.
    • The EAS technology market is so vast that it becomes nearly impossible to know where to start or how to differentiate between vendors and products.

    Our Advice

    Critical Insight

    • Accountability for EAS success is shared between IT and the business. There is no single owner of an EAS. A unified approach to building your strategy promotes an integrated roadmap so all stakeholders have clear direction on the future state.
    • While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for enterprise applications.
    • EAS projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with EAS capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just occur at the executive level but at each level of the organization.

    Impact and Result

    • Conduct an EAS project preparedness assessment as a means to ensure you maximize the value of your time, effort, and spending.
    • Gather the necessary resources to form the team to conduct the EAS selection.
    • Gett the proper EAS requirement landscape by mapping out business capabilities and processes, translating into prioritized EAS requirements.
    • Review SoftwareReviews vendor reports to shortlist vendors for your RFP process.
    • Use Info-Tech’s templates and tools to gather your EAS requirements, build your RFP and evaluation scorecard, and build a foundational EAS selection framework.

    Select an Enterprise Application Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select an Enterprise Application Software Storyboard - A blueprint which prepares you for a proper and better enterprise application selection outcome.

    Properly selecting and implementing an enterprise application requires a proper structure. This blueprint guides you with a framework to help in such project, including steps such as assessing readiness, plan for the right resources, requirements gathering, shortlisting, obtaining and evaluating vendor responses, and preparing for implementation.

    • Select an Enterprise Application Software Storyboard

    2. Select an Enterprise Application Readiness Assessment Checklist – a checklist to assess your readiness towards moving ahead with the selection process.

    The EAS Readiness Checklist includes a list of essential tasks to be completed prior to the enterprise application selection and implementation project.

    • EAS Readiness Assessment Checklist

    3. ERP/HRIS/CRM Requirements Templates – a set of templates to help build a list of requirements and features for the selection process.

    These templates are specific to either ERP, HRIS, or CRM. Each template lists out a set of modules and features allowing you to easily build your requirements.

    • ERP Requirements Template
    • HRIS Requirements Template
    • CRM Requirements Template

    4. Vendor Solicitation (RFP) to Evaluation Suite of Tools – Use Info-Tech’s RFP, vendor response and evaluation tools and templates to increase your efficiency in your RFP and evaluation process.

    Configure this time-saving suite of tools to your organizational culture, needs, and most importantly the desired outcome of your RFP initiative.

    • EAS Request for Proposal Template
    • EAS Vendor Response Template
    • ERP Vendor Demonstration Script Template
    • HRIS Vendor Demonstration Script Template
    • CRM Vendor Demonstration Script Template
    • EAS RFP and Demonstration Scoring Tool
    [infographic]

    Workshop: Select an Enterprise Application

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Workshop debrief – Prepare for implementation

    The Purpose

    Review evaluation framework.

    Prepare for implementation.

    Key Benefits Achieved

    Activities

    1.1 Support the project team in establishing the evaluation framework.

    1.2 Discuss demo scripts scenarios.

    1.3 Discuss next steps and key items in preparation for the implementation.

    Outputs

    Evaluation framework considerations.

    Demo script considerations.

    RFP considerations.

    2 Workshop Preparation

    The Purpose

    The facilitator works with the team to verify organizational readiness for EAS project and form the EAS project team.

    Key Benefits Achieved

    Level-set on organizational readiness for EAS

    Organizational project alignment

    Activities

    2.1 Introduce the workshop and complete an overview of activities.

    2.2 Complete organizational context assessment to level-set understanding.

    2.3 Complete EAS readiness assessment.

    2.4 Form EAS selection team.

    Outputs

    EAS readiness assessment

    Structured EAS selection team

    3 Mapping Capabilities to Prioritizing Requirements

    The Purpose

    Determine the business capabilities and process impacted by the EAS.

    Determine what the business needs to get out of the EAS solution.

    Build the selection roadmap and project plan.

    Key Benefits Achieved

    Business and ERP solution alignment

    Activities

    3.1 Map business capabilities/processes.

    3.2 Inventory application and data flow.

    3.3 List EAS requirements.

    3.4 Prioritize EAS requirements.

    Outputs

    Business capability/process map

    List or map of application + data flow

    Prioritized EAS requirements

    4 Vendor Landscape and your RFP

    The Purpose

    Understand EAS market product offerings.

    Readying key RFP aspects and expected vendor responses.

    Key Benefits Achieved

    Shortlist of vendors to elicit RFP response.

    Translated EAS requirements into RFP.

    Activities

    4.1 Build RFP.

    4.2 Build vendor response template.

    Outputs

    Draft of RFP template.

    Draft of vendor response template.

    5 How to Evaluate Vendors

    The Purpose

    Prepare for demonstration and evaluation.

    Establish evaluation criteria.

    Key Benefits Achieved

    Narrow your options for ERP selection to best-fit vendors.

    Activities

    5.1 Run an RFP evaluation simulation.

    5.2 Establish evaluation criteria.

    5.3 Customize the RFP and Demonstration and Scoring Tool.

    Outputs

    Draft of demo script template.

    Draft of evaluation criteria.

    Draft of RFP and Demonstration and Scoring Tool.

    Further reading

    Select an Enterprise Application

    Selecting a best-fit solution requires balancing needs, cost, and vendor capability.

    Analyst Perspective

    A foundational EAS strategy is critical to decision-making.

    Enterprise application software (EAS) is a core tool that a business leverages to accomplish its goals. An EAS that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business.

    EAS systems are expensive, their benefits are difficult to quantify, and they often suffer from poor user satisfaction. Post-implementation, technology evolves, organizational goals change, and the health of the system is not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.

    Too often organizations jump into selecting replacement systems without understanding the needs of the organization. Alignment between business and IT is just one part of the overall strategy. Identifying key pain points and opportunities, assessed in the light of organizational strategy, will provide a strong foundation to the transformation of the EAS system. Learning about different vendor product offerings with a rigorous approach and evaluation framework will pave way for a better selection outcome.

    Hong Kwok, Research Director

    Hong Kwok
    Research Director
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech’s Approach
    Selecting and implementing an EAS is one of the most expensive and time-consuming technology transformations an organization can undertake. EAS projects are notorious for time and budget overruns, with only a margin of the anticipated benefits being realized. Making the wrong technology selection or failing to plan for an EAS implementation has significant – and possibly career-ending – implications.

    The EAS technology market is so vast that it is nearly impossible to know where to start or how to differentiate between vendors and products.

    Inadequate and incomplete requirements skew the EAS selection in one direction to another. Many EAS projects fail due to a lack of clear description and specification of functional requirements.

    Organizations rarely have both the sufficient knowledge and resources to properly evaluate, select, and implement an EAS, forcing them to turn to external partnerships.

    EAS selection must be driven by your organization’s overall strategy. Ensure you are ready to embark on this journey with the right resources.

    Determine what EAS solution fits your organization through a structured requirement gathering process to a vendor evaluation framework.

    Ensure strong points of integration between EAS and other software such as ERP to HRIS. No EAS should live in isolation.

    Info-Tech Insight
    Accountability for EAS success is shared between IT and the business. There is no single owner of an EAS. A unified approach to building your strategy promotes an integrated roadmap so all stakeholders have clear direction on the future state.

    You are not just picking a piece of software, you are choosing a long-term technology partner

    Reasons for Selectin Chosen Software

    Decision making in selection often stands on functional fit; don’t forget to consider vendor fit.

    As the ERP technology market becomes increasingly saturated and difficult to decode, vendors are trying to get ahead by focusing on building a partnership, not just making a sale.

    68 % of organizations are satisfied with the overall ERP vendor experience, up from 54% in 2017.

    Panorama Consulting Solutions, “Report,” 2018

    What is an Enterprise Application?

    Our Definition: Enterprise Application Software (EAS) is a large software system that provides a broad and integrated set of features which supports a range of business operations and processes across an organization. The system is broadly deployed, provides a unified interface and data structure, allowing for higher business productivity and reporting efficiencies. Best known EAS solutions include Enterprise Resource Planning (ERP), Human Resource Information System (HRIS), and Customer Relationship Management (CRM).

    More focused EAS solutions may also bring benefits to your organization, depending on the scale of operations, complexity of operations, and functions. Here are some examples:

    PSA: Professional Services Automation
    SCMS: Supply Chain Management System
    WMS: Warehouse Management System
    EAM: Enterprise Asset Management
    PIMS: Product Information Management System
    MES: Manufacturing Execution System
    MA: Marketing Automation

    Our other Selection Framework

    When selecting personal or commodity applications, or mid-tier applications with spend below $100,000, use our Rapid Application Selection Framework.

    Download this tool

    Enterprise Applications Lifecycle Advisory Services

    Enterprise Resource Planning (ERP)

    Enterprise Resource Planning (ERP)

    What is EPR

    Enterprise resource planning (ERP) systems facilitate the flow of information across business units. They allow for the seamless integration of systems and create a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    An ERP system:

    • Automates processes, reducing the amount of manual, routine work.
    • Integrates with core modules, eliminating the fragmentation of systems.
    • Centralizes information for reporting from multiple parts of the value chain to a single point.
    ERP use cases: Product-centric
    Suitable for organizations that manufacture, assemble, distribute, or manage material goods.    		 Service-centric
    Suitable for organizations that provide and manage field services and/or professional services.

    Human Resource Information System (HRIS)

    What is HRIS?

    An HRIS is used to acquire, store, manipulate, analyze, retrieve, and distribute information regarding an organization’s human resources. HRIS covers the entire employee lifecycle from recruit to retire.

    An HRIS:

    • Retains employee data in a single repository.
    • Enhances employee engagement through self-service and visibility into their records.
    • Enhances data security through role-based access control.
    • Eliminates manual processes and enables workflow automation.
    • Reduces transaction processing time and HR administrative tasks.
    • Presents an end-to-end, comprehensive view of all HR processes.
    • Reduces exposure to risk with compliance to rules and regulations.
    • Enhances the business’s reporting capability on various aspects of human capital.

    Human Resource Information System

    Customer relationship management (CRM)

    What is CRM?

    A CRM platform (or suite) is a core enterprise application that provides a broad feature set for supporting customer interaction processes, typically across marketing, sales and customer service. These suites supplant more basic applications for customer interaction management (such as the contact management module of an ERP or office productivity suite).

    A CRM suite provides many key capabilities, including but not limited to:

    • Account management
    • Order history tracking
    • Pipeline management
    • Case management
    • Campaign management
    • Reports and analytics
    • Customer journey execution

    A CRM provides a host of native capabilities, but many organizations elect to tightly integrate their CRM solution with other parts of their customer experience ecosystem to provide a 360-degree view of their customers.

    Customer relationship management

    The good EAS numbers

    There are many good reasons to support EAS implementation and use.

    92% of organizations report that CRM use is important for accomplishing revenue objectives.
    Source: Validity, 2020

    Almost 26% of companies implement HRIS is to obtain greater functionalities, while other main reasons are to increase efficiencies, support growth, and consolidate systems.
    Source: SoftwarePath, 2022

    Functionality of an ERP is believed to be the most important aspect by almost 40% of companies.
    Source: SelectHub, 2022

    The ugly EAS numbers

    Risks are high in EAS projects.

    Statistical analysis of ERP projects indicates rates of failure vary from 50 to 70 percent. Taking the low end of those analyst reports, one in two ERP projects is considered a failure.
    Source: Electric Journal of Information Systems Evaluation.

    46% of HR technology projects exceed their planned timelines.
    Source: Unleash, 2020

    Almost 70% of all CRM implementation projects do not meet expected objectives.
    Source: Future Computing and Informatics Journal

    Enterprise Application dissatisfaction

    Finance, IT, Sales, HR, and other users of the Enterprise Application system can only optimize with the full support of each other. Cooperation between departments is crucial when trying to improve the technology capabilities and customer interaction.

    Drivers of Dissatisfaction
    Business Data People and teams Technology
    • Misaligned objectives
    • Product fit
    • Changing priorities
    • Lack of metrics
    • Access to data
    • Data hygiene
    • Data literacy
    • One view of the customer
    • User adoption
    • Lack of IT support
    • Training (use of data and system)
    • Vendor relations
    • Systems integration
    • Multi-channel complexity
    • Capability shortfall
    • Lack of product support

    Info-Tech Insight
    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for Enterprise Applications.

    Case Study

    Align strategy and technology to meet consumer demand.

    NETFLIX

    INDUSTRY
    Entertainment

    SOURCE
    Forbes, 2017

    Challenge
    Beginning as a mail-out service, Netflix offered subscribers a catalog of videos to select from and have mailed to them directly. Customers no longer had to go to a retail store to rent a video. However, the lack of immediacy of direct mail as the distribution channel resulted in slow adoption.

    Blockbuster was the industry leader in video retail but was lagging in its response to industry, consumer, and technology trends around customer experience.

    Solution
    In response to the increasing presence of tech-savvy consumers on the internet, Netflix invested in developing an online platform as its primary distribution channel. The benefit of doing so was two-fold: passive brand advertising (by being present on the internet) and meeting customer demands for immediacy and convenience. Netflix also recognized the rising demand for personalized service and created an unprecedented, tailored customer experience.

    Results
    Netflix’s disruptive innovation is built on the foundation of great customer experience management. Netflix is now a $28 billion company, which is ten times what Blockbuster was worth.

    Netflix used disruptive technologies to innovatively build a customer experience that put it ahead of the long-time video rental industry leader, Blockbuster.

    Info-Tech’s methodology for selecting an Enterprise Application

    1. Build alignment and assemble the team 2. Define your EAS 3. Engage, evaluate, and select 4. Next steps
    Phase steps
    1. Aligning business and IT
    2. Readiness and resourcing
    1. Map capabilities
    2. List Requirements
    3. Prioritize requirements
    1. Know the products
    2. Engage the vendors
    3. Select properly
    1. Plan for implementation
    Phase outcomes Discuss organizational goals and how to advance those using the EA system. Identify gaps and remediation steps in preparation of the selection. Assemble the EA selection team. List and review business capabilities and translate into EAS requirements. Prioritize requirements for selection. Gain an understanding of the product offerings on the market. Engage the vendors through RFPs and conduct a proper evaluation with an objective evaluation criteria and framework. Review and discuss the different elements required in preparation for the implementation project.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    ERP/HRIS/CRM Requirements Template

    ERP Requirements Template

    Accelerate your requirement gathering with a pre-compiled list of common requirements.

    RFx Demo Scoring Tool

    RFx Demo Scoring Tool

    Quickly compare the vendors who respond to the RFx to identify the best fit for your needs.

    Key deliverable:

    RFx templates

    Use one of our templates to build a ready-for-distribution implementation partner RFx tailored to the unique success factors of your implementation.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to his the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between six to ten calls over the course of four to six months.

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4

    Call #1: Scoping call to understand the current situation.

    Call #2: Discuss readiness and resourcing needs.

    Call #3: Discuss the capabilities and application inventory.

    Call #4: Discuss requirement gathering and prioritization.

    Call #5: Go over SoftwareReviews and review draft RFx.

    Call #6: Discuss evaluation tool and evaluation process.

    Call #7: Discuss preparation for implementation.

    Workshop Overview

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities

    Organizational Strategic Needs

    1.1 Review the business context.

    1.2 Overview of the EAS Landscape

    1.2 Assess EAS project readiness

    1.3 Determine the members of the EAS selection team

    From Capabilities to Requirements

    2.1 Map business capabilities

    2.2 Inventory application and interactions

    2.3 Gather requirements

    2.4 Prioritize requirements

    Vendor Landscape and Your RFP

    3.1 Understanding product offerings

    3.2 Build a list of targeted vendors

    3.3 Build RFP

    3.4 Build vendor response template

    How to Evaluate Vendors

    4.1 Run a RFP evaluation simulation

    4.2 Build demo script

    4.3 Establish evaluation criteria

    Next Steps and Wrap-Up (offsite)

    5.1 Clean up in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.
    Deliverables
    1. EAS Readiness Checklist and remediation plan
    2. List of members in EAS selection team
    1. List of key business processes
    2. Inventory application and data flow map
    3. Prioritized EAS requirements
    1. Draft RFP template
    2. Draft vendor response template
    1. Draft demo script template
    2. Draft vendor evaluation tool
    1. Completed RFP template
    2. Completed vendor response template
    3. Completed demo script template
    4. Vendor evaluation plan

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 1

    Build alignment and assemble the Team

    Phase 1
    1.1 Enterprise Application Landscape
    1.2 Validate Readiness
    1.3 Determine Resourcing

    Phase 2
    1.1 Capability Mapping
    1.2 Requirements Gathering Data Mapping
    1.3 Requirements Prioritizing

    Phase 3
    3.1 Understanding Product Offerings
    3.2 RFP & Demo Scripts
    3.3 Evaluation
    Select and Negotiate

    Phase 4
    4.1 Prepare for Implementation

    This phase will walk you through the following activities:

    Gain an understanding of recent EAS technology.

    Validate readiness before starting EAS selection.

    Assemble EAS selection team through identification of key players.

    This phase involves the following participants:

    Key stakeholders from the various areas of the business that will support the project, including:

    • CxO (e.g. CIO, CFO)
    • Departmental leaders
    • Project management team
    • Subject matter experts

    Select an Enterprise Application

    Create a compelling case that addresses strategic business objectives

    When someone at the organization asks you WHY, you need to deliver a compelling case. The ERP project will receive pushback, doubt, and resistance; if you can’t answer the question WHY, you will be left back-peddling.

    When faced with a challenge, prepare for the WHY.

    • Why do we need this?
    • Why are we spending all this money?
    • Why are we bothering?
    • Why is this important?
    • Why did we do it this way?
    • Why did we choose this vendor?

    Most organizations can answer “What?”

    Some organizations can answer “How?”

    Very few organizations have an answer for “Why?”

    Each stage of the project will be difficult and present its own unique challenges and failure points. Re-evaluate if you lose sight of WHY at any stage in the project.

    Ensure you have completed the necessary prerequisites for EAS selection

    Prior to embarking on selection, ensure you have set the right building blocks and completed the necessary prerequisites: your strategy and roadmap, and business case.

    STRATEGY & ROADMAP
    Whatever EAS is required, take the time to align your strategy and roadmap to business priorities. Right-size a technology strategy by assessing deployment model alternatives and future-state options with your EAS vision, operating model, and current-state assessment as inputs. Put your strategy to action with a living roadmap by following Info-Tech’s blueprint, Develop an Actionable Strategy and Roadmap.

    EAS BUSINESS CASE
    Use a business case to justify the business need for your EAS project and secure funding for moving forward with the proposal. A business case will further provide executive decision makers with the tools to compare and prioritize initiatives. Drive a consistent approach to promoting successful initiatives and holding the organization accountable to the projected benefits with Info-Tech’s blueprint, Reduce Time to Consensus With an Accelerated Business Case.

    Align the EAS strategy with the corporate strategy

    Corporate strategy Unified strategy EAS strategy
    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.
    • EAS optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives.
    • Communicates the organization’s budget and spending on EAS.
    • Identifies IT initiatives that will support the business and key EAS objectives.
    • Outlines staffing and resourcing for EAS initiatives.

    Info-Tech Insight
    EAS projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with EAS capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just to occur at the executive level alone, but at each level of the organization.

    Understand how EAS fits into your wider IT organization

    Identify the IT drivers and opportunities to take advantage of when embarking on your EAS project.

    Greenfield or brownfield: Do you currently have an EAS? Do you have multiple EASs? What is the history of your EAS deployment? How customized is it?

    End of life: What lifecycle stage is it in?

    Utilization: Are there point solutions in your application portfolio that support some EAS capabilities? Is functionality duplicated and/or underutilized?

    Reason for change: What are your organizational drivers for this EAS project (e.g. acquisition/merger)?

    APPLICATION PORTFOLIO STRATEGY

    Business leaders need application managers to do more than support business operations. Applications must drive business growth, and application managers need their portfolios to be current and effective and to evolve continuously to support the business or risk being marginalized. Rationalize your applications with a roadmap that propels the business forward.

    Go to this link

    Before switching vendors, evaluate your existing EAS to see if it’s being underutilized or could use an upgrade

    The cost of switching vendors can be challenging, but it will depend entirely on the quality of data and whether it makes sense to keep it.

    • Achieving success when switching vendors first requires reflection. We need to ask why we are dissatisfied with our incumbent software.
    • If the product is old and inflexible, the answer may be obvious, but don’t be afraid to include your incumbent in your evaluation if your issues might be solved with an upgrade.
    • Look at your use-case requirements to see where you want to take the EAS solution and compare them to your incumbent’s roadmap. If they don’t match, switching vendors may be the only solution. If your roadmaps align, see if you’re fully leveraging the solution or will be able to start working through process improvements

    Fully leveraging your current software now will have two benefits:

    1 It may turn out that poor leveraging of your incumbent software was the problem all along; switching vendors won’t solve the problem by itself. As the data to the right shows, a fifth of SMEs and a quarter of large enterprises do not fully leverage their incumbent software.
    2 If you still decide to switch, you’ll be in a good negotiating position. If vendors can see you are engaged and fully leveraging your software, they will be less complacent during negotiations to win you over.
    20%
    Small/Medium
    Enterprises    		 25%
    Large
    Enterprises
    only occasionally or rarely/never use their software

    Source: SoftwareReviews, 2020; N=45,027

    Info-Tech Insight
    Switching vendors won’t improve poor internal processes. To be fully successful and meet the goals of the business case, new software implementations must be accompanied by process review and improvement.

    Familiarize yourself with the EAS market

    How it got here Where it’s going
    • Acquisition and consolidation: The major vendors in the industry have grown over time through acquisition, particularly focusing on expanding products in industrial verticals.
    • Product stack: What it means is having to navigate complexity related to the product stack when thinking about EAS, which turns the conversation from EAS as a single product to EAS as a package of multiple products.
    • Modularity and interoperability: The benefit of the stack is that it often means modularity and the ability to implement parts of a solution or in an order that aligns to the customer’s needs. On the other hand, the stack is not always understood by or well communicated to the customer, and the interdependence of components often means they must be licensed together.
    • Customizable cloud: Software-as-a-Service in multitenant environments offers a hands-off value proposition, but increasingly customers are looking to customize their instances beyond the capability offered through configurability.
    • Best-of-breed consolidation: EAS vendors are continuing to consolidate functionality to increase interoperability and increase ease of integration. The market is rife with acquisitions and mergers, making the strong players even stronger.
    • Client experience: While most vendors now offer products that will meet the wide gamut of EAS business requirements, vendors are now paying extra attention to the client experience from partnership perspective.

    Info-Tech Insight
    Evaluating the EAS vendor landscape is becoming increasingly difficult as the playing field evens out in terms of functionality offerings. As such, it is becoming increasingly important to more meticulously evaluate vendors themselves as part of the selection process. This is especially important in EAS projects, as they tend to be multi-year in nature and result in long-term vendor partnerships.

    What types of Enterprise solutions are at my disposal?

    IT leaders typically compare EAS on-premises with SaaS options, but there are actually four different deployment scenarios.

    1. On Premises 3. Proprietary Cloud 4. White-Label Cloud 2. SaaS
    • The traditional model for EAS deployment.
    • Upfront licensing term plus annual maintenance/ support fee.
    • Requires local server, database, and authentication.
    • Good support for industry modules.
    • Customizable.
    • EAS vendor hosts an instance of the EAS system in its own data center.
    • Patches may or may not be applied automatically.
    • Monthly per-user or traditional billing.
    • Otherwise, as with on premises.
    • EAS VAR or reseller hosts an instance of the EAS system in its own data center or in a public IaaS provider’s (e.g. Rackspace, Amazon EC2).
    • Otherwise, as with proprietary cloud.
    • Common model for cloud EAS.
    • All users share a single instance.
    • Patches and updates are applied automatically.
    • Monthly per-user fee.
    • Poor industry support.
    • Configurable but not customizable.

    Info-Tech Insight
    Cloud may apply in other ways to the EAS implementation. Most vendors offer particular EAS services delivered via the cloud. For example, some vendors offers CRM, project management, and payroll self-service as cloud-based options to augment on-premises ERP solutions.

    Know when to adopt and when to bypass cloud EAS

    Use the following guidelines to determine if your organization will benefit from the cloud, or if you should stick to a more traditional delivery model.

    Adopt a cloud-based EAS platform if you have: Do not adopt a cloud-based EAS platform if you have:
    Standard processes – Businesses that have standard, repeatable processes can benefit greatly from the cost savings that cloud provides, as the need for expensive customizations is greatly minimized. Highly regulated industry – Although there is no hard evidence that says cloud-based solutions are not able to support security or compliance needs, in certain industries such as banking or insurance, cloud is not the norm and may be a tough sell for IT.
    Lean IT operations – Organizations with lean IT or no formal IT departments supporting them will find SaaS EAS particularly appealing. Those with IT that can support day-to-day operations but are not prepared for disaster recovery should also consider cloud EAS, either hosted or SaaS-based. Unreliable network – If the business regularly faces network outages or remote employees have unreliable internet connections, a cloud-based solution may not be the best option. IT would face many complaints from disgruntled workers unable to access data.
    Mobile workforce – Telecommuting is becoming more common, as is the requirement for data to be readily available for those on the road. Using cloud is a good way to provide this functionality. Unsavvy workforce – Organizations that prefer to be late adopters of technology may face strong resistance to taking their software to the cloud. Some employees may not like the idea of using a browser to connect to the system.

    Info-Tech Insight
    Knowing when to choose a cloud EAS deployment comes down to two main factors: knowing the level of complexity required by the business, and knowing the available IT resources that can be dedicated to support and manage EAS.

    Consider 3 classic scenarios when evaluating cloud EAS

    Cloud EAS should be considered by all organizations, but these scenarios present the strongest opportunity.

    The Startup The Spinoff The Modernizer
    • There is no greenfield in ERP, but if you’re a startup, you’re quite close.
    • Given the virtually nonexistent IT department in startups, having an on-premises ERP can be daunting. A SaaS delivery model is usually the best choice in these scenarios. Even if the resources are available, they are better spent driving business growth.
    • Startups typically have less stringent industry requirements, making SaaS a more attractive option.
    • Though not entirely new companies, spinoffs or subsidiaries often have needs similar to those of startups but with an added integration requirement.
    • When it comes to ERP, the deployment type will depend on how resources are split with the parent company. If there is little to no IT support, then SaaS is ideal.
    • If the parent company is already using cloud ERP, whether SaaS, hosted, or an internal cloud, then it is often easy for the spinoff to gain access as well.
    • Companies with legacy systems that are not salvageable, or out-of-date point solutions that do not scale, have the opportunity to start from scratch.
    • Those looking at reducing capital expenses should consider SaaS and hosted ERP deployments.
    • Those looking at having state-of-the-art technology in-house should consider building an internal private cloud that supports their ERP deployment.

    Make sure you are ready to proceed with selection

    Organizational readiness is essential for maximizing the benefits realized from your ERP. Cover all critical elements of pre-work, resources, buy-in, and strategy and planning before embarking on ERP selection and/or implementation.

    Pre-work
    Current State Understanding
    Business Process Improvement
    Future State Vision

    Resources
    Project Team
    Governance Structures
    Third-Party Partners
    Cost and Budget

    Buy-in
    Goals and Objectives
    Exec Business Sponsorship
    Stakeholder Engagement
    Change Management

    STRATEGY and PLANNING
    ERP Strategy & Roadmap
    Risk Management
    Project Metrics

    Without a preparedness assessment, organizations end up wasting a lot of time on resolving gaps in planning that could have been mitigated upfront, which ultimately makes the implementation project more challenging.
    – Suanne McGrath-Kelly, President & Principal Consultant, Plan in Motion Inc., interviewed by Info-Tech, 2019.

    Assess your EAS readiness before moving forward

    To avoid common project pitfalls, complete the necessary prerequisites before proceeding with EAS. Consider whether the risks of proceeding unprepared fall within your organization’s risk tolerance. If they do not, pivot back to strategy.

    Preceding tasks Risks of proceeding unprepared
    Project Vision
    Project Scope
    EAS Business Case
    Current State Map
    Improvement Opportunity Analysis
    Future State Considerations
    Strategic Requirements
    Project Metrics and Benchmarks
    Risk Assessment
    EAS Strategic Roadmap
    EAS Project Work Initiatives     		Misalignment of project objectives
    Time and cost overruns
    Lack of executive buy-in or support
    Over- or under-investment in systems
    Unknown and unmet system requirements
    Product selection misfit
    Misalignment of requirements to needs
    Inability to measure project success
    Inability to proactively mitigate risk impact
    Lack of decision-making traceability
    Unclear expectations of tasks and roles

    1.2.1 Assess EAS selection readiness

    1 – 2 hours

    1. As a group, review Section 1 of the EAS Readiness Assessment Checklist with the core project team and/or project sponsor, item by item. For completed items, tick the corresponding checkbox. Document all incomplete items in the Readiness Remediation Plan table in the first column (“Incomplete Readiness Item”).
    2. For each incomplete item, use your discretion to determine whether the completion is critical in preparation for EAS selection and implementation. This may vary given the complexity of your EAS project. If the item is critical to the project, indicate this with “Y” in the second column (“Criticality (Y/N)”).
    3. For each critical item, reflect on the barriers that have prevented or are preventing its completion. Possible barriers include incomplete task dependencies, low value to effort determination, lack of organizational knowledge or resources, pressure of deadlines, etc. Document these barriers in the third column (“Barriers to Completion”).
    4. Determine a remediation approach for each barrier identified. Document the approach in the fourth column (“Remediation Approach”).
      1. For each remediation activity, designate a due date and remediation owner. Document this in the fifth column (“Due Date and Owner”).
      2. Carry out the remediation of critical tasks and return to this blueprint to kick-start your selection and implementation project.
    Input Output
    • EAS Foundation
    • EAS Strategy
    • Readiness remediation approach
    • Validation of ERP project readiness
    Materials Participants
    • EAS Readiness Assessment Checklist
    • Project sponsor
    • Core project team

    Download the EAS Readiness Assessment Checklist

    Build a well-balanced core team to see the project through

    Have a cross-departmental team define goals and objectives in order to significantly increase EAS success and improve communication.

    • Hold a meeting with Finance, Operations, and IT stakeholders. The overall objective of the meeting is to confirm that all parties agree on the goals and metrics that gauge success of the EAS project.
    • The kick-off process will significantly improve internal communications. Invite all impacted internal groups to work as a team to address any significant issues before the application process is formally activated.
    • Set up a quarterly review process to understand changing needs. This will change the way the EAS system will be utilized.

    “Each individual should understand at least one business area and have a hand in another.”
    – Mark Earley
    Senior Research Director,
    Info-Tech Research Group

    Info-Tech Insight
    An EAS selection and implementation requires more than just a procurement team. The core EAS project team should be cross-functional. .

    Be ready with a resourcing strategy for your EAS project

    EAS selection and implementation is a giant undertaking that can rarely be supported by internal resources alone.

    It is important to understand where your organization’s resourcing gaps are when embarking on a selection and implementation project. Once gaps are identified, the amount of external support needed from vendor(s), consultants, or system integrators can be determined.

    Select from the three most commonly used resourcing strategies for EAS selection and implementation projects:

    • Implement in-house using your own staff.
    • Implement using a combination of your own staff and professional services from the vendor(s) and/or system integrator (SI).
    • Implement using professional services.

    Build your implementation team

    Prioritize members from your core selection team. They will have strong insight into the tool and its envisioned position in the organization.

    General Roles

    1. Integration Specialists
    2. Solution or Enterprise Architects
    3. QA Engineer
    4. IT Service Management Team

    External Roles

    1. Vendor’s Implementation Team or Professional Services
    2. Systems Integrator (SI)

    Right-size the EAS selection team to ensure you get the right information but are still able to move ahead quickly

    Full-Time Resourcing: At least one member of these five team members must be allocated to the selection initiative as a full-time resource.

    IT Leader Technical Lead Business Analyst/
    Project Manager    		 Business Lead Process Expert(s)
    This team member is an IT director or CIO who will provide sponsorship and oversight from the IT perspective. This team member will focus on application security, integration, and enterprise architecture. This team member elicits business needs and translates them into technology requirements. This team member will provide sponsorship from the business needs perspective. Typically, a CXO or SVP of a business function. These team members are the business process owners who will help steer the requirements and direction.

    Info-Tech Insight
    It is critical for the selection team to determine who has decision rights. Organizational culture will play the largest role in dictating which team member holds the final say for selection decisions. For more information on stakeholder management and involvement, see this guide.

    Complete the project timeline required during your selection phase

    Include as many steps as necessary to understand, validate, and compare vendor solutions so you can make a confident, well-informed decision.

    Use Info-Tech’s 15-Step Selection Process:

    1. Initiate procurement.
    2. Select procurement manager.
    3. Prepare for procurement; check that prerequisites are met.
    4. Select appropriate procurement vehicle (RFI, RFP, RFQ, etc.).
    5. Assemble procurement teams.
    6. Create procurement project plan.
    7. Identify and notify vendors about procurement.
    8. Configure procurement process.
    9. Gather requirements.
    10. Prioritize requirements.
    11. Build the procurement documentation package.
    12. Issue the procurement.
    13. Evaluate proposals.
    14. Evaluate vendor demos and reference checks.
    15. Recommend a vendor.

    Strengthen your procurement. If your organization lacks a clear selection process, refer to Info-Tech's Implement a Proactive and Consistent Vendor Selection Process research to help construct a formal process for procuring application technology.

    Download the Implement a Proactive and Consistent Vendor Selection Process

    Visualize what success looks like

    Understand how success metrics are relevant at each stage of strategy formation by keeping the end in mind. Apply a similar thought model to your other success metrics for a holistic evaluation of your strategy.

    Implementation
    Pre-Implementation Post-Implementation
    Baseline measure Strategic insight Strategic action Success measure End result
    Use data you already have. Any given pain point can act as your pre-implementation baseline. Previously, this measure may have been evaluated by asking “what?” or “how much?” Move away from looking at your baseline measure as transactional data, and incorporate the ability to generate strategic insight with your EAS. Change the questions you are asking to drive insights: “who?” “why?” and “how does it affect the business?” Support the business by putting your strategic analytics into action. Ensure there are capabilities built into your ERP to strategically address your baseline measure. Leverage these functions to act on your strategic insights. In the interest of IT and business alignment, speak the same language when measuring success. Use a business success measurement to determine the contribution made by your EAS strategy. Visualize your success in the context of the business as a whole. Projecting success in the interest of your stakeholders will gain and maintain buy-in, allowing you to leverage the strategic functionality of your new EAS.
    Example Time to Procure Delay in time to procure caused by bottleneck in requisition processing ERP used to create advanced workflows to streamline requisition approval process Time efficiencies gained free up employee time to focus on more strategic efforts Contributed to strategic operational innovation

    Prove the value of your EAS through metrics

    Establish baseline metrics early and measure throughout the project can iteratively prove the value of your EAS.

    Functional processes IT resource efficiency
    Functional benefits and efficiencies gained through effectively diagnosing and meeting business needs. Benefits enabled through reductions in IT system, network, and resource usage.
    Example metrics Record to report
    • Days to close month-end
    • Time to produce statements
    		 Market to order
    • Customer retention rate
    • Conversion/Cost per lead
    • Number of help desk requests
    • Number of active users
    • Time to resolution
    Quote to cash
    • Sales cycle duration
    • Cash conversion cycle
    		 Issue to resolution
    • # of returns
    • # of customer complaints
    • Time to resolve complaints
    Procure to pay
    • Average time to procure
    • Cycle time of purchase order
    		 Forecast to delivery
    • Variance of demand plan
    • Time to replenish inventory
    Plan to perform
    • Time to complete plan
    • Variance of plan to actual
    		 Hire to retire
    • Training $ per employee
    • Total overtime cost

    Improve baseline metrics through…

    1. Increased help desk efficiency. Through training of personnel and increased efficiency of processes.
    2. Increased level of self-service for end users. Implementation of functionality that matches business needs will increase the efficiency of functional business tasks.
    3. Decreased time to escalation. Knowing when to escalate tasks sooner can decrease wasted effort by tier-one workers.
    4. Automation of simple, repetitive tasks. Automation frees time for more important tasks.

    1.3.1 Assemble EAS selection team

    1 hour

    1. Working as a group, list key players in the organization that should be in EAS selection team.
    2. Determine the role of each member.
    3. Define the level of commitment each member can have on the EAS selection team. Keep in mind their availabilities during the selection process.
    4. Determine who has decision rights.
    Input Output
    • Knowledge of the team, governance structure, and organizational culture
    • List members in EAS selection team
    Materials Participants
    • Sticky notes
    • Markers
    • Executive sponsor
    • Core project team

    Phase 2

    Define your EAS

    Phase 1
    1.1 Enterprise Application Landscape
    1.2 Validate Readiness
    1.3 Determine Resourcing

    Phase 2
    2.1 Capability Mapping
    2.2 Requirements Gathering Data Mapping
    2.3 Requirements Prioritizing

    Phase 3
    3.1 Understanding Product Offerings
    3.2 RFP & Demo Scripts
    3.3 Evaluation
    Select and Negotiate

    Phase 4
    4.1 Prepare for
    Implementation

    This phase will walk you through the following activities:

    Identifying business processes , inventory applications and data flows, gathering requirements and prioritizing them.

    This phase involves the following participants:

    Key stakeholders from the various areas of the business that will support the project including:

    • CxO (e.g. CIO, CFO)
    • Departmental leaders
    • Project management team
    • Subject matter experts
    • Core project team

    Select an Enterprise Application

    Leverage Info-Tech’s requirements gathering framework to serve as the basis for capturing your CRM requirements

    Requirements Gathering Framework

    Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework ensures that the application created will capture the needs of all stakeholders and deliver business value. Don’t treat elicitation, analysis, and validation in isolation: planning, monitoring, communicating, and managing must permeate all three stages in order to avoid makeshift solutions.

    Capability vs. process vs. feature

    Understanding the difference

    When examining HRMS optimization it is important to approach it from the appropriate layer.

    Capability:

    • The ability of an entity (e.g. organization or department) to achieve its objectives (APQC, 2017).
    • An ability that an organization, person, or system possesses. They are typically expressed in general and high-level terms and typically require a combination of organization, people, processes, and technology to achieve (TOGAF).

    Process:

    • Processes can be manual or technology enabled. A process is a series of interrelated activities that convert inputs into results (outputs).
    • Processes consume resources, require standards for repeatable performance, and respond to control systems that direct the quality, rate, and cost of performance. The same process can be highly effective in one circumstance and poorly effective in another with different systems, tools, knowledge, and people (APQC, 2017).

    Feature:

    • A distinguishing characteristic of a software item (e.g. performance, portability, or functionality) (IEEE, 2005).

    In today’s complex organizations, it can be difficult to understand where inefficiencies stem from and how performance can be enhanced.

    To fix problems and maximize efficiencies, organizations must examine business capabilities and processes to determine gaps and areas of lagging performance.

    Info-Tech’s HRIS framework and industry tools such as the APQC’s Process Classification Framework can help make sense of this.

    Process inventory

    Business capability map (Level 0)

    Business Capability Map

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of business processes.
    APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation rather than how.

    Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Will typically have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    EAS process mapping

    Objectives The organization’s objectives are typically outcomes that the organization is looking to achieve as a result of the business strategy.
    Value Streams Value streams are external/internal processes that help the organization realize its goals.
    Capabilities The what: Business capabilities support value streams in the creation and capture of value.
    Processes The how: Business processes define how they will fulfill a given capability.

    The operating model

    An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of EAS and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output.

    The value stream

    Value stream defined:

    Value Streams Design Product Produce Product Sell Product Customer Service
    • Manufacturers work proactively to design products and services that will meet consumer demand.
    • Products are driven by consumer demand and governmental regulations.
    • Production processes and labor costs are constantly analyzed for efficiencies and accuracies.
    • Quality of product and services are highly regulated through all levels of the supply chain.
    • Sales networks and sales staff deliver the product from the organization to the end consumer.
    • Marketing plays a key role throughout the value stream, connecting consumers’ wants and needs to the products and services offered.
    • Relationships with consumers continue after the sale of products and services.
    • Continued customer support and data mining is important to revenue streams.

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.

    There are two types of value streams: core and support.

    • Core value streams are mostly external-facing. They deliver value to either external or internal customers and they tie to the customer perspective of the strategy map.
    • Support value streams are internal-facing and provide the foundational support for an organization to operate.

    An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.

    2.1.1 List your key processes

    1-3 hours

    1. As a group, discuss the business capabilities, value streams, and business processes.
    2. For each capability determine the following:
      1. Is this capability applicable to our organization?
      2. What application, if any, supports this capability?
    3. Are there any missing capabilities to add?
    Input Output
    • Current systems
    • Key processes
    • APQC Framework
    • Organizational process map
    • List of key business processes
    Materials Participants
    • APQC Framework
    • Whiteboard, PowerPoint, or flip charts and markers
    • Primary stakeholders in each value stream supported by the EAS
    • Core project team

    Activity 2.1.1 – Process inventory

    Core finance Core HR Workforce management Talent Management Warehouse management Enterprise asset management
    Process Technology Process Technology Process Technology Process Technology Process Technology Process Technology
    • General ledger
    • Accounts payable
    • Accounts receivable
    • GL consolidation
    • Cash management
    • Billing and invoicing
    • Expenses
    • Payroll accounting
    • Tax management
    • Reporting
    • Payroll administration
    • Benefits administration
    • Position management
    • Organizational structure
    • Core HR records
    • Time and attendance
    • Leave management
    • Scheduling
    • Performance management
    • Talent acquisition
    • Offboarding & onboarding
    • Plan layout
    • Manage inventory
    • Manage loading docks
    • Pick, pack, ship
    • Plan and manage workforce
    • Manage returns
    • Transfer product cross-dock
    • Asset lifecycle management
    • Supply chain management
    • Maintenance planning and scheduling
    Planning and budgeting Strategic HR Procurement Customer relationship management Facilities management Project management
    Process Technology Process Technology Process Technology Process Technology Process Technology Process Technology
    • Budget reporting
    • Variance analysis
    • Multi-year operating plan
    • Monthly forecasting
    • Annual operating plan
    • Compensation planning
    • Workforce planning
    • Succession planning
    • Supplier management
    • Purchase order management
    • Workflow approvals
    • Contract / tender management
    • Contact management
    • Activity management
    • Analytics
    • Plan and acquire
    • Asset maintenance
    • Disposal
    • Project management
    • Project costing
    • Budget control
    • Document management

    Gaining Enterprise Architecture Oversight during application selection yields better user satisfaction results

    Procurement/Legal Oversight and
    Low satisfaction with software selection High satisfaction with software selection
    Process % Used % Used Process
    Used ROI/Cost Benefit Analysis 42% 43% Used ROI/Cost-Benefit Analysis
    Used Formal Decision Criteria 39% 41% Used Formal Decision Criteria
    Approval 33% 37% Enterprise Architecture Oversight and Approval
    Security Oversight and Approval 27% 36% Security Oversight and Approval
    Used Third-Party Data Reports 26% 28% Procurement/Legal Oversight and Approval
    Enterprise Architecture Oversight and Approval 26% 28% Used Third-Party Data Reports
    Used a Consultant 21% 17% Used a Consultant

    High satisfaction was defined as a response of 8, 9, or 10 from the overall recommendation question. Low satisfaction was 7 or less.

    Source: SoftwareReviews, 2018

    Map data flow

    Example ERP data flow

    Example ERP data flow

    When assessing the current application portfolio that supports your EAS, the tendency will be to focus on the applications under the EAS umbrella. These relate mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from EAS or similar applications.

    Be sure to include enterprise applications that are not included in the EAS application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.

    Integration is paramount: your EAS application often integrates with other applications within the organization. Create an integration map to reflect a system of record and the exchange of data. To increase customer engagement, channel integration is a must (i.e. with robust links to unified communications solutions, email, and VoIP telephony systems).

    Enterprise application landscape

    Enterprise application landscape

    2.1.2 Inventory applications and interactions

    1-3 hours

    1. Individually list all electronic systems involved in the EAS function of the organization.
    2. Document data flows into and out of each system to the EAS. Refer to the example on the previous slides (ERP data flow) and sample Enterprise Application map.
    3. Review the processes in place (look at each functional area, including data moving into and out of systems.) Document manual processes. Identify integration points. If flow charts exist for these processes, it may be useful to provide these to the participants.
    4. If possible, diagram the system. Include information direction flow.
    Input Output
    • Business process inventory
    • List of applications (if available)
    • Current systems
    • Data flow map
    Materials Participants
    • Whiteboard, markers
    • Internal requirements documentation tools (if available)
    • Business analyst(s)
    • Subject matter experts
    • Core project team (optional)

    Understand how to navigate the complex web of stakeholders in ERP requirements gathering

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Sponsor End user IT Business
    Description An internal stakeholder who has final sign-off on the ERP project. Frontline users of the ERP technology. Back-end support staff who are tasked with project planning, execution, and eventual system maintenance. Additional stakeholders who will be impacted by any ERP technology changes.
    Examples
    • CEO
    • CIO/CTO
    • COO
    • CFO
    • Warehouse personnel
    • Sales teams
    • HR admins
    • Applications manager
    • Vendor relationship manager(s)
    • Director, Procurement
    • VP, Marketing
    • Manager, HR
    Value Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation. End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor. IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge concerning system compatibility, integration, and data. Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives.

    Stakeholder influence vs. interest

    Large-scale EAS projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    Chart of Stakeholder Involvement during selection

    Extract functional and non-functional requirements from the customer interaction business process diagrams

    Once the most significant processes have been mapped, the business requirements must be extracted from the maps and transformed into functional and non-functional requirements. The example below illustrates how to extract requirements from an insurance claim process for the Record Claim step.

    Task Input Output Risks Opportunities Condition Sample requirements
    Record customer service claim Customer email Case record
    • Agent accidentally misses the email and case is not submitted
    • Reduce time to populate customer’s claim information into the case
    • Automation of data capture and routing
    • Pre-population of the case with the email contents
    • Suggested routing based on nature of case
    • Multi-language support

    Business:

    • System requires email-to-case functionality

    Non-functional:

    • The cases must be supported in multiple languages

    Functional:

    • The case must support the following information:
      • Title
      • Customer
      • Subject
      • Case origin
      • Case type

    Example claims process

    2.2.1 Capture your EAS requirements

    Time required varies

    1. Focus groups of 10-20 individuals may be the best way to ensure complete coverage of business requirements for EAS. This group should be cross-functional, with manager- or director-level representation from the departments that have a vested interest in the EAS project.
    2. Use your organization’s standard internal tools or download Info-Tech’s ERP Requirements Template, HRIS Requirements Template, or CRM Requirements Template.
    3. Document the requirements from the elicitation sessions.
    • The core team of business analysts should be present throughout, and the sessions should be led by an experienced facilitator (such as a senior business analyst).
    • Requirements for EAS should focus on achieving the future state rather than replicating the current state.
    • The facilitator should steer the team toward requirements that are solution-agnostic (i.e. not coached in terms of a particular vendor or product). Focus on customer and internal personas to help drive requirements.
    Input Output
    • Business unit functional requirements
    • Business process inventory
    • Data flow map
    • Inventory of business requirements
    Materials Participants
    • Whiteboard, markers
    • Internal requirements documentation tools (if available)
    • Info-Tech’s ERP Requirements Template, HRIS Requirements Template, or CRM Requirements Template (optional)
    • Business analyst(s)
    • Project manager
    • Subject matter experts
    • Core project team (optional)

    Prioritize your EAS requirements to assist with the selection

    Requirements prioritization ensures that the ERP selection project team focuses on the right requirements when putting together the RFP.

    Prioritization is the process of ranking each requirement based on its importance to project success. Hold a meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure efforts are targeted toward the proper requirements and to plan features available on each release.

    Use the MoSCoW Model of Prioritization to effectively order requirements.

    The MoSCoW Model of Prioritization
    Must have Requirements must be implemented for the solution to be considered successful.
    Should have Requirements that are high priority should be included in the solution if possible.
    Could have Requirements are desirable but not necessary and could be included if resources are available.
    Won't have Requirements won’t be in the next release, but will be considered for the future releases.

    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994. MindTools.

    Base your prioritization on the right set of criteria

    Effective prioritization criteria

    Criteria Description
    Regulatory and legal compliance These requirements will be considered mandatory.
    Policy compliance Unless an internal policy can be altered or an exception can be made, these requirements will be considered mandatory.
    Business value significance Give a higher priority to high-value requirements.
    Business risk Any requirement with the potential to jeopardize the entire project should be given a high priority and implemented early.
    Likelihood of success Especially in “proof of concept” projects, it is recommended that requirements have good odds.
    Implementation complexity Give a higher priority to low implementation difficulty requirements.
    Alignment with strategy Give a higher priority to requirements that enable the corporate strategy.
    Urgency Prioritize requirements based on time sensitivity.
    Dependencies A requirement on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it.

    2.3.1 Prioritize your solution requirements

    Time required varies

    1. Consolidate all duplicate requirements to form a mutually exclusive and collectively exhaustive list of functional and non-functional requirements.
    2. Identify the significance of each requirement for your solution evaluation according to the MoSCoW model. Control the number of mandatory requirements you document. Too many mandatory requirements could create an unrealistic framework for evaluating solutions.
    3. Categorize your requirements and delineate between functional (i.e. capabilities the system will be able to perform) and non-functional (i.e. environmental conditions of the system, such as technical and security requirements).
    InputOutput
    • Inventory of business requirements
    • Inventory of business requirements with priorities
    MaterialsParticipants
    • Whiteboard, markers
    • Internal requirements documentation tools (if available)
    • Info-Tech’s ERP Requirements Template, HRIS Requirements Template, or CRM Requirements Template (optional)
    • Business analyst(s)
    • Project manager
    • Subject matter experts
    • Core project team

    Identify which vendors’ product and capabilities meet your must-have requirements

    Highlight must-haves in the RFP

    • Once you have prioritized your business requirements for the EAS initiative, it is time to package them into an RFP.
    • It is critical to highlight must-have requirements in the RFP document. Doing so immediately eliminates vendors who do not feel that their products are suitable for your needs.

    WATCH OUT!

    Many vendors will try to stretch their capabilities to fit your must-have requirements. Leverage vendor demos in the next stage of selection to quickly rule out products that do not cover your critical requirements.

    Identify key process areas where you require vendor knowledge

    Example of Key process areas

    Completing a process inventory and a list of EAS requirements often shows process areas that need updates and improvement. Take this opportunity to highlight areas where you would benefit from knowing about most recent best practices and technologies.

    Inquire about these when engaging the vendor to know their level of knowledge and how their products work best in your industry.

    General product knowledge requests are not enough. Be specific.

    Determine the product knowledge areas that are specific to your implementation.

    Product Knowledge Proof of Concept Development Customer Service Warehousing Core HR Other Overall
    Data Security *
    Process Improvements * *
    Configuration
    Data Architecture *
    Integration
    On premise Infrastructure
    Cloud Infrastructure *
    Other

    Identify the product knowledge that is required in relation to your implementation. This can include core product knowledge and should be related to larger infrastructure and organizational requirements.

    More than just functional requirements

    What to include What to look at What is differentiating
    • Remember to include must-have conditions that do not directly relate to the behavior or functionality of the EAS product, but rather describe environmental conditions under which the solution must remain effective or qualities that the systems must have.
    • These can include requirements related to capacity, speed, security, availability, and the information architecture and presentation of the user interface.
    • Consider the vendor’s overall ability to execute.
      • Are they financially stable?
      • Do they have the resources to execute?
      • Do they have the skills to execute?
      • Are they able to provide post-implementation support?
    • Vendors understand that SaaS isn’t for everyone. Deployment models are one way they will continue to differentiate themselves.
    • Some vendors choose to compete on breadth and others on depth of expertise in public, private, and hosted cloud offerings.

    Info-Tech Insight
    Be wary of sunsetting products! Selecting the EAS based on a good knowledge of the vendor’s roadmap allows for business operations to continue without having to repeat a selection and implementation project in the near future.

    Dominant use-case scenarios for potential ERP solutions

    While an organization may be both product- and service-centric, most organizations fall into one of the two categories.

    Use case: Public sector

    The service-centric ERP use case is suitable for most organizations in the public sector. With that in mind, consider ERP solutions that offer grant disbursements, fleet management, and staffing/resourcing capabilities.

    Product-centric ERP Service-centric ERP
    What it is The product-centric ERP is suitable for organizations that manufacture, assemble, distribute, or manage material goods throughout a product lifecycle. ERP vendors and/or products that align to this use case usually cater to industries such as manufacturing, retail, aerospace and defense, distribution, and food and beverage. The service-centric ERP use case is suitable for organizations that provide and manage field services and/or professional services throughout a project lifecycle. ERP vendors and/or products that align to this use case usually cater to industries such as utilities, maintenance and repair, government, education, and professional services (i.e. consulting, legal).
    How it works Product-centric ERP has strong functionality in supply chain management, manufacturing, procurement management, and material job and project management. Service-centric ERP has strong functionality in resource job and project management, service management, and customer relationship management.

    EAS table stakes vs differentiating features

    Make sure features align with your objectives first.

    What are table stakes / standard features?

    • For every type of EAS, such as ERP, HRIS, and CRM, certain features are standard, but that doesn’t mean they are all equal.
    • The existence of features doesn’t guarantee quality or functionality to the standards you need. Never assume that yes in a features list means you don’t need to ask for a demo.

    What is differentiating/additional feature?

    • Differentiating features take two forms:
      • Some platforms offer differentiating features that are vertical specific.
      • Other platforms offer differentiating features that are considered cutting edge. These cutting-edge features may become table stakes over time.
    • These features may increase productivity but also require process changes.

    Info-Tech Insight
    If table stakes are all you need from your EAS solution, the only true differentiator for the organization is price. Otherwise, dig deeper to find the best price to value for your needs. Remove the product from your shortlist if table stakes are not met!

    Reign-In Ballooning Scope for EAS Selection Projects

    Stretching the EAS beyond its core capabilities is a short-term solution for a long-term problem. Educate stakeholders about the limits of EAS technology.

    Common pitfalls for EAS selection

    • Tangential capabilities may require separate solutions. It is common for stakeholders to list features such as content management as part of the new EAS platform. While content management goes hand in hand with the EAS’s ability to manage customer interactions, document management is best handled by a standalone platform.

    Keeping stakeholders engaged and in line

    • Ballooning scope leads to stakeholder dissatisfaction. Appeasing stakeholders by over customizing the platform will lead to integration and headaches down the road.
    • Make sure stakeholders feel heard. Do not turn down ideas in the midst of an elicitation session. Once the requirements gathering sessions are completed, the project team has the opportunity to mark requirements as “out of scope”, and communicate the reasoning behind the decision.
    • Educate stakeholders on the core functionality of EAS. Many stakeholders do not know the best-fit use cases for EAS platforms. Help end users understand what EAS is good at, and where additional technologies will be needed.

    Phase 3

    Engage, Evaluate, and Finalize Selection

    Phase 1
    1.1 Enterprise Application Landscape
    1.2 Validate Readiness
    1.3 Determine Resourcing

    Phase 2
    2.1 Capability Mapping
    2.2 Requirements Gathering Data Mapping
    2.3 Requirements Prioritizing

    Phase 3
    3.1 Understanding Product Offerings
    3.2 RFP & Demo Scripts
    3.3 Evaluation Select and Negotiate

    Phase 4
    4.1 Prepare for Implementation

    This phase will walk you through the following activities:

    In this phase of the project, you will review your RFx and build an initial list of vendors/implementors to reach out to. The final step is to build your evaluation checklist for rating the incoming responses.

    This phase involves the following participants:

    Key stakeholders from the various areas of the business that will support the project including:

    • Evaluation team
    • Vendor management team
    • Project management team
    • Core project team

    Select an Enterprise Application

    Products and vendors demystified

    Knowing who can provide the solution will shorten the selection process and provide the most suitable set of features.

    The Product The Vendor The VAR
    A product is the software, hardware, add-ins, and any value-added services or tools that are bundled together, e.g. SAP Rise (see What is RISE with SAP), SAP S4/HANA, etc. A vendor can carry and sell multiple products or lines of products (e.g. Oracle sells Oracle Fusion and NetSuite, etc.). The Value-added reseller (VAR) can sell a pre-packaged / pre-configured product. VARs are usually partners of the vendor and typically provide other packaged services including system hosting, customization, implementation, and integrations.

    Info-Tech Insight
    Selecting an Enterprise Application is much more than just selecting a software or product; it is selecting a long-term platform and partner to help achieve long-term strategic goals. Refer to our blueprint Select an ERP Implementation Partner.

    Consolidating the vendor shortlist up-front reduces downstream effort

    Put the “short” back in shortlist!

    • Radically reduce effort by narrowing the field of potential vendors earlier in the selection process. Too many organizations don’t funnel their vendor shortlist until near the end of the selection process. The result is wasted time and effort evaluating options that are patently not a good fit.
    • Leverage external data (such as SoftwareReviews) and expert opinion to consolidate your shortlist into a smaller number of viable vendors before the investigative interview stage, and eliminate time spent evaluating dozens of RFP responses.
    • Having fewer RFP responses to evaluate means you will have more time to do greater due diligence.

    Review your use cases to start your shortlist

    Your Info-Tech analysts can help you narrow down the list of vendors that will meet your requirements.

    Next steps will include:

    1. Reviewing your requirements.
    2. Checking out SoftwareReviews.
    3. Creating the RFP.
    4. Conducting demos and detailed proposal reviews.
    5. Selecting and contracting with a finalist!

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews

    The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Speak with category experts to dive deeper into the vendor landscape

    Fact-based reviews of business software from IT professionals.

    Product and category reports with state-of-the-art data visualization.

    Top-tier data quality backed by a rigorous quality assurance process.

    User-experience insight that reveals the intangibles of working with a vendor.

    SoftwareReviews is powered by Info-Tech.

    Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. The insights of our expert analysts provide unparalleled support to our members at every step of their buying journey.

    CLICK HERE to access SoftwareReviews

    Comprehensive software reviews to make better IT decisions.

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    Case Study

    Manufacturer and retailer utilizes Info-Tech for goal of unifying four separate ERP systems

    INDUSTRY
    Manufacturing

    SOURCE
    Info-Tech Consulting

    Challenge Solution Results

    An amalgamation of eight different manufacturing, retail, and supply brands that operated four separate ERP systems and processes across the United States had poor visibility into operations.

    The organization had plans to unify the brands from a systems perspective and accommodate the company’s growth in a scalable and repeatable way.

    Info-Tech was previously engaged to perform an Establish a Concrete ERP Foundation workshop to set the groundwork for the eventual ERP selection.

    The organization engaged Info-Tech’s consulting group to assist in requirements gathering and RFP development.

    Info-Tech consultants traveled to five different states to gather ERP requirements from stakeholders and identify solution requirements.

    Info-Tech developed an ERP requirements matrix from the organization’s processes, including technical requirements and operations/support services.

    Info-Tech matched the organization with a use case and weighted requirements to assist in future scoring.

    An RFP was constructed using the organization’s requirements. and distributed to 10 qualified vendors for completion.

    Strengthen your RFP process with a thorough review

    Drive better sourcing outcomes.

    A quality SOW is the result of a quality RFI/RFP (RFx).

    Use Info-Tech’s RFP Review as a Service to review key items and ensure your RFP will generate quality responses and SOWs.

    • Is it well structured, with a consistent use of fonts and bullets?
    • Is it laid out in sections that are easily identifiable and that progress from high-level to more detailed information?
    • Can a vendor quickly identify the ten (or fewer) things that are most important to you?

    Contact Us

    3.2.1 Prepare the RFP

    1-2 hours

    1. Download Info-Tech’s ERP Request for Proposal Template or prepare internal best-practice RFP tools.
    2. Build your RFP.
      1. Complete the statement of work and general information sections to provide organizational context to your long-listed vendors.
      2. Outline the organization’s procurement instructions for vendors, including due diligence, assessment criteria, and dates.
      3. Input the business requirements document as created in Activity 1.3.1.
      4. Create a scenario overview to provide vendors with an opportunity to give an estimated price.
    3. Obtain approval for your RFP. Each organization has a unique procurement process; follow your own organization’s process as you submit your RFPs to vendors. Ensure compliance with your organization’s standard and gain approval for submitting your RFP.
    Input Output
    • Business requirements document
    • Procurement procedures
    • EAS RFP
    Materials Participants
    • Internal RFP tools/ templates (if available)
    • Info-Tech’s ERP RFP Template (optional)
    • Procurement SMEs
    • Project manager
    • Core project team (optional)

    Download the ERP Request for Proposal Template

    Streamline your evaluation of vendor responses

    Use Info-Tech’s ERP Vendor Response Template to standardize vendor responses.

    • Vendors tend to use their own standard templates when responding, which complicates evaluations.
    • Customize Info-Tech’s ERP Vendor Response Template to adjust for the scope and content of your project; input your organization’s procurement process and ERP requirements.
    • The template is meant to streamline the evaluation of vendor responses by ensuring you achieve comprehensiveness and consistency across all vendor responses. The template requires vendors to prove their organizational viability, understanding of the problem, and tested technology and implementation methodologies.

    Sections of the tool:

    1 Executive Summary

    2 About the Vendor

    3 Understanding of the Challenge

    4 Methodology

    5 Proposed Solution

    6 Project Plan and Timeline

    7 Vendor Qualifications

    8 References

    9 Additional Value-Added Services

    10 Additional Value-Added Goods

    For an explanation of how advanced features are determined, see Information Presentation – Feature Ranks (Stoplights) in the Appendix.

    What to look in vendor responses

    Vendor responses to an RFP can be very revealing about whether their product offering aligns with your EAS roadmap.

    Validate the vendor responses so that there are no misunderstandings with their offer. Here are key items to validate.

    Key items Why is this important?
    About the Vendor This is where the vendor will describe itself and prove its organizational viability.
    Understanding of the Challenge Demonstrating understanding of the problem is the first step in being able to provide a solution.
    Methodology Shows the vendor has a proven methodology to approach and solve the challenge.
    Proposed Solution Describes how the vendor will address the challenge. This is a very important section as it will articulate what you will receive from the vendor as a solution.
    Project Plan and Timeline Provides an overview of the project management methodology, phases of the project, and what will be delivered and when.
    Vendor Qualifications Provides evidence of prior experience with delivering similar projects for similar clients.
    References Provides contact information for individuals or organizations for which the vendor has worked and who can vouch for the experience and success of working with this vendor.
    Value-Added Services and Goods Allows vendors an opportunity to set themselves apart from the competition with additional services and/or goods applicable to your project but not covered elsewhere in the template.

    3.2.2 Build a vendor response template

    1-2 hours

    1. Download Info-Tech’s ERP Vendor Response Template.
    2. Validate that the provided template is comprehensive and will collect the information necessary for your organization to effectively evaluate the product and vendor and will inform a decision to invite the vendor in for a demonstration.
    3. Make the small customizations necessary to tailor the template to your organization (i.e. swap out “[Company X]” for your organization’s name).

    Download the ERP Vendor Response Template

    InputOutput
    • EAS RFP
    • ERP Vendor Response Template
    MaterialsParticipants
    • Info-Tech’s ERP Vendor Response Template
    • Procurement SMEs
    • Project manager
    • Core project team

    3.2.3 Evaluate RFP responses

    Varies

    1. Customize Info-Tech’s EAS RFP and Demonstration Scoring Tool to build a vendor and product evaluation framework for your EAS selection team.
    2. Review all RFP responses together with the core project team and stakeholders from procurement (if necessary).
    3. Input vendor solution information into the EAS RFP and Demonstration Scoring Tool.
    4. Analyze the vendors against your evaluation framework by paying specific attention to costing, overall score, and evaluation notes and comments.
    5. Identify vendors with whom you wish to arrange vendor demonstration.
    6. Contact vendors and arrange briefings.
    InputOutput
    • EAS RFP
    • ERP Vendor Response Template
    MaterialsParticipants
    • Info-Tech’s ERP Vendor Response Template
    • Procurement SMEs
    • Project manager
    • Core project team

    Download the EAS RFP and Demonstration Scoring Tool

    Identify specific use cases and develop demonstration scenarios

    These techniques can be used to gather requirements now and for vendor demos during the evaluation stage.

    Describe use cases to indicate how the various processes will operate. This technique can help end-users describe what the solution must do without needing to know how to describe requirements. Outline scenarios based on these use cases for vendors to demonstrate how their solution can fulfill business requirements.

    Define
    Define objectives for each specific use case.

    Explore
    Explore the various process paths and alternate outcomes for each use case.

    Build
    Build the details of the scenarios to describe the roles of the people involved and the detailed process steps to be accomplished.

    Use
    For each scenario, outline the expected outputs and variations.

    Info-Tech Insight
    Do not exceed three vendors when selecting participants for a product demonstration. Each vendor demonstration should last between one day and one week, depending on the scope of the project. Exceeding the threshold of three vendors can be massively time consuming and yield diminishing returns.

    Conduct vendor demos that extend beyond baseline requirements

    • Demo scripts should focus on differentiating vendor processes and capabilities that contribute to achieving your business’ strategic objectives.
    • You want vendors to show you what differentiates them and what can they do that is specific to your industry.
    • Avoid focusing on baseline EAS capabilities. While this may drive consistency across demonstrations, you will not get a clear picture of how one vendor may align with your unique business needs.
    • Ask the vendor questions pertaining to the differentiating factors listed below. Consider if the differentiating factors are worthwhile over the baseline capabilities shown.
    Adhere to this framework when crafting your scenarios:
    Simple and straightforward Series of steps
    • A straightforward narrative of what you need the product to do.
    • Once written, scenarios should be circulated to key stakeholders in the organization for validation.
    • Demonstrate how a user would interact with the system.
    • Should not be an explanation of specific features/functions.
    Specific Suitable for your business
    • Demonstrate exactly what you need the system to do, but don’t get into implementation details – don’t go too far into the how.
    • Select only critical functions that must be demonstrated.
    • Scenarios should reflect current realities within the organization, while still allowing processes to be improved.

    Add your scenarios to Info-Tech’s sample EAS demo script

    Take a holistic approach to vendor and product evaluation

    Almost – or equally – as important as evaluating vendor feature capabilities is the need to evaluate vendor viability and non-functional aspects of the EAS solution. Include an evaluation of the following criteria in your vendor scoring methodology.

    Vendor capability Description
    Usability and Intuitiveness The degree to which the system interface is easy to use and intuitive to end users.
    Ease of IT Administration The degree to which the IT administrative interface is easy to use and intuitive to IT administrators.
    Ease of Data Integration The relative ease with which the system can be integrated with an organization’s existing application environment including legacy systems, point solutions, and other large enterprise applications.
    Ease of Customization The relative ease with which a system can be customized to accommodate niche or industry-specific business or functional needs.
    Vendor Support Options The availability of vendor support options including selection consulting, application development resources, implementation assistance, and ongoing support resources.
    Availability and Quality of Training The availability of quality training services and materials that will enable users to get the most out of the product selected.
    Product Strategy, Direction, and Rate of Improvement The vendor’s proven ability for constant product improvement, deliberate strategic direction, and overall commitment to research and development efforts in responding to emerging trends.

    Info-Tech Insight
    Evaluating the vendor capabilities, not just product capabilities, is particularly important with EAS solutions. EAS solutions are typically long-term commitments; ensure that your organization is teaming up with a vendor or provider that you feel you can work well with and depend on.

    Case Study

    Structured RFP and demo processes ease the pain of vendor evaluations during the selection phase.

    INDUSTRY
    Automotive

    SOURCE
    Research Interview

    Challenge Solution Results

    This company is one of the largest automotive manufacturers worldwide and has various manufacturing facilities and distribution centers across Canada.

    With over 8,000 employees, the company has a multifaceted health and safety program. While head office enabled and used the health and safety module within the existing HRIS, some divisions within the company found the system complex and were still relying heavily on manual entry spreadsheets for incident investigations. As a result, the company decided to explore other options.

    A project team was created, led by a project manager from head office’s IT department. The team also included health and safety specialists from across the organization, who served as subject matter experts.

    The team put together a project outline, a roadmap for required functionality, and a business case to present to senior leadership, highlighting benefits and potential payback.

    After acquiring executive sponsorship, the team developed a Request for Proposal that was sent to 11 vendors.

    Among the evaluation criteria set in the RFP, injury cost analysis and analytics on safety were identified as the most critical requirements. Based on this criteria, the team narrowed down the options to four RFP responses, which were opened to 16 different sites to ensure consensus across the company.

    The team developed demo scripts to guide the product demonstrations. They also built evaluation scorecards that were used to narrow down the selection to two vendors. Ultimately, the final selection decision came down to how well the vendors’ teams knew the business, and the vendor that demonstrated greater industry expertise was selected.

    3.2.4 Build a demo script for product demonstration evaluation

    1-2 hours

    1. With the EAS selection team, use Info-Tech’s ERP Vendor Demonstration Script, HRIS Vendor Demonstration Script, or CRM Vendor Demonstration Script to write a demo script that reflects your organization’s EAS needs.
    2. Outline the logistics of the demonstration in the Introduction section of the template. Be sure to outline the total length of the demo and the amount of time that should be dedicated to the following:
      1. Product demonstration in response to the demo script.
      2. Showcase of unique product elements, not reflective of the demo script.
      3. Question and answer session.
      4. Breaks and other potential interruptions.
    3. Provide prompts for the vendor to display the capabilities by listing and describing usage scenarios by functional area. For example, when asking a vendor to demonstrate financial and accounting management capabilities, you may break scenarios out by task (e.g. general ledger, accounts payable) or user role (e.g. finance manager, administrator).

    Info-Tech Insight
    Challenge vendor project teams during product demonstrations. Asking the vendor to make adjustments or customizations on the fly will allow you to get an authentic feel for product capability and flexibility and for the degree of adaptability of the vendor project team. Ask the vendor to demonstrate how to do things not listed in your user scenarios, such as change system visualizations or design, change underlying data, add additional data sets, demonstrate collaboration capabilities, or trace an audit trail.

    3.2.4 Build a demo script for product demonstration evaluation

    Before the actual demonstrations, remember to communicate to the team the scenarios to be covered. Distribute the scripts ahead of the demonstrations so that the evaluation team know what is expected from the vendors.

    Input Output
    • Business requirements document
    • Logistical considerations
    • Usage scenarios by functional area
    • EAS demo script
    Materials Participants
    • Info-Tech’s ERP Vendor Demonstration Script, HRIS Vendor Demonstration Script, or CRM Vendor Demonstration Script
    • Business analyst(s)
    • Core project team

    A vendor scoring model provides a clear anchor point for your evaluation of EAS vendors based on a variety of inputs

    A vendor scoring model is a systematic method for effectively assessing competing vendors. A weighted-average scoring model is an approach that strikes a strong balance between rigor and evaluation speed.

    How do I build a scoring model? What are some of the best practices?
    • Start by shortlisting the key criteria you will use to evaluate your vendors. Functional capabilities should always be a critical category, but you’ll also want to look at criteria such as affordability, architectural fit, and vendor viability.
    • Depending on the complexity of the project, you may break down some criteria into sub-categories to assist with evaluation (for example, breaking down functional capabilities into constituent use cases so you can score each one).
    • One you’ve developed the key criteria for your project, the next step is weighting each criteria. Your weightings should reflect the priorities for the project at hand. For example, some projects may put more emphasis on affordability, others on vendor partnership.
    • Using the information collected in the subsequent phases of this blueprint, score each criteria from 1-100, then multiply by the weighting factor. Add up the weighted scores to arrive at the aggregate evaluation score for each vendor on your shortlist.
    • While the criteria for each project may vary, it’s helpful to have an inventory of repeatable criteria that can be used across application selection projects. The next slide contains an example that you can add or subtract from.
    • Don’t go overboard on the number of criteria: five to ten weighted criteria should be the norm for most projects. The more criteria (and sub-criteria) you must score against, the longer it will take to conduct your evaluation. Always remember – link the level of rigor to the size and complexity of your project! It’s possible to create a convoluted scoring model that takes significant time to fill out but yields little additional value.
    • Creation of the scoring model should be a consensus-driven activity between IT, procurement, and the key business stakeholders – it should not be built in isolation. Everyone should agree on the fundamental criteria and weights that are employed.
    • Consider using not just the outputs of investigative interviews and RFP responses to score vendors, but also third-party review services like SoftwareReviews.

    Info-Tech Insight
    Even the best scoring model will still involve some “art” rather than science – scoring categories such as vendor viability always entail a degree of subjective interpretation.

    Establish vendor evaluation criteria

    Vendor demonstrations are an integral part of the selection process. Having clearly defined selection criteria will help with setting up relevant demos and informing the vendor scorecards.

    Vendor evaluation criteria (weight)

    Functionality (30%) Ease of Use (25%)
    • Breadth of capability
    • Tactical capability
    • Operational capability
    • End-user usability
    • Administrative usability
    • UI attractiveness
    • Self-service options
    Cost (15%) Vendor (15%)
    • Maintenance
    • Support
    • Licensing
    • Implementation (internal and external costs)
    • Support model
    • Customer base
    • Sustainability
    • Product roadmap
    • Proof of concept
    • Implementation model
    Technology (15%)
    • Configurability options
    • Customization requirements
    • Deployment options
    • Security and authentication
    • Integration environment
    • Ubiquity of access (mobile)

    Info-Tech Insight
    Do not buy something that does not fit your functional needs just because it is the cheapest. ERP is a massive, long-term investment. If you purchase a system that does not contain the functionality that meets the organization’s business needs, not only will you face issues with user adoption, but you may also face having to revisit your ERP project down the road. In the end, this will cost you more than it will save you.

    Conduct client reference interviews to identify how other organizations have successfully used the vendor’s solution

    Request references from the vendors. Make sure the vendors deliver what they promise.

    Vendors are inevitably going to provide references that will give positive feedback, but don’t be afraid to dig into the interviews to understand some of the limitations related to the solution.

    • Even if a vendor is great for one client doesn’t necessarily mean it will fit for you. Ask the vendor to provide references from organizations in your own or a similar industry or from someone who has automated similar business processes or outlined similar expectations.
    • Use these reference calls as an opportunity to gain a more accurate understanding of the quality of the vendor’s service support and professional services.
    • If you are looking to include a high level of customization in your EAS solution, pay particular attention to this step and the client responses, as these will help you understand how easy a vendor is to work with.
    • Make the most of your client reference interviews by preparing your questions in advance and following a specific script.

    Sample Reference Check Questions

    Use Info-Tech’s Sample Reference Check Questions to provide a framework and starting point for your interviews with a vendor’s previous clients. Review the questions and customize to fit your needs.

    Determine costs of the solution

    Ensure the business case includes both internal and external costs related to the new EAS platform, allocating costs of project managers to improve accuracy of overall costs and level of success.

    EAS solutions include application costs and costs to design processes, install, and configure. These start-up costs can be a significant factor in whether the initial purchase is feasible.

    EAS vendor costs Internal costs
    • Application licensing
    • Implementation and configuration
    • Professional services
    • Maintenance and support
    • Training
    • Third-party add-ons
    • Data transformation
    • Integration
    • Project management
    • Business readiness
    • Change management
    • Resourcing (user groups, design/consulting, testing)
    • Training
    • Auditors (if regulatory requirements need vetting)
    When thinking about vendor costs, also consider the matching internal cost associated with the vendor activity (e.g. data cleansing, internal support). Project management is a top-five critical success factor at all stages of an enterprise application initiative from planning to post-implementation (Information Systems Frontiers). Ensuring that costs for such critical areas are accurately represented will contribute to success.

    Bring in the right resources to guarantee success. Work with the PMO or project manager to get creating the SOW.

    60% of IT projects are not finished “mostly or always” on time (Wellingtone, 2018).

    55% of IT personnel feel that the business objectives of their software projects are clear to them (Geneca, 2017).

    Download the blueprint Improve Your Statements of Work to Hold Your Vendors Accountable to define requirements for installation and configuration.

    3.3.1 Establish your evaluation criteria

    Time required varies

    Customize Info-Tech’s RFP and Demonstration Scoring Tool to build an evaluation framework for vendor responses based on set criteria rather than relative comparisons.

    This tool allows you to evaluate whether your organization’s requirements have been met by the vendor RFP response and provides a location for comprehensive documentation of the RFP response and demonstration details, including costing and availability/quality of product features, architecture, and vendor support.

    Finally, the tool gives you the ability to evaluate your shortlisted vendors’ demonstrations.

    InputOutput
    • Business requirements document
    • Logistical considerations
    • Usage scenarios by functional area
    • EAS evaluation criteria
    MaterialsParticipants
    • Info-Tech’s EAS RFP and Demonstration Scoring Tool
    • Procurement SMEs
    • Core project team

    3.3.1 Establish your evaluation criteria

    Time required varies

    1. With the EAS selection team, brainstorm a list of criteria against which you are going to evaluate each vendor and product.
    2. Categorize each criteria into four to eight groups.
    3. Assign ranked weightings to each category of evaluation criteria. The weightings should add up to 100%. Be sure to identify which criteria are most important to your team by assigning higher weightings to those criteria. If you are having trouble assigning ranked weightings to criteria, take your team through an exercise of ranking pairs. For example, if deciding on the ranked importance of cost, ease of use, and vendor support, break down the discussion by addressing just two criteria at a time: “Between cost and ease of use, which is more important?” If cost is selected… “Between cost and vendor support, which is more important?” If cost is selected again, decide on your second and third rankings by addressing the remaining two criteria… “Between vendor support and ease of use, which is more important?”
    4. Document the final output from this activity as an input to your EAS selection. Optionally, record it in Info-Tech’s EAS RFP and Demonstration Scoring Tool.

    Download the EAS RFP and Demonstration Scoring Tool

    Info-Tech Insight
    Do not reveal your evaluation criteria to vendors. Allowing vendors to see what matters most to your organization may sway their response and/or demo. Avoid this by keeping your decided evaluation criteria and weightings among your selection team only.

    3.3.2 Evaluate vendor product demonstrations

    Time required varies

    1. Using the demonstration script and vendor criteria previously established, customize Info-Tech’s EAS RFP and Demonstration Scoring Tool to build a scorecard that quickly evaluates vendor product demonstrations.
    2. Distribute the scorecard to every member of the team who is evaluating a particular demonstration.
    3. Evaluate each vendor product demonstration using the tool.
    4. Average all scores from each vendor demonstration to inform your selection decision. Note that the vendor with the highest overall score may not necessarily be the best fit for your organization.
    Input Output
    • Demonstration script
    • Evaluation criteria
    • ERP demonstration vendor scores
    Materials Participants
    • Info-Tech’s EAS RFP and Demonstration Scoring Tool
    • Core project team

    Download the EAS RFP and Demonstration Scoring Tool

    Decision Point: Select the Finalist

    After reviewing all vendor responses to your RFP, conducting vendor demos, and running a pilot project (if applicable) – the time has arrived to select your finalist.

    All core selection team members should hold a session to score each shortlisted vendor against the criteria enumerated on the previous slide, based on an in-depth review of proposals, the demo sessions, and any pilots or technical assessments.

    The vendor that scores the highest in aggregate is your finalist.

    Congratulations – you are now ready to proceed to final negotiation and inking a contract. This blueprint provides a detailed approach on the mechanics of a major vendor negotiation.

    Get the best value out from your EAS vendor. Negotiate on your own terms.

    Here are a few tips common to EAS vendors and its offerings.

    Vendors will give time-limited discounts to obtain your buy-in.

    • Depending on your procurement process, it is good practice to have at least two competing vendors in the running to obtain the best value.
    • Make sure that the package offered is coherent – that there are no gaps in the product offering.
    • Ask for access to a higher level of customer care or even developers to obtain quicker, specific support
    • Inquire about specific support and patching service, especially if you have customizations.
    • Ask for additional hours for training and support, pre- and post- implementation.
    • Think long-term – you want to have a good working relationship over the long haul, with a vendor that fits with your overall strategy, and not have to repeat and negotiate often.

    Use Info-Tech’s vendor services

    Info-Tech’s vendor management services has price benchmarks as well knowledgeable advisors who can help evaluate proposals to obtain the best value

    Speak to a vendor management services’ advisor today.

    Contact Us

    Communicate to the vendor whether they were accepted or rejected

    Communicate with each vendor following the demonstration and product evaluation. Ask follow-up questions, highlight areas of concern, and inform them of their status in the selection process.

    The RFP process is a standard business practice. As a customer, you are not under any obligation to educate the vendor as to the details of acceptance or rejection. However, consider every point of contact as an opportunity to build a strong network of potential vendors to help you acquire the best products for your organization.

    Use Info-Tech’s Vendor Communication Set template to communicate with the vendor following the demonstration and product evaluations. This set includes:

    Rejection Notice: Inform the vendor that they are no longer under consideration and highlight opportunities for future debrief.

    Approval Notice: Inform the vendor of its progress to the next stage of selection and identify next steps.

    Go to this link

    Phase 4

    Prepare for Implementation

    Phase 1
    1.1 Enterprise Application Landscape
    1.2 Validate Readiness
    1.3 Determine Resourcing

    Phase 2
    2.1 Capability Mapping
    2.2 Requirements Gathering Data Mapping
    2.3 Requirements Prioritizing

    Phase 3
    3.1 Understanding Product Offerings
    3.2 RFP & Demo Scripts
    3.3 Evaluation Select and Negotiate

    Phase 4
    4.1 Prepare for Implementation

    This phase will walk you through the following activities:

    Discussion on what it takes to transition to a proper implementation.

    Key stakeholders from the various areas of the business that will support the project including:

    • Project management team
    • Core project team

    Select an Enterprise Application

    Leverage Info-Tech’s research to plan and execute your EAS implementation

    Use Info-Tech Research Group’s three-phase implementation process to guide your own planning.

    Assess

    Prepare

    Govern and course correct

    Establish and execute an end-to-end, agile framework to succeed with the implementation of a major enterprise application.

    Visit this link

    External resources are available for implementations

    Organizations rarely have sufficient internal staffing to resource an EAS project on their own. Consider the options for closing the gap in internal resource availability.

    The most common project resourcing structures for enterprise projects are:

    Your own staff +

    1 Management Consultant

    2 Vendor Consultant

    3 System Integrator

    Consider the following:

    Internal vs. External Roles and Responsibilities

    Clearly delineate between internal and external team responsibilities and accountabilities, and communicate this to your technology partner upfront.

    Internal vs. External Accountabilities

    Accountability is different than responsibility. Your vendor or SI partner may be responsible for completing certain tasks, but be careful not to outsource accountability for the implementation – ultimately, the internal team will be accountable.

    Partner Implementation Methodologies

    Often vendors and/or SIs will have their own preferred implementation methodology. Consider the use of your partner's implementation methodology; however, you know what will work for your organization.

    Info-Tech Insight
    When contemplating a resourcing structure, consider:

    • Availability of in-house implementation competencies and resources.
    • Timeline and constraints.
    • Integration environment complexity.

    Review your options for external resources

    Narrow your search for a management consultant, vendor consultant, or system integrator partner by understanding under which circumstances each would be most appropriate.

    When to choose… Management consultant Vendor consultant System integrators
    • There is an existing and trusted relationship.
    • Scope of work includes consideration of internal IT operations, costing, etc.
    • Organization requires external industry expertise for strategy formulation.
    • They will have a role in overall change management within the enterprise.
    • There are no concerns with overall IT processes or capabilities.
    • The project scope is restricted to a single technology or application.
    • There is minimal integration with other systems.
    • The consultant has no role in business process change.
    • They will be a specialist reporting to other consultants.
    • Project includes products from different vendors or multiple add-ons.
    • Extensive integration is required with legacy or other applications.
    • They will be responsible for outsourced operational support or development following implementation.

    Info-Tech Insight
    Depending on your internal resourcing constraints and IT maturity, you may need to work with multiple partners. If this is the case, just be aware that working with multiple partners can complicate vendor relationship management and makes having a dedicated vendor or partner relationship manager even more important.

    4.1.1 Establish team composition

    1 – 2 hours

    Utilize Info-Tech’s Governance and Management of Enterprise Software Implementation to establish your team composition. Within that blueprint:

    1. Assess the skills necessary for an implementation. Inventory the competencies required for the implementation project team. Map your internal resources to each competency as applicable.
    2. Select your internal implementation team. Determine who needs to be involved closely with the implementation. Key stakeholders should also be considered as members of your implementation team.
    3. Identify the number of external consultants/support required for implementation. Consider your in-house skills, timeline considerations, integration environment complexity, and cost constraints as you make your team composition plan. Be sure to dedicate an internal resource to managing the vendor and partner relationships.
    4. Document the roles and responsibilities, accountabilities, and other expectations of your team as they relate to each step of the implementation.
    Input Output
    • Skills assessment
    • Stakeholder analysis
    • Vendor partner selection
    • Team composition
    Materials Participants
    • Sticky notes
    • Whiteboard
    • Markers
    • Project Team

    Governance and Management of Enterprise Software Implementation

    Follow our iterative methodology with a task list focused on the business must-have functionality to achieve rapid execution and to allow staff to return to their daily work sooner.

    Visit this link

    Ensure your implementation team has a high degree of trust and communication

    If external partners are needed, dedicate an internal resource to managing the vendor and partner relationships.

    Communication Proximity Trust
    Teams must have some type of communication strategy. This can be broken into:
    • Regularity: Having a set time each day to communicate progress and a set day to conduct retrospectives.
    • Ceremonies: Injecting awards and continually emphasizing delivery of value can encourage relationship building and constructive motivation.
    • Escalation: Voicing any concerns and having someone responsible for addressing those concerns.
    		Distributed teams create complexity as communication can break down. This can be mitigated by:
    • Location: Placing teams in proximity can close the barrier of geographical distance and time zone differences.
    • Inclusion: Making a deliberate attempt to pull remote team members into discussions and ceremonies.
    • Communication tools: Having the right technology (e.g. video conference) can help bring teams closer together virtually.
    		 Members should trust that other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:
    • Accountability: Having frequent quality reviews and feedback sessions. As work becomes more transparent, people become more accountable.
    • Role clarity: Having a clear definition of what everyone’s role is.

    Create a formal communication process throughout the EAS implementation

    Establish a comprehensive communication process around the EAS enterprise roll-out to ensure that end users stay informed.

    The EAS kick-off meeting(s) should encompass:

    • Target business-user requirements
    • Target quality of service (QoS) metrics
    • Other IT department needs
    • Special consideration needs
    • Tangible business benefits of application
    • The high-level application overview

    The overall objective for inter-departmental EAS kick-off meetings is to confirm that all parties agree on certain key points and understand platform rationale and functionality.

    The kick-off process will significantly improve internal communications by inviting all affected internal IT groups, including business units, to work together to address significant issues before the application process is formally activated.

    Department groups or designated trainers should take the lead and implement a process for:

    • Scheduling EAS platform roll-out/kick-off meetings.
    • Soliciting preliminary input from the attending groups to develop further training plans.
    • Establishing communication paths and the key communication agents from each department who are responsible for keeping lines open moving forward.

    Plan for your implementation of EAS based on deployment model

    Place your EAS solution into your IT landscape by configuring and adjusting the tool based on your specific deployment method.

    On-Premises SaaS-based
    1. Identify custom features and configuration items
    2. Train developers and IT staff on new software investment
    3. Install software
    4. Configure software
    5. Test installation and configuration
    6. Test functionality
    1. Train developers and IT staff on new software investment
    2. Set up connectivity
    3. Identify VPN or internal solution
    4. Check firewalls
    5. Validate bandwidth regulations

    Integration is a top IT challenge and critical to the success of the EAS solution

    EAS solutions are most effective when they are integrated with ERP, HRIS, and CRM solutions.

    Data interchange between the EAS solution and other data sources is necessary Formulate a comprehensive map of the systems, hardware, and software with which the EAS solution must be able to integrate. Master data needs to constantly be synchronized; without this, you lose out on one of the primary benefits of integration. These connections should be bidirectional for maximum value (i.e. marketing data to the CRM, customer data to MMS).
    Specialized projects that include an intricate prospect or customer list and complex rules may need to be built by IT The more custom fields you have in your EAS and point solutions, the more schema mapping you will have to do. Include this information in the RFP to receive guidance from vendors regarding the ease with which integration can be achieved.
    Pay attention to legacy apps and databases If you have a legacy EAS and databases, more custom code will be required. Many vendors claim that custom integrations can be performed for most systems, but custom comes at a cost. Don’t just ask if they can integrate; ask how long it will take and for references from organizations which have been successful in this.

    Scenario: Failure to address EAS data integration will cost you in the long run

    A company spent $15 million implementing a new CRM system in the cloud and decided NOT to spend an additional $1.5 million to do a proper cloud DI tool procurement. The mounting costs followed.

    Cost element – Custom Data Integration $
    2 FTEs for double entry of sales order data $ 100,000/year
    One-time migration of product data to CRM $ 240,000 otc
    Product data maintenance $ 60,000/year
    Customer data synchronization interface build $ 60,000 otc
    Customer data interface maintenance $ 10,000/year
    Data quality issues $ 100,000/year
    New SaaS integration built in year 3 $ 300,000 otc
    New SaaS integration maintenance $ 150,000/year
    Cost element – Data Integration Tool $
    DI strategy and platform implementation $1,500,000 otc
    DI tool maintenance $ 15,000/year
    New SaaS integration point in year 3 $ 300,000 otc

    Comparison of Solution TCOs Chart

    Custom integration is costing this organization $300,000/year for one SaaS solution.

    The proposed integration solution would have paid for itself in 3-4 years and saved exponential costs in the long run.

    Proactively address data quality in the EAS during implementation

    Data quality is a make-or-break issue in an EAS platform; garbage in is garbage out.

    • EAS solutions are one of the leading offenders for generating poor quality data. As such, it’s important to have a plan in place for structuring your data architecture in such a way that poor data quality is minimized from the get-go.
    • Having a plan for data quality should precede data migration efforts; some types of poor data quality can be mitigated prior to migration.
    • There are five main types of poor-quality data found in EAS platforms.
      • Duplicate data: Duplicate records can be a major issue. Leverage dedicated de-dupe tools to eliminate them.
      • Stale data: Out-of-date customer information can reduce the usefulness of the platform. Use automated social listening tools to help keep data fresh.
      • Incomplete data: Records with missing info limit platform value. Specify data validation parameters to mandate that all fields are filled in.
      • Invalid and conflicting data: Can create cascading errors. Establishing conflict resolution rules in ETL tools for data integration can reduce issues.

    Info-Tech Insight
    If you have a complex EAS environment, appoint data stewards for each major domain and procure a de-dupe tool. As the complexity of EAS system-to-system integrations increase, so will the chance that data quality errors will crop up – for example, bi-directional POI with other sources of customer information dramatically increase the chances of conflicting/duplicate data.

    Profile data, eliminate dead weight, and enforce standards to protect data

    Identify and eliminate dead weight Poor data can originate in the firm’s EAS system. Custom queries, stored procedures, or profiling tools can be used to assess the key problem areas.
    Loose rules in the EAS system lead to records of no significant value in the database. Those rules need to be fixed, but if changes are made before the data is fixed, users could encounter database or application errors, which will reduce user confidence in the system.
    • Conduct a data flow analysis: map the path that data takes through the organization.
    • Use a mass cleanup to identify and destroy dead weight data. Merge duplicates either manually or with the aid of software tools. Delete incomplete data, taking care to reassign related data.
    • COTS packages typically allow power users to merge records without creating orphaned records in related tables, but custom-built applications typically require IT expertise.
    Create and enforce standards and policies Now that the data has been cleaned, it’s important to protect the system from relapsing.
    Work with business users to find out what types of data require validation and which fields should have changes audited. Whenever possible, implement drop-down lists to standardize values and make programming changes to ensure that truncation ceases.
    • Truncated data is usually caused by mismatches in data structures during either one-time data loads or ongoing data integrations.
    • Don’t go overboard on assigning required fields; users will just put key data in note fields.
    • Discourage the use of unstructured note fields: the data is effectively lost except if it gets subpoenaed.

    Info-Tech Insight
    Data quality concerns proliferate with the customization level of your platform. The more extensive the custom integration points and module/database extensions that you have made, the more you will need to have a plan in place for managing data quality from a reactive and proactive standpoint.

    Ensure requirements are met with robust user acceptance testing

    User acceptance testing (UAT) is a test procedure that helps to ensure end-user requirements are met. Test cases can reveal bugs before the suite is implemented.

    Five secrets of UAT success

    1 Create the plan With the information collected from requirements gathering, create the plan. Make sure this information is added to the main project plan documentation.
    2 Set the agenda The time allotted will vary depending on the functionality being tested. Ensure that the test schedule allows for the resolution of issues and discussion.
    3 Determine who will participate Work with relevant stakeholders to identify the people who can best contribute to system testing. Look for experienced power users who have been involved in earlier decision making about the system.
    4 Highlight acceptance criteria With the UAT group, pinpoint the criteria to determine system acceptability. Refer to requirements specified in use cases in the initial requirements-gathering stages of the project.
    5 Collect end user feedback Weaknesses in resolution workflow design, technical architecture, and existing customer service processes can be highlighted and improved with ongoing surveys and targeted interviews.

    Calculate post-deployment metrics to assess measurable value of the project

    Track the post-deployment results from the project and compare the metrics to the current state and target state.

    EAS selection and implementation metrics
    Description Formula Current or estimated Target Post-deployment
    End-user satisfaction # of satisfied users
    # of end users    		 70% 90% 85%
    Percentage over/under estimated budget Amount spent – 100%
    Budget    		 5% 0% 2%
    Percentage over/under estimated timeline Project length – 100%
    Estimated timeline    		 10% -5% -10%
    EAS strategy metrics
    Description Formula Current or estimated Target Post-deployment
    Number of leads generated (per month) # of leads generated 150 200 250
    Average time to resolution (in minutes) Time spent on resolution
    # of resolutions    		 30 minutes 10 minutes 15 minutes
    Cost per interaction by campaign Total campaign spending
    # of customer interactions    		 $17.00 $12.00 $12.00

    Continue to adapt your governance model

    Your EAS and applications environment will continue to evolve. Make sure your governance model is always ready to capture the everchanging needs.

    Business needs will not stop changing whether you have an ongoing EAS or other application project. It is thus important to keep your governance efficient and streamlined to capture these needs to then make the EAS continue deliver value and remain aligned to long-term corporate objectives.

    Visit this link

    Summary of Accomplishment

    Select an Enterprise Application

    EAS technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. Having a structured approach to gathering the necessary resources, defining key requirements, and engaging with the right shortlist of vendors to pick the best finalist is crucial.

    This selection guide allows organizations to execute a structured methodology for picking an EAS that aligns with their needs. This includes:

    • Alignment and prioritization of key business and technology drivers for an EAS selection.
    • Identification and prioritization of the EAS requirements.
    • Construction of a robust EAS RFP.
    • A strong market scan of key players.
    • A survey of crucial implementation considerations.

    This formal EAS selection initiative will drive business-IT alignment, identify data and integration priorities, and allow for the rollout of a platform that’s highly likely to satisfy all stakeholder needs.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Research Contributors

    Name Title Organization
    Anonymous Anonymous Telecommunications industry
    Anonymous Anonymous Construction material industry
    Anonymous Anonymous Automotive industry
    Corey Tenenbaum Head of IT Taiga Motors
    Mark Earley Director, Consulting Info-Tech Research Group
    Ricardo di Olivera Research Director, Enterprise Applications Info-Tech Research Group

    Bibliography

    “2016 Report on ERP Systems and Enterprise Software.” Panorama Consulting Solutions, 2016. Web.

    “2018 Report on ERP Systems and Enterprise Software.” Panorama Consulting Solutions, 2018. Web.

    “2022 HRIS Software Report.” SoftwarePath, 2022 . Web

    Cross-Industry Process Classification Framework (PCF) Version 7.2.1. APQC, 26 Sept. 2019. Web.

    “Doomed From the Start? Why a Majority of Business and IT Teams Anticipate Their Software Development Projects Will Fail.” Geneca, 25 Jan. 2017. Web.

    Farhan, Marwa Salah, et al. “A Systematic Review for the Determination and Classification of the CRM Critical Success Factors Supporting with Their Metrics.” Future Computing and Informatics Journal, vol. 3, no. 2, Dec. 2018, pp. 398–416.

    Gheorghiu, Gabriel. “ERP Buyer’s Profile for Growing Companies.” SelectHub, 23 Sept. 2022. Web

    “Process Frameworks.” APQC, 4 Nov. 2020. Web.

    “Process vs. Capability: Understanding the Difference.” APCQ, 2017. Web.

    Savolainen, Juha, et al. “Transitioning from Product Line Requirements to Product Line Architecture.” 29th Annual International Computer Software and Applications Conference (COMPSAC'05), IEEE, vol. 1, 2005, pp. 186-195, doi: 10.1109/COMPSAC.2005.160

    Saxena, Deepak, and Joe McDonagh. "Evaluating ERP Implementations: The Case for a Lifecycle based Interpretive Approach." Electronic Journal of Information Systems Evaluation 22.1 (2019): pp29-37.

    “SOA Reference Architecture – Capabilities and the SOA RA.” The Open Group, TOGAF, n.d. Web.

    Smith, Anthony. “How To Create A Customer-Obsessed Company Like Netflix.” Forbes, 12 Dec. 2017. Web.

    "The Moscow Method", MindTools. Web.

    “The State of CRM Data Management 2020.” Validity, 2020. Web.

    “The State of Project Management Annual Survey 2018.” Wellingtone, 2018. Web.

    “Why HR Projects Fail.” Unleash, 2021. Web

    Modernize Your SDLC

    • Buy Link or Shortcode: {j2store}148|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $30,263 Average $ Saved
    • member rating average days saved: 39 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality.
    • Many organizations lack the critical capabilities and resources needed to satisfy their growing backlog, jeopardizing product success.

    Our Advice

    Critical Insight

    • Delivery quality and throughput go hand in hand. Focus on meeting minimum process and product quality standards first. Improved throughput will eventually follow.
    • Business integration is not optional. The business must be involved in guiding delivery efforts, and ongoing validation and verification product changes.
    • The software development lifecycle (SDLC) must deliver more than software. Business value is generated through the products and services delivered by your SDLC. Teams must provide the required product support and stakeholders must be willing to participate in the product’s delivery.

    Impact and Result

    • Standardize your definition of a successful product. Come to an organizational agreement of what defines a high-quality and successful product. Accommodate both business and IT perspectives in your definition.
    • Clarify the roles, processes, and tools to support business value delivery and satisfy stakeholder expectations. Indicate where and how key roles are involved throughout product delivery to validate and verify work items and artifacts. Describe how specific techniques and tools are employed to meet stakeholder requirements.
    • Focus optimization efforts on most affected stages. Reveal the health of your SDLC from the value delivery, business and technical practice quality standards, discipline, throughput, and governance perspectives with a diagnostic. Identify and roadmap the solutions to overcome the root causes of your diagnostic results.

    Modernize Your SDLC Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize your SDLC, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set your SDLC context

    State the success criteria of your SDLC practice through the definition of product quality and organizational priorities. Define your SDLC current state.

    • Modernize Your SDLC – Phase 1: Set Your SDLC Context
    • SDLC Strategy Template

    2. Diagnose your SDLC

    Build your SDLC diagnostic framework based on your practice’s product and process objectives. Root cause your improvement opportunities.

    • Modernize Your SDLC – Phase 2: Diagnose Your SDLC
    • SDLC Diagnostic Tool

    3. Modernize your SDLC

    Learn of today’s good SDLC practices and use them to address the root causes revealed in your SDLC diagnostic results.

    • Modernize Your SDLC – Phase 3: Modernize Your SDLC
    [infographic]

    Workshop: Modernize Your SDLC

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Set Your SDLC Context

    The Purpose

    Discuss your quality and product definitions and how quality is interpreted from both business and IT perspectives.

    Review your case for strengthening your SDLC practice.

    Review the current state of your roles, processes, and tools in your organization.

    Key Benefits Achieved

    Grounded understanding of products and quality that is accepted across the organization.

    Clear business and IT objectives and metrics that dictate your SDLC practice’s success.

    Defined SDLC current state people, process, and technologies.

    Activities

    1.1 Define your products and quality.

    1.2 Define your SDLC objectives.

    1.3 Measure your SDLC effectiveness.

    1.4 Define your current SDLC state.

    Outputs

    Product and quality definitions.

    SDLC business and technical objectives and vision.

    SDLC metrics.

    SDLC capabilities, processes, roles and responsibilities, resourcing model, and tools and technologies.

    2 Diagnose Your SDLC

    The Purpose

    Discuss the components of your diagnostic framework.

    Review the results of your SDLC diagnostic.

    Key Benefits Achieved

    SDLC diagnostic framework tied to your SDLC objectives and definitions.

    Root causes to your SDLC issues and optimization opportunities.

    Activities

    2.1 Build your diagnostic framework.

    2.2 Diagnose your SDLC.

    Outputs

    SDLC diagnostic framework.

    Root causes to SDLC issues and optimization opportunities.

    3 Modernize Your SDLC

    The Purpose

    Discuss the SDLC practices used in the industry.

    Review the scope and achievability of your SDLC optimization initiatives.

    Key Benefits Achieved

    Knowledge of good practices that can improve the effectiveness and efficiency of your SDLC.

    Realistic and achievable SDLC optimization roadmap.

    Activities

    3.1 Learn and adopt SDLC good practices.

    3.2 Build your optimization roadmap.

    Outputs

    Optimization initiatives and target state SDLC practice.

    SDLC optimization roadmap, risks and mitigations, and stakeholder communication flow.

    Maintain an Organized Portfolio

    • Buy Link or Shortcode: {j2store}432|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $3,059 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • All too often, the portfolio of programs and projects looks more like a random heap than a strategically organized and balanced collection of investments that will drive the business forward.
    • Portfolio managers know that with the right kind of information and the right level of process maturity they can get better results through the portfolio; however, organizations often assume (falsely) that the required level of maturity is out of reach from their current state and perpetually delay improvements.

    Our Advice

    Critical Insight

    • The information needed to define clear and usable criteria for organizing the portfolio of programs and projects already exists. Portfolio managers only need to identify the sources of that information and institute processes for regularly reviewing that information in order to define those criteria.
    • Once a portfolio manager has a clear idea of the goals and constraints that shape what ought to be included (or removed) from the portfolio and once these have been translated into clear and usable portfolio criteria, basic portfolio management processes can be instituted to ensure that these criteria are used consistently throughout the various stages of the project lifecycle.
    • Portfolio management frameworks and processes do not need to be built from scratch. Well-known frameworks – such as the one outlined in COBIT 5 APO05 – can be instituted in a way that will allow even low-maturity organizations to start organizing their portfolio.
    • Organizations do not need to grow into portfolio management frameworks to get the benefits of an organized portfolio; instead, they can grow within such frameworks.

    Impact and Result

    • An organized portfolio will ensure that the projects and programs included in it are strategically aligned and can actually be executed within the finite constraints of budgetary and human resource capacity.
    • Portfolio managers are better empowered to make decisions about which projects should be included in the portfolio (and when) and are better empowered to make the very tough decisions about which projects should be removed from the portfolio (i.e. cancelled).
    • Building and maturing a portfolio management framework will more fully integrate the PMO into the broader IT management and governance frameworks, making it a more integral part of strategic decisions and a better business partner in the long run.

    Maintain an Organized Portfolio Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should maintain an organized portfolio of programs and projects, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess the current state of the portfolio and PPM processes

    Analyze the current mix of programs and projects in your portfolio and assess the maturity of your current PPM processes.

    • Maintain an Organized Portfolio – Phase 1: Assess the Current State of the Portfolio and PPM Processes
    • Project Portfolio Organizer
    • COBIT APO05 (Manage Portfolio) Alignment Workbook

    2. Enhance portfolio organization through improved PPM criteria and processes

    Enhance and optimize your portfolio management processes to ensure portfolio criteria are clearly defined and consistently applied across the project lifecycle when making decisions about which projects to include or remove from the portfolio.

    • Maintain an Organized Portfolio – Phase 2: Enhance Portfolio Organization Through Improved PPM Criteria and Processes
    • Portfolio Management Standard Operating Procedures

    3. Implement improved portfolio management practices

    Implement your portfolio management improvement initiatives to ensure long-term sustainable adoption of new PPM practices.

    • Maintain an Organized Portfolio – Phase 3: Implement Improved Portfolio Management Practices
    • Portfolio Management Improvement Roadmap Tool
    [infographic]

    Workshop: Maintain an Organized Portfolio

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Portfolio Mix and Portfolio Process Current State

    The Purpose

    Analyze the current mix of the portfolio to determine how to better organize it according to organizational goals and constraints.

    Assess which PPM processes need to be enhanced to better organize the portfolio.

    Key Benefits Achieved

    An analysis of the existing portfolio of projects (highlighting areas of concern).

    An analysis of the maturity of current PPM processes and their ability to support the maintenance of an organized portfolio.

    Activities

    1.1 Pre-work: Prepare a complete project list.

    1.2 Define existing portfolio categories, criteria, and targets.

    1.3 Analyze the current portfolio mix.

    1.4 Identify areas of concern with current portfolio mix.

    1.5 Review the six COBIT sub-processes for portfolio management (APO05.01-06).

    1.6 Assess the degree to which these sub-processes have been currently achieved at the organization.

    1.7 Assess the degree to which portfolio-supporting IT governance and management processes exist.

    1.8 Perform a gap analysis.

    Outputs

    Analysis of the current portfolio mix

    Assessment of COBIT alignment and gap analysis.

    2 Define Portfolio Target Mix, Criteria, and Roadmap

    The Purpose

    Define clear and usable portfolio criteria.

    Record/design portfolio management processes that will support the consistent use of portfolio criteria at all stages of the project lifecycle.

    Key Benefits Achieved

    Clearly defined and usable portfolio criteria.

    A portfolio management framework that supports the consistent use of the portfolio criteria across all stages of the project lifecycle.

    Activities

    2.1 Identify determinants of the portfolio mix, criteria, and constraints.

    2.2 Define the target mix, portfolio criteria, and portfolio metrics.

    2.3 Identify sources of funding and resourcing.

    2.4 Review and record the portfolio criteria based upon the goals and constraints.

    2.5 Create a PPM improvement roadmap.

    Outputs

    Portfolio criteria

    Portfolio metrics for intake, monitoring, closure, termination, reprioritization, and benefits tracking

    Portfolio Management Improvement Roadmap

    3 Design Improved Portfolio Sub-Processes

    The Purpose

    Ensure that the portfolio criteria are used to guide decision making at each stage of the project lifecycle when making decisions about which projects to include or remove from the portfolio.

    Key Benefits Achieved

    Processes that support decision making based upon the portfolio criteria.

    Processes that ensure the portfolio remains consistently organized according to the portfolio criteria.

    Activities

    3.1 Ensure that the metrics used for each sub-process are based upon the standard portfolio criteria.

    3.2 Establish the roles, accountabilities, and responsibilities for each sub-process needing improvement.

    3.3 Outline the workflow for each sub-process needing improvement.

    Outputs

    A RACI chart for each sub-process

    A workflow for each sub-process

    4 Change Impact Analysis and Stakeholder Engagement Plan

    The Purpose

    Ensure that the portfolio management improvement initiatives are sustainably adopted in the long term.

    Key Benefits Achieved

    Stakeholder engagement.

    Sustainable long-term adoption of the improved portfolio management practices.

    Activities

    4.1 Conduct a change impact analysis.

    4.2 Create a stakeholder engagement plan.

    Outputs

    Change Impact Analysis

    Stakeholder Engagement Plan

    Completed Portfolio Management SOP

    Master the Public Cloud IaaS Acquisition Models

    • Buy Link or Shortcode: {j2store}228|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $3,820 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Understanding the differences in IaaS platform agreements, purchasing options, associated value, and risks. What are your options for:

    • Upfront or monthly payments
    • Commitment discounts
    • Support options
    • Migration planning and support

    Our Advice

    Critical Insight

    IaaS platforms offer similar technical features, but they vary widely on their procurement model. By fully understanding the procurement differences and options, you will be able to purchase wisely, save money both long and short term, and mitigate investment risk.

    Most vendors have similar processes and options to buy. Finding a transparent explanation and summary of each platform in a side-by-side review is difficult.

    • Are vendor reps being straight forward?
    • What are the licensing requirements?
    • What discounts or incentives can I negotiate?
    • How much do I have to commit to and for how long?

    Impact and Result

    This project will provide several benefits for both IT and the business. It includes:

    • Best IaaS platform to support current and future procurement requirements.
    • Right-sized cloud commitment tailored to the organization’s budget.
    • Predictable and controllable spend model.
    • Flexible and reliable IT infrastructure that supports the lines of business.
    • Reduced financial and legal risk.

    Master the Public Cloud IaaS Acquisition Models Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to learn how the public cloud IaaS procurement models compare. Review Info-Tech’s methodology and understand the top three platforms, features, and benefits to support and inform the IaaS vendor choice.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Educate

    Learn the IaaS basics, terminologies, purchasing options, licensing requirements, hybrid options, support, and organization requirements through a checklist process.

    • Master the Public Cloud IaaS Acquisition Models – Phase 1: Educate
    • Public Cloud Procurement Checklist
    • Microsoft Public Cloud Licensing Guide

    2. Evaluate

    Review and understand the features, downsides, and differences between the big three players.

    • Master the Public Cloud IaaS Acquisition Models – Phase 2: Evaluate
    • Public Cloud Procurement Comparison Summary

    3. Execute

    Decide on a primary vendor that meets requirements, engage with a reseller, negotiate pricing incentives, migration costs, review, and execute the agreement.

    • Master the Public Cloud IaaS Acquisition Models – Phase 3: Execute
    • Public Cloud Acquisition Executive Summary Template

    Infographic

    Accelerate Business Growth and Valuation by Building Brand Awareness

    • Buy Link or Shortcode: {j2store}569|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Brands that fail to invest in brand awareness are likely to face some, if not all these problems:

    • Lack of brand visibility and recognition
    • Inability to reach and engage with the buyers
    • Difficulties generating and converting leads
    • Low customer retention rate
    • Inability to justify higher pricing
    • Limited brand equity, business valuation, and sustainability

    Our Advice

    Critical Insight

    Awareness brings visibility and traction to brands, which is essential in taking the market leadership position and becoming the trusted brand that buyers think of first.

    Brand awareness also significantly contributes to increasing brand equity, market valuation, and business sustainability.

    Impact and Result

    Building brand awareness allows for the increase of:

    • Brand visibility, perception, recognition, and reputation
    • Interactions and engagement with the target audience
    • Digital advertising performance and ROI
    • Conversion rates and sales wins
    • Revenue and profitability
    • Market share & share of voice (SOV)
    • Talents, partners, and investors attraction and retention
    • Brand equity, business growth, and market valuation

    Accelerate Business Growth and Valuation by Building Brand Awareness Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Accelerate Business Growth and Valuation by Building Brand Awareness Storyboard - Learn how to establish the brand foundation, create assets and workflows, and deploy effective brand awareness strategies and tactics.

    A two-step approach to building brand awareness, starting with defining the brand foundations and then implementing effective brand awareness strategies and tactics.

    • Accelerate Business Growth and Valuation by Building Brand Awareness Storyboard

    2. Define Brand's Personality and Message - Analyze your target market and develop key elements of your brand guidelines.

    With this set of tools, you will be able to capture and analyze your target market, your buyers and their journeys, define your brand's values, personality, and voice, and develop all the key elements of your brand guidelines to enable people within your organization and external resources to build a consistent and recognizable image across all assets and platforms.

    • Market Analysis Template
    • Brand Recognition Survey and Interview Questionnaire and List Template
    • External and Internal Factors Analysis Template
    • Buyer Personas and Journey Presentation Template
    • Brand Purpose, Mission, Vision, and Values Template
    • Brand Value Proposition and Positioning Statement
    • Brand Voice Guidelines Template
    • Writing Style Guide Template
    • Brand Messaging Template
    • Writer Checklist

    3. Start Building Brand Awareness - Achieve strategic alignment.

    These tools will allow you to achieve strategic alignment and readiness, create assets and workflows, deploy tactics, establish Key Performance Indicators (KPIs), and monitor and optimize your strategy on an ongoing basis.

    • Brand Awareness Strategy and Tactics Template
    • Asset Creation and Management List
    • Campaign Workflows Template
    • Brand Awareness Strategy Rollout Plan Template
    • Survey Emails Best Practices Guidelines

    Infographic

    Further reading

    Accelerate Business Growth and Valuation By Building Brand Awareness

    Develop and deploy comprehensive, multi-touchpoint brand awareness strategies to become the trusted brand that buyers think of first.

    EXECUTIVE BRIEF

    Analyst perspective

    Building brand awareness

    Achieving high brand awareness in a given market and becoming the benchmark for buyers

    is what every brand wants to achieve, as it is a guarantee of success. Building brand awareness,

    even though its immediate benefits are often difficult to see and measure, is essential for companies that want to stand out from their competitors and continue to grow in a sustainable way. The return on investment (ROI) may take longer, but the benefits are also greater than those achieved through short-term initiatives with the expectation of immediate, albeit often limited, results.

    Brands that are familiar to their target market have greater credibility, generate more sales,

    and have a more loyal customer base. CMOs that successfully execute brand awareness programs

    build brand equity and grow company valuation.

    This is a picture of Nathalie Vezina

    Nathalie Vezina
    Marketing Research Director
    SoftwareReviews Advisory

    Executive summary

    Brand leaders know that brand awareness is essential to the success of all marketing and sales activities. Brands that fail to invest in brand awareness are likely to face some, if not all these problems:

    • Lack of brand visibility and compelling storytelling.
    • Inability to reach the target audience.
    • Low engagement on digital platforms and with ads.
    • Difficulties generating and converting leads, or closing/winning sales/deals, and facing a high cost per acquisition.
    • Low/no interest or brand recognition, trust level, and customer retention rate.
    • Inability to justify higher pricing.

    Convincing stakeholders of the benefits of strong brand awareness can be difficult when the positive outcomes are hard to quantify, and the return on investment (ROI) is often long-term. Among the many obstacles brand leaders must overcome are:

    • Lack of longer-term corporate vision, focusing all efforts and resources on short-term growth strategies for a quick ROI.
    • Insufficient market and target buyers' information and understanding of the brand's key differentiator.
    • Misalignment of brand message, and difficulties creating compelling content that resonates with the target audience, generates interest, and keeps them engaged.
    • Limited or no resources dedicated to the development of the brand.

    Inspired by top-performing businesses and best practices, this blueprint provides the guidance and tools needed to successfully build awareness and help businesses grow. By following these guidelines, brand leaders can expect to:

    • Gain market intelligence and a clear understanding of the buyer's needs, your competitive advantage, and key differentiator.
    • Develop a clear and compelling value proposition and a human-centric brand messaging driven by the brand's values.
    • Increase online presence and brand awareness to attract and engage with buyers.
    • Develop a long-term brand strategy and execution plan.

    "A brand is the set of expectations, memories, stories, and relationships that, taken together, account for a consumer's decision to choose one product or service over another."

    – Seth Godin

    What is brand awareness?

    The act of making a brand visible and memorable.

    Brand awareness is the degree to which buyers are familiar with and recognize the attributes and image of a particular brand, product, or service. The higher the level of awareness, the more likely the brand is to come into play when a target audience enters the " buying consideration" phase of the buyer's journey.

    Brand awareness also plays an important role in building equity and increasing business valuation. Brands that are familiar to their target market have greater credibility, drive more sales and have a more loyal customer base.
    Building brand awareness allows increasing:

    • Brand visibility, perception, recognition, and reputation
    • Interactions and engagement with the target audience
    • Digital advertising performance and ROI
    • Conversion rates and sales wins
    • Revenue and profitability
    • Market share and share of voice (SOV)
    • Talents, partners, and investors attraction and retention
    • Brand equity, business growth, and market valuation

    "Products are made in a factory, but brands are created in the mind."
    Source: Walter Landor

    Capitalizing on a powerful brand

    A longer-term approach for an increased and more sustainable ROI.

    Market leader position

    Developing brand awareness is essential to increase the visibility and traction of a brand.

    Several factors may cause a brand to be not well-known. One reason might be that the brand recently launched, such as a startup. Another reason could be that the brand has rebranded or entered a new market.

    To become the trusted brand that buyers think of first in their target markets, it is critical for these brands to develop and deploy comprehensive, multi-touchpoint brand awareness strategies.

    A relationship leading to loyalty

    A longer-term brand awareness strategy helps build a strong relationship between the brand and the buyer, fostering a lasting and rewarding alliance.

    It also enables brands to reach and engage with their target audience effectively by using compelling storytelling and meaningful content.

    Adopting a more human-centric approach and emphasizing shared values makes the brand more attractive to buyers and can drive sales and gain loyalty.

    Sustainable business growth

    For brands that are not well established in their target market, short-term tactics that focus on immediate benefits can be ineffective. In contrast, long-term brand awareness strategies provide a more sustainable ROI (return on investment).

    Investing in building brand awareness can impact a business's ability to interact with its target audience, generate leads, and increase sales. Moreover, it can significantly contribute to boosting the business's brand equity and market valuation.

    "Quick wins may work in the short term, but they're not an ideal substitute for long-term tactics and continued success."
    Source: Forbes

    Impacts of low brand awareness on businesses

    Unfamiliar brands, despite their strong potential, won't thrive unless they invest in their notoriety.

    Brands that choose not to invest in longer-term awareness strategies and rely solely on short-term growth tactics in hopes of an immediate gain will see their ability to grow diminished and their longevity reduced due to a lack of market presence and recognition.

    Symptoms of a weakening brand include:

    • High marketing spending and limited result
    • Low market share or penetration
    • Low sales, revenue, and gross margin
    • Weak renewal rate, customer retention, and loyalty
    • Difficulties delivering on the brand promise, low/no trust in the brand
    • Limited brand equity, business valuation, and sustainability
    • Unattractive brand to partners and investors

    "Your brand is the single most important investment you can make in your business."
    Source: Steve Forbes

    Most common obstacles to increasing brand awareness

    Successfully building brand awareness requires careful preparation and planning.

    • Limited market intelligence
    • Unclear competitive advantage/key differentiator
    • Misaligned and inconsistent messaging and storytelling
    • Lack of long-term vision
    • and low prioritization
    • Limited resources to develop and execute brand awareness building tactics
    • Unattractive content that does not resonate, generates little or no interest and engagement

    Investing in the notoriety of the brand

    Become the top-of-mind brand in your target market.

    To stand out, be recognized by their target audience, and become major players in their industry, brands must adopt a winning strategy that includes the following elements:

    • In-depth knowledge and understanding of the market and audience
    • Strengthening digital presence and activities
    • Creating and publishing content relevant to the target audience
    • Reaching out through multiple touchpoints
    • Using a more human-centric approach
    • Ensure consistency in all aspects of the brand, across all media and channels

    How far are you from being the brand buyers think of first in your target market?

    This is an image of the Brand Awareness Pyramid.

    Brand awareness pyramid

    Based on David Aaker's brand loyalty pyramid

    Tactics for building brand awareness

    Focus on effective ways to gain brand recognition in the minds of buyers.

    This is an image of the Brand Awareness Journey Roadmap.

    Brand recognition requires in-depth knowledge of the target market, the creation of strong brand attributes, and increased presence and visibility.

    Understand the market and audience you're targeting

    Be prepared. Act smart.

    To implement a winning brand awareness-building strategy, you must:

    • Be aware of your competitor's strengths and weaknesses, as well as yours.
    • Find out who is behind the keyboard, and the user experience they expect to have.
    • Plan and continuously adapt your tactics accordingly.
    • Make your buyer the hero.

    Identify the brands' uniqueness

    Find your "winning zone" and how your brand uniquely addresses buyers' pain points.

    Focus on your key differentiator

    A brand has found its "winning zone" or key differentiator when its value proposition clearly shows that it uniquely solves its buyers' specific pain points.

    Align with your target audience's real expectations and successfully interact with them by understanding their persona and buyer's journey. Know:

    • How you uniquely address their pain points.
    • Their values and what motivates them.
    • Who they see as authorities in your field.
    • Their buying habits and trends.
    • How they like brands to engage with them.

    An image of a Venn diagram between the following three terms: Buyer pain point; Competitors' value proposition; your unique value proposition. The overlapping zone is labeled the Winning zone. This is your key differentiator.

    Give your brand a voice

    Define and present a consistent voice across all channels and assets.

    The voice reflects the personality of the brand and the emotion to be transmitted. That's why it's crucial to establish strict rules that define the language to use when communicating through the brand's voice, the type of words, and do's and don'ts.

    To be recognizable it is imperative to avoid inconsistencies. No matter how many people are behind the brand voice, the brand must show a unique, distinctive personality. As for the tone, it may vary according to circumstances, from lighter to more serious.

    Up to 80% Increased customer recognition when the brand uses a signature color scheme across multiple platforms
    Source: startup Bonsai
    23% of revenue increase is what consistent branding across channels leads to.
    Source: Harvard Business Review

    When we close our eyes and listen, we all recognize Ella Fitzgerald's rich and unique singing voice.

    We expect to recognize the writing of Stephen King when we read his books. For the brand's voice, it's the same. People want to be able to recognize it.

    Adopt a more human-centric approach

    If your brand was a person, who would it be?

    Human attributes

    Physically attractive

    • Brand identity
    • Logo and tagline
    • Product design

    Intellectually stimulating

    • Knowledge and ideas
    • Continuous innovation
    • Thought leadership

    Sociable

    • Friendly, likeable and fun
    • Confidently engage with audience through multiple touchpoints
    • Posts and shares meaningful content
    • Responsive

    Emotionally connected

    • Inspiring
    • Powerful influencer
    • Triggers emotional reactions

    Morally sound

    • Ethical and responsible
    • Value driven
    • Deliver on its promise

    Personable

    • Honest
    • Self-confident and motivated
    • Accountable

    0.05 Seconds is what it takes for someone to form an opinion about a website, and a brand.
    Source: 8ways

    90% of the time, our initial gut reaction to products is based on color alone.
    Source: startup Bonsai

    56% of the final b2b purchasing decision is based on emotional factors.
    Source: B@B International

    Put values at the heart of the brand-buyers relationship

    Highlight values that will resonate with your audience.

    Brands that focus on the values they share with their buyers, rather than simply on a product or service, succeed in making meaningful emotional connections with them and keep them actively engaged.

    Shared values such as transparency, sustainability, diversity, environmental protection, and social responsibility become the foundation of a solid relationship between a brand and its audience.

    The key is to know what motivates the target audience.

    86% of consumers claim that authenticity is one of the key factors they consider when deciding which brands they like and support.
    Source: Business Wire

    56% of the final decision is based on having a strong emotional connection with the supplier.
    Source: B2B International

    64% of today's customers are belief-driven buyers; they want to support brands that "can be a powerful force for change."
    Source: Edelman

    "If people believe they share values with a company, they will stay loyal to the brand."
    – Howard Schultz
    Source: Lokus Design

    Double-down on digital

    Develop your digital presence and reach out to your target audiences through multiple touchpoints.

    Beyond engaging content, reaching the target audience requires brands to connect and interact with their audience in multiple ways so that potential buyers can form an opinion.

    With the right message consistently delivered across multiple channels, brands increase their reach, create a buzz around their brand and raise awareness.

    73% of today's consumers confirm they use more than one channel during a shopping journey
    Source: Harvard Business Review

    Platforms

    • Website and apps
    • Social media
    • Group discussions

    Multimedia

    • Webinars
    • Podcasts
    • Publication

    Campaign

    • Ads and advertising
    • Landing pages
    • Emails, surveys drip campaigns

    Network

    • Tradeshows, events, sponsorships
    • Conferences, speaking opportunities
    • Partners and influencers

    Use social media to connect

    Reach out to the masses with a social media presence.

    Social media platforms represent a cost-effective opportunity for businesses to connect and influence their audience and tell their story by posting relevant and search-engine-optimized content regularly on their account and groups. It's also a nice gateway to their website.

    Building a relationship with their target buyer through social media is also an easy way for businesses to:

    • Understand the buyers.
    • Receive feedback on how the buyers perceive the brand and how to improve it.
    • Show great user experience and responsiveness.
    • Build trust.
    • Create awareness.

    75% of B2B buyers and 84% of C-Suite executives use social media when considering a purchase
    Source: LinkedIn Business

    92% of B2B buyers use social media to connect with leaders in the sales industry.
    Source: Techjury

    With over 4.5 billion social media users worldwide, and 13 new users signing up to their first social media account every second, social media is fast becoming a primary channel of communication and social interaction for many.
    Source: McKinsey

    Become the expert subject matter

    Raise awareness with thought leadership content.

    Thought leadership is about building credibility
    by creating and publishing meaningful, relevant content that resonates with a target audience.
    Thought leaders write and publish all kinds of relevant content such as white papers, ebooks, case studies, infographics, video and audio content, webinars, and research reports.
    They also participate in speaking opportunities, live presentations, and other high-visibility forums.
    Well-executed thought leadership strategies contribute to:

    • Raise awareness.
    • Build credibility.
    • Be recognized as a subject expert matter.
    • Become an industry leader.

    60% of buyers say thought leadership builds credibility when entering a new category where the brand is not already known.
    Source: Edelman | LinkedIn

    70% of people would rather learn about a company through articles rather than advertising.
    Source: Brew Interactive

    57% of buyers say that thought leadership builds awareness for a new or little-known brand.
    Source: Edelman | LinkedIn

    To achieve best results

    • Know the buyers' persona and journey.
    • Create original content that matches the persona of the target audience and that is close to their values.
    • Be Truthful and insightful.
    • Find the right tone and balance between being human-centric, authoritative, and bold.
    • Be mindful of people's attention span and value their time.
    • Create content for each phase of the buyer's journey.
    • Ensure content is SEO, keyword-loaded, and add calls-to-action (CTAs).
    • Add reason to believe, data to support, and proof points.
    • Address the buyers' pain points in a unique way.

    Avoid

    • Focusing on product features and on selling.
    • Publishing generic content.
    • Using an overly corporate tone.

    Promote personal branding

    Rely on your most powerful brand ambassadors and influencers: your employees.

    The strength of personal branding is amplified when individuals and companies collaborate to pursue personal branding initiatives that offer mutual benefits. By training and positioning key employees as brand ambassadors and industry influencers, brands can boost their brand awareness through influencer marketing strategies.

    Personal branding, when well aligned with business goals, helps brands leverage their key employee's brands to:

    • Increase the organization's brand awareness.
    • Broaden their reach and circle of influence.
    • Show value, gain credibility, and build trust.
    • Stand out from the competition.
    • Build employee loyalty and pride.
    • Become a reference to other businesses.
    • Increase speaking opportunities.
    • Boost qualified leads and sales.

    About 90% of organizations' employee network tends to be completely new to the brand.
    Source: Everyone Social

    8X more engagement comes from social media content shared by employees rather than brand accounts.
    Source: Entrepreneur

    561% more reach when brand messages are shared by employees on social media, than the same message shared by the Brand's social media.
    Source: Entrepreneur

    "Personal branding is the art of becoming knowable, likable and trustable."
    Source: Founder Jar, John Jantsch

    Invest in B2B influencer marketing

    Broaden your reach and audiences by leveraging the voice of influencers.

    Influencers are trusted industry experts and analysts who buyers can count on to provide reliable information when looking to make a purchase.

    Influencer marketing can be very effective to reach new audiences, increase awareness, and build trust. But finding the right influencers with the level of credibility and visibility brands are expecting can sometimes be challenging.

    Search for influencers that have:

    • Relevance of audience and size.
    • Industry expertise and credibility.
    • Ability to create meaningful content (written, video, audio).
    • Charismatic personality with values consistent with the brand.
    • Frequent publications on at least one leading media platform.

    76% of people say that they trust content shared by people over a brand.
    Source: Adweek


    44% increased media mention of the brand using B2B influencer marketers.
    Source: TopRank Marketing

    Turn your customers into brand advocates

    Establish customer advocacy programs and deliver a great customer experience.

    Retain your customers and turn them into brand advocates by building trust, providing an exceptional experience, and most importantly, continuously delivering on the brand promise.

    Implement a strong customer advocacy program, based on personalized experiences, the value provided, and mutual exchange, and reap the benefits of developing and growing long-term relationships.

    92% of individuals trust word-of-mouth recommendations, making it one of the most trust-rich forms of advertising.
    Source: SocialToaster

    Word-of-mouth (advocacy) marketing increases marketing effectiveness by 54%
    Source: SocialToaster

    Make your brand known and make it stick in people's minds

    Building and maintaining high brand awareness requires that each individual within the organization carry and deliver the brand message clearly and consistently across all media whether in person, in written communications, or otherwise.

    To achieve this, brand leaders must first develop a powerful, researched narrative that people will embrace and convey, which requires careful preparation.

    Target market and audience intel

    • Target market Intel
    • Buyer persona and journey/pain points
    • Uniqueness and positioning

    Brand attributes

    • Values at the heart of the relationship
    • Brand's human attributes

    Brand visibly and recall

    • Digital and social media presence
    • Thought leadership
    • Personal branding
    • Influencer marketing

    Brand awareness building plan

    • Long-term awareness and multi-touchpoint approach
    • Monitoring and optimization

    Short and long-term benefits of increasing brand awareness

    Brands are built over the long term but the rewards are high.

    • Stronger brand perception
    • Improved engagement and brand associations
    • Enhanced credibility, reputation, and trust
    • Better connection with customers
    • Increased repeat business
    • High-quality leads
    • Higher and faster conversion rate
    • More sales closed/ deals won
    • Greater brand equity
    • Accelerated growth

    "Strong brands outperform their less recognizable competitors by as much as 73%."
    Source: McKinsey

    Brand awareness building

    Building brand awareness, even though immediate benefits are often difficult to see and measure, is essential for companies to stand out from their competitors and continue to grow in a sustainable way.

    To successfully raise awareness, brands need to have:

    • A longer-term vision and strategy.
    • Market Intelligence, a clear value proposition, and key differentiator.
    • Consistent, well-aligned messaging and storytelling.
    • Digital presence and content.
    • The ability to reach out through multiple touchpoints.
    • Necessary resources.

    Without brand awareness, brands become less attractive to buyers, talent, and investors, and their ability to grow, increase their market value, and be sustainable is reduced.

    Brand awareness building methodology

    Define brands' personality and message

    • Gather market intel and analyze the market.
    • Determine the value proposition and positioning.
    • Define the brand archetype and voice.
    • Craft a compelling brand message and story.
    • Get all the key elements of your brand guidelines.

    Start building brand awareness

    • Achieve strategy alignment and readiness.
    • Create and manage assets.
    • Deploy your tactics, assets, and workflows.
    • Establish key performance indicators (KPIs).
    • Monitor and optimize on an ongoing basis.

    Toolkit

    • Market and Influencing Factors Analysis
    • Recognition Survey and Best Practices
    • Buyer Personas and Journeys
    • Purpose, Mission, Vision, Values
    • Value Proposition and Positioning
    • Brand Message, Voice, and Writing Style
    • Brand Strategy and Tactics
    • Asset Creation and Management
    • Strategy Rollout Plan

    Short and long-term benefits of increasing brand awareness

    Increase:

    • Brand perception
    • Brand associations and engagement
    • Credibility, reputation, and trust
    • Connection with customers
    • Repeat business
    • Quality leads
    • Conversion rate
    • Sales closed / deals won
    • Brand equity and growth

    It typically takes 5-7 brand interactions before a buyer remembers the brand.
    Source: Startup Bonsai

    Who benefits from this brand awareness research?

    This research is being designed for:
    Brand and marketing leaders who:

    • Know that brand awareness is essential to the success of all marketing and sales activities.
    • Want to make their brand unique, recognizable, meaningful, and highly visible.
    • Seek to increase their digital presence, connect and engage with their target audience.
    • Are looking at reaching a new segment of the market.

    This research will also assist:

    • Sales with qualified lead generation and customer retention and loyalty.
    • Human Resources in their efforts to attract and retain talent.
    • The overall business with growth and increased market value.

    This research will help you:

    • Gain market intelligence and a clear understanding of the target audience's needs and trends, competitive advantage, and key differentiator.
    • The ability to develop clear and compelling, human-centric messaging and compelling story driven by brand values.
    • Increase online presence and brand awareness activities to attract and engage with buyers.
    • Develop a long-term brand awareness strategy and deployment plan.

    This research will help them:

    • Increase campaign ROI.
    • Develop a longer-term vision and benefits of investing in longer-term initiatives.
    • Build brand equity and increase business valuation.
    • Grow your business in a more sustainable way.

    SoftwareReviews' brand awareness building methodology

    Phase 1 Define brands' personality and message

    Phase 2 Start building brand awareness

    Phase steps

    1.1 Gather market intelligence and analyze the market.

    1.2 Develop and document the buyer's persona and journey.

    1.3 Uncover the brand mission, vision statement, core values, value proposition and positioning.

    1.4 Define the brand's archetype and tone of voice, then craft a compelling brand messaging.

    2.1 Achieve strategy alignment and readiness.

    2.2 Create assets and workflows and deploy tactics.

    2.3 Establish key performance indicators (KPIs), monitor, and optimize on an ongoing basis.

    Phase outcomes
    • Target market and audience are identified and documented.
    • A clear value proposition and positioning are determined.
    • The brand personality, voice, and messaging are developed.
    • All the key elements of the brand guidelines are in place and ready to use, along with the existing logo, typography, color palette, and imagery.
    • A comprehensive and actionable brand awareness strategy, with tactics, KPIs, and metrics, is set and ready to execute.
    • A progressive and effective deployment plan with deliverables, timelines, workflows, and checklists is in place.
    • Resources are assigned.

    Insight summary

    Brands to adapt their strategies to achieve longer-term growth
    Brands must adapt and adjust their strategies to attract informed buyers who have access to a wealth of products, services, and brands from all over. Building brand awareness, even though immediate benefits are often difficult to see and measure, has become essential for companies that want to stand out from their competitors and continue to grow in a sustainable way.

    A more human-centric approach
    Brand personalities matter. Brands placing human values at the heart of the customer-brand relationship will drive interest in their brand and build trust with their target audience.

    Stand out from the crowd
    Brands that develop and promote a clear and consistent message across all platforms and channels, along with a unique value proposition, stand out from their competitors and get noticed.

    A multi-touchpoints strategy
    Engage buyers with relevant content across multiple media to address their pain points. Analyze touchpoints to determine where to invest your efforts.

    Going social
    Buyers expect brands to be active and responsive in their interactions with their audience. To build awareness, brands are expected to develop a strong presence on social media by regularly posting relevant content, engaging with their followers and influencers, and using paid advertising. They also need to establish thought leadership through content such as white papers, case studies, and webinars.

    Thought leaders wanted
    To enhance their overall brand awareness strategy, organizations should consider developing the personal brand of key executives. Thought leadership can be a valuable method to gain credibility, build trust, and drive conversion. By establishing thought leadership, businesses can increase brand mentions, social engagement, website traffic, lead generation, return on investment (ROI), and Net Promoter Score (NPS).

    Save time and money with SoftwareReviews' branding advice

    Collaborating with SoftwareReviews analysts for inquiries not only provides valuable advice but also leads to substantial cost savings during branding activities, particularly when partnering with an agency.

    Guided Implementation Purpose Measured Value
    Build brands' personality and message Get the key elements of the brand guidelines in place and ready to use, along with your existing logo, typography, color palette, and imagery, to ensure consistency and clarity across all brand touchpoints from internal communication to customer-facing materials. Working with SoftwareReviews analysts to develop brand guidelines saves costs compared to hiring an agency.

    Example: Building the guidelines with an agency will take more or less the same amount of time and cost approximately $80K.
    Start building brand awareness Achieve strategy alignment and readiness, then deploy tactics, assets, and other deliverables. Start building brand awareness and reap the immediate and long-term benefits.

    Working with SoftwareReviews analysts and your team to develop a long-term brand strategy and deployment will cost you less than a fraction of the cost of using an agency.

    Example: Developing and executing long-term brand awareness strategies with an agency will cost between $50-$75K/month over a 24-month period minimum.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Build brands' personality and message

    Phase 2

    Start building brand awareness
    • Call #1: Discuss concept and benefits of building brand awareness. Identify key stakeholders. Anticipate concerns and objections.
    • Call #2: Discuss target market intelligence, information gathering, and analysis.
    • Call #3: Review market intelligence information. Address questions or concerns.
    • Call #4: Discuss value proposition and guide to find positioning and key differentiator.
    • Call #5: Review value proposition. Address questions or concerns.
    • Call #6: Discuss how to build a comprehensive brand awareness strategy using SR guidelines and template.
    • Call #7: Review strategy. Address questions or concerns.
    • Call #8: Second review of the strategy. Address questions or concerns.
    • Call #9 (optional): Third review of the strategy. Address questions or concerns.
    • Call #10: Discuss how to build the Execution Plan using SR template.
    • Call #11: Review Execution Plan. Address questions or concerns.
    • Call #12: Second review of the Execution Plan. Address questions or concerns.
    • Call #13 (optional): Third review of the Execution Plan. Address questions or concerns.
    • Call #14: Discuss how to build a compelling storytelling and content creation.
    • Call #15: Discuss website and social media platforms and other initiatives.
    • Call #16: Discuss marketing automation and continuous monitoring.
    • Call #17 (optional): Discuss optimization and reporting
    • Call #18: Debrief and determine how we can help with next steps.

    A Guided Implementation (GI) is a series of calls with a SoftwareReviews Marketing Analyst to help implement our best practices in your organization.

    Your engagement managers will work with you to schedule analyst calls.

    Brand awareness building tools

    Each step of this blueprint comes with tools to help you build brand awareness.

    Brand Awareness Tool Kit

    This kit includes a comprehensive set of tools to help you better understand your target market and buyers, define your brand's personality and message, and develop an actionable brand awareness strategy, workflows, and rollout plan.

    The set includes these templates:
    • Market and Influencing Factors Analysis
    • Recognition Survey and Best Practices
    • Buyer Personas and Journeys
    • Purpose, Mission, Vision, and Values
    • Value Proposition and Positioning
    • Brand Message, Voice, and Writing Style
    • Brand Strategy and Tactics
    • Asset Creation and Management
    • Strategy Rollout Plan
    		An image of a series of screenshots from the templates listed in the column to the left of this image.

    Get started!

    Know your target market and audience, deploy well-designed strategies based on shared values, and make meaningful connections with people.

    Phase 1

    Define brands' personality and message

    Phase 2

    Start building brand awareness

    Phase 1

    Define brands' personality and message

    Steps

    1.1 Gather market intelligence and analyze the market.
    1.2 Develop and document the buyer's persona and journey.
    1.3 Uncover the brand mission, vision statement, core values, positioning, and value proposition.
    1.4 Define the brand's archetype and tone of voice, then craft a compelling brand messaging.

    Phase outcome

    • Target market and audience are identified and documented.
    • A clear value proposition and positioning are determined.
    • The brand personality, voice, and messaging are developed.
    • All the key elements of the brand guidelines are in place. and ready to use, along with the existing logo, typography, color palette, and imagery..

    Build brands' personality and message

    Step 1.1 Gather market intelligence and analyze the market.

    Total duration: 2.5-8 hours

    Objective

    Analyze and document your competitive landscape, assess your strengths, weaknesses, opportunities,
    and threats, gauge the buyers' familiarity with your brand, and identify the forces of influence.

    Output

    This exercise will allow you to understand your market and is essential to developing your value proposition.

    Participants

    • Head of branding and key stakeholders

    MarTech
    May require you to:

    • Register to a Survey Platform.
    • Use, setup, or install platforms like CRM and/or Marketing Automation Platform.

    Tools

    1.1.1 SWOT and competitive landscape

    (60-120 min.)

    Analyze & Document

    Follow the instructions in the Market Analysis Template to complete the SWOT and Competitive Analysis, slides 4 to 7.

    1.1.3 Internal and External Factors

    (30-60 min.)

    Analyze

    Follow the instructions in the External and Internal Factors Analysis Template to perform the PESTLE, Porter's 5 Forces, and Internal Factors and VRIO Analysis.

    Transfer

    Transfer key information into slides 10 and 11 of the Market Analysis Template.

    Consult SoftwareReviews website to find the best survey and MarTech platforms or contact one of our analysts for more personalized assistance and guidance

    1.1.2 Brand recognition

    (60-300 min.)

    Prep

    Adapt the survey and interview questions in the Brand Recognition Survey Questionnaire and List Template.

    Determine how you will proceed to conduct the survey and interviews (internal or external resources, and tools).

    Refer to the Survey Emails Best Practices Guidelines for more information on how to conduct email surveys.

    Collect & Analyze

    Use the Brand Recognition Survey Questionnaire and List Template to build your list, conduct the survey /interviews, and collect and analyze the feedback received.

    Transfer

    Transfer key information into slides 8 and 9 of the Market Analysis Template.

    Brand performance diagnostic

    Have you considered diagnosing your brand's current performance before you begin building brand awareness?

    Audit your brand using the Diagnose Brand Health to Improve Business Growth blueprint.Collect and interpret qualitative and quantitative brand performance measures.

    The toolkit includes the following templates:

    • Surveys and interviews questions and lists
    • External and internal factor analysis
    • Digital and financial metrics analysis

    Also included is an executive presentation template to communicate the results to key stakeholders and recommendations to fix the uncovered issues.

    Build brands' personality and message

    Step 1.2 Develop and document the buyer's persona and journey.

    Total duration: 4-8 hours

    Objective

    Gather existing and desired customer insights and conduct market research to define and personify your buyers' personas and their buying behaviors.

    Output

    Provide people in your organization with clear direction on who your target buyers are and guidance on how to effectively reach and engage with them throughout their journey.
    Participants

    • Head of branding
    • Key stakeholders from sales and product marketing

    MarTech
    May require you to:

    • Register to an Online Survey Platform (free version or subscription).
    • Use, setup, or installation of platforms like CRM and/or Marketing Automation Platform.

    Tools

    1.2.1 Buyer Personas and Journeys

    (240-280 min.)

    Research

    Identify your tier 1 to 3 customers using the Ideal Client Profile (ICP) Workbook. (Recommended)

    Survey and interview existing and desired customers based using the Buyer Persona and Journey Interview Guide and Data Capture Tool. (Recommended)

    Create

    Define and document your tier 1 to 3 Buyer Personas and Journeys using the Buyer Personas and Journeys Presentation Template.

    Consult SoftwareReviews website to find the best survey platform for your needs or contact one of our analysts for more personalized assistance and guidance

    Buyer Personas and Journeys

    A well-defined buyer persona and journey is a great way for brands to ensure they are effectively reaching and engaging their ideal buyers through a personalized buying experience.

    When properly documented, it provides valuable insights about the ideal customers, their needs, challenges, and buying decision processes allowing the development of initiatives that correspond to the target buyers.

    Build brands' personality and message

    Step 1.3 Uncover the brand mission, vision statement, core values, value proposition, and positioning.

    Total duration: 4-5.5 hours

    Objective
    Define the "raison d'être" and fundamental principles of your brand, your positioning in the marketplace, and your unique competitive advantage.

    Output
    Allows everyone in an organization to understand and align with the brand's raison d'être beyond the financial dimension, its current positioning and objectives, and how it intends to achieve them.
    It also serves to communicate a clear and appealing value proposition to buyers.

    Participants

    • Head of branding
    • Chief Executive Officer (CEO)
    • Key stakeholders

    Tools

    • Brand Purpose, Mission, Vision, and Values Template
    • Value Proposition and Positioning Statement Template

    1.3.1 Brand Purpose, Mission, Vision, and Values

    (90-120 min.)

    Capture or Develop

    Capture or develop, if not already existing, your brand's purpose, mission, vision statement, and core values using slides 4 to 7 of the Brand Purpose, Mission, Vision, and Values Template.

    1.3.2 Brand Value Proposition and Positioning

    (150-210 min.)

    Define

    Map the brand value proposition using the canvas on slide 5 of the Value Proposition and Positioning Statement Template, and clearly articulate your value proposition statement on slide 4.

    Optional: Use canvas on slide 7 to develop product-specific product value propositions.

    On slide 8 of the same template, develop your brand positioning statement.

    Build brands' personality and message

    Steps 1.4 Define the brand's archetype and tone of voice, and craft a compelling brand messaging.

    Total duration: 5-8 hours

    Objective

    Define your unique brand voice and develop a set of guidelines, brand story, and messaging to ensure consistency across your digital and non-digital marketing and communication assets.
    Output

    A documented brand personality and voice, as well as brand story and message, will allow anyone producing content or communicating on behalf of your brand to do it using a unique and recognizable voice, and convey the right message.

    Participants

    • Head of branding
    • Content specialist
    • Chief Executive Officer and other key stakeholders

    Tools

    • Brand Voice Guidelines Template
    • Writing Style Guide Template
    • Brand Messaging Template
    • Writer Checklist Template

    1.4.1 Brand Archetype and Tone of Voice

    (120-240 min.)

    Define and document

    Refer to slides 5 and 6 of the Brand Voice Guidelines Template to define your brand personality (archetype), slide 7.

    Use the Brand Voice Guidelines Template to define your brand tone of voice and characteristics on slides 8 and 9, based on the 4 primary tone of voice dimensions, and develop your brand voice chart, slide 9.

    Set Rules

    In the Writing Style Guide template, outline your brand's writing principles, style, grammar, punctuation, and number rules.

    1.4.2 Brand Messaging

    (180-240 min.)

    Craft

    Use the Brand Messaging template, slides 4 to 7, to craft your brand story and message.

    Audit

    Create a content audit to review and approve content to be created prior to publication, using the Writer's Checklist template.

    Important Tip!

    A consistent brand voice leads to remembering and trusting the brand. It should stand out from the competitors' voices and be meaningful to the target audience. Once the brand voice is set, avoid changing it.

    Phase 2

    Start building brand awareness

    Steps

    2.1 Achieve strategy alignment and readiness.
    2.2 Create assets and workflows, and deploy tactics.
    2.3 Establish key performance indicators (KPIs), monitor, and optimize on an ongoing basis.

    Phase outcome

    • A comprehensive and actionable brand awareness strategy, with tactics, KPIs, and metrics, is set and ready to execute.
    • A progressive and effective deployment plan with deliverables, timelines, workflows, and checklists is in place.
    • Resources are assigned.

    Start building brand awareness

    Step 2.1 Achieve strategy readiness and alignment.

    Total duration: 4-5 hours

    Objective

    Now that you have all the key elements of your brand guidelines in place, in addition to your existing logo, typography, color palette, and imagery, you can begin to build brand awareness.

    Start planning to build brand awareness by developing a comprehensive and actionable brand awareness strategy with tactics that align with the company's purpose and objectives. The strategy should include achievable goals and measurables, budget and staffing considerations, and a good workload assessment.

    Output

    A comprehensive long-term, actionable brand awareness strategy with KPIs and measurables.

    Participants

    • Head of branding
    • Key stakeholders

    Tools

    • Brand Awareness Strategy and Tactics Template

    2.1.1 Brand Awareness Analysis

    (60-120 min.)

    Identify

    In slide 5 of the Brand Awareness Strategy and Tactics Template, identify your top three brand awareness drivers, opportunities, inhibitors, and risks to help you establish your strategic objectives in building brand awareness.

    2.1.2 Brand Awareness Strategy

    (60-120 min.)

    Elaborate

    Use slides 6 to 10 of the Brand Awareness Strategy and Tactics Template to elaborate on your strategy goals, key issues, and tactics to begin or continue building brand awareness.

    2.1.3 Brand Awareness KPIs and Metrics

    (180-240 min.)

    Set

    Set the strategy performance metrics and KPIs on slide 11 of the Brand Awareness Strategy and Tactics Template.

    Monitor

    Once you start executing the strategy, monitor and report each quarter using slides 13 to 15 of the same document.

    Understanding the difference between strategies and tactics

    Strategies and tactics can easily be confused, but although they may seem similar at times, they are in fact quite different.

    Strategies and tactics are complementary.

    A strategy is a plan to achieve specific goals, while a tactic is a concrete action or set of actions used to implement that strategy.

    To be effective, brand awareness strategies should be well thought-out, carefully planned, and supported by a series of tactics to achieve the expected outcomes.

    Start building brand awareness

    Step 2.2 Create assets and workflows and deploy tactics.

    Total duration: 3.5-4.5 hours

    Objective

    Build a long-term rollout with deliverables, milestones, timelines, workflows, and checklists. Assign resources and proceed to the ongoing development of assets. Implement, manage, and continuously communicate the strategy and results to key stakeholders.

    Output

    Progressive and effective development and deployment of the brand awareness-building strategy and tactics.

    Participants

    • Head of branding

    Tools

    • Asset Creation and Management List
    • Campaign Workflows Template
    • Brand Awareness Strategy Rollout Plan Template

    2.2.1 Assets Creation List

    (60-120 min.)

    Inventory

    Inventory existing assets to create the Asset Creation and Management List.

    Assign

    Assign the persons responsible, accountable, consulted, and informed of the development of each asset, using the RACI model in the template. Ensure you identify and collaborate with the right stakeholders.

    Prioritize

    Prioritize and add release dates.

    Communicate

    Update status and communicate regularly. Make the list with links to the assets available to the extended team to consult as needed.

    2.2.2 Rollout Plan

    (60-120 min.)

    Inventory

    Map out your strategy deployment in the Brand Awareness Strategy Rollout Plan Template and workflow in the Campaign Workflow Template.

    Assign

    Assign the persons responsible, accountable, consulted, and informed for each tactic, using the RACI model in the template. Ensure you identify and collaborate with the right stakeholders.

    Prioritize

    Prioritize and adjust the timeline accordingly.

    Communicate

    Update status and communicate regularly. Make the list with links to the assets available to the extended team to consult as needed.

    Band Awareness Strategy Rollout Plan
    A strategy rollout plan typically includes the following:

    • Identifying a cross-functional team and resources to develop the assets and deploy the tactics.
    • Listing the various assets to create and manage.
    • A timeline with key milestones, deadlines, and release dates.
    • A communication plan to keep stakeholders informed and aligned with the strategy and tactics.
    • Ongoing performance monitoring.
    • Constant adjustments and improvements to the strategy based on data collected and feedback received.

    Start building brand awareness

    Step 2.3 Establish key performance indicators (KPIs), monitor, and optimize on an ongoing basis.

    Total duration: 3.5-4.5 hours

    Objective

    Brand awareness is built over a long period of time and must be continuously monitored in several ways. Measuring and monitoring the effectiveness of your brand awareness activities will allow you to constantly adjust your tactics and continue to build awareness.

    Output

    This step will provide you with a snapshot of your current level of brand awareness and interactions with the brand, and allow you to set up the tools for ongoing monitoring and optimization.

    Participants

    • Head of branding
    • Digital marketing manager

    MarTech
    May require you to:

    • Register to an Online Survey Platform(free version or subscription), or
    • Use, setup, or installation of platforms like CRM and/or Marketing Automation Platform.
    • Use Google Analytics or other tracking tools.
    • Use social media and campaign management tools.

    Tools

    • Brand Awareness Strategy and Tactics Template

    2.2.2 Rollout Plan

    (60-120 min.)

    Measure

    Monitor and record the strategy performance metrics in slides 12 to 15 of the Brand Awareness Strategy and Tactics template, and gauge its performance against preset KPIs in slide 11. Make ongoing improvements to the strategy and assets.

    Communicate

    The same slides in which you monitor strategy performance can be used to report on the results of the current strategy to key stakeholders on a monthly or quarterly basis, as appropriate.

    Take this opportunity to inform stakeholders of any adjustments you plan to make to the existing plan to improve its performance. Since brand awareness is built over time, be sure to evaluate the results based on how long the strategy has been in place before making major changes.

    Consult SoftwareReviews website to find the best survey, brand monitoring and feedback, and MarTech platforms, or contact one of our analysts for more personalized assistance and guidance

    Measuring brand strategy performance
    There are two ways to measure and monitor your brand's performance on an ongoing basis.

    • By registering to brand monitoring and feedback platforms and tools like Meltwater, Hootsuite, Insights, Brand24, Qualtrics, and Wooltric.
    • Manually, using native analytics built in the platforms you're already using, such as Google and Social Media Analytics, or by gathering customer feedback through surveys, or calculating CAC, ROI, and more in spreadsheets.

    SoftwareReviews can help you choose the right platform for your need. We also equip you with manual tools, available with the Diagnose Brand Health to Improve Business Growthblueprint to measure:

    • Surveys and interviews questions and lists.
    • External and internal factor analysis.
    • Digital and financial metrics analysis.
    • Executive presentation to report on performance.

    Related SoftwareReviews research

    An image of the title page for SoftwareReviews Create a Buyer Persona and Journey. An image of the title page for SoftwareReviews Diagnose Brand Health to Improve Business Growth.

    Create a Buyer Persona and Journey

    Get deeper buyer understanding and achieve product-market fit, with easier access to market and sales

    • Reduce time and resources wasted chasing the wrong prospects.
    • Increase open and click-through rates.
    • Perform more effective sales discovery.
    • Increase win rate.

    Diagnose Brand Health to Improve Business Growth

    Have a significant and well-targeted impact on business success and growth by knowing how your brand performs, identifying areas of improvement, and making data-driven decisions to fix them.

    • Increase brand awareness and equity.
    • Build trust and improve customer retention and loyalty.
    • Achieve higher and faster growth.

    Bibliography

    Aaker, David. "Managing Brand Equity." Simon & Schuster, 1991.
    "6 Factors for Brands to Consider While Designing Their Communication." Lokus Design, 23 Sept. 2022.
    "20 Advocacy Marketing Statistics You Need to Know." Social Toaster, n.d.
    Bazilian, Emma. "How Millennials and Baby Boomers Consume User-Generated Content And what brands can learn from their preferences." Adweek, January 2, 2017.
    B2B International, a Gyro: company, B2B Blog - Why Human-To-Human Marketing Is the Next Big Trend in a Tech-Obsessed World.
    B2B International, a Gyro: company, The State of B2B Survey 2019 - Winning with Emotions: How to Become Your Customer's First Choice.
    Belyh, Anastasia. "Brand Ambassador 101:Turn Your Personal Brand into Cash." Founder Jar, December 6, 2022.
    Brand Master Academy.com.
    Businesswire, a Berkshire Hathaway Company, "Stackla Survey Reveals Disconnect Between the Content Consumers Want & What Marketers Deliver." February 20, 2019.
    Chamat, Ramzi. "Visual Design: Why First Impressions Matter." 8 Ways, June 5, 2019.
    Cognism. "21 Tips for Building a LinkedIn Personal Brand (in B2B SaaS)."
    Curleigh, James. "How to Enhance and Expand a Global Brand." TED.
    "2019 Edelman Trust Barometer." Edelman.
    Erskine, Ryan. "22 Statistics That Prove the Value of Personal Branding." Entrepreneur, September 13, 2016.
    Forbes, Steve. "Branding for Franchise Success: How To Achieve And Maintain Brand Consistency Across A Franchise Network?" Forbes, 9 Feb. 2020.
    Godin, Seth. "Define: Brand." Seth's Blog, 30 Dec. 2009,
    Houragan, Stephen. "Learn Brand Strategy in 7 Minutes (2023 Crash Course)." YouTube.
    Jallad, Revecka. "To Convert More Customers, Focus on Brand Awareness." Forbes, October 22, 2019.
    Kingsbury, Joe, et al. "2021 B2B Thought Leadership Impact Study." Edelman, 2021.
    Kunsman, Todd. "The Anatomy of an Employee Influencer." EveryoneSocial, September 8, 2022.
    Landor, Walter. A Brand New World: The Fortune Guide to the 21st Century. Time Warner Books, 1999.
    Liedke, Lindsay. "37+ Branding Statistics For 2023: Stats, Facts & Trends." Startup Bonsai, January 2, 2023.
    Millman, Debbie. "How Symbols and Brands Shape our Humanity." TED, 2019.
    Nenova, Velina. "21 Eye-Opening B2B Marketing Statistics to Know in 2023." Techjury, February 9, 2023.
    Perrey, Jesko et al., "The brand is back: Staying relevant in an accelerating age." McKinsey & Company, May 1, 2015.
    Schaub, Kathleen. "Social Buying Meets Social Selling: How Trusted Networks Improve the Purchase Experience." LinkedIn Business, April 2014.
    Sopadjieva, Emma et al. "A Study of 46,000 Shoppers Shows That Omnichannel Retailing Works." Harvard Business Review, January 3, 2017.
    Shaun. "B2B Brand Awareness: The Complete Guide 2023." B2B House. 2023.
    TopRank Marketing, "2020 State of B2B Influencer Marketing Research Report." Influencer Marketing Report.

    Create a Service Management Roadmap

    • Buy Link or Shortcode: {j2store}394|cart{/j2store}
    • member rating overall impact: 8.9/10 Overall Impact
    • member rating average dollars saved: $71,003 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • Inconsistent adoption of holistic practices has led to a chaotic service delivery model that results in poor customer satisfaction.
    • There is little structure, formalization, or standardization in the way IT services are designed and managed, leading to diminishing service quality and low business satisfaction.

    Our Advice

    Critical Insight

    • Having effective service management practices in place will allow you to pursue activities, such as innovation, and drive the business forward.
    • Addressing foundational elements like business alignment and management practices will enable you to build effective core practices that deliver business value.
    • Providing consistent leadership support and engagement is essential to allow practitioners to focus on delivering expected outcomes.

    Impact and Result

    • Understand the foundational and core elements that allow you to build a successful service management practice focused on outcomes.
    • Use Info-Tech’s advice and tools to perform an assessment of your organization’s current state, identify the gaps, and create a roadmap for success.
    • Increase business and customer satisfaction by delivering services focused on creating business value.

    Create a Service Management Roadmap Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why many service management maturity projects fail to address foundational and core elements, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the project

    Kick-off the project and complete the project charter.

    • Create a Service Management Roadmap – Phase 1: Launch Project
    • Service Management Roadmap Project Charter

    2. Assess the current state

    Determine the current state for service management practices.

    • Create a Service Management Roadmap – Phase 2: Assess the Current State
    • Service Management Maturity Assessment Tool
    • Organizational Change Management Capability Assessment Tool
    • Service Management Roadmap Presentation Template

    3. Build the roadmap

    Build your roadmap with identified initiatives.

    • Create a Service Management Roadmap – Phase 3: Identify the Target State

    4. Build the communication slide

    Create the communication slide that demonstrates how things will change, both short and long term.

    • Create a Service Management Roadmap – Phase 4: Build the Roadmap
    [infographic]

    Workshop: Create a Service Management Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Service Management

    The Purpose

    Understand service management.

    Key Benefits Achieved

    Gain a common understanding of service management, the forces that impact your roadmap, and the Info-Tech Service Management Maturity Model.

    Activities

    1.1 Understand service management.

    1.2 Build a compelling vision and mission.

    Outputs

    Constraints and enablers chart

    Service management vision, mission, and values

    2 Assess the Current State of Service Management

    The Purpose

    Assess the organization’s current service management capabilities.

    Key Benefits Achieved

    Understand attitudes, behaviors, and culture.

    Understand governance and process ownership needs.

    Understand strengths, weaknesses, opportunities, and threats.

    Defined desired state.

    Activities

    2.1 Assess cultural ABCs.

    2.2 Assess governance needs.

    2.3 Perform SWOT analysis.

    2.4 Define desired state.

    Outputs

    Cultural improvements action items

    Governance action items

    SWOT analysis action items

    Defined desired state

    3 Continue Current-State Assessment

    The Purpose

    Assess the organization’s current service management capabilities.

    Key Benefits Achieved

    Understand the current maturity of service management processes.

    Understand organizational change management capabilities.

    Activities

    3.1 Perform service management process maturity assessment.

    3.2 Complete OCM capability assessment.

    3.3 Identify roadmap themes.

    Outputs

    Service management process maturity activities

    OCM action items

    Roadmap themes

    4 Build Roadmap and Communication Tool

    The Purpose

    Use outputs from previous steps to build your roadmap and communication one-pagers.

    Key Benefits Achieved

    Easy-to-understand roadmap one-pager

    Communication one-pager

    Activities

    4.1 Build roadmap one-pager.

    4.2 Build communication one-pager.

    Outputs

    Service management roadmap

    Service management roadmap – Brought to Life communication slide

    Further reading

    Create a Service Management Roadmap

    Implement service management in an order that makes sense.

    ANALYST PERSPECTIVE

    "More than 80% of the larger enterprises we’ve worked with start out wanting to develop advanced service management practices without having the cultural and organizational basics or foundational practices fully in place. Although you wouldn’t think this would be the case in large enterprises, again and again IT leaders are underestimating the importance of cultural and foundational aspects such as governance, management practices, and understanding business value. You must have these fundamentals right before moving on."

    Tony Denford,

    Research Director – CIO

    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • CIO
    • Senior IT Management

    This Research Will Help You:

    • Create or maintain service management (SM) practices to ensure user-facing services are delivered seamlessly to business users with minimum interruption.
    • Increase the level of reliability and availability of the services provided to the business and improve the relationship and communication between IT and the business.

    This Research Will Also Assist

    • Service Management Process Owners

    This Research Will Help Them:

    • Formalize, standardize, and improve the maturity of service management practices.
    • Identify new service management initiatives to move IT to the next level of service management maturity.

    Executive summary

    Situation

    • Inconsistent adoption of holistic practices has led to a chaotic service delivery model that results in poor customer satisfaction.
    • There is little structure, formalization, or standardization in the way IT services are designed and managed, leading to diminishing service quality and low business satisfaction.

    Complication

    • IT organizations want to be seen as strategic partners, but they fail to address the cultural and organizational constraints.
    • Without alignment with the business goals, services often fail to provide the expected value.
    • Traditional service management approaches are not adaptable for new ways of working.

    Resolution

    • Follow Info-Tech’s methodology to create a service management roadmap that will help guide the optimization of your IT services and improve IT’s value to the business.
    • The blueprint will help you right-size your roadmap to best suit your specific needs and goals and will provide structure, ownership, and direction for service management.
    • This blueprint allows you to accurately identify the current state of service management at your organization. Customize the roadmap and create a plan to achieve your target service management state.

    Info-Tech Insight

    Having effective service management practices in place will allow you to pursue activities such as innovation and drive the business forward. Addressing foundational elements like business alignment and management practices will enable you to build effective core practices that deliver business value. Consistent leadership support and engagement is essential to allow practitioners to focus on delivering expected outcomes.

    Poor service management manifests in many different pains across the organization

    Immaturity in service management will not result in one pain – rather, it will create a chaotic environment for the entire organization, crippling IT’s ability to deliver and perform.

    Low Service Management Maturity

    These are some of the pains that can be attributed to poor service management practices.

    • Frequent service-impacting incidents
    • Low satisfaction with the service desk
    • High % of failed deployments
    • Frequent change-related incidents
    • Frequent recurring incidents
    • Inability to find root cause
    • No communication with the business
    • Frequent capacity-related incidents

    And there are many more…

    Mature service management practices are a necessity, not a nice-to-have

    Immature service management practices are one of the biggest hurdles preventing IT from reaching its true potential.

    In 2004, PwC published a report titled “IT Moves from Cost Center to Business Contributor.” However, the 2014-2015 CSC Global CIO Survey showed that a high percentage of IT is still considered a cost center.

    And low maturity of service management practices is inhibiting activities such as agility, DevOps, digitalization, and innovation.

    A pie chart is shown that is titled: Where does IT sit? The chart has 3 sections. One section represents IT and the business have a collaborative partnership 28%. The next section represents at 33% where IT has a formal client/service provider relationship with the business. The last section has 39% where IT is considered as a cost center.
    Source: CSC Global CIO Survey: 2014-2015 “CIOs Emerge as Disruptive Innovators”

    39%: Resources are primarily focused on managing existing IT workloads and keeping the lights on.

    31%: Too much time and too many resources are used to handle urgent incidents and problems.

    There are many misconceptions about what service management is

    Misconception #1: “Service management is a process”

    Effective service management is a journey that encompasses a series of initiatives that improves the value of services delivered.

    Misconception #2: “Service Management = Service Desk”

    Service desk is the foundation, since it is the main end-user touch point, but service management is a set of people and processes required to deliver business-facing services.

    Misconception #3: “Service management is about the ITSM tool”

    The tool is part of the overall service management program, but the people and processes must be in place before implementing.

    Misconception #4: “Service management development is one big initiative”

    Service management development is a series of initiatives that takes into account an organization’s current state, maturity, capacities, and objectives.

    Misconception #5: “Service management processes can be deployed in any order, assuming good planning and design”

    A successful service management program takes into account the dependencies of processes.

    Misconception #6: “Service management is resolving incidents and deploying changes”

    Service management is about delivering high-value and high-quality services.

    Misconception #7: “Service management is not the key determinant of success”

    As an organization progresses on the service management journey, its ability to deliver high-value and high-quality services increases.

    Misconception #8: “Resolving Incidents = Success”

    Preventing incidents is the name of the game.

    Misconception #9: “Service Management = Good Firefighter”

    Service management is about understanding what’s going on with user-facing services and proactively improving service quality.

    Misconception #10: “Service management is about IT and technical services (e.g. servers, network, database)”

    Service management is about business/user-facing services and the value the services provide to the business.

    Service management projects often don’t succeed because they are focused on process rather than outcomes

    Service management projects tend to focus on implementing process without ensuring foundational elements of culture and management practices are strong enough to support the change.

    1. Aligning your service management goals with your organizational objectives leads to better understanding of the expected outcomes.

      2. Understand your customers and what they value, and design your practices to deliver this value.

    2. IT does not know what order is best when implementing new practices or process improvements.

      3. Don't run before you can walk. Fundamental practices must reach the maturity threshold before developing advanced practices. Implement continuous improvement on your existing processes so they continue to support new practices.

    3. IT does not follow best practices when implementing a practice.

      4. Our best-practice research is based on extensive experience working with clients through advisory calls and workshops.

    Info-Tech can help you create a customized, low-effort, and high-value service management roadmap that will shore up any gaps, prove IT’s value, and achieve business satisfaction.

    Info-Tech’s methodology will help you customize your roadmap so the journey is right for you

    With Info-Tech, you will find out where you are, where you want to go, and how you will get there.

    With our methodology, you can expect the following:

    • Eliminate or reduce rework due to poor execution.
    • Identify dependencies/prerequisites and ensure practices are deployed in the correct order, at the correct time, and by the right people.
    • Engage all necessary resources to design and implement required processes.
    • Assess current maturity and capabilities and design the roadmap with these factors in mind.

    Doing it right the first time around

    You will see these benefits at the end

      ✓ Increase the quality of services IT provides to the business.

      ✓ Increase business satisfaction through higher alignment of IT services.

      ✓ Lower cost to design, implement, and manage services.

      ✓ Better resource utilization, including staff, tools, and budget.

    Focus on a strong foundation to build higher value service management practices

    Info-Tech Insight

    Focus on behaviors and expected outcomes before processes.

    Foundational elements

    • Operating model facilitates service management goals
    • Culture of service delivery
    • Governance discipline to evaluate, direct, and monitor
    • Management discipline to deliver

    Stabilize

    • Deliver stable, reliable IT services to the business
    • Respond to user requests quickly and efficiently
    • Resolve user issues in a timely manner
    • Deploy changes smoothly and successfully

    Proactive

    • Avoid/prevent service disruptions
    • Improve quality of service (performance, availability, reliability)

    Service Provider

    • Understand business needs
    • Ensure services are available
    • Measure service performance, based on business-oriented metrics

    Strategic Partner

    • Fully aligned with business
    • Drive innovation
    • Drive measurable value

    Info-Tech Insight

    Continued leadership support of the foundational elements will allow delivery teams to provide value to the business. Set the expectation of the desired maturity level and allow teams to innovate.

    Follow our model and get to your target state

    A model is depicted that shows the various target states. There are 6 levels showing in the example, and the example is made to look like a tree with a character watering it. In the roots, the level is labelled foundational. The trunk is labelled the core. The lowest hanging branches of the tree is the stabilize section. Above it is the proactive section. Nearing the top of the tree is the service provider. The canopy of the tree are labelled strategic partner.

    Before moving to advanced service management practices, you must ensure that the foundational and core elements are robust enough to support them. Leadership must nurture these practices to ensure they are sustainable and can support higher value, more mature practices.

    Each step along the way, Info-Tech has the tools to help you

    Phase 1: Launch the Project

    Assemble a team with the right talent and vision to increase the chances of project success.

    Phase 2: Assess Current State

    Understand where you are currently on the service management journey using the maturity assessment tool.

    Phase 3: Build Roadmap

    Based on the assessments, build a roadmap to address areas for improvement.

    Phase 4: Build Communication slide

    Based on the roadmap, define the current state, short- and long-term visions for each major improvement area.

    Info-Tech Deliverables:

    • Project Charter
    • Assessment Tools
    • Roadmap Template
    • Communication Template

    CIO call to action

    Improving the maturity of the organization’s service management practice is a big commitment, and the project can only succeed with active support from senior leadership.

    Ideally, the CIO should be the project sponsor, even the project leader. At a minimum, the CIO needs to perform the following activities:

    1. Walk the talk – demonstrate personal commitment to the project and communicate the benefits of the service management journey to IT and the steering committee.

      2. Improving or adopting any new practice is difficult, especially for a project of this size. Thus, the CIO needs to show visible support for this project through internal communication and dedicated resources to help complete this project.

    2. Select a senior, capable, and results-driven project leader.

      3. Most likely, the implementation of this project will be lengthy and technical in some nature. Therefore, the project leader must have a good understanding of the current IT structure, senior standing within the organization, and the relationship and power in place to propel people into action.

    3. Help to define the target future state of IT’s service management.

      4. Determine a realistic target state for the organization based on current capability and resource/budget restraints.

    4. Conduct periodic follow-up meetings to keep track of progress.

      5. Reinforce or re-emphasize the importance of this project to the organization through various communication channels if needed.

    Stabilizing your environment is a must before establishing any more-mature processes

    CASE STUDY

    Industry: Manufacturing

    Source: Engagement

    Challenge

    • The business landscape was rapidly changing for this manufacturer and they wanted to leverage potential cost savings from cloud-first initiatives and consolidate multiple, self-run service delivery teams that were geographically dispersed.

    Solution

    Original Plan

    • Consolidate multiple service delivery teams worldwide and implement service portfolio management.

    Revised Plan with Service Management Roadmap:

    • Markets around the world had very different needs and there was little understanding of what customers value.
    • There was also no understanding of what services were currently being offered within each geography.

    Results

    • Plan was adjusted to understand customer value and services offered.
    • Services were then stabilized and standardized before consolidation.
    • Team also focused on problem maturity and drove a continuous improvement culture and increasing transparency.

    MORAL OF THE STORY:

    Understanding the value of each service allowed the organization to focus effort on high-return activities rather than continuous fire fighting.

    Understand the processes involved in the proactive phase

    CASE STUDY

    Industry: Manufacturing

    Source: Engagement

    Challenge

    • Services were fairly stable, but there were significant recurring issues for certain services.
    • The business was not satisfied with the service quality for certain services, due to periodic availability and reliability issues.
    • Customer feedback for the service desk was generally good.

    Solution

    Original Plan

    • Review all service desk and incident management processes to ensure that service issues were handled in an effective manner.

    Revised Plan with Service Management Roadmap:

    • Design and deploy a rigorous problem management process to determine the root cause of recurring issues.
    • Monitor key services for events that may lead to a service outage.

    Results

    • Root cause of recurring issues was determined and fixes were deployed to resolve the underlying cause of the issues.
    • Service quality improved dramatically, resulting in high customer satisfaction.

    MORAL OF THE STORY:

    Make sure that you understand which processes need to be reviewed in order to determine the cause for service instability. Focusing on the proactive processes was the right answer for this company.

    Have the right culture and structure in place before you become a service provider

    CASE STUDY

    Industry: Healthcare

    Source:Journal of American Medical Informatics Association

    Challenge

    • The IT organization wanted to build a service catalog to demonstrate the value of IT to the business.
    • IT was organized in technology silos and focused on applications, not business services.
    • IT services were not aligned with business activities.
    • Relationships with the business were not well established.

    Solution

    Original Plan

    • Create and publish a service catalog.

    Revised Plan: with Service Management Roadmap:

    • Establish relationships with key stakeholders in the business units.
    • Understand how business activities interface with IT services.
    • Lay the groundwork for the service catalog by defining services from the business perspective.

    Results

    • Strong relationships with the business units.
    • Deep understanding of how business activities map to IT services.
    • Service definitions that reflect how the business uses IT services.

    MORAL OF THE STORY:

    Before you build and publish a service catalog, make sure that you understand how the business is using the IT services that you provide.

    Calculate the benefits of using Info-Tech’s methodology

    To measure the value of developing your roadmap using the Info-Tech tools and methodology, you must calculate the effort saved by not having to develop the methods.

    A. How much time will it take to develop an industry-best roadmap using Info-Tech methodology and tools?

    Using Info-Tech’s tools and methodology you can accurately estimate the effort to develop a roadmap using industry-leading research into best practice.

    B. What would be the effort to develop the insight, assess your team, and develop the roadmap?

    This metric represents the time your team would take to be able to effectively assess themselves and develop a roadmap that will lead to service management excellence.

    C. Cost & time saving through Info-Tech’s methodology

    Measured Value

    Step 1: Assess current state

    Cost to assess current state:

    • 5 Directors + 10 Managers x 10 hours at $X an hour = $A

    Step 2: Build the roadmap

    Cost to create service management roadmap:

    • 5 Directors + 10 Managers x 8 hours at $X an hour = $B

    Step 3: Develop the communication slide

    Cost to create roadmaps for phases:

    • 5 Directors + 10 Managers x 6 hours at $X an hour = $C

    Potential financial savings from using Info-Tech resources:

    Estimated cost to do “B” – (Step 1 ($A) + Step 2 ($B) + Step 3 ($C)) = $Total Saving

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keeps us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Create a Service Management Roadmap – project overview


    Launch the project

    Assess the current state

    Build the roadmap

    Build communication slide

    Best-Practice Toolkit

    1.1 Create a powerful, succinct mission statement

    1.2 Assemble a project team with representatives from all major IT teams

    1.3 Determine project stakeholders and create a communication plan

    1.4 Establish metrics to track the success of the project

    2.1 Assess impacting forces

    2.2 Build service management vision, mission, and values

    2.3 Assess attitudes, behaviors, and culture

    2.4 Assess governance

    2.5 Perform SWOT analysis

    2.6 Identify desired state

    2.7 Assess SM maturity

    2.8 Assess OCM capabilities

    3.1 Document overall themes

    3.2 List individual initiatives

    4.1 Document current state

    4.2 List future vision

    Guided Implementations
    • Kick-off the project
    • Build the project team
    • Complete the charter
    • Understand current state
    • Determine target state
    • Build the roadmap based on current and target state
    • Build short- and long-term visions and initiative list

    Onsite Workshop

    Module 1: Launch the project

    Module 2: Assess current service management maturity

    Module 3: Complete the roadmap

    Module 4: Complete the communication slide

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

    Activities

    Understand Service Management

    1.1 Understand the concepts and benefits of service management.

    1.2 Understand the changing impacting forces that affect your ability to deliver services.

    1.3 Build a compelling vision and mission for your service management program.

    Assess the Current State of Your Service Management Practice

    2.1 Understand attitudes, behaviors, and culture.

    2.2 Assess governance and process ownership needs.

    2.3 Perform SWOT analysis.

    2.4 Define the desired state.

    Complete Current-State Assessment

    3.1 Conduct service management process maturity assessment.

    3.2 Identify organizational change management capabilities.

    3.3 Identify themes for roadmap.

    Build Roadmap and Communication Tool

    4.1 Build roadmap one-pager.

    4.2 Build roadmap communication one-pager.

    Deliverables
    1. Constraints and enablers chart
    2. Service management vision, mission, and values
    1. Action items for cultural improvements
    2. Action items for governance
    3. Identified improvements from SWOT
    4. Defined desired state
    1. Service Management Process Maturity Assessment
    2. Organizational Change Management Assessment
    1. Service management roadmap
    2. Roadmap Communication Tool in the Service Management Roadmap Presentation Template

    PHASE 1

    Launch the Project

    Launch the project

    This step will walk you through the following activities:

    • Create a powerful, succinct mission statement based on your organization’s goals and objectives.
    • Assemble a project team with representatives from all major IT teams.
    • Determine project stakeholders and create a plan to convey the benefits of this project.
    • Establish metrics to track the success of the project.

    Step Insights

    • The project leader should have a strong relationship with IT and business leaders to maximize the benefit of each initiative in the service management journey.
    • The service management roadmap initiative will touch almost every part of the organization; therefore, it is important to have representation from all impacted stakeholders.
    • The communication slide needs to include the organizational change impact of the roadmap initiatives.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Launch the Project

    Step 1.1 – Kick-off the Project

    Start with an analyst kick-off call:

    • Identify current organization pain points relating to poor service management practices
    • Determine high-level objectives
    • Create a mission statement

    Then complete these activities…

    • Identify potential team members who could actively contribute to the project
    • Identify stakeholders who have a vested interest in the completion of this project

    With these tools & templates:

    • Service Management Roadmap Project Charter

    Step 1.2 – Complete the Charter

    Review findings with analyst:

    • Create the project team; ensure all major IT teams are represented
    • Review stakeholder list and identify communication messages

    Then complete these activities…

    • Establish metrics to complete project planning
    • Complete the project charter

    With these tools & templates:

    • Service Management Roadmap Project Charter

    Use Info-Tech’s project charter to begin your initiative

    1.1 Service Management Roadmap Project Charter

    The Service Management Roadmap Project Charter is used to govern the initiative throughout the project. It provides the foundation for project communication and monitoring.

    The template has been pre-populated with sample information appropriate for this project. Please review this sample text and change, add, or delete information as required.

    The charter includes the following sections:

    • Mission Statement
    • Goals & Objectives
    • Project Team
    • Project Stakeholders
    • Current State (from phases 2 & 3)
    • Target State (from phases 2 & 3)
    • Target State
    • Metrics
    • Sponsorship Signature
    A screenshot of Info-Tech's Service Management Roadmap Project Charter is shown.

    Use Info-Tech’s ready-to-use deliverable to customize your mission statement

    Adapt and personalize Info-Tech’s Service Management Roadmap Mission Statement and Goals & Objectives below to suit your organization’s needs.

    Goals & Objectives

    • Create a plan for implementing service management initiatives that align with the overall goals/objectives for service management.
    • Identify service management initiatives that must be implemented/improved in the short term before deploying more advanced initiatives.
    • Determine the target state for each initiative based on current maturity and level of investment available.
    • Identify service management initiatives and understand dependencies, prerequisites, and level of effort required to implement.
    • Determine the sequence in which initiatives should be deployed.
    • Create a detailed rollout plan that specifies initiatives, time frames, and owners.
    • Engage the right teams and obtain their commitment throughout both the planning and assessment of roadmap initiatives.
    • both the planning and assessment of roadmap initiatives. Obtain support for the completed roadmap from executive stakeholders.

    Example Mission Statement

    To help [Organization Name] develop a set of service management practices that will better address the overarching goals of the IT department.

    To create a roadmap that sequences initiatives in a way that incorporates best practices and takes into consideration dependencies and prerequisites between service management practices.

    To garner support from the right people and obtain executive buy-in for the roadmap.

    Create a well-balanced project team

    The project leader should be a member of your IT department’s senior executive team with goals and objectives that will be impacted by service management implementation. The project leader should possess the following characteristics:

    Leader

    • Influence and impact
    • Comprehensive knowledge of IT and the organization
    • Relationship with senior IT management
    • Ability to get things done

    Team Members

    Identify

    The project team members are the IT managers and directors whose day-to-day lives will be impacted by the service management roadmap and its implementation. The service management initiative will touch almost every IT staff member in the organization; therefore, it is important to have representatives from every single group, including those that are not mentioned. Some examples of individuals you should consider for your team:

    • Service Delivery Managers
    • Director/Manager of Applications
    • Director/Manager of Infrastructure
    • Director/Manager of Service Desk
    • Business Relationship Managers
    • Project Management Office

    Engage & Communicate

    You want to engage your project participants in the planning process as much as possible. They should be involved in the current-state assessment, the establishment of goals and objectives, and the development of your target state.

    To sell this project, identify and articulate how this project and/or process will improve the quality of their job. For example, a formal incident management process will benefit people working at the service desk or on the applications or infrastructure teams. Helping them understand the gains will help to secure their support throughout the long implementation process by giving them a sense of ownership.

    The project stakeholders should also be project team members

    When managing stakeholders, it is important to help them understand their stake in the project as well as their own personal gain that will come out of this project.

    For many of the stakeholders, they also play a critical role in the development of this project.

    Role & Benefits

    • CIO

      • The CIO should be actively involved in the planning stage to help determine current and target stage.

      The CIO also needs to promote and sell the project to the IT team so they can understand that higher maturity of service management practices will allow IT to be seen as a partner to the business, giving IT a seat at the table during decision making.

    • Service Delivery Managers/Process Owners

      • Service Delivery Managers are directly responsible for the quality and value of services provided to the business owners. Thus, the Service Delivery Managers have a very high stake in the project and should be considered for the role of project leader.

      Service Delivery Managers need to work closely with the process owners of each service management process to ensure clear objectives are established and there is a common understanding of what needs to be achieved.

    • IT Steering Committee

      • The Committee should be informed and periodically updated about the progress of the project.

    • Manager/Director – Service Desk

      • The Manager of the Service Desk should participate closely in the development of fundamental service management processes, such as service desk, incident management, and problem management.

      Having a more established process in place will create structure, governance, and reduce service desk staff headaches so they can handle requests or incidents more efficiently.

    • Manager/Director –Applications & Infrastructure

      • The Manager of Applications and Infrastructure should be heavily relied on for their knowledge of how technology ties into the organization. They should be consulted regularly for each of the processes.

      This project will also benefit them directly, such as improving the process to deploy a fix into the environment or manage the capacity of the infrastructure.

    • Business Relationship Manager

      • As the IT organization moves up the maturity ladder, the Business Relationship Manager will play a fundamental role in the more advanced processes, such as business relationship management, demand management, and portfolio management.

      This project will be an great opportunity for the Business Relationship Manager to demonstrate their value and their knowledge of how to align IT objectives with business vision.

    Ensure you get the entire IT organization on board for the project with a well-practiced change message

    Getting the IT team on board will greatly maximize the project’s chance of success.

    One of the top challenges for organizations embarking on a service management journey is to manage the magnitude of the project. To ensure the message is not lost, communicate this roadmap in two steps.

    1. Communicate the roadmap initiative

    The most important message to send to the IT organization is that this project will benefit them directly. Articulate the pains that IT is currently experiencing and explain that through more mature service management, these pains can be greatly reduced and IT can start to earn a place at the table with the business.

    2. Communicate the implementation of each process separately

    The communication of process implementation should be done separately and at the beginning of each implementation. This is to ensure that IT staff do not feel overwhelmed or overloaded. It also helps to keep the project more manageable for the project team.

    Continuously monitor feedback and address concerns throughout the entire process

    • Host lunch and learns to provide updates on the service management initiative to the entire IT team.
    • Understand if there are any major roadblocks and facilitate discussions on how to overcome them.

    Articulate the service management initiative to the IT organization

    Spread the word and bring attention to your change message through effective mediums and organizational changes.

    Key aspects of a communication plan

    The methods of communication (e.g. newsletters, email broadcast, news of the day, automated messages) notify users of implementation.

    In addition, it is important to know who will deliver the message (delivery strategy). You need IT executives to deliver the message – work hard on obtaining their support as they are the ones communicating to their staff and should be your project champions.

    Anticipate organizational changes

    The implementation of the service management roadmap will most likely lead to organizational changes in terms of structure, roles, and responsibilities. Therefore, the team should be prepared to communicate the value that these changes will bring.

    Communicating Change

    • What is the change?
    • Why are we doing it?
    • How are we going to go about it?
    • What are we trying to achieve?
    • How often will we be updated?

    The Qualities of Leadership: Leading Change

    Create a project communication plan for your stakeholders

    This project cannot be successfully completed without the support of senior IT management.

    1. After the CIO has introduced this project through management meetings or informal conversation, find out how each IT leader feels about this project. You need to make sure the directors and managers of each IT team, especially the directors of application and infrastructure, are on board.
    2. After the meeting, the project leader should seek out the major stakeholders (particularly the heads of applications and infrastructure) and validate their level of support through formal or informal meetings. Create a list documenting the major stakeholders, their level of support, and how the project team will work to gain their approval.
    3. For each identified stakeholder, create a custom communication plan based on their role. For example, if the director of infrastructure is not a supporter, demonstrate how this project will enable them to better understand how to improve service quality. Provide periodic reporting or meetings to update the director on project progress.

    INPUT

    • A collaborative discussion between team members

    OUTPUT

    • Thorough briefing for project launch
    • A committed team

    Materials

    • Communication message and plan
    • Metric tracking

    Participants

    • Project leader
    • Core project team

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst is shown.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1

    A screenshot of activity 1.1 is shown.

    Create a powerful, succinct mission statement

    Using Info-Tech’s sample mission statement as a guide, build your mission statement based on the objectives of this project and the benefits that this project will achieve. Keep the mission statement short and clear.

    1.2

    A screenshot of activity 1.2 is shown.

    Assemble the project team

    Create a project team with representatives from all major IT teams. Engage and communicate to the project team early and proactively.

    1.3

    A screenshot of activity 1.3 is shown.

    Identify project stakeholders and create a communication plan

    Info-Tech will help you identify key stakeholders who have a vested interest in the success of the project. Determine the communication message that will best gain their support.

    1.4

    A screenshot of activity 1.4 is shown.

    Use metrics to track the success of the project

    The onsite analyst will help the project team determine the appropriate metrics to measure the success of this project.

    PHASE 2

    Assess Your Current Service Management State

    Assess your current state

    This step will walk you through the following activities:

    • Use Info-Tech’s Service Management Maturity Assessment Tool to determine your overall practice maturity level.
    • Understand your level of completeness for each individual practice.
    • Understand the three major phases involved in the service management journey; know the symptoms of each phase and how they affect your target state selection.

    Step Insights

    • To determine the real maturity of your service management practices, you should focus on the results and output of the practice, rather than the activities performed for each process.
    • Focus on phase-level maturity as opposed to the level of completeness for each individual process.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Determine Your Service Management Current State

    Step 2.1 – Assess Impacting Forces

    Start with an analyst kick-off call:

    • Discuss the impacting forces that can affect the success of your service management program
    • Identify internal and external constraints and enablers
    • Review and interpret how to leverage or mitigate these elements

    Then complete these activities…

    • Present the findings of the organizational context
    • Facilitate a discussion and create consensus amongst the project team members on where the organization should start

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.2 – Build Vision, Mission, and Values

    Review findings with analyst:

    • Review your service management vision and mission statement and discuss the values

    Then complete these activities…

    • Socialize the vision, mission, and values to ensure they are aligned with overall organizational vision. Then, set the expectations for behavior aligned with the vision, mission, and values

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.3 – Assess Attitudes, Behaviors, and Culture

    Review findings with analyst:

    • Discuss tactics for addressing negative attitudes, behaviors, or culture identified

    Then complete these activities…

    • Add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.4 – Assess Governance Needs

    Review findings with analyst:

    • Understand the typical types of governance structure and the differences between management and governance
    • Choose the management structure required for your organization

    Then complete these activities…

    • Determine actions required to establish an effective governance structure and add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.5 – Perform SWOT Analysis

    Review findings with analyst:

    • Discuss SWOT analysis results and tactics for addressing within the roadmap

    Then complete these activities…

    • Add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.6 – Identify Desired State

    Review findings with analyst:

    • Discuss desired state and commitment needed to achieve aspects of the desired state

    Then complete these activities…

    • Use the desired state to critically assess the current state of your service management practices and whether they are achieving the desired outcomes
    • Prep for the SM maturity assessment

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.7 – Perform SM Maturity Assessment

    Review findings with analyst:

    • Review and interpret the output from your service management maturity assessment

    Then complete these activities…

    • Add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Service Management Maturity Assessment

    Step 2.8 – Review OCM Capabilities

    Review findings with analyst:

    • Review and interpret the output from your organizational change management maturity assessment

    Then complete these activities…

    • Add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Organizational Change Management Assessment

    Understand and assess impacting forces – constraints and enablers

    Constraints and enablers are organizational and behavioral triggers that directly impact your ability and approach to establishing Service Management practices.

    A model is shown to demonstrate the possibe constraints and enablers on your service management program. It incorporates available resources, the environment, management practices, and available technologies.

    Effective service management requires a mix of different approaches and practices that best fit your organization. There’s not a one-size-fits-all solution. Consider the resources, environment, emerging technologies, and management practices facing your organization. What items can you leverage or use to mitigate to move your service management program forward?

    Use Info-Tech’s “Organizational Context” template to list the constraints and enablers affecting your service management

    The Service Management Roadmap Presentation Template will help you understand the business environment you need to consider as you build out your roadmap.

    Discuss and document constraints and enablers related to the business environment, available resources, management practices, and emerging technologies. Any constraints will need to be addressed within your roadmap and enablers should be leveraged to maximize your results.


    Screenshot of Info-Tech's Service Management Roadmap Presentation Template is shown.

    Document constraints and enablers

    1. Discuss and document the constrains and enablers for each aspect of the management mesh: environment, resources, management practices, or technology.
    2. Use this as a thought provoker in later exercises.

    INPUT

    • A collaborative discussion

    OUTPUT

    • Organizational context constraints and enablers

    Materials

    • Whiteboards or flip charts

    Participants

    • All stakeholders

    Build compelling vision and mission statements to set the direction of your service management program

    While you are articulating the vision and mission, think about the values you want the team to display. Being explicit can be a powerful tool to create alignment.

    A vision statement describes the intended state of your service management organization, expressed in the present tense.

    A mission statement describes why your service management organization exists.

    Your organizational values state how you will deliver services.

    Use Info-Tech’s “Vision, Mission, and Values” template to set the aspiration & purpose of your service management practice

    The Service Management Roadmap Presentation Template will help you document your vision for service management, the purpose of the program, and the values you want to see demonstrated.

    If the team cannot gain agreement on their reason for being, it will be difficult to make traction on the roadmap items. A concise and compelling statement can set the direction for desired behavior and help team members align with the vision when trying to make ground-level decisions. It can also be used to hold each other accountable when undesirable behavior emerges. It should be revised from time to time, when the environment changes, but a well-written statement should stand the test of time.

    A screenshot of the Service Management Roadmap Presentation Temaplate is shown. Specifically it is showing the section on the vision, mission, and values results.

    Document your organization’s vision, mission , and values

    1. Vision: Identify your desired target state, consider the details of that target state, and create a vision statement.
    2. Mission: Consider the fundamental purpose of your SM program and craft a statement of purpose.
    3. Values: As you work through the vision and mission, identify values that your organization prides itself in or has the aspiration for.
    4. Discuss common themes and then develop a concise vision statement and mission statement that incorporates the group’s ideas.

    INPUT

    • A collaborative discussion

    OUTPUT

    • Vision statement
    • Mission statement
    • Organizational values

    Materials

    • Whiteboards or flip charts
    • Sample vision and mission statements

    Participants

    • All stakeholders
    • Senior leadership

    Understanding attitude, behavior, and culture

    Attitude

    • What people think and feel. It can be seen in their demeanor and how they react to change initiatives, colleagues, and users.

    Any form of organizational change involves adjusting people’s attitudes, creating buy-in and commitment. You need to identify and address attitudes that can lead to negative behaviors and actions or that are counter-productive. It must be made visible and related to your desired behavior.

    Behaviour

    • What people do. This is influenced by attitude and the culture of the organization.

    To implement change within IT, especially at a tactical level, both IT and organizational behavior needs to change. This is relevant because people don’t like to change and will resist in an active or passive way unless you can sell the need, value, and benefit of changing their behavior.

    Culture

    • The accepted and understood ways of working in an organization. The values and standards that people find normal and what would be tacitly identified to new resources.

    The organizational or corporate “attitude,” the impact on employee behavior and attitude is often not fully understood. Culture is an invisible element, which makes it difficult to identify, but it has a strong impact and must be addressed to successfully embed any organizational change or strategy.

    Culture is a critical and under-addressed success factor

    43% of CIOs cited resistance to change as the top impediment to a successful digital strategy.

    CIO.com

    75% of organizations cannot identify or articulate their culture or its impact.

    Info-Tech

    “Shortcomings in organizational culture are one of the main barriers to company success in the digital age.”

    McKinsey – “Culture for a digital age”

    Examples of how they apply

    Attitude

    • “I’ll believe that when I see it”
    • Positive outlook on new ideas and changes

    Behaviour

    • Saying you’ll follow a new process but not doing so
    • Choosing not to document a resolution approach or updating a knowledge article, despite being asked

    Culture

    • Hero culture (knowledge is power)
    • Blame culture (finger pointing)
    • Collaborative culture (people rally and work together)

    Why have we failed to address attitude, behavior, and culture?

      ✓ While there is attention and better understanding of these areas, very little effort is made to actually solve these challenges.

      ✓ The impact is not well understood.

      ✓ The lack of tangible and visible factors makes it difficult to identify.

      ✓ There is a lack of proper guidance, leadership skills, and governance to address these in the right places.

      ✓ Addressing these issues has to be done proactively, with intent, rigor, and discipline, in order to be successful.

      ✓ We ignore it (head in the sand and hoping it will fix itself).

    Avoidance has been a common strategy for addressing behavior and culture in organizations.

    Use Info-Tech’s “Culture and Environment” template to identify cultural constraints that should be addressed in roadmap

    The Service Management Roadmap Presentation Template will help you document attitude, behavior, and culture constraints.

    Discuss as a team attitudes, behaviors, and cultural aspects that can either hinder or be leveraged to support your vision for the service management program. Capture all items that need to be addressed in the roadmap.

    A screenshot of the Service Management Roadmap Presentation Template is shown. Specifically showing the culture and environment slide.

    Document your organization’s attitudes, behaviors, and culture

    1. Discuss and document positive and negative aspects of attitude, behavior, or culture within your organization.
    2. Identify the items that need to be addressed as part of your roadmap.

    INPUT

    • A collaborative discussion

    OUTPUT

    • Culture and environment worksheet

    Materials

    • Whiteboards or flip charts

    Participants

    • All stakeholders

    The relationship to governance

    Attitude, behavior, and culture are still underestimated as core success factors in governance and management.

    Behavior is a key enabler of good governance. Leading by example and modeling behavior has a cascading impact on shifting culture, reinforcing the importance of change through adherence.

    Executive leadership and governing bodies must lead and support cultural change.

    Key Points

    • Less than 25% of organizations have formal IT governance in place (ITSM Tools).
    • Governance tends to focus on risk and compliance (controls), but forgets the impact of value and performance.

    Lack of oversight often limits the value of service management implementations

    Organizations often fail to move beyond risk mitigation, losing focus of the goals of their service management practices and the capabilities required to produce value.

    Risk Mitigation

    • Stabilize IT
    • Service Desk
    • Incident Management
    • Change Management

    Gap

    • Organizational alignment through governance
    • Disciplined focus on goals of SM

    Value Production

    • Value that meets business and consumer needs

    This creates a situation where service management activities and roadmaps focus on adjusting and tweaking process areas that no longer support how the organization needs to work.

    How does establishing governance for service management provide value?

    Governance of service management is a gap in most organizations, which leads to much of the failure and lack of value from service management processes and activities.

    Once in place, effective governance enables success for organizations by:

    1. Ensuring service management processes improve business value
    2. Measuring and confirming the value of the service management investment
    3. Driving a focus on outcome and impact instead of simply process adherence
    4. Looking at the integrated impact of service management in order to ensure focused prioritization of work
    5. Driving customer-experience focus within organizations
    6. Ensuring quality is achieved and addressing quality impacts and dependencies between processes

    Four common service management process ownership models

    Your ownership structure largely defines how processes will need to be implemented, maintained, and improved. It has a strong impact on their ability to integrate and how other teams perceive their involvement.

    An organizational structure is shown. In the image is an arrow, with the tip facing in the right direction. The left side of the arrow is labelled: Traditional, and the right side is labelled: Complex. The four models are noted along the arrow. Starting on the left side and going to the right are: Distributed Process Ownership, Centralized Process Ownership, Federated Process Ownership, and Service Management Office.

    Most organizations are somewhere within this spectrum of four core ownership models, usually having some combination of shared traits between the two models that are closest to them on the scale.

    Info-Tech Insight

    The organizational structure that is best for you depends on your needs, and one is not necessarily better than another. The next four slides describe when each ownership level is most appropriate.

    Distributed process ownership

    Distributed process ownership is usually evident when organizations initially establish their service management practices. The processes are assigned to a specific group, who assumes some level of ownership over its execution.

    The distributed process ownership model is shown. CIO is listed at the top with four branches leading out from below it. The four branches are labelled: Service Desk, Operations, Applications, and Security.

    Info-Tech Insight

    This model is often a suitable approach for initial implementations or where it may be difficult to move out of siloes within the organization’s structure or culture.

    Centralized process ownership

    Centralized process ownership usually becomes necessary for organizations as they move into a more functional structure. It starts to drive management of processes horizontally across the organization while still retaining functional management control.

    A centralized process ownership model is shown. The CIO is at the top and the following are branches below it: Service Manager, Support, Middleware, Development, and Infrastructure.

    Info-Tech Insight

    This model is often suitable for maturing organizations that are starting to look at process integration and shared service outcomes and accountability.

    Federated process ownership

    Federated process ownership allows for global control and regional variation, and it supports product orientation and Agile/DevOps principles

    A federated process ownership model is shown. The Sponsor/CIO is at the top, with the ITSM Executive below it. Below that level is the: Process Owner, Process Manager, and Process Manager.

    Info-Tech Insight

    Federated process ownership is usually evident in organizations that have an international or multi-regional presence.

    Service management office (SMO)

    SMO structures tend to occur in highly mature organizations, where service management responsibility is seen as an enterprise accountability.

    A service management office model is shown. The CIO is at the top with the following branches below it: SMO, End-User Services, Infra., Apps., and Architecture.

    Info-Tech Insight

    SMOs are suitable for organizations with a defined IT and organizational strategy. A SMO supports integration with other enterprise practices like enterprise architecture and the PMO.

    Determine which process ownership and governance model works best for your organization

    The Service Management Roadmap Presentation Template will help you document process ownership and governance model

    Example:

    Key Goals:

      ☐ Own accountability for changes to core processes

      ☐ Understand systemic nature and dependencies related to processes and services

      ☐ Approve and prioritize improvement and CSI initiatives related to processes and services

      ☐ Evaluate success of initiative outcomes based on defined benefits and expectations

      ☐ Own Service Management and Governance processes and policies

      ☐ Report into ITSM executive or equivalent body

    Membership:

      ☐ Process Owners, SM Owner, Tool Owner/Liaison, Audit

    Discuss as a team which process ownership model works for your organization. Determine who will govern the service management practice. Determine items that should be identified in your roadmap to address governance and process ownership gaps.

    Use Info-Tech’s “SWOT” template to identify strengths, weaknesses, opportunities & threats that should be addressed

    The Service Management Roadmap Presentation Template will help you document items from your SWOT analysis.

    A screenshot of the Service Management Roadmap Presentation Template is shown. Specifically the SWOT section is shown.

    Brainstorm the strengths, weaknesses, opportunities, and threats related to resources, environment, technology, and management practices. Add items that need to be addressed to your roadmap.

    Perform a SWOT analysis

    1. Brainstorm each aspect of the SWOT with an emphasis on:
    • Resources
    • Environment
    • Technologies
    • Management Practices
  • Record your ideas on a flip chart or whiteboard.
  • Add items to be addressed to the roadmap.

    • INPUT

    • A collaborative discussion

    OUTPUT

    • SWOT analysis
    • Priority items identified

    Materials

    • Whiteboards or flip charts

    Participants

    • All stakeholders

    Indicate desired maturity level for your service management program to be successful

    Discuss the various maturity levels and choose a desired level that would meet business needs.

    The desired maturity model is depicted.

    INPUT

    • A collaborative discussion

    OUTPUT

    • Desired state of service management maturity

    Materials

    • None

    Participants

    • All stakeholders

    Use Info-Tech’s Service Management Process Maturity Assessment Tool to understand your current state

    The Service Management Process Maturity Assessment Tool will help you understand the true state of your service management.

    A screenshot of Info-Tech's Service Management Process Assessment Tool is shown.

    Part 1, Part 2, and Part 3 tabs

    These three worksheets contain questions that will determine the overall maturity of your service management processes. There are multiple sections of questions focused on different processes. It is very important that you start from Part 1 and continue the questions sequentially.

    Results tab

    The Results tab will display the current state of your service management processes as well as the percentage of completion for each individual process.

    Complete the service management process maturity assessment

    The current-state assessment will be the foundation of building your roadmap, so pay close attention to the questions and answer them truthfully.

    1. Start with tab 1 in the Service Management Process Maturity Assessment Tool. Remember to read the questions carefully and always use the feedback obtained through the end-user survey to help you determine the answer.
    2. In the “Degree of Process Completeness” column, use the drop-down menu to input the results solicited from the goals and objectives meeting you held with your project participants.
      3. A screenshot of Info-Tech's Service Management Process Assessment Tool is shown. Tab 1 is shown.
    3. Host a meeting with all participants following completion of the survey and have them bring their results. Discuss in a round-table setting, keeping a master sheet of agreed upon results.

    INPUT

    • Service Management Process Maturity Assessment Tool questions

    OUTPUT

    • Determination of current state

    Materials

    • Service Management Process Maturity Assessment Tool

    Participants

    • Project team members

    Review the results of your current-state assessment

    At the end of the assessment, the Results tab will have action items you could perform to close the gaps identified by the process assessment tool.

    A screenshot of Info-Tech's Service Management Process Maturity Assessment Results is shown.

    INPUT

    • Maturity assessment results

    OUTPUT

    • Determination of overall and individual practice maturity

    Materials

    • Service Management Maturity Assessment Tool

    Participants

    • Project team members

    Use Info-Tech’s OCM Capability Assessment tool to understand your current state

    The Organizational Change Management Capabilities Assessment tool will help you understand the true state of your organizational change management capabilities.

    A screenshot of Info-Tech's Organizational Change Management Capabilities Assessment

    Complete the Capabilities tab to capture the current state for organizational change management. Review the Results tab for interpretation of the capabilities. Review the Recommendations tab for actions to address low areas of maturity.

    Complete the OCM capability assessment

    1. Open Organizational Change Management Capabilities Assessment tool.
    2. Come to consensus on the most appropriate answer for each question. Use the 80/20 rule.
    3. Review result charts and discuss findings.
    4. Identify roadmap items based on maturity assessment.

    INPUT

    • A collaborative discussion

    OUTPUT

    • OCM Assessment tool
    • OCM assessment results

    Materials

    • OCM Capabilities Assessment tool

    Participants

    • All stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst is shown.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    A screenshot of activity 2.1 is shown.

    Create a powerful, succinct mission statement

    Using Info-Tech’s sample mission statement as a guide, build your mission statement based on the objectives of this project and the benefits that this project will achieve. Keep the mission statement short and clear.

    2.2

    A screenshot of activity 2.2 is shown.

    Complete the assessment

    With the project team in the room, go through all three parts of the assessment with consideration of the feedback received from the business.

    2.3

    A screenshot of activity 2.3 is shown.

    Interpret the results of the assessment

    The Info-Tech onsite analyst will facilitate a discussion on the overall maturity of your service management practices and individual process maturity. Are there any surprises? Are the results reflective of current service delivery maturity?

    PHASE 3

    Build Your Service Management Roadmap

    Build Roadmap

    This step will walk you through the following activities:

    • Document your vision and mission on the roadmap one-pager.
    • Using the inputs from the current-state assessments, identify the key themes required by your organization.
    • Identify individual initiatives needed to address key themes.

    Step Insights

    • Using the Info-Tech thought model, address foundational gaps early in your roadmap and establish the management methods to continuously make them more robust.
    • If any of the core practices are not meeting the vision for your service management program, be sure to address these items before moving on to more advanced service management practices or processes.
    • Make sure the story you are telling with your roadmap is aligned to the overall organizational goals.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Determine Your Service Management Target State

    Step 3.1 – Document the Overall Themes

    Start with an analyst kick-off call:

    • Review the outputs from your current-state assessments to identify themes for areas that need to be included in your roadmap

    Then complete these activities…

    • Ensure foundational elements are solid by adding any gaps to the roadmap
    • Identify any changes needed to management practices to ensure continuous improvement

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 3.2 – Determine Individual Initiatives

    Review findings with analyst:

    • Determine the individual initiatives needed to close the gaps between the current state and the vision

    Then complete these activities…

    • Finalize and document roadmap for executive socialization

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Focus on a strong foundation to build higher value service management practices

    Info-Tech Insight

    Focus on behaviors and expected outcomes before processes.

    Foundational elements

    • Operating model facilitates service management goals
    • Culture of service delivery
    • Governance discipline to evaluate, direct, and monitor
    • Management discipline to deliver

    Stabilize

    • Deliver stable, reliable IT services to the business
    • Respond to user requests quickly and efficiently
    • Resolve user issues in a timely manner
    • Deploy changes smoothly and successfully

    Proactive

    • Avoid/prevent service disruptions
    • Improve quality of service (performance, availability, reliability)

    Service Provider

    • Understand business needs
    • Ensure services are available
    • Measure service performance, based on business-oriented metrics

    Strategic Partner

    • Fully aligned with business
    • Drive innovation
    • Drive measurable value

    Info-Tech Insight

    Continued leadership support of the foundational elements will allow delivery teams to provide value to the business. Set the expectation of the desired maturity level and allow teams to innovate.

    Identify themes that can help you build a strong foundation before moving to higher level practices

    A model is depicted that shows the various target states. There are 6 levels showing in the example, and the example is made to look like a tree with a character watering it. In the roots, the level is labelled foundational. The trunk is labelled the core. The lowest hanging branches of the tree is the stabilize section. Above it is the proactive section. Nearing the top of the tree is the service provider. The top most branches of the tree is labelled strategic partner.

    Before moving to advanced service management practices, you must ensure that the foundational and core elements are robust enough to support them. Leadership must nurture these practices to ensure they are sustainable and can support higher value, more mature practices.

    Use Info-Tech’s “Service Management Roadmap” template to document your vision, themes and initiatives

    The Service Management Roadmap Presentation Template contains a roadmap template to help communicate your vision, themes to be addressed, and initiatives

    A screenshot of Info-Tech's Service Management Roadmap template is shown.

    Working from the lower maturity items to the higher value practices, identify logical groupings of initiatives into themes. This will aid in communicating the reasons for the needed changes. List the individual initiatives below the themes. Adding the service management vision and mission statements can help readers understand the roadmap.

    Document your service management roadmap

    1. Document the service management vision and mission on the roadmap template.
    2. Identify, from the assessments, areas that need to be improved or implemented.
    3. Group the individual initiatives into logical themes that can ease communication of what needs to happen.
    4. Document the individual initiatives.
    5. Document in terms that business partners and executive sponsors can understand.

    INPUT

    • Current-state assessment outputs
    • Maturity model

    OUTPUT

    • Service management roadmap

    Materials

    • Whiteboard
    • Roadmap template

    Participants

    • All stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst is shown.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    A screenshot of activity 3.1 is shown.

    Identify themes to address items from the foundational level up to higher value service management practices

    Identify easily understood themes that will help others understand the expected outcomes within your organization.

    A screenshot of activity 3.2 is shown.

    Document individual initiatives that contribute to the themes

    Identify specific activities that will close gaps identified in the assessments.

    PHASE 2

    Build Communication Slide

    Complete your service management roadmap

    This step will walk you through the following activities:

    • Use the current-state assessment exercises to document the state of your service management practices. Document examples of the behaviors that are currently seen.
    • Document the expected short-term gains. Describe how you want the behaviors to change.
    • Document the long-term vision for each item and describe the benefits you expect to see from addressing each theme.

    Step Insights

    • Use the communication template to acknowledge the areas that need to be improved and paint the short- and long-term vision for the improvements to be made through executing the roadmap.
    • Write it in business terms so that it can be used widely to gain acceptance of the upcoming changes that need to occur.
    • Include specific areas that need to be fixed to make it more tangible.
    • Adding the values from the vision, mission, and values exercise can also help you set expectations about how the team will behave as they move towards the longer-term vision.

    Phase 4 Outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Build the Service Management Roadmap

    Step 4.1: Document the Current State

    Start with an analyst kick-off call:

    • Review the pain points identified from the current state analysis
    • Discuss tactics to address specific pain points

    Then complete these activities…

    • Socialize the pain points within the service delivery teams to ensure nothing is being misrepresented
    • Gather ideas for the future state

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 4.2: List the Future Vision

    Review findings with analyst:

    • Review short- and long-term vision for improvements for the pain points identified in the current state analysis

    Then complete these activities…

    • Prepare to socialize the roadmap
    • Ensure long-term vision is aligned with organizational objectives

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Use Info-Tech’s “Service Management Roadmap – Brought to Life” template to paint a picture of the future state

    The Service Management Roadmap Presentation Template contains a communication template to help communicate your vision of the future state

    A screenshot of Info-Tech's Service Management Roadmap - Brought to Life template

    Use this template to demonstrate how existing pain points to delivering services will improve over time by painting a near- and long-term picture of how things will change. Also list specific initiatives that will be launched to affect the changes. Listing the values identified in the vision, mission, and values exercise will also demonstrate the team’s commitment to changing behavior to create better outcomes.

    Document your current state and list initiatives to address them

    1. Use the previous assessments and feedback from business or customers to identify current behaviors that need addressing.
    2. Focus on high-impact items for this document, not an extensive list.
      3. An example of step 1 and 2 are shown.
    3. List the initiatives or actions that will be used to address the specific pain points.

    An example of areas for improvement.

    INPUT

    • Current-state assessment outputs
    • Feedback from business

    OUTPUT

    • Service Management Roadmap Communication Tool, in the Service Management Roadmap Presentation

    Materials

    • Whiteboard
    • Roadmap template

    Participants

    • All stakeholders

    Document your future state

    An example of document your furture state is shown.

    1. For each pain point document the expected behaviors, both short term and longer term.
    2. Write in terms that allow readers to understand what to expect from your service management practice.

    INPUT

    • Current-state assessment outputs
    • Feedback from business

    OUTPUT

    • Service Management Roadmap Communication Tool, in the Service Management Roadmap Presentation Template

    Materials

    • Whiteboard
    • Roadmap template

    Participants

    • All stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst is shown.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1

    A screenshot of activity 4.1 is shown.

    Identify the pain points and initiatives to address them

    Identify items that the business can relate to and initiatives or actions to address them.

    4.2

    A screenshot of activity 4.2 is shown.

    Identify short- and long-term expectations for service management

    Communicate the benefits of executing the roadmap both short- and long-term gains.

    Research contributors and experts

    Photo of Valence Howden

    Valence Howden, Principal Research Director, CIO Practice

    Info-Tech Research Group

    Valence helps organizations be successful through optimizing how they govern, design, and execute strategies, and how they drive service excellence in all work. With 30 years of IT experience in the public and private sectors, he has developed experience in many information management and technology domains, with focus in service management, enterprise and IT governance, development and execution of strategy, risk management, metrics design and process design, and implementation and improvement.

    Photo of Graham Price

    Graham Price, Research Director, CIO Practice

    Info-Tech Research Group

    Graham has an extensive background in IT service management across various industries with over 25 years of experience. He was a principal consultant for 17 years, partnering with Fortune 500 clients throughout North America, leveraging and integrating industry best practices in IT service management, service catalog, business relationship management, IT strategy, governance, and Lean IT and Agile.

    Photo of Sharon Foltz

    Sharon Foltz, Senior Workshop Director

    Info-Tech Research Group

    Sharon is a Senior Workshop Director at Info-Tech Research Group. She focuses on bringing high value to members via leveraging Info-Tech’s blueprints and other resources enhanced with her breadth and depth of skills and expertise. Sharon has spent over 15 years in various IT roles in leading companies within the United States. She has strong experience in organizational change management, program and project management, service management, product management, team leadership, strategic planning, and CRM across various global organizations.

    Related Info-Tech Research

    Build a Roadmap for Service Management Agility

    Extend the Service Desk to the Enterprise

    Bibliography

    • “CIOs Emerge as Disruptive Innovators.” CSC Global CIO Survey: 2014-2015. Web.
    • “Digital Transformation: How Is Your Organization Adapting?” CIO.com, 2018. Web.
    • Goran, Julie, Laura LaBerge, and Ramesh Srinivasan. “Culture for a digital age.” McKinsey, July 2017. Web.
    • The Qualities of Leadership: Leading Change. Cornelius & Associates, 14 April 2012.
    • Wilkinson, Paul. “Culture, Ethics, and Behavior – Why Are We Still Struggling?” ITSM Tools, 5 July 2018. Web.

    Safety as a secondary consideration

    • Large vertical image:
    • member rating overall impact: Very High
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    This is a story that should make you perk up.

    I know of a department that was eager to launch their new product. The strain was severe. The board was breathing down their necks. Rivals were catching up (or so they thought).

    What did they do?

    "Let's get this thing live, prove the market wants it, then we'll circle back and handle all the security and stability backlog items." For the product owner, at the time, that seemed the right thing to do.

    They were hacked 48 hours after going live.

    Customer information was stolen. The brand's reputation suffered. The decision led to a months-long legal nightmare. And they still had to completely rebuild the system. Making stability and security bolt-on items is never a good idea.

    The true price of "fix it later"

    See, I understand. When the product owner is pressing for user experience enhancements and you're running out of time for launch, it's easy to overlook those "non-functional requirements." Yet, we should avoid blaming the product owner. The PO is under pressure from many stakeholders, and a delayed launch may also come with significant costs.

    Load balancing isn't visible to customers, after all. Penetration testing doesn't excite them. Failure mechanisms don't matter to them. This statement is true until a malfunction impacts a client. Then it suddenly becomes the most important thing in the world.

    However, I know that ignoring non-functional requirements (NFRs) can lead to failed businesses (or business lines). This elevates these issues beyond mere technical inconveniences. NFRs are designed with the client in mind.

    Look at it this way. When your system crashes during periods of high traffic, how does the user experience change? How satisfied are customers when their personal information is stolen? When it takes 30 seconds for your website to load, how does that conversion rate look?

    Let me expose you to some consultant figures. The average cost of IT outages is $5,600 per minute, according to a 2014 Gartner study. That figure can rise to $300,000 per hour for larger businesses. The reality is that in your department, you will rarely reach these numbers. When we look at current (2020-2025) and expected (2026) trends, the typical operational loss numbers in international commercial banking or insurance are closer to 100K for high-impact incidents that are handled within 2–3 hours.

    Obviously, your numbers will vary. And if you don't know what your costs are, now would be a good time to discover that. This does not imply that you should simply accept the risks associated with such situations. You must fix or mitigate such opportunities for hackers to get in. Do so at the appropriate cost for your business.

    Data breaches are a unique phenomenon. According to IBM's Cost of a Data Breach Report 2025, a data breach typically costs $4.44 million, and detecting and containing it takes an average of 241 days. Some preview data from the 2025 report include that 97% of organizations that reported on the study indicated that they lacked access controls for their AI systems. That means that many companies don't even have the basics in order. And AI-related breaches are just going to accelerate. AI security defenses will help lower the cost of such breaches.

    Despite the decreasing cost of these breaches, I anticipate an increase in their frequency in the upcoming years.

    This means that non-functional requirements in terms of security and resilience should take a more prominent place in the prioritizations. Your client depends on your systems being safe, resilient, and performant.

    The blind spot in leadership

    And yet, this is where some leaders make mistakes. I have the impression they believe that client-focused design means more functionality and elegant interfaces. They prioritize user experience enhancements over system reliability.

    I want to share a key fact that distinguishes successful businesses: customers desire more than just a good product. It must always function for them. And that means following certain procedures. They are not there to hamper you; they are there to retain customers.

    88% of online shoppers are less likely to visit a website again after a negative experience, according to research from Forrester. Amazon found that they lose 1% of sales for every 100 ms of latency. That 100 milliseconds adds up to millions of lost profits when billions of dollars are at stake.

    You run the risk of more than just technical difficulties when you deprioritize safety. Customer trust, revenue stability, competitive advantage, adherence to the law, costs, and team morale are all at stake.

    The "happy flow" trap is costing you revenue.

    Allow me to illustrate what I see happening during development cycles.

    The team tests the happy flow. The user successfully logs in. The user navigates with ease. The user makes the purchase without any problems. The user logs off without incident.

    "Excellent! Publish it!"

    However, what occurs if 1000 users attempt to log in at once? What occurs if an attempt is made to insert malicious code into your contact form? During a transaction, what happens if your database connection fails?

    These are not extreme situations. These are real-life occurrences.

    Fifty percent of data center managers and operators reported having an impactful outage in the previous three years, according to the Uptime Institute's 2025 Global Data Center Survey. Note that this is at the infra level. The biggest contributor is power outages. What role does power play in ensuring a smooth flow? Power will not always flow as you want it, so plan for lack of power and for spikes.

    With regard to software failures, the spread of possible causes widens. AI is a big contributor. AI is typically brought in to accelerate development and assist in coding. But it tends to introduce subtle bugs and vulnerabilities that a seasoned developer has to review and solve.

    Another upcoming article will discuss how faster release cycles often lead to a rush in testing. This should not be the case; by spending some time automating your (non-)regression test bank, you will gain speed. But you have to invest time in building the test suite.

    Can your system handle success? This question should keep every executive awake at night.

    I've witnessed businesses invest millions in advertising campaigns to drive traffic to systems that fail due to their success. Consider describing to your board how your greatest marketing victory became your worst operational mishap.

    Managing traffic spikes is only one aspect of load balancing. It is about ensuring that your business can handle opportunities without being overwhelmed.

    The mindset that transforms everything

    Let's now address the most pressing issue: security.

    The majority of leaders consider security to be like insurance, something you hope you never need. The fact that security is more than just protection, however, will alter the way you approach every project. It's approval to develop.

    According to the Ponemon Institute's 2025 Cost of Insider Threats Global Report, the average annualized cost of insider threats, defined as employee negligence, criminal insiders, and credential thieves, has risen to $17.4 million per incident, up from $15.4 million in 2022. The number of discovered and analyzed incidents increased from 3,269 in 2018 to 7,868 in 2025 research studies. 

    Cybersecurity Ventures predicts that cybercrime will cost the global economy $10.5 trillion annually by 2025.

    The most fascinating thing, though, is that companies that invest in proactive security see measurable outcomes. Organizations that allocate over 10% of their IT budget to cybersecurity have a 2.5-fold higher chance of experiencing no security incidents than those that allocate less than 1%, per Deloitte's Future of Cyber Survey.

    By hardening your systems against common attack vectors, you can scale quickly without worrying about the future. You can handle sensitive data with confidence, enter new markets without fear, establish partnerships that require trust, and focus on innovation instead of crisis management.

    The non-functional needs that genuinely generate income

    Allow me to explain this in a way that will satisfy your CFO.

    Retention is equal to reliability. Customers return when a system functions reliably (given you sell items they want). The Harvard Business Review claims that a 5% increase in customer retention rates boosts profits by 25% to 95%. It is five to twenty-five times less expensive to retain customers than to acquire new ones.

    Scalability is equal to security. Secure systems can handle larger client volumes, more sensitive data, and higher-value transactions. 69% of board members and C-suite executives think that privacy and cyber risks could affect their company's ability to grow, according to PwC.

    Profit is equal to performance. You lose conversions for every second of load time. Google discovered that the likelihood of a bounce rises by 32% as page load time increases from 1 to 3 seconds. It increases by 90% from 1 second to 5 seconds. Walmart discovered that every second improvement in page load time led to a 2% increase in conversions.

    Reputation is equal to resilience. Guess which company benefits when your system works while your competitors' systems fail? Failures reduce trust. 71% of consumers will actively advocate against companies they don't trust, and 67% of consumers will stop purchasing from them, according to Edelman's 2023 Trust Barometer. While the 2025 report does not present comparative numbers, distrust impacting consumer behavior is likely to be even more prevalent. 

    The structure that reverses the script

    Reframe this discussion with your executives and team

    • The question we should not ask is, "Can we afford to build this right?" but rather, "Can we afford not to?" This consideration is crucial because we risk losing customers at every obstacle they encounter. 
    • Non-functional requirements should be viewed as competitive advantages rather than obstructions. If it suddenly does not work, the customer walks away.
    • Consider viewing system reliability as a profit center instead of a cost center. When a customer knows it will work, they will order again and refer a friend.

    The numbers support this point. Businesses that invest in operational resilience see three times higher profit margins and 2.5 times higher revenue growth than their counterparts, according to McKinsey's 2023 State of Organizations report. In 2025 we see a focus on AI, but the point remains.

    These metrics will grab the attention when you're presenting them.

    Although the average cost of downtime varies by industry, it is always high. 

    The impact of a security breach on customer lifetime value is equally uncomfortable. Following a data breach, 78% of consumers will cease interacting with a brand online, and 36% will never do so again, according to Ping Identity's 2023 Consumer Identity Breach Report.

    Every second that the system is unavailable results in a rapidly mounting loss of money. That's about $3,170 per minute of full downtime for a business that makes $100 million a year. We're talking about $31,700 per minute for billion-dollar businesses. Again, your experience may differ, but it's important to note that this cost is often unseen yet undeniable. If you want to calculate this more granularly, then I have a calculation method for you that is easy to implement.

    There is a discernible trend in the cost of rebuilding versus building correctly the first time. Resolving a problem in production can cost four to five times as much as fixing it during design, and it can cost up to 100 times as much as fixing it during the requirements and design phase, according to IBM's Systems Sciences Institute.

    The plan of action that truly works

    This is what you should do right away.

    Please begin by reviewing your current primary systems. When they're under stress, what happens? What occurs if they are attacked? What occurs if they don't work? 40% of businesses that suffer a significant system failure never reopen, although only 23% of organizations have tested their disaster recovery plans in the previous year, according to Gartner. Companies we work with test their systems at least once per year. If the results are unsatisfactory, we conduct a retest to ensure they meet our standards.

    Next, please determine the actual cost of addressing issues at a later stage. Add in the costs of customer attrition, security breaches, downtime, and reconstruction. To lend credibility to your calculations, try to work out exact numbers for your company. Industry standards (like in this article) will give you indicators, but you need to know your figures.

    Third, recast your non-functional needs as business needs. Consider focusing on strategies for managing success rather than solely discussing load balancing. Instead of discussing security testing, focus on revenue protection.

    Fourth, consider safety when defining "done." Until a feature is dependable, secure, and scalable, it isn't considered complete. Projects that incorporate non-functional requirements from the outset have a threefold higher chance of success, per the Standish Group's 2023 Chaos Report.

    Fifth, use system dependability as a differentiator in the marketplace. You're up when your rivals are down. You're safe when they're compromised.

    The bottom line

    I understand that resilience isn't sexy. I am aware that UI enhancements are more exciting than infrastructure resilience.

    And yet, I know that businesses that prioritize safety will survive and lead after seeing others thrive and fail based on this one choice. Customers trust them. They are capable of scaling without breaking. Because they are confident that their systems can manage whatever comes next, they are the ones who get a good night's sleep.

    Resilient organizations are twice as likely to surpass customer satisfaction goals and are 2.5 times more likely to achieve revenue growth of 10% or more.

    Resilience represents the most significant competitive advantage. You have a choice. Just keep in mind that your clients are depending on you to do the job correctly.

    Always happy to engage in a conversation.

    Set a Strategic Course of Action for the PMO in 100 Days

    • Buy Link or Shortcode: {j2store}356|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $13,744 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Project Management Office
    • Parent Category Link: /project-management-office
    • As a new PMO director, you’ve been thrown into the middle of an unfamiliar organizational structure and a chaotic project environment.
    • The expectations are that the PMO will help improve project outcomes, but beyond that your mandate as PMO director is opaque.
    • You know that the statistics around PMO longevity aren’t good, with 50% of new PMOs closing within the first three years. As early in your tenure as possible, you need to make sure that your stakeholders understand the value that your role could provide to the organization with the right level of buy-in and support.
    • Whether you’re implementing a new PMO or taking over an already existing one, you need to quickly overcome these challenges by rapidly assessing your unfamiliar tactical environment, while at the same time demonstrating confidence and effective leadership to project staff, business stakeholders, and the executive layer.

    Our Advice

    Critical Insight

    • The first 100 days are critical. You have a window of influence where people are open to sharing insights and opinions because you were wise enough to seek them out. If you don’t reach out soon, people notice and assume you’re not wise enough to seek them out, or that you don’t think they are important enough to involve.
    • PMOs most commonly stumble when they shortsightedly provide project management solutions to what are, in fact, more complex, systemic challenges requiring a mix of project management, portfolio management, and organizational change management capabilities. If you fail to accurately diagnose pain points and needs in your first days, you could waste your tenure as PMO leader providing well-intentioned solutions to the wrong project problems.
    • You have diminishing value on your time before skepticism and doubt start to erode your influence. Use your first 100 days to define an appropriate mandate for your PMO, get the right people behind you, and establish buy-in for long-term PMO success.

    Impact and Result

    • Develop an action plan to help leverage your first 100 days on the job. Hit the ground running in your new role with an action plan to achieve realistic goals and milestones in your first 100 days. A results-driven first three months will help establish roots throughout the organization that will continue to feed and grow the PMO beyond your first year.
    • Get to know what you don’t know quickly. Use Info-Tech’s advice and tools to perform a triage of every aspect of PMO accountability as well as harvest stakeholder input to ensure that your PMO meets or exceeds expectations and establishes the right solutions to the organization’s project challenges.
    • Solidify the PMO’s long-term mission. Adopt our stakeholder engagement best practices to ensure that you knock on the right doors early in your tenure. Not only do you need to clarify expectations, but you will ultimately need buy-in from key stakeholders as you move to align the mandate, authority, and resourcing needed for long-term PMO success.

    Set a Strategic Course of Action for the PMO in 100 Days Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how capitalizing on your first 100 days as PMO leader can help ensure the long-term success of your PMO.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Survey the project landscape

    Get up-to-speed quickly on key PMO considerations by engaging PMO sponsors, assessing stakeholders, and taking stock of your PMO inventory.

    • Set a Strategic Course of Action for the PMO in 100 Days – Phase 1: Survey the Project Landscape
    • Mission Identification and Inventory Tool
    • PMO Director First 100 Days Timeline - MS Project
    • PMO Director First 100 Days Timeline - MS Excel

    2. Gather PMO requirements

    Make your first major initiative as PMO director be engaging the wider pool of PMO stakeholders throughout the organization to determine their expectations for your office.

    • Set a Strategic Course of Action for the PMO in 100 Days – Phase 2: Gather PMO Requirements
    • PMO Requirements Gathering Tool
    • PMO Course of Action Stakeholder Interview Guide

    3. Solidify your PPM goals

    Review the organization’s current PPM capabilities in order to identify your ability to meet stakeholder expectations and define a sustainable mandate.

    • Set a Strategic Course of Action for the PMO in 100 Days – Phase 3: Solidify Your PPM Goals
    • Project Portfolio Management Maturity Assessment Workbook
    • Project Management Maturity Assessment Workbook
    • Organizational Change Management Maturity Assessment Workbook
    • PMO Strategic Expectations Glossary

    4. Formalize the PMO’s mandate

    Communicate your strategic vision for the PMO and garner stakeholder buy-in.

    • Set a Strategic Course of Action for the PMO in 100 Days – Phase 4: Formalize the PMO's Mandate
    • PMO Mandate and Strategy Roadmap Template
    • PMO Director Peer Feedback Evaluation Template
    • PMO Director First 100 Days Self-Assessment Tool
    [infographic]

    Workshop: Set a Strategic Course of Action for the PMO in 100 Days

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Current Project Ecosystem

    The Purpose

    Quickly develop an on-the-ground view of the organization’s project ecosystem and the PMO’s abilities to effectively serve.

    Key Benefits Achieved

    A comprehensive and actionable understanding of the PMO’s tactical environment

    Activities

    1.1 Perform a PMO SWOT analysis.

    1.2 Assess the organization’s portfolio management, project management, and organizational change management capability levels.

    1.3 Take inventory of the PMO’s resourcing levels, project demand levels, and tools and artifacts.

    Outputs

    Overview of current strengths, weaknesses, opportunities, and threats

    Documentation of your current process maturity to execute key portfolio management, project management, and organizational change management functions

    Stock of the PMO’s current access to PPM personnel relative to total project demand

    2 Analyze PMO Stakeholders

    The Purpose

    Determine stakeholder expectations for the PMO.

    Key Benefits Achieved

    An accurate understanding of others’ expectations to help ensure the PMO’s course of action is responsive to organizational culture and strategy

    Activities

    2.1 Conduct a PMO Mission Identification Survey with key stakeholders.

    2.2 Map the PMO’s stakeholder network.

    2.3 Analyze key stakeholders for influence, interest, and support.

    Outputs

    An understanding of expected PMO outcomes

    A stakeholder map and list of key stakeholders

    A prioritized PMO requirements gathering elicitation plan

    3 Determine Strategic Expectations and Define the Tactical Plan

    The Purpose

    Develop a process and method to turn stakeholder requirements into a strategic vision for the PMO.

    Key Benefits Achieved

    A strategic course of action for the PMO that is responsive to stakeholders’ expectations.

    Activities

    3.1 Assess the PMO’s ability to support stakeholder expectations.

    3.2 Use Info-Tech’s PMO Strategic Expectations glossary to turn raw process and service requirements into specific strategic expectations.

    3.3 Define an actionable tactical plan for each of the strategic expectations in your mandate.

    Outputs

    An understanding of PMO capacity and limits

    A preliminary PMO mandate

    High-level statements of strategy to help support your mandate

    4 Formalize the PMO’s Mandate and Roadmap

    The Purpose

    Establish a final PMO mandate and a process to help garner stakeholder buy-in to the PMO’s long-term vision.

    Key Benefits Achieved

    A viable PMO course of action complete with stakeholder buy-i

    Activities

    4.1 Finalize the PMO implementation timeline.

    4.2 Finalize Info-Tech’s PMO Mandate and Strategy Roadmap Template.

    4.3 Present the PMO’s strategy to key stakeholders.

    Outputs

    A 3-to-5-year implementation timeline for key PMO process and staffing initiatives

    A ready-to-present strategy document

    Stakeholder buy-in to the PMO’s mandate

    Implement and Optimize Application Integration Governance

    • Buy Link or Shortcode: {j2store}361|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Enterprises begin integrating their applications without recognizing the need for a managed and documented governance model.
    • Application Integration (AI) is an inherently complex concept, involving the communication among multiple applications, groups, and even organizations; thus developing a governance model can be overwhelming.
    • The options for AI Governance are numerous and will vary depending on the size, type, and maturity of the organization, adding yet another layer of complexity.

    Our Advice

    Critical Insight

    • Governance is essential with integrated applications. If you are planning to integrate your applications, you should already be considering a governance model.
    • Proper governance requires oversight into chains of responsibility, policy, control mechanisms, measurement, and communication.
    • People and process are key. Technology options to aid in governance of integrated apps exist, but will not greatly contribute to the success of AI.

    Impact and Result

    • Assess your capabilities and determine which area of governance requires the most attention to achieve success in AI.
    • Form an Integration Center of Competency to oversee AI governance to ensure compliance and increase success.
    • Conduct ongoing training with your personnel to ensure up-to-date skills and end user understanding.
    • Frequently revisit your AI governance strategy to ensure alignment with business goals.

    Implement and Optimize Application Integration Governance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Implement and optimize Application Integration Governance

    Know where to start and where to focus your attention in the implementation of an AI governance strategy.

    • Storyboard: Implement and Optimize Application Integration Governance

    2. Assess the organization's capabilities in AI Governance

    Assess your current and target states in AI Governance.

    • Application Integration Governance Gap Analysis Tool

    3. Create an Integration Center of Competency

    Have a governing body to oversee AI Governance.

    • Integration Center of Competency Charter Template

    4. Establish AI Governance principles and guidelines

    Create a basis for the organization’s AI governance model.

    • Application Integration Policy and Principles Template

    5. Create an AI service catalog

    Keep record of services and interfaces to reduce waste.

    • Integration Service Catalog Template
    [infographic]

    Cybersecurity in Healthcare 2024

    Healthcare cybersecurity is a major concern for healthcare organizations and patients alike. In 2024, the healthcare industry faces several cybersecurity challenges, including the growing threat of ransomware, the increasing use of mobile devices in healthcare, and the need to comply with new regulations.

    Continue reading

    Craft a Customer-Driven Market Strategy With Unbiased Data

    • Buy Link or Shortcode: {j2store}611|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Market strategies are informed by gut feel and endless brainstorming instead of market data to take their product from concept to customer.
    • Hiring independent market research firms results in a lack of unbiased third-party data. Research firms tell vendors what they want to hear instead of offering an agnostic view of software trends.
    • Dissatisfied customers don’t tell you directly why they are leaving, so there is no feedback loop back into product improvements.
    • Often a market strategy is built after a product is developed to force the product’s fit in the market. The product marketing team has no say in the product vision or future improvements.

    Our Advice

    Critical Insight

    • Adopt the 5 P’s to building a winning market strategy: Proposition, Product, Pricing, Placement, and Promotion.
    • You can’t be everything to everyone. Testing your proposition in the market to see what sticks is a risky move. Promise future value using past successes by gaining a deeper understanding of which customers and submarkets truly align to your product.
    • Customers have learned to avoid shiny new objects but still expect rapid feature releases. Differentiating features require a closer look at the underpinning vendor capabilities. Having intentional feature releases requires a feedback loop into the product roadmap and increases influence by the product marketing team.
    • Price transparency and sensitivity should drive what you offer to customers. Negotiating solely on price is a race to the bottom.

    Impact and Result

    • Leverage this report to gain insights on the software selection process and what top vendors do best.
    • Gain a bird’s-eye view on customer purchasing behavior using over 40,000 data points on satisfaction and importance collected directly from the source.
    • Build a winning market strategy influenced by real customer data that drives vendor success.

    Craft a Customer-Driven Market Strategy With Unbiased Data Research & Tools

    Read the storyboard

    Read our storyboard to find out why you should leverage SoftwareReviews data to craft your market strategy, review Info-Tech’s methodology, and understand unbiased customer data on software purchasing triggers.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Craft a Customer-Driven Market Strategy With Unbiased Data Storyboard
    [infographic]

    Optimize the IT Operating Model

    • Buy Link or Shortcode: {j2store}392|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $89,374 Average $ Saved
    • member rating average days saved: 31 Average Days Saved
    • Parent Category Name: Organizational Design
    • Parent Category Link: /organizational-design
    • Organizations have to adapt to a growing number of trends, putting increased pressure on IT to move at the same speed as the business.
    • The business, seeing that IT is slower to react, looks to external solutions to address its challenges and capitalize on opportunities.
    • IT and business leaders don’t have a clear and unified understanding or definition of an operating model.

    Our Advice

    Critical Insight

    • The IT operating model is not a static entity and should evolve according to changing business needs.
    • However, business needs are diverse, and the IT organization must recognize that the business includes groups that consume technology in different patterns. The IT operating model needs to support and enable multiple groups, while continuously adapting to changing business conditions.

    Impact and Result

    • Determine how each technology consumer group interacts with IT. Use consumer experience maps to determine what kind of services consumer groups use and if there are opportunities to improve the delivery of those services.
    • Identify how changing business conditions will affect the consumption of technology services. Classify your consumers based on business uncertainty and reliance on IT to plan for the future delivery of services.
    • Optimize the IT operating model. Create a target IT operating model based on the gathered information about technology service consumers. Select different implementations of common operating model elements: governance, sourcing, process, and structure.

    Optimize the IT Operating Model Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how implementing an IT operating model based on the needs of technology service consumers will improve the delivery of IT services and alignment with IT and business strategy.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Construct the IT services consumer experience maps

    Assess the current situation by identifying technology service consumers in the organization, their interfaces with IT, the level of service they require, and their sentiment toward IT.

    • Optimize the IT Operating Model – Phase 1: Construct the IT Services Consumer Experience Maps
    • Consumer Experience Map and Profiles

    2. Classify IT service consumers based on business needs

    Categorize the technology consumer groups into four business profiles based on their characteristics to identify implications based on technology consumption patterns for the target IT operating model.

    • Optimize the IT Operating Model – Phase 2: Classify IT Service Consumers Based on Business Needs

    3. Determine the target IT operating model

    Select implementation models for the four core elements of the IT operating model and optimize governance, sourcing, process, and organizational structure to create the target IT operating model.

    • Optimize the IT Operating Model – Phase 3: Determine the Target IT Operating Model
    • Target IT Operating Model

    4. Create a roadmap to develop the target IT operating model

    Create, assess, and prioritize initiatives to reach the target IT operating model. Construct a roadmap to show initiative execution.

    • Optimize the IT Operating Model – Phase 4: Create a Roadmap to Develop the Target IT Operating Model
    • IT Operating Model Roadmap
    [infographic]

    Workshop: Optimize the IT Operating Model

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Organizational Strategy and Technology Consumer Groups

    The Purpose

    Identify the IT and business strategies, so that the target IT operating model can be constructed to support them.

    Key Benefits Achieved

    Identify the implications for the IT operating model and understand how to optimally construct it.

    Create consumer groups for consumer experience mapping and consumer profile classification.

    Activities

    1.1 Review business and IT strategies.

    1.2 Identify implications for the IT operating model.

    1.3 Identify internal technology consumer groups.

    1.4 Identify external technology consumer groups.

    Outputs

    Implications for the IT operating model

    List of internal and external technology service consumer groups

    2 Map the Consumer Experience and Identify Consumption Patterns (Consumer Group 1)

    The Purpose

    Identify the interfaces with IT for the consumer group, its level of technology service requirement, its sentiment toward IT, and its needs from IT.

    Key Benefits Achieved

    Consumer group needs from IT and feelings toward IT are identified.

    Activities

    2.1 Identify interview candidates for the consumer groups.

    2.2 Complete consumer group questionnaire.

    2.3 Complete consumer experience map.

    2.4 Classify the consumer group into a business profile.

    Outputs

    Consumer experience map for first group

    Business profile classification

    3 Map the Consumer Experience and Identify Consumption Patterns (Consumer Group 2)

    The Purpose

    Continue mapping the experience of consumer groups and classify them into profiles based on their needs to draw implications for the target IT operating model.

    Key Benefits Achieved

    Consumption patterns from the consumer groups are defined and implications for the target IT operating model are drawn.

    Activities

    3.1 Continue interviews for consumer groups.

    3.2 Complete consumer experience map.

    3.3 Classify the consumer group into a business profile.

    3.4 Aggregate the consumption patterns for the business profile and document implications.

    Outputs

    Consumer experience map for second group

    Business profile classification

    Aggregated consumption patterns

    Implications for consumption patterns

    4 Create the Target IT Operating Model

    The Purpose

    Map the target operating model to show how each element of the IT operating model supports the delivery of IT services to the consumer groups.

    Key Benefits Achieved

    Identify whether the current IT operating model is optimally supporting the delivery of IT services to consumer groups from the four core IT operating model elements.

    Activities

    4.1 Determine the approach to IT governance.

    4.2 Select the optimal mix of sourcing models.

    4.3 Customize the approach to process implementation.

    4.4 Identify the target organizational structure.

    Outputs

    Target IT operating model

    5 Build a Roadmap and Create Initiatives to Reach the Target

    The Purpose

    Create initiatives and communicate them with a roadmap to show how the organization will arrive at the target IT operating model.

    Key Benefits Achieved

    The steps to reach the IT operating model are created, assessed, and prioritized.

    Steps are ordered for presentation.

    Activities

    5.1 Identify initiatives to reach the target IT operating model.

    5.2 Create initiative profiles to assess initiative quality.

    5.3 Prioritize initiatives based on business conditions.

    5.4 Create a roadmap to communicate initiative execution.

    Outputs

    Initiative profiles

    Sunshine diagram

    Define and Deploy an Enterprise PMO

    • Buy Link or Shortcode: {j2store}189|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $471,249 Average $ Saved
    • member rating average days saved: 53 Average Days Saved
    • Parent Category Name: Project Management Office
    • Parent Category Link: /project-management-office
    • As an enterprise PMO leader, you need to evolve your PMO framework beyond an IT-centric model of project portfolio management (PPM) to optimize communication and coordination on enterprise-wide initiatives.
    • While senior leaders are demanding greater uniformity in strategic project execution, individual departments currently operate—to the detriment of the organization—as sovereign silos.
    • You know that the answer is a more strategically aligned enterprise PMO framework, but you’re unsure of how to start building the case for one, especially when the majority of upper management view PMOs as support entities rather than strategic partners.

    Our Advice

    Critical Insight

    • An EPMO can’t simply be imposed on an organization. If it is not backed by an executive sponsor, then there needs to be an identifiable business value in implementing one, and you need to communicate this value to stakeholders throughout the enterprise.
    • EPMOs add value not by enforcing project or program governance, but by helping organizations achieve strategic goals and manage change.
    • EPMOs enable organizations to succeed on enterprise-wide initiatives by connecting the individual parts to the whole. They should serve as the coordinating mechanism that ensures the flow of information and resources across departments and programs.

    Impact and Result

    • Find the right balance between a command and control approach that dictates governance standards versus an approach that gives business units flexibility to manage projects, programs, and portfolios the way they see fit, as long as they meet certain reporting, process, and record keeping requirements.
    • Effectively define the EPMO’s role, reach, and authority in terms of Portfolio Governance, Project Leadership, and PPM Administration. An organizationally appropriate mix of these three practices will not only ensure stakeholder buy-in, but it will help foster the right conditions for EPMO success.
    • Build strong cross-departmental relationships upon soft or informal grounds by positioning your EPMO as your organization’s portfolio network, i.e. an enterprise hub that facilitates the flow of reliable information and enables timely responsiveness to change.

    Define and Deploy an Enterprise PMO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how implementing an EPMO could help your organization achieve business goals, review Info-Tech’s methodology, and discover the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gather requirements

    Evaluate executive stakeholder needs and assess your current capabilities to ensure your implementation strategy sets realistic expectations.

    • Define and Deploy an Enterprise PMO – Phase 1: Gather Requirements
    • EPMO Capabilities Survey

    2. Define the plan

    Define an organizationally appropriate scope and mandate for your EPMO to ensure that your processes serve the needs of the whole.

    • Define and Deploy an Enterprise PMO – Phase 2: Define the Plan
    • EPMO Charter Template
    • EPMO Communication Planning Template

    3. Implement the plan

    Establish clearly defined and easy-to-follow EPMO processes that minimize project complexity and improve enterprise project results.

    • Define and Deploy an Enterprise PMO – Phase 3: Implement the Plan
    • EPMO Process Guide and SOP Template
    • EPMO Communications Template
    [infographic]

    Workshop: Define and Deploy an Enterprise PMO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Gather Requirements

    The Purpose

    Identify breakdowns in the flow of portfolio data across the enterprise to pinpoint where and how an EPMO can best intervene.

    Assess areas of strength and opportunity in your PPM capabilities to help structure and drive the EPMO.

    Define stakeholder needs and expectations for the EPMO in order to cultivate capabilities and services that help drive informed and engaged project decisions at the executive level.

    Key Benefits Achieved

    A current state picture of the triggers that are driving the need for an EPMO at your organization.

    A current state understanding of the strengths you bring to the table in constructing an EPMO as well as the areas you need to focus on in building up your capabilities.

    A target state set by stakeholder requirements and expectations, which will enable you to build out an implementation strategy that is aligned with the needs of the executive layer.

    Activities

    1.1 Map current enterprise PPM workflows.

    1.2 Conduct a SWOT analysis.

    1.3 Identify resourcing considerations and other implementation factors.

    1.4 Survey stakeholders to establish the right mix of EPMO capabilities.

    Outputs

    An overview of the flow of portfolio data and information across the organization

    An overview of current strengths, weaknesses, opportunities, and threats

    A preliminary assessment of internal and external factors that could impact the success of this implementation

    The ability to construct a project plan that is aligned with stakeholder needs and expectations

    2 Define the Plan

    The Purpose

    Define an appropriate scope for the EPMO and the deployment it services.

    Devise a plan for engaging and including the appropriate stakeholders during the implementation phase.

    Key Benefits Achieved

    A clear purview for the EPMO in relation to the wider enterprise in order to establish appropriate expectations for the EPMO’s services throughout the organization.

    Engaged stakeholders who understand that they have a stake in the successful implementation of the EPMO.

    Activities

    2.1 Prepare your EPMO value proposition.

    2.2 Define the role and organizational reach of your EPPM capabilities.

    2.3 Establish a communication plan to create stakeholder awareness.

    Outputs

    A clear statement of purpose and benefit that can be used to help build the case for an EPMO with stakeholders

    A functional charter defining the scope of the EPMO and providing a statement of the services the EPMO will provide once established

    An engaged executive layer that understands the value of the EPMO and helps drive its success

    3 Implement the Plan

    The Purpose

    Establish clearly defined and easy-to-follow EPMO processes that minimize project complexity.

    Develop portfolio and project governance structures that feed the EPMO with the data decision makers require without overloading enterprise project teams with processes they can’t support.

    Devise a communications strategy that helps achieve organizational buy-in.

    Key Benefits Achieved

    The reduction of project chaos and confusion throughout the organization.

    Processes and governance requirements that work for both decision makers and project teams.

    Organizational understanding of the universal benefit of the EPMO’s processes to stakeholders throughout the enterprise. 

    Activities

    3.1 Establish EPMO roles and responsibilities.

    3.2 Document standard procedures around enterprise portfolio reporting, PPM administration, and project leadership.

    3.3 Review enterprise PPM solutions.

    3.4 Develop a stakeholder engagement and resistance plan.

    Outputs

    Clear lines of portfolio accountability

    A fully actionable EPMO Standard Operating Procedure document that will enable process clarity

    An informed understanding of the right PPM solution for your enterprise processes

    A communications strategy document to help communicate the organizational benefits of the EPMO

    Build a Data Integration Strategy

    • Buy Link or Shortcode: {j2store}125|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $11,677 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • As organizations process more information at faster rates, there is increased pressure for faster and more efficient data integration.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.

    Our Advice

    Critical Insight

    • Every IT project requires data integration. Regardless of the current problem and the solution being implemented, any change in the application and database ecosystem requires you to solve a data integration problem.
    • Data integration problem solving needs to start with business activity. After understanding the business activity, move to application and system integration to drive the optimal data integration activities.
    • Data integration improvement needs to be backed by solid requirements that depend on the use case. Info-Tech’s use cases will help you identify your organization’s requirements and integration architecture for its ideal data integration solution.

    Impact and Result

    • Create a data integration solution that supports the flow of data through the organization and meets the organization’s requirements for data latency, availability, and relevancy.
    • Build your data integration practice with a firm foundation in governance and reference architecture; use best-fit reference architecture patterns and the related technology and resources to ensure that your process is scalable and sustainable.
    • The business’ uses of data are constantly changing and evolving, and as a result, the integration processes that ensure data availability must be frequently reviewed and repositioned in order to continue to grow with the business.

    Build a Data Integration Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should improve its data integration, review Info-Tech’s methodology, and understand how we can help you create a loosely coupled integration architecture.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Collect integration requirements

    Identify data integration pains and needs and use them to collect effective business requirements for the integration solution.

    • Break Down Data Silos With a Data-Centric Integration Strategy – Phase 1: Collect Integration Requirements
    • Data Integration Requirements Gathering Tool

    2. Analyze integration requirements

    Determine technical requirements for the integration solution based on the business requirement inputs.

    • Break Down Data Silos With a Data-Centric Integration Strategy – Phase 2: Analyze Integration Requirements
    • Data Integration Trends Presentation
    • Data Integration Pattern Selection Tool

    3. Design the data-centric integration solution

    Determine your need for a data integration proof of concept, and then design the data model for your integration solution.

    • Break Down Data Silos With a Data-Centric Integration Strategy – Phase 3: Design the Data-Centric Integration Solution
    • Data Integration POC Template
    • Data Integration Mapping Tool
    [infographic]

    Workshop: Build a Data Integration Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Collect Integration Requirements

    The Purpose

    Explain approach and value proposition.

    Review the common business drivers and how the organization is driving a need to optimize data integration.

    Understand Info-Tech’s approach to data integration.

    Key Benefits Achieved

    Current integration architecture is understood.

    Priorities for tactical initiatives in the data architecture practice related to integration are identified.

    Target state for data integration is defined.

    Activities

    1.1 Discuss the current data integration environment and the pains that are felt by the business and IT.

    1.2 Determine what the problem statement and business case look like to kick-start a data integration improvement initiative.

    1.3 Understand data integration requirements from the business.

    Outputs

    Data Integration Requirements Gathering Tool

    2 Analyze Integration Requirements

    The Purpose

    Understand what the business requires from the integration solution.

    Identify the common technical requirements and how they relate to business requirements.

    Review the trends in data integration to take advantage of new technologies.

    Brainstorm how the data integration trends can fit within your environment.

    Key Benefits Achieved

    Business-aligned requirements gathered for the integration solution.

    Activities

    2.1 Understand what the business requires from the integration solution.

    2.2 Identify the common technical requirements and how they relate to business requirements.

    Outputs

    Data Integration Requirements Gathering Tool

    Data Integration Trends Presentation

    3 Design the Data-Centric Integration Solution

    The Purpose

    Learn about the various integration patterns that support organizations’ data integration architecture.

    Determine the pattern that best fits within your environment.

    Key Benefits Achieved

    Improvement initiatives are defined.

    Improvement initiatives are evaluated and prioritized to develop an improvement strategy.

    A roadmap is defined to depict when and how to tackle the improvement initiatives.

    Activities

    3.1 Learn about the various integration patterns that support organizations’ data integration architecture.

    3.2 Determine the pattern that best fits within your environment.

    Outputs

    Integration Reference Architecture Patterns

    Data Integration POC Template

    Data Integration Mapping Tool

    Further reading

    Build a Data Integration Strategy

    Integrate your data or disintegrate your business.

    ANALYST PERSPECTIVE

    Integrate your data or disintegrate your business.

    "Point-to-point integration is an evil that builds up overtime due to ongoing business changes and a lack of integration strategy. At the same time most businesses are demanding consistent, timely, and high-quality data to fuel business processes and decision making.

    A good recipe for successful data integration is to discover the common data elements to share across the business by establishing an integration platform and a canonical data model.

    Place yourself in one of our use cases and see how you fit into a common framework to simplify your problem and build a data-centric integration environment to eliminate your data silos."

    Rajesh Parab, Director, Research & Advisory Services

    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • Data engineers feeling the pains of poor integration from inaccuracies and inefficiencies during the data integration lifecycle.
    • Business analysts communicating the need for improved integration of data.
    • Data architects looking to design and facilitate improvements in the holistic data environment.
    • Data architects putting high-level architectural design changes into action.

    This Research Will Also Assist:

    • CIOs concerned with the costs, benefits, and the overall structure of their organization’s data flow.
    • Enterprise architects trying to understand how improved integration will affect overall organizational architecture.

    This Research Will Help You:

    • Understand what integration is, and how it fits into your organization.
    • Identify opportunities for leveraging improved integration for data-driven insights.
    • Design a loosely coupled integration architecture that is flexible to changing needs.
    • Determine the needs of the business for integration and design solutions for the gaps that fit the requirements.

    This Research Will Help Them:

    • Get a handle on the current data situation and how data interacts within the organization.
    • Understand how data architecture affects operations within the enterprise.

    Executive summary

    Situation

    • As organizations process more information at faster rates, there is increased pressure for faster and more efficient data integration.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.

    Complication

    • Investments in integration can be a tough sell for the business, and it is difficult to get support for integration as a standalone project.
    • Evolving business models and uses of data are growing rapidly at rates that often exceed the investment in data management and integration tools. As a result, there is often a gap between data availability and the business’ latency demands.

    Resolution

    • Create a data-centric integration solution that supports the flow of data through the organization and meets the organization’s requirements for data accuracy, relevance, availability, and timeliness.
    • Build your data-centric integration practice with a firm foundation in governance and reference architecture; use best-fit reference architecture patterns and the related technology and resources to ensure that your process is scalable and sustainable.
    • The business’ uses of data are constantly changing and evolving, and as a result the integration processes that ensure data availability must be frequently reviewed and repositioned to continue to grow with the business.

    Info-Tech Insight

    1. Every IT project requires data integration.Any change in the application and database ecosystem requires you to solve a data integration problem.
    2. Integration problem solving needs to start with business activity. After understanding the business activity, move to application and system integration to drive optimal data integration activities.
    3. Integration initiatives need to be backed by requirements that depend on use cases. Info-Tech’s use cases will help identify organizational requirements and the ideal data-centric integration solution.

    Your data is the foundation of your organization’s knowledge and ability to make decisions

    Integrate the Data, Not the Applications

    Data is one of the most important assets in a modern organization. Contained within an organization’s data are the customers, the products, and the operational details that make an organization function. Every organization has data, and this data might serve the needs of the business today.

    However, the only constant in the world is change. Changes in addresses, amounts, product details, partners, and more occur at a rapid rate. If your data is isolated, it will quickly become stale. Getting up-to-date data to the right place at the right time is where data-centric integration comes in.

    "Data is the new oil." – Clive Humby, Chief Data Scientist Source: Medium, 2016

    The image shows two graphics. The top shows two sets of circles with an arrow pointing to the right between them: on the left, there is a large centre circle with the word APP in it, and smaller circles surrounding it that read DATA. On the right, the large circle reads DATA, and the smaller circles, APP. On the lower graphic, there are also two sets of circles, with an arrow pointing to the right between them. This time, the largest circle envelopes the smaller circles. The circle on the right has a larger circle in the centre that reads Apple Watch Heart Monitoring App, and smaller circles around it labelled with types of data. The circle on the right contains a larger circle in the centre that reads Heart Data, and the smaller circles are labelled with types of apps.

    Organizations are having trouble keeping up with the rapid increases in data growth and complexity

    To keep up with increasing business demands and profitability targets and decreasing cost targets, organizations are processing and exchanging more data than ever before.

    To get more value from their information, organizations are relying on more and more complex data sources. These diverse data sources have to be properly integrated to unlock the full potential of your data:

    The most difficult integration problems are caused by semantic heterogeneity (Database Research Technology Group, n.d.).

    80% of business decisions are made using unstructured data (Concept Searching, 2015).

    85% of businesses are struggling to implement the correct integration solution to accurately interpret their data (KPMG, 2014).

    Break Down Your Silos

    Integrating large volumes of data from the many varied sources in an organization has incredible potential to yield insights, but many organizations struggle with creating the right structure for that blending to take place, and data silos form.

    Data-centric integration capabilities can break down organizational silos. Once data silos are removed and all the information that is relevant to a given problem is available, problems with operational and transactional efficiencies can be solved, and value from business intelligence (BI) and analytics can be fully realized.

    Data-centric integration is the solution you need to bring data together to break down data silos

    On one hand…

    Data has massive potential to bring insight to an organization when combined and analyzed in creative ways.

    On the other hand…

    It is difficult to bring data together from different sources to generate insights and prevent stale data.

    How can these two ideas be reconciled?

    Answer: Info-Tech’s Data Integration Onion Framework summarizes an organization’s data environment at a conceptual level, and is used to design a common data-centric integration environment.

    Info-Tech’s Data Integration Onion Framework

    The image shows Info Tech's Data Integration Onion Framework. It is a circular graphic, with a series on concentric rings, each representing a category and containing specific examples of items within those categories.

    Poor integration will lead to problems felt by the business and IT

    The following are pains reported by the business due to poor integration:

    59% Of managers said they experience missing data every day due to poor distribution results in data sets that are valuable to their central work functions. (Experian, 2016)

    42% Reported accidentally using the wrong information, at least once a week. (Computerworld, 2017)

    37% Of the 85% of companies trying to be more data driven, only 37% achieved their goal. (Information Age, 2019)

    "I never guess. It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts." – Sir Arthur Conan Doyle, Sherlock Holmes

    Poor integration can make IT less efficient as well:

    90% Of all company generated data is “dark.” Getting value out of dark data is not difficult or costly. (Deloitte Insights, 2017)

    5% As data sits in a database, up to 5% of customer data changes per month. (Data.com, 2016)

    "Most traditional machine learning techniques are not inherently efficient or scalable enough to handle the data. Machine learning needs to reinvent itself for big data processing primarily in pre-processing of data." – J. Qiu et al., ‎2016

    Understand the common challenges of integration to avoid the pains

    There are three types of challenges that organizations face when integrating data:

    1. Disconnect from the business

    Poor understanding of the integration problem and requirements lead to integrations being built that are not effective for quality data.

    50% of project rework is attributable to problems with requirements. (Info-Tech Research Group)

    45% of IT professionals admit to being “fuzzy” about the details of a project’s business objectives. (Blueprint Software Systems Inc., 2012)

    2. Lack of strategy

    90% Of organizations will lack an integration strategy through to 2018. (Virtual Logistics, 2017)

    Integrating data without a long-term plan is a recipe for point-to-point integration spaghettification:

    The image shows two columns of rectangles, each with the word Application Services. Between them are arrows, matching boxes in one column to the other. The lines of the arrows are curvy.

    3. Data complexity

    Data architects and other data professionals are increasingly expected to be able to connect data using whatever interface is provided, at any volume, and in any format – all without affecting the quality of the data.

    36% Of developers report problems integrating data due to different standards interpretations. (DZone, 2015)

    These challenges lead to organizations building a data architecture and integration environment that is tightly coupled.

    A loose coupling integration strategy helps mitigate the challenges and realize the benefits of well-connected data

    Loose Coupling

    Most organizations don’t have the foresight to design their architecture correctly the first time. In a perfect world, organizations would design their application and data architecture to be scalable, modular, and format-neutral – like building blocks.

    Benefits of a loosely coupled architecture:

    • Increased ability to support business needs by adapting easily to changes.
    • Added ability to incorporate new vendors and new technology due to increased flexibility.
    • Potential for automated, real-time integration.
    • Elimination of re-keying/manual entry of data.
    • Federation of data.

    Vs. Tight Coupling

    However, this is rarely the case. Most architectures are more like a brick wall – permanent, hard to add to and subtract from, and susceptible to weathering.

    Problems with a tightly coupled architecture:

    • Delays in combining data for analysis.
    • Manual/Suboptimal DI in the face of changing business needs.
    • Lack of federation.
    • Lack of flexibility.
    • Fragility of integrated platforms.
    • Limited ability to explore new functionalities.

    Generative AI: Market Primer

    • Buy Link or Shortcode: {j2store}349|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Much of the organization remains in the dark for understanding what Gen AI is, complicated by ambiguous branding from vendors claiming to provide Gen AI solutions.
    • Searching the market for a Gen AI platform is nearly impossible, owing to the sheer number of vendors.
    • The evaluative criteria for selecting a Gen AI platform are unclear.

    Our Advice

    Critical Insight

    • You cannot rush Gen AI selection and implementation. Organizations with (1) FTEs devoted to making Gen AI work (including developers and business intelligence analysts), (2) trustworthy and regularly updated data, and (3) AI governance are just now reaching PoC testing.
    • Gen AI is not a software category – it is an umbrella concept. Gen AI platforms will be built on different foundational models, be trained in different ways, and provide varying modalities. Do not expect Gen AI platforms to be compared against the same parameters in a vendor quadrant.
    • Bad data is the tip of the iceberg for Gen AI risks. While Gen AI success will be heavily reliant on the quality of data it is fine-tuned on, there are independent risks organizations must prepare for, from Gen AI hallucinations and output reliability to infrastructure feasibility and handling high-volume events.
    • Prepare for ongoing instability in the Gen AI market. If your organization is unsure about where to start with Gen AI, the secure route is to examine what your enterprise providers are offering. Use this as a learning platform to confidently navigate which specialized Gen AI provider will be viable for meeting your use cases.

    Impact and Result

    • Consensus on Gen AI scope and key Gen AI capabilities
    • Identification of your readiness to leverage Gen AI applications
    • Agreement on Gen AI evaluative criteria
    • Knowledge of vendor viability

    Generative AI: Market Primer Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Generative AI: Market Primer – Contextualize the marketspace and prepare for generative AI selection.

    Use Info-Tech’s best practices for setting out a selection roadmap and evaluative criteria for narrowing down vendors – both enterprise and specialized providers.

    • Generative AI: Market Primer Storyboard
    • Data Governance Policy
    • AI Governance Storyboard
    • AI Architecture Assessment and Project Planning Tool
    • AI Architecture Assessment and Project Planning Tool – Sample
    • AI Architecture Templates
    [infographic]

    Further reading

    Generative AI: Market Primer

    Cut through Gen AI buzzwords to achieve market clarity.

    Analyst Perspective

    The generative AI (Gen AI) marketspace is complex, nascent, and unstable.

    Organizations need to get clear on what Gen AI is, its infrastructural components, and the governance required for successful platform selection.

    Thomas Randall

    The urge to be fast-moving to leverage the potential benefits of Gen AI is understandable. There are plenty of opportunities for Gen AI to enrich an organization’s use cases – from commercial to R&D to entertainment. However, there are requisites an organization needs to get right before Gen AI can be effectively applied. Part of this is ensuring data and AI governance is well established and mature within the organization. The other part is contextualizing Gen AI to know what components of this market the organization needs to invest in.

    Owing to its popularity surge, OpenAI’s ChatGPT has become near synonymous with Gen AI. However, Gen AI is an umbrella concept that encompasses a variety of infrastructural architecture. Organizations need to ask themselves probing questions if they are looking to work with OpenAI: Does ChatGPT rest on the right foundational model for us? Does ChatGPT offer the right modalities to support our organization’s use cases? How much fine-tuning and prompt engineering will we need to perform? Do we require investment in on-premises infrastructure to support significant data processing and high-volume events? And do we require FTEs to enable all this infrastructure?

    Use this market primer to quickly get up to speed on the elements your organization might need to make the most of Gen AI.

    Thomas Randall

    Advisory Director, Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Much of the organization remains in the dark for understanding what Gen AI is, complicated by ambiguous branding from vendors claiming to provide Gen AI solutions.
    • Searching the market for a Gen AI platform is near impossible, owing to the sheer number of vendors.
    • The evaluative criteria for selecting a Gen AI platform is unclear.

    Common Obstacles

    • Data governance is immature within the organization. There is no source of truth or regularly updated organizational process assets.
    • AI functionality is not well understood within the organization; there is little AI governance for monitoring and controlling its use.
    • The extent of effort and resources required to make Gen AI a success remains murky.

    Info-Tech's Solution

    This market primer for Gen AI will help you:

    1. Contextualize the Gen AI market: Learn what components of Gen AI an organization should consider to make Gen AI a success.
    2. Prepare for Gen AI selection: Use Info-Tech’s best practices for setting out a selection roadmap and evaluative criteria for narrowing down vendors – both enterprise and specialized providers.

    “We are entering the era of generative AI.
    This is a unique time in our history where the benefits of AI are easily accessible and becoming pervasive with co-pilots emerging in the major business tools we use today. The disruptive capabilities that can potentially drive dramatic benefits also introduces risks that need to be planned for.”

    Bill Wong, Principal Research Director – Data and BI, Info-Tech Research Group

    Who benefits from this project?

    This research is designed for:

    • Senior IT, developers, data staff, and project managers who:
      • Have received a mandate from their executives to begin researching the Gen AI market.
      • Need to quickly get up to speed on the state of the Gen AI market, given no deep prior knowledge of the space.
      • Require an overview of the different components to Gen AI to contextualize how vendor comparisons and selections can be made.
      • Want to gain an understanding of key trends, risks, and evaluative criteria to consider in their selection process.

    This research will help you:

    • Articulate the potential business value of Gen AI to your organization.
    • Establish which high-value use cases could be enriched by Gen AI functionality.
    • Assess vendor viability for enterprise and specialized software providers in the Gen AI marketspace.
    • Collect information on the prerequisites for implementing Gen AI functionality.
    • Develop relevant evaluative criteria to assist differentiating between shortlisted contenders.

    This research will also assist:

    • Executives, business analysts, and procurement teams who are stakeholders in:
      • Contextualizing the landscape for learning opportunities.
      • Gathering and documenting requirements.
      • Building deliverables for software selection projects.
      • Managing vendors, especially managing the relationships with incumbent enterprise software providers.

    This research will help you:

    • Identify examples of how Gen AI applications could be leveraged for your organization’s core use cases.
    • Verify the extent of Gen AI functionality an incumbent enterprise provider has.
    • Validate accuracy of Gen AI language and architecture referenced in project deliverables.

    Insight Summary

    You cannot speedrun Gen AI selection and implementation.

    Organizations with (1) FTEs devoted to making Gen AI work (including developers and business intelligence analysts), (2) trustworthy and regularly updated data, and (3) AI governance are just now reaching PoC testing.

    Gen AI is not a software category – it is an umbrella concept.

    Gen AI platforms will be built on different foundational models, be trained in different ways, and provide varying modalities. Do not expect to compare Gen AI platforms to the same parameters in a vendor quadrant.

    Bad data is the tip of the iceberg for Gen AI risks.

    While Gen AI success will be heavily reliant on the quality of data it is fine-tuned on, there are independent risks organizations must prepare for: from Gen AI hallucinations and output reliability to infrastructure feasibility to handle high-volume events.

    Gen AI use may require changes to sales incentives.

    If you plan to use Gen AI in a commercial setting, review your sales team’s KPIs. They are rewarded for sales velocity; if they are the human-in-the-loop to check for hallucinations, you must change incentives to ensure quality management.

    Prepare for ongoing instability in the Gen AI market.

    If your organization is unsure about where to start with Gen AI, the secure route is to examine what your enterprise providers are offering. Use this as a learning platform to confidently navigate which specialized Gen AI provider will be viable for meeting your use cases.

    Brace for a potential return of on-premises infrastructure to power Gen AI.

    The market trend has been for organizations to move to cloud-based products. Yet, for Gen AI, effective data processing and fine-tuning may call for organizations to invest in on-premises infrastructure (such as more GPUs) to enable their Gen AI to function effectively.

    Info-Tech’s methodology for understanding the Gen AI marketspace

    Phase Steps

    1. Contextualize the Gen AI marketplace

    1. Define Gen AI and its components.
    2. Explore Gen AI trends.
    3. Begin deriving Gen AI initiatives that align with business capabilities.

    2. Prepare for and understand Gen AI platform offerings

    1. Review Gen AI selection best practices and requisites for effective procurement.
    2. Determine evaluative criteria for Gen AI solutions.
    3. Explore Gen AI offerings with enterprise and specialized providers.
    Phase Outcomes
    1. Achieve consensus on Gen AI scope and key Gen AI capabilities.
    2. Identify your readiness to leverage Gen AI applications.
    3. Hand off to Build Your Generative AI Roadmap to complete pre-requisites for selection.
    1. Determine whether deeper data and AI governance is required; if so, hand off to Create an Architecture for AI.
    2. Gain consensus on Gen AI evaluative criteria.
    3. Understand vendor viability.

    Guided Implementation

    Phase 1

    Phase 2
    • Call #1: Discover if Gen AI is right for your organization. Understand what a Gen AI platform is and discover the art of the possible.
    • Call #2: To take advantage of Gen AI, perform a business capabilities analysis to begin deriving Gen AI initiatives.
    • Call #3: Explore whether Gen AI initiatives can be achieved either with incumbent enterprise players or via procurement of specialized solutions.
    • Call #4: Evaluate vendors and perform final due diligence.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    The Gen AI market evaluation process should be broken into segments:

    1. Gen AI market education with this primer
    2. Structured approach to selection
    3. Evaluation and final due diligence

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful"

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Software selection engagement

    Five advisory calls over a five-week period to accelerate your selection process

    • Receive expert analyst guidance over five weeks (on average) to select and negotiate software.
    • Save money, align stakeholders, speed up the process, and make better decisions.
    • Use a repeatable, formal methodology to improve your application selection process.
    • Get better, faster results guaranteed, included in membership.
    Software selection process timeline. Week 1: Awareness - 1 hour call, Week 2: Education & Discovery - 1 hour call, Week 3: Evaluation - 1 hour call, Week 4: Selection - 1 hour call, Week 5: Negotiation & Configuration - 1 hour call.

    Click here to book your selection engagement.

    Software selection workshops

    40 hours of advisory assistance delivered online.

    Select better software, faster.

    • 40 hours of expert analyst guidance
    • Project and stakeholder management assistance
    • Save money, align stakeholders, speed up the process, and make better decisions
    • Better, faster results guaranteed; 25K standard engagement fee
    Software selection process timeline. Week 1: Awareness - 5 hours of Assistance, Week 2: Education & Discovery - 10 hours of assistance, Week 3: Evaluation - 10 hours of assistance, Week 4: Selection - 10 hours of assistance, Week 5: Negotiation & Configuration - 10 hours of assistance.

    Click here to book your workshop engagement.

    Refine Your Estimation Practices With Top-Down Allocations

    • Buy Link or Shortcode: {j2store}434|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • As a portfolio manager, you’re expected to size projects for approval and intake before they have sufficient definition.
    • The consequences of initial sizing are felt throughout the project lifecycle.

    Our Advice

    Critical Insight

    • Your organization lacks strong organizational memory upon which assumptions and estimates can be made.
    • Definition is at a minimum not validated, untested, and is likely incomplete. It has the potential to be dangerously misleading.

    Impact and Result

    • Build project history and make more educated estimates – Projects usually start with a “ROM” or t-shirt size estimate, but if your estimates are consistently off, then it’s time to shift the scale.
    • Plan ahead – Projects face risks; similar projects face similar risks. Provide sponsors with estimates that account for as many risks as possible, so that if something goes wrong you have a plan to make it right.
    • Store and strengthen organizational memory – Each project is rich with lessons that can inform your next project to make it more effective and efficient, and ultimately help to avoid committing the same failures over and over again. Develop a process to catalogue project history and all of the failures and successes associated with those projects.

    Refine Your Estimation Practices With Top-Down Allocations Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should improve your estimation practices, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build organizational memory to inform early estimates

    Analyze your project history to identify and fill gaps in your estimation practices.

    • Refine Your Estimation Practices With Top-Down Allocations – Phase 1: Build Organizational Memory to Inform Early Estimations
    • PMO Organizational Memory Tool
    • T-Shirt Sizing Health Check Lite
    • Project Estimation Playbook

    2. Develop and refine a reliable estimate with top-down allocations

    Allocate time across project phases to validate and refine estimates and estimate assumptions.

    • Refine Your Estimation Practices With Top-Down Allocations – Phase 2: Develop and Refine a Reliable Estimate With Top-Down Allocations
    • Planning-Level Estimate Calculator

    3. Implement a new estimation process

    Implement a lessons learned process to provide transparency to your sponsors and confidence to your teams.

    • Refine Your Estimation Practices With Top-Down Allocations – Phase 3: Implement a New Estimation Process
    • Project Lessons Learned Template
    [infographic]

    Workshop: Refine Your Estimation Practices With Top-Down Allocations

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Develop the Foundations of Organizational Memory

    The Purpose

    Track key performance indicators on past projects to inform goals for future projects.

    Key Benefits Achieved

    Developed Project History List.

    Refined starting estimates that can be adjusted accurately from project to project.

    Activities

    1.1 Build project history.

    1.2 Analyze estimation capabilities.

    1.3 Identify estimation goals.

    Outputs

    Project History List

    T-Shirt Sizing Health Check

    Estimate Tracking Plan

    2 Define a Requirements Gathering Process

    The Purpose

    Outline the common attributes required to complete projects.

    Identify the commonly forgotten attributes to ensure comprehensive scoping early on.

    Key Benefits Achieved

    Refined initial estimate based on high-level insights into work required and resources available.

    Activities

    2.1 Develop a list of in-scope project attributes.

    2.2 Identify leadership priorities for deliverables and attributes.

    2.3 Track team and skill responsibilities for attributes.

    Outputs

    Identified list or store of past project attributes and costs

    Attribute List and Estimated Cost

    Required Skills List

    3 Build an Estimation Process

    The Purpose

    Set clear processes for tracking the health of your estimate to ensure it is always as accurate as possible.

    Define check-in points to evaluate risks and challenges to the project and identify trigger conditions.

    Key Benefits Achieved

    An estimation process rooted in organizational memory and lessons learned.

    Project estimates that are consistently reevaluated to predict and correct challenges before they can drastically affect your projects.

    Activities

    3.1 Determine Milestone Check-In Points.

    3.2 Develop Lessons Learned Meeting Agendas.

    3.3 Identify common risks and past lessons learned.

    3.4 Develop contingency tracking capabilities.

    Outputs

    Project Lessons Learned Template

    Historic Risks and Lessons Learned Master Template

    Contingency Reserve and Risk Registers

    4 Improve Business Alignment With Your Estimation Plan

    The Purpose

    Bridge the gap between death march projects and bloated and uncertain estimates by communicating expectations and assumptions clearly to your sponsors.

    Key Benefits Achieved

    Clear estimation criteria and assumptions aligned with business priorities.

    Post-mortem discussion items crucial to improving project history knowledge for next time.

    Activities

    4.1 Identify leadership risk priorities.

    4.2 Develop IT business alignment.

    4.3 Develop hand-off procedures and milestone approval methods.

    4.4 Create a list of post-mortem priorities.

    Outputs

    Estimation Quotation

    Risk Priority Rankings

    Hand-Off Procedures

    Post-mortem agenda planning

    Create an Effective SEO Keyword Strategy

    • Buy Link or Shortcode: {j2store}568|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Digital Marketers working with an outdated or bad SEO strategy often see:

    • Declining keyword ranking and traffic
    • Poor keyword strategy
    • On-page errors

    Our Advice

    Critical Insight

    Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

    Impact and Result

    Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

    • Competitive keyword research and identification of opportunities
    • On-page keyword strategy

    Create an Effective SEO Keyword Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an Effective SEO Keyword Strategy

    Update your on-page SEO strategy with competitively relevant keywords.

    • Create an Effective SEO Keyword Strategy Storyboard
    [infographic]

    Further reading

    Create an Effective SEO Keyword Strategy
    Update your on-page SEO strategy with competitively relevant keywords.

    Analyst Perspective

    Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

    Leading search engine optimization methods focus on creating and posting relevant keyword-rich content, not just increasing page rank. Content and keywords should move a buyer along their journey, close a sale, and develop long-term relationships. Unfortunately, many SEO specialists focus on computers, not the buyer. What's even more concerning is that up to 70% of SaaS businesses have already been impacted by outdated and inefficient SEO techniques. Poor strategies often focus on ballooning SEO metrics in the short-term instead of building the company's long-term PageRank.

    Best-in-class digital marketers stop chasing the short-term highs and focus on long-term growth. This starts with developing a competitive keyword strategy and updating website content with the new keywords.

    SEO is a large topic, so we have broken the strategy into small, easy-to-implement steps, taking the guesswork out of how to use the data from SEO tools and giving CMOs a solid path to increase their SEO results.

    This is a picture of Terra Higginson

    Terra Higginson
    Marketing Research Director
    SoftwareReviews

    Executive Summary

    Your Challenge

    Digital marketers working with an outdated or bad SEO strategy often see:

    • Declining keyword ranking and traffic
    • Poor keyword strategy
    • On-page errors

    Search algorithms change all the time, which means that the strategy is often sitting on the sifting sands of technology, making SEO strategies quickly outdated.

    Common Obstacles

    Digital marketers are responsible for developing and implementing a competitive SEO strategy but increasingly encounter the following obstacles:

    • SEO practitioners that focus on gaming the system
    • Ever-changing SEO technology
    • Lack of understanding of the best SEO techniques
    • SEO techniques focus on the needs of computers, not people
    • Lack of continued investment

    SoftwareReviews' Approach

    Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

    • Competitive keyword research and identification of opportunities
    • On-page keyword strategy

    Our methodology will take a focused step-by-step strategy in a series of phases that will increase PageRank and competitive positioning.

    SoftwareReviews' SEO Methodology

    In this blueprint, we will cover:

    Good SEO vs. Poor SEO Techniques

    The difference between good and bad SEO techniques.

    Common Good
    SEO Techniques

    Common Poor
    SEO Techniques

    • Writing content for people, not machines.
    • Using SEO tools to regularly adjust and update SEO content, keywords, and backlinks.
    • Pillar and content cluster strategy in addition to a basic on- and off-page strategy.
    • Keyword stuffing and content duplication.
    • A strategy that focuses on computers first and people second.
    • Low-quality or purchased backlinks.

    Companies With Great SEO…

    Keyword Strategy

    • Have identified a keyword strategy that carves out targets within the white space available between themselves and the competition.

    Error-Free Site

    • Have error-free sites without duplicate content. Their URLs and redirects are all updated. Their site is responsive, and every page loads in under two seconds.

    Pillar & Content Clusters

    • Employ a pillar and content cluster strategy to help move the buyer through their journey.

    Authentic Off-Page Strategy

    • Build an authentic backlink strategy that incorporates the right information on the right sites to move the buyer through their journey.

    SEO Terms Defined

    A glossary to define common Phase 1 SEO terms.

    Search Volume: this measures the number of times a keyword is searched for in a certain time period. Target keywords with a volume of between 100-100,000. A search volume greater than 100,000 will be increasingly difficult to rank (A Beginner's Guide to Keyword Search Volume, 2022, Semrush).

    Keyword Difficulty: the metric that quantifies how difficult it will be to rank for a certain keyword. The keyword difficulty percentage includes the number of competitors attempting to rank for the same keyword, the quality of their content, the search intent, backlinks, and domain authority (Keyword Difficulty: What Is It and Why Is It Important? 2022, Semrush).

    Intent: this metric focuses on the intent of the user's search. All search intent is categorized into Informational, Commercial, Navigational, and Transactional (What Is Search Intent? A Complete Guide, 2022, Semrush).

    On-Page SEO: refers to the practice of search engine optimizing elements of your site such as title tags, internal links, HTML code, URL optimization, on-page content, images, and user experience.

    Off-Page SEO: refers to the practice of optimizing brand awareness (What Is Off-Page SEO? A Comprehensive Guide, 2022, Semrush).

    H1: HTML code that tells a search engine the title of the page (neilpatel.com).

    SEO Tool: A subscription-based all-in-one search engine optimization MarTech tool.

    Google's mission is to organize the world's information and make it universally accessible and useful… We believe Search should deliver the most relevant and reliable information available.
    – An excerpt from Google's mission statement

    Your Challenge

    Google makes over 4.5k algorithm changes per year1, directly impacting digital marketing search engine optimization efforts.

    Digital marketers with SEO problems will often see the following issues:

    • Keyword ranking – A decline in keyword ranking is alarming and results in decreased PageRank.
    • Bounce rate – Attracting the wrong audience to your site will increase the bounce rate because the H1 doesn't resonate with your audience.
    • Outdated keywords – Many companies are operating on a poor keyword strategy, or even worse, no keyword strategy. In addition, many marketers haven't updated their strategy to include pillar and cluster content.
    • Errors – Neglected sites often have a large number of errors.
    • Bad backlinks – Neglected sites often have a large number of toxic backlinks.

    The best place to hide a dead body is on page two of the search results.
    – Huffington Post

    Common Obstacles

    Digital marketers are responsible for developing and executing a competitive SEO strategy but increasingly encounter the following obstacles:

    • Inefficient and ineffective SEO practitioners.
    • Changing SEO technology and search engine algorithms.
    • Lack of understanding of the best-in-class SEO techniques.
    • Lack of a sustainable plan to manage the strategy and invest in SEO.

    SEO is a helpful activity when it's applied to people-first content. However, content created primarily for search engine traffic is strongly correlated with content that searchers find unsatisfying.
    – Google Search Central Blog

    Benefits of Proper SEO

    A good SEO keyword strategy will create long-term, sustainable SEO growth:

    • Write content for people, not algorithms – Good SEO prioritizes the needs of humans over the needs of computers, being ever thoughtful of the meaning of content and keywords.
    • Content that aligns with intent – Content and keyword intent will align with the buyer journey to help move prospects through the funnel.
    • Competitive keyword strategy – Find keyword white space for your brand. Keywords will be selected to optimize your ranking among competition with reasonable and sustainable targets.
    • Actionable and impactful fixes – By following the SoftwareReviews phases of SEO, you will be able to take a very large task and divide it into conquerable actions. Small improvements everyday lead to very large improvements over time.

    Digital Marketing SEO Stats

    61%
    61% of marketers believe that SEO is the key to online success.
    Source: Safari Digital

    437%
    Updating an existing title tag with an SEO optimised one can increase page clicks by more than 437%.
    Source: Safari Digital

    Good SEO Aligns With Search Intent

    What type of content is the user searching for? Align your keyword to the logical search objective.

    Informational

    This term categorizes search intent for when a user wants to inform or educate themselves on a specific topic.

    Commercial

    This term categorizes search intent for when a user wants to do research before making a purchase.

    Transactional

    This term categorizes search intent for when a user wants to purchase something.

    Navigational

    This term categorizes search intent for when a user wants to find a specific page.

    SoftwareReviews' Methodology toCreate an Effective SEO Strategy

    1. Competitive Analysis & Keyword Discovery 2. On-Page Keyword Optimization
    Phase Steps
    1. Make a list of keywords in your current SEO strategy – including search volume, keyword difficulty percentage, intent.
    2. Research the keywords of top competitors.
    3. Make a list of target keywords you would like to own – including the search volume, keyword difficulty percentage, and intent. Make sure that these keywords align with your buyer persona.
    1. List product and service pages, along with the URL and current ranking(s) for the keyword(s) for that URL.
    2. Create a new individual page strategy for each URL. Record the current keyword, rank, title tag, H1 tag, and meta description. Then, with keyword optimization in mind, develop the new title tag, new H1 tag, and new meta description. Build the target keywords into the pages and tags.
    3. Record the current ranking for the pages' keywords then reassess after three to six months.
    Phase Outcomes
    • Understanding of competitive landscape for SEO
    • A list of target new keywords
    • Keyword optimized product and service pages

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify your current SEO keyword strategy.

    Call #2: Discuss how to start a competitive keyword analysis.

    Call #4: Discuss how to build the list of target keywords.

    Call #6: Discuss keyword optimization of the product & services pages.

    Call #8: (optional)

    Schedule a call to update every three to six months.

    Call #3: Discuss the results of the competitive keyword analysis.

    Call #5: Discuss which pages to update with new target keywords.

    Call #7: Review final page content and tags.

    Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify your current SEO keyword strategy.

    Call #2: Discuss how to start a competitive keyword analysis.

    Call #4: Discuss how to build the list of target keywords.

    Call #6: Discuss keyword optimization of the product & services pages.

    Call #8: (optional)

    Schedule a call to update every three to six months.

    Call #3: Discuss the results of the competitive keyword analysis.

    Call #5: Discuss which pages to update with new target keywords.

    Call #7: Review final page content and tags.

    Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

    SoftwareReviews offers various levels of support to best suit your needs

    Included Within an Advisory Membership Optional Add-Ons
    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Insight Summary

    People-First Content

    Best-in-class SEO practitioners focus on people-first content, not computer-first content. Search engine algorithms continue to focus on how to rank better content first, and a strategy that moves your buyers through the funnel in a logical and cohesive way will beat any SEO trick over the long run.

    Find White Space

    A good SEO strategy uses competitive research to carve out white space and give them a competitive edge in an increasingly difficult ranking algorithm. An understanding of the ideal client profile and the needs of their buyer persona(s) sit as a pre-step to any good SEO strategy.

    Optimize On-Page Keywords

    By optimizing the on-page strategy with competitively relevant keywords that target your ideal client profile, marketers are able to take an easy first step at improving the SEO content strategy.

    Understand the Strategy

    If you don't understand the strategy of your SEO practitioner, you are in trouble. Marketers need to work hand in hand with their SEO specialists to quickly uncover gaps, create a strategy that aligns with the buyer persona(s), and execute the changes.

    Quality Trumps Quantity

    The quality of the prospect that your SEO efforts bring to your site is more important than the number of people brought to your site.

    Stop Here and Ask Yourself:

    • Do I have an updated (completed within the last two years) buyer persona and journey?
    • Do I know who the ICP (ideal client profile) is for my product or company?

    If not, stop here, and we can help you define your buyer persona and journey, as well as your ideal client profile before moving forward with SEO Phase 1.

    The Steps to SEO Phase 1

    The Keyword Strategy

    1. Current Keywords
      • Identify the keywords your SEO strategy is currently targeting.
    2. Competitive Analysis
      • Research the keywords of competitor(s). Identify keyword whitespace.
    3. New Target Keywords
      • Identify and rank keywords that will result in more quality leads and less competition.
    4. Product & Service Pages
      • Identify your current product and service pages. These pages represent the easiest content to update on your site.
    5. Individual Page Update
      • Develop an SEO strategy for each of your product and service pages, include primary target keyword, H1, and title tags, as well as keyword-rich description.

    Resources Needed for Search Engine Optimization

    Consider the working skills required for search engine optimization.

    Required Skills/Knowledge

    • SEO
    • Web development
    • Competitive analysis
    • Content creation
    • Understanding of buyer persona and journey
    • Digital marketing

    Suggested Titles

    • SEO Analyst
    • Competitive Intelligence Analyst
    • Content Marketing Manager
    • Website Developer
    • Digital Marketing Manager

    Digital Marketing Software

    • CMS that allows you to easily access and update your content

    SEO Software

    • SEO tool

    Step 1: Current Keywords

    Use this sheet to record your current keyword research.

    Use your SEO tool to research keywords and find the following:
    Use a quality tool like SEMRush to obtain SEO data.

    1. Keyword difficulty
    2. Search volume
    3. Search intent

    This is a screenshot of the SEO tool SEMRush, which can be used to identify current keywords.

    Step 2: Competitive Analysis

    Use this sheet to guide the research on your competitors' keywords.

    Use your SEO tool to find the following:

    1. Top organic keywords
    2. Ranking of keywords
    3. Domain authority and trust
    4. Position changes

    This is a screenshot of the SEO tool SEMRush, which can be used to perform an competitive analysis

    Step 3: New Target Keywords

    Use this sheet to record target keywords that have a good volume but are less competitive. The new target keywords should align with your buyer persona and their journey.

    Use your SEO tool to research keywords and find the following:
    Use a quality tool like SEMRush to obtain SEO data.

    1. Keyword difficulty
    2. Search volume
    3. Search intent

    This is a screenshot of the SEO tool SEMRush, which can be used to identify new target keywords.

    Step 4: Product & Service Pages

    Duplicate this page so that you have a separate page for each URL from Step 4

    Use this sheet to identify your current product and service pages.

    Use your SEO tool to find the following:

    1. Current rank
    2. Current keywords

    This is a screenshot of the SEO tool SEMRush, showing where you can display product and service pages.

    Step 5: Individual Page Strategy

    Develop a keyword strategy for each of your product and service pages. Use a fresh page for each URL.

    Date last optimized:
    mm/dd/yyyy

    This is a screenshot of the SEO tool SEMRush, with an example of how you can use an individual page strategy to develop a keyword strategy.

    Bibliography

    Council, Y. "Council Post: The Rundown On Black Hat SEO Techniques And Why You Should Avoid Them." Forbes, 2022. Accessed September 2022.

    "Our approach – How Google Search works." Google Search. Accessed September 2022.

    "The Best Place to Hide a Dead Body is Page Two of Google." HuffPost, 2022. Accessed September 2022.

    Patel, Neil. "How to Create the Perfect H1 Tag for SEO." neilpatel.com. Accessed September 2022.

    Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

    Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

    Achieve IT Spend & Staffing Transparency

    • IT spend has increased in volume and complexity, but how IT spend decisions are made has not kept pace.
    • In most organizations, technology has evolved faster than the business’ understanding of what it is, how it works, and what it can do for them.
    • How traditional financial accounting methods are applied to IT expenditure don’t align well to modern IT realities.
    • IT is often directed to make cuts when cost optimization and targeted investment are what’s really needed to sustain and grow the organization in the long term.

    Our Advice

    Critical Insight

    • Meaningful conversations about IT spend don’t happen nearly as frequently as they should. When they do happen, they are often inhibited by a lack of IT financial management (ITFM) maturity combined with the absence of a shared vocabulary between IT, the CFO, and other business function leaders.
    • Supporting data about actual technology spend taking place that would inform decision making is often scattered and incomplete.
    • Creating transparency in your IT financial data is essential to powering collaborative and informed technology spend decisions.

    Impact and Result

    • Understand the uses and benefits of making your IT spend more transparent.
    • Discover and organize your IT financial data.
    • Map your organization’s total technology spend against four IT stakeholder views: CFO, CIO, CXO, and CEO.
    • Gain vocabulary and facts that will help you tell the true story of IT spend.

    Members may also be interested in Info-Tech's IT Spend & Staffing Benchmarking Service.

    Achieve IT Spend & Staffing Transparency Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Achieve IT Spend & Staffing Transparency Deck – A detailed, do-it-yourself framework and process for clearly mapping your organization’s total technology spend.

    This deck mirrors Info-Tech’s own internal methods for delivering its IT Spend & Staffing Benchmarking Service in a do-it-yourself format. Based on Info-Tech’s proven ITFM Cost Model, it includes an IT spend mapping readiness assessment, expert advice for sourcing and organizing your financial data, a methodology for mapping IT staff and vendor spend according to four key stakeholder views (CFO, CIO, CXO, and CEO), and guidance on how to analyze and share your results.

    • Achieve IT Spend & Staffing Transparency Storyboard

    2. IT Spend & Staffing Transparency Workbook – A structured Excel tool that allows you to allocate your IT spend across four key stakeholder views and generate high-impact visualizations.

    This workbook offers a step-by-step approach for mapping and visualizing your organization’s true IT spend.

    • IT Spend & Staffing Transparency Workbook

    3. IT Spend & Staffing Transparency Executive Presentation Template – A PowerPoint template that helps you summarize and showcase key results from your IT spend transparency exercise.

    This presentation template offers a recommended structure for introducing key executive stakeholders to your organization’s true IT spending behavior and IT financial management as a whole.

    • IT Spend & Staffing Transparency Executive Presentation Template

    Infographic

    Further reading

    Achieve IT Spend & Staffing Transparency

    Lay a foundation for meaningful conversations with the business.

    Analyst Perspective

    Take the first step in your IT spend journey.

    Talking about money is hard. Talking to the CEO, CFO, and other business leaders about money is even harder, especially if IT is seen as just a cost center, is not understood by stakeholders, or is simply taken for granted. In times of economic hardship, already lean IT operations are tasked with becoming even leaner.

    When there's little fat to trim, making IT spend decisions without understanding the spend's origin, location, extent, and purpose can lead to mistakes that weaken, not strengthen, the organization.

    The first step in optimizing IT spend decisions is setting a baseline. This means having a comprehensive and transparent view of all technology spend, organization-wide. This baseline is the only way to have meaningful, data-driven conversations with stakeholders and approvers around what IT delivers to the business and the implications of making changes to IT funding.

    Before stepping forward in your IT financial management journey, know exactly where you're standing today.

    Jennifer Perrier, Principal Research Director, ITFM Practice

    Jennifer Perrier
    Principal Research Director, ITFM Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    IT spend has increased in volume and complexity, but how IT spend decisions are made has not kept pace:
    • Technology has evolved faster than the business' understanding of what it is, how it works, and what it can do for them.
    • How traditional financial accounting methods are applied doesn't align well to modern IT realities.
    • IT is directed to make cuts when cost optimization and targeted investment are what's really needed to sustain and grow the organization in the long-term.
    		Meaningful conversations about IT spend don't happen nearly as much as they should. This is often due to:
    • A lack of maturity in how ITFM (IT financial management) is executed within IT and across the organization as a whole.
    • The absence of a shared vocabulary between IT, the CFO, and other business function leaders.
    • Scattered and incomplete data about the actual technology spend taking place in the organization.
    		Lay a foundation for meaningful conversations and informed decision-making around IT spend.
    • Understand the uses and benefits of making your IT spend more transparent.
    • Discover and organize your IT financial data.
    • Map your organization's total technology spend against four IT stakeholder views: CFO, CIO, CXO, and CEO.
    • Gain both vocabulary and facts that will help you tell the true story of IT spend.

    Info-Tech Insight
    Create transparency in your IT financial data to power both collaborative and informed technology spend decisions.

    IT spend has grown alongside IT complexity

    IT spend has grown alongside IT complexity

    Growth creates change ... and challenges

    IT has become more integral to business operations and achievement of strategic goals, driving complexity in how IT funds are allocated and managed.

    How IT funds are spent has changed
    Value demonstration is two-pronged. The first is return on performance investment, focused on formal and objective goals, metrics, and KPIs. The second is stakeholder satisfaction, a more subjective measure driven by IT-business alignment and relationship. IT leaders must do both well to prove and promote IT's value.     		Funding decision cadence has sped up
    Many organizations have moved from three- to five-year strategic planning cycles to one-year planning horizons or less, most noticeably since the 2008/2009 recession. Not only has the pace of technological change accelerated, but so too has volatility in the broader business and economic environments, forcing rapid response.     		Justification rigor around IT spend has increased
    The need for formal business cases, proposals, and participation in formal governance processes has increased, as has demand for financial transparency. With many IT departments still reporting into the CFO, there's no getting around it - today's IT leaders need to possess financial management savvy.     		Clearly showing business value has become priority
    IT spend has moved from the purchase of discrete hardware and software tools traditionally associated with IT to the need to address larger-scale issues around interoperability, integration, and virtualized cloud solutions. Today's focus is more on big-picture architecture than on day-to-day operations.

    ITFM capabilities haven't grown with IT spend

    IT still needs to prove itself.

    Increased integration with the core business has made it a priority for the head of IT to be well-versed in business language and practice, specifically in the areas of measurement and financial management.

    However, IT staff across all industries aren't very confident in how well IT is doing in managing its finances via three core processes:

    • Accounting of costs and budgets.
    • Optimizing costs to gain the best return on investment.
    • Demonstrating IT's value to the business.

    Recent data from 4,137 respondents to Info-Tech's IT Management & Governance Diagnostic shows that while most IT staff feel that these three financial management processes are important, notably fewer feel that IT management is effective at executing them.

    IT leadership's capabilities around fundamental cost data capture appear to be lagging, not to mention the essential value-added capabilities around optimizing costs and showing how IT contributes to business value.

    Graph of Cost and Budget Management

    Graph of Cost Optimization

    Questions for support transition

    Source: IT Management & Governance Diagnostic, Info-Tech Research Group, 2022.

    Take the perspective of key IT stakeholders as a first step in ITFM capability improvement

    Other business unit leaders need to deliver on their own specific and unique accountabilities. Create true IT spend transparency by accounting for these multiple perspectives.

    Exactly how is IT spending all that money we give them?
    Many IT costs, like back-end infrastructure and apps maintenance, can be invisible to the business.

    Why doesn't my department get more support from IT?
    Some business needs won't align with spend priorities, while others seem to take more than their fair share.

    Does the amount we spend on each IT service make sense?
    IT will get little done or fall short of meeting service level requirements without appropriate funding.

    I know what IT costs us, but what is it really worth?
    Questions about value arise as IT investment and spend increase. How to answer these questions is critical.

    At the end of the day, telling IT's spend story to the business is a significant challenge if you don't understand your audience, have a shared vocabulary, or use a repeatable framework.

    Mapping your IT spend against a reusable framework helps generate transparency

    A framework makes transparency possible by simplifying methods, creating common language, and reducing noise.

    However, the best methodological framework won't work if the materials and information plugged into it are weak. With IT spend, the materials and information are your staff and your vendor financial data. To achieve true transparency, inputs must have the following three characteristics:

    Availability Reliability Usability
    The data and information are up-to-date and accessible when needed. The data and information are accurate, complete, and verifiable. The data and information are clearly defined, consistently and predictably organized, consumable, and meaningful for decision-making.

    A framework is an organizing principle. When it comes to better understanding your IT spend, the things being organized by a framework are your method and your data.

    If your IT spend information is transparent, you have an excellent foundation for having the right conversations with the right people in order to make strategically impactful decisions.

    Info-Tech's approach enables meaningful dialogue with stakeholders about IT spend

    View of meaningful dialogue with stakeholders about IT spend

    Investing time in preparing and mapping your IT spend data enables better IT governance

    While other IT spend transparency methods exist, Info-Tech's is designed to be straightforward and tactical.

    Info-Tech method for IT spend transparency

    Put your data to work instead of being put to work by your data.

    Introducing Info-Tech's methodology for creating transparency on technology spend

    1. Know your objectives 2. Gather required data 3. Map your IT staff spend 4. Map your IT vendor spend 5. Identify implications for IT
    Phase Steps
    1. Review your business context
    2. Set IT staff and vendor spend transparency objectives
    3. Assess effort and readiness
    1. Collect IT staff spend data
    2. Collect IT vendor spend data
    3. Define industry-specific CXO Business View categories
    1. Categorize IT staff spend in each of the four views
    2. Validate
    1. Categorize IT vendor spend in each of the four views
    2. Validate
    1. Analyze your findings
    2. Craft your key messages
    3. Create an executive presentation
    Phase Outcomes Goals and scope for your IT spend and staffing transparency effort. Information and data required to perform the IT staff and vendor spend transparency initiative. A mapping of the allocation of IT staff spend across the four views of the Info-Tech ITFM Cost Model. A mapping of the allocation of IT vendor spend across the four views of the Info-Tech ITFM Cost Model. An analysis of your results and a presentation to aid your communication of findings with stakeholders.

    Insight Summary

    Overarching insight
    Take the perspective of key stakeholders and lay out your organization's complete IT spend footprint in terms they understand to enable meaningful conversations and start evolving your IT financial management capability.

    Phase 1 insight
    Your IT spend transparency efforts are only useful if you actually do something with the outcomes of those efforts. Be clear about where you want your IT transparency journey to take you.

    Phase 2 insight
    Your IT spend transparency efforts are only as good as the quality of your inputs. Take the time to properly source, clean, and organize your data.

    Phase 3 insight
    Map your IT staff spend data first. It involves work but is relatively straightforward. Practice your mapping approach here and carry forward your lessons learned.

    Phase 4 insight
    The importance of good, usable data will become apparent when mapping your IT vendor spend. Apply consistent and meaningful vendor labels to enable true aggregation and insight.

    Phase 5 insight
    Communicating your final IT spend transparency mapping with executive stakeholders is your opportunity to debut IT financial management as not just an IT issue but an organization-wide concern.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Use this tool in Phases 1-4

    IT Spend & Staffing Transparency Workbook

    Input your IT staff and vendor spend data to generate visual outputs for analysis and presentation in your communications.

    Key deliverable:

    IT Spend & Staffing Transparency Executive Presentation

    Create a showcase for your newly-transparent IT staff and vendor spend data and present it to key business stakeholders.

    Use this tool in Phase 5

    IT and business blueprint benefits

    IT Benefits Business Benefits
    • Gain insight into exactly where you're spending IT funds on hardware, software, service providers, and the workforce.
    • Understand how much it's costing IT to deliver specific IT services.
    • Illustrate differences in business consumption of IT spend.
    • Learn the ratio of spend allocated to innovation vs. growth vs. keeping the lights on (KTLO).
    • Develop a series of core IT spend metrics including IT spend as a percent of revenue, IT spend per organization employee, and IT spend per IT staff member.
    • Create a complete IT spend baseline to serve as a foundation for future benchmarking, cost optimization, and other forms of IT financial analysis.
    • Understand the relative allocation of IT spend across capital vs. operational expenditure.
    • See the degree to which IT differentially supports and enables organizational goals, strategies, and functions.
    • Have better data for informing the organization's IT spend allocation and prioritization decisions.
    • Gain better visibility into real-life IT spending behaviors, cadences, and patterns.
    • Identify potential areas of spend waste as well as underinvestment.
    • Understand the true value that IT brings to the business.

    Measure the value of this blueprint

    You will know that your IT spend and staffing transparency effort is succeeding when:

    • Your understanding of where technology funds are really being allocated is comprehensive.
    • You're having active and meaningful dialogue with key stakeholders about IT spend issues.
    • IT spend transparency is a permanent part of your IT financial management toolkit.

    In phase 1 of this blueprint, we will help you identify initiatives where you can leverage the outcomes of your IT spend and staffing transparency effort.

    In phases 2, 3, and 4, we will guide you through the process of mapping your IT staff and vendor spend data so you can generate your own IT spend metrics based on reliable sources and verifiable facts.

    Win #1: Knowing how to reliably source the financial data you need to make decisions.

    Win #2: Getting your IT spend data in an organized format that you can actually analyze.

    Win #3: Having a framework that puts IT spend in a language stakeholders understand.

    Win #4: Gaining a practical starting point to mature ITFM practices like cost optimization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    Info-Tech recommends the following calls in your Guided Implementation.

    Phase 1: Know your objectives Phase 2: Gather required data Phase 3: Map your IT staff spend Phase 4: Map your IT vendor spend Phase 5: Identify implications for IT
    Call #1: Discuss your IT spend and staffing transparency objectives and readiness. Call #2: Review spend and staffing data sources and identify data organization and cleanup needs. Call #3: Review your mapped IT staff spend and resolve lingering challenges. Call #4: Review your mapped IT vendor spend and resolve lingering challenges. Call #5: Analyze your mapping outputs for opportunities and devise next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between four to six calls over the course of two to three months.

    Want even more help with your IT spend transparency effort?

    Let us fast-track your IT spend journey.

    The path to IT financial management maturity starts with knowing exactly where your money is going. To streamline this effort, Info-Tech offers an IT Spend & Staffing Benchmarking service that provides full transparency into where your money is going without any heavy lifting on your part.

    This unique service features:

    • A client-proven approach to meet your IT spend transparency goals.
    • Vendor and staff spend mapping that reveals business consumption of IT.
    • Industry benchmarking to compare your spending and staffing to that of your peers.
    • Results in a fraction of the time with much less effort than going it alone.
    • Expert review of results and ongoing discussions with Info-Tech analysts.

    If you'd like Info-Tech to pave the way to IT spend transparency, contact your account manager for more information - we're happy to talk anytime.

    Phase 1

    Know Your Objectives

    This phase will walk you through the following activities:

    • Establish IT spend and staffing transparency uses and objectives
    • Assess your readiness to tackle IT spend and staffing transparency

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 1: Know your objectives

    Envision what transparency can do.

    You're at the very beginning of your IT spend transparency journey. In this phase you will:

    • Set your objectives for making your IT spend and staffing transparent.
    • Assess your readiness to tackle the exercise and gauge how much work you'll need to do in order to do it well.

    "I've heard this a lot lately from clients: 'I've got my hands on this data, but it's not structured in a way that will allow me to make any decisions about it. I have these journal entries and they have some accounting codes, GL descriptors, cost objects, and some vendors, but it's not enough detail to make any decisions about my services, my applications, my asset spend.'"
    - Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group

    Transparency positively enables both business outcomes and the practice of business ethics

    However, transparency's real superpower is in how it provides fact-based context.

    • More accurate and relevant data for decision-making.
    • Better managed and more impactful financial outcomes.
    • Increased inclusion of people in the decisions that affect them.
    • Clearer accountabilities for organizational efficiency and effectiveness goals.
    • Concrete proof that business priorities and decisions are being acted on and implemented.
    • Greater trust and respect between IT and the business.
    • Demonstration of integrity in how funds are being used.

    IT spend transparency efforts are only useful if you actually do something with the outputs

    Identify in advance how you plan to leverage IT spend transparency outcomes.

    CFO expense view

    • Demonstrate actual IT costs at the right level of granularity.
    • Update/change the categories finance uses to track IT spend.
    • Adjust the expected CapEx/OpEx ratio.

    CXO business view

    • Calculate consumption of IT resources by department.
    • Implement a showback/chargeback mechanism.
    • Change the funding conversation about proposed IT projects.

    CIO service view

    • Calculate the total cost to deliver a specific IT service.
    • Adjust the IT service spend-to-value ratio as per business priorities.
    • Rightsize IT service levels to reflect true value to the business.

    CEO innovation view

    • Formalize the organization's position on use of cloud/outsourcing.
    • Reduce the portion of spend dedicated to "keeping the lights on."
    • Develop a plan for boosting commitment to innovation investment.

    When determining your end objectives, think about the real questions IT is being asked by the business and how IT spend transparency will help you answer them.

    CFO: Financial accounting perspective

    IT spend used to be looked at from a strictly financial accounting perspective - this is the view of the CFO and the finance department. Their question, "exactly how is IT spending all that money we give them," is really about how money is distributed across different asset classes. This question breaks down into other questions that IT leaders needs to ask themselves in order to provide answers:

    • How should I classify my IT costs? What are the standard categories you need to have that are meaningful to folks crunching the corporate numbers? If you're too detailed, it won't make sense to them. If you pick outmoded categories, you'll have to adjust in the future as IT evolves, which makes tracking year-over-year spend patterns harder.
    • What information should I include in my plans and reports? This is about two things. One is about communicating with the finance department in language that reduces back-and-forth and eliminates misinterpretation. The other is about aligning with the categories the finance department uses to track financial data in the general ledger.
    • How do I justify current spend? This is about clarity and transparency. Specifically itemizing spend into categories that are meaningful for your audience does a lot of justification work for you since you don't have to re-explain what everything means.
    • How do I justify a budget increase? In a declining economy, this question may not be appropriate. However, establishing a baseline puts you in a better position to discuss spend requirements based on past performance and to focus the conversation.

    Exactly how is IT spending all that money we give them?

    Example
    Asset Class % IT Spend
    Workforce 42.72%
    Software - Cloud 9.26%
    Software - On Prem 13.61%
    Hardware - Cloud 0.59%
    Hardware - On Prem 15.68%
    Contract Services 18.14%
    Info-Tech IT Spend & Staffing Studies, 2022.

    CIO: IT operations management perspective

    As the CIO role was adopted, IT spend was viewed from the IT operations management perspective. Optimizing the IT delivery model is a critical step to reducing time to provision services. For the IT leader, the questions they need to ask themselves are:

    • What's the impact of cloud adoption on speed of delivery? Leveraging a SaaS solution can reduce time to deployment as well as increase your ability to scale; however, integration with other functionality will still be a challenge that will incur costs.
    • Where can I improve spend efficiency? This is about optimizing spend in your IT delivery model. What service levels does the business require and what's the most cost-effective way to meet those levels without incurring significant technical debt?
    • Is my support model optimized? By reviewing where support staff are focused and which services are using most of your resources, you can investigate underlying drivers of your staffing requirements. If staff costs in support of a business function are high, perhaps the portfolio of applications needs to be reviewed.
    • How does our spend compare to others? Benchmarking against peers is a useful input, but reflects common practice, not best practice. For example, if you need to invest in IT security, your entire industry is lagging on this front, and you happen to be doing slightly better than most, then bringing forth this benchmark won't help you make the case. Starting with year-over-year internal benchmarking is essential - establish your categories, establish your baseline, and track it consistently.

    Does the amount we spend on each IT service make sense?

    Example
    Service Area % IT Spend
    App Development 9.06%
    App Maintenance 30.36%
    Hosting/Network 25.39%
    End User 18.59%
    Data & BI 3.58%
    Security & Risk 5.21%
    IT Management 7.82%
    Info-Tech IT Spend & Staffing Studies, 2022.

    CXO: Business unit perspective

    As business requests have increased, so too has the importance of the business unit perspective. Each business function has a unique mandate to fulfill in the organization and also competes with other business functions for IT resources. By understanding business consumption of IT, organizations can bring transparency and drive a different dialog with their business partners. Every IT leader should find out the answers to these questions:

    • Which business units consume the most IT resources? By understanding consumption of IT by business function, IT organizations can clearly articulate which business units are getting the highest share of IT resources. This will bring much needed clarity when it comes to IT spend prioritization and investment.
    • Which business units are underserved by IT? By providing full transparency into where all IT spend is consumed, organizations can determine if certain business functions may need increased attention in an upcoming budget cycle. Knowing which levers to pull is critical in aligning IT activities with delivering business value.
    • How do I best communicate spend data internally? Different audiences need information presented to them differently. This is not just about the language - it's also about the frequency, format, and channel you use. Ask your audiences directly what methods of communication stand the best chance of you being seen and heard.
    • Where do I need better business sponsorship for IT projects? If a lot of IT spend is going toward one or two business units, the leaders of those units need to be active sponsors of IT projects and associated spend that will benefit all users.

    Why doesn't my business unit get more support from IT?

    Example
    Business Function % IT Spend
    HR Department 6.16%
    Finance Department 15.15%
    IT Department 10.69%
    Business Function 1 23.80%
    Business Function 2 10.20%
    Business Function 3 6.80%
    Business Function 4 27.20%
    Source: Info-Tech IT Spend & Staffing Studies, 2022.

    CEO: Strategic vs. operations perspective

    With a business view now available, evaluating IT spend from a strategic standpoint is critical. Simply put, how much is being spent keeping the lights on (KTLO) in the organization versus supporting business or organizational growth versus net-new business innovations? This view is not about what IT costs but rather how it is being prioritized to drive revenue, operating margin, or market share. Here are the questions IT leaders should be asking themselves along with the organization's executive leadership and the CEO:

    • Why is KTLO spend so high? This question is a good gauge of where the line is drawn between operations and strategy. Many IT departments want to reduce time spent on maintenance and redeploy resource investment toward strategic projects. This reallocation must include retiring or eliminating technologies to free up funds.
    • What should our operational spend priorities be? Maintenance and basic operations aren't going anywhere. The issue is what is necessary and what could be done more wisely. Are you throwing good money after bad on a high-maintenance legacy system?
    • Which projects and investments should we prioritize? The answer to this question should tightly align with business strategic goals and account for the lion's share of growth and innovation spend.
    • Are we spending enough on innovative initiatives? This is the ultimate dialogue between business partners, the CEO, and IT that needs to take place, yet often doesn't.

    I know what IT costs us, but what is it really worth?

    Example
    Focus Area % IT Spend
    KTLO 89.16%
    Grow 7.18%
    Innovate 3.66%
    Info-Tech IT Spend Studies, 2022.

    Be clear about where you want your IT spend transparency journey to take you in real life

    Transparent IT spend data will allow you to have conversations you couldn't have before. Consider this example of how telling an IT spend story could evolve.

    I want to ...
    Analyze the impact of the cloud on IT operating expenditure to update finance's expectations of a realistic IT CapEx/OpEx ratio now and into the future.

    To address the problem of ...

    • Many of our key software vendors have eliminated on-premises products and only offer software as an OpEx service.
    • Assumptions that modern IT solutions are largely on-premises and can be treated as capitalizable assets are out-of-date and don't reflect IT financial realities.

    And will use transparency to ...

    • Provide the CFO with specific, accurate, and annotated OpEx by product/service and vendor for all cloud-based and on-premises solutions.
    • Facilitate a realistic calculation of CapEx/OpEx distribution based on actuals, as well as let us develop defendable projections of OpEx into the future based on typical annual service fee increases and anticipated growth in the number of users/licenses.

    1.1 Establish ITFM objectives that leverage IT spend transparency

    Duration: One hour

    1. Consider the problems or issues commonly voiced by the business about IT, as well as your own ongoing challenges in communicating with stakeholders. Document these problems/issues as questions or statements as spoken by a person. To help structure your brainstorming, consider these general process domains and examples:
      1. Spend tracking and reporting. E.g. Why is IT's OpEx so high? We need you to increase IT's percentage of CapEx.
      2. Service levels and business continuity. E.g. Why do we need to hire more service desk staff? There are more of them in IT than any other role.
      3. Project and operations resourcing. E.g. Why can't IT just buy this new app we want? It's not very expensive.
      4. Strategy and innovation. E.g. Did output increase or decrease last quarter per input unit? IT should be able to run those reports for us.
    2. For each problem/issue noted, identify:
      1. The source(s) of the question/concern (e.g. CEO, CFO, CXO, CIO).
      2. The financial process involved (e.g. accurate costing, verification of costs, building a business case to invest).
    3. For each problem/issue, identify a broader project-style initiative where having transparent IT spend data is a valuable input. One initiative may apply to multiple problems/issues. For each initiative:
      1. Give it a working title.
      2. State the goal for the initiative with reference to ITFM aspirations.
      3. Identify key stakeholders (these will likely overlap with the problem/issue source).
      4. Set general time frames for resolution.

    Document your outputs on the slide immediately following the instruction slides for this exercise. Examples are included.

    1.1 Establish ITFM objectives that leverage IT spend transparency

    Input Output
    • Organizational knowledge
    • List of the potential uses and objectives of transparent IT spend and staffing data
    Materials Participants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    ITFM initiatives that leverage transparency

    Problem/Issue Statement Source/ Stakeholder Associated ITFM Process Potential Initiative Initiative Goal Time Frame
    "Why is IT's OpEx so high? We need you to increase IT's percentage of CapEx." CFO IT spend categorization and reporting. Analyze the impact of the cloud on IT operating expenditure. To update finance's expectations of a realistic IT CapEx/OpEx ratio. <12 months
    "Why do we need to hire more service desk staff? There are more of them in IT than any other role." CFO, VP of HR Business case for hiring IT staff. Document ongoing IT support requirements for proposed ERP platform migration project. To ensure sufficient resources for an anticipated increase in service desk tickets due to implementation of a new ERP system. 1-3 months
    "Why can't IT just buy this new app we want? It's not very expensive." CEO, all CXOs/VPs Total cost of technology ownership. Develop a mechanism to review the lifecycle impact on IT of proposed technology purchases. To determine if functionality of new tool already exists in the org. and the total cost of ownership of a new app. <6 months
    "Did output increase or decrease last quarter per input unit? IT should be able to run those reports for us." CEO, CFO, VP of Production IT service costing. Develop an organizational business intelligence strategy. To create a comprehensive plan for evolving BI capability in the organization and transferring report development to users. Select a department for pilot. <12 months

    Your organization's governance culture will affect how you approach transparency

    Know your governance culture Lower Governance
    • Few regulations.
    • Financial reporting is largely internal.
    • Change is frequent and rapid.
    • Informal or nonexistent mechanisms and structures.
    • Data sharing behavior driven by competitive concerns.
    		 Higher Governance
    • Many regulations.
    • Stringent and regular external reporting requirements.
    • Change is limited and/or slow.
    • Defined and established mechanisms and structures.
    • Data sharing behavior driven by regulatory concerns.
    Determine impact on opportunities How does your governance culture impact IT spend transparency opportunities?
    Resistance to formality and bureaucracy Resistance to change and uncertainty
    Set expectations and approach You have plenty of room to implement transparency rigor within the confines of IT, but getting others to give you the time and attention you want will be a challenge. One-on-one, informal relationship building to create goodwill and dialogue is needed before putting forth recommendations or numbers. Many existing procedures must be accommodated and respected. While you can benefit by working with preexisting mechanisms and touchpoints, expect any changes you want to make to things like IT cost categories or CapEx/OpEx ratios to require a lot of time, meetings, and case-making.

    IT's current maturity around ITFM practice will also affect your approach to transparency

    Know your ITFM maturity level Lower ITFM Maturity
    • No/few formal policies, standards, or procedures exist.
    • There is little/no formal education or experience within IT around budget, costing, charging, or accounting practices.
    • Financial reporting is sporadic and inconsistent in its contents.
    • Business cases are rarely used in decision-making.
    • Financial data is neither reliable nor readily available.
    		Higher ITFM Maturity
    • Formal policies, standards, and procedures are enforced organization-wide for all financial management activities.
    • Formally-trained accountants are embedded within IT.
    • Financial reporting is regular, scheduled, and defined.
    • Business cases are leveraged in most decision-making activities.
    • Financial data is governed, centralized, and current.
    Determine stakeholders' financial literacy How does your degree of ITFM maturity impact IT spend transparency opportunities?
    Improve your own financial literacy first Determine stakeholders' financial literacy
    Set expectations and approach Brush up on core financial management and accounting concepts before taking the discussion beyond IT's walls. Do start mapping your costs, but just know how to communicate what the data is saying before sharing it. Not everyone will be at your level, familiar with ITFM language and concepts, or focused on the same things you are. Gauge where your audience is at so you can prepare for meaningful dialogue.

    1.2 Assess your readiness to tackle IT spend transparency

    Duration: One hour

    Note: This assessment is general in nature. It's intended to help you identify and prepare for potential challenges in your IT spend and staffing transparency effort.

    1. Rate your agreement with the "Data & Information" and "Experience, Expertise, & Support" statements listed on the slide immediately following the two instruction slides for this exercise. For each statement, indicate the extent to which you agree or disagree, where:
      1. 1 = Strongly disagree
      2. 2 = Disagree
      3. 3 = Neither agree nor disagree
      4. 4 = Agree
      5. 5 = Strongly agree
    2. Add up your numerical scores for all statements, where the highest possible score is 65.
    3. Assess your general readiness against the following guidelines:
      1. 50-65: Ready. The transparency exercise will involve work, but should be straightforward since you have the data, skills, tools, processes, and support to do it.
      2. 40-49: Ready, with caveats. The transparency exercise is doable but will require some preparatory legwork and investigation on your part around data sourcing, organization, and interpretation.
      3. 30-39: Challenged. The transparency exercise will present some obstacles. Expect to encounter data gaps, inconsistencies, errors, roadblocks, and frustrations that will need to be resolved.
      4. Less than 30: Not ready. You don't have the data, skills, tools, processes, and/or support to do the data transparency exercise. Take time to develop a stronger foundation of financial literacy and governance before tackling it.

    Document your outputs on the slide immediately following the two instruction slides for this exercise.

    1.2 Assess your readiness to tackle IT spend transparency

    InputOutput
    • Organizational knowledge
    • Estimation of IT spend and staffing transparency effort
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    IT spend transparency readiness assessment

    Data & Information
    Statement Rating
    We know how to access all IT department spend records.
    We know how to access all non-IT-department technology spend records.
    We know how to access all IT vendor/contractor agreements.
    We know how to access data about our IT staff costs and allocation, such as organizational charts and salaries/benefits.
    Our financial and staffing data is up-to-date.
    Our financial and staffing data are labeled, described, and organized so that we know what they're referring to.
    Our financial and staffing data are in a format that we can easily manipulate (e.g. export, copy and paste, perform calculations).
    Experience, Expertise, & Support
    Statement Rating
    We have sufficient expertise within the IT department to navigate and accurately interpret financial records.
    We have reasonable access to expertise/resources in our finance department to support us in an IT spend transparency exercise.
    We can allocate sufficient time (about 40 hours) and resources in the near term to do an IT spend transparency exercise.
    We have current accountabilities to track and internally report financial information to others on at least a monthly basis.
    There are existing financial policies, procedures, and standards in the organization with which we must closely adhere and comply.
    We have had the experience of participating in, or responding to the results of, an internal or external audit.

    Rating scale:
    1 = Strongly Disagree; 2 = Disagree; 3 = Neither agree nor disagree; 4 = Agree; 5 = Strongly agree
    Assessment scale:
    Less than 30 = Not ready; 30-39 = Challenged; 40-49 = Ready with caveats; 50-65 = Ready

    Take a closer look at the statements you rated 1, 2, or 3. These will be areas of challenge no matter what your total score on the assessment scale.

    Phase 1: Know your objectives

    Achievement summary

    You've now completed the first two steps on your IT spend transparency journey. You have:

    • Set your objectives for making your IT spend and staffing transparent.
    • Assessed your readiness to tackle the exercise and know how much work you'll need to do in order to do it well.

    "Mapping to a transparency model is labor intensive. You can do it once and never revisit it again, but we would never advise that. What it does is play well into an IT financial management maturity roadmap."
    - Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

    Phase 2

    Gather Required Data

    This phase will walk you through the following activities:

    • Gather, clean, and organize your data
    • Build your industry-specific business views

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 2: Gather required data

    Finish your preparation.

    You're now ready to do the final preparation for your IT spend and staffing transparency journey. In this phase you will:

    • Gather your IT spend and staffing data and information.
    • Clean and organize your data to streamline mapping.
    • Identify your baseline data points.

    "Some feel like they don't have all the data, so they give up. Don't. Every data point counts."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Your IT spend transparency efforts are only as good as the quality of your inputs

    Aim for a comprehensive, complete, and accurate set of data and information.

    Diagram of comprehensive, complete, and accurate set of data and information

    Start by understanding what's included in technology spend

    Info-Tech's ITFM Technology Inventory

    In scope:

    • All network, telecom, and data center equipment.
    • All end-user productivity software and devices (e.g. laptops, peripheral devices, cell phones).
    • Information security.
    • All acquisition, development, maintenance, and management of business and operations software.
    • All systems used for the storage and management of business assets, data, records, and information.
    • All managed IT services.
    • Third-party consulting services.
    • All identifiable spend from the business for the above.

    Expand your thinking: Total tech spend goes beyond what's under IT's operational umbrella

    "Technology" means all technology in the organization regardless of where it lives, who bought it, who owns it, who runs it, or who uses it.

    IT may have low or no visibility into technologies that exist in the broader business environment beyond IT. Accept that you won't gain 100% visibility right now. However, do get started and be persistent.

    Where to look for non-IT technology ...

    • Highly specialized business functions - niche tools that are probably used by only a few people.
    • Power users and the "underserved" - cloud-based workflow, communication, and productivity tools they got on their own.
    • Operational technology - network-connected industrial, building, or physical security sensors and control systems.
    • Recently acquired/merged entities - inherited software.

    Who might get you what you need ...

    • Business unit and team leaders - identification of what they use and copies of their spend records and/or contracts.
    • Finance - a report of the "software" expenditure category to spot unrecognized technologies and their owners.
    • Vendors - copies of contracts if not forthcoming internally.
    • Your service desk - informal knowledge gained about unknown technologies at play in the course of doing their job.

    The IT spend and staffing transparency exercise is an opportunity to kick-start a technology discovery process that will give you and the business a true picture of your technology profile, use, and spend.

    Seek out data at the right level of granularity with the right supporting information

    Key data and information to seek out:

    • Credits applied to appropriate debits that show net expense, or detailed descriptions of credits with no matching debit.
    • Cash-based accounting (not accrual accounting). If accrual, will need to determine how to simplify the data for your uses.
    • Vendor names, asset classes, descriptors, and departments.
    • A total spend amount (CapEx + OpEx) that:
      • Aligns with the spend period.
      • Passes your gut check for total IT spend.
      • Includes annual amounts for multi-year contracts (e.g. one year of a three-year Microsoft enterprise agreement).
      • Includes technology spend from the business (e.g. OT that IT supports).
    • Insights on large projects.
    • Consolidated recurring payments, salaries and benefits, and other small expenses.

    Look for these data descriptors in your files:

    • Cost center/accounting unit
    • Cost center/department description
    • GL ACCT
    • CL account description
    • Activity description
    • Status
    • Program/business function/project description
    • Accounting period
    • Transaction amount
    • Vendor/vendor name
    • Product/product name

    Avoid data that's hard to use or problematic as it will slow you down and bring limited benefits

    Spend data that's out of scope:

    • Depreciation/amortization.
    • Gain or loss of asset write-off.
    • Physical security (e.g. key cards, cameras, motion sensors, floodlights).
    • Printer consumables costs.
    • Heating and cooling costs (for data centers).

    Challenging data formats:

    • Large raw data files with limited or no descriptors.
    • Major accounts (hardware and software) combined in the same line item.
    • Line items (especially software) with no vendor reference information.
    • PDF files or screenshots that you can't extract data from readily. Use Excel or CSV files whenever possible.

    Getting at the data you need can be easy or hard – it all depends

    This is where your governance culture and ITFM maturity start to come into play.

    Data source Potential data and information What to expect
    IT Current/past budget, vendor agreements, IT project records, discretionary spend, number of IT employees. The rigor of your ITFM practice and centralization of data and documents will affect how straightforward this is.
    Finance General ledger, cash and income statements, contractor payments and other accounts payable, general revenue. Secure their expertise early. Let them know what you're trying to do and what you need. They may be willing to prepare data for you in the format you need and help you decipher records.
    Purchasing List of vendors/suppliers, vendor agreements, purchase invoices. Purchasing often has more descriptive information about vendors than finance. They can also point you to tech spend in other departments that you didn't know about.
    Human Resources Organizational chart, staff salaries and benefits, number of employees overall and by department. Data about benefits costs is something you're not likely to have, and there's only one place you can reliably get it.
    Other Business Units Non-IT technology spend vendor agreements and purchase invoices, number of department employees. Other departments may be tracking spend in an entirely different way than you. Be prepared to dig and reconcile.

    There may be some data or information you can't get without a Herculean effort. Don't worry about it too much - these items are usually relatively minor and won't significantly affect the overall picture.

    Commit to finding out what you don't know

    Many IT leaders don't have visibility into other departments' technology spend. In some cases, the fact that spend is even happening may be a complete surprise.

    Near-term visibility fix ...

    • Ask your finance department for a report on all technology-related spend categories. "Software" is a broad category that finance departments tend to track. Scan the report for items that don't look familiar and confirm the originating department or approver.
    • Check in with the procurement office. See what technology-related contracts they have on record and which departments "own" them. Get copies of those contracts if possible.
    • Contact individual department heads or technology spend approvers. Devise your contact shortlist based on what you already know or learned from finance and procurement. Position your outreach as a discovery process that supports your transparency effort. Avoid coming across as though you're judging their spend or planning to take over their technologies.

    Long-term visibility fix ...

    • Develop your relationships with other business unit leaders. This will help open the lines of communication permanently.
    • Establish a cross-functional central technology office or group. The main task of this unit is to set and manage technology standards organization-wide, including standards for tracking and documenting technology costs and asset lifecycle factors.
    • Ensure IT is formally involved in all technology spend proposals and plans. This gives IT the opportunity to assess them for security compliance, IT network/system interoperability, manageability, and IT support requirements prior to purchase.
    • Ensure IT is notified of all technology financial transactions. This includes contracts, invoices, and payments for all one-time purchases, subscription fees, and maintenance costs.

    Finally, note any potential anomalies in the IT spend period you're looking at

    No two years have the exact same spend patterns. One-time spend for a big capital project, for example, can dramatically alter your overall spend landscape.

    Look for the following anomalies:

    • New or ongoing capital implementations or projects that span more than one fiscal year.
    • Completed projects that have recently transitioned, or are transitioning, from CapEx (decreasing) to OpEx (increasing).
    • A major internal reorganization or merger, acquisition, or divestiture event.
    • Crises, disasters, or other rare emergencies.
    • Changes in IT funding sources (e.g. new or expiring grants).

    These anomalies often explain why IT spend is unusually high in certain areas. There's often a good business reason.

    In many cases, doing a separate spend transparency exercise for these anomalous projects or events can isolate their costs from other spend so their true nature and impact can be better understood.

    2.1 Gather your input data and information

    Duration: Variable

    1. Develop a complete list of the spending and staffing data and information you need to complete the transparency mapping exercise. For each required item, note the following:
      1. Description of data needed (i.e. type, timeframe, and format).
      2. Ideal timeframe or deadline for receipt.
      3. Probable source(s) and contact(s).
      4. Additional facilitation/support required.
      5. Person on your transparency team responsible for obtaining it.
    2. Set up a data and information repository to store all files as soon as they're received. Ideally, you'll want all data/information files to be in an electronic format so that everything can be stored in one place. Avoid paper documents if possible.
    3. Conduct your outreach to obtain the input data and information on your list. This could include delegating it to a subordinate, sending emails, making phone calls, booking meetings, and so on.
    4. Review the data and information received to confirm that it's the right type of data, at the correct level of granularity, for the right timeframe, in a usable format, and is generally accurate.
    5. Enter documentation about your data and information sources in tab "1. Data & Information Sources" in the IT Spend & Staffing Transparency Workbook to reflect what you needed and where you got it in order to make the discovery process easier in the future.
    6. In the same tab in the IT Spend & Staffing Transparency Workbook, document any significant events that occurred that directly or indirectly impacted the selected year's spend values. These could include mergers/acquisitions/divestitures, major reorganizations or changes in leadership, significant shifts in product offerings or strategic direction, large capital projects, legal/regulatory changes, natural disasters, or changes in the economy.

    Download the IT Spend & Staffing Transparency Workbook

    2.1 Gather your input data and information

    InputOutput
    • Knowledge of potential data and information sources
    • List of data and information required to complete the IT spend and staffing transparency exercise
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    Tidy up your data before beginning any spend mapping

    Most organizations aren't immaculate in their tech spend documentation and tracking practices. This creates data rife with gaps that lives in hard-to-use formats.

    The more preparation you do to approach the "good data" intersection point in the diagram below, the easier your mapping effort will be and the more useful and insightful your final findings.

    Venn diagram of good data

    Make your data "un-unique" to reduce the number of line items and make it manageable

    There's a good chance that the IT spend data you've received is in the form of tens of thousands of unique line items. Use the checklist below to help you roll it up.

    Warning: Never overwrite your original data. Insert new columns/rows and put your alternate information in these instead.

    Step 1: Standardize vendor names

    • Start with known large vendors.
    • Select a standard name for the vendor.
    • Brainstorm possible variations on the vendor name, including abbreviations and shortforms.
    • Search for the vendor in your data and document the new standardized vendor name in the appropriate row.
    • Repeat the above for all vendors.
    • Sort the new vendor name column from A-Z. Look for instances where names remain unique or are missing entirely. Reconcile if needed and fill in missing data.

    Step 2: Consolidate vendor spend

    • Sort the new vendor name column from A-Z. Start with vendors that have the most line items.
    • Add together related spend items from a given vendor. Create a new row for the consolidated spend item and flag it as consolidated. Keep the following item types in separate rows:
      • Hardware vs. software spend for the same vendor.
      • Cloud vs. on-premises spend for the same vendor.
    • Repeat the above for all vendors.
    • Consider breaking out separate rows for overly consolidated line items that contain too many different types of IT spend.

    2.2 Clean and organize your data

    Duration: Variable

    1. Check to ensure that you have all data and information required to conduct the IT spend transparency exercise.
    2. Conduct an initial scan to assess the data's current state of hygiene and overall usability. Flag anything of concern and follow up with the data/information provider to fix or reconcile any issues.
    3. Normalize your data to make it easier to work with. This includes selecting data format standards and changing anything that doesn't conform to those standards. This includes items such as date conventions, currencies, and so on.
    4. Standardize product and vendor naming/references throughout to enable searching, sorting, and grouping. For example, Microsoft Office may be variably referred to as "Microsoft", "Office", "Office 365", and "Office365" throughout your data. Pick one descriptor for the product/vendor and replace all related references with that descriptor.
    5. Consolidate and aggregate your data. Ideally, the data you received from your sources has already been simplified; however, you may need to further organize it to reduce the number of individual line items to a more manageable number. The transparency exercise uses relatively high-level categories, so combine data sets and aggregate where feasible without losing appropriate granularity.
    6. Archive any original copies of files that have been modified or replaced with consolidated/aggregated versions for future reference if needed.

    2.2 Clean and organize your data

    InputOutput
    • Data and information files
    • A normalized set of data and information for completing the IT spend and staffing transparency exercise
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    Select IT spend "buckets" for the CXO Business View as your final preparatory step

    Every organization has both industry-agnostic and industry-specific lines of business that are the direct beneficiaries of IT spend.

    Common shared business functions:

    • Human resources.
    • Finance and accounting.
    • Sales/customer service.
    • Marketing and advertising.
    • Legal services and regulatory compliance.
    • Information technology.

    It may seem odd to see IT on the business functions list since the purpose of this exercise is to map IT spend. For business view purposes, IT spend refers to what IT spends on itself to support its own internal operations.

    Examples of industry-specific functions:

    • Manufacturing: Product research and development; production operations; supply chain management.
    • Retail banking: Core banking services; loan, mortgage and credit services; investment and wealth management services.
    • Hospitals: Patient intake and admissions; patient diagnosis; patient treatment; patient recovery and ongoing care.
    • Insurance: Actuarial analysis; policy creation; underwriting; claims processing.

    See the Appendix of this blueprint for definitions of shared business functions plus sample industry-specific business view categories.

    Define your CXO Business View categories to set yourself up well for future ITFM analyses

    The CXO Business View buckets you set up today are tools you can and should reuse in your overall approach to ITFM governance. Spend some time to get them right.

    Stay high-level

    Getting too granular invites administrative headaches and overhead. Keep things high-level and general:

    • Limit the number of direct stakeholders represented: This will reduce communication overhead and ensure you're dealing only with people who have real decision-making authority.
    • Look to your org. chart: Note the departments or business units listed across the top of the chart that have one executive or top-ranking senior manager accountable for them. These business units often translate as-is into a tidy CXO Business View category.

    Limit your number of buckets

    Tracking IT spend across more than 8-10 shared and industry-specific business categories is impractical.

    • Simplify your options: Too many buckets gets confusing and invites time-wasting doubt.
    • Reduce future rework: Business structures will change, which means recategorizing spend data. Using a forklift is a lot easier than using tweezers.
    • Stick to major business units: Create separate "Business Other" and "Industry Other" catch-all categories to track IT spend for smaller functions that fall outside of major business unit structures.

    Stay high-level with the CXO Business View

    Be clear on what's in and what's out of your categories to keep everyone on the same page

    Clear lines of demarcation between CXO Business View categories reduce confusion, doubt, and wheel-reinvention when deciding where to allocate IT spend.

    Ensure clear boundaries

    Mutual exclusivity is key when defining categories in any taxonomical structure.

    • Avoid overlaps: Each high-level business function category should have few or no core function or process overlaps with another business function category. Aim for clear vertical separation.
    • Be encompassing: When defining a category, list all the business capabilities and sub-functions included in that category. For example, if defining the finance and accounting function, remember to specify its less obvious accountabilities, like enterprise asset management if appropriate.

    Identify exclusions

    Listing what's out can be just as informative and clarifying as listing what's in.

    • Beware odd bedfellows: Minor business groups are often tucked under a bigger organizational entity even though the two use different processes and technologies. Separate them if appropriate and state this exclusion in the bigger entity's definition.
    • Draw a line: If a process crosses business function categories, state which sub-steps are out of scope.
    • Document your decisions: This helps ensure you allocate IT spend the same way every time.

    Clear lines of demarcation between CXO Business View categories

    2.3 Build your industry-specific business views

    Duration: Two hours

    1. Confirm your list of high-level shared business services (human resources, finance and accounting, etc.) as provided in Info-Tech's IT Spend & Staffing Transparency Workbook. Rename them if needed to match the nomenclature used in your organization.
    2. Set and define your additional list of high-level, industry-specific business categories that are unique to or define your industry. See the slides immediately following this exercise for tips on developing these categories, as well as the appendix of this blueprint for some examples of industry-specific categories and definitions.
    3. Create "Business Other" and "Industry Other" categories to capture minor groups and activities supported by IT that fall beyond the major shared and industry-specific business functions you've shortlisted. Briefly note the business groups/activities that fall under these categories.
    4. Edit/enter your shared and industry-specific business function categories and their definitions on tab "2. Business View Definitions" in the IT Spend & Staffing Transparency Workbook.

    Download the IT Spend & Staffing Transparency Workbook

    2.3 Build your industry-specific business views

    InputOutput
    • Knowledge about your organization's structure and business functions/units
    • A list of major shared business functions and industry-specific business functions/capabilities that are defining of your industry
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    Lock in key pieces of baseline data

    Calculating core IT spend metrics relies on a few key numbers. Settle these first based on known data before diving into detailed mapping.

    These baseline data will allow you to calculate high-level metrics like IT spend as a percent of revenue and year-over-year percent change in IT spend, as well as more granular metrics like IT staff spend per employee for a specific IT service.

    Baseline data checklist

    • IT spend analysis period (date range).
    • Currency used.
    • Organizational revenue.
    • Organizational OpEx.
    • Total current year IT spend.
    • Total current year IT CapEx and IT OpEx.
    • Total previous-year IT spend.
    • Total projected next-year IT spend.
    • Number of organizational employees.
    • Number of IT employees.

    You may have discovered some things you didn't know about during the mapping process. Revisit your baseline data when your mapping is complete and make adjustments where needed.

    2.4 Enter your baseline data

    Duration: One hour

    1. Navigate to tab "3. Baseline Data" in the IT Spend & Staffing Transparency Workbook. Using the data you've gathered, enter the following information to set your baseline data for future calculations:
      1. Your IT spend analysis date range. This can be concrete dates, a fiscal year abbreviation, etc.
      2. The currency you will be using throughout the workbook. It's important that all monetary values entered are in the same currency.
      3. Your organization's total revenue and total operating expenditure (OpEx) for the spend analysis data range you've specified. Revenue includes all sources of funding/income.
      4. Your total IT OpEx and total IT capital expenditure (CapEx). The workbook will add your OpEx and CapEx values for you to arrive at a total IT spend value.
      5. Total IT spend for the year prior to the current IT spend analysis date range, as well as anticipated total IT spend for the year following.
      6. Total IT staff spend (salaries, benefits, training, travel, and fees for employees and contractors in a staff augmentation role) for the spend analysis date range.
      7. The total number of organizational employees and total number of IT employees. These are typically full-time equivalent (FTE) values and include contractors in a staff augmentation role.
    2. Make note of any issues that have influenced the values you entered.

    Download the IT Spend & Staffing Transparency Workbook

    2.4 Enter your baseline data

    InputOutput
    • Cleaned and organized spend and staffing data and information
    • Finalized baseline data for deriving spend metrics
    MaterialsParticipants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead

    Phase 2: Gather required data

    Achievement summary

    You've now completed all preparation steps for your IT spend transparency journey. You have:

    • Gathered your IT spend and staffing data and information.
    • Cleaned and organized your data to streamline mapping.
    • Identified your baseline data points.

    "As an IT person, you're not speaking the same language at all as the accounting department. There's almost always a session of education that's required first."
    - Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group

    Phase 3

    Map Your IT Staff Spend

    This phase will walk you through the following activities:

    • Mapping your IT staff spend across the four views of the ITFM Cost Model
    • Validating your mapping

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 3: Map your IT staff spend

    Allocate your workforce costs across the four views.

    Now it's time to tackle the first part of your hands-on spend mapping effort, namely IT staff spend. In this phase you will:

    • Allocate your IT staff spend across the four views of the ITFM Cost Model.
    • Validate your mapping to ensure that it's accurate and complete.

    "We're working towards the truth. We know the answer, but it's how to get it. Take Data & BI. For some organizations, four FTEs is too many. Are these people really doing Data & BI? Look at the big picture and see if something's missing."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Staffing costs comprise a significant percent of OpEx

    Staffing is the first thing that comes to mind when it comes to spend. Intentionally bring it out of the shadows to promote constructive conversations.

    • Total staffing costs stand out from other IT spend line items. This is because they're comparatively large, often comprising 30-50% of total IT costs.
    • Standing out comes at a price. Staff costs are where business leadership looks first if they want cuts. If IT leadership doesn't bring forward ways to cut staffing costs as part of a broader cost-cutting mandate, it will be seen as ignorant of business priorities at best and outright insubordinate at worst.
    • Staffing costs as a percentage of total costs vary between IT functions. On the business side, there's a lack of understanding about what functions IT staff serve and support and the real-world costs of obtaining (and keeping) needed IT skills. For example, IT security staffing costs as a percentage of that service's total OpEx will likely be higher than service desk staff given the scarcity and higher market value of the former. Trimming 20% of IT staffing costs from the IT security function has much different implications than cutting 20% of service desk staffing costs.

    Staffing spend transparency can do a lot to change the conversation from one where the business thinks that IT management is just being self-protecting to one where they know that IT management is actually protecting the business.

    Demonstrating the legitimate reasons behind IT staff spend is critical in both rationalizing past and current spend decisions as well as informing future decisions.

    Info-Tech recommends that you map your IT staffing costs before all other IT costs

    Mapping your IT staffing spend first is a good idea because:

    • Staffing costs are usually documented more clearly, simply, and accurately than other IT costs.
    • Gathering all your IT staffing data is usually a one-stop shop (i.e. the HR department).
    • The comparative straightforwardness of mapping staff costs compared to other IT costs gives you the opportunity to:
      • Get familiar with the ITFM Cost Model views and categories.
      • Get the hang of the hands-on mapping process.
      • Determine the kinds of speed bumps and questions you'll encounter down the road when you tackle the more complicated mappings.

    "Some companies will say software developer. Others say application development specialist or engineer. What are these things? You have to have conversations ..."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Understand the CFO Expense View: "Workforce" categories defined

    For the staffing spend mapping exercise, we're defining the Workforce category here and will offer Vendor category definitions in the vendor spend mapping exercise later.

    Workforce: The total costs of employing labor in the IT organization. This includes all salary/wages, benefits, travel/training, dues and memberships, and contractor pay. Managed services expenses associated with an external service provider should be excluded from Workforce and included in Contract Services.

    Employee: A person employed by the IT organization on a permanent full-time or part-time basis. Costs include salary, benefits, training, travel and expenses, and professional dues and memberships. These relationships are managed under human resources and the bulk of spend transactions via payroll processes.

    Contractor: A person serving in a non-permanent staff augmentation role. These relationships are typically managed under procurement or finance and spend transactions handled via invoicing and accounts payable processes. Labor costs associated with an external service provider are excluded.

    CFO Expense View

    Mapping your IT staff across the CFO Expense View is relatively cut-and-dried

    The CFO Expense View is the most straightforward in terms of mapping IT staffing costs as it's made up of only two main categories: Workforce and Vendor.

    In the CFO Expense View, all IT spend on staffing is allocated to the Workforce bucket under either Employee or Contractor.

    What constitutes a Contractor can be confusing given increased use of long-term labor augmentation strategies, so being absolutely clear about this is imperative. For spend mapping purposes:

    • Any staff members under independent contract where individuals are paid directly by your organization as opposed to indirectly via a service provider (e.g. staffing firm) are considered Workforce > Contractor.
    • Any circumstances where you pay a third-party organization for labor is slotted under Vendor > Contract Services.

    CFO Expense View

    Understand the CIO Service View: Categories defined

    We've provided definitions for the major categories that require clarification.

    Applications Development: Purchase/development, testing, and deployment of application projects. Includes internally developed or packaged solutions.

    Applications Maintenance: Software maintenance fees or maintaining current application functionality along with minor enhancements.

    Hosting & Networks: Compute, storage, and network functionality for running/hosting applications and providing communications/connectivity for the organization.

    End User: Procurement, provision, management, and maintenance (break/fix) of end-user devices (desktop, laptops, tablets, peripherals, and phones) as well as purchase/support and use of productivity software on these devices. The IT service desk is included here as well.

    PPM & Projects: People, processes, and technologies dedicated to the management of IT projects and the IT project portfolio as a whole.

    Data & BI: Strategy and oversight of the technology used to support data warehousing, business intelligence, and analytics.

    IT Management: Senior IT leadership, IT finance, IT strategy and governance, enterprise architecture, process management, vendor management, talent management, and program and portfolio management oversight.

    Security: Information security strategy and oversight, practices, procedures, compliance, and risk mitigation to protect and prevent unauthorized access to organizational data and technology assets.

    CIO Service View

    Mapping your IT staff across the CIO Service View is a slightly harder exercise

    The complexity of mapping staff across this view depends on how your IT department is organized and the degree of role specialization vs. generalization.

    The CIO Service View mirrors how many IT departments are organized into teams or work groups. However, some partial percentage-based allocations are probably required, especially for smaller IT units with more generalized, cross-functional roles. For example:

    • A systems administrator's costs may need to be allocated 80% to Hosting & Networks and 20% to Security.
    • An app development team lead may spend about 40% of their time doing hands-on Development work and the other 60% on project management (i.e. PPM & Projects).

    Info-Tech has found that allocating staffing costs for Data & BI raises the most doubts as it can be very entangled with Applications and other spend. Do the best you can.

    Understand the CXO Expense View: Categories defined

    Expand shared services and industry function categories as suits your organization.

    Industry Functions: As listed and defined by you for your specific industry.

    Human Resources: IT staff and specific application functionality in support of organizational human resource management.

    Finance & Accounting: IT staff and specific application functionality in support of corporate finance and accounting.

    Shared Services Other: IT staff and specific application functionality in support of all other shared enterprise functions.

    Information Technology: IT staff and specific application functionality in support of IT performing its own internal IT operations functions.

    Industry Other: IT staff and specific application functionality in support of all other industry-specific functions.

    CXO Expense View

    Mapping your IT staff across the CXO Business View warrants the most time

    This view is probably the most difficult as many IT department roles are set up according to lines of IT service, not lines of business. Prepare to do a little math.

    The CXO Expense View also requires percentage-based splitting of role spend, but to a greater extent.

    • Start by mapping staff cost allocations for those roles that are at, or close to, 100% dedicated to a specific business function (if any).
    • For IT roles that support organization-wide or multi-department functions, knowing the percent of employees that work in each relevant business unit and parceling IT staff spend by those same percentages may be easiest. For example, a general systems administrator's costs could be allocated as 4% to HR, 2% to finance, 25% to sales, 20% to production operations, and so on based on the percentage of employees in each of the supported business units.

    Take a minute to figure out how you plan to map IT's indirect CXO Business View costs

    Direct IT costs are those that are dedicated to a specific business unit or user group, such a marketing campaign management app, specialized devices used by a specific subset of workers in the field, or a business analyst embedded full-time in a sales organization.

    VS

    Indirect IT costs are pretty much everything else that's shared broadly across the organization and can't be tied to just one stakeholder or user group, such as network infrastructure, the service desk, and office productivity apps. These costs must be fairly and evenly distributed.

    No indirect mapping method is perfect, but here's a suggestion:

    • Take the respective headcount of all business functions sharing the IT resource/service in question.
    • Calculate each business function's staff as a percentage of all organizational staff.
    • Use this same percent of staff to calculate and allocate a business function's indirect staff and indirect vendor costs.

    "There is always a conversation about indirect allocations. There's never been an organization I've heard of or worked for which has been able to allocate every technology cost directly to a business consumption or business unit."
    Monica Braun, ITFM Research Director, Info-Tech Research Group

    Example:

    • A company of 560 employees has six HR staff (about 1.1% of total staff).
    • Network admin staffing costs $143,000, so $1,573 (1.1%) would be allocated to HR.
    • Internet services cost $40,000, so $440 (1.1%) would be allocated to HR.

    Some indirect costs are shared by multiple business functions, but not all. In these cases, exclude non-participating business functions from the total number of organizational employees and re-calculate a new percent of staff for each participating business function.

    Know where you're most likely to encounter direct vs. indirect IT staffing costs

    Info-Tech has found that direct vs. indirect staffing spend is more commonly found in some areas than others. Use this insight to focus your work.

    Direct IT staffing spend

    Definition: Individuals or teams whose total time is formally dedicated to the support of one business unit/function.

    • Data & BI (direct to one non-IT unit)
    • IT Management (direct to IT)
      • Service planning & Architecture
      • Strategy & Governance
      • Financial Management
      • People & Resources

    Hybrid IT staffing spend

    Definition: Teams with a percent of time or entire FTEs formally dedicated to one business unit/function while the remainder of the time or team is generalized.

    • Applications
      • Applications Development
      • Applications Maintenance
    • IT Management
      • PPM & Projects

    Indirect IT staffing spend

    Definition: Individuals or teams whose total time is generalized to the support of multiple or all business units or functions.

    • Infrastructure
      • Hosting & Networks
      • End Users
    • Security

    Indirect staff spend only comes into play in the CXO Business View. Thoroughly map the CIO Service View first and leverage its outcomes to inform your allocations to individual business and industry functions.

    Understand the CEO Innovation View: Categories defined

    Be particularly clear on your understanding of the difference between business growth and business innovation.

    Business Innovation: IT spend/ activities focused on the development of new business capability, new products and services, and/or introduction of existing products/ services into new markets. It does not include expansion or update of existing capabilities.

    Business Growth: IT spend/activities focused on the expansion, scaling, or modernization of an existing business capability, product/service, or market. This is specifically related to growth within a current market.

    Keep the Lights On: IT spend/activities focused on keeping the organization running on a day-to-day basis. This includes all activities used to ensure the smooth operation of business functions and overall business continuity.

    CEO Innovation View

    Important Note

    Info-Tech analysts often skip mapping staff for the CEO Innovation View when delivering the IT Spend & Staffing Benchmarking Service.

    This is because, for many organizations, either most IT staff spend is allocated to Keep the Lights On or any IT staff allocation to Business Growth and Business Innovation activities is untracked, undocumented, and difficult to parse out.

    Mapping your IT staff across the CEO Innovation View is largely straightforward

    Clear divisions between CapEx and OpEx can be your friend when it comes to mapping this view. Focus your efforts on parsing growth vs. innovation.

    • The majority of IT staff costs are OpEx: And the majority of OpEx will land in the Keep the Lights On category. This is a comparatively simple mapping exercise. Know in advance that this will be the largest of the three buckets in the CEO Innovation View by a very wide margin, so don't be surprised if over 90% of IT staffing costs end up here.
    • Most of the remaining IT staff costs will be tied to capital projects and investments: This means that they will land in either Business Growth or Business Innovation, with the majority typically sitting under Business Growth. Again, don't be surprised if the Business Innovation category holds less than 3% of total IT staffing spend.

    Take your IT staff spend mapping to the next level with detailed time and headcount data

    Overlay a broader assessment of your IT staff

    Info-Tech's IT Staffing Assessment diagnostic can expand your view of what's really happening on the staffing front.

    • Learn your true distribution of IT staff across the same IT services listed in the ITFM Cost Model's CIO Service View.
    • Get other metrics such as degrees of seniority, manager span of control, and IT staff perception of their effectiveness.

    Take action

    1. Set it up: Contact your Info-Tech Account Manager and sign your team up to take the diagnostic.
    2. Assess the findings: Review the output report, specifically how your staff says they spend their time versus what your organization chart's been telling you.
    3. Apply the percentages: Use the FTE allocation percentages in the output report to guide how you distribute your staff spend across the CIO Service View.
    4. Expand your analysis: Use your staff's feedback around perceived aids and obstacles to effectiveness in order to inform and defend your recommendations and decisions on how IT funds should be spent.

    Consider these final tips for mapping your IT staffing costs before diving in

    Mapping your IT staffing costs definitely requires some work. However, knowing the common stumbling blocks and being systematic will yield the best results.

    Approach: Be efficient to be effective

    Start with what you know best: Map the CFO Expense View first to plug in information you already have. Next, map the CIO Service View since it's most aligned to your organization chart.

    Keep a list of questions: You'll need to seek clarifications. Note your questions, but don't reach out until you've done a first pass at the mapping - don't annoy people with a barrage of questions.

    Delegate: Your managers and leads have a more accurate view of exactly what their staff do. Consider delegating the CIO Service View and CXO Business View to them or turn the mapping exercise into a series of collaborative leadership team activities.

    Biggest challenge: Role/title ambiguity

    • The Business Analyst role is often vague. These staffers are often jacks-of-all-trades in IT. You probably can't rely on a generic job description to figure out exactly which services and business functions BAs are spending their time on. Plan to ask a lot of questions.
    • Other role titles may be completely inaccurate. Is the word "system" referring to apps, infrastructure, or both? Is the user experience specialist actually a programmer? Is a manager really managing anything? Know your organization's tendencies around meaningful job titling and set your workload expectations accordingly.

    Key step - validate! If you see services or functions with low or no allocation, or something just doesn't look right, investigate. Someone's doing that work - take the time to figure out who.

    3.1 Map your IT staffing costs

    Duration: Variable

    1. Navigate to tab "4. Staff Spend Mapping" in the IT Spend & Staffing Transparency Workbook. On one row, enter the name of an individual or group to be mapped, their role/title (if an individual), and their total known cost as per your collected data.
    2. Under the CFO Expense View (columns F-G), enter the number of FTEs represented by the individual or group named and their status (i.e. Employee or Contractor).
    3. Under the CIO Service View (columns L-AF), allocate the individual or group's spend as a percentage across all service categories. If the allocation for a service is 0%, leave the cell blank.
    4. Under the CXO Business View (columns AI-BA), allocate the individual or group's spend as a percentage across all business function and industry-specific function categories. If the allocation for a function is 0%, leave the cell blank.
    5. Under the CEO Innovation View (columns BD-BH), allocate the individual or group's spend as a percentage across Business Innovation, Business Growth, and Keep the Lights On. If the allocation for an investment type is 0%, leave the cell blank.
    6. Repeat steps 2 to 5 for all other IT staff (as individuals or groups).
    7. Follow up on and resolve any additional inquiries you need to make based on questions that arose during the mapping process.
    8. Validate your mapping by:
      1. Identifying spend categories that have zero staff spend allocation. Additional percentage allocation splits for certain roles are probably required.
      2. Investigating spend categories that seem to have very high or very low spend allocations based on a gut check. Again, double-check your percentage allocation splits.
      3. Ensuring your amounts add up to your previously calculated total IT staff spend. A balance tracker is provided on tab "6. Tracker & General Outputs" of the IT Spend & Staffing Transparency Workbook.

    Download the IT Spend & Staffing Transparency Workbook

    3.1 Map your staffing costs

    Input Output
    • Cleaned and organized IT staffing data and information
    • Finalized mapping of IT staff spend across the four views of the ITFM Cost Model
    Materials Participants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead
    • Other IT management as required

    Phase 3: Map your IT staff spend

    Achievement summary

    You've now completed your IT staff spend mapping. You have:

    • Allocated your IT staff spend across the four views of the ITFM Cost Model.
    • Validated your mapping to ensure it's accurate and complete.

    "Some want to allocate everybody to IT, but that's not how we do it. [In one CXO Business View mapping], a client allocated all their sand network people to the IT department. At the end of the process, the IT department itself accounted for 20% of total IT spend. We went back and reallocated those indirect staff costs across the business."
    - Kennedy Confurius, Research Analyst, ITFM Practice, Info-Tech Research Group

    Phase 4

    Map Your IT Vendor Spend

    This phase will walk you through the following activities:

    • Mapping your IT vendor spend across the four views of the ITFM Cost Model
    • Validating your mapping

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 4: Map your IT vendor spend

    Allocate your vendor costs across the four views.

    Now you're ready to take on the second part of your spend mapping, namely IT vendor spend. In this phase you will:

    • Allocate your IT vendor spend across the four views of the ITFM Cost Model.
    • Validate your mapping to ensure it's accurate and complete.

    "[One CIO] said that all technology spend runs through their IT group. But they didn't have hardware in their financial data file - no cellphones or laptops, no network or server expenses. They thought they had everything, but they didn't know what they didn't have. Assume it's out there somewhere."
    - Kennedy Confurius, Research Analyst, ITFM Practice, Info-Tech Research Group

    Tackle the non-staff side of IT spend

    Info-Tech analysts find that mapping the IT vendor spend data is harder because the source data is often scattered and not meaningfully labeled.

    • Be patient and systematic. As with mapping your IT staff spend data, the more organized you are from the outset and the more thoroughly you've prepared your data, the more straightforward the exercise will be.
      • Did you "un-unique" your data? If not, do that now before attempting mapping.
    • Get comfortable with making some assumptions. You need to get through the exercise, so sometimes making a best guess and entering a value is better than diving down a rabbit hole. Your gut is probably right anyway. But only make assumptions around smaller line items that don't have a massive impact on your final numbers. Never assume anything when it comes to big-ticket items.
    • Curb your urge to fix. Some of your buckets will start to get big, while others will barely budge. This is normal ... and interesting! Resist the urge to "balance" staffing spend in a bucket by loading it with apps and hardware for fear that the staffing spend looks too high and will be questioned. This exercise is about how things are, not how they look.

    "A common financial data problem is no vendor names. I've noticed that, even if the vendor name is there, there are no descriptors. You cannot actually tell what type of service it is. Data security? Infrastructure? Networking? Ask yourself 'What did we purchase and what does it do?'"
    - Aman Kumari, Research Specialist, ITFM Practice, Info-Tech Research Group

    Understand the CFO Expense View: Vendor categories defined

    These are the final definitions for this view. See the previous section for CFO Expense View > Workforce definitions used in the IT staffing cost mapping exercise.

    Vendor: Provider of a good or service in exchange for payment.

    Hardware: Costs of procuring, maintaining, and managing all IT hardware, including end-user devices, data center and networking equipment, cabling, and hybrid appliances for both on-premises and cloud-based providers.

    Software: Costs for all software (applications, database, middleware, utilities, tools) used across the organization. This includes purchase, maintenance, and licensing costs.

    Contract Services: Costs for all third-party services including managed service providers, consultants, and advisory services.

    Cloud: Offsite hosting and delivery of an on-demand software or hardware computing function by a third-party provider, often on a subscription-type basis.

    On-Prem: On-site hosting and delivery of a software or hardware computing function, often requiring upfront purchase cost and subsequent maintenance costs.

    Managed Services: Costs for outsourcing the provision and maintenance of a technical process or function.

    Consulting & Advisory: Costs for the third-party provision of professional or technical advice and expertise.

    CFO Expense View

    Know if a technology is cloud-based or on-premises before mapping

    A technology may be one, the other, or both if multiple versions are in play. Financial records rarely indicate which, but on-premises vs. cloud matters in your planning.

    On-Premises

    • Check your CapEx. Any net-new purchases of software or hardware for the IT spend analysis year in question should appear on the CapEx side of the equation. After the first year of implementation/rollout, all ongoing maintenance and management costs should be found under OpEx.
    • Focus on real in-year costs.
      • Don't try to map depreciation or amortization associated with CapEX. Instead, map any upfront purchase costs that occurred in the relevant IT spend analysis year.
      • Map any OpEX costs incurred from maintenance and management. For multi-year maintenance contracts, apply the percentage of fees paid for the relevant year.

    Cloud

    • Check your OpEx. Cloud services are typically fee-based, which means the costs often come in the form of regularly timed bills akin to a subscription.
    • Differentiate new services from older ones. If the cloud service was initiated during the IT spend analysis year in question, there may be some one-time service setup and initiation fees that were legitimately slotted under CapEx. If the cloud service isn't new, then all costs should be OpEx.

    Vendors are increasingly "retiring" on-premises software products. This means an older version may be on-prem, a newer one cloud, and you may have both in play.

    Mapping built-in data, analytics, and security functions can raise doubts

    With so many apps focused on capturing, manipulating, and protecting data, built-in analytics, reporting, and security functions blur CIO Service View bucket boundaries.

    Applications vs. Data & BI

    • In recent years, much more powerful analysis and report-generation features have been added to core enterprise applications. If analytics and reporting functionality is an extended feature of a database-driven application, such as ERP or CRM, then map it to one of the Applications buckets.
    • If the sole purpose of the application is to store, manipulate, query, analyze, and/or visualize data, then log its costs under Data & BI. These would include technologies such as data warehouses, marts, cubes, and lakes; desktop data visualization tools; enterprise business intelligence platforms; and specialized reporting tools.

    Applications vs. Security

    • A similar conundrum exists for Security. So many tools today have built-in security functionality that cannot be unintegrated from the app they support. Don't even try to isolate native security functionality for spend mapping purposes - map it to Applications.
    • If the tool is a special-purpose, standalone security tool or security platform, then map it to Security. These tools usually sit within, and are used/managed by, IT. They include firewalls; antivirus/anti-malware; intrusion prevention, detection and response; access control and authentication; encryption; and penetration testing and vulnerability assessment.

    Putting spend in the right bucket does matter. However, if uncertainty persists, err on the side of consistency. For most organizations Applications Maintenance does end up being the biggest bucket.

    When mapping the CXO Business View, do the biggest vendors first

    Below is a suggested order of operations to clear through the majority of vendor spend as early as possible in the process.

    1 Sort high to low Sort your list of vendor spend from highest to lowest. Your top 20 vendors should constitute most of the spend.
    2 Map multi-department enterprise apps Flag your top apps vendors that have presence in most or all of your business units. Map these first. These tend to be enterprise-level business apps "owned" by core business functions but used broadly across the organization such as enterprise resource planning (ERP), customer relationship management (CRM), and people management systems.
    3 Map end-user spend Identify top vendors of general end-user technologies like office productivity apps, desktop hardware, and IT service desk tools. Allocate percentages according to your selected indirect spend mapping method.
    4 Map core infrastructure spend Map the behind-the-scenes network, telecom, and data center technologies that underpin IT, plus any infrastructure managed services. Again, apply your selected indirect spend mapping method.
    5 Map business-unit specific technologies This is the spend that's often incurred by just one department. This may also be technology spend that's out in the business, not in IT proper. Map it to the right business function or put it in Business Other or Industry Other if the business function doesn't have its own bucket.
    6 Map the miscellaneous Only smaller spend items likely remain at this point. When in doubt, map them to either Business Other or Industry Other.

    After mapping the CXO Business View, your Other buckets might be getting a bit big

    It's common for the Business Other and Industry Other categories to be quite large, and even the largest. This is okay, but plan to dig deeper and understand why.

    Remember "when in doubt, map to either the Business Other or Industry Other category"? Know what large Other buckets might really be telling you. After your first pass at mapping the CXO Business View, review Business Other and Industry Other if either is more than about 10% of your total spend.
    Diversification: Your organization has a wide array of business functions and/or associated staff that exist outside the core business and industry-specific categories selected. Are there minor business functions that can reasonably be included with the core categories identified? If not, don't force it. Better to keep your core buckets clean and uncomplicated.
    Non-core monolith: There's a significant technology installation outside the core that's associated with a comparatively minor business function. Is there a business function incurring substantial technology spend that should probably be broken out on its own and added to the core? If so, do it. Spend is unlikely to get smaller as the organization grows, so best to shine a light on it now.
    Shadow IT: There's significant technology spend in several areas of the organization that is unowned, unmanaged, or serving an unknown purpose as far as IT is concerned. Is a lot of the spend non-IT technology in the business? If yes, flag it and plan to learn more. It's likely that technologies living elsewhere in the organization will become IT concerns eventually. Better to be ready than to be surprised.

    As with staffing, CapEx vs. OpEx helps map the CEO Innovation View

    Mapping to this view was optional for IT staffing. For hard technology vendor spend, mapping this view is key. Use the guidance below to determine what goes where.

    Keep the Lights On
    Spend usually triggered by a service deck ticket or work order, not a formal project. Includes:

    • Daily maintenance and management.
    • Repair or upgrade of existing technology to preserve business function/continuity.
    • Purchase of "commodity" technology, such as standard-issue laptops and licenses for office productivity software.

    Business Growth
    Spend usually in the context of a formal project under a CapEx umbrella. Includes:

    • Technology spend that directly supports business expansion of an existing product or service and/or market.
    • Modernizing existing technology.
    • Extension of, or investment in, existing infrastructure to ensure reliability and availability in response to growth-driven scaling of headcount and utilization.

    Business Innovation
    Spend is always in the context of a formal project and should be 100% CapEx in the first year after purchase. Includes:

    • Technology spend that directly supports development and rollout of new products or service and/or entry into new markets.
    • Use of existing technology or investment in net-new technology in direct support of a new business initiative, direction, or requirement.

    In many organizations, most technology spend will be allocated to Keep the Lights On. This is normal but should generate conversations with the business about redirecting funds to growth and innovation.

    Remember these top tips when mapping your technology vendor spend

    The benefits of having tidy and organized data can't be overstated, as your source data will be in a more varied state for this phase of the mapping than with IT staffing data.

    Approach: Move from macro to micro

    • Start with the big enterprise apps: These will probably be in the top five of your vendor spend list and will likely have good info about how and by whom they're used. Get them out of the way.
    • Clear out shared technologies. This will feature infrastructure and operations plus office productivity and communications spend. Portioning spend by department headcount for the CXO Business View is the hardest part. Get this forklift task out of the way too.
    • Don't sweat the small stuff. Wasting hours chasing the details of a $500 line item isn't worth it when you have five-, six-, or even seven-figure line items to map.

    Biggest challenge: Poor vendor labeling

    • Vendor labels are often an inconsistent mess or missing entirely. Standardize and apply consistent vendor labels throughout your data so that you can aggregate your data into a workable form.
    • Spend transactions with the same vendor can be scattered all over the place in your general ledger. Take the time to "un-unique" your data to save yourself tremendous grief later on.
    • Start new go-forward labeling habits. Talk to finance about your new list of vendor naming standards and tagging spend as on-prem or cloud. Getting their cooperation with these are major wins.

    Key step - validate! If you see services or functions with low or no allocation, or something just doesn't look right, investigate. There's probably a technology out there in the business doing that work.

    4.1 Map your IT vendor spend

    Duration: Variable

    1. Navigate to tab "5. Vendor Spend Mapping" in the IT Spend & Staffing Transparency Workbook. On one row, enter a spend line item (vendor, product, etc.), a brief description, and the known amount of spend.
    2. Under the CFO Expense View (columns F-P), allocate the line item's spend as a percentage across all asset-class categories. If the allocation for a line item is 0%, leave the cell blank.
    3. Under the CIO Service View (columns S-AM), allocate the line item's spend as a percentage across all service categories. If the allocation for a service is 0%, leave the cell blank.
    4. Under the CXO Business View (columns AP-BH), allocate the line item's spend as a percentage across all business function and industry-specific function categories. If the allocation for a function is 0%, leave the cell blank.
    5. Under the CEO Innovation View (columns BK-BO), allocate the line item's spend as a percentage across Business Innovation, Business Growth, and Keep the Lights On. If the allocation for an investment type is 0%, leave the cell blank.
    6. Repeat steps 2-5 for all spend line items.
    7. Follow up on and resolve any additional inquiries you need to make based on questions that arose during the mapping process.
    8. Validate your mapping by:
      1. Ensuring your amounts add up to your previously calculated total IT vendor spend. A balance tracker is provided on tab "6. Tracker & General Outputs" of the IT Spend & Staffing Transparency Workbook.
      2. Identifying spend categories that have zero spend allocation. Additional percentage allocation splits for certain line items are probably required.
      3. Investigating spend categories that seem to have very high or very low spend allocations based on a gut check. Again, double-check your percentage allocation splits.

    Download the IT Spend & Staffing Transparency Workbook

    4.1 Map your IT vendor spend

    InputOutput
    • Cleaned and organized IT vendor spend data and information
    • Finalized mapping of IT vendor spend across the four views of the IT Cost Model
    MaterialsParticipants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead
    • Other IT management as required

    Phase 4: Map your IT vendor spend

    Achievement summary

    You've now completed your IT vendor spend mapping. You have:

    • Allocated your IT vendor spend across the four views of the ITFM Cost Model.
    • Validated your mapping to ensure it's accurate and complete.

    "A lot of organizations log their spending by vendor name with no description of the goods or services they actually purchased from the vendor. It could be hardware, software, consulting services ... anything. Having a clear understanding of what's really in there is an essential aspect of the spend conversation."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Phase 5

    Identify Implications for IT

    This phase will walk you through the following activities:

    • Analyzing the results of your IT staff and vendor spend mapping across the four views of the ITFM Cost Model
    • Preparing an executive presentation of your transparent IT spend

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 5: Identify implications for IT

    Analyze and communicate.

    You're now nearing the end of the first leg in your IT spend transparency journey. In this phase you will:

    • Analyze the results of your IT spend mapping process.
    • Revisit your transparency objectives.
    • Prepare an executive presentation so you can share findings with other leaders in your organization.

    "Don't plug in numbers just to make yourself look good or please someone else. The only way to improve is to look at real life."
    - Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

    You've mapped your IT spend data. Now what?

    With mapped data in hand, now you can start to tell IT's spend story with stakeholders in the business.

    Mapping your IT spend is a lot of work, but what you've achieved is impressive (applause!) as well as essential for growing your ITFM maturity. Now put your hard work to work.

    • Consider benchmarking. While not covered in-depth here, benchmarking against yourself in a year-over-year approach as well as against external industry peers are very useful exercises in your technology spend analysis.
    • Review your numbers and graphs. Your IT Spend & Staffing Transparency Workbook contains a series of data visualizations that will help you see the big picture as well as relationships between spend categories.
    • Note the very big numbers, the very small numbers, and the things that just look odd. You'll want to investigate and understand these further.
    • Prepare to communicate. Facilitating conversations with stakeholders in the business is the immediate objective of the IT spend and staffing transparency exercise. Decide where and with whom you want to start dialogue.

    The slides that follow show sample data summaries and visualizations generated in the IT Spend & Staffing Transparency Workbook. We'll take a look at the metrics, tables, and graphs you now have available to you post-mapping and how you can potentially use them in conversations with different IT stakeholders.

    Evaluate how you might use benchmarks before diving into your analysis

    Benchmarking can be a useful input for contextualizing and interpreting your IT spend data. It's not essential at this point but should be part of your ITFM toolkit.

    There are two basic types of benchmarking ...

    Internal: Capturing a current-state set of data about an in-house operation to serve as a baseline. Over time, snapshots of the same data are taken and compared to the baseline to track and assess changes. Common uses for internal benchmarking include:

    • Assessing the impact of a project or initiative.
    • Measuring year-over-year performance.

    External: Seeking out aggregated, current-state data about a peer-group operation to assess your own relative status or performance on the same operation. Common uses for external benchmarking include:

    • Understanding common practices in the industry.
    • Strategic and operational visioning, planning, and goal-setting.
    • Putting together a business case for change or investment.

    Both types of benchmarking benefit from some formality and rigor. Info-Tech can help you stand up an ITFM benchmarking approach as well as connect you with actual IT spend peer benchmarks via our IT Spend & Staffing Benchmarking service.

    5.1 Analyze the results of your IT spend mapping

    Duration: Variable

    1. Review the guidance slides that follow the two instruction slides for this exercise to provide yourself with a grounding on how to interpret and analyze your mapped IT staff and vendor spend data.
    2. Systematically review the data tables and graphs on the "Outputs" tabs 6 through 10 in the IT Spend & Staffing Transparency Workbook. There are several approaches you can take - use the one that works best for you. For example:
      1. Review each view in its entirety, one at a time.
      2. Review all workforce spend collectively across all four views, followed by all vendor spend across all four views (or vice versa).
    3. Make note of any spend values that are comparatively high or low or strike you as odd or worth further investigation.
    4. Craft a series of spend-related questions you want to answer for yourself and your stakeholders using the data.
      1. For example, you need to cut costs and apps maintenance is high. Your question could be, "Can we cut costs on applications maintenance staffing?"
      2. Alternatively, you can develop a series of statements (research hypotheses) that you seek to prove true or false with the data. This approach is useful for testing assumptions you've been making. For example, "We can cut spending on applications maintenance staff. True or false?"
    5. Use the template provided on tab "11. Data Analysis" in the IT Spend & Staffing Transparency Workbook to document your findings and conclusions, along with the data that supports them.

    Download the IT Spend & Staffing Transparency Workbook

    5.1 Analyze the results of your IT spend mapping

    InputOutput
    • Tabular and graphical data outputs
    • Conclusions and potential actions about IT staff and vendor spend
    MaterialsParticipants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead
    • Other IT management as required

    High-level findings: Use these IT spend metrics to review and set big picture goals

    Think of these metrics as key anchors in your long-term strategic planning efforts.

    Use IT spend metrics to review and set big goals

    It's common for the business to want a sacrifice in IT OpEx in favor of CapEx

    CapEx and OpEx approval mechanisms are often entirely separate. Different tax treatment for CapEx means that it's usually preferred by the business over OpEx.

    OpEx is often seen as a sunk cost (i.e. an IT problem).

    • Barring a major decision or event, OpEx on an individual item will generally trend upward over time, often by a few percent every year, in lockstep with inflation and growth in organizational headcount.
    • A good portion of OpEx, however, is necessary for basic business continuity.

    CapEx is usually seen as investment (i.e. a business growth opportunity).

    • CapEx behaves quite differently than OpEx. On-the-books capitalized spend on an individual asset tends to trend downward over time due to depreciation or amortization.
    • CapEx only tends to go up when a net-new capital project is initiated, and organizations often have more control over if, when, and how this spend happens.

    Break down the OpEx/CapEx wall. Reference OpEx whenever you talk about CapEx. The best way to do this is via Total Cost of Ownership (TCO).

    • Present data on long-term OpEx projections whenever a new capital project is proposed and ensure ongoing maintenance funds are secured.
    • Educate your CFO about the impact of the cloud on OpEx. See if internal OpEx/CapEx ratio expectations can be adjusted to reflect this reality.

    Spend by asset class offers the CFO a visual illustration of where the money's really gone

    The major spend categories should look very familiar to your CFO. It's the minor sub-categories that sit underneath where you ultimately want to drive the conversation.

    Traditional categories don't reflect IT reality anymore.

    • Most finance departments have "software" accounts that contain apples and oranges, plus other dissimilar fruit.
    • Software isn't just software anymore. Now it's on-premises (CapEx) or cloud (OpEx). The same distinction applies to traditional hardware due to the advent of managed services.
    • The basic categories traditionally used to tag IT spend are out of date. This makes it hard for IT to have meaningful conversations with the CFO since they're not working from the same glossary.

    "Software (on-premises)" and "hardware (cloud)" are more meaningful descriptors than "software" and "hardware." Shift the dialogue.

    Start the migration from major categories to minor categories.

    • Still give the CFO the traditional major categories they're looking for but start including minor category breakdowns into your communications. Most importantly, have a meeting to explain what these minor categories are and why they're important to managing IT effectively.
    • Next, see if the CFO can formally split on-premises vs. cloud software on the books as a first step in making IT spend tracking more meaningful.

    Employees vs. contractors warrants a specific conversation, plus a change in mindset

    IT leaders often find it easier to get approval for contracted labor than to hire a permanent employee. However, the true value proposition for contractors does vary.

    The decision to go with permanent employees or contractors depends on your ultimate goals.

    • Contractors tend to be less expensive and provide more flexibility when adjusting to changing business needs. However, contractors may be less dedicated and take their skills and knowledge with them when they leave.
    • Permanent employees bring additional costs like benefits and training. Plus, letting them go is a lot more complicated. However, they can also bring real value in a way a contractor can't when it comes to sustaining long-term strategic growth. They're assets in themselves.

    Far too often, labor-sourcing decisions are driven by controlling near-term costs instead of generating and sustaining long-term value.

    Introduce the cost-to-value ratio to your workforce spend conversations.

    • Your mapped data will allow you to talk about comparative headcount and spend. This is a financial conversation devoid of context.
    • Go beyond. Show how workforce spend has allowed stated goals to be achieved while controlling for costs. This is the true definition of value.

    CFO Expense View: Shift the ITFM conversation

    Now that you've mapped your IT spend data to the CFO Expense View, there are some questions you're better equipped to answer, namely:

    • How should I classify my IT costs?
    • What information should I include in my plans and reports?
    • How do I justify current spend?
    • How do I justify a budget increase?

    You now have:

    • A starting point for educating the CFO about IT spend realities.
    • A foundation for creating a shared glossary of terms that works for both IT and the finance department and facilitates more meaningful conversations.
    • Proof that there are major areas of IT spend, such as cloud software, that are distinctive and probably warrant their own financial category in the general ledger.
    • A transparent record of IT spend that shows that you understand and care about financial issues, fostering the goodwill and trust that facilitates investment in IT.
    • A starting point to change the ITFM conversation with the CFO from one focused on cost to one focused on value.

    Exactly how is IT spending all that money we give them?

    Exactly like this ...

    Chart of the CFO Expense View

    The CIO Service View aligns with how IT organizes and manages itself – this is your view

    The data mapped here is a critical input for IT's service planning and management program and should be integrated into your IT performance measurement activities.

    Major service categories: These values give a high-level snapshot of your general IT service spend priorities. In most organizations, Applications dominates, making it a focus for cost optimization.

    Minor service categories: The level of granularity for these values prove more practical when measuring performance and making service management decisions - not too big, not too small. While not reflected in this example, application maintenance is usually the largest relative consumer of IT spend in most organizations.

    Data & BI and security: Isolating the exact spend for these services is challenging given that they're often entangled in applications and infrastructure spend respectively, and separate spend tracking for both is a comparatively recent practice.

    Table of CIO Service View

    Check the alignment of individual service spend against known business objectives

    Some IT services are taken for granted by the business, while others are virtually invisible. This lack of visibility often translates into funding misalignments.

    Is the amount of spend on a given service in parallel with the service's overall importance?

    • Though often unstated, ensuring continuity of basic business operations is always the top priority. This means business apps, core infrastructure, end users, and security need to be appropriately funded - these should collectively comprise the majority of IT service spend.
    • Strategy-supporting IT services, like data & BI, see high investment variability between organizations. If its strategic role/importance doesn't align with spend, flag it as an issue you'll need to reconcile with the business by increasing funding (important) or reducing service levels (unimportant).
    • The strategic importance of IT as a whole is often reflected in the spend on IT management services. If spend is low, IT's probably seen as a support function, not a strategic one.

    Identify the hot spots and pick your battles.

    • Spend levels are just approximate gauges of where and how the business is willing to spend its money. Start with this simple gut check.
    • Noting the areas of importance vs. spend misalignment will help you identify where negotiations with the business should probably happen.

    A mature IT cost optimization practice is often approached from the service perspective

    When optimizing IT costs, you have two OpEx levers to pull - vendor spend and staff spend. Isolating these two sources of IT service spend will help shortlist your options.

    It's all about how much room you have to move.

    • Any decision made about how a service is provisioned will push vendor and staff spend in clear, predictable, and often opposite directions (e.g. in-house and people-intensive services tend to see higher staff spend, while outsourced and tech-intensive services higher vendor spend).
    • Service levels required by the business should be the driving factor behind service design and spend decisions. High service spend may reflect priority but may also indicate it's over-built and is ripe for a cost-optimization treatment.
    • Service spend is a useful barometer for tracking the financial impact of any changes made to IT. Add simple unit-cost metrics like "service spend per organizational employee" and "service spend per FTE assigned to the service" to see if and how the dial has moved over time.

    Grow your IT service management practice.

    • The real power of the CIO Service View is laying the groundwork for next-level IT service management initiatives like developing a service catalog, negotiating service-level agreements, rolling out chargeback and showback mechanisms, and calculating IT's value to the business.
    • Use service spend as a common denominator for both your IT service management and IT performance management programs. Better yet, integrate the two programs to ensure a single version of the truth.

    CIO Service View: Optimize your cost-to-value ratio

    Now that you've mapped your IT spend data to the CIO Service View, there are some questions you're better equipped to answer, namely:

    • What's the impact of cloud adoption on speed of delivery?
    • Where can I improve spend efficiency?
    • Is my support model optimized?
    • How does our spend compare to others?

    You now have:

    • Data that shows the financial impact of change decisions on service costs.
    • Insight into the relationship between vendor spend and staff spend within a given IT service.
    • The information you need to start developing service unit costing mechanisms.
    • A tool for setting and right-sizing service-level agreements with the business.
    • A more focused starting point for investigating IT cost-optimization opportunities.
    • A baseline for benchmarking common IT services against your peers.

    Does the amount we spend on each IT service make sense?

    We have some good opportunities for optimization ...

    Chart of CIO Service View

    The CXO Business View will spur conversations that may have never happened before

    This view is a potential game changer as previously unknown technology spend is often revealed, triggering change in IT's relationship with business unit leaders.

    Table of CXO Business View

    The big beneficiaries of IT spend will leap out

    The CXO Business View mapping does have a "shock and awe" quality to it given large spend disparities. They may be totally legitimate, but they're still eye-catching.

    Share information, don't push recommendations.

    • Have a series of one-on-one meetings with business unit leaders to present these numbers.
      • Approach initial meetings as information-sharing sessions only. The data is probably new to them, and they'll need time to reflect and ask questions.
      • Bring a list of the big-ticket spend items for that business unit to focus the conversation.
    • Present these numbers at a broader leadership meeting.
      • It's critical for everyone to hear the same truth and learn about each other's technology needs and uses.
      • This is where recommendations for better aligning IT spend with business goals and cost-optimization strategies should surface. A group approach will bring technology haves and have-nots into the open, as well as provide a forum for collaborative solutioning.

    If possible, slice the numbers by business unit headcount.

    • IT spend per business unit employee is an attention-getting metric that can help gain entry to important conversations.
    • Comparing per-employee spend across different business functions is not necessarily an apples-to-apples comparison, as units like HR may have few employees but serve the entire organization. Bring up these kinds of differences to provide context and avoid misinterpretations.

    Questions will arise in how you calculated and allocated indirect IT spend

    IT spend for things like core infrastructure and end-user services must be distributed fairly across multiple or all business units. Be prepared to explain your methods.

    Be transparent in your transparency.

    • Distributing indirect spend is imprecise by nature. You can't account for every unique circumstance. However, you can devise a logic-driven, general approach that's defensible, fair, and works for most people most of the time.
    • Lay out your assumptions from the start. This is an important part of communicating transparently and can prevent unwanted descent into weedy rabbit holes.
      • List what you classified as indirect spend. Use the CFO Expense View and/or CIO Service View categories to aid your presentation of this information.
      • Point out known circumstances that didn't fit your general allocation method and how you handled them. Opting to ignore minor anomalies is reasonable but be sure to tell business unit leaders you did this and why.

    Use questions about indirect IT staff spend distribution to engage stakeholders.

    • As a percentage, the indirect IT staff spend allocation to a specific business unit may be higher than that for IT vendor spend since IT staff tend to operate more generally than the technologies they support.
    • Leverage any pushback about indirect spend as an opportunity to engage the broader business leadership group. Let them arrive at a consensus of how they want it done and confirm buy-in.

    CXO Business View: Bring the truth to light

    Now that you've mapped your IT spend data to the CXO Business View, there are some questions you're better equipped to answer, namely:

    • Which business units consume the most IT resources?
    • Which business units are underserved by IT?
    • How do I best communicate spend data internally?
    • Where do I need better business sponsorship for IT projects?

    You now have:

    • A reason-based accounting of direct and indirect amounts spent on IT vendors and staff in support of each major business unit.
    • Insight into the technology haves and have-nots in your organization and where opportunities to optimize costs may exist.
    • Attention-getting numbers that will help you engage business-unit leaders in meaningful conversations about their use of IT resources and the value they receive.
    • A mechanism to assess if a business unit's consumption of IT is appropriate and aligned with its purpose and mandate in the organization.
    • A list of previously unknown business-side technologies that IT will investigate further.

    Why doesn't my business unit get more support from IT?

    Let's look at how you compare to the other departments ...

    Chart of the CXO Business View

    From the CEO's high-level perspective, IT spend is a collection of distinct financial islands

    From IT's perspective, these islands are intimately connected, with events on one affecting what happens (or doesn't) on another. Focus on the bridges.

    Table of CEO High-level Perspective

    Focus more on unifying the view of technology spend than on the numbers

    When talking to the CEO, seek to build mutual understanding and encourage a holistic approach to the organization's technology spend.

    Use the numbers to get to the real issues.

    • Clarify with the CEO what business innovation, business growth, and KTLO means to them and the role each plays in the organization's strategic and operational plans.
    • Find out the role they think IT, and technology as a whole, has in realizing business plans. Only then can you look at the relative allocation of IT spend with them to see if the aspiration aligns with reality.
    • Eventually, you'll need to discuss expectations around who pays the bills for operationally supporting capital technology investments over the long-term (i.e. IT or the business units that actually want and use it). You'll have concrete examples of business projects that consumed IT operations resources without a corresponding increase in IT's OpEx budget.

    Focus your KTLO spend conversation on risk and trade-off.

    • Every strategic conversation needs to look at the impact on ongoing operations. Every discussion about CapEx needs to investigate the long-term repercussions for OpEx. Look at the whole tech spend picture.
    • Use risk to get KTLO/OpEx into the conversation. Be straightforward (i.e. "If we do/don't do this, then we can/can't do that"). Simply put, mitigating the risks that get in the way of having it all usually requires spending.

    CEO Innovation View: Learn what's really expected of IT

    Now that you've mapped your IT spend data to the CEO Innovation View, there are some questions you're better equipped to answer, namely:

    • Why is KTLO spend so high?
    • What should our operational spend priorities be?
    • Which projects and investments should we prioritize?
    • Are we spending enough on innovative initiatives?

    You now have:

    • A holistic, organization-wide view of total technology spend in support of different investment types, namely business innovation, business growth, and keeping things up and running.
    • Data-driven examples that prove the impact of near-term capital spend on long-term operational expenses and the intimate relationship between the two types of spend.
    • A way to measure the degree of alignment between the innovation and growth goals the organization has and how money is actually being spent to realize those goals.
    • A platform to discuss how technology investment decision-making and governance can work better to realize organizational mandates and goals.

    I know what IT costs us, but what is it really worth?

    Here's how tech spend directly supports business objectives ...

    Chart of CEO Innovation View

    Revisit your IT spend transparency objectives before crafting your executive presentation

    Go back to exercise 1.1 to remind yourself why you undertook this effort in the first place, clear your head of all that data, and refocus on the big picture.

    Review the real problems and issues you need to address and the key stakeholders.
    This will guide what data you focus on or showcase with other business leaders. For example, if IT OpEx is perceived as high, be prepared to examine the CapEx/OpEx ratio as well as cloud-related spend's impact on OpEx.

    Flag ITFM processes you'll develop as part of your ITFM maturity improvement plan.
    You won't become a TCO math expert overnight, but being able to communicate your awareness of and commitment to developing and applying ITFM capabilities helps build confidence in you and the information you're presenting.

    Use your first big presentation to debut ITFM.
    ITFM as a formal practice and the changes you hope to make may be a novel concept for your business peers. Use your newfound IT spend and staffing transparency to gently wade into the topic instead of going for the deep dive.

    Now it's time to present your transparent IT spend and staffing data to your executive

    Pull out of analysis mode. You're starting to tell the IT spend story, and this is just the first chapter. Introduce your cast of characters and pique your audience's interest.

    The goal of this first presentation is to showcase IT spend in general and make sure that everyone's getting the same information as everyone else.

    Go broad, not deep
    Defer any in-depth examinations until after you're sure you have everyone's attention. Only dive deep when you're ready to talk about specific plans via follow-up sessions.

    Focus on the CXO
    Given your audience, the CXO Business View may be the most interesting for them and will trigger the most questions and discussion. Plan to spend the largest chunk of your time here.

    Avoid judgment
    Let the numbers speak for themselves. Do point out what's high and what's low, but don't offer your opinion about whether it's good or bad. Let your audience draw their own conclusions.

    Ask for impressions
    Education and awareness are primary objectives. What comes up will give a good indication of what's known, what's news, who's interested, and where there's work to do.

    Pick a starting point
    Ask what they see as high-priority areas for both optimizing IT costs as well as improving the organization's approach to making IT spend decisions in general.

    What to include in your presentation ...

    • Purpose: Why you did the IT spend and staffing transparency exercise.
    • Method: The models and processes you used to map the data.
    • Data: Charts from the IT Spend & Staffing Transparency Workbook.
    • Feedback: Space for your audience to voice their thoughts.
    • Next steps: Discussion and summary of actions to come.

    5.2 Develop an executive presentation

    Duration: Two hours

    1. Download the IT Staff & Spend Executive Presentation Template.
    2. Copy and paste the IT spend output tables and graphs into the template. (Note: Pasting as an image will preserve formatting.)
    3. Incorporate observations and insights about your analysis of your IT spend metrics.
    4. Conduct an internal review of the final presentation to ensure it includes all the elements you need and is error free.
    5. Book time to make your presentation to the executive team. Plan time after the presentation to field questions, engage in follow-up information sessions, and act on feedback.

    Note: Refer to your organization's standards and norms for executive-level presentations and either adapt the Info-Tech template accordingly or use your own.

    Input Output
    • Tabular and graphical data outputs in the IT Spend & Staffing Transparency Workbook
    • Executive presentation summarizing your organization's actual IT spend
    Materials Participants
    • IT Spend & Staffing Transparency Workbook
    • IT Staff & Spend Executive Presentation Template
    • CIO/IT directors
    • IT financial lead
    • Other IT management

    Download the IT Spend & Staffing Transparency Executive Presentation TemplateTemplate

    Phase 5: Identify implications for IT

    Achievement summary

    You've done the hard part in starting your IT spend transparency journey. You have:

    • Analyzed the results of your IT spend mapping process.
    • Revisited your transparency objectives.
    • Prepared an executive presentation so you can share findings with other leaders in your organization.

    "Having internal conversations, especially if there is doubt, allows for accuracy and confidence in your model. I was showing someone the cost of a service he managed. He didn't believe the service was so expensive. We went through it: here are the people we allocated, the assets we allocated, and the software we allocated. It was right - that was the total cost. He was like, 'No way. Wow.' The costs were high, and the transparency is what allowed for a conversation on cost optimization."
    - Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

    Next Steps

    Achieve IT Spend & Staffing Transparency

    This final section will provide you with:

    • An overall summary of accomplishment
    • Recommended next steps
    • A list of contributors to this research
    • Some related Info-Tech resources to help you grow your ITFM practice

    Summary of Accomplishment

    Congratulations! You now have a fully transparent view of your IT spend.

    You've now mapped the entirety of technology spend in your organization. You've:

    1. Learned the key sources of spend data and information in your organization.
    2. Set some standards for data organization and labeling.
    3. Have a methodology for continuing to track and document spend in a transparent way.
    4. Crafted an executive presentation that's a first step in having more meaningful and constructive conversations about IT spend with your key stakeholders.

    What's next?

    With a reliable baseline, you can look forward to more informed and defensible IT budgeting and cost optimization. Use your newly-transparent IT spend as a foundation for improving your financial data hygiene in the near term and evolving your overall ITFM governance maturity in the long-term.

    If you would like additional support, have our analysts guide you through an Info-Tech full-service engagement or Guided Implementation.

    Contact your account representative for more information.

    1-888-670-8889

    Research Contributors and Experts

    Monica Braun, Research Director, ITFM Practice

    Monica Braun
    Research Director, ITFM Practice
    Info-Tech Research Group

    Dave Kish, Practice Lead, ITFM Practice

    Dave Kish
    Practice Lead, ITFM Practice
    Info-Tech Research Group

    Kennedy Confurius, Research Analyst, ITFM Practice

    Kennedy Confurius
    Research Analyst, ITFM Practice
    Info-Tech Research Group

    Aman Kumari, Research Specialist, ITFM Practice

    Aman Kumari
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Rex Ding, Research Specialist, ITFM Practice

    Rex Ding
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Angie Reynolds, Principal Research Director, ITFM Practice

    Angie Reynolds
    Principal Research Director, ITFM Practice
    Info-Tech Research Group

    Related Info-Tech Research

    Build Your IT Cost Optimization Roadmap

    • Cost optimization often doesn't go beyond the cutting part, but cutting costs isn't strategic - it's reactive and can easily result in mistakes.
    • True cost optimization is much more than this. Re-focus your efforts on optimizing your cost-to-value ratio and implementing a sustainable cost-optimization practice.

    Build an IT Budget

    • Budgetary approval is difficult because finance executives have a limited understanding of IT and use a different vocabulary.
    • Detailed budgets must be constructed in a way that is transparent but at a level of appropriate detail in order to limit complexity and confusion.

    Manage an IT Budget

    • No one likes to be over budget, but being under budget isn't necessarily good either.
    • Implement a budget management process that documents your planned budget and actual expenditures, tracks variances, and responds to those variances to stay on track.
    • Control for under- or overspending using Info Tech's budget management tool and tactics.

    APPENDIX

    Sample shared business services

    Sample industry-specific business services

    Sample shared business functions

    Business function Definition
    Human Resources The management of the recruitment, training, development, appraisal, compensation/reward, retention, and departure of employees in an organization. Does not include management of subcontractor or outsourced relationships.
    Finance and Accounting The management and analysis of an organization's revenue, funds, spend, investments, financial transactions, accounts, and financial statements. Often includes enterprise asset management.
    Procurement and Supplier Management Acquiring materials, goods, and services from an external party, including identifying potential suppliers/providers, managing tendering or bidding processes, negotiating terms and agreements, and managing the relationship with the vendor/provider.
    Information Technology The development, management, and optimization of information technology resources and systems over their lifecycle in support of an organization's work priorities and goals. Includes computer-based information and communication systems, but typically excludes industrial operational technologies.
    Legal Expertise in interpretation, implication, and application of legislation and regulation that affects the enterprise, including guidance and support in the areas of risk, contracting, compliance, ownership, and litigation.
    Regulatory Affairs and Compliance Management Identification, operationalization, monitoring, reporting, and enforcement of the standards, rules, codes, and laws that apply to an organization's operating environment and the products and services it offers.
    Sales Transactional provision of a product or service to a buyer at an agreed-upon price. Includes identifying and developing prospective buyers, presenting and explaining the product/service, overcoming prospect objections and concerns to purchase, negotiating terms, developing contracts, and billing or invoicing.
    Customer Service and Support A range of activities designed to optimize the customer experience with an organization and its products and services throughout the customer lifecycle with the goals of retaining the customer; encouraging additional spend or consumption; the customer positively influencing other potential customers; and minimizing financial and reputational business risks.
    Marketing and Advertising Understanding customer/prospect needs, developing strategies to meet those needs, and promotion of the organization's products/services to a target market via a range of channels to maximize revenue, membership, donations, and/or develop the organization's brand or reputation. Includes market research and analysis and promotion, campaign, and brand management.

    Sample industry-specific functions

    Supply chain and capital-intensive industries.

    Industry function Definition
    Product Innovation Research, design, development, and launch of new products, including the engineering of their underlying production processes.
    Product and Service Portfolio Management The management of an organization's collection of products and services, including management of the product/service roadmap; product/service portfolio and catalog; product/service quality and performance; and product/service pricing, bundling and markdown.
    Logistics and Supply Chain Management Sourcing raw materials or component parts needed and shipping of a finished product. Includes demand planning; procurement/supplier management; inventory management; yard management; allocation management; fulfillment and replenishment; and product distribution and delivery.
    Production Operations Manufacture, storage, and tracking of a product and ensuring product and production process quality. Includes operations management, materials management, quality/safety control, packaging management, and management of the tools, equipment, and technologies that support it.
    Architecture & Engineering The design and planning of structures or critical infrastructure systems according to scientific, functional, and aesthetic principles.
    Construction New construction, assembly, or alteration of buildings and critical infrastructure (e.g. transportation systems; telecommunications systems; utilities generation/transmission/distribution facilities and systems). Includes management of all construction project plans and the people, materials, and equipment required to execute.
    Real Estate Management Management of any residential, commercial, or industrial real estate holdings (land and buildings), including any financial dealings such as its purchase, sale, transfer, and rental as well as ongoing maintenance and repair of associated infrastructure and capital assets.

    Sample industry-specific functions

    Financial services and insurance industries.

    Industry function Definition
    Core Banking Services Includes ATM management; account management (opening, deposit/withdrawal, interest calculation, overdraft management, closing); payments processing; funds transfers; foreign currency exchange; cash management.
    Loan, Mortgage, and Credit Services Includes application, adjudication, and approval; facility; disbursement/card issuance; authorization management; merchant services; interest calculation; billing/payment; debt/collections management.
    Investment and Wealth Management Processes for the investment of premiums/monies received from policy holders/customers to generate wealth. Often two-pronged: internal investment to fund claim payout in the case of insurance, and customer-facing investment as a financial service (e.g. retirement planning/annuities). Includes product development and management, investment management, safety deposit box services, trust management services.
    Actuarial Analysis & Policy Creation Development of new policy products based on analysis of past losses and patterns, forecasts of financial risks, and assessment of potential profitability (i.e. actuarial science). These processes also include development of rate schedules (pricing) and the reserves that the insurer needs to have available for potential claim payouts.
    Underwriting & Policy Administration Processes for assessing risk of a potential policy holder; determining whether to insure them or not; setting the premiums the policy holder must pay; and administering the policy over the course of its lifecycle (including updates and billing).
    Claims Processing & Claims Management Processes for receiving, investigating, evaluating, approving/denying, and disbursing a claim payout. This process is unique to the insurance industry. In health insurance, ongoing case management processes need to be considered here whereby the insurer monitors and approves patient treatments over a long-term basis to ensure that the treatments are both necessary and beneficial.

    Sample industry-specific functions

    Healthcare industry

    Industry function Definition
    Patient Intake & Admissions Processes whereby key pieces of information about a patient are registered, updated, or confirmed with the healthcare provider in order to access healthcare services. Includes patient triage, intake management, and admissions management. These processes are generally administrative in nature.
    Patient Diagnosis A range of methods for determining the medical condition a patient has in order to provide appropriate care or treatment. Includes examination, consultation, testing, and diagnostic imaging.
    Patient Treatment The range of medical procedures, methods, and interventions to mitigate, relieve, or cure a patient's symptom, injury, disease, or other medical condition. Includes consultation and referral; treatment and care planning; medical procedure management; nursing and personal support; medicine management; trauma management; diet and nutrition management; and patient transportation.
    Patient Recovery & Ongoing Care Processes and methods for tracking the progress of a patient post-treatment; improving their health outcomes; restoring, maintaining, or improving their quality of life; and discharging or transferring them to other providers. Includes remote monitoring of vital parameters, physical therapy, post-trauma care, and a range of restorative and lifestyle modification programs.

    Sample industry-specific functions

    Gaming and hospitality industries

    Industry function Definition
    Accommodation Short-term lodging in hotel facilities. Includes management and maintenance of guest rooms and common spaces, amenities (e.g. swimming pool), and other related services (e.g. valet parking).
    Gaming Includes table wagering games and gambling activities such as slot machines or any other activity that includes on premises mobile casino gaming.
    Food & Beverage Services Food and beverages prepared, served, or available for sale by the hotel on the hotel premises via restaurants and bars and room service. Excludes catering (see Events Management) and management or operation of independent leased food and beverage establishments located on the hotel premises.
    Entertainment & Events Planning, coordination, and on-premises hosting of events including conferences, conventions, trade shows, parties, ceremonies and live entertainment, and other forms of recreation on the hotel premises. Includes all aspects of entertainment operations, facility management and catering for the event.

    The First 100 Days As CIO

    • Buy Link or Shortcode: {j2store}540|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $54,525 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: High Impact Leadership
    • Parent Category Link: /lead
    • You’ve been promoted from within to the role of CIO.
    • You’ve been hired externally to take on the role of CIO.

    Our Advice

    Critical Insight

    • Foundational understanding must be achieved before you start. Hit the ground running before day one by using company documents and initial discussions to pin down the company’s type and mode.
    • Listen before you act (usually). In most situations, executives benefit from listening to peers and staff before taking action.
    • Identify quick wins early and often. Fix problems as soon as you recognize them to set the tone for your tenure.

    Impact and Result

    • Collaborate to collect the details needed to identify the right mode for your organization and determine how it will influence your plan.
    • Use Info-Tech’s diagnostic tools to align your vision with that of business executives and form a baseline for future reference.

    The First 100 Days As CIO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why the first 100 days of being a new executive is a crucial time that requires the right balance of listening with taking action. See how seven calls with an executive advisor will guide you through this period.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Check in with your executive advisor over seven calls

    Organize your first 100 days as CIO into activities completed within two-week periods, aided by the guidance of an executive advisor.

    • The First 100 Days As CIO – Storyboard
    • Organizational Catalog
    • Cultural Archetype Calculator
    • IT Capability Assessment

    2. Communicate your plan to your manager

    Communicate your strategy with a presentation deck that you will complete in collaboration with Info-Tech advisors.

    • The First 100 Days As CIO – Presentation Deck

    3. View an example of the final presentation

    See an example of a completed presentation deck, from the new CIO of Gotham City.

    • The First 100 Days As CIO – Presentation Deck Example

    4. Listen to our podcast

    Check out The Business Leadership podcast in Info-Tech's special series, The First 100 Days.

    • "The First 100 Days" Podcast – Alan Fong, CTO, DealerFX
    • "The First 100 Days" Podcast – Denis Gaudreault, country manager for Intel’s Canada and Latin America region
    • "The First 100 Days" Podcast – Dave Penny & Andrew Wertkin, BlueCat
    • "The First 100 Days" Podcast – Susan Bowen, CEO, Aptum
    • "The First 100 Days" Podcast – Wayne Berger, CEO IWG Plc Canada and Latin America
    • "The First 100 Days" Podcast – Eric Wright, CEO, LexisNexis Canada
    • "The First 100 Days" Podcast – Erin Bury, CEO, Willful
    [infographic]

    Further reading

    The First 100 Days As CIO

    Partner with Info-Tech for success in this crucial period of transition.

    Analyst Perspective

    The first 100 days refers to the 10 days before you start and the first three months on the job.

    “The original concept of ‘the first 100 days’ was popularized by Franklin Delano Roosevelt, who passed a battery of new legislation after taking office as US president during the Great Depression. Now commonly extended to the business world, the first 100 days of any executive role is a critically important period for both the executive and the organization.

    But not every new leader should follow FDR’s example of an action-first approach. Instead, finding the right balance of listening and taking action is the key to success during this transitional period. The type of the organization and the mode that it’s in serves as the fulcrum that determines where the point of perfect balance lies. An executive facing a turnaround situation will want to focus on more action more quickly. One facing a sustaining success situation or a realignment situation will want to spend more time listening before taking action.” (Brian Jackson, Research Director, CIO, Info-Tech Research Group)

    Executive summary

    Situation

    • You’ve been promoted from within to the role of CIO.
    • You’ve been hired externally to take on the role of CIO.

    Complication

    Studies show that two years after a new executive transition, as many as half are regarded as failures or disappointments (McKinsey). First impressions are hard to overcome, and a CIO’s first 100 days are heavily weighted in terms of how others will assess their overall success. The best way to approach this period is determined by both the size and the mode of an organization.

    Resolution

    • Work with Info-Tech to prepare a 100-day plan that will position you for success.
    • Collaborate to collect the details needed to identify the right mode for your organization and determine how it will influence your plan.
    • Use Info-Tech’s diagnostic tools to align your vision with that of business executives and form a baseline for future reference.

    Info-Tech Insight

    1. Foundational understanding must be achieved before you start.
      Hit the ground running before day one by using company documents and initial discussions to pin down the company’s type and mode.
    2. Listen before you act (usually).
      In most situations, executives benefit from listening to peers and staff before taking action.
    3. Identify quick wins early and often.
      Fix problems as soon as you recognize them to set the tone for your tenure.

    The First 100 Days: Roadmap

    A roadmap timeline of 'The 100-Day Plan' for your first 100 days as CIO and related Info-Tech Diagnostics. Step A: 'Foundational Preparation' begins 10 days prior to your first day. Step B: 'Management's Expectations' is Days 0 to 30, with the diagnostic 'CIO-CEO Alignment'. Step C: 'Assessing the IT Team' is Days 10 to 75, with the diagnostics 'IT M&G Diagnostic' at Day 30 and 'IT Staffing Assessment' at Day 60. Step D: 'Assess the Key Stakeholders' is Days 40 to 85 with the diagnostic 'CIO Business Vision Survey'. Step E: 'Deliver First-Year Plan' is Days 80 to 100.

    Concierge service overview

    Organize a call with your executive advisor every two weeks during your first 100 days. Info-Tech recommends completing our diagnostics during this period. If you’re not able to do so, instead complete the alternative activities marked with (a).

    Call 1 Call 2 Call 3 Call 4 Call 5 Call 6 Call 7
    Activities
    Before you start: Day -10 to Day 1
    • 1.1 Interview your predecessor.
    • 1.2 Learn the corporate structure.
    • 1.3 Determine STARS mode.
    • 1.4 Create a one-page intro sheet.
    • 1.5 Update your boss.
    Day 0 to 15
    • 2.1 Introduce yourself to your team.
    • 2.2 Document your sphere of influence.
    • 2.3 Complete a competitor array.
    • 2.4 Complete the CEO-CIO Alignment Program.
    • 2.4(a) Agree on what success looks like with the boss.
    • 2.5 Inform team of IT M&G Framework.
    Day 16 to 30
    • 3.1 Determine the team’s cultural archetype.
    • 3.2 Create a cultural adjustment plan.
    • 3.3 Initiate IT M&G Diagnostic.
    • 3.4 Conduct a high-level analysis of current IT capabilities.
    • 3.4 Update your boss.
    Day 31 to 45
    • 4.1 Inform stakeholders about CIO Business Vision survey.
    • 4.2 Get feedback on initial assessments from your team.
    • 4.3 Initiate CIO Business Vision survey.
    • 4.3(a) Meet stakeholders and catalog details.
    Day 46 to 60
    • 5.1 Inform the team that you plan to conduct an IT staffing assessment.
    • 5.2 Initiate the IT Staffing Assessment.
    • 5.3 Quick wins: Make recommend-ations based on CIO Business Vision Diagnostic/IT M&G Framework.
    • 5.4 Update your boss.
    Day 61 to 75
    • 6.1 Run a start, stop, continue exercise with IT staff.
    • 6.2 Make a categorized vendor list.
    • 6.3 Determine the alignment of IT commitments with business objectives.
    Day 76 to 90
    • 7.1 Finalize your vision – mission – values statement.
    • 7.2 Quick Wins: Make recommend-ations based on IT Staffing Assessment.
    • 7.3 Create and communicate a post-100-day plan.
    • 7.4 Update your boss.
    Deliverables Presentation Deck Section A: Foundational Preparation Presentation Deck slides 9, 11-13, 19-20, 29 Presentation Deck slides 16, 17, 21 Presentation Deck slides 30, 34 Presentation Deck slides 24, 25, 2 Presentation Deck slides 27, 42

    Call 1

    Before you start: Day -10 to Day 1

    Interview your predecessor

    Interviewing your predecessor can help identify the organization’s mode and type.

    Before reaching out to your predecessor, get a sense of whether they were viewed as successful or not. Ask your manager. If the predecessor remains within the organization in a different role, understand your relationship with them and how you'll be working together.

    During the interview, make notes about follow-up questions you'll ask others at the organization.

    Ask these open-ended questions in the interview:

    • Tell me about the team.
    • Tell me about your challenges.
    • Tell me about a major project your team worked on. How did it go?
    • Who/what has been helpful during your tenure?
    • Who/what created barriers for you?
    • What do your engagement surveys reveal?
    • Tell me about your performance management programs and issues.
    • What mistakes would you avoid if you could lead again?
    • Why are you leaving?
    • Could I reach out to you again in the future?

    Learn the corporate structure

    Identify the organization’s corporate structure type based on your initial conversations with company leadership. The type of structure will dictate how much control you'll have as a functional head and help you understand which stakeholders you'll need to collaborate with.

    To Do:

    • Review the organization’s structure list and identify whether the structure is functional, prioritized, or a matrix. If it's a matrix organization, determine if it's a strong matrix (project manager holds more authority), weak matrix (functional manager holds more authority), or balanced matrix (managers hold equal authority).

    Functional
    • Most common structure.
    • Traditional departments such as sales, marketing, finance, etc.
    • Functional managers hold most authority.

    Projectized
    • Most programs are implemented through projects with focused outcomes.
    • Teams are cross-functional.
    • Project managers hold the most authority.

    Matrix
    • Combination of projectized and functional.
    • Organization is a dynamic environment.
    • Authority of functional manager flows down through division, while authority of project manager flows sideways through teams.

    This organization is a ___________________ type.

    (Source: Simplilearn)

    Presentation Deck, slide 6

    Determine the mode of the organization: STARS

    Based on your interview process and discussions with company leadership, and using Michael Watkins’ STARS assessment, determine which mode your organization is in: startup, turnaround, accelerated growth, realignment, or sustaining success.

    Knowing the mode of your organization will determine how you approach your 100-day plan. Depending on the mode, you'll rebalance your activities around the three categories of assess, listen, and deliver.

    To Do:

    • Review the STARS table on the right.

    Based on your situation, prioritize activities in this way:

    • Startup: assess, listen, deliver
    • Turnaround: deliver, listen, assess
    • Accelerated Growth: assess, listen, deliver
    • Realignment: listen, assess, deliver
    • Sustaining success: listen, assess, deliver

    This organization is a ___________________ type.

    (Source: Watkins, 2013.)

    Presentation Deck, slide 6

    Determine the mode of the organization: STARS

    STARS Startup Turnaround Accelerated Growth Realignment Sustaining Success
    Definition Assembling capabilities to start a project. Project is widely seen as being in serious trouble. Managing a rapidly expanding business. A previously successful organization is now facing problems. A vital organization is going to the next level.
    Challenges Must build strategy, structures, and systems from scratch. Must recruit and make do with limited resources. Stakeholders are demoralized; slash and burn required. Requires structure and systems to scale; hiring and onboarding. Employees need to be convinced change is needed; restructure at the top required. Risk of living in shadow of a successful former leader.
    Advantages No rigid preconceptions. High-energy environment and easy to pivot. A little change goes a long way when people recognize the need. Motivated employee base willing to stretch. Organization has clear strengths; people desire success. Likely a strong team; foundation for success likely in place.

    Satya Nadella's listen, lead, and launch approach

    CASE STUDY

    Industry Software
    Source Gregg Keizer, Computerworld, 2014

    When Satya Nadella was promoted to the CEO role at Microsoft in 2014, he received a Glassdoor approval rating of 85% and was given an "A" grade by industry analysts after his first 100 days. What did he do right?

    • Created a sense of urgency by shaking up the senior leadership team.
    • Already understood the culture as an insider.
    • Listened a lot and did many one-on-one meetings.
    • Established a vision communicated with a mantra that Microsoft would be "mobile-first, cloud-first."
    • Met his words with actions. He launched Office for iPad and made many announcements for cloud platform Azure.
    		 Photo of Satya Nadella, CEO, Microsoft Corp.
    Satya Nadella, CEO, Microsoft Corp. (Image source: Microsoft)

    Listen to 'The First 100 Days' podcast – Alan Fong

    Create a one-page introduction sheet to use in communications

    As a new CIO, you'll have to introduce yourself to many people in the organization. To save time on communicating who you are as a person outside of the office, create a brief one-pager that includes a photo of you, where you were born and raised, and what your hobbies are. This helps make a connection more quickly so your conversations can focus on the business at hand rather than personal topics.

    For your presentation deck, remove the personal details and just keep it professional. The personal aspects can be used as a one-pager for other communications. (Source: Personal interview with Denis Gaudreault, Country Lead, Intel.)

    Presentation Deck, slide 5

    Call 2

    Day 1 to Day 15

    Introduce yourself to your team

    Prepare a 20-second pitch about yourself that goes beyond your name and title. Touch on your experience that's relevant to your new role or the industry you're in. Be straightforward about your own perceived strengths and weaknesses so that people know what to expect from you. Focus on the value you believe you'll offer the group and use humor and humility where you're comfortable. For example:

    “Hi everyone, my name is John Miller. I have 15 years of experience marketing conferences like this one to vendors, colleges, and HR departments. What I’m good at, and the reason I'm here, is getting the right people, businesses, and great ideas in a room together. I'm not good on details; that's why I work with Tim. I promise that I'll get people excited about the conference, and the gifts and talents of everyone else in this room will take over from there. I'm looking forward to working with all of you.”

    Have a structured set of questions ready that you can ask everyone.

    For example:
    • How well is the company performing based on expectations?
    • What must the company do to sustain its financial performance and market competitiveness?
    • How do you foresee the CIO contributing to the team?
    • How have past CIOs performed from the perspective of the team?
    • What would successful performance of this role look like to you? To your peers?
    • What challenges and obstacles to success am I likely to encounter? What were the common challenges of my predecessor?
    • How do you view the culture here and how do successful projects tend to get approved?
    • What are your greatest challenges? How could I help you?

    Get to know your sphere of influence: prepare to connect with a variety of people before you get down to work

    Your ability to learn from others is critical at every stage in your first 100 days. Keep your sphere of influence in the loop as you progress through this period.

    A diagram of circles within circles representing your spheres of influence. The smallest circle is 'IT Leaders' and is noted as your 'Immediate circle'. The next largest circle is 'IT Team', then 'Peers - Business Leads', then 'Internal Clients' which is noted as you 'Extended circle'. The largest circle is 'External clients'.

    Write down the names, or at least the key people, in each segment of this diagram. This will serve as a quick reference when you're planning communications with others and will help you remember everyone as you're meeting lots of new people in your early days on the job.

    • Everyone knows their networks are important.
    • However, busy schedules can cause leaders to overlook their many audiences.
    • Plan to meet and learn from all people in your sphere to gain a full spectrum of insights.

    Presentation Deck, slide 29

    Identify how your competitors are leveraging technology for competitive advantage

    Competitor identification and analysis are critical steps for any new leader to assess the relative strengths and weaknesses of their organization and develop a sense of strategic opportunity and environmental awareness.

    Today’s CIO is accountable for driving innovation through technology. A competitive analysis will provide the foundation for understanding the current industry structure, rivalry within it, and possible competitive advantages for the organization.

    Surveying your competitive landscape prior to the first day will allow you to come to the table prepared with insights on how to support the organization and ensure that you are not vulnerable to any competitive blind spots that may exist in the evaluations conducted by the organization already.

    You will not be able to gain a nuanced understanding of the internal strengths and weaknesses until you are in the role, so focus on the external opportunities and how competitors are using technology to their advantage.

    Info-Tech Best Practice

    For a more in-depth approach to identifying and understanding relevant industry trends and turning them into insights, leverage the following Info-Tech blueprints:

    Presentation Deck, slide 9

    Assess the external competitive environment

    Associated Activity icon

    INPUT: External research

    OUTPUT: Competitor array

    1. Conduct a broad analysis of the industry as a whole. Seek to answer the following questions:
      1. Are there market developments or new markets?
      2. Are there industry or lifestyle trends, e.g. move to mobile?
      3. Are there geographic changes in the market?
      4. Are there demographic changes that are shaping decision making?
      5. Are there changes in market demand?
    2. Create a competitor array by identifying and listing key competitors. Try to be as broad as possible here and consider not only entrenched close competitors but also distant/future competitors that may disrupt the industry.
    3. Identify the strengths, weaknesses, and key brand differentiators that each competitor brings to the table. For each strength and differentiator, brainstorm ways that IT-based innovation enables each. These will provide a toolkit for deeper conversations with your peers and your business stakeholders as you move further into your first 100 days.
    Competitor Strengths Weaknesses Key Differentiators IT Enablers
    Competitor 1
    Competitor 2
    Competitor 3

    Complete the CEO-CIO Alignment Program

    Associated Activity icon Run the diagnostic program or use the alternative activities to complete your presentation

    INPUT: CEO-CEO Alignment Program (recommended)

    OUTPUT: Desired and target state of IT maturity, Innovation goals, Top priorities

    Materials: Presentation Deck, slides 11-13

    Participants: CEO, CIO

    Introduce the concept of the CEO-CIO Alignment Program using slide 10 of your presentation deck and the brief email text below.

    Talk to your advisory contact at Info-Tech about launching the program. More information is available on Info-Tech’s website.

    Once the report is complete, import the results into your presentation:

    • Slide 11, the CEO’s current and desired states
    • Slide 12, IT innovation goals
    • Slide 13, top projects and top departments from the CEO and the CIO

    Include any immediate recommendations you have.

    Hello CEO NAME,

    I’m excited to get started in my role as CIO, and to hit the ground running, I’d like to make sure that the IT department is aligned with the business leadership. We will accomplish this using Info-Tech Research Group’s CEO-CIO Alignment Program. It’s a simple survey of 20 questions to be completed by the CEO and the CIO.

    This survey will help me understand your perception and vision as I get my footing as CIO. I’ll be able to identify and build core IT processes that will automate IT-business alignment going forward and create an effective IT strategy that helps eliminate impediments to business growth.

    Research shows that IT departments that are effectively aligned to business goals achieve more success, and I’m determined to make our IT department as successful as possible. I look forward to further detailing the benefits of this program to you and answering any questions you may have the next time we speak.

    Regards,
    CIO NAME

    New KPIs for CEO-CIO Alignment — Recommended

    Info-Tech CEO-CIO Alignment Program

    Info-Tech's CEO-CIO Alignment Program is set up to build IT-business alignment in any organization. It helps the CIO understand CEO perspectives and priorities. The exercise leads to useful IT performance indicators, clarifies IT’s mandate and which new technologies it should invest in, and maps business goals to IT priorities.

    Benefits

    Master the Basics
    Cut through the jargon.
    Take a comprehensive look at the CEO perspective.     		Target Alignment
    Identify how IT can support top business priorities. Address CEO-CIO differences.     		Start on the Right Path
    Get on track with the CIO vision. Use correct indicators and metrics to evaluate IT from day one.

    Supporting Tool or Template icon Additional materials are available on Info-Tech’s website.

    The desired maturity level of IT — Alternative

    Associated Activity icon Use only if you can’t complete the CEO-CIO Alignment Program

    Step 1: Where are we today?

    Determine where the CEO sees the current overall maturity level of the IT organization.

    Step 2: Where do we want to be as an organization?

    Determine where the CEO wants the IT organization to be in order to effectively support the strategic direction of the business.

    		A colorful visual representation of the different IT maturity levels. At the bottom is 'STRUGGLE, Unable to Provide Reliable Business Services', then moving upwards are 'SUPPORT, Reliable Infrastructure and IT Service Desk', 'OPTIMIZE, Effective Fulfillment of Work Orders, Functional Business Applications, and Reliable Service Management', 'EXPAND, Effective Execution on Business Projects, Strategic Use of Analytics and Customer Technology', and at the top is 'TRANSFORM, Reliable Technology Innovation'.

    Presentation Deck, slide 11

    Tim Cook's powerful use of language

    CASE STUDY

    Industry Consumer technology
    Source Carmine Gallo, Inc., 2019

    Apple CEO Tim Cook, an internal hire, had big shoes to fill after taking over from the late Steve Jobs. Cook's ability to control how the company is perceived is a big credit to his success. How does he do it? His favorite five words are “The way I see it..." These words allow him to take a line of questioning and reframe it into another perspective that he wants to get across. Similarly, he'll often say, "Let me tell you the way I look at it” or "To put it in perspective" or "To put it in context."

    In your first two weeks on the job, try using these phrases in your conversations with peers and direct reports. It demonstrates that you value their point of view but are independently coming to conclusions about the situation at hand.

    		Photo of Tim Cook, CEO, Apple Inc.
    Tim Cook, CEO, Apple Inc. (Image source: Apple)

    Listen to 'The First 100 Days' podcast – Denis Gaudreault

    Inform your team that you plan to do an IT Management & Governance Diagnostic survey

    Associated Activity icon Run the diagnostic program or use the alternative activities to complete your presentation

    INPUT: IT Management & Governance Diagnostic (recommended)

    OUTPUT: Process to improve first, Processes important to the business

    Materials: Presentation Deck, slides 19-20

    Participants: CIO, IT staff

    Introduce the IT Management & Governance Diagnostic survey that will help you form your IT strategy.

    Explain that you want to understand current IT capabilities and you feel a formal approach is best. You’ll also be using this approach as an important metric to track your department’s success. Tell them that Info-Tech Research Group will be conducting the survey and it’s important to you that they take action on the email when it’s sent to them.

    Example email:

    Hello TEAM,

    I appreciate meeting each of you, and so far I’m excited about the talents and energy on the team. Now I need to understand the processes and capabilities of our department in a deeper way. I’d like to map our process landscape against an industry-wide standard, then dive deeper into those processes to understand if our team is aligned. This will help us be accountable to the business and plan the year ahead. Advisory firm Info-Tech Research Group will be reaching out to you with a simple survey that shouldn’t take too long to complete. It’s important to me that you pay attention to that message and complete the survey as soon as possible.

    Regards,
    CIO NAME

    Call 3

    Day 16 to Day 30

    Leverage team interviews as a source of determining organizational culture

    Info-Tech recommends that you hold group conversations with your team to uncover their opinions of the current organizational culture. This not only helps build transparency between you and your team but also gives you another means of observing behavior and reactions as you listen to team members’ characterizations of the current culture.

    A visualization of the organizational culture of a company asks the question 'What is culture?' Five boxes are stacked, the bottom two are noted as 'The invisible causes' and the top two are noted as 'The visible signs'. From the bottom, 'Fundamental assumptions and beliefs', 'Values and attitudes', 'The way we do things around here', 'Behaviors', and at the top, 'Environment'. (Source: Hope College Blog Network)

    Note: It is inherently difficult for people to verbalize what constitutes a culture – your strategy for extracting this information will require you to ask indirect questions to solicit the highest value information.

    Questions for Discussion:

    • What about the current organizational environment do you think most contributes to your success?
    • What barriers do you experience as you try to accomplish your work?
    • What is your favorite quality that is present in our organization?
    • What is the one thing you would most like to change about this organization?
    • Do the organization's policies and procedures support your efforts to accomplish work or do they impede your progress?
    • How effective do you think IT’s interactions are with the larger organization?
    • What would you consider to be IT’s top three guiding principles?
    • What kinds of people fail in this organization?

    Supporting Tool or Template icon See Info-Tech’s Cultural Archetype Calculator.

    Use the Competing Values Framework to define your organization’s cultural archetype

    THE COMPETING VALUES FRAMEWORK (CVF):

    CVF represents the synthesis of academic study of 39 indicators of effectiveness for organizations. Using a statistical analysis, two polarities that are highly predictive of differences in organizational effectiveness were isolated:

    1. Internal focus and integration vs. external focus and differentiation.
    2. Stability and control vs. flexibility and discretion.

    By plotting these dimensions on a matrix of competing values, four main cultural archetypes are identified with their own value drivers and theories of effectiveness.

    		A map of cultural archetypes with 'Internal control and integration' on the left, 'External focus and differentiation' on the right, 'Flexibility and discretion' on top, and 'Stability and control' on the bottom. Top left is 'Clan Archetype', internal and flexible. Top right is 'Adhocracy Archetype', external and flexible. Bottom left is 'Hierarchy Archetype', internal and controlled. Bottom right is 'Market Archetype', external and controlled.

    Presentation Deck, slide 16

    Create a cultural adjustment plan

    Now that you've assessed the cultural archetype, you can plan an appropriate approach to shape the culture in a positive way. When new executives want to change culture, there are a few main options at hand:

    Autonomous evolution: Encourage teams to learn from each other. Empower hybrid teams to collaborate and reward teams that perform well.

    Planned and managed change: Create steering committee and project-oriented taskforces to work in parallel. Appoint employees that have cultural traits you'd like to replicate to hold responsibility for these bodies.

    Cultural destruction: When a toxic culture needs to be eliminated, get rid of its carriers. Putting new managers or directors in place with the right cultural traits can be a swift and effective way to realign.

    Each option boils down to creating the right set of incentives and deterrents. What behaviors will you reward and which ones will you penalize? What do those consequences look like? Sometimes, but not always, some structural changes to the team will be necessary. If you feel these changes should be made, it's important to do it sooner rather than later. (Source: “Enlarging Your Sphere of Influence in Your Organization,” MindTools Corporate, 2014.)

    As you're thinking about shaping a desired culture, it's helpful to have an easy way to remember the top qualities you want to espouse. Try creating an acronym that makes it easy for staff to remember. For example: RISE could remind your staff to be Responsive, Innovative, Sustainable, and Engaging (RISE). Draw upon your business direction from your manager to help produce desired qualities (Source: Jennifer Schaeffer).

    Presentation Deck, slide 17

    Gary Davenport’s welcome “surprise”

    CASE STUDY

    Industry Telecom
    Source Interview with Gary Davenport

    After Gary Davenport was hired on as VP of IT at MTS Allstream, his first weekend on the job was spent at an all-executive offsite meeting. There, he learned from the CEO that the IT department had a budget reduction target of 25%, like other departments in the company. “That takes your breath away,” Davenport says.

    He decided to meet the CEO monthly to communicate his plans to reduce spending while trying to satisfy business stakeholders. His top priorities were:

    1. Stabilize IT after seven different leaders in a five-year period.
    2. Get the IT department to be respected. To act like business owners instead of like servants.
    3. Better manage finances and deliver on projects.

    During Davenport’s 7.5-year tenure, the IT department became one of the top performers at MTS Allstream.

    		Photo of Gary Davenport.
    Gary Davenport’s first weekend on the job at MTS Allstream included learning about a 25% reduction target. (Image source: Ryerson University)

    Listen to 'The First 100 Days' podcast – David Penny & Andrew Wertkin

    Initiate IT Management & Governance Diagnostic — Recommended

    Info-Tech Management & Governance Diagnostic

    Talk to your Info-Tech executive advisor about launching the survey shortly after informing your team to expect it. You'll just have to provide the names and email addresses of the staff you want to be involved. Once the survey is complete, you'll harvest materials from it for your presentation deck. See slides 19 and 20 of your deck and follow the instructions on what to include.

    Benefits

    A sample of the 'High Level Process Landscape' materials available from Info-Tech. A sample of the 'Strategy and Governance In Depth Results' materials available from Info-Tech. A sample of the 'Process Accountability' materials available from Info-Tech.
    Explore IT Processes
    Dive deeper into performance. Highlight problem areas.     		Align IT Team
    Build consensus by identifying opposing views.     		Ownership & Accountability
    Identify process owners and hold team members accountable.

    Supporting Tool or Template icon Additional materials available on Info-Tech’s website.

    Conduct a high-level analysis of current IT capabilities — Alternative

    Associated Activity icon

    INPUT: Interviews with IT leadership team, Capabilities graphic on next slide

    OUTPUT: High-level understanding of current IT capabilities

    Run this activity if you're not able to conduct the IT Management & Governance Diagnostic.

    Schedule meetings with your IT leadership team. (In smaller organizations, interviewing everyone may be acceptable.) Provide them a list of the core capabilities that IT delivers upon and ask them to rate them on an effectiveness scale of 1-5, with a short rationale for their score.

    • 1. Not effective (NE)
    • 2. Somewhat Effective (SE)
    • 3. Effective (E)
    • 4. Very Effective (VE)
    • 5. Extremely Effective (EE)

    Presentation Deck, slide 21

    Use the following set of IT capabilities for your assessment

    Strategy & Governance

    		 IT Governance Strategy Performance Measurement Policies Quality Management Innovation

    People & Resources

    		 Stakeholder Management Resource Management Financial Management Vendor Selection & Contract Management Vendor Portfolio Management Workforce Strategy Strategic Comm. Organizational Change Enablement

    Service Management & Operations

    		 Operations Management Service Portfolio Management Release Management Service Desk Incident & Problem Management Change Management Demand Management

    Infrastructure

    		 Asset Management Infrastructure Portfolio Management Availability & Capacity Management Infrastructure Management Configuration Management

    Information Security & Risk

    		 Security Strategy Risk Management Compliance, Audit & Review Security Detection Response & Recovery Security Prevention

    Applications

    		 Application Lifecycle Management Systems Integration Application Development User Testing Quality Assurance Application Maintenance

    PPM & Projects

    		 Portfolio Management Requirements Gathering Project Management

    Data & BI

    		 Data Architecture BI & Reporting Data Quality & Governance Database Operations Enterprise Content Management

    Enterprise Architecture

    		 Enterprise Architecture Solution Architecture

    Quick wins: CEO-CIO Alignment Program

    Complete this while waiting on the IT M&G survey results. Based on your completed CEO-CIO Alignment Report, identify the initiatives you can tackle immediately.

    If you are here... And want to be here... Drive toward... Innovate around...
    Business Partner Innovator Leading business transformation
    • Emerging technologies
    • Analytical capabilities
    • Risk management
    • Customer-facing tech
    • Enterprise architecture
    Trusted Operator Business Partner Optimizing business process and supporting business transformation
    • IT strategy and governance
    • Business architecture
    • Projects
    • Resource management
    • Data quality
    Firefighter Trusted Operator Optimize IT processes and services
    • Business applications
    • Service management
    • Stakeholder management
    • Work orders
    Unstable Firefighter Reduce use disruption and adequately support the business
    • Network and infrastructure
    • Service desk
    • Security
    • User devices

    Call 4

    Day 31 to Day 45

    Inform your peers that you plan to do a CIO Business Vision survey to gauge your stakeholders’ satisfaction

    Associated Activity icon Run the diagnostic program or use the alternative activities to complete your presentation

    INPUT: CIO Business Vision survey (recommended)

    OUTPUT: True measure of business satisfaction with IT

    Materials: Presentation Deck, slide 30

    Participants: CIO, IT staff

    Meet the business leaders at your organization face-to-face if possible. If you can't meet in person, try a video conference to establish some rapport. At the end of your introduction and after listening to what your colleague has to say, introduce the CIO Business Vision Diagnostic.

    Explain that you want to understand how to meet their business needs and you feel a formal approach is best. You'll also be using this approach as an important metric to track your department's success. Tell them that Info-Tech Research Group will be conducting the survey and it’s important to you that they take the survey when the email is sent to them.

    Example email:

    Hello PEER NAMES,

    I'm arranging for Info-Tech Research Group to invite you to take a survey that will be important to me. The CIO Business Vision survey will help me understand how to meet your business needs. It will only take about 15 minutes of your time, and the top-line results will be shared with the organization. We will use the results to plan initiatives for the future that will improve your satisfaction with IT.

    Regards,
    CIO NAME

    Gain feedback on your initial assessments from your IT team

    There are two strategies for gaining feedback on your initial assessments of the organization from the IT team:

    1. Review your personal assessments with the relevant members of your IT organization as a group. This strategy can help to build trust and an open channel for communication between yourself and your team; however, it also runs the risk of being impacted by groupthink.
    2. Ask for your team to complete their own assessments for you to compare and contrast. This strategy can help extract more candor from your team, as they are not expected to communicate what may be nuanced perceptions of organizational weaknesses or criticisms of the way certain capabilities function.

    Who you involve in this process will be impacted by the size of your organization. For larger organizations, involve everyone down to the manager level. In smaller organizations, you may want to involve everyone on the IT team to get an accurate lay of the land.

    Areas for Review:

    • Strategic Document Review: Are there any major themes or areas of interest that were not covered in my initial assessment?
    • Competitor Array: Are there any initiatives in flight to leverage new technologies?
    • Current State of IT Maturity: Does IT’s perception align with the CEO’s? Where do you believe IT has been most effective? Least effective?
    • IT’s Key Priorities: Does IT’s perception align with the CEO’s?
    • Key Performance Indicators: How has IT been measured in the past?

    Info-Tech Best Practice

    You need your team’s hearts and minds or you risk a short tenure. Overemphasizing business commitment by neglecting to address your IT team until after you meet your business stakeholders will result in a disenfranchised group. Show your team their importance.

    Susan Bowen's talent maximization

    CASE STUDY

    Industry Infrastructure Services
    Source Interview with Susan Bowen

    Susan Bowen was promoted to be the president of Cogeco Peer 1, an infrastructure services firm, when it was still a part of Cogeco Communications. Part of her mandate was to help spin out the business to a new owner, which occurred when it was acquired by Digital Colony. The firm was renamed Aptum and Bowen was put in place as CEO, which was not a certainty despite her position as president at Cogeco Peer 1. She credits her ability to put the right talent in the right place as part of the reason she succeeded. After becoming president, she sought a strong commitment from her directors. She gave them a choice about whether they'd deliver on a new set of expectations – or not. She also asks her leadership on a regular basis if they are using their talent in the right way. While it's tempting for directors to want to hold on to their best employees, those people might be able to enable many more people if they can be put in another place.

    Bowen fully rounded out her leadership team after Aptum was formed. She created a chief operating officer and a chief infrastructure officer. This helped put in place more clarity around roles at the firm and put an emphasis on client-facing services.

    		Photo of Susan Bowen, CEO, Aptum.
    Susan Bowen, CEO, Aptum (Image source: Aptum)

    Listen to 'The First 100 Days' podcast – Susan Bowen

    Initiate CIO Business Vision survey – new KPIs for stakeholder management — Recommended

    Info-Tech CIO Business Vision

    Be sure to effectively communicate the context of this survey to your business stakeholders before you launch it. Plan to talk about your plans to introduce it in your first meetings with stakeholders. When ready, let your executive advisor know you want to launch the tool and provide the names and email addresses of the stakeholders you want involved. After you have the results, harvest the materials required for your presentation deck. See slide 30 and follow the instructions on what to include.

    Benefits

    Icon for Key Stakeholders. Icon for Credibility. Icon for Improve. Icon for Focus.
    Key Stakeholders
    Clarify the needs of the business.     		Credibility
    Create transparency.     		Improve
    Measure IT’s progress.     		Focus
    Find what’s important.

    Supporting Tool or Template icon Additional materials are available on Info-Tech’s website.

    Create a catalog of key stakeholder details to reference prior to future conversations — Alternative

    Only conduct this activity if you’re not able to run the CIO Business Vision diagnostic.

    Use the Organizational Catalog as a personal cheat sheet to document the key details around each of your stakeholders, including your CEO when possible.

    The catalog will be an invaluable tool to keep the competing needs of your different stakeholders in line, while ensuring you are retaining the information to build the political capital needed to excel in the C-suite.

    Note: It is important to keep this document private. While you may want to communicate components of this information, ensure your catalog remains under lock and (encryption) key.

    Screenshot of the Organizational Catalog for Stakeholders. At the top are spaces for 'Name', 'Job Title', etc. Boxes include 'Key Personal Details', 'Satisfaction Levels With IT', 'Preferred Communications', 'Key Activities', 'In-Flight and Scheduled Projects', 'Key Performance Indicators', and 'Additional Details'.

    Info-Tech Insight

    While profiling your stakeholders is important, do not be afraid to profile yourself as well. Visualizing how your interests overlap with those of your stakeholders can provide critical information on how to manage your communications so that those on the receiving end are hearing exactly what they need.

    Activity: Conduct interviews with your key business stakeholders — Alternative

    Associated Activity icon

    1. Once you have identified your key stakeholders through your interviews with your boss and your IT team, schedule a set of meetings with those individuals.
    2. Use the meetings to get to know your stakeholders, their key priorities and initiatives, and their perceptions of the effectiveness of IT.
      1. Use the probative questions to the right to elicit key pieces of information.
      2. Refer to the Organizational Catalog tool for more questions to dig deeper in each category. Ensure that you are taking notes separate from the tool and are keeping the tool itself secure, as it will contain private information specific to your interests.
    3. Following each meeting, record the results of your conversation and any key insights in the Organizational Catalog. Refer to the following slide for more details.

    Questions for Discussion:

    • Be indirect about your personal questions – share stories that will elicit details about their interests, kids, etc.
    • What are your most critical/important initiatives for the year?
    • What are your key revenue streams, products, and services?
    • What are the most important ways that IT supports your success? What is your satisfaction level with those services?
    • Are there any current in-flight projects or initiatives that are a current pain point? How can IT assist to alleviate challenges?
    • How is your success measured? What are your targets for the year on those metrics?

    Presentation Deck, slide 34

    Call 5

    Day 46 to Day 60

    Inform your team that you plan to do an IT staffing assessment

    Associated Activity icon Introduce the IT Staffing Assessment that will help you get the most out of your team

    INPUT: Email template

    OUTPUT: Ready to launch diagnostic

    Materials: Email template, List of staff, Sample of diagnostic

    Participants: CIO, IT staff

    Explain that you want to understand how the IT staff is currently spending its time by function and by activity. You want to take a formal approach to this task and also assess the team’s feelings about its effectiveness across different processes. The results of the assessment will serve as the foundation that helps you improve your team’s effectiveness within the organization.

    Example email:

    Hello PEER NAMES,

    The feedback I've heard from the team since joining the company has been incredibly useful in beginning to formulate my IT strategy. Now I want to get a clear picture of how everyone is spending their time, especially across different IT functions and activities. This will be an opportunity for you to share feedback on what we're doing well, what we need to do more of, and what we're missing. Expect to receive an email invitation to take this survey from Info-Tech Research Group. It's important to me that you complete the survey as soon as you're can. Attached you’ll find an example of the report this will generate. Thank you again for providing your time and feedback.

    Regards,
    CIO NAME

    Wayne Berger's shortcut to solve staffing woes

    CASE STUDY

    Industry Office leasing
    Source Interview with Wayne Berger

    Wayne Berger was hired to be the International Workplace Group (IWG) CEO for Canada and Latin America in 2014.

    Wayne approached his early days with the office space leasing firm as a tour of sorts, visiting nearly every one of the 48 office locations across Canada to host town hall meetings. He heard from staff at every location that they felt understaffed. But instead of simply hiring more staff, Berger actually reduced the workforce by 33%.

    He created a more flexible approach to staffing:

    • Employees no longer just reported to work at one office; instead, they were ready to go to wherever they were most needed in a specific geographic area.
    • He centralized all back-office functions for the company so that not every office had to do its own bookkeeping.
    • Finally, he changed the labor profile to consist of full-time staff, part-time staff, and time-on-demand workers.
    		 Photo of Wayne Berger, CEO, IWG Plc.
    Wayne Berger, CEO, IWG Plc (Image source: IWG)

    Listen to 'The First 100 Days' podcast – Wayne Berger

    Initiate IT Staffing Assessment – new KPIs to track IT performance — Recommended

    Info-Tech IT Staffing Assessment

    Info-Tech’s IT Staffing Assessment provides benchmarking of key metrics against 4,000 other organizations. Dashboard-style reports provide key metrics at a glance, including a time breakdown by IT function and by activity compared against business priorities. Run this survey at about the 45-day mark of your first 90 days. Its insights will be used to inform your long-term IT strategy.

    Benefits

    Icon for Right-Size IT Headcount. Icon for Allocate Staff Correctly. Icon for Maximize Teams.
    Right-Size IT Headcount
    Find the right level for stakeholder satisfaction.     		Allocate Staff Correctly
    Identify staff misalignments with priorities.     		Maximize Teams
    Identify how to drive staff.

    Supporting Tool or Template icon Additional materials are available on Info-Tech’s website.

    Quick wins: Make recommendations based on IT Management & Governance Framework

    Complete this exercise while waiting on the IT Staffing Assessment results. Based on your completed IT Management & Governance report, identify the initiatives you can tackle immediately. You can conduct this as a team exercise by following these steps:

    1. Create a shortlist of initiatives based on the processes that were identified as high need but scored low in effectiveness. Think as broadly as possible during this initial brainstorming.
    2. Write each initiative on a sticky note and conduct a high-level analysis of the amount of effort that would be required to complete it, as well as its alignment with the achievement of business objectives.
    3. Draw the matrix below on a whiteboard and place each sticky note onto the matrix based on its potential impact and difficulty to address.
    A matrix of initiative categories based on effort to achieve and alignment with business objectives. It is split into quadrants: the vertical axis is 'Potential Impact' with 'High, Fully supports achievement of business objectives' at the top and 'Low, Limited support of business objectives' at the bottom; the horizontal axis is 'Effort' with 'Low' on the left and 'High' on the right. Low impact, low effort is 'Low Current Value, No immediate attention required, but may become a priority in the future if business objectives change'. Low impact, high effort is 'Future Reassessment, No immediate attention required, but may become a priority in the future if business objectives change'. High impact, high effort is 'Long-Term Initiatives, High impact on business outcomes but will take more effort to implement. Schedule these in your long-term roadmap'. High impact, low effort is 'Quick Wins, High impact on business objectives with relatively small effort. Some combination of these will form your early wins'.

    Call 6

    Day 61 to Day 75

    Run a start, stop, continue exercise with your IT staff — Alternative

    This is an alternative activity to running an IT Staffing Assessment, which contains a start/stop/continue assessment. This activity can be facilitated with a flip chart or a whiteboard. Create three pages or three columns and label them Start, Stop, and Continue.

    Hand out sticky notes to each team member and then allow time for individual brainstorming. Instruct them to write down their contributions for each category on the sticky notes. After a few minutes, have everyone stick their notes in the appropriate category on the board. Discuss as a group and see what themes emerge. Record the results that you want to share in your presentation deck (GroupMap).

    Gather your team and explain the meaning of these categories:

    Start: Activities you're not currently doing but should start doing very soon.

    Stop: Activities you're currently doing but aren’t working and should cease.

    Continue: Things you're currently doing and are working well.

    Presentation Deck, slide 24

    Determine the alignment of IT commitments with business objectives

    Associated Activity icon

    INPUT: Interviews with IT leadership team

    OUTPUT: High-level understanding of in-flight commitments and investments

    Run this only as an alternative to the IT Management & Governance Diagnostic.

    1. Schedule meetings with IT leadership to understand what commitments have been made to the business in terms of new products, projects, or enhancements.
    2. Determine the following about IT’s current investment mix:
      1. What are the current IT investments and assets? How do they align to business goals?
      2. What investments in flight are related to which information assets?
      3. Are there any immediate risks identified for these key investments?
      4. What are the primary business issues that demand attention from IT consistently?
      5. What choices remain undecided in terms of strategic direction of the IT organization?
    3. Document your key investments and commitments as well as any points of misalignment between objectives and current commitments as action items to address in your long-term plans. If they are small fixes, consider them during your quick-win identification.

    Presentation Deck, slide 25

    Determine the alignment of IT commitments with business objectives

    Run this only as an alternative to the IT Staffing Assessment diagnostic.

    Schedule meetings with IT leadership to understand what commitments have been made to the business in terms of new products, projects, or enhancements.

    Determine the following about IT’s current investment mix:

    • What are the current IT investments and assets?
    • How do they align to business goals?
    • What in-flight investments are related to which information assets?
    • Are there any immediate risks identified for these key investments?
    • What are the primary business issues that demand attention from IT consistently?
    • What remains undecided in terms of strategic direction of the IT organization?

    Document your key investments and commitments, as well as any points of misalignment between objectives and current commitments, as action items to address in your long-term plans. If they are small-effort fixes, consider them during your quick-win identification.

    Presentation Deck, slide 25

    Make a categorized vendor list by IT process

    As part of learning the IT team, you should also create a comprehensive list of vendors under contract. Collaborate with the finance department to get a clear view of how much of the IT budget is spent on specific vendors. Try to match vendors to the IT processes they serve from the IT M&G framework.

    You should also organize your vendors based on their budget allocation. Go beyond just listing how much money you’re spending with each vendor and categorize them into either “transactional” relationships or “strategic relationships.” Use the grid below to organize them. Ideally, you’ll want most relationships to be high spend and strategic (Source: Gary Davenport).

    A matrix of vendor categories with the vertical axis 'Spend' increasing upward, and the horizontal axis 'Type of relationship' with values 'Transactional' or 'Strategic'. The bottom left corner is 'Low Spend Transactional', the top right corner is 'High Spend Strategic'.

    Where to source your vendor list:

    • Finance department
    • Infrastructure managers
    • Vendor manager in IT

    Further reading: Manage Your Vendors Before They Manage You

    Presentation Deck, slide 26

    Jennifer Schaeffer’s short-timeline turnaround

    CASE STUDY

    Industry Education
    Source Interview with Jennifer Schaeffer

    Jennifer Schaeffer joined Athabasca University as CIO in November 2017. She was entering a turnaround situation as the all-online university lacked an IT strategy and had built up significant technical debt. Armed with the mandate of a third-party consultant that was supported by the president, Schaeffer used a people-first approach to construct her strategy. She met with all her staff, listening to them carefully regardless of role, and consulted with the administrative council and faculty members. She reflected that feedback in her plan or explained to staff why it wasn’t relevant for the strategy. She implemented a “strategic calendaring” approach for the organization, making sure that her team members were participating in meetings where their work was assessed and valued. Drawing on Spotify as an inspiration, she designed her teams in a way that everyone was connected to the customer experience. Given her short timeline to execute, she put off a deep skills analysis of her team for a later time, as well as creating a full architectural map of her technology stack. The outcome is that 2.5 years later, the IT department is unified in using the same tooling and optimization standards. It’s more flexible and ready to incorporate government changes, such as offering more accessibility options.

    		Photo of Jennifer Schaeffer.
    Jennifer Schaeffer took on the CIO role at Athabasca University in 2017 and was asked to create a five-year strategic plan in just six weeks.
    (Image source: Athabasca University)

    Listen to 'The First 100 Days' podcast – Eric Wright

    Call 7

    Day 76 to Day 90

    Finalize your vision – mission – values statement

    A clear statement for your values, vision, and mission will help crystallize your IT strategy and communicate what you're trying to accomplish to the entire organization.

    Mission: This statement describes the needs that IT was created to meet and answers the basic question of why IT exists.

    Vision: Write a statement that captures your values. Remember that the vision statement sets out what the IT organization wants to be known for now and into the future.

    Values: IT core values represent the standard axioms by which the IT department operates. Similar to the core values of the organization as a whole, IT’s core values are the set of beliefs or philosophies that guide its strategic actions.

    Further reading: IT Vision and Mission Statements Template

    Presentation Deck, slide 42

    John Chen's new strategic vision

    CASE STUDY

    Industry Mobile Services
    Source Sean Silcoff, The Globe and Mail

    John Chen, known in the industry as a successful turnaround executive, was appointed BlackBerry CEO in 2014 following the unsuccessful launch of the BlackBerry 10 mobile operating system and a new tablet.

    He spent his first three months travelling, talking to customers and suppliers, and understanding the company's situation. He assessed that it had a problem generating cash and had made some strategic errors, but there were many assets that could benefit from more investment.

    He was blunt about the state of BlackBerry, making cutting observations of the past mistakes of leadership. He also settled a key question about whether BlackBerry would focus on consumer or enterprise customers. He pointed to a base of 80,000 enterprise customers that accounted for 80% of revenue and chose to focus on that.

    His new mission for BlackBerry: to transform it from being a "mobile technology company" that pushes handset sales to "a mobile solutions company" that serves the mobile computing needs of its customers.

    		Photo of John Chen, CEO of BlackBerry.
    John Chen, CEO of BlackBerry, presents at BlackBerry Security Summit 2018 in New York City (Image source: Brian Jackson)

    Listen to 'The First 100 Days' podcast – Erin Bury

    Quick wins: Make recommendations based on the CIO Business Vision survey

    Based on your completed CIO Business Vision survey, use the IT Satisfaction Scorecard to determine some initiatives. Focus on areas that are ranked as high importance to the business but low satisfaction. While all of the initiatives may be achievable given enough time, use the matrix below to identify the quick wins that you can focus on immediately. It’s important to not fail in your quick-win initiative.

    • High Visibility, Low Risk: Best bet for demonstrating your ability to deliver value.
    • Low Visibility, Low Risk: Worth consideration, depending on the level of effort required and the relative importance to the stakeholder.
    • High Visibility, High Risk: Limit higher-risk initiatives until you feel you have gained trust from your stakeholders, demonstrating your ability to deliver.
    • Low Visibility, High Risk: These will be your lowest value, quick-win initiatives. Keep them in a backlog for future consideration in case business objectives change.
    A matrix of initiative categories based on organizational visibility and risk of failure. It is split into quadrants: the vertical axis is 'Organizational Visibility' with 'High' at the top and 'Low' at the bottom; the horizontal axis is 'Risk of Failure' with 'Low' on the left and 'High' on the right. 'Low Visibility, Low Risk, Few stakeholders will benefit from the initiative’s implementation.' 'Low Visibility, High Risk, No immediate attention is required, but it may become a priority in the future if business objectives change.' 'High Visibility, Low Risk, Multiple stakeholders will benefit from the initiative’s implementation, and it has a low risk of failure.' 'High Visibility, High Risk, Multiple stakeholders will benefit from the initiative’s implementation, but it has a higher risk of failure.'

    Presentation Deck, slide 27

    Create and communicate a post-100 plan

    The last few slides of your presentation deck represent a roundup of all the assessments you’ve done and communicate your plan for the months ahead.

    Slide 38. Based on the information on the previous slide and now knowing which IT capabilities need improvement and which business priorities are important to support, estimate where you'd like to see IT staff spend their time in the near future. Will you be looking to shift staff from one area to another? Will you be looking to hire staff?

    Slide 39. Take your IT M&G initiatives from slide 19 and list them here. If you've already achieved a quick win, list it and mark it as completed to show what you've accomplished. Briefly outline the objectives, how you plan to achieve the result, and what measurement will indicate success.

    Slide 40. Reflect your CIO Business Vision initiatives from slide 31 here.

    Slide 41. Use this roadmap template to list your initiatives by roughly when they’ll be worked on and completed. Plan for when you’ll update your diagnostics.

    Expert Contributors

    Photo of Alan Fong, Chief Technology Officer, Dealer-FX Alan Fong, Chief Technology Officer, Dealer-FX
    Photo of Andrew Wertkin, Chief Strategy Officer, BlueCat NetworksPhoto of David Penny, Chief Technology Officer, BlueCat Networks Andrew Wertkin, Chief Strategy Officer, BlueCat Networks
    David Penny, Chief Technology Officer, BlueCat Networks
    Photo of Susan Bowen, CEO, Aptum Susan Bowen, CEO, Aptum
    Photo of Erin Bury, CEO, Willful Erin Bury, CEO, Willful
    Photo of Denis Gaudreault, Country Manager, Intel Canada and Latin America Denis Gaudreault, Country Manager, Intel Canada and Latin America
    Photo of Wayne Berger, CEO, IWG Plc Wayne Berger, CEO, IWG Plc
    Photo of Eric Wright, CEO, LexisNexis Canada Eric Wright, CEO, LexisNexis Canada
    Photo of Gary Davenport Gary Davenport, past president of CIO Association” of Canada, former VP of IT, Enterprise Solutions Division, MTS AllStream
    Photo of Jennifer Schaeffer, VP of IT and CIO, Athabasca University Jennifer Schaeffer, VP of IT and CIO, Athabasca University

    Bibliography

    Beaudan, Eric. “Do you have what it takes to be an executive?” The Globe and Mail, 9 July 2018. Web.

    Bersohn, Diana. “Go Live on Day One: The Path to Success for a New CIO.” PDF document. Accenture, 2015. Web.

    Bradt, George. “Executive Onboarding When Promoted From Within To Follow A Successful Leader.” Forbes, 15 Nov. 2018. Web.

    “CIO Stats: Length of CIO Tenure Varies By Industry.” CIO Journal, The Wall Street Journal. 15 Feb. 2017. Web.

    “Enlarging Your Sphere of Influence in Your Organization: Your Learning and Development Guide to Getting People on Side.” MindTools Corporate, 2014.

    “Executive Summary.” The CIO's First 100 Days: A Toolkit. PDF document. Gartner, 2012. Web.

    Forbes, Jeff. “Are You Ready for the C-Suite?” KBRS, n.d. Web.

    Gallo, Carmine. “Tim Cook Uses These 5 Words to Take Control of Any Conversation.” Inc., 9 Aug. 2019. Web.

    Giles, Sunnie. “The Most Important Leadership Competencies, According to Leaders Around the World.” Harvard Business Review, 15 March 2016. Web.

    Godin, Seth. “Ode: How to tell a great story.” Seth's Blog. 27 April 2006. Web.

    Green, Charles W. “The horizontal dimension of race: Social culture.” Hope College Blog Network, 19 Oct. 2014. Web.

    Hakobyan, Hayk. “On Louis Gerstner And IBM.” Hayk Hakobyan, n.d. Web.

    Bibliography

    Hargrove, Robert. Your First 100 Days in a New Executive Job, edited by Susan Youngquist. Kindle Edition. Masterful Coaching Press, 2011.

    Heathfield, Susan M. “Why ‘Blink’ Matters: The Power of Your First Impressions." The Balance Careers, 25 June 2019. Web.

    Hillis, Rowan, and Mark O'Donnell. “How to get off to a flying start in your new job.” Odgers Berndtson, 29 Nov. 2018. Web.

    Karaevli, Ayse, and Edward J. Zajac. “When Is an Outsider CEO a Good Choice?” MIT Sloan Management Review, 19 June 2012. Web.

    Keizer, Gregg. “Microsoft CEO Nadella Aces First-100-Day Test.” Computerworld, 15 May 2014. Web.

    Keller, Scott, and Mary Meaney. “Successfully transitioning to new leadership roles.” McKinsey & Company, May 2018. Web.

    Kress, R. “Director vs. Manager: What You Need to Know to Advance to the Next Step.” Ivy Exec, 2016. Web.

    Levine, Seth. “What does it mean to be an ‘executive’.” VC Adventure, 1 Feb. 2018. Web.

    Lichtenwalner, Benjamin. “CIO First 90 Days.” PDF document. Modern Servant Leader, 2008. Web.

    Nawaz, Sabina. “The Biggest Mistakes New Executives Make.” Harvard Business Review, 15 May 2017. Web.

    Pruitt, Sarah. “Fast Facts on the 'First 100 Days.‘” History.com, 22 Aug. 2018. Web.

    Rao, M.S. “An Action Plan for New CEOs During the First 100 Days.” Training, 4 Oct. 2014. Web.

    Reddy, Kendra. “It turns out being a VP isn't for everyone.” Financial Post, 17 July 2012. Web.

    Silcoff, Sean. “Exclusive: John Chen’s simple plan to save BlackBerry.” The Globe & Mail, 24 Feb. 2014. Web.

    Bibliography

    “Start Stop Continue Retrospective.” GroupMap, n.d. Web.

    Surrette, Mark. “Lack of Rapport: Why Smart Leaders Fail.” KBRS, n.d. Web.

    “Understanding Types of Organization – PMP Study.” Simplilearn, 4 Sept. 2019. Web.

    Wahler, Cindy. “Six Behavioral Traits That Define Executive Presence.” Forbes, 2 July 2015. Web.

    Watkins, Michael D. The First 90 Days, Updated and Expanded. Harvard Business Review Press, 2013.

    Watkins, Michael D. “7 Ways to Set Up a New Hire for Success.” Harvard Business Review, 10 May 2019. Web.

    “What does it mean to be a business executive?” Daniels College of Business, University of Denver, 12 Aug. 2014. Web.

    Yeung, Ken. “Turnaround: Marissa Mayer’s first 300 days as Yahoo’s CEO.” The Next Web, 19 May 2013. Web.

    Become a Strategic CIO

    • Buy Link or Shortcode: {j2store}80|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 15 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • As a CIO, you are currently operating in a stable and trusted IT environment, but you would like to advance your role to strategic business partner.
    • CIOs are often overlooked as a strategic partner by their peers, and therefore face the challenge of proving they deserve a seat at the table.

    Our Advice

    Critical Insight

    • To become a strategic business partner, you must think and act as a business person that works in IT, rather than an IT person that works for the business.
    • Career advancement is not a solo effort. Building relationships with your executive business stakeholders will be critical to becoming a respected business partner.

    Impact and Result

    • Create a personal development plan and stakeholder management strategy to accelerate your career and become a strategic business partner. For a CIO to be considered a strategic business partner, he or she must be able to:
      • Act as a business person that works in IT, rather than an IT person that works for the business. This involves meeting executive stakeholder expectations, facilitating innovation, and managing stakeholder relationships.
      • Align IT with the customer. This involves providing business stakeholders with information to support stronger decision making, keeping up with disruptive technologies, and constantly adapting to the ever-changing end-customer needs.
      • Manage talent and change. This involves performing strategic workforce planning, and being actively engaged in identifying opportunities to introduce change in your organization, suggesting ways to improve, and then acting on them.

    Become a Strategic CIO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should become a strategic CIO, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch

    Analyze strategic CIO competencies and assess business stakeholder satisfaction with IT using Info-Tech's CIO Business Vision Diagnostic and CXO-CIO Alignment Program.

    • Become a Strategic CIO – Phase 1: Launch

    2. Assess

    Evaluate strategic CIO competencies and business stakeholder relationships.

    • Become a Strategic CIO – Phase 2: Assess
    • CIO Strategic Competency Evaluation Tool
    • CIO Stakeholder Power Map Template

    3. Plan

    Create a personal development plan and stakeholder management strategy.

    • Become a Strategic CIO – Phase 3: Plan
    • CIO Personal Development Plan
    • CIO Stakeholder Management Strategy Template

    4. Execute

    Develop a scorecard to track personal development initiatives.

    • Become a Strategic CIO – Phase 4: Execute
    • CIO Strategic Competency Scorecard
    [infographic]

    Workshop: Become a Strategic CIO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Competencies & Stakeholder Relationships

    The Purpose

    Gather and review information from business stakeholders.

    Assess strategic CIO competencies and business stakeholder relationships.

    Key Benefits Achieved

    Gathered information to create a personal development plan and stakeholder management strategy.

    Analyzed the information from diagnostics and determined the appropriate next steps.

    Identified and prioritized strategic CIO competency gaps.

    Evaluated the power, impact, and support of key business stakeholders.

    Activities

    1.1 Conduct CIO Business Vision diagnostic

    1.2 Conduct CXO-CIO Alignment program

    1.3 Assess CIO competencies

    1.4 Assess business stakeholder relationships

    Outputs

    CIO Business Vision results

    CXO-CIO Alignment Program results

    CIO competency gaps

    Executive Stakeholder Power Map

    2 Take Control of Your Personal Development

    The Purpose

    Create a personal development plan and stakeholder management strategy.

    Track your personal development and establish checkpoints to revise initiatives.

    Key Benefits Achieved

    Identified personal development and stakeholder engagement initiatives to bridge high priority competency gaps.

    Identified key performance indicators and benchmarks/targets to track competency development.

    Activities

    2.1 Create a personal development plan

    2.2 Create a stakeholder management strategy

    2.3 Establish key performance indicators and benchmarks/targets

    Outputs

    Personal Development Plan

    Stakeholder Management Strategy

    Strategic CIO Competency Scorecard

    Application Portfolio Management

    • Buy Link or Shortcode: {j2store}28|cart{/j2store}
    • Related Products: {j2store}28|crosssells{/j2store}
    • member rating overall impact: 9.1/10
    • member rating average dollars saved: $81,275
    • member rating average days saved: 20
    • Parent Category Name: Applications
    • Parent Category Link: /applications
    • byline: Manage your application portfolio to minimize risk and maximize value.

    The challenge

    • The chances are that you, too, have too many or far too many applications in your organization. You will not be alone. Almost 60% of companies report the same issue. 
    • That is due to poorly managed portfolios.
    • Your application managers now need to support too many non-critical applications, and they spend insufficient time on the vital applications.
    • You can rarely find the required pieces to rationalize your portfolio in one place. You will need to find the resources and build a team.
    • The lack of standard practices to define the value that each application in a portfolio provides to the company causes misalignments.

    Our advice

    Insight

    • There is no silver bullet solution. Going too rigid in your approach causes delays in value realization through application portfolio management. It may even prevent this altogether. Define flexible inputs to your portfolio and align closely with your business goals.

    Impact and results 

    • Define the outputs of your application rationalization effort, with clear roles and responsibilities.
    • Tailor the application rationalization framework (ARF) to your company's motivations, goals, and limitations.
    • Apply various application assessments to build a clear picture of your portfolio.
    • Build an application portfolio roadmap that shows your target state based on your rationalization decisions.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why you should rationalize your application portfolio using a tailored framework for your company. We'll show you our methodology and the ways we can help you in handling this.

    Lay the foundations

    Define why you want to rationalize your application portfolio. Define the end state and scope. Build your action plan.

    • Build an Application Rationalization Framework – Phase 1: Lay Your Foundations (ppt)
    • Application Rationalization Tool (xls)

    Plan the application rationalization framework

    Understand what the core assessments are that you perform in these rationalizations. Define your framework and how rigorous you want to apply the reviews based on your business context.

    • Build an Application Rationalization Framework – Phase 2: Plan Your Application Rationalization Framework (ppt)

    Test and adapt your application rationalization framework (ARF)

    Our tool allows you to test the elements of your ARF. Then do a retrospective and adapt based on your experience and desired outcomes. 

    • Build an Application Rationalization Framework – Phase 3: Test and Adapt Your Application Rationalization Framework (ppt)
    • Application TCO Calculator (xls)
    • Value Calculator (xls)

    Initiate your roadmap

    Review your dispositions to ensure they align with your goals. 

    • Build an Application Rationalization Framework – Phase 4: Initiate Your Roadmap (ppt)
    • Disposition Prioritization Tool (xls)

     

    Mergers & Acquisitions: The Sell Blueprint

    • Buy Link or Shortcode: {j2store}324|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    There are four key scenarios or entry points for IT as the selling/divesting organization in M&As:

    • IT can suggest a divestiture to meet the business objectives of the organization.
    • IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and complies with the purchasing organization’s asks.
    • IT needs to reactively prepare its environment to enable the separation.

    Consider the ideal scenario for your IT organization.

    Our Advice

    Critical Insight

    Divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    • The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    • A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    • Transactions that are driven by digital motivations, requiring IT’s expertise.
    • There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.

    Impact and Result

    Prepare for a sale/divestiture transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Mergers & Acquisitions: The Sell Blueprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how your organization can excel its reduction strategy by engaging in M&A transactions. Review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Proactive Phase

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    • One-Pager: M&A Proactive
    • Case Study: M&A Proactive
    • Information Asset Audit Tool
    • Data Valuation Tool
    • Enterprise Integration Process Mapping Tool
    • Risk Register Tool
    • Security M&A Due Diligence Tool
    • Service Catalog Internal Service Level Agreement Template

    2. Discovery & Strategy

    Create a standardized approach for how your IT organization should address divestitures or sales.

    • One-Pager: M&A Discovery & Strategy – Sell
    • Case Study: M&A Discovery & Strategy – Sell

    3. Due Diligence & Preparation

    Comply with due diligence, prepare the IT environment for carve-out possibilities, and establish the separation project plan.

    • One-Pager: M&A Due Diligence & Preparation – Sell
    • Case Study: M&A Due Diligence & Preparation – Sell
    • IT Due Diligence Charter
    • IT Culture Diagnostic
    • M&A Separation Project Management Tool (SharePoint)
    • SharePoint Template: Step-by-Step Deployment Guide
    • M&A Separation Project Management Tool (Excel)

    4. Execution & Value Realization

    Deliver on the separation project plan successfully and communicate IT’s transaction value to the business.

    • One-Pager: M&A Execution & Value Realization – Sell
    • Case Study: M&A Execution & Value Realization – Sell

    Infographic

    Workshop: Mergers & Acquisitions: The Sell Blueprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Pre-Transaction Discovery & Strategy

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for divesting or selling.

    Formalize the program plan.

    Create the valuation framework.

    Strategize the transaction and finalize the M&A strategy and approach.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Set up crucial elements to facilitate the success of the transaction.

    Have a repeatable transaction strategy that can be reused for multiple organizations.

    Activities

    1.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics.

    1.2 Identify key stakeholders and outline their relationship to the M&A process.

    1.3 Understand the rationale for the company's decision to pursue a divestiture or sale.

    1.4 Assess the IT/digital strategy.

    1.5 Identify pain points and opportunities tied to the divestiture/sale.

    1.6 Create the IT vision statement and mission statement and identify IT guiding principles and the transition team.

    1.7 Document the M&A governance.

    1.8 Establish program metrics.

    1.9 Create the valuation framework.

    1.10 Establish the separation strategy.

    1.11 Conduct a RACI.

    1.12 Create the communication plan.

    1.13 Prepare to assess target organizations.

    Outputs

    Business perspectives of IT

    Stakeholder network map for M&A transactions

    Business context implications for IT

    IT’s divestiture/sale strategic direction

    Governance structure

    M&A program metrics

    IT valuation framework

    Separation strategy

    RACI

    Communication plan

    Prepared to assess target organization(s)

    2 Mid-Transaction Due Diligence & Preparation

    The Purpose

    Establish the foundation.

    Discover the motivation for separation.

    Identify expectations and create the carve-out roadmap.

    Prepare and manage employees.

    Plan the separation roadmap.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Methodology identified to enable compliance during due diligence.

    Employees are set up for a smooth and successful transition.

    Separation activities are planned and assigned.

    Activities

    2.1 Gather and evaluate the stakeholders involved, M&A strategy, future-state operating model, and governance.

    2.2 Review the business rationale for the divestiture/sale.

    2.3 Establish the separation strategy.

    2.4 Create the due diligence charter.

    2.5 Create a list of IT artifacts to be reviewed in the data room.

    2.6 Create a carve-out roadmap.

    2.7 Create a service/technical transaction agreement.

    2.8 Measure staff engagement.

    2.9 Assess the current culture and identify the goal culture.

    2.10 Create employee transition and functional workplans.

    2.11 Establish the separation roadmap.

    2.12 Establish and align project metrics with identified tasks.

    2.13 Estimate integration costs.

    Outputs

    Stakeholder map

    IT strategy assessed

    IT operating model and IT governance structure defined

    Business context implications for IT

    Separation strategy

    Due diligence charter

    Data room artifacts

    Carve-out roadmap

    Service/technical transaction agreement

    Engagement assessment

    Culture assessment

    Employee transition and functional workplans

    Integration roadmap and associated resourcing

    3 Post-Transaction Execution & Value Realization

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for separation.

    Plan the separation roadmap.

    Prepare employees for the transition.

    Engage in separation.

    Assess the transaction outcomes.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Separation activities are planned and assigned.

    Employees are set up for a smooth and successful transition.

    Separation strategy and roadmap are executed to benefit the organization.

    Review what went well and identify improvements to be made in future transactions.

    Activities

    3.1 Identify key stakeholders and outline their relationship to the M&A process.

    3.2 Gather and evaluate the M&A strategy, future-state operating model, and governance.

    3.3 Review the business rationale for the divestiture/sale.

    3.4 Establish the separation strategy.

    3.5 Prioritize separation tasks.

    3.6 Establish the separation roadmap.

    3.7 Establish and align project metrics with identified tasks.

    3.8 Estimate separation costs.

    3.9 Measure staff engagement.

    3.10 Assess the current culture and identify the goal culture.

    3.11 Create employee transition and functional workplans.

    3.12 Complete the separation by regularly updating the project plan.

    3.13 Assess the service/technical transaction agreement.

    3.14 Confirm separation costs.

    3.15 Review IT’s transaction value.

    3.16 Conduct a transaction and separation SWOT.

    3.17 Review the playbook and prepare for future transactions.

    Outputs

    M&A transaction team

    Stakeholder map

    IT strategy assessed

    IT operating model and IT governance structure defined

    Business context implications for IT

    Separation strategy

    Separation roadmap and associated resourcing

    Engagement assessment

    Culture assessment

    Employee transition and functional workplans

    Updated separation project plan

    Evaluated service/technical transaction agreement

    SWOT of transaction

    M&A Sell Playbook refined for future transactions

    Further reading

    Mergers & Acquisitions: The Sell Blueprint

    For IT leaders who want to have a role in the transaction process when their business is engaging in an M&A sale or divestiture.

    EXECUTIVE BRIEF

    Analyst Perspective

    Don’t wait to be invited to the M&A table, make it.

    Photo of Brittany Lutes, Research Analyst, CIO Practice, Info-Tech Research Group.
    Brittany Lutes
    Research Analyst,
    CIO Practice
    Info-Tech Research Group
    Photo of Ibrahim Abdel-Kader, Research Analyst, CIO Practice, Info-Tech Research Group.
    Ibrahim Abdel-Kader
    Research Analyst,
    CIO Practice
    Info-Tech Research Group

    IT has always been an afterthought in the M&A process, often brought in last minute once the deal is nearly, if not completely, solidified. This is a mistake. When IT is brought into the process late, the business misses opportunities to generate value related to the transaction and has less awareness of critical risks or inaccuracies.

    To prevent this mistake, IT leadership needs to develop strong business relationships and gain respect for their innovative suggestions. In fact, when it comes to modern M&A activity, IT should be the ones suggesting potential transactions to meet business needs, specifically when it comes to modernizing the business or adopting digital capabilities.

    IT needs to stop waiting to be invited to the acquisition or divestiture table. IT needs to suggest that the table be constructed and actively work toward achieving the strategic objectives of the business.

    Executive Summary

    Your Challenge

    There are four key scenarios or entry points for IT as the selling/divesting organization in M&As:

    • IT can suggest a divestiture to meet the business objectives of the organization.
    • IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and complies with the purchasing organization’s asks.
    • IT needs to reactively prepare its environment to enable the separation.

    Consider the ideal scenario for your IT organization.

    Common Obstacles

    Some of the obstacles IT faces include:

    • IT is often told about the transaction once the deal has already been solidified and is now forced to meet unrealistic business demands.
    • The business does not trust IT and therefore does not approach IT to define value or reduce risks to the transaction process.
    • The people and culture element is forgotten or not given adequate priority.

    These obstacles often arise when IT waits to be invited into the transaction process and misses critical opportunities.

    Info-Tech's Approach

    Prepare for a sale/divestiture transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Info-Tech Insight

    As the number of merger, acquisition, and divestiture transactions continues to increase, so too does IT’s opportunity to leverage the growing digital nature of these transactions and get involved at the onset.

    The changing M&A landscape

    Businesses will embrace more digital M&A transactions in the post-pandemic world

    • When the pandemic occurred, businesses reacted by either pausing (61%) or completely cancelling (46%) deals that were in the mid-transaction state (Deloitte, 2020). The uncertainty made many organizations consider whether the risks would be worth the potential benefits.
    • However, many organizations quickly realized the pandemic is not a hindrance to M&A transactions but an opportunity. Over 16,000 American companies were involved in M&A transactions in the first six months of 2021 (The Economist). For reference, this had been averaging around 10,000 per six months from 2016 to 2020.
    • In addition to this transaction growth, organizations have increasingly been embracing digital. These trends increase the likelihood that, as an IT leader, you will engage in an M&A transaction. However, it is up to you when you get involved in the transactions.

    The total value of transactions in the year after the pandemic started was $1.3 billion – a 93% increase in value compared to before the pandemic. (Nasdaq)

    71% of technology companies anticipate that divestitures will take place as a result of the COVID-19 pandemic. (EY, 2020)

    Your challenge

    IT is often not involved in the M&A transaction process. When it is, it’s often too late.

    • The most important driver of an acquisition is the ability to access new technology (DLA Piper), and yet 50% of the time, IT isn’t involved in the M&A transaction at all (IMAA Institute, 2017).
    • Additionally, IT’s lack of involvement in the process negatively impacts the business:
      • Most organizations (60%) do not have a standardized approach to integration (Steeves and Associates), let alone separation.
      • Two-thirds of the time, the divesting organization and acquiring organization will either fail together or succeed together (McKinsey, 2015).
      • Less than half (47%) of organizations actually experience the positive results sought by the M&A transaction (Steeves and Associates).
    • Organizations pursuing M&A and not involving IT are setting themselves up for failure.

    Only half of M&A deals involve IT (Source: IMAA Institute, 2017)

    Common Obstacles

    These barriers make this challenge difficult to address for many organizations:

    • IT is rarely afforded the opportunity to participate in the transaction deal. When IT is invited, this often happens later in the process where separation will be critical to business continuity.
    • IT has not had the opportunity to demonstrate that it is a valuable business partner in other business initiatives.
    • One of the most critical elements that IT often doesn’t take the time or doesn’t have the time to focus on is the people and leadership component.
    • IT waits to be invited to the process rather then actively involving themselves and suggesting how value can be added to the process.

    In hindsight, it’s clear to see: Involving IT is just good business.

    47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion. (Source: IMAA Institute, 2017)

    “Solutions exist that can save well above 50 percent on divestiture costs, while ensuring on-time delivery.” (Source: SNP)

    Info-Tech's approach

    Acquisitions & Divestitures Framework

    Acquisitions and divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    1. The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    2. Transactions that are driven by digital motivations, requiring IT’s expertise.
    3. A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    4. There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.
    A diagram highlighting the 'IT Executives' Role in Acquisitions and Divestitures' when they are integrated at different points in the 'Core Business Timeline'. There are four main entry points 'Proactive', 'Discovery and Strategy', 'Due Diligence and Preparation', and 'Execution and Value Realized'. It is highlighted that IT can and should start at 'Proactive', but most organizations start at 'Execution and Value Realized'. 'Proactive': suggest opportunities to evolve the organization; prove IT's value and engage in growth opportunities early. Innovators start here. Steps of the business timeline in 'Proactive' are 'Organization strategies are defined' and 'M and A is considered to enable strategy'. After a buy or sell transaction is initiated is 'Discovery and Strategy': pre-transaction state. If it is a Buy transaction, 'Establish IT's involvement and approach'. If it is a Sell transaction, 'Prepare to engage in negotiations'. Business Partners start here. Steps of the business timeline in 'Discovery and Strategy' are 'Searching criteria is set', 'Potential candidates are considered', and 'LOI is sent/received'. 'Due Diligence and Preparation': mid-transaction state. If it is a Buy transaction, 'Identify potential transaction benefits and risks'. If it is a Sell transaction, 'Comply, communicate, and collaborate in transaction'. Trusted Operators start here. Steps of the business timeline in 'Due Diligence and Preparation' are 'Due diligence engagement occurs', 'Final agreement is reached', and 'Preparation for transaction execution occurs'. 'Execution and Value Realization': post-transaction state. If it is a Buy transaction, 'Integrate the IT environments and achieve business value'. If it is a Sell transaction, 'Separate the IT environment and deliver on transaction terms'. Firefighters start here. Steps of the business timeline in 'Execution and Value Realization' are 'Staff and operations are addressed appropriately', 'Day 1 of implementation and integration activities occurs', '1st 100 days of new entity state occur' and 'Ongoing risk mitigating and value creating activities occur'.

    The business’ view of IT will impact how soon IT can get involved

    There are four key entry points for IT

    A colorful visualization of the four key entry points for IT and a fifth not-so-key entry point. Starting from the top: 'Innovator', Information and Technology as a Competitive Advantage, 90% Satisfaction; 'Business Partner', Effective Delivery of Strategic Business Projects, 80% Satisfaction; 'Trusted Operator', Enablement of Business Through Application and Work Orders, 70% Satisfaction; 'Firefighter', Reliable Infrastructure and IT Service Desk, 60% Satisfaction; and then 'Unstable', Inability to Consistently Deliver Basic Services, <60% Satisfaction.
    1. Innovator: IT suggests a sale or divestiture to meet the business objectives of the organization.
    2. Business Partner: IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspective.
    3. Trusted Operator: IT participates in due diligence activities and complies with the purchasing organization’s asks.
    4. Firefighter: IT needs to reactively prepare its environment in order to enable the separation.

    Merger, acquisition, and divestiture defined

    Merger

    A merger looks at the equal combination of two entities or organizations. Mergers are rare in the M&A space, as the organizations will combine assets and services in a completely equal 50/50 split. Two organizations may also choose to divest business entities and merge as a new company.

    Acquisition

    The most common transaction in the M&A space, where an organization will acquire or purchase another organization or entities of another organization. This type of transaction has a clear owner who will be able to make legal decisions regarding the acquired organization.

    Divestiture

    An organization may decide to sell partial elements of a business to an acquiring organization. They will separate this business entity from the rest of the organization and continue to operate the other components of the business.

    Info-Tech Insight

    A true merger does not exist, as there is always someone initiating the discussion. As a result, most M&A activity falls into acquisition or divestiture categories.

    Selling vs. buying

    The M&A process approach differs depending on whether you are the selling or buying organization

    This blueprint is only focused on the sell side:

    • Examples of sell-related scenarios include:
      • Your organization is selling to another organization with the intent of keeping its regular staff, operations, and location. This could mean minimal separation is required.
      • Your organization is selling to another organization with the intent of separating to be a part of the purchasing organization.
      • Your organization is engaging in a divestiture with the intent of:
        • Separating components to be part of the purchasing organization permanently.
        • Separating components to be part of a spinoff and establish a unit as a standalone new company.
    • As the selling organization, you could proactively seek out suitors to purchase all or components of your organization, or you could be approached by an organization.

    The buy side is focused on:

    • More than two organizations could be involved in a transaction.
    • Examples of buy-related scenarios include:
      • Your organization is buying another organization with the intent of having the purchased organization keep its regular staff, operations, and location. This could mean minimal integration is required.
      • Your organization is buying another organization in its entirety with the intent of integrating it into your original company.
      • Your organization is buying components of another organization with the intent of integrating them into your original company.
    • As the purchasing organization, you will probably be initiating the purchase and thus will be valuating the selling organization during due diligence and leading the execution plan.

    For more information on acquisitions or purchases, check out Info-Tech’s Mergers & Acquisitions: The Buy Blueprint.

    Core business timeline

    For IT to be valuable in M&As, you need to align your deliverables and your support to the key activities the business and investors are working on.

    Info-Tech’s methodology for Selling Organizations in Mergers, Acquisitions, or Divestitures

    1. Proactive

    2. Discovery & Strategy

    3. Due Diligence & Preparation

    4. Execution & Value Realization

    Phase Steps
    1. Identify Stakeholders and Their Perspective of IT
    2. Assess IT’s Current Value and Future State
    3. Drive Innovation and Suggest Growth Opportunities
    1. Establish the M&A Program Plan
    2. Prepare IT to Engage in the Separation or Sale
    1. Engage in Due Diligence and Prepare Staff
    2. Prepare to Separate
    1. Execute the Transaction
    2. Reflection and Value Realization

    Phase Outcomes

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    Create a standardized approach for how your IT organization should address divestitures or sales.

    Comply with due diligence, prepare the IT environment for carve-out possibilities, and establish the separation project plan.

    Deliver on the separation project plan successfully and communicate IT’s transaction value to the business.

    Metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Valuation & Due Diligence

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT separation
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    IT's role in the selling transaction

    And IT leaders have a greater likelihood than ever of needing to support a merger, acquisition, or divestiture.

    1. Reduced Risk

      IT can identify risks that may go unnoticed when IT is not involved.

    2. Increased Accuracy

      The business can make accurate predictions around the costs, timelines, and needs of IT.

    3. Faster Integration

      Faster integration means faster value realization for the business.

    4. Informed Decision Making

      IT leaders hold critical information that can support the business in moving the transaction forward.

    5. Innovation

      IT can suggest new opportunities to generate revenue, optimize processes, or reduce inefficiencies.

    The IT executive’s critical role is demonstrated by:

    • Reduced Risk

      47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion (IMAA Institute, 2017).

    • Increased Accuracy

      Sellers often only provide 15 to 30 days for the acquiring organization to decide (Forbes, 2018), increasing the necessity of accurate pricing.

    • Faster Integration

      36% of CIOs have visibility into only business unit data, making the divestment a challenge (EY, 2021).

    • Informed Decision Making

      Only 38% of corporate and 22% of private equity firms include IT as a significant aspect in their transaction approach (IMAA Institute, 2017).

    • Innovation

      Successful CIOs involved in M&As can spend 70% of their time on aspects outside of IT and 30% of their time on technology and delivery (CIO).

    Playbook benefits

    IT Benefits

    • IT will be seen as an innovative partner to the business, and its suggestions and involvement in the organization will lead to benefits, not hindrances.
    • Develop a streamlined method to prepare the IT environment for potential carve-out and separations, ensuring risk management concerns are brought to the business’ attention immediately.
    • Create a comprehensive list of items that IT needs to do during the separation that can be prioritized and actioned.

    Business Benefits

    • The business will get accurate and relevant information about its IT environment in order to sell or divest the company to the highest bidder for a true price.
    • Fewer business interruptions will happen, because IT can accurately plan for and execute the high-priority separation tasks.
    • The business can obtain a high-value offer for the components of IT being sold and can measure the ongoing value the sale will bring.

    Insight summary

    Overarching Insight

    IT controls if and when it gets invited to support the business through a purchasing growth transaction. Take control of the process, demonstrate the value of IT, and ensure that separation of IT environments does not lead to unnecessary and costly decisions.

    Proactive Insight

    CIOs on the forefront of digital transformation need to actively look for and suggest opportunities to acquire or partner on new digital capabilities to respond to rapidly changing business needs.

    Discovery & Strategy Insight

    IT organizations that have an effective M&A program plan are more prepared for the transaction, enabling a successful outcome. A structured strategy is particularly necessary for organizations expected to deliver M&As rapidly and frequently.

    Due Diligence & Preparation Insight

    IT often faces unnecessary separation challenges because of a lack of preparation. Secure the IT environment and establish how IT will retain employees early in the transaction process.

    Execution & Value Realization Insight

    IT needs to demonstrate value and cost savings within 100 days of the transaction. The most successful transactions are when IT continuously realizes synergies a year after the transaction and beyond.

    Blueprint deliverables

    Key Deliverable: M&A Sell Playbook

    The M&A Sell Playbook should be a reusable document that enables your IT organization to successfully deliver on any divestiture transaction.

    Screenshots of the 'M and A Sell Playbook' deliverable.

    M&A Sell One-Pager

    See a one-page overview of each phase of the transaction.

    Screenshots of the 'M and A Sell One-Pagers' deliverable.

    M&A Sell Case Studies

    Read a one-page case study for each phase of the transaction.

    Screenshots of the 'M and A Sell Case Studies' deliverable.

    M&A Separation Project Management Tool (SharePoint)

    Manage the separation process of the divestiture/sale using this SharePoint template.

    Screenshots of the 'M and A Separation Project Management Tool (SharePoint)' deliverable.

    M&A Separation Project Management Tool (Excel)

    Manage the separation process of the divestiture/sale using this Excel tool if you can’t or don’t want to use SharePoint.

    Screenshots of the 'M and A Separation Project Management Tool (Excel)' deliverable.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 10 calls over the course of 2 to 4 months.

      Proactive Phase

    • Call #1: Scope requirements, objectives, and your specific challenges.

      • Discovery & Strategy Phase

    • Call #2: Determine stakeholders and business perspectives on IT.
    • Call #3: Identify how M&A could support business strategy and how to communicate.

      • Due Diligence & Preparation Phase

    • Call #4: Establish a transaction team and divestiture/sale strategic direction.
    • Call #5: Create program metrics and identify a standard separation strategy.
    • Call #6: Prepare to carve out the IT environment.
    • Call #7: Identify the separation program plan.

      • Execution & Value Realization Phase

    • Call #8: Establish employee transitions to retain key staff.
    • Call #9: Assess IT’s ability to deliver on the divestiture/sale transaction.

    The Sell Blueprint

    Phase 1

    Proactive

    Phase 1

    		 Phase 2 Phase 3 Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Conduct the CEO-CIO Alignment diagnostic
    • Conduct the CIO Business Vision diagnostic
    • Visualize relationships among stakeholders to identify key influencers
    • Group stakeholders into categories
    • Prioritize your stakeholders
    • Plan to communicate
    • Valuate IT
    • Assess the IT/digital strategy
    • Determine pain points and opportunities
    • Align goals to opportunities
    • Recommend reduction opportunities

    This phase involves the following participants:

    • IT and business leadership

    What is the Proactive phase?

    Embracing the digital drivers

    As the number of merger, acquisition, or divestiture transactions driven by digital means continues to increase, IT has an opportunity to not just be involved in a transaction but actively seek out potential deals.

    In the Proactive phase, the business is not currently considering a transaction. However, the business could consider one to reach its strategic goals. IT organizations that have developed respected relationships with the business leaders can suggest these potential transactions.

    Understand the business’ perspective of IT, determine who the critical M&A stakeholders are, valuate the IT environment, and examine how it supports the business goals in order to suggest an M&A transaction.

    In doing so, IT isn’t waiting to be invited to the transaction table – it’s creating it.

    Goal: To support the organization in reaching its strategic goals by suggesting M&A activities that will enable the organization to reach its objectives faster and with greater-value outcomes.

    Proactive Prerequisite Checklist

    Before coming into the Proactive phase, you should have addressed the following:

    • Understand what mergers, acquisitions, and divestitures are.
    • Understand what mergers, acquisitions, and divestitures mean for the business.
    • Understand what mergers, acquisitions, and divestitures mean for IT.

    Review the Executive Brief for more information on mergers, acquisitions, and divestitures for selling organizations.

    Proactive

    Step 1.1

    Identify M&A Stakeholders and Their Perspective of IT

    Activities

    • 1.1.1 Conduct the CEO-CIO Alignment diagnostic
    • 1.1.2 Conduct the CIO Business Vision diagnostic
    • 1.1.3 Visualize relationships among stakeholders to identify key influencers
    • 1.1.4 Group stakeholders into categories
    • 1.1.5 Prioritize your stakeholders
    • 1.16 Plan to communicate

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Understand how the business perceives IT and establish strong relationships with critical M&A stakeholders.

    Business executives' perspectives of IT

    Leverage diagnostics and gain alignment on IT’s role in the organization

    • To suggest or get involved with a merger, acquisition, or divestiture, the IT executive leader needs to be well respected by other members of the executive leadership team and the business.
    • Specifically, the Proactive phase relies on the IT organization being viewed as an Innovator within the business.
    • Identify how the CEO/business executive currently views IT and where they would like IT to move within the Maturity Ladder.
    • Additionally, understand how other critical department leaders view IT and how they view the partnership with IT.
    A colorful visualization titled 'Maturity Ladder' detailing levels of IT function that a business may choose from based on the business executives' perspectives of IT. Starting from the bottom: 'Struggle', Does not embarrass, Does not crash; 'Support', Keeps business happy, Keeps costs low; 'Optimize', Increases efficiency, Decreases costs; 'Expand', Extends into new business, Generates revenue; 'Transform', Creates new industry.

    Misalignment in target state requires further communication between the CIO and CEO to ensure IT is striving toward an agreed-upon direction.

    Info-Tech’s CIO Business Vision (CIO BV) diagnostic measures a variety of high-value metrics to provide a well-rounded understanding of stakeholder satisfaction with IT.

    Sample of Info-Tech's CIO Business Vision diagnostic measuring percentages of high-value metrics like 'IT Satisfaction' and 'IT Value' regarding business leader satisfaction. A note for these two reads 'Evaluate business leader satisfaction with IT this year and last year'. A section titled 'Relationship' has metrics such as 'Understands Needs' and 'Trains Effectively'. A note for this section reads 'Examine relationship indicators between IT and the business'. A section titled 'Security Friction' has metrics such as 'Regulatory Compliance-Driven' and 'Office/Desktop Security'.

    Business Satisfaction and Importance for Core Services

    The core services of IT are important when determining what IT should focus on. The most important services with the lowest satisfaction offer the largest area of improvement for IT to drive business value.

    Sample of Info-Tech's CIO Business Vision diagnostic specifically comparing the business satisfaction of 12 core services with their importance. Services listed include 'Service Desk', 'IT Security', 'Requirements Gathering', 'Business Apps', 'Data Quality', and more. There is a short description of the services, a percentage for the business satisfaction with the service, a percentage comparing it to last year, and a numbered ranking of importance for each service. A note reads 'Assess satisfaction and importance across 12 core IT capabilities'.

    1.1.1 Conduct the CEO-CIO Alignment diagnostic

    2 weeks

    Input: IT organization expertise and the CEO-CIO Alignment diagnostic

    Output: An understanding of an executive business stakeholder’s perception of IT

    Materials: M&A Sell Playbook, CEO-CIO Alignment diagnostic

    Participants: IT executive/CIO, Business executive/CEO

    1. The CEO-CIO Alignment diagnostic can be a powerful input. Speak with your Info-Tech account representative to conduct the diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret and draw conclusions from the results.
    3. Examine the results of the survey and note where there might be specific capabilities that could be improved.
    4. Determine whether there are any areas of significant disagreement between the you and the CEO. Mark down those areas for further conversations. Additionally, take note of areas that could be leveraged to support transactions or support your rationale in recommending transactions.

    Download the sample report.

    Record the results in the M&A Sell Playbook.

    1.1.2 Conduct the CIO Business Vision diagnostic

    2 weeks

    Input: IT organization expertise, CIO BV diagnostic

    Output: An understanding of business stakeholder perception of certain IT capabilities and services

    Materials: M&A Buy Playbook, CIO Business Vision diagnostic

    Participants: IT executive/CIO, Senior business leaders

    1. The CIO Business Vision (CIO BV) diagnostic can be a powerful tool for identifying IT capability focus areas. Speak with your account representative to conduct the CIO BV diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret the results and draw conclusions from the diagnostic.
    3. Examine the results of the survey and take note of any IT services that have low scores.
    4. Read through the diagnostic comments and note any common themes. Especially note which stakeholders identified they have a favorable relationship with IT and which stakeholders identified they have an unfavorable relationship. For those who have an unfavorable relationship, identify if they will have a critical role in a growth transaction.

    Download the sample report.

    Record the results in the M&A Sell Playbook.

    Create a stakeholder network map for M&A transactions

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Example:

    Diagram of stakeholders and their relationships with other stakeholders, such as 'Board Members', 'CFO/Finance', 'Compliance', etc. with 'CIO/IT Leader' highlighted in the middle. There are unidirectional black arrows and bi-directional green arrows indicating each connection.

      Legend
    • Black arrows indicate the direction of professional influence
    • Dashed green arrows indicate bidirectional, informal influence relationships

    Info-Tech Insight

    Your stakeholder map defines the influence landscape that the M&A transaction will occur within. This will identify who holds various levels of accountability and decision-making authority when a transaction does take place.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.

    1.1.3 Visualize relationships among stakeholders to identify key influencers

    1-3 hours

    Input: List of M&A stakeholders

    Output: Relationships among M&A stakeholders and influencers

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership

    1. The purpose of this activity is to list all the stakeholders within your organization that will have a direct or indirect impact on the M&A transaction.
    2. Determine the critical stakeholders, and then determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      • Use black arrows to indicate the direction of professional influence.
      • Use dashed green arrows to indicate bidirectional, informal influence relationships.

    Record the results in the M&A Sell Playbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps IT leaders categorize their stakeholders by their level of influence and ownership in the merger, acquisition, or divestiture process.

    A prioritization map of stakeholder categories split into four quadrants. The vertical axis is 'Influence', from low on the bottom to high on top. The horizontal axis is 'Ownership/Interest', from low on the left to high on the right. 'Spectators' are low influence, low ownership/interest. 'Mediators' are high influence, low ownership/interest. 'Noisemakers' are low influence, high ownership/interest. 'Players' are high influence, high ownership/interest.

    There are four areas in the map, and the stakeholders within each area should be treated differently.

    Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

    Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

    Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

    Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    1.1.4 Group stakeholders into categories

    30 minutes

    Input: Stakeholder map, Stakeholder list

    Output: Categorization of stakeholders and influencers

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership, Stakeholders

    1. Identify your stakeholders’ interest in and influence on the M&A process as high, medium, or low by rating the attributes below.
    2. Map your results to the model to the right to determine each stakeholder’s category.

    Same prioritization map of stakeholder categories as before. This one has specific stakeholders mapped onto it. 'CFO' is mapped as low interest and middling influence, between 'Mediator' and 'Spectator'. 'CIO' is mapped as higher than average interest and high influence, a 'Player'. 'Board Member' is mapped as high interest and high influence, a 'Player'.

    Level of Influence
    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.
    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Record the results in the M&A Sell Playbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Level of Support

    Supporter

    Evangelist

    Neutral

    Blocker
    Stakeholder Category Player Critical High High Critical
    Mediator Medium Low Low Medium
    Noisemaker High Medium Medium High
    Spectator Low Irrelevant Irrelevant Low

    Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How significant is that stakeholder to the M&A or divestiture process?

    These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.

    1.1.5 Prioritize your stakeholders

    30 minutes

    Input: Stakeholder matrix

    Output: Stakeholder and influencer prioritization

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    1. Identify the level of support of each stakeholder by answering the following question: How significant is that stakeholder to the M&A transaction process?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.

    Stakeholder

    Category

    Level of Support

    Prioritization
    CMO Spectator Neutral Irrelevant
    CIO Player Supporter Critical

    Record the results in the M&A Sell Playbook.

    Define strategies for engaging stakeholders by type

    A revisit to the map of stakeholder categories, but with strategies listed for each one, and arrows on the side instead of an axis. The vertical arrow is 'Authority', which increases upward, and the horizontal axis is Ownership/Interest which increases as it moves to the right. The strategy for 'Players' is 'Engage', for 'Mediators' is 'Satisfy', for 'Noisemakers' is 'Inform', and for 'Spectators' is 'Monitor'.

    Type

    Quadrant

    Actions
    Players High influence, high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.
    Mediators High influence, low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence, high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence, low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying stakeholder groups, the IT executive leader can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of Mediators and Players are met.

    1.1.6 Plan to communicate

    30 minutes

    Input: Stakeholder priority, Stakeholder categorization, Stakeholder influence

    Output: Stakeholder communication plan

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    The purpose of this activity is to make a communication plan for each of the stakeholders identified in the previous activities, especially those who will have a critical role in the M&A transaction process.

    1. In the M&A Sell Playbook, input the type of influence each stakeholder has on IT, how they would be categorized in the M&A process, and their level of priority. Use this information to create a communication plan.
    2. Determine the methods and frequency of communication to keep the necessary stakeholder satisfied and maintain or enhance IT’s profile within the organization.

    Record the results in the M&A Sell Playbook.

    Proactive

    Step 1.2

    Assess IT’s Current Value and Method to Achieve a Future State

    Activities

    • 1.2.1 Valuate IT
    • 1.2.2 Assess the IT/digital strategy

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical stakeholders to M&A

    Outcomes of Step

    Identify critical opportunities to optimize IT and meet strategic business goals through a merger, acquisition, or divestiture.

    How to valuate your IT environment

    And why it matters so much

    • Valuating your current organization’s IT environment is a critical step that all IT organizations should take, whether involved in an M&A or not, to fully understand what it might be worth.
    • The business investments in IT can be directly translated into a value amount. For every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
    • Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT is so critical.
    • There are three ways a business or asset can be valuated:
      • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
      • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
      • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.
      • (Source: “Valuation Methods,” Corporate Finance Institute)

    Four ways to create value through digital

    1. Reduced costs
    2. Improved customer experience
    3. New revenue sources
    4. Better decision making
      5. (Source: McKinsey & Company)

    1.2.1 Valuate IT

    1 day

    Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

    Output: Valuation of IT

    Materials: Relevant templates/tools listed on the following slides, Capital budget, Operating budget, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership

    The purpose of this activity is to demonstrate that IT is not simply an operational functional area that diminishes business resources. Rather, IT contributes significant value to the business.

    1. Review each of the following slides to valuate IT’s data, applications, infrastructure and operations, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount.
    2. Input the financial amounts identified for each critical area into a summary slide. Use this information to determine where IT is delivering value to the organization.

    Info-Tech Insight

    Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

    Record the results in the M&A Sell Playbook.

    Data valuation

    Data valuation identifies how you monetize the information that your organization owns.

    Create a data value chain for your organization

    When valuating the information and data that exists in an organization, there are many things to consider.

    Info-Tech has two tools that can support this process:

    1. Information Asset Audit Tool: Use this tool first to take inventory of the different information assets that exist in your organization.
    2. Data Valuation Tool: Once information assets have been accounted for, valuate the data that exists within those information assets.

    Data Collection

    Insight Creation

    Value Creation

    Data Valuation
    01 Data Source
    02 Data Collection Method
    03 Data     		04 Data Analysis
    05 Insight
    06 Insight Delivery     		07 Consumer
    08 Value in Data     		09 Value Dimension
    10 Value Metrics Group
    11 Value Metrics
    Screenshots of Tab 2 of Info-Tech's Data Valuation Tool.

    Instructions

    1. Using the Data Valuation Tool, start gathering information based on the eight steps above to understand your organization’s journey from data to value.
    2. Identify the data value spectrum. (For example: customer sales service, citizen licensing service, etc.)
    3. Fill out the columns for data sources, data collection, and data first.
    4. Capture data analysis and related information.
    5. Then capture the value in data.
    6. Add value dimensions such as usage, quality, and economic dimensions.
      • Remember that economic value is not the only dimension, and usage/quality has a significant impact on economic value.
    7. Collect evidence to justify your data valuation calculator (market research, internal metrics, etc.).
    8. Finally, calculate the value that has a direct correlation with underlying value metrics.

    Application valuation

    Calculate the value of your IT applications

    When valuating the applications and their users in an organization, consider using a business process map. This shows how business is transacted in the company by identifying which IT applications support these processes and which business groups have access to them. Info-Tech has a business process mapping tool that can support this process:

    • Enterprise Integration Process Mapping Tool: Complete this tool first to map the different business processes to the supporting applications in your organization.

    Instructions

    1. Start by calculating user costs. This is the multiplication of: (# of users) × (% of time spent using IT) × (fully burdened salary).
    2. Identify the revenue per employee and divide that by the average cost per employee to calculate the derived productivity ratio (DPR).
    3. Once you have calculated the user costs and DPR, multiply those total values together to get the application value.

      4. User Costs

      Total User Costs

      Derived Productivity Ratio (DPR)

      Total DPR

      Application Value
      # of users % time spent using IT Fully burdened salary Multiply values from the 3 user costs columns Revenue per employee Average cost per employee (Revenue P.E) ÷ (Average cost P.E) (User costs) X (DPR)

    4. Once the total application value is established, calculate the combined IT and business costs of delivering that value. IT and business costs include inflexibility (application maintenance), unavailability (downtime costs, including disaster exposure), IT costs (common costs statistically allocated to applications), and fully loaded cost of active (full-time equivalent [FTE]) users.
    5. Calculate the net value of applications by subtracting the total IT and business costs from the total application value calculated in step 3.

      6. IT and Business Costs

      Total IT and Business Costs

      Net Value of Applications
      Application maintenance Downtime costs (include disaster exposure) Common costs allocated to applications Fully loaded costs of active (FTE) users Sum of values from the four IT and business costs columns (Application value) – (IT and business costs)

    (Source: CSO)

    Infrastructure valuation

    Assess the foundational elements of the business’ information technology

    The purpose of this exercise is to provide a high-level infrastructure valuation that will contribute to valuating your IT environment.

    Calculating the value of the infrastructure will require different methods depending on the environment. For example, a fully cloud-hosted organization will have different costs than a fully on-premises IT environment.

    Instructions:

    1. Start by listing all of the infrastructure-related items that are relevant to your organization.
    2. Once you have finalized your items column, identify the total costs/value of each item.
      • For example, total software costs would include servers and storage.
    3. Calculate the total cost/value of your IT infrastructure by adding all of values in the right column.

    Item

    Costs/Value
    Hardware Assets Total Value +$3.2 million
    Hardware Leased/Service Agreement -$
    Software Purchased +$
    Software Leased/Service Agreement -$
    Operational Tools
    Network
    Disaster Recovery
    Antivirus
    Data Centers
    Service Desk
    Other Licenses
    Total:

    For additional support, download the M&A Runbook for Infrastructure and Operations.

    Risk and security

    Assess risk responses and calculate residual risk

    The purpose of this exercise is to provide a high-level risk assessment that will contribute to valuating your IT environment. For a more in-depth risk assessment, please refer to the Info-Tech tools below:

    1. Risk Register Tool
    2. Security M&A Due Diligence Tool
      3.

    Instructions

    1. Review the probability and impact scales below and ensure you have the appropriate criteria that align to your organization before you conduct a risk assessment.
    2. Identify the probability of occurrence and estimated financial impact for each risk category detail and fill out the table on the right. Customize the table as needed so it aligns to your organization.

      3. Probability of Risk Occurrence

      Occurrence Criteria
      (Classification; Probability of Risk Event Within One Year)

      Negligible Very Unlikely; ‹20%
      Very Low Unlikely; 20 to 40%
      Low Possible; 40 to 60%
      Moderately Low Likely; 60 to 80%
      Moderate Almost Certain; ›80%

    Note: If needed, you can customize this scale with the severity designations that you prefer. However, make sure you are always consistent with it when conducting a risk assessment.

    Financial & Reputational Impact

    Budgetary and Reputational Implications
    (Financial Impact; Reputational Impact)
    Negligible (‹$10,000; Internal IT stakeholders aware of risk event occurrence)
    Very Low ($10,000 to $25,000; Business customers aware of risk event occurrence)
    Low ($25,000 to $50,000; Board of directors aware of risk event occurrence)
    Moderately Low ($50,000 to $100,000; External customers aware of risk event occurrence)
    Moderate (›$100,000; Media coverage or regulatory body aware of risk event occurrence)

    Risk Category Details

    Probability of Occurrence

    Estimated Financial Impact

    Estimated Severity (Probability X Impact)
    Capacity Planning
    Enterprise Architecture
    Externally Originated Attack
    Hardware Configuration Errors
    Hardware Performance
    Internally Originated Attack
    IT Staffing
    Project Scoping
    Software Implementation Errors
    Technology Evaluation and Selection
    Physical Threats
    Resource Threats
    Personnel Threats
    Technical Threats
    Total:

    1.2.2 Assess the IT/digital strategy

    4 hours

    Input: IT strategy, Digital strategy, Business strategy

    Output: An understanding of an executive business stakeholder’s perception of IT, Alignment of IT/digital strategy and overall organization strategy

    Materials: Computer, Whiteboard and markers, M&A Sell Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to review the business and IT strategies that exist to determine if there are critical capabilities that are not being supported.

    Ideally, the IT and digital strategies would have been created following development of the business strategy. However, sometimes the business strategy does not directly call out the capabilities it requires IT to support.

    1. On the left half of the corresponding slide in the M&A Sell Playbook, document the business goals, initiatives, and capabilities. Input this information from the business or digital strategies. (If more space for goals, initiatives, or capabilities is needed, duplicate the slide).
    2. On the other half of the slide, document the IT goals, initiatives, and capabilities. Input this information from the IT strategy and digital strategy.

    For additional support, see Build a Business-Aligned IT Strategy.

    Record the results in the M&A Sell Playbook.

    Proactive

    Step 1.3

    Drive Innovation and Suggest Growth Opportunities

    Activities

    • 1.3.1 Determine pain points and opportunities
    • 1.3.2 Align goals with opportunities
    • 1.3.3 Recommend reduction opportunities

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Establish strong relationships with critical M&A stakeholders and position IT as an innovative business partner that can suggest reduction opportunities.

    1.3.1 Determine pain points and opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade

    Output: List of pain points or opportunities that IT can address

    Materials: Computer, Whiteboard and markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine the pain points and opportunities that exist for the organization. These can be external or internal to the organization.

    1. Identify what opportunities exist for your organization. Opportunities are the potential positives that the organization would want to leverage.
    2. Next, identify pain points, which are the potential negatives that the organization would want to alleviate.
    3. Spend time considering all the options that might exist, and keep in mind what has been identified previously.

    Opportunities and pain points can be trends, other departments’ initiatives, business perspectives of IT, etc.

    Record the results in the M&A Sell Playbook.

    1.3.2 Align goals with opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade, List of pain points and opportunities

    Output: An understanding of an executive business stakeholder’s perception of IT, Foundations for reduction strategy

    Materials: Computer, Whiteboard and markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine whether a growth or separation strategy might be a good suggestion to the business in order to meet its business objectives.

    1. For the top three to five business goals, consider:
      1. Underlying drivers
      2. Digital opportunities
      3. Whether a growth or reduction strategy is the solution
    2. Just because a growth or reduction strategy is a solution for a business goal does not necessarily indicate M&A is the way to go. However, it is important to consider before you pursue suggesting M&A.

    Record the results in the M&A Sell Playbook.

    1.3.3 Recommend reduction opportunities

    1-2 hours

    Input: Growth or separation strategy opportunities to support business goals, Stakeholder communication plan, Rationale for the suggestion

    Output: M&A transaction opportunities suggested

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to recommend a merger, acquisition, or divestiture to the business.

    1. Identify which of the business goals the transaction would help solve and why IT is the one to suggest such a goal.
    2. Leverage the stakeholder communication plan identified previously to give insight into stakeholders who would have a significant level of interest, influence, or support in the process.

    Info-Tech Insight

    With technology and digital driving many transactions, leverage your organizations’ IT environment as an asset and reason why the divestiture or sale should happen, suggesting the opportunity yourself.

    Record the results in the M&A Sell Playbook.

    By the end of this Proactive phase, you should:

    Be prepared to suggest M&A opportunities to support your company’s goals through sale or divestiture transactions

    Key outcome from the Proactive phase

    Develop progressive relationships and strong communication with key stakeholders to suggest or be aware of transformational opportunities that can be achieved through sale or divestiture strategies.

    Key deliverables from the Proactive phase
    • Business perspective of IT examined
    • Key stakeholders identified and relationship to the M&A process outlined
    • Ability to valuate the IT environment and communicate IT’s value to the business
    • Assessment of the business, digital, and IT strategies and how M&As could support those strategies
    • Pain points and opportunities that could be alleviated or supported through an M&A transaction
    • Sale or divestiture recommendations

    The Sell Blueprint

    Phase 2

    Discovery & Strategy

    Phase 1

    Phase 2

    		Phase 3Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Create the mission and vision
    • Identify the guiding principles
    • Create the future-state operating model
    • Determine the transition team
    • Document the M&A governance
    • Create program metrics
    • Establish the separation strategy
    • Conduct a RACI
    • Create the communication plan
    • Assess the potential organization(s)

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for Divesting or SellingFormalize the Program PlanCreate the Valuation FrameworkStrategize the TransactionNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics
    • 0.2 Identify key stakeholders and outline their relationship to the M&A process
    • 0.3 Identify the rationale for the company's decision to pursue a divestiture or sale
    • 1.1 Review the business rationale for the divestiture/sale
    • 1.2 Assess the IT/digital strategy
    • 1.3 Identify pain points and opportunities tied to the divestiture/sale
    • 1.4 Create the IT vision statement, create the IT mission statement, and identify IT guiding principles
    • 2.1 Create the future-state operating model
    • 2.2 Determine the transition team
    • 2.3 Document the M&A governance
    • 2.4 Establish program metrics
    • 3.1 Valuate your data
    • 3.2 Valuate your applications
    • 3.3 Valuate your infrastructure
    • 3.4 Valuate your risk and security
    • 3.5 Combine individual valuations to make a single framework
    • 4.1 Establish the separation strategy
    • 4.2 Conduct a RACI
    • 4.3 Review best practices for assessing target organizations
    • 4.4 Create the communication plan
    • 5.1 Complete in-progress deliverables from previous four days
    • 5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Business perspectives of IT
    2. Stakeholder network map for M&A transactions
    1. Business context implications for IT
    2. IT’s divestiture/sale strategic direction
    1. Operating model for future state
    2. Transition team
    3. Governance structure
    4. M&A program metrics
    1. IT valuation framework
    1. Separation strategy
    2. RACI
    3. Communication plan
    1. Completed M&A program plan and strategy
    2. Prepared to assess target organization(s)

    What is the Discovery & Strategy phase?

    Pre-transaction state

    The Discovery & Strategy phase during a sale or divestiture is a unique opportunity for many IT organizations. IT organizations that can participate in the transaction at this stage are likely considered a strategic partner of the business.

    For one-off sales/divestitures, IT being invited during this stage of the process is rare. However, for organizations that are preparing to engage in many divestitures over the coming years, this type of strategy will greatly benefit from IT involvement. Again, the likelihood of participating in an M&A transaction is increasing, making it a smart IT leadership decision to, at the very least, loosely prepare a program plan that can act as a strategic pillar throughout the transaction.

    During this phase of the pre-transaction state, IT may be asked to participate in ensuring that the IT environment is able to quickly and easily carve out components/business lines and deliver on service-level agreements (SLAs).

    Goal: To identify a repeatable program plan that IT can leverage when selling or divesting all or parts of the current IT environment, ensuring customer satisfaction and business continuity

    Discovery & Strategy Prerequisite Checklist

    Before coming into the Discovery & Strategy phase, you should have addressed the following:

    • Understand the business perspective of IT.
    • Know the key stakeholders and have outlined their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT's value to the business.
    • Understand the rationale for the company's decision to pursue a sale or divestiture and the opportunities or pain points the sale should address.

    Discovery & Strategy

    Step 2.1

    Establish the M&A Program Plan

    Activities

    • 2.1.1 Create the mission and vision
    • 2.1.2 Identify the guiding principles
    • 2.1.3 Create the future-state operating model
    • 2.1.4 Determine the transition team
    • 2.1.5 Document the M&A governance
    • 2.1.6 Create program metrics

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Establish an M&A program plan that can be repeated across sales/divestitures.

    The vision and mission statements clearly articulate IT’s aspirations and purpose

    The IT vision statement communicates a desired future state of the IT organization, whereas the IT mission statement portrays the organization’s reason for being. While each serves its own purpose, they should both be derived from the business context implications for IT.

    Vision Statements

    Mission Statements

    Characteristics
    • Describe a desired future
    • Focus on ends, not means
    • Concise
    • Aspirational
    • Memorable
    • Articulate a reason for existence
    • Focus on how to achieve the vision
    • Concise
    • Easy to grasp
    • Sharply focused
    • Inspirational

    Samples

    		 To be a trusted advisor and partner in enabling business innovation and growth through an engaged IT workforce. (Source: Business News Daily) IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset. (Source: Forbes, 2013)

    2.1.1 Create the mission and vision statements

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction

    Output: IT’s mission and vision statements for reduction strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create mission and vision statements that reflect IT’s intent and method to support the organization as it pursues a reduction strategy.

    1. Review the definitions and characteristics of mission and vision statements.
    2. Brainstorm different versions of the mission and vision statements.
    3. Edit the statements until you get to a single version of each that accurately reflects IT’s role in the reduction process.

    Record the results in the M&A Sell Playbook.

    Guiding principles provide a sense of direction

    IT guiding principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting IT investment portfolio management, solution development, and procurement decisions.

    A diagram illustrating the place of 'IT guiding principles' in the process of making 'Decisions on the use of IT'. There are four main items, connecting lines naming the type of process in getting from one step to the next, and a line underneath clarifying the questions asked at each step. On the far left, over the question 'What decisions should be made?', is 'Business context and IT implications'. This flows forward to 'IT guiding principles', and they are connected by 'Influence'. Next, over the question 'How should decisions be made?', is the main highlighted section. 'IT guiding principles' flows forward to 'Decisions on the use of IT', and they are connected by 'Guide and inform'. On the far right, over the question 'Who has the accountability and authority to make decisions?', is 'IT policies'. This flows back to 'Decisions on the use of IT', and they are connected by 'Direct and control'.

    IT principles must be carefully constructed to make sure they are adhered to and relevant

    Info-Tech has identified a set of characteristics that IT principles should possess. These characteristics ensure the IT principles are relevant and followed in the organization.

    Approach focused. IT principles should be focused on the approach – how the organization is built, transformed, and operated – as opposed to what needs to be built, which is defined by both functional and non-functional requirements.

    Business relevant. Create IT principles that are specific to the organization. Tie IT principles to the organization’s priorities and strategic aspirations.

    Long lasting. Build IT principles that will withstand the test of time.

    Prescriptive. Inform and direct decision making with actionable IT principles. Avoid truisms, general statements, and observations.

    Verifiable. If compliance can’t be verified, people are less likely to follow the principle.

    Easily Digestible. IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren’t a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.

    Followed. Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously communicated to all stakeholders to achieve and maintain buy-in.

    In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.

    Consider the example principles below

    IT Principle Name

    IT Principle Statement
    1. Risk Management We will ensure that the organization’s IT Risk Management Register is properly updated to reflect all potential risks and that a plan of action against those risks has been identified.
    2. Transparent Communication We will ensure employees are spoken to with respect and transparency throughout the transaction process.
    3. Separation for Success We will create a carve-out strategy that enables the organization and clearly communicates the resources required to succeed.
    4. Managed Data We will handle data creation, modification, separation, and use across the enterprise in compliance with our data governance policy.
    5.Deliver Better Customer Service We will reduce the number of products offered by IT, enabling a stronger focus on specific products or elements to increase customer service delivery.
    6. Compliance With Laws and Regulations We will operate in compliance with all applicable laws and regulations for both our organization and the potentially purchasing organization.
    7. Defined Value We will create a plan of action that aligns with the organization’s defined value expectations.
    8. Network Readiness We will ensure that employees and customers have immediate access to the network with minimal or no outages.
    9. Value Generator We will leverage the current IT people, processes, and technology to turn the IT organization into a value generator by developing and selling our services to purchasing organizations.

    2.1.2 Identify the guiding principles

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction, Mission and vision statements

    Output: IT’s guiding principles for reduction strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create the guiding principles that will direct the IT organization throughout the reduction strategy process.

    1. Review the role of guiding principles and the examples of guiding principles that organizations have used.
    2. Brainstorm different versions of the guiding principles. Each guiding principle should start with the phrase “We will…”
    3. Edit and consolidate the statements until you have a list of approximately eight to ten statements that accurately reflect IT’s role in the reduction process.
    4. Review the guiding principles every six months to ensure they continue to support the delivery of the business’ reduction strategy goals.

    Record the results in the M&A Sell Playbook.

    Create two IT teams to support the transaction

    IT M&A Transaction Team

    • The IT M&A Transaction Team should consist of the strongest members of the IT team who can be expected to deliver on unusual or additional tasks not asked of them in normal day-to-day operations.
    • The roles selected for this team will have very specific skills sets or deliver on critical separation capabilities, making their involvement in the combination of two or more IT environments paramount.
    • These individuals need to have a history of proving themselves very trustworthy, as they will likely be required to sign an NDA as well.
    • Expect to have to certain duplicate capabilities or roles across the M&A Team and Operational Team.

    IT Operational Team

    • This group is responsible for ensuring the business operations continue.
    • These employees might be those who are newer to the organization but can be counted on to deliver consistent IT services and products.
    • The roles of this team should ensure that end users or external customers remain satisfied.

    Key capabilities to support M&A

    Consider the following capabilities when looking at who should be a part of the IT Transaction Team.

    Employees who have a significant role in ensuring that these capabilities are being delivered will be a top priority.

    Infrastructure & Operations

    • System Separation
    • Data Management
    • Helpdesk/Desktop Support
    • Cloud/Server Management

    Business Focus

    • Service-Level Management
    • Enterprise Architecture
    • Stakeholder Management
    • Project Management

    Risk & Security

    • Privacy Management
    • Security Management
    • Risk & Compliance Management

    Build a lasting and scalable operating model

    An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy.

    It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design.

    The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.

    As you assess the current operating model, consider the following:

    • Does the operating model contain all the necessary capabilities your IT organization requires to be successful?
    • What capabilities should be duplicated?
    • Are there individuals with the skill set to support those roles? If not, is there a plan to acquire or develop those skills?
    • A dedicated project team strictly focused on M&A is great. However, is it feasible for your organization? If not, what blockers exist?
    A diagram with 'Initiatives' and 'Solutions' on the left and right of an area chart, 'Customer' at the top, the area between them labelled 'Functional Area n', and six horizontal bars labelled 'IT Capability' stacked on top of each other. The 'IT Capability' bars are slightly skewed to the 'Solutions' side of the chart.

    Info-Tech Insight

    Investing time up-front getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and allowing your model to change as the business changes.

    2.1.3 Create the future-state operating model

    4 hours

    Input: Current operating model, IT strategy, IT capabilities, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Future-state operating model for divesting organizations

    Materials: Operating model, Capability overlay, Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to establish what the future-state operating model will be if your organization needs to adjust to support a divestiture transaction. If your organization plans to sell in its entirety, you may choose to skip this activity.

    1. Ensuring that all the IT capabilities are identified by the business and IT strategy, document your organization’s current operating model.
    2. Identify what core capabilities would be critical to the divesting transaction process and separation. Highlight and make copies of those capabilities in the M&A Sell Playbook. As a result of divesting, there may also be capabilities that will become irrelevant in your future state.
    3. Ensure the capabilities that will be decentralized are clearly identified. Decentralized capabilities do not exist within the central IT organization but rather in specific lines of businesses, products, or locations to better understand needs and deliver on the capability.

    An example operating model is included in the M&A Sell Playbook. This process benefits from strong reference architecture and capability mapping ahead of time.

    Record the results in the M&A Sell Playbook.

    2.1.4 Determine the transition team

    3 hours

    Input: IT capabilities, Future-state operating model, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a team that will support your IT organization throughout the transaction. Determining which capabilities and therefore which roles will be required ensures that the business will continue to get the operational support it needs.

    1. Based on the outcome of activity 2.1.3, review the capabilities that your organization will require on the transition team. Group capabilities into functional groups containing capabilities that are aligned well with one another because they have similar responsibilities and functionalities.
    2. Replace the capabilities with roles. For example, stakeholder management, requirements gathering, and project management might be one functional group. Project management and stakeholder management might combine to create a project manager role.
    3. Review the examples in the M&A Sell Playbook and identify which roles will be a part of the transition team.

    For more information, see Redesign Your Organizational Structure

    What is governance?

    And why does it matter so much to IT and the M&A process?

    • Governance is the method in which decisions get made, specifically as they impact various resources (time, money, and people).
    • Because M&A is such a highly governed transaction, it is important to document the governance bodies that exist in your organization.
    • This will give insight into what types of governing bodies there are, what decisions they make, and how that will impact IT.
    • For example, funds to support separation need to be discussed, approved, and supplied to IT from a governing body overseeing the acquisition.
    • A highly mature IT organization will have automated governance, while a seemingly non-existent governance process will be considered ad hoc.
    A pyramid with four levels representing the types of governing bodies that are available with differing levels of IT maturity. An arrow beside the pyramid points upward. The bottom of the arrow is labelled 'Traditional (People and document centric)' and the top is labelled 'Adaptive (Data centric)'. Starting at the bottom of the pyramid is level 1 'Ad Hoc Governance', 'Governance that is not well defined or understood within the organization. It occurs out of necessity but often not by the right people'. Level 2 is 'Controlled Governance', 'Governance focused on compliance and decisions driven by hierarchical authority. Levels of authority are defined and often driven by regulatory'. Level 3 is 'Agile Governance', 'Governance that is flexible to support different needs and quick response in the organization. Driven by principles and delegated throughout the company'. At the top of the pyramid is level 4 'Automated Governance', 'Governance that is entrenched and automated into organizational processes and product/service design. Empowered and fully delegated governance to maintain fit and drive organizational success and survival'.

    2.1.5 Document M&A governance

    1-2 hours

    Input: List of governing bodies, Governing body committee profiles, Governance structure

    Output: Documented method on how decisions are made as it relates to the M&A transaction

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine the method in which decisions are made throughout the M&A transaction as it relates to IT. This will require understanding both governing bodies internal to IT and those external to IT.

    1. First, determine the other governance structures within the organization that will impact the decisions made about M&A. List out these bodies or committees.
    2. Create a profile for each committee that looks at the membership, purpose of the committee, decision areas (authority), and the process of inputs and outputs. Ensure IT committees that will have a role in this process are also documented. Consider the benefits realized, risks, and resources required for each.
    3. Organize the committees into a structure, identifying the committees that have a role in defining the strategy, designing and building, and running.

    Record the results in the M&A Sell Playbook.

    Current-state structure map – definitions of tiers

    Strategy: These groups will focus on decisions that directly connect to the strategic direction of the organization.

    Design & Build: The second tier of groups will oversee prioritization of a certain area of governance as well as design and build decisions that feed into strategic decisions.

    Run: The lowest level of governance will be oversight of more-specific initiatives and capabilities within IT.

    Expect tier overlap. Some committees will operate in areas that cover two or three of these governance tiers.

    Measure the IT program’s success in terms of its ability to support the business’ M&A goals

    Upper management will measure IT’s success based on your ability to support the underlying reasons for the M&A. Using business metrics will help assure business stakeholders that IT understands their needs and is working with the business to achieve them.

    Business-Specific Metrics

    • Revenue Growth: Increase in the top line as seen by market expansion, product expansion, etc. by percentage/time.
    • Synergy Extraction: Reduction in costs as determined by the ability to identify and eliminate redundancies over time.
    • Profit Margin Growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs over time.

    IT-Specific Metrics

    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure over time.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT separation on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-separation estimates: Delivering successful IT carve-out on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Business capability support: Delivering the end state of IT that supports the expected business capabilities and growth.

    Establish your own metrics to gauge the success of IT

    Establish SMART M&A Success Metrics

    S pecific Make sure the objective is clear and detailed.
    M easurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    A ctionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    R ealistic Objectives must be achievable given your current resources or known available resources.
    T ime-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
    • What should IT consider when looking to identify potential additions, deletions, or modifications that will either add value to the organization or reduce costs/risks?
    • Provide a definition of synergies.
    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT separation on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-separation estimates: Delivering successful IT carve-out on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Revenue growth: Increase in the top line as a result, as seen by market expansion, product expansion, etc., as a result of divesting lines of the business and selling service-level agreements to the purchasing organization.
    • Synergy extraction: Reduction in costs, as determined by the ability to identify and eliminate redundancies.
    • Profit margin growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs.

    Metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Valuation & Due Diligence

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT separation
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    2.1.6 Create program metrics

    1-2 hours

    Input: IT capabilities, Mission, vision, and guiding principles, Rationale for the acquisition

    Output: Program metrics to support IT throughout the M&A process

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine how IT’s success throughout a growth transaction will be measured and determined.

    1. Document a list of appropriate metrics on the whiteboard. Remember to include metrics that demonstrate the business impact. You can use the sample metrics listed on the previous slide as a starting point.
    2. Set a target and deadline for each metric. This will help the group determine when it is time to evaluate progression.
    3. Establish a baseline for each metric based on information collected within your organization.
    4. Assign an owner for tracking each metric as well as someone to be accountable for performance.

    Record the results in the M&A Sell Playbook.

    Discovery & Strategy

    Step 2.2

    Prepare IT to Engage in the Separation or Sale

    Activities

    • 2.2.1 Establish the separation strategy
    • 2.2.2 Conduct a RACI
    • 2.2.3 Create the communication plan
    • 2.2.4 Assess the potential organization(s)

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Identify IT’s plan of action when it comes to the separation/sale and align IT’s separation/sale strategy with the business’ M&A strategy.

    Separation strategies

    There are several IT separation strategies that will let you achieve your target technology environment.

    IT Separation Strategies
    • Divest. Carve out elements of the IT organization and sell them to a purchasing organization with or without a service-level agreement.
    • Sell. Sell the entire IT environment to a purchasing organization. The purchasing organization takes full responsibility in delivering and running the IT environment.
    • Spin-Off Joint Venture. Carve out elements of the IT organization and combine them with elements of a new or purchasing organization to create a new entity.

    The approach IT takes will depend on the business objectives for the M&A.

    • Generally speaking, the separation strategy is well understood and influenced by the frequency of and rationale for selling.
    • Based on the initiatives generated by each business process owner, you need to determine the IT separation strategy that will best support the desired target technology environment, especially if you are still operating or servicing elements of that IT environment.

    Key considerations when choosing an IT separation strategy include:

    • What are the main business objectives of the M&A?
    • What are the key synergies expected from the transaction?
    • What IT separation strategy best helps obtain these benefits?
    • What opportunities exist to position the business for sustainable and long-term growth?

    Separation strategies in detail

    Review highlights and drawbacks of different separation strategies

    Divest
      Highlights
    • Recommended for businesses striving to reduce costs and potentially even generate revenue for the business through the delivery of SLAs.
    • Opportunity to reduce or scale back on lines of business or products that are not driving profits.
      Drawbacks
    • May be forced to give up critical staff that have been known to deliver high value.
    • The IT department is left to deliver services to the purchasing organization with little support or consideration from the business.
    • There can be increased risk and security concerns that need to be addressed.
    Sell
      Highlights
    • Recommended for businesses looking to gain capital to exit the market profitably or to enter a new market with a large sum of capital.
    • The business will no longer exist, and as a result all operational costs, including IT, will become redundant.
      Drawbacks
    • IT is no longer needed as an operating or capital service for the organization.
    • Lost resources, including highly trained and critical staff.
    • May require packaging employees off and using the profit or capital generated to cover any closing costs.
    Spin-Off or Joint Venture
      Highlights
    • Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
    • Each side has a unique offering but complementing capabilities.
      Drawbacks
    • As much as the organization is going through a separation from the original company, it will be going through an integration with the new company.
    • There could be differences in culture.
    • This could require a large amount of investment without a guarantee of profit or success.

    2.2.1 Establish the separation strategy

    1-2 hours

    Input: Business separation strategy, Guiding principles, M&A governance

    Output: IT’s separation strategy

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine IT’s approach to separating or selling. This approach might differ slightly from transaction to transaction. However, the businesses approach to transactions should give insight into the general separation strategy IT should adopt.

    1. Make sure you have clearly articulated the business objectives for the M&A, the technology end state for IT, and the magnitude of the overall separation.
    2. Review and discuss the highlights and drawbacks of each type of separation.
    3. Use Info-Tech’s Separation Posture Selection Framework on the next slide to select the separation posture that will appropriately enable the business. Consider these questions during your discussion:
      1. What are the main business objectives of the M&A? What key IT capabilities will need to support business objectives?
      2. What key synergies are expected from the transaction? What opportunities exist to position the business for sustainable growth?
      3. What IT separation best helps obtain these benefits?

    Record the results in the M&A Sell Playbook.

    Separation Posture Selection Framework

    Business M&A Strategy

    Resultant Technology Strategy

    M&A Magnitude (% of Seller Assets, Income, or Market Value)

    IT Separation Posture
    A. Horizontal Adopt One Model ‹100% Divest
    ›99% Sell
    B. Vertical Create Links Between Critical Systems Any Divest
    C. Conglomerate Independent Model Any Joint Venture
    Divest
    D. Hybrid: Horizontal & Conglomerate Create Links Between Critical Systems Any Divest
    Joint Venture

    M&A separation strategy

    Business M&A Strategy Resultant Technology Strategy M&A Magnitude (% of Seller Assets, Income, or Market Value) IT Separation Posture

    You may need a hybrid separation posture to achieve the technology end state.

    M&A objectives may not affect all IT domains and business functions in the same way. Therefore, the separation requirements for each business function may differ. Organizations will often choose to select and implement a hybrid separation posture to realize the technology end state.

    Each business division may have specific IT domain and capability needs that require an alternative separation strategy.

    • Example: Even when conducting a joint venture by forming a new organization, some partners might view themselves as the dominant partner and want to influence the IT environment to a greater degree.
    • Example: Some purchasing organizations will expect service-level agreements to be available for a significant period of time following the divestiture, while others will be immediately independent.

    2.2.2 Conduct a RACI

    1-2 hours

    Input: IT capabilities, Transition team, Separation strategy

    Output: Completed RACI for Transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to identify the core accountabilities and responsibilities for the roles identified as critical to your transition team. While there might be slight variation from transaction to transaction, ideally each role should be performing certain tasks.

    1. First, identify a list of critical tasks that need to be completed to support the sale or separation. For example:
      • Communicate with the company M&A team.
      • Identify the key IT solutions that can and cannot be carved out.
      • Gather data room artifacts and provide them to acquiring organization.
    2. Next, identify at the activity level which role is accountable or responsible for each activity. Enter an A for accountable, R for responsible, or A/R for both.

    Record the results in the M&A Sell Playbook.

    Communication and change

    Prepare key stakeholders for the potential changes

    • Anytime you are starting a project or program that will depend on users and stakeholders to give up their old way of doing things, change will force people to become novices again, leading to lost productivity and added stress.
    • Change management can improve outcomes for any project where you need people to adopt new tools and procedures, comply with new policies, learn new skills and behaviors, or understand and support new processes.
    • M&As move very quickly, and it can be very difficult to keep track of which stakeholders you need to be communicating with and what you should be communicating.
    • Not all organizations embrace or resist change in the same ways. Base your change communications on your organization’s cultural appetite for change in general.
      • Organizations with a low appetite for change will require more direct, assertive communications.
      • Organizations with a high appetite for change are more suited to more open, participatory approaches.

    Three key dimensions determine the appetite for cultural change:

    • Power Distance. Refers to the acceptance that power is distributed unequally throughout the organization.
      In organizations with a high power distance, the unequal power distribution is accepted by the less powerful employees.
    • Individualism. Organizations that score high in individualism have employees who are more independent. Those who score low in individualism fall into the collectivism side, where employees are strongly tied to one another or their groups.
    • Uncertainty Avoidance. Describes the level of acceptance that an organization has toward uncertainty. Those who score high in this area find that their employees do not favor uncertain situations, while those that score low in this area find that their employees are comfortable with change and uncertainty.

    2.2.3 Create the communication plan

    1-2 hours

    Input: IT’s M&A mission, vision, and guiding principles, M&A transition team, IT separation strategy, RACI

    Output: IT’s M&A communication plan

    Materials: Flip charts/whiteboard, Markers, RACI, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a communication plan that IT can leverage throughout the initiative.

    1. Create a structured communication plan that allows for continuous communication with the integration management office, senior management, and the business functional heads.
    2. Outline key topics of communication, with stakeholders, inputs, and outputs for each topic.
    3. Review Info-Tech’s example communication plan in the M&A Sell Playbook and update it with relevant information.
    4. Does this communication plan make sense for your organization? What doesn’t make sense? Adjust the communication guide to suit your organization.

    Record the results in the M&A Sell Playbook.

    Assessing potential organizations

    As soon as you have identified organizations to consider, it’s imperative to assess critical risks. Most IT leaders can attest that they will receive little to no notice when the business is pursuing a sale and IT has to assess the IT organization. As a result, having a standardized template to quickly assess the potential acquiring organization is important.

    Ways to Assess

    1. News: Assess what sort of news has been announced in relation to the organization. Have they had any risk incidents? Has a critical vendor announced working with them?
    2. LinkedIn: Scan through the LinkedIn profiles of employees. This will give you a sense of what platforms they have based on employees. It will also give insight into positive or negative employee experiences that could impact retention.
    3. Trends: Some industries will have specific solutions that are relevant and popular. Assess what the key players are (if you don’t already know) to determine the solution.
    4. Business Architecture: While this assessment won’t perfect, try to understand the business’ value streams and the critical business and IT capabilities that would be needed to support them. Will your organization or employee skills be required to support these long term?

    Info-Tech Insight

    Assessing potential organizations is not just for the purchaser. The seller should also know what the purchasing organization’s history with M&As is and what potential risks could occur if remaining connected through ongoing SLAs.

    2.2.4 Assess the potential organization(s)

    1-2 hours

    Input: Publicized historical risk events, Solutions and vendor contracts likely in the works, Trends

    Output: IT’s valuation of the potential organization(s) for selling or divesting

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to assess the organization(s) that your organization is considering selling or divesting to.

    1. Complete the Historical Valuation Worksheet in the M&A Sell Playbook to understand the type of IT organization that your company may support.
      • The business likely isn’t looking for in-depth details at this time. However, as the IT leader, it is your responsibility to ensure critical risks are identified and communicated to the business.
    2. Use the information identified to help the business narrow down which organizations could be the right organizations to sell or divest to.

    Record the results in the M&A Sell Playbook.

    By the end of this pre-transaction phase you should:

    Have a program plan for M&As and a repeatable M&A strategy for IT when engaging in reduction transactions

    Key outcomes from the Discovery & Strategy phase
    • Prepare the IT environment to support the potential sale or divestiture by identifying critical program plan elements and establishing a separation or carve-out strategy that will enable the business to reach its goals.
    • Create a M&A strategy that accounts for all the necessary elements of a transaction and ensures sufficient governance, capabilities, and metrics exist.
    Key deliverables from the Discovery & Strategy phase
    • Create vision and mission statements
    • Establish guiding principles
    • Create a future-state operating model
    • Identify the key roles for the transaction team
    • Identify and communicate the M&A governance
    • Determine target metrics
    • Identify the M&A operating model
    • Select the separation strategy framework
    • Conduct a RACI for key transaction tasks for the transaction team
    • Document the communication plan

    M&A Sell Blueprint

    Phase 3

    Due Diligence & Preparation

    Phase 1Phase 2

    Phase 3

    		Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Drive value with a due diligence charter
    • Gather data room artifacts
    • Measure staff engagement
    • Assess culture
    • Create a carve-out roadmap
    • Prioritize separation tasks
    • Establish the separation roadmap
    • Identify the buyer’s IT expectations
    • Create a service/transaction agreement
    • Estimate separation costs
    • Create an employee transition plan
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Purchasing organization
    • Transition team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for SeparationIdentify Expectations and Create the Carve-Out RoadmapPrepare and Manage EmployeesPlan the Separation RoadmapNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Identify the rationale for the company's decision to pursue a divestiture/sale.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the divestiture/sale.
    • 1.2 Identify pain points and opportunities tied to the divestiture/sale.
    • 1.3 Establish the separation strategy.
    • 1.4 Create the due diligence charter.
    • 2.1 Identify the buyer’s IT expectations.
    • 2.2 Create a list of IT artifacts to be reviewed in the data room.
    • 2.3 Create a carve-out roadmap.
    • 2.4 Create a service/technical transaction agreement.
    • 3.1 Measure staff engagement.
    • 3.2 Assess the current culture and identify the goal culture.
    • 3.3 Create an employee transition plan.
    • 3.4 Create functional workplans for employees.
    • 4.1 Prioritize separation tasks.
    • 4.2 Establish the separation roadmap.
    • 4.3 Establish and align project metrics with identified tasks.
    • 4.4 Estimate separation costs.
    • 5.1 Complete in-progress deliverables from previous four days.
    • 5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Separation strategy
    3. Due diligence charter
    1. Data room artifacts identified
    2. Carve-out roadmap
    3. Service/technical transaction agreement
    1. Engagement assessment
    2. Culture assessment
    3. Employee transition plans and workplans
    1. Separation roadmap and associated resourcing
    1. Divestiture separation strategy for IT

    What is the Due Diligence & Preparation phase?

    Mid-transaction state

    The Due Diligence & Preparation phase during a sale or divestiture is a critical time for IT. If IT fails to proactively participate in this phase, IT will have to merely react to separation expectations set by the business.

    If your organization is being sold in its entirety, staff will have major concerns about their future in the new organization. Making this transition as smooth as possible and being transparent could go a long way in ensuring their success in the new organization.

    In a divestiture, this is the time to determine where it’s possible for the organization to divide or separate from itself. A lack of IT involvement in these conversations could lead to an overcommitment by the business and under-delivery by IT.

    Goal: To ensure that, as the selling or divesting organization, you comply with regulations, prepare staff for potential changes, and identify a separation strategy if necessary

    Due Diligence Prerequisite Checklist

    Before coming into the Due Diligence & Preparation phase, you must have addressed the following:

    • Understand the rationale for the company's decision to pursue a sale or divestiture and what opportunities or pain points the sale should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics.
    • Select a separation strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.

    Before coming into the Due Diligence & Preparation phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT’s value to the business.

    The Technology Value Trinity

    Delivery of Business Value & Strategic Needs

    • Digital & Technology Strategy
      The identification of objectives and initiatives necessary to achieve business goals.
    • IT Operating Model
      The model for how IT is organized to deliver on business needs and strategies.
    • Information & Technology Governance
      The governance to ensure the organization and its customers get maximum value from the use of information and technology.

    All three elements of the Technology Value Trinity work in harmony to deliver business value and achieve strategic needs. As one changes, the others need to change as well.

    • Digital and IT Strategy tells you what you need to achieve to be successful.
    • IT Operating Model and Organizational Design is the alignment of resources to deliver on your strategy and priorities.
    • Information & Technology Governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy. It’s the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy. This oversight evaluates, directs, and monitors the delivery of outcomes to ensure that the use of resources results in the achieving the organization’s goals.

    Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest – not based on what is in the best interest of the organization.

    Due Diligence & Preparation

    Step 3.1

    Engage in Due Diligence and Prepare Staff

    Activities

    • 3.1.1 Drive value with a due diligence charter
    • 3.1.2 Gather data room artifacts
    • 3.1.3 Measure staff engagement
    • 3.1.4 Assess culture

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Prospective IT organization
    • Transition team

    Outcomes of Step

    This step of the process is when IT should prepare and support the business in due diligence and gather the necessary information about staff changes.

    3.1.1 Drive value with a due diligence charter

    1-2 hours

    Input: Key roles for the transaction team, M&A governance, Target metrics, Selected separation strategy framework, RACI of key transaction tasks for the transaction team

    Output: IT Due Diligence Charter

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a charter leveraging the items completed in the previous phase, as listed on the Due Diligence Prerequisite Checklist slide, to gain executive sign-off.

    1. In the IT Due Diligence Charter in the M&A Sell Playbook, complete the aspects of the charter that are relevant for you and your organization.
    2. We recommend including these items in the charter:
      • Communication plan
      • Transition team roles
      • Goals and metrics for the transaction
      • Separation strategy
      • Sale/divestiture RACI
    3. Once the charter has been completed, ensure that business executives agree to the charter and sign off on the plan of action.

    Record the results in the M&A Sell Playbook.

    3.1.2 Gather data room artifacts

    4 hours

    Input: Future-state operating model, M&A governance, Target metrics, Selected separation strategy framework, RACI of key transaction tasks for the transaction team

    Output: List of items to acquire and verify can be provided to the purchasing organization while in the data room

    Materials: Critical domain lists on following slides, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team, Legal team, Compliance/privacy officers

    The purpose of this activity is to create a list of the key artifacts that you could be asked for during the due diligence process.

    1. Review the lists on the following pages as a starting point. Identify which domains, stakeholders, artifacts, and information should be requested for the data room.
    2. IT leadership may or may not be asked to enter the data room directly. The short notice for having to find these artifacts for the purchasing organization can leave your IT organization scrambling. Identify the critical items worth obtaining ahead of time.
    3. Once you have identified the artifacts, provide the list to the legal team or compliance/privacy officers and ensure they also agree those items can be provided. If changes to the documents need to be made, take the time to do so.
    4. Store all items in a safe and secure file or provide to the M&A team ahead of due diligence.

    **Note that if your organization is not leading/initiating the data room, then you can ignore this activity.

    Record the results in the M&A Sell Playbook.

    Critical domains

    Understand the key stakeholders and outputs for each domain

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request
    Business
    • Enterprise Architecture
    • Business Relationship Manager
    • Business Process Owners
    • Business capability map
    • Capability map (the M&A team should be taking care of this, but make sure it exists)
    • Business satisfaction with various IT systems and services
    Leadership/IT Executive
    • CIO
    • CTO
    • CISO
    • IT budgets
    • IT capital and operating budgets (from current year and previous year)
    Data & Analytics
    • Chief Data Officer
    • Data Architect
    • Enterprise Architect
    • Master data domains, system of record for each
    • Unstructured data retention requirements
    • Data architecture
    • Master data domains, sources, and storage
    • Data retention requirements
    Applications
    • Applications Manager
    • Application Portfolio Manager
    • Application Architect
    • Applications map
    • Applications inventory
    • Applications architecture
    • Copy of all software license agreements
    • Copy of all software maintenance agreements
    Infrastructure
    • Head of Infrastructure
    • Enterprise Architect
    • Infrastructure Architect
    • Infrastructure Manager
    • Infrastructure map
    • Infrastructure inventory
    • Network architecture (including which data centers host which infrastructure and applications)
    • Inventory (including separation capabilities of vendors, versions, switches, and routers)
    • Copy of all hardware lease or purchase agreements
    • Copy of all hardware maintenance agreements
    • Copy of all outsourcing/external service provider agreements
    • Copy of all service-level agreements for centrally provided, shared services and systems
    Products and Services
    • Product Manager
    • Head of Customer Interactions
    • Product lifecycle
    • Product inventory
    • Customer market strategy

    Critical domains (continued)

    Understand the key stakeholders and outputs for each domain

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request

    Operations
    • Head of Operations
    • Service catalog
    • Service overview
    • Service owners
    • Access policies and procedures
    • Availability and service levels
    • Support policies and procedures
    • Costs and approvals (internal and customer costs)
    IT Processes
    • CIO
    • IT Management
    • VP of IT Governance
    • VP of IT Strategy
    • IT process flow diagram
    • Processes in place and productivity levels (capacity)
    • Critical processes/processes the organization feels they do particularly well
    IT People
    • CIO
    • VP of Human Resources
    • IT organizational chart
    • Competency & capacity assessment
    • IT organizational structure (including resources from external service providers such as contractors) with appropriate job descriptions or roles and responsibilities
    • IT headcount and location
    Security
    • CISO
    • Security Architect
    • Security posture
    • Information security staff
    • Information security service providers
    • Information security tools
    • In-flight information security projects
    Projects
    • Head of Projects
    • Project portfolio
    • List of all future, ongoing, and recently completed projects
    Vendors
    • Head of Vendor Management
    • License inventory
    • Inventory (including what will and will not be transitioning, vendors, versions, number of licenses)

    Retain top talent throughout the transition

    Focus on retention and engagement

    • People are such a critical component of this process, especially in the selling organization.
    • Retaining employees, especially the critical employees who hold specific skills or knowledge, will ensure the success and longevity of the divesting organization, purchasing organization, or the new company.
    • Giving employees a role in the organization and ensuring they do not see their capabilities as redundant will be critical to the process.
    • It is okay if employees need to change what they were doing temporarily or even long-term. However, being transparent about these changes and highlighting their value to the process and organization(s) will help.
    • The first step to moving forward with retention is to look at the baseline engagement and culture of employees and the organization. This will help determine where to focus and allow you to identify changes in engagement that resulted from the transaction.
    • Job engagement drivers are levers that influence the engagement of employees in their day-to-day roles.
    • Organizational engagement drivers are levers that influence an employee’s engagement with the broader organization.
    • Retention drivers are employment needs. They don’t necessarily drive engagement, but they must be met for engagement to be possible.

    3.1.3 Measure staff engagement

    3-4 hours

    Input: Engagement survey

    Output: Baseline engagement scores

    Materials: Build an IT Employee Engagement Program

    Participants: IT executive/CIO, IT senior leadership, IT employees of current organization

    The purpose of this activity is to measure current staff engagement to have a baseline to measure against in the future state. This is a good activity to complete if you will be divesting or selling in entirety.

    The results from the survey should act as a baseline to determine what the organization is doing well in terms of employee engagement and what drivers could be improved upon.

    1. Review Info-Tech’s Build an IT Employee Engagement Program research and select a survey that will best meet your needs.
    2. Conduct the survey and note which drivers employees are currently satisfied with. Likewise, note where there are opportunities.
    3. Document actions that should be taken to mitigate the negative engagement drivers throughout the transaction and enhance or maintain the positive engagement drivers.

    Record the results in the M&A Sell Playbook.

    Assess culture as a part of engagement

    Culture should not be overlooked, especially as it relates to the separation of IT environments

    • There are three types of culture that need to be considered.
    • Most importantly, this transition is an opportunity to change the culture that might exist in your organization’s IT environment.
    • Make a decision on which type of culture you’d like IT to have post transition.

    Target Organization's Culture. The culture that the target organization is currently embracing. Their established and undefined governance practices will lend insight into this.

    Your Organization’s Culture. The culture that your organization is currently embracing. Examine people’s attitudes and behaviors within IT toward their jobs and the organization.

    Ideal Culture. What will the future culture of the IT organization be once separation is complete? Are there aspects that your current organization and the target organization embrace that are worth considering?

    Culture categories

    Map the results of the IT Culture Diagnostic to an existing framework

    Competitive
    • Autonomy
    • Confront conflict directly
    • Decisive
    • Competitive
    • Achievement oriented
    • Results oriented
    • High performance expectations
    • Aggressive
    • High pay for good performance
    • Working long hours
    • Having a good reputation
    • Being distinctive/different
    Innovative
    • Adaptable
    • Innovative
    • Quick to take advantage of opportunities
    • Risk taking
    • Opportunities for professional growth
    • Not constrained by rules
    • Tolerant
    • Informal
    • Enthusiastic
    Traditional
    • Stability
    • Reflective
    • Rule oriented
    • Analytical
    • High attention to detail
    • Organized
    • Clear guiding philosophy
    • Security of employment
    • Emphasis on quality
    • Focus on safety
    Cooperative
    • Team oriented
    • Fair
    • Praise for good performance
    • Supportive
    • Calm
    • Developing friends at work
    • Socially responsible

    Culture Considerations

    • What culture category was dominant for each IT organization?
    • Do you share the same dominant category?
    • Is your current dominant culture category the most ideal to have post-separation?

    3.1.4 Assess Culture

    3-4 hours

    Input: Cultural assessments for current IT organization, Cultural assessment for target IT organization

    Output: Goal for IT culture

    Materials: IT Culture Diagnostic

    Participants: IT executive/CIO, IT senior leadership, IT employees of current organization, IT employees of target organization, Company M&A team

    The purpose of this activity is to assess the different cultures that might exist within the IT environments of the organizations involved. By understanding the culture that exists in the purchasing organization, you can identify the fit and prepare impacted staff for potential changes.

    1. Complete this activity by leveraging the blueprint Fix Your IT Culture, specifically the IT Culture Diagnostic.
    2. Fill out the diagnostic for the IT department in your organization:
      1. Answer the 16 questions in tab 2, Diagnostic.
      2. Find out your dominant culture and review recommendations in tab 3, Results.
    3. Document the results from tab 3, Results, in the M&A Sell Playbook if you are trying to record all artifacts related to the transaction in one place.
    4. Repeat the activity for the purchasing organization.
    5. Leverage the information to determine what the goal for the culture of IT will be post-separation if it will differ from the current culture.

    Record the results in the M&A Sell Playbook.

    Due Diligence & Preparation

    Step 3.2

    Prepare to Separate

    Activities

    • 3.2.1 Create a carve-out roadmap
    • 3.2.2 Prioritize separation tasks
    • 3.2.3 Establish the separation roadmap
    • 3.2.4 Identify the buyer’s IT expectations
    • 3.2.5 Create a service/transaction agreement
    • 3.2.6 Estimate separation costs
    • 3.2.7 Create an employee transition plan
    • 3.2.8 Create functional workplans for employees
    • 3.2.9 Align project metrics with identified tasks

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team
    • Purchasing organization

    Outcomes of Step

    Have an established plan of action toward separation across all domains and a strategy toward resources.

    Don’t underestimate the importance of separation preparation

    Separation involves taking the IT organization and dividing it into two or more separate entities.

    Testing the carve capabilities of the IT organization often takes 3 months. (Source: Cognizant, 2014)

    Daimler-Benz lost nearly $19 billion following its purchase of Chrysler by failing to recognize the cultural differences that existed between the two car companies. (Source: Deal Room)

    Info-Tech Insight

    Separating the IT organization requires more time and effort than business leaders will know. Frequently communicate challenges and lost opportunities when carving the IT environment out.

    Separation needs

    Identify the business objectives of the sale to determine the IT strategy

    Set up a meeting with your IT due diligence team to:

    • Ensure there will be no gaps in the delivery of products and services in the future state.
    • Discuss the people and processes necessary to achieve the target technology environment and support M&A business objectives.

    Use this opportunity to:

    • Identify data and application complexities between the involved organizations.
    • Identify the IT people and process gaps, initiatives, and levels of support expected.
    • Determine your infrastructure needs to ensure effectiveness and delivery of services:
      • Does IT have the infrastructure to support the applications and business capabilities?
      • Identify any gaps between the current infrastructure in both organizations and the infrastructure required.
      • Identify any redundancies/gaps.
      • Determine the appropriate IT separation strategies.
    • Document your gaps, redundancies, initiatives, and assumptions to help you track and justify the initiatives that must be undertaken and help estimate the cost of separation.

    Separation strategies

    There are several IT separation strategies that will let you achieve your target technology environment.

    IT Separation Strategies
    • Divest. Carve out elements of the IT organization and sell them to a purchasing organization with or without a service-level agreement.
    • Sell. Sell the entire IT environment to a purchasing organization. The purchasing organization takes full responsibility in delivering and running the IT environment.
    • Spin-Off Joint Venture. Carve out elements of the IT organization and combine them with elements of a new or purchasing organization to create a new entity.

    The approach IT takes will depend on the business objectives for the M&A.

    • Generally speaking, the separation strategy is well understood and influenced by the frequency of and rationale for selling.
    • Based on the initiatives generated by each business process owner, you need to determine the IT separation strategy that will best support the desired target technology environment, especially if you are still operating or servicing elements of that IT environment.

    Key considerations when choosing an IT separation strategy include:

    • What are the main business objectives of the M&A?
    • What are the key synergies expected from the transaction?
    • What IT separation strategy best helps obtain these benefits?
    • What opportunities exist to position the business for sustainable and long-term growth?

    Separation strategies in detail

    Review highlights and drawbacks of different separation strategies

    Divest
      Highlights
    • Recommended for businesses striving to reduce costs and potentially even generate revenue for the business through the delivery of SLAs.
    • Opportunity to reduce or scale back on lines of business or products that are not driving profits.
      Drawbacks
    • May be forced to give up critical staff that have been known to deliver high value.
    • The IT department is left to deliver services to the purchasing organization with little support or consideration from the business.
    • There can be increased risk and security concerns that need to be addressed.
    Sell
      Highlights
    • Recommended for businesses looking to gain capital to exit the market profitably or to enter a new market with a large sum of capital.
    • The business will no longer exist, and as a result all operational costs, including IT, will become redundant.
      Drawbacks
    • IT is no longer needed as an operating or capital service for the organization.
    • Lost resources, including highly trained and critical staff.
    • May require packaging employees off and using the profit or capital generated to cover any closing costs.
    Spin-Off or Joint Venture
      Highlights
    • Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
    • Each side has a unique offering but complementing capabilities.
      Drawbacks
    • As much as the organization is going through a separation from the original company, it will be going through an integration with the new company.
    • There could be differences in culture.
    • This could require a large amount of investment without a guarantee of profit or success.

    Preparing the carve-out roadmap

    And why it matters so much

    • When carving out the IT environment in preparation for a divestiture, it’s important to understand the infrastructure, application, and data connections that might exist.
    • Much to the business’ surprise, carving out the IT environment is not easy, especially when considering the services and products that might depend on access to certain applications or data sets.
    • Once the business has indicated which elements they anticipate divesting, be prepared for testing the functionality and ability of this carve-out, either through automation or manually. There are benefits and drawbacks to both methods:
      • Automated requires a solution and a developer to code the tests.
      • Manual requires time to find the errors, possibly more time than automated testing.
    • Identify if there are dependencies that will make the carve-out difficult.
      • For example, the business is trying to divest Product X, but that product is integrated with Product Y, which is not being sold.
      • Consider all the processes and products that specific data might support as well.
      • Moreover, the data migration tool will need to enter the ERP system and identify not just the data but all supporting and historical elements that underlie the data.

    Critical components to consider:

    • Selecting manual or automated testing
    • Determining data dependencies
    • Data migration capabilities
    • Auditing approval
    • People and skills that support specific elements being carved out

    3.2.1 Create a carve-out roadmap

    6 hours

    Input: Items included in the carve-out, Dependencies, Whether testing is completed, If the carve-out will pass audit, If the carve-out item is prepared to be separated

    Output: Carve-out roadmap

    Materials: Business’ divestiture plan, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Business leaders, Transition team

    The purpose of this activity is to prepare the IT environment by identifying a carve-out roadmap, specifically looking at data, infrastructure, and applications. Feel free to expand the roadmap to include other categories as your organization sees fit.

    1. In the Carve-Out Roadmap in the M&A Sell Playbook, identify the key elements of the carve-out in the first column.
    2. Note any dependencies the items might have. For example:
      • The business is selling Product X, which is linked to Data X and Data Y. The organization does not want to sell Data Y. Data X would be considered dependent on Data Y.
    3. Once the dependencies have been confirmed, begin automated or manual testing to examine the possibility of separating the data sets (or other dependencies) from one another.
    4. After identifying an acceptable method of separation, inform the auditing individual or body and confirm that there would be no repercussions for the planned process.

    Record the results in the M&A Sell Playbook.

    3.2.2 Prioritize separation tasks

    2 hours

    Input: Separation tasks, Transition team, M&A RACI

    Output: Prioritized separation list

    Materials: Separation task checklist, Separation roadmap

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to prioritize the different separation tasks that your organization has identified as necessary to this transaction. Some tasks might not be relevant for this particular transaction, and others might be critical.

    1. Begin by downloading the SharePoint or Excel version of the M&A Separation Project Management Tool.
    2. Identify which separation tasks you want to have as part of your project plan. Alter or remove any tasks that are irrelevant to your organization. Add in tasks you think are missing.
    3. When deciding criticality of the task, consider the effect on stakeholders, those who are impacted or influenced in the process of the task, and dependencies (e.g. data strategy needs to be addressed first before you can tackle its dependencies, like data quality).
    4. Feel free to edit the way you measure criticality. The standard tool leverages a three-point scale. At the end, you should have a list of tasks in priority order based on criticality.

    Record the updates in the M&A Separation Project Management Tool (SharePoint).

    Record the updates in the M&A Separation Project Management Tool (Excel).

    Separation checklists

    Prerequisite Checklist
    • Build the project plan for separation and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the sale or divestiture
    • Develop IT's sale/divestiture strategy
      • Determine goal opportunities
      • Create the mission and vision statements
      • Create the guiding principles
      • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Establish a service/technical transaction agreement
    • Plan and communicate culture changes
    • Create an employee transition plan
    • Assess baseline engagement
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Meet compliance and regulatory standards
    • Identify and assess all of IT's risks
    Applications
    • Prioritize and address critical applications
      • CRM
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
      • ERP
      • Email
    • Develop method of separating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    • Prioritize and address critical applications
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Build a data architecture roadmap
    • Analyze data sources and domains
    • Evaluate data storage (on-premises vs. cloud)
    • Develop an enterprise content management strategy and roadmap
    • Ensure cleanliness/usability of data sets
    • Identify data sets that can remain operational if reduced/separated
    • Develop reporting and analytics capabilities
    • Confirm data strategy
    Operations
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Separate/terminate phone lists and extensions
    • Split email address books
    • Communicate helpdesk/service desk information

    Separation checklists (continued)

    Infrastructure
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    • Determine network access concerns
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Identify the licensing grant
    • Rationalize vendor services and solutions
    People
    • Design an IT operating model
    • Design your future IT organizational structure
    • Conduct a RACI for prioritized activities
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Define new job descriptions with meaningful roles and responsibilities
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Identify projects to be on hold
    • Communicate project intake process
    • Reprioritize projects
    Products & Services
    • Redefine service catalog
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    • Plan service-level agreements
    Security
    • Conduct a security assessment
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be changed/terminated
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies
    • Evaluate current process models

    3.2.2 Establish the separation roadmap

    2 hours

    Input: Prioritized separation tasks, Carve-out roadmap, Employee transition plan, Separation RACI, Costs for activities, Activity owners

    Output: Separation roadmap

    Materials: M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel), SharePoint Template: Step-by-Step Deployment Guide

    Participants: IT executive/CIO, IT senior leadership, Transition team, Company M&A team

    The purpose of this activity is to create a roadmap to support IT throughout the separation process. Using the information gathered in previous activities, you can create a roadmap that will ensure a smooth separation.

    1. Use our Separation Project Management Tool to help track critical elements in relation to the separation project. There are a few options available:
      1. Follow the instructions on the next slide if you are looking to upload our SharePoint project template. Additional instructions are available in the SharePoint Template Step-by-Step Deployment Guide.
      2. If you cannot or do not want to use SharePoint as your project management solution, download our Excel version of the tool.
        **Remember that this your tool, so customize to your liking.
    2. Identify who will own or be accountable for each of the separation tasks and establish the time frame for when each project should begin and end. This will confirm which tasks should be prioritized.

    Record the updates in the M&A Separation Project Management Tool (SharePoint).

    Record the updates in the M&A Separation Project Management Tool (Excel).

    Separation Project Management Tool (SharePoint Template)

    Follow these instructions to upload our template to your SharePoint environment

    1. Create or use an existing SP site.
    2. Download the M&A Separation Project Management Tool (SharePoint) .wsp file from the Mergers & Acquisitions: The Sell Blueprint landing page.
    3. To import a template into your SharePoint environment, do the following:
      1. Open PowerShell.
      2. Connect-SPO Service (need to install PowerShell module).
      3. Enter in your tenant admin URL.
      4. Enter in your admin credentials.
      5. Set-SPO Site https://YourDomain.sharepoint.com/sites/YourSiteHe... -DenyAddAndCustomizePages 0
      OR
      1. Turn on both custom script features to allow users to run custom
      4. Screenshot of the 'Custom Script' option for importing a template into your SharePoint environment. Feature description reads 'Control whether users can run custom script on personal sites and self-service created sites. Note: changes to this setting might take up to 24 hours to take effect. For more information, see http://go.microsoft.com/fwlink/?LinkIn=397546'. There are options to prevent or allow users from running custom script on personal/self-service created sites.
    4. Enable the SharePoint Server feature.
    5. Upload the .wsp file in Solutions Gallery.
    6. Deploy by creating a subsite and select from custom options.
      • Allow or prevent custom script
      • Security considerations of allowing custom script
      • Save, download, and upload a SharePoint site as a template
      7. Refer to Microsoft documentation to understand security considerations and what is and isn’t supported:

    For more information, check out the SharePoint Template: Step-by-Step Deployment Guide.

    Supporting the transition and establishing service-level agreements

    The purpose of this part of the transition is to ensure both buyer and seller have a full understanding of expectations for after the transaction.

    • Once the organizations have decided to move forward with a deal, all parties need a clear level of agreement.
    • IT, since it is often seen as an operational division of an organization, is often expected to deliver certain services or products once the transaction has officially closed.
    • The purchasing organization or the new company might depend on IT to deliver these services until they are able to provide those services on their own.
    • Having a clear understanding of what the buyer’s expectations are and what your company, as the selling organization, can provide is important.
    • Have a conversation with the buyer and document those expectations in a signed service agreement.

    3.2.4 Identify the buyer's IT expectations

    3-4 hours

    Input: Carve-out roadmap, Separation roadmap, Up-to-date version of the agreement

    Output: Buyer’s IT expectations

    Materials: Questions for meeting

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Purchasing company M&A team, Purchasing company IT leadership

    The purpose of this activity is to determine if the buyer has specific service expectations for your IT organization. By identifying, documenting, and agreeing on what services your IT organization will be responsible for, you can obtain a final agreement to protect you as the selling organization.

    1. Buyers should not assume certain services will be provided. Organize a meeting with IT leaders and the company M&A teams to determine what services will be provided.
    2. The next slide has a series of questions that you can start from. Ensure you get detailed information about each of the services.
    3. Once you fully understand the buyer’s IT expectations, create an SLA in the next activity and obtain sign-off from both organizations.

    Questions to ask the buyer

    1. What services would you like my IT organization to provide?
    2. How long do you anticipate those services will be provided to you?
    3. How do you expect your staff/employees to communicate requests or questions to my staff/employees?
    4. Are there certain days or times that you expect these services to be delivered?
    5. How many staff do you expect should be available to support you?
    6. What should be the acceptable response time on given service requests?
    7. When it comes to the services you require, what level of support should we provide?
    8. If a service requires escalation to Level 2 or Level 3 support, are we still expected to support this service? Or are we only Level 1 support?
    9. What preventative security methods does your organization have to protect our environment during this agreement period?

    3.2.5 Create a service/ transaction agreement

    6 hours

    Input: Buyer's expectations, Separation roadmap

    Output: SLA for the purchasing organization

    Materials: Service Catalog Internal Service Level Agreement Template, M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel)

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Purchasing company M&A team, Purchasing company IT leadership

    The purpose of this activity is to determine if the buyer has specific service expectations for your IT organization post-transaction that your IT organization is agreeing to provide.

    1. Document the expected services and the related details in a service-level agreement.
    2. Provide the SLA to the purchasing organization.
    3. Obtain sign-off from both organizations on the level of service that is expected of IT.
    4. Update the M&A Separation Project Management Tool Excel or SharePoint document to reflect any additional items that the purchasing organization identified.

    *For organizations being purchased in their entirety, this activity may not be relevant.

    Modify the Service Catalog Internal Service Level Agreement with the agreed-upon terms of the SLA.

    Importance of estimating separation costs

    Change is the key driver of separation costs

    Separation costs are dependent on the following:
    • Meeting synergy targets – whether that be cost saving or growth related.
      • Employee-related costs, licensing, and reconfiguration fees play a huge part in meeting synergy targets.
    • Adjustments related to compliance or regulations – especially if there are changes to legal entities, reporting requirements, or risk mitigation standards.
    • Governance or third party–related support required to ensure timelines are met and the separation is a success.
    Separation costs vary by industry type.
    • Certain industries may have separation costs made up of mostly one type, differing from other industries, due to the complexity and demands of the transaction. For example:
      • Healthcare separation costs are mostly driven by regulatory, safety, and quality standards, as well as consolidation of the research and development function.
      • Energy and Utilities tend to have the lowest separation costs due to most transactions occurring within the same sector rather than as cross-sector investments. For example, oil and gas transactions tend to be for oil fields and rigs (strategic fixed assets), which can easily be added to the buyer’s portfolio.

    Separation costs are more related to the degree of change required than the size of the transaction.

    3.2.6 Estimate separation costs

    3-4 hours

    Input: Separation tasks, Transition team, Valuation of current IT environment, Valuation of target IT environment, Outputs from data room, Technical debt, Employees

    Output: List of anticipated costs required to support IT separation

    Materials: Separation task checklist, Separation roadmap, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to estimate the costs that will be associated with the separation. Identify and communicate a realistic figure to the larger M&A team within your company as early in the process as possible. This ensures that the funding required for the transaction is secured and budgeted for in the overarching transaction.

    1. On the associated slide in the M&A Sell Playbook, input:
      • Task
      • Domain
      • Cost type
      • Total cost amount
      • Level of certainty around the cost
    2. Provide a copy of the estimated costs to the company’s M&A team. Also provide any additional information identified earlier to help them understand the importance of those costs.

    Record the results in the M&A Sell Playbook.

    Employee transition planning

    Considering employee impact will be a huge component to ensure successful separation

    • Meet With Leadership
    • Plan Individual and Department Redeployment
    • Plan Individual and Department Layoffs
    • Monitor and Manage Departmental Effectiveness
    • For employees, the transition could mean:
      • Changing from their current role to a new role to meet requirements and expectations throughout the transition.
      • Being laid off because the role they are currently occupying has been made redundant.
    • It is important to plan for what the M&A separation needs will be and what the IT operational needs will be.
    • A lack of foresight into this long-term plan could lead to undue costs and headaches trying to retain critical staff, rehiring positions that were already let go, and keeping redundant employees longer then necessary.

    Info-Tech Insight

    Being transparent throughout the process is critical. Do not hesitate to tell employees the likelihood that their job may be made redundant. This will ensure a high level of trust and credibility for those who remain with the organization after the transaction.

    3.2.7 Create an employee transition plan

    3-4 hours

    Input: IT strategy, IT organizational design

    Output: Employee transition plans

    Materials: M&A Sell Playbook, Whiteboard, Sticky notes, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to create a transition plan for employees.

    1. Transition planning can be done at specific individual levels or more broadly to reflect a single role. Consider these four items in the transition plan:
      • Understand the direction of the employee transitions.
      • Identify employees that will be involved in the transition (moved or laid off).
      • Prepare to meet with employees.
      • Meet with employees.
    2. For each employee that will be facing some sort of change in their regular role, permanent or temporary, create a transition plan.
    3. For additional information on transitioning employees, review the blueprint Streamline Your Workforce During a Pandemic.

    **Note that if someone’s future role is a layoff, then there is no need to record anything for skills needed or method for skill development.

    Record the results in the M&A Sell Playbook.

    3.2.8 Create functional workplans for employees

    3-4 hours

    Input: Prioritized separation tasks, Employee transition plan, Separation RACI, Costs for activities, Activity owners

    Output: Employee functional workplans

    Materials: M&A Sell Playbook, Learning and development tools

    Participants: IT executive/CIO, IT senior leadership, IT management team, Company M&A team, Transition team

    The purpose of this activity is to create a functional workplan for the different employees so that they know what their key role and responsibilities are once the transaction occurs.

    1. First complete the transition plan from the previous activity (3.2.7) and the separation roadmap. Have these documents ready to review throughout this process.
    2. Identify the employees who will be transitioning to a new role permanently or temporarily. Creating a functional workplan is especially important for these employees.
    3. Identify the skills these employees need to have to support the separation. Record this in the corresponding slide in the M&A Sell Playbook.
    4. For each employee, identify someone who will be a point of contact for them throughout the transition.

    It is recommended that each employee have a functional workplan. Leverage the IT managers to support this task.

    Record the results in the M&A Sell Playbook.

    Metrics for separation

    Valuation & Due Diligence

    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target

    Execution & Value Realization

    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT separation
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    3.2.9 Align project metrics with identified tasks

    3-4 hours

    Input: Prioritized separation tasks, Employee transition plan, Separation RACI, Costs for activities, Activity owners, M&A goals

    Output: Separation-specific metrics to measure success

    Materials: Separation roadmap, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Transition team

    The purpose of this activity is to understand how to measure the success of the separation project by aligning metrics to each identified task.

    1. Review the M&A goals identified by the business. Your metrics will need to tie back to those business goals.
    2. Identify metrics that align to identified tasks and measure achievement of those goals. For each metric you consider, ask the following questions:
      • What is the main goal or objective that this metric is trying to solve?
      • What does success look like?
      • Does the metric promote the right behavior?
      • Is the metric actionable? What is the story you are trying to tell with this metric?
      • How often will this get measured?
      • Are there any metrics it supports or is supported by?

    Record the results in the M&A Sell Playbook.

    By the end of this mid-transaction phase you should:

    Have successfully evaluated your IT people, processes, and technology to determine a roadmap forward for separating or selling.

    Key outcomes from the Due Diligence & Preparation phase
    • Participate in due diligence activities to comply with regulatory and auditing standards and prepare employees for the transition.
    • Create a separation roadmap that considers the tasks that will need to be completed and the resources required to support separation.
    Key deliverables from the Due Diligence & Preparation phase
    • Drive value with a due diligence charter
    • Gather data room artifacts
    • Measure staff engagement
    • Assess culture
    • Create a carve-out roadmap
    • Prioritize separation tasks
    • Establish the separation roadmap
    • Identify the buyer’s IT expectations
    • Create a service/transaction agreement
    • Estimate separation costs
    • Create an employee transition plan
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    M&A Sell Blueprint

    Phase 4

    Execution & Value Realization

    Phase 1Phase 2Phase 3

    Phase 4

    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Monitor service agreements
    • Continually update the project plan
    • Confirm separation costs
    • Review IT’s transaction value
    • Conduct a transaction and separation SWOT
    • Review the playbook and prepare for future transactions

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Engage in Separation

    Day 4

    Establish the Transaction FoundationDiscover the Motivation for IntegrationPlan the Separation RoadmapPrepare Employees for the TransitionEngage in SeparationAssess the Transaction Outcomes (Must be within 30 days of transaction date)

    Activities

    • 0.1 Identify the rationale for the company's decision to pursue a divestiture/sale.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the divestiture/sale.
    • 1.2 Identify pain points and opportunities tied to the divestiture/sale.
    • 1.3 Establish the separation strategy.
    • 1.4 Create the due diligence charter.
    • 2.1 Prioritize separation tasks.
    • 2.2 Establish the separation roadmap.
    • 2.3 Establish and align project metrics with identified tasks.
    • 2.4 Estimate separation costs.
    • 3.1 Measure staff engagement
    • 3.2 Assess the current culture and identify the goal culture.
    • 3.3 Create an employee transition plan.
    • 3.4 Create functional workplans for employees.
    • S.1 Complete the separation by regularly updating the project plan.
    • S.2 Assess the service/technical transaction agreement.
    • 4.1 Confirm separation costs.
    • 4.2 Review IT’s transaction value.
    • 4.3 Conduct a transaction and separation SWOT.
    • 4.4 Review the playbook and prepare for future transactions.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Separation strategy
    3. Due diligence charter
    1. Separation roadmap and associated resourcing
    1. Engagement assessment
    2. Culture assessment
    3. Employee transition plans and workplans
    1. Evaluate service/technical transaction agreement
    2. Updated separation project plan
    1. SWOT of transaction
    2. M&A Sell Playbook refined for future transactions

    What is the Execution & Value Realization phase?

    Post-transaction state

    Once the transaction comes to a close, it’s time for IT to deliver on the critical separation tasks. As the selling organization in this transaction, you need to ensure you have a roadmap that properly enables the ongoing delivery of your IT environment while simultaneously delivering the necessary services to the purchasing organization.

    Throughout the separation transaction, some of the most common obstacles IT should prepare for include difficulty separating the IT environment, loss of key personnel, disengaged employees, and security/compliance issues.

    Post-transaction, the business needs to understands the value they received by engaging in the transaction and the ongoing revenue they might obtain as a result of the sale. You also need to ensure that the IT environment is functioning and mitigating any high-risk outcomes.

    Goal: To carry out the planned separation activities and deliver the intended value to the business.

    Execution Prerequisite Checklist

    Before coming into the Execution & Value Realization phase, you must have addressed the following:

    • Understand the rationale for the company's decisions to pursue a sale or divestiture and what opportunities or pain points the sale should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics.
    • Select a separation strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.
    • Create a carve-out roadmap.
    • Prioritize separation tasks.
    • Establish the separation roadmap.
    • Create employee transition plans.

    Before coming into the Execution & Value Realization phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Establish a due diligence charter.
    • Be able to valuate the IT environment and communicate IT’s value to the business.
    • Gather and present due diligence data room artifacts.
    • Measure staff engagement.
    • Assess and plan for culture.
    • Estimate separation costs.
    • Create functional workplans for employees.
    • Identify the buyer’s IT expectations.
    • Create a service/ transaction agreement.

    Separation checklists

    Prerequisite Checklist
    • Build the project plan for separation and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the sale or divestiture
    • Develop IT's sale/divestiture strategy
      • Determine goal opportunities
      • Create the mission and vision statements
      • Create the guiding principles
      • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Establish a service/technical transaction agreement
    • Plan and communicate culture changes
    • Create an employee transition plan
    • Assess baseline engagement
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Meet compliance and regulatory standards
    • Identify and assess all of IT's risks
    Applications
    • Prioritize and address critical applications
      • CRM
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
      • ERP
      • Email
    • Develop method of separating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    • Prioritize and address critical applications
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Build a data architecture roadmap
    • Analyze data sources and domains
    • Evaluate data storage (on-premises vs. cloud)
    • Develop an enterprise content management strategy and roadmap
    • Ensure cleanliness/usability of data sets
    • Identify data sets that can remain operational if reduced/separated
    • Develop reporting and analytics capabilities
    • Confirm data strategy
    Operations
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Separate/terminate phone lists and extensions
    • Split email address books
    • Communicate helpdesk/service desk information

    Separation checklists (continued)

    Infrastructure
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    • Determine network access concerns
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Identify the licensing grant
    • Rationalize vendor services and solutions
    People
    • Design an IT operating model
    • Design your future IT organizational structure
    • Conduct a RACI for prioritized activities
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Define new job descriptions with meaningful roles and responsibilities
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Identify projects to be on hold
    • Communicate project intake process
    • Reprioritize projects
    Products & Services
    • Redefine service catalog
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    • Plan service-level agreements
    Security
    • Conduct a security assessment
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be changed/terminated
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies
    • Evaluate current process models

    Execution & Value Realization

    Step 4.1

    Execute the Transaction

    Activities

    • 4.1.1 Monitor service agreements
    • 4.1.2 Continually update the project plan

    This step will walk you through the following activities:

    • Monitor service agreements
    • Continually update the project plan

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Outcomes of Step

    Successfully execute the separation of the IT environments and update the project plan, strategizing against any roadblocks as they come.

    Key concerns to monitor during separation

    If you are entering the transaction at this point, consider and monitor the following three items above all else.

    Your IT environment, reputation as an IT leader, and impact on key staff will depend on monitoring these aspects.

    • Risk & Security. Make sure that the channels of communication between the purchasing organization and your IT environment are properly determined and protected. This might include updating or removing employees’ access to certain programs.
    • Retaining Employees. Employees who do not see a path forward in the organization or who feel that their skills are being underused will be quick to move on. Make sure they are engaged before, during, and after the transaction to avoid losing employees.
    • IT Environment Dependencies. Testing the IT environment several times and obtaining sign-off from auditors that this has been completed correctly should be completed well before the transaction occurs. Have a strong architecture outlining technical dependencies.

    For more information, review:

    • Reduce and Manage Your Organization’s Insider Threat Risk
    • Map Technical Skills for a Changing Infrastructure Operations Organization
    • Build a Data Architecture Roadmap

    4.1.1 Monitor service agreements

    3-6 months

    Input: Original service agreement, Risk register

    Output: Service agreement confirmed

    Materials: Original service agreement

    Participants: IT executive/CIO, IT senior leadership, External organization IT senior leadership

    The purpose of this activity is to monitor the established service agreements on an ongoing basis. Your organization is most at risk during the initial months following the transaction.

    1. Ensure the right controls exist to prevent the organization from unnecessarily opening itself up to risks.
    2. Meet with the purchasing organization/subsidiary three months after the transaction to ensure that everyone is satisfied with the level of services provided.
    3. This is not a quick and completed activity, but one that requires ongoing monitoring. Repeatedly identify potential risks worth mitigating.

    For additional information and support for this activity, see the blueprint Build an IT Risk Management Program.

    4.1.2 Continually update the project plan

    Reoccurring basis following transition

    Input: Prioritized separation tasks, Separation RACI, Activity owners

    Output: Updated separation project plan

    Materials: M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel)

    Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

    The purpose of this activity is to ensure that the project plan is continuously updated as your transaction team continues to execute on the various components outlined in the project plan.

    1. Set a regular cadence for the transaction team to meet, update the project plan, review the status of the various separation task items, and strategize how to overcome any roadblocks.
    2. Employ governance best practices in these meetings to ensure decisions can be made effectively and resources allocated strategically.

    Record the updates in the M&A Separation Project Management Tool (SharePoint).

    Record the updates in the M&A Separation Project Management Tool (Excel).

    Execution & Value Realization

    Step 4.2

    Reflection and Value Realization

    Activities

    • 4.2.1 Confirm separation costs
    • 4.2.2 Review IT’s transaction value
    • 4.2.3 Conduct a transaction and separation SWOT
    • 4.2.4 Review the playbook and prepare for future transactions

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team

    Outcomes of Step

    Review the value that IT was able to generate around the transaction and strategize about how to improve future selling or separating transactions.

    4.2.1 Confirm separation costs

    3-4 hours

    Input: Separation tasks, Carve-out roadmap, Transition team, Previous RACI, Estimated separation costs

    Output: Actual separation costs

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Transaction team, Company M&A team

    The purpose of this activity is to confirm the associated costs around separation. While the separation costs would have been estimated previously, it’s important to confirm the costs that were associated with the separation in order to provide an accurate and up-to-date report to the company’s M&A team.

    1. Taking all the original items identified previously in activity 3.2.6, identify if there were changes in the estimated costs. This can be an increase or a decrease.
    2. Ensure that each cost has a justification for why the cost changed from the original estimation.

    Record the results in the M&A Sell Playbook.

    Track cost savings and revenue generation

    Throughout the transaction, the business would have communicated its goals, rationales, and expectations for the transaction. Sometimes this is done explicitly, and other times the information is implicit. Either way, IT needs to ensure that metrics have been defined and are measuring the intended value that the business expects. Ensure that the benefits realized to the organization are being communicated regularly and frequently.

    1. Define Metrics: Select metrics to track synergies through the separation.
      1. You can track value by looking at percentages of improvement in process-level metrics depending on the savings or revenue being pursued.
      2. For example, if the value being pursued is decreasing costs, metrics could range from capacity to output, highlighting that the output remains high despite smaller IT environments.
    2. Prioritize Value-Driving Initiatives: Estimate the cost and benefit of each initiative's implementation to compare the amount of business value to the cost. The benefits and costs should be illustrated at a high level. Estimating the exact dollar value of fulfilling a synergy can be difficult and misleading.
        Steps
      • Determine the benefits that each initiative is expected to deliver.
      • Determine the high-level costs of implementation (capacity, time, resources, effort).
    3. Track Cost Savings and Revenue Generation: Develop a detailed workplan to resource the roadmap and track where costs are saved and revenue is generated as the initiatives are undertaken.

    4.2.2 Review IT’s transaction value

    3-4 hours

    Input: Prioritized separation tasks, Separation RACI, Activity owners, M&A company goals

    Output: Transaction value

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company's M&A team

    The purpose of this activity is to track how your IT organization performed against the originally identified metrics.

    1. If your organization did not have the opportunity to identify metrics, determine from the company M&A what those metrics might be. Review activity 3.2.9 for more information on metrics.
    2. Identify whether the metric (which should support a goal) was at, below, or above the original target metric. This is a very critical task for IT to complete because it allows IT to confirm that they were successful in the transaction and that the business can count on them in future transactions.
    3. Be sure to record accurate and relevant information on why the outcomes (good or bad) are supporting the M&A goals set out by the business.

    Record the results in the M&A Sell Playbook.

    4.2.3 Conduct a transaction and separation SWOT

    2 hours

    Input: Separation costs, Retention rates, Value that IT contributed to the transaction

    Output: Strengths, weaknesses, opportunities, and threats

    Materials: Flip charts, Markers, Sticky notes

    Participants: IT executive/CIO, IT senior leadership, Business transaction team

    The purpose of this activity is to assess the positive and negative elements of the transaction.

    1. Consider the internal and external elements that could have impacted the outcome of the transaction.
      • Strengths. Internal characteristics that are favorable as they relate to your development environment.
      • Weaknesses Internal characteristics that are unfavorable or need improvement.
      • Opportunities External characteristics that you may use to your advantage.
      • Threats External characteristics that may be potential sources of failure or risk.

    Record the results in the M&A Sell Playbook.

    M&A Sell Playbook review

    With an acquisition complete, your IT organization is now more prepared then ever to support the business through future M&As

    • Now that the transaction is more than 80% complete, take the opportunity to review the key elements that worked well and the opportunities for improvement.
    • Critically examine the M&A Sell Playbook your IT organization created and identify what worked well to help the transaction and where your organization could adjust to do better in future transactions.
    • If your organization were to engage in another sale or divestiture under your IT leadership, how would you go about the transaction to make sure the company meets its goals?

    4.2.4 Review the playbook and prepare for future transactions

    4 hours

    Input: Transaction and separation SWOT

    Output: Refined M&A playbook

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to revise the playbook and ensure it is ready to go for future transactions.

    1. Using the outputs from the previous activity, 4.2.3, determine what strengths and opportunities there were that should be leveraged in the next transaction.
    2. Likewise, determine which threats and weaknesses could be avoided in the future transactions.
      Remember, this is your M&A Sell Playbook, and it should reflect the most successful outcome for you in your organization.

    Record the results in the M&A Sell Playbook.

    By the end of this post-transaction phase you should:

    Have completed the separation post-transaction and be fluidly delivering the critical value that the business expected of IT.

    Key outcomes from the Execution & Value Realization phase
    • Ensure the separation tasks are being completed and that any blockers related to the transaction are being removed.
    • Determine where IT was able to realize value for the business and demonstrate IT’s involvement in meeting target goals.
    Key deliverables from the Execution & Value Realization phase
    • Monitor service agreements
    • Continually update the project plan
    • Confirm separation costs
    • Review IT’s transaction value
    • Conduct a transaction and separation SWOT
    • Review the playbook and prepare for future transactions

    Summary of Accomplishment

    Problem Solved

    Congratulations, you have completed the M&A Sell Blueprint!

    Rather than reacting to a transaction, you have been proactive in tackling this initiative. You now have a process to fall back on in which you can be an innovative IT leader by suggesting how and why the business should engage in a separation or sale transaction. You have:

    • Created a standardized approach for how your IT organization should address divestitures or sales.
    • Retained critical staff and complied with any regulations throughout the transaction.
    • Delivered on the separation project plan successfully and communicated IT’s transaction value to the business.

    Now that you have done all of this, reflect on what went well and what can be improved if you were to engage in a similar divestiture or sale again.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8899

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst | CIO
    Info-Tech Research Group     		Brittany Lutes
    Senior Research Analyst | CIO
    Info-Tech Research Group
    John Annand
    Principal Research Director | Infrastructure
    Info-Tech Research Group     		Scott Bickley
    Principal Research Director | Vendor Management
    Info-Tech Research Group
    Cole Cioran
    Practice Lead | Applications
    Info-Tech Research Group     		Dana Daher
    Research Analyst | Strategy & Innovation
    Info-Tech Research Group
    Eric Dolinar
    Manager | M&A Consulting
    Deloitte Canada     		Christoph Egel
    Director, Solution Design & Deliver
    Cooper Tire & Rubber Company
    Nora Fisher
    Vice President | Executive Services Advisory
    Info-Tech Research Group     		Larry Fretz
    Vice President | Industry
    Info-Tech Research Group

    Research Contributors and Experts

    David Glazer
    Vice President of Analytics
    Kroll     		Jack Hakimian
    Senior Vice President | Workshops and Delivery
    Info-Tech Research Group
    Gord Harrison
    Senior Vice President | Research & Advisory
    Info-Tech Research Group     		Valence Howden
    Principal Research Director | CIO
    Info-Tech Research Group
    Jennifer Jones
    Research Director | Industry
    Info-Tech Research Group     		Nancy McCuaig
    Senior Vice President | Chief Technology and Data Office
    IGM Financial Inc.
    Carlene McCubbin
    Practice Lead | CIO
    Info-Tech Research Group     		Kenneth McGee
    Research Fellow | Strategy & Innovation
    Info-Tech Research Group
    Nayma Naser
    Associate
    Deloitte     		Andy Neill
    Practice Lead | Data & Analytics, Enterprise Architecture
    Info-Tech Research Group

    Research Contributors and Experts

    Rick Pittman
    Vice President | Research
    Info-Tech Research Group     		Rocco Rao
    Research Director | Industry
    Info-Tech Research Group
    Mark Rosa
    Senior Vice President & Chief Information Officer
    Mohegan Gaming and Entertainment     		Tracy-Lynn Reid
    Research Lead | People & Leadership
    Info-Tech Research Group
    Jim Robson
    Senior Vice President | Shared Enterprise Services (retired)
    Great-West Life     		Steven Schmidt
    Senior Managing Partner Advisory | Executive Services
    Info-Tech Research Group
    Nikki Seventikidis
    Senior Manager | Finance Initiative & Continuous Improvement
    CST Consultants Inc.     		Allison Straker
    Research Director | CIO
    Info-Tech Research Group
    Justin Waelz
    Senior Network & Systems Administrator
    Info-Tech Research Group     		Sallie Wright
    Executive Counselor
    Info-Tech Research Group

    Bibliography

    “5 Ways for CIOs to Accelerate Value During Mergers and Acquisitions.” Okta, n.d. Web.

    Altintepe, Hakan. “Mergers and acquisitions speed up digital transformation.” CIO.com, 27 July 2018. Web.

    “America’s elite law firms are booming.” The Economist, 15 July 2021. Web.

    Barbaglia, Pamela, and Joshua Franklin. “Global M&A sets Q1 record as dealmakers shape post-COVID world.” Nasdaq, 1 April 2021. Web.

    Boyce, Paul. “Mergers and Acquisitions Definition: Types, Advantages, and Disadvantages.” BoyceWire, 8 Oct. 2020. Web.

    Bradt, George. “83% Of Mergers Fail -- Leverage A 100-Day Action Plan For Success Instead.” Forbes, 27 Jan. 2015. Web.

    Capgemini. “Mergers and Acquisitions: Get CIOs, IT Leaders Involved Early.” Channel e2e, 19 June 2020. Web.

    Chandra, Sumit, et al. “Make Or Break: The Critical Role Of IT In Post-Merger Integration.” IMAA Institute, 2016. Web.

    Deloitte. “How to Calculate Technical Debt.” The Wall Street Journal, 21 Jan. 2015. Web.

    Ernst & Young. “IT As A Driver Of M&A Success.” IMAA Institute, 2017. Web.

    Fernandes, Nuno. “M&As In 2021: How To Improve The Odds Of A Successful Deal.” Forbes, 23 March 2021. Web.

    “Five steps to a better 'technology fit' in mergers and acquisitions.” BCS, 7 Nov. 2019. Web.

    Fricke, Pierre. “The Biggest Opportunity You’re Missing During an M&Aamp; IT Integration.” Rackspace, 4 Nov. 2020. Web.

    Garrison, David W. “Most Mergers Fail Because People Aren't Boxes.” Forbes, 24 June 2019. Web.

    Harroch, Richard. “What You Need To Know About Mergers & Acquisitions: 12 Key Considerations When Selling Your Company.” Forbes, 27 Aug. 2018. Web.

    Hope, Michele. “M&A Integration: New Ways To Contain The IT Cost Of Mergers, Acquisitions And Migrations.” Iron Mountain, n.d. Web.

    “How Agile Project Management Principles Can Modernize M&A.” Business.com, 13 April 2020. Web.

    Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 Jan. 2013. Web.

    Kanter, Rosabeth Moss. “What We Can Learn About Unity from Hostile Takeovers.” Harvard Business Review, 12 Nov. 2020. Web.

    Koller, Tim, et al. “Valuation: Measuring and Managing the Value of Companies, 7th edition.” McKinsey & Company, 2020. Web.

    Labate, John. “M&A Alternatives Take Center Stage: Survey.” The Wall Street Journal, 30 Oct. 2020. Web.

    Lerner, Maya Ber. “How to Calculate ROI on Infrastructure Automation.” DevOps.com, 1 July 2020. Web.

    Loten, Angus. “Companies Without a Tech Plan in M&A Deals Face Higher IT Costs.” The Wall Street Journal, 18 June 2019. Web.

    Low, Jia Jen. “Tackling the tech integration challenge of mergers today” Tech HQ, 6 Jan. 2020. Web.

    Lucas, Suzanne. “5 Reasons Turnover Should Scare You.” Inc. 22 March 2013. Web.

    “M&A Trends Survey: The future of M&A. Deal trends in a changing world.” Deloitte, Oct. 2020. Web.

    Maheshwari, Adi, and Manish Dabas. “Six strategies tech companies are using for successful divesting.” EY, 1 Aug. 2020. Web.

    Majaski, Christina. “Mergers and Acquisitions: What's the Difference?” Investopedia, 30 Apr. 2021.

    “Mergers & Acquisitions: Top 5 Technology Considerations.” Teksetra, 21 Jul. 2020. Web.

    “Mergers Acquisitions M&A Process.” Corporate Finance Institute, n.d. Web.

    “Mergers and acquisitions: A means to gain technology and expertise.” DLA Piper, 2020. Web.

    Nash, Kim S. “CIOs Take Larger Role in Pre-IPO Prep Work.” The Wall Street Journal, 5 March 2015. Web.

    O'Connell, Sean, et al. “Divestitures: How to Invest for Success.” McKinsey, 1 Aug. 2015. Web

    Paszti, Laila. “Canada: Emerging Trends In Information Technology (IT) Mergers And Acquisitions.” Mondaq, 24 Oct. 2019. Web.

    Patel, Kiison. “The 8 Biggest M&A Failures of All Time” Deal Room, 9 Sept. 2021. Web.

    Peek, Sean, and Paula Fernandes. “What Is a Vision Statement?” Business News Daily, 7 May 2020. Web.

    Ravid, Barak. “How divestments can re-energize the technology growth story.” EY, 14 July 2021. Web.

    Ravid, Barak. “Tech execs focus on growth amid increasingly competitive M&A market.” EY, 28 April 2021. Web.

    Resch, Scott. “5 Questions with a Mergers & Acquisitions Expert.” CIO, 25 June 2019. Web.

    Salsberg, Brian. “Four tips for estimating one-time M&A integration costs.” EY, 17 Oct. 2019. Web.

    Samuels, Mark. “Mergers and acquisitions: Five ways tech can smooth the way.” ZDNet, 15 Aug. 2018. Web.

    “SAP Divestiture Projects: Options, Approach and Challenges.” Cognizant, May, 2014. Web.

    Steeves, Dave. “7 Rules for Surviving a Merger & Acquisition Technology Integration.” Steeves and Associates, 5 Feb. 2020. Web.

    Tanaszi, Margaret. “Calculating IT Value in Business Terms.” CSO, 27 May 2004. Web.

    “The CIO Playbook. Nine Steps CIOs Must Take For Successful Divestitures.” SNP, 2016. Web.

    “The Role of IT in Supporting Mergers and Acquisitions.” Cognizant, Feb. 2015. Web.

    Torres, Roberto. “M&A playbook: How to prepare for the cost, staff and tech hurdles.” CIO Dive, 14 Nov. 2019. Web.

    “Valuation Methods.” Corporate Finance Institute, n.d. Web.

    Weller, Joe. “The Ultimate Guide to the M&A Process for Buyers and Sellers.” Smartsheet, 16 May 2019. Web.

    Build Your Enterprise Innovation Program

    • Buy Link or Shortcode: {j2store}104|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $100,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • You don’t know where to start when it comes to building an innovation program for your organization.
    • You need to create a culture of innovation in your business, department, or team.
    • Past innovation efforts have been met with resistance and cynicism.
    • You don’t know what processes you need to support business-led innovation.

    Our Advice

    Critical Insight

    Innovation is about people, not ideas or processes. Innovation does not require a formal process, a dedicated innovation team, or a large budget; the most important success factor for innovation is culture. Companies that facilitate innovative behaviors like growth mindset, collaboration, and taking smart risks are most likely to see the benefits of innovation.

    Impact and Result

    • Outperform your peers by 30% by adopting an innovative approach to your business.
    • Move quickly to launch your innovation practice and beat the competition.
    • Develop the skills and capabilities you need to sustain innovation over the long term.

    Build Your Enterprise Innovation Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Your Enterprise Innovation Program Storyboard – A step-by-step process to create the innovation culture, processes, and tools you need for business-led innovation.

    This storyboard includes three phases and nine activities that will help you define your purpose, align your people, and build your practice.

    • Build Your Enterprise Innovation Program – Phases 1-3

    2. Innovation Program Template – An executive communication deck summarizing the outputs from this research.

    Use this template in conjunction with the activities in the main storyboard to create and communicate your innovation program. This template uses sample data from a fictional retailer, Acme Corp, to illustrate an ideal innovation program summary.

    • Innovation Program Template

    3. Job Description – Chief Innovation Officer

    This job description can be used to hire your Chief Innovation Officer. There are many other job descriptions available on the Info-Tech website and referenced within the storyboard.

    • Chief Innovation Officer

    4. Innovation Ideation Session Template – Use this template to facilitate innovation sessions with the business.

    Use this framework to facilitate an ideation session with members of the business. Instructions for how to customize the information and facilitate each section is included within the deck.

    • Innovation Ideation Session Template

    5. Initiative Prioritization Workbook – Use this spreadsheet template to easily and transparently prioritize initiatives for pilot.

    This spreadsheet provides an analytical and transparent method to prioritize initiatives based on weighted criteria relevant to your business.

    • Initiative Prioritization Workbook

    Infographic

    Workshop: Build Your Enterprise Innovation Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your Ambitions

    The Purpose

    Define your innovation ambitions.

    Key Benefits Achieved

    Gain a better understanding of why you are innovating and what your organization will gain from an innovation program.

    Activities

    1.1 Understand your innovation mandate.

    1.2 Define your innovation ambitions.

    1.3 Determine value proposition & metrics.

    Outputs

    Complete the "Our purpose" section of the Innovation Program Template

    Complete "Vision and guiding principles" section

    Complete "Scope and value proposition" section

    Success metrics

    2 Align Your People

    The Purpose

    Build a culture, operating model, and team that support innovation.

    Key Benefits Achieved

    Develop a plan to address culture gaps and identify and implement your operating model.

    Activities

    2.1 Foster a culture of innovation.

    2.2 Define your operating model.

    Outputs

    Complete "Building an innovative culture" section

    Complete "Operating model" section

    3 Develop Your Capabilities

    The Purpose

    Create the capability to facilitate innovation.

    Key Benefits Achieved

    Create a resourcing plan and prioritization templates to make your innovation program successful.

    Activities

    3.1 Build core innovation capabilities.

    3.2 Develop prioritization criteria.

    Outputs

    Team structure and resourcing requirements

    Prioritization spreadsheet template

    4 Build Your Program

    The Purpose

    Finalize your program and complete the final deliverable.

    Key Benefits Achieved

    Walk away with a complete plan for your innovation program.

    Activities

    4.1 Define your methodology to pilot projects.

    4.2 Conduct a program retrospective.

    Outputs

    Complete "Operating model" section in the template

    Notable wins and goals

    Further reading

    Build Your Enterprise Innovation Program

    Transform your business by adopting the culture and practices that drive innovation.

    Analyst Perspective

    Innovation is not about ideas, it's about people.

    Many organizations stumble when implementing innovation programs. Innovation is challenging to get right, and even more challenging to sustain over the long term.

    One of the common stumbling blocks we see comes from organizations focusing more on the ideas and the process than on the culture and the people needed to make innovation a way of life. However, the most successful innovators are the ones which have adopted a culture of innovation and reinforce innovative behaviors across their organization. Organizational cultures which promote growth mindset, trust, collaboration, learning, and a willingness to fail are much more likely to produce successful innovators.

    This research is not just about culture, but culture is the starting point for innovation. My hope is that organizations will go beyond the processes and methodologies laid out here and use this research to dramatically improve their organization's performance.

    Kim Rodriguez

    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    As a leader in your organization, you need to:

    • Understand your organization's innovation goals.
    • Create an innovation program or structure.
    • Develop a culture of innovation across your team or organization.
    • Demonstrate an ability to innovate and grow the business.

    Common Obstacles

    In the past, you might have experienced one or more of the following:

    • Innovation initiatives lose momentum.
    • Cynicism and distrust hamper innovation.
    • Innovation efforts are unfocused or don't provide the anticipated value.
    • Bureaucracy has created a bottleneck that stifles innovation.

    Info-Tech's Approach

    This blueprint will help you:

    • Understand the different types of innovation.
    • Develop a clear vision, scope, and focus.
    • Create organizational culture and behaviors aligned with your innovation ambitions.
    • Adopt an operational model and methodologies best suited for your culture, goals, and budget.
    • Successfully run a pilot program.

    Info-Tech Insight

    There is no single right way to approach innovation. Begin with an understanding of your innovation ambitions, your existing culture, and the resources available to you, then adopt the innovation operating model that is best suited to your situation.

    Note: This research is written for the individual who is leading the development of the innovation. This role is referred to as the Chief Innovation Officer (CINO) throughout this research but could be the CIO, CTO, IT director, or another business leader.

    Why is innovation so challenging?

    Most organizations want to be innovative, but very few succeed.

    • Bureaucracy slows innovation: Innovation requires speed – it is important to fail fast and early so you can iterate to improve the final solution. Small, agile organizations like startups tend to be more risk tolerant and can move more quickly to iterate on new ideas compared to larger organizations.
    • Change is uncomfortable: Most people are profoundly uncomfortable with failure, risk, and unknowns – three critical components of innovation. Humans are wired to think efficiently rather than innovatively, which leads to confirmation bias and lack of ingenuity.
    • You will likely fail: Innovation initiatives rarely succeed on the first try – Harvard Business Review estimates between 70% and 90% of innovation efforts fail. Organizations which are more tolerant of failure tend to be significantly more innovative than those which are not (Review of Financial Studies, 2014).

    Based on a survey of global innovation trends and practices:

    75%

    Three-quarters of companies say innovation is a top-three priority.
    Source: BCG, 2021

    30%

    But only 30% of executives say their organizations are doing it well.
    Source: BCG, 2019

    The biggest obstacles to innovation are cultural

    The biggest obstacles to innovation in large companies

    Based on a survey of 270 business leaders.
    Source: Harvard Business Review, 2018

    A bar graph from the Harvard Business Review

    The most common challenges business leaders experience relate to people and culture. Success is based on people, not ideas.

    Politics, turf wars, and a lack of alignment: territorial departments, competition for resources, and unclear roles are holding back the innovation efforts of 55% of respondents.

    FIX IT
    Senior leadership needs to be clear on the innovation goals and how business units are expected to contribute to them.

    Cultural issues: many large companies have a culture that rewards operational excellence and disincentivizes risk. A history of failed innovation attempts may result in significant resistance to new change efforts.

    FIX IT
    Cultural change takes time. Ensure you are rewarding collaboration and risk-taking, and hire people with fresh new perspectives.

    Inability to act on signals crucial to the future of the business: only 18% of respondents indicated their organization was unaware of disruptions, but 42% said they struggled with acting on leading indicators of change.

    FIX IT
    Build the ability to quickly run pilots or partner with startups and incubators to test out new ideas without lengthy review and approval processes.
    Source: Harvard Business Review, 2018

    Build Your Enterprise Innovation Program

    Define your purpose, assess your culture, and build a practice that delivers true innovation.

    An image summarizing how to define your purpose, align your people, and Build your Practice.
    1 Source: Boston Consulting Group, 2021
    2 Source: Boston Consulting Group, 2019
    3 Source: Harvard Business Review, 2018

    Use this research to outperform your peers

    A seven-year review showed that the most innovative companies outperformed the market by upwards of 30%.

    A line graph showing the Normalized Market Capitalization for 2020.

    Innovators are defined as companies that were listed on Fast Company World's 50 Most Innovative Companies for 2+ years.

    Innovation is critical to business success.

    A 25-year study by Business Development Canada and Statistics Canada showed that innovation was more important to business success than management, human resources, marketing, or finance.

    Executive brief case study

    INDUSTRY: Healthcare
    SOURCE: Interview

    Culture is critical

    This Info-Tech member is a nonprofit, community-based mental health organization located in the US. It serves about 25,000 patients per year in community, school, and clinic settings.

    This organization takes its innovation culture very seriously and has developed methodologies to assess individual and team innovation readiness as well as innovation types, which it uses to determine everyone's role in the innovation process. These assessments look at knowledge of and trust in the organization, its innovation profile, and its openness to change. Innovation enthusiasts are involved early in the process when it's important to dream big, while more pragmatic perspectives are incorporated later to improve the final solution.

    Results

    The organization has developed many innovative approaches to delivering healthcare. Notably, they have reimagined patient scheduling and reduced wait times to the extent that some patients can be seen the same day. They are also working to improve access to mental health care despite a shortage of professionals.

    Developing an Innovative Culture

    • Innovation Readiness Assessment
    • Coaching Specific to Innovation Profile
    • Innovation Enthusiasts Involved Early
    • Innovation Pragmatists Involved Later
    • High Success Rate of Innovation

    Define innovation roles and responsibilities

    A table showing key innovation roles and responsibilities.

    Info-Tech's methodology for building your enterprise innovation program

    1. Define Your Purpose

    2. Align Your People

    3. Build Your Practice

    Phase Steps

    1. Understand your mandate
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    3. Build core innovation capabilities
    1. Build your ideation and prioritization methodologies
    2. Define your pilot project methodology
    3. Conduct a program retrospective

    Phase Outcomes

    Understand where the mandate for innovation comes from, and what the drivers are for pursuing innovation. Define what innovation means to your organization, and set the vision, mission, and guiding principles. Articulate the value proposition and key metrics for measuring success.

    Understand what it takes to build an innovative culture, and what types of innovation structure are most suited to your innovation goals. Define an innovation methodology and build your core innovation capabilities and team.

    Gather ideas and understand how to assess and prioritize initiatives based on standardized metrics. Develop criteria for tracking and measuring the success of pilot projects and conduct a program retrospective.

    Innovation program taxonomy

    This research uses the following common terms:

    Innovation Operating Model
    The operating model describes how the innovation program delivers value to the organization, including how the program is structured, the steps from idea generation to enterprise launch, and the methodologies used.
    Examples: Innovation Hub, Grassroots Innovation.

    Innovation Methodology
    Methodologies describe the ways the operating model is carried out, and the approaches used in the innovation practice.
    Examples: Design Thinking, Weighted Criteria Scoring

    Chief Innovation Officer
    This research is written for the person or team leading the innovation program – this might be a CINO, CIO, or other leader in the organization.

    Innovation Team
    The innovation team may vary depending on the operating model, but generally consists of the individuals involved in facilitating innovation across the organization. This may be, but does not have to be, a dedicated innovation department.

    Innovation Program
    The program for generating ideas, running pilot projects, and building a business case to implement across the enterprise.

    Pilot Project
    A way of testing and validating a specific concept in the real world through a minimum viable product or small-scale implementation. The pilot projects are part of the overall pilot program.

    Insight summary

    Innovation is about people, not ideas or processes
    Innovation does not require a formal process, a dedicated innovation team, or a large budget; the most important success factor for innovation is culture. Companies that facilitate innovative behaviors like growth mindset, collaboration, and the ability to take smart risk are most likely to see the benefits of innovation.

    Very few are doing innovation well
    Only 30% of companies consider themselves innovative, and there's a good reason: innovation involves unknowns, risk, and failure – three situations that people and organizations typically do their best to avoid. Counter this by removing the barriers to innovation.

    Culture is the greatest barrier to innovation
    In a survey of 270 business leaders, the top three most common obstacles were politics, turf wars, and alignment; culture issues; and inability to act on signals crucial to the business (Harvard Business Review, 2018). If you don't have a supportive culture, your ability to innovate will be significantly reduced.

    Innovation is a means to an end
    It is not the end itself. Don't get caught up in innovation for the sake of innovation – make sure you are getting the benefits from your investments. Measurable success factors are critical for maintaining the long-term success of your innovation engine.

    Tackle wicked problems
    Innovative approaches are better at solving complex problems than traditional practices. Organizations that prioritize innovation during a crisis tend to outperform their peers by over 30% and improve their market position (McKinsey, 2020).

    Innovate or die
    Innovation is critical to business growth. A 25-year study showed that innovation was more important to business success than management, human resources, marketing, or finance (Statistics Canada, 2006).

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Sample Job Descriptions and Organization Charts

    Determine the skills, knowledge, and structure you need to make innovation happen.

    Sample Job Descriptions and Organization Charts

    Ideation Session Template

    Facilitate an ideation session with your staff to identify areas for innovation.

    Ideation Session Template

    Initiative Prioritization Workbook

    Evaluate ideas to identify those which are most likely to provide value.

    Prioritization Workbook

    Key deliverable:

    Enterprise Innovation Program Summary

    Communicate how you plan to innovate with a report summarizing the outputs from this research.

    Enterprise Innovation Program Summary

    Measure the value of this research

    US businesses spend over half a trillion dollars on innovation annually. What are they getting for it?

    • The top innovators(1) typically spend 5-15% of their budgets on innovation (including R&D).
    • This research helps organizations develop a successful innovation program, which delivers value to the organization in the form of new products, services, and methods.
    • Leverage this research to:
      • Get your innovation program off the ground quickly.
      • Increase internal knowledge and expertise.
      • Generate buy-in and excitement about innovation.
      • Develop the skills and capabilities you need to drive innovation over the long term.
      • Validate your innovation concept.
      • Streamline and integrate innovation across the organization.

    (1) based on BCG's 50 Most Innovative Companies 2022

    30%

    The most innovative companies outperform the market by 30%.
    Source: McKinsey & Company, 2020

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided implementation

    What does a typical guided implementation (GI) on this topic look like?

    Phase 0 Phase 1 Phase 2 Phase 3 Finish

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Understand your mandate.
    (Activity 1.1)

    Call #3: Innovation vision, guiding principles, value proposition, and scope.
    (Activities 1.2 and 1.3)

    Call #4: Foster a culture of innovation. (Activity 2.1)

    Call #5: Define your methodology. (Activity 2.2)

    Call #6: Build core innovation capabilities. (Activity 2.3)

    Call #7: Build your ideation and pilot programs. (Activities 3.1 and 3.2)

    Call #8: Identify success metrics and notable wins. (Activity 3.3)

    Call #9: Summarize results and plan next steps.

    A GI is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of three to six months.

    Workshop overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 1 Session 2 Session 3 Session 4

    Wrap Up

    Activities

    Define Your Ambitions

    Align Your People

    Develop Your Capabilities

    Build Your Program

    Next Steps and
    Wrap Up (offsite)

    1. Understand your innovation mandate (complete activity prior to workshop)
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    1. Build core innovation capabilities
    2. Develop prioritization criteria
    1. Define your methodology to pilot projects
    2. Conduct a program retrospective
    1. Complete in-progress deliverables from previous four days
    2. Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Our purpose
    2. Message from the CEO
    3. Vision and guiding principles
    4. Scope and value proposition
    5. Success metrics
    1. Building an innovative culture
    2. Operating model
    1. Core capabilities and structure
    2. Idea evaluation prioritization criteria
    1. Program retrospective
    2. Notable wins
    3. Executive summary
    4. Next steps
    1. Completed enterprise innovation program
    2. An engaged and inspired team

    Phase 1: Define Your Purpose

    Develop a better understanding of the drivers for innovation and what success looks like.

    Purpose

    People

    Practice
    1. Understand your mandate
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    3. Build core innovation capabilities
    1. Build your ideation and prioritization methodologies
    2. Define your pilot project methodology
    3. Conduct a program retrospective

    This phase will walk you through the following activities:

    • Understand your innovation mandate, including its drivers, scope, and focus.
    • Define what innovation means to your organization.
    • Develop an innovation vision and guiding principles.
    • Articulate the value proposition and proposed metrics for evaluating program success.

    This phase involves the following participants:

    • CINO
    • Business executives

    Case study

    INDUSTRY: Transportation
    SOURCE: Interview

    ArcBest
    ArcBest is a multibillion-dollar shipping and logistics company which leverages innovative technologies to provide reliable and integrated services to its customers.

    An Innovative Culture Starts at the Top
    ArcBest's innovative culture has buy-in and support from the highest level of the company. Michael Newcity, ArcBest's CEO, is dedicated to finding better ways of serving their customers and supports innovation across the company by dedicating funding and resources toward piloting and scaling new initiatives.
    Having a clear purpose and mandate for innovation at all levels of the organization has resulted in extensive grassroots innovation and the development of a formalized innovation program.

    Results
    ArcBest has a legacy of innovation, going back to its early days when it developed a business intelligence solution before anything else existed on the market. It continues to innovate today and is now partnering with start-ups to further expand its innovation capabilities.

    "We don't micromanage or process-manage incremental innovation. We hire really smart people who are inspired to create new things and we let them run – let them create – and we celebrate it.
    Our dedication to innovation comes from the top – I am both the President and the Chief Innovation Officer, and innovation is one of my top priorities."

    Michael Newcity

    Michael Newcity
    President and Chief Innovation Officer ArcBest

    1.1 Understand your innovation mandate

    Before you can act, you need to understand the following:

    • Where is the drive for innovation coming from?
      The source of your mandate dictates the scope of your innovation practice – in general, innovating outside the scope of your mandate (i.e. trying to innovate on products when you don't have buy-in from the product team) will not be successful.
    • What is meant by "innovation"?
      There are many different definitions for innovation. Before pursuing innovation at your organization, you need to understand how it is defined. Use the definition in this section as a starting point, and craft your own definition of innovation.
    • What kind of innovation are you targeting?
      Innovation can be internal or external, emergent or deliberate, and incremental or radically transformative. Understanding what kind of innovation you want is the starting point for your innovation practice.

    The source of your mandate dictates the scope of your influence

    You can only influence what you can control.

    Unless your mandate comes from the CEO or Board of Directors, driving enterprise-wide innovation is very difficult. If you do not have buy-in from senior business leaders, use lighthouse projects and a smaller innovation practice to prove the value of innovation before taking on enterprise innovation.

    In order to execute on a mandate to build innovation, you don't just need buy-in. You need support in the form of resources and funding, as well as strong leadership who can influence culture and the authority to change policies and practices that inhibit innovation.

    For more resources on building relationships in your organization, refer to Info-Tech's Become a Transformational CIO blueprint.

    What is "innovation"?

    Innovation is often easier to recognize than define.

    Align on a useful definition of innovation for your organization before you embark on a journey of becoming more innovative.

    Innovation is the practice of developing new methods, products or services which provide value to an organization.

    Practice
    This does not have to be a formal process – innovation is a means to an end, not the end itself.

    New
    What does "new" mean to you?

    • New application of an existing method
    • Developing a completely original product
    • Adopting a service from another industry

    Value
    What does value mean to you? Look to your business strategy to understand what goals the organization is trying to achieve, then determine how "value" will be measured.

    Info-Tech Insight

    Some innovations are incremental, while some are radically transformative. Decide what kind of innovation you want to cultivate before developing your strategy.

    We can categorize innovation in three ways

    Evaluate your goals with respect to innovation: focus, strategy, and potential to transform.

    Focus: Where will you innovate?

    Focus

    Strategy: To what extent will you guide innovation efforts?

    Strategy

    Potential: How radical will your innovations be?

    Potential

    What are your ambitions?

    1. Develop a better understanding of what type of innovation you are trying to achieve by plotting out your goals on the categories on the left.
    2. All categories are independent of one another, so your goals may fall anywhere on the scales for each category.
    3. Understanding your innovation ambitions helps establish the operating model best suited for your innovation practice.
    4. In general, innovation which is more external, deliberate, and radical tends to be more centralized.

    Activity 1.1 Understand your innovation mandate

    1 hour

    1. Schedule a 30-minute discussion with the person (i.e. CEO) or group (i.e. Board of Directors) ultimately requesting the shift toward innovation. If there is no external party, then conduct this assessment yourself.
    2. Facilitate a discussion that addresses the following questions:
    • What is meant by "innovation"?
    • What are they hoping to achieve through innovation?
    • What is the innovation scope? Are any areas off-limits (i.e. org structure, new products, certain markets)?
    • What is the budget (i.e. people, money) they are willing to commit to innovation?
    • What type of innovation are they pursuing?
    1. Record this information and complete the "Our Purpose" section of the Innovation Program Template.

    Download the Innovation Program Template.

    Input

    • Knowledge of the key decision maker/sponsor for innovation

    Output

    • Understanding of the mandate for innovation, including definition, value, scope, budget, and type of innovation

    Materials

    • Innovation Program Template

    Participants

    • CINO
    • CEO, CTO, or Board of Directors (whoever is requesting/sponsoring the pursuit of innovation)

    1.2 Define your innovation ambitions

    Articulate your future state through a vision and guiding principles.

    • Vision and purpose make up the foundation on which all other design aspects will be based. These aspects should not be taken lightly, but rather they should be the force that aligns everyone to work toward a common outcome. It is incumbent on leaders to make them part of the DNA of the organization – to drive organization, structure, culture, and talent strategy.
    • Your vision statement is a future-focused statement that summarizes what you hope to achieve. It should be inspirational, ambitious, and concise.
    • Your guiding principles outline the guardrails for your innovation practice. What will your focus be? How will you approach innovation? What is off-limits?
    • Define the scope and focus for your innovation efforts. This includes what you can innovate on and what is off limits.

    Your vision statement is your North Star

    Articulate an ambitious, inspirational, and concise vision statement for your innovation efforts.

    A strong vision statement:

    • Is future-focused and outlines what you want to become and what you want to achieve.
    • Provides focus and direction.
    • Is ambitious, focused, and concise.
    • Answers: What problems are we solving? Who and what are we changing?

    Examples:

    • "We create radical new technologies to solve some of the world's hardest problems." – Google X, the Moonshot Factory
    • "To be the most innovative enterprise in the world." – 3M
    • "To use our imagination to bring happiness to millions of people." – Disney

    "Good business leaders create a vision, articulate the vision, passionately own the vision, and relentlessly drive it to completion." – Jack Welch, Former Chairman and CEO of GE

    Your guiding principles are the guardrails for creativity

    Strong guiding principles give your team the freedom and direction to innovate.

    Strong guiding principles:

    • Focus on the approach, i.e. how things are done, as opposed to what needs to be done.
    • Are specific to the organization.
    • Inform and direct decision making with actionable statements. Avoid truisms, general statements, and observations.
    • Are long-lasting and based on values, not solutions.
    • Are succinct and easily digestible.
    • Can be measured and verified.
    • Answers: How do we approach innovation? What are our core values

    Craft your guiding principles using these examples

    Encourage experimentation and risk-taking
    Innovation often requires trying new things, even if they might fail. We encourage experimentation and learn from failure, so that new ideas can be tested and refined.

    Foster collaboration and cross-functional teams
    Innovation often comes from the intersection of different perspectives and skill sets.

    Customer-centric
    Focus on creating value for the end user. This means understanding their needs and pain points, and using that knowledge to develop new methods, products, or services.

    Embrace diversity and inclusivity
    Innovation comes from a variety of perspectives, backgrounds, and experiences. We actively seek out and encourage diversity and inclusivity among our team members.

    Foster a culture of learning and continuous improvement
    Innovation requires continuous learning, development, and growth. We facilitate a culture that encourages learning and development, and that seeks feedback and uses it to improve.

    Flexible and adaptable
    We adapt to changes in the market, customer needs, and new technologies, so that it can continue to innovate and create value over time.

    Data-driven
    We use performance metrics and data to guide our innovation efforts.

    Transparency
    We are open and transparent in our processes and let the business needs guide our innovation efforts. We do not lead innovation, we facilitate it.

    Activity 1.2 Craft your vision statement and guiding principles

    1-2 hours

    1. Gather your innovation team and key program sponsors. Review the guidelines for creating vision statements and guiding principles, as well as your mandate and focus for innovation.
    2. As a group, discuss what you hope to achieve through your innovation efforts.
    3. Separately, have each person write down their ideas for a vision statement. Bring the group back together and share ideas. Group the concepts together and construct a single statement which outlines your aspirational vision.
    4. As a group, review the example guiding principles.
    5. Separately, have each person write down three to five guiding principles. Bring the group back together and share ideas. Group similar concepts together and consolidate duplicate ideas. From this list, construct six to eight guiding principles.
    6. Document your vision and guiding principles in the appropriate sections of the Innovation Program Template.

    Input

    • Understanding of your innovation mandate
    • Business vision, mission, and values
    • Sample vision statements and guiding principles

    Output

    • Vision statement
    • Guiding principles

    Materials

    • In person: Whiteboard/flip charts, sticky notes, pens, and notepads
    • Virtual: Consider using a shared document, virtual whiteboard, or online facilitation tool like MURAL
    • Innovation Program Template

    Participants

    • CINO
    • Innovation sponsors
    • Business leaders
    • Innovation team

    1.3 Determine your value proposition and metrics

    Justify the existence of the innovation program with a strong value proposition.

    • The value proposition for developing an innovation program will be different for each organization, depending on what the organization hopes to achieve. Consider your mandate for innovation as well as the type of innovation you are pursuing when crafting the value proposition.
    • Some of the reasons organizations may pursue innovation:
      • Business growth: Respond to market disruption; create new customers; take advantage of opportunities.
      • Branding: Create market differentiation; increase customer satisfaction and retention; adapt to customer needs.
      • Profitability: Improve products, services, or operations to increase competitiveness and profitability; develop more efficient processes.
      • Culture: Foster a culture of creativity and experimentation within the organization, encouraging employees to think outside the box.
      • Positive impact: Address social challenges such as poverty and climate change.

    Develop a strong value proposition for your innovation program

    Demonstrate the value to the business.

    A strong value proposition not only articulates the value that the business will derive from the innovation program but also provides a clear focus, helps to communicate the innovation goals, and ultimately drives the success of the program.

    Focus
    Prioritize and focus innovation efforts to create solutions that provide real value to the organization

    Communicate
    Communicate the mandate and benefits of innovation in a clear and compelling way and inspire people to think differently

    Measure Success
    Measure the success of your program by evaluating outcomes based on the value proposition

    Track appropriate success metrics for your innovation program

    Your success metrics should link back to your organizational goals and your innovation program's value proposition.

    Revenue Growth: Increase in revenue generated by new products or services.

    Market Share: Percentage of total market that the business captures as a result of innovation.

    Customer Satisfaction: Reviews, customer surveys, or willingness to recommend the company.

    Employee Engagement: Engagement surveys, performance, employee retention, or turnover.

    Innovation Output: The number of new products, services, or processes that have been developed.

    Return on Investment: Financial return on the resources invested in the innovation process.

    Social Impact: Number of people positively impacted, net reduction in emissions, etc.

    Time to Launch: The time it takes for a new product or service to go from idea to launch.

    Info-Tech Insight

    The total impact of innovation is often intangible and extremely difficult to capture in performance metrics. Focus on developing a few key metrics rather than trying to capture the full value of innovation.

    How much does innovation cost?

    Company Industry Revenue(2)
    (USD billions)     		R&D Spend
    (USD billions)     		R&D Spend
    (% of revenue)
    Apple Technology $394.30 $26.25 6.70%
    Microsoft Technology $203.10 $25.54 12.50%
    Amazon.com Retail $502.20 $67.71 13.40%
    Alphabet Technology $282.10 $37.94 13.40%
    Tesla Manufacturing $74.90 $3.01 4.00%
    Samsung Technology $244.39 (2021)(3) $19.0 (2021) 7.90%
    Moderna Pharmaceuticals $23.39 $2.73 11.70%
    Huawei Technology $99.9 (2021)4 Not reported -
    Sony Technology $83.80 Not reported -
    IBM Technology $60.50 $1.61 2.70%
    Meta Software $118.10 $32.61 27.60%
    Nike Commercial goods $49.10 Not reported -
    Walmart Retail $600.10 Not reported -
    Dell Technology $105.30 $2.60 2.50%
    Nvidia Technology $28.60 $6.85 23.90%


    The top innovators(1) in the world spend 5% to 15% of their revenue on innovation.

    Innovation requires a dedicated investment of time, money, and resources in order to be successful. The most innovative companies, based on Boston Consulting Group's ranking of the 50 most innovative companies in the world, spend significant portions of their revenue on research and development.

    Note: This data uses research and development as a proxy for innovation spending, which may overestimate the total spend on what this research considers true innovation.

    (1) Based on Boston Consulting Group's ranking of the 50 most innovative companies in the world, 2022
    (2) Macrotrends, based on the 12 months ending Sept 30, 2022
    (3) Statista
    (4) CNBC, 2022

    Activity 1.3 Develop your value proposition and performance metrics

    1 hour

    1. Review your mandate and vision statement. Write down your innovation goals and desired outcomes from pursuing innovation, prioritize the desired outcomes, and select the top five.
    2. For each desired outcome, develop one to two metrics which could be used to track its success. Some outcomes are difficult to track, so get creative when it comes to developing metrics. If you get stuck, think about what would differentiate a great outcome from an unsuccessful one.
    3. Once you have developed a list of three to five key metrics, read over the list and ensure that the metrics you have developed don't negatively influence your innovation. For example, a metric of the number of successful launches may drive people toward launching before a product is ready.
    4. For each metric, develop a goal. For example, you may target 1% revenue growth over the next fiscal year or 20% energy use reduction.
    5. Document your value proposition and key performance metrics in the appropriate sections of the Innovation Program Template.

    Input

    • Understanding of your innovation mandate
    • Vision statement

    Output

    • Value proposition
    • Performance metrics

    Materials

    • Innovation Program Template

    Participants

    • CINO

    Phase 2: Align Your People

    Create a culture that fosters innovative behaviors and puts processes in place to support them.

    Purpose

    People

    Practice

    1. Understand your mandate
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    3. Build core innovation capabilities
    1. Build your ideation and prioritization methodologies
    2. Define your pilot project methodology
    3. Conduct a program retrospective

    This phase will walk you through the following activities:

    • Understand the key aspects of innovative cultures, and the behaviors associated with innovation.
    • Assess your culture and identify gaps.
    • Define your innovation operating model based on your organizational culture and the focus for innovation.
    • Build your core innovation capabilities, including an innovation core team (if required based on your operating model).

    This phase involves the following participants:

    • CINO
    • Innovation team

    2.1 Foster a culture of innovation

    Culture is the most important driver of innovation – and the most challenging to get right.

    • Fostering a culture of innovation requires a broad approach which considers the perspectives of individuals, teams, leadership, and the overall organization.
    • If you do not have support from leadership, it is very difficult to change organizational culture. It may be more effective to start with an innovation pilot or lighthouse project in order to gain support before addressing your culture.
    • Rather than looking to change outcomes, focus on the behaviors which lead to innovation – such as growth mindset and willingness to fail. If these aren't in place, your ability to innovate will be limited.
    • This section focuses on the specific behaviors associated with increased innovation. For additional resources on implementing these changes, refer to Info-Tech's other research:

    Info-Tech's Fix Your IT Culture can help you promote innovative behaviors

    Refer to Improve IT Team Effectiveness to address team challenges

    Build a culture of innovation

    Focus on behaviors, not outcomes.

    The following behaviors and key indicators either stifle or foster innovation.

    Stifles Innovation Key Indicators Fosters Innovation Key Indicators
    Fixed mindset "It is what it is" Growth mindset "I wonder if there's a better way"
    Performance focused "It's working fine" Learning focused "What can we learn from this?"
    Fear of reprisal "I'll get in trouble" Psychological safety "I can disagree"
    Apathy "We've always done it this way" Curiosity "I wonder what would happen if…"
    Cynicism "It will never work" Trust "You have good judgement"
    Punishing failure "Who did this?" Willingness to fail "It's okay to make mistakes"
    Individualism "How does this benefit me?" Collaboration "How does this benefit us?"
    Homogeneity "We never disagree" Diversity and inclusion "We appreciate different views"
    Excessive bureaucracy "We need approval" Autonomy "I can do this"
    Risk avoidance "We can't try that" Appropriate risk-taking "How can we do this safely?"

    Ensure you are not inadvertently stifling innovation.
    Review the following to ensure that the desired behaviors are promoted:

    • Hiring practices
    • Performance evaluation metrics
    • Rewards and incentives
    • Corporate policies
    • Governance structures
    • Leadership behavior

    Case study

    INDUSTRY: Commercial Real Estate and Retail
    SOURCE: Interview

    How not to approach innovation.

    This anonymous national organization owned commercial properties across the country and had the goal of becoming the most innovative real estate and retail company in the market.

    The organization pursued innovation in the digital solutions space across its commercial and retail properties. Within this space, there were significant differences in risk tolerance across teams, which resulted in the more risk-tolerant teams excluding the risk-averse members from discussions in order to circumvent corporate policies on risk tolerance. This resulted in an adversarial and siloed culture where each group believed they knew better than the other, and the more risk-averse teams felt like they were policing the actions of the risk-tolerant group.

    Results

    Morale plummeted, and many of the organization's top people left. Unfortunately, one of the solutions did not meet regulatory requirements, and the company faced negative media coverage and legal action. There was significant reputational damage as a result.

    Lessons Learned

    Considering differences in risk tolerance and risk appetite is critical when pursuing innovation. While everyone doesn't have to agree, leadership needs to understand the different perspectives and ensure that no one party is dominating the conversation over the others. An understanding of corporate risk tolerance and risk appetite is necessary to drive innovation.

    All perspectives have a place in innovation. More risk tolerant perspectives should be involved early in the ideas-generation phase, and risk-averse perspectives should be considered later when ideas are being refined.

    Speed should not override safety or circumvent corporate policies.

    Understand your risk tolerance and risk appetite

    Evaluate and align the appetite for risk.

    • It is important to understand the organization's risk tolerance as well as the desire for risk. Consider the following risk categories when investigating the organization's views on risk:
      • Financial risk: the potential for financial or property loss.
      • Operational risk: the potential for disruptions to operations.
      • Reputational risk: the potential for negative impact to brand or reputation.
      • Compliance risk: the potential for loss due to non-compliance with laws and regulations.
    • Greater risk tolerance typically enables greater innovation. Understand the varying levels of risk tolerance across your organization, and how these differences might impact innovation efforts.

    An arrow showing the directions of risk tolerance.

    It is more important to match the level of risk tolerance to the degree of innovation required. Not all innovation needs to be (or can feasibly be) disruptive.
    Many factors impact risk tolerance including:

    • Regulation
    • Organization size
    • Country
    • Industry
    • Personal experience
    • Type of risk

    Use Info-Tech's Security Risk Management research to better understand risk tolerance

    Activity 2.1 Assess your innovation culture

    1-3 hours

    1. Review the behaviors which support and stifle innovation and give each behavior a score from 1 (stifling innovation) to 5 (fostering innovation). Any behaviors which fall below a 4 on this scale should be prioritized in your efforts to create an innovative culture.
    2. Review the following policies and practices to determine how they may be contributing to the behaviors you see in your organization:
      1. Hiring practices
      2. Performance evaluation metrics
      3. Rewards, recognition, and incentives
      4. Corporate policies
      5. Governance structures
      6. Leadership behavior
    3. Identify three concrete actions you can take to correct any behaviors which are stifling innovation. Examples might be revising a policy which punishes failure or changing performance incentives to reward appropriate risk taking.
    4. Summarize your findings in the appropriate section of the Innovation Program Template.

    Input

    • Innovation behaviors

    Output

    • Understanding of your organization's culture
    • Concrete actions you can take to promote innovation

    Materials

    • List of innovative behaviors
    • Relevant policies and documents to review
    • Innovation Program Template

    Participants

    • CINO

    2.2 Define your innovation model

    Set up your innovation practice for success using proven models and methodologies.

    • There are many ways to approach innovation, from highly distributed forms where it's just part of everyone's job to very centralized and arm's-length innovation hubs or even outsourced innovation via startups. You can combine different approaches to create your own approach.
    • You may or may not have a formal innovation team, but if you do, their role is to facilitate innovation – not lead it. Innovation is most effective when it is led by the business.
    • There are many tools and methodologies you can use to facilitate innovation. Choose the one (or combination) that best suits your needs.

    Select the right model

    There is no one right way to pursue innovation, but some methods are better than others for specific situations and goals. Consider your existing culture, your innovation goals, and your budget when selecting the right methodology for your innovation.

    Model Description Advantages Disadvantages Good when…
    Grassroots Innovation Innovation is the responsibility of everyone, and there is no centralized innovation team. Ideas are piloted and scaled by the person/team which produces it.
    • Can be used in any organization or team
    • Can support low or high degree of structure
    • Low funding requirement
    • Requires a strong innovation culture
    • Often does not produce results since people don't have time to focus on innovation
    • Innovation culture is strong
    • Funding is limited
    • Goal is internal, incremental innovation
    Community of Practice Innovation is led by a cross-divisional Community of Practice (CoP) which includes representation from across the business. Champions consult with their practice areas and bring ideas forward.
    • Bringing people together can help stimulate and share ideas
    • Low funding requirement
    • Able to support many types of innovation
    • Some people may feel left out if they can't be involved
    • May not produce results if people are too busy to dedicate time to innovate
    • Innovation culture is present
    • Funding is limited
    • Goal is incremental or disruptive innovation
    Innovation Enablement
    *Most often recommended*     		A dedicated innovation team with funding set aside to support pilots with a high degree of autonomy, with the role of facilitating business-led innovation.
    • Most flexible of all options
    • Supports business-led innovation
    • Can deliver results quickly
    • Can enable a higher degree of innovation
    • Requires dedicated staff and funding
    • Innovation culture is present
    • Funding is available
    • Goal is internal or external, incremental or radical innovation
    Center of Excellence Dedicated team responsible for leading innovation on behalf of the organization. Generally, has business relationship managers who gather ideas and liaise with the business.
    • Can deliver results quickly
    • Can offer a fresh perspective
    • Can enable a higher degree of innovation
    • Requires dedicated staff and funding
    • Is typically separate from the business
    • Results may not align with the business needs or have adequate input
    • Innovation culture is weak
    • Funding is significant
    • Goal is external, disruptive innovation
    Innovation Hub An arm's length innovation team is responsible for all or much of the innovation and may not interact much with the core business.
    • Can deliver results quickly
    • Can be extremely innovative
    • Expensive
    • Results may not align with the business needs or have adequate/any input
    • Innovation culture is weak
    • Funding is very significant
    • Goal is external, radical innovation
    Outsourced Innovation Innovation is outsourced to an external organization which is not linked to the primary organization. This can take the form of working with or investing in startups.
    • Can lead to more innovative ideas than internal innovation
    • Investments can become a diverse revenue stream if startups are successful
    • Innovation does not rely on culture
    • Higher risk of failure
    • Less control over goals or focus
    • Results may not align with the business needs or have any input from users
    • Innovation does not rely on culture
    • Funding is significant
    • Goal is external or internal, radical innovation

    Use the right methodologies to support different stages of your innovation process

    A chart showing methodologies to support different stages of the integration process.

    Adapted from Niklaus Gerber via Medium, 2022

    Methodologies are most useful when they are aligned with the goals of the innovation organization.

    For example, design thinking tends to be excellent for earlier innovation planning, while Agile can allow for faster implementation and launch of initiatives later in the process.

    Consider combining two or more methodologies to create a custom approach that best suits your organization's capabilities and goals.

    Sample methodologies

    A robust innovation methodology ensures that the process for developing, prioritizing, selecting, implementing, and measuring initiatives is aligned with the results you are hoping to achieve.

    Different types of problems (drivers for innovation) may necessitate different methodologies, or a combination of methodologies.

    Hackathon: An event which brings people together to solve a well-defined problem.

    Design Thinking: Creative approach that focuses on understanding the needs of users.

    Lean Startup: Emphasizes rapid experimentation in order to validate business hypotheses.

    Design Sprint: Five-day process for answering business questions via design, prototyping, and testing.

    Agile: Iterative design process that emphasizes project management and retrospectives.

    Three Horizons: Framework that looks at opportunities on three different time horizons.

    Innovation Ambition Matrix: Helps organizations categorize projects as part of the core offering, an adjacent offering, or completely new.

    Global Innovation Management: A process of identifying, developing and implementing new ideas, products, services, or processes using alternative thinking.

    Blue Ocean Strategy: A methodology that helps organizations identify untapped market space and create new markets via unique value propositions.

    Activity 2.2 Design your innovation model

    1-2 hours

    1. Think about the following factors which influence the design of your innovation practice:
      1. Existing organizational culture
      2. Available funding to support innovation
      3. Type of innovation you are targeting
    2. Review the innovation approaches, and identify which approach is most suitable for your situation. Note why this approach was selected.
    3. Review the innovation methodologies and research those of interest. Select two to five methodologies to use for your innovation practice.
    4. Document your decisions in the Innovation Program Template.

    Input

    • Understanding of your mandate and existing culture

    Output

    • Innovation approach
    • Selected methodologies

    Materials

    • Innovation Program Template

    Participants

    • CINO
    • Innovation team

    2.3 Build your core innovation capabilities

    Develop the skills, knowledge, and experience to facilitate successful innovation.

    • Depending on the approach you selected in step 2.2, you may or may not require a dedicated innovation team. If you do, use the job descriptions and sample organization charts to build it. If not, focus on developing key capabilities which are needed to facilitate innovation.
    • Diversity is key for successful innovation – ensure your team (formal or otherwise) includes diverse perspectives and backgrounds.
    • Use your guiding principles when hiring and training your team.
    • Focus on three core roles: evangelists, enablers, and experts.

    Focus on three key roles when building your innovation team

    Types of roles will depend on the purpose and size of the innovation team.

    You don't need to grow them all internally. Consider partnering with vendors and other organizations to build capabilities.

    Evangelists

    Visionaries who inspire, support, and facilitate innovation across the business. Their responsibilities are to drive the culture of innovation.

    Key skills and knowledge:

    • Strong communication skills
    • Relationship-building
    • Consensus-building
    • Collaboration
    • Growth mindset

    Sample titles:

    • CINO
    • Chief Transformation Officer
    • Chief Digital Officer
    • Innovation Lead
    • Business Relationship Manager

    Enablers

    Translate ideas into tangible business initiatives, including assisting with business cases and developing performance metrics.

    Key skills and knowledge:

    • Critical thinking skills
    • Business knowledge
    • Facilitation skills
    • Consensus-building
    • Relationship-building

    Sample titles:

    • Product Owner
    • Design Thinking Lead
    • Data Scientist
    • Business Analyst
    • Human Factors Engineer
    • Digital Marketing Specialist

    Experts

    Provide expertise in product design, delivery and management, and responsible for supporting and executing on pilot projects.

    Key skills and knowledge:

    • Project management skills
    • Technical expertise
    • Familiarity with emerging technologies
    • Analytical skills
    • Problem-solving skills

    Sample titles:

    • Product Manager
    • Scrum Master/Agile Coach
    • Product Engineer/DevOps
    • Product Designer
    • Emerging tech experts

    Sample innovation team structure (large enterprise)

    Visualize the whole value delivery process end-to-end to help identify the types of roles, resources, and capabilities required. These capabilities can be sourced internally (i.e. grow and hire internally) or through collaboration with centers of excellence, commercial partners, etc.

    A flow chart of a sample innovation team structure.

    Streamline your process by downloading Info-Tech's job description templates:

    Activity 2.3 Build your innovation team

    2-3 hours

    1. Review your work from the previous activities as well as the organizational structure and the job description templates.
    2. Start a list with two columns: currently have and needed. Start listing some of the key roles and capabilities from earlier in this step, categorizing them appropriately.
    3. If you are using an organizational structure for your innovation process, start to frame out the structure and roles for your team.
    4. Develop a list of roles you need to hire, and the key capabilities you need from candidates. Using the job descriptions, write job postings for each role.
    5. Record your work in the appropriate section of the Innovation Program Template.

    Input

    • Previous work
    • Info-Tech job description templates

    Output

    • List of capabilities required
    • Org chart
    • Job postings for required roles

    Materials

    • Note-taking capability
    • Innovation Program Template

    Participants

    • CINO

    Related Info-Tech Research

    Fix Your IT Culture

    • Promote psychological safety and growth mindset within your organization.
    • Develop the organizational behaviors that lead to innovation.

    Improve IT Team Effectiveness

    • Address behaviors, processes, and cultural factors which impact team effectiveness.
    • Grow the team's ability to address challenges and navigate volatile, uncertain, complex and ambiguous environments.

    Master Organizational Change Management Practices

    • Transformation and change are increasingly becoming the new normal. While this normality may help make people more open to change in general, specific changes still need to be planned, communicated, and managed. Agility and continuous improvement are good but can degenerate into volatility if change isn't managed properly.

    Phase 3: Build Your Practice

    Define your innovation process, streamline pilot projects, and scale for success.

    Purpose

    People

    Practice

    1. Understand your mandate
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    3. Build core innovation capabilities
    1. Build your ideation and prioritization methodologies
    2. Define your pilot project methodology
    3. Conduct a program retrospective

    This phase will walk you through the following activities:

    • Build the methodologies needed to elicit ideas from the business.
    • Develop criteria to evaluate and prioritize ideas for piloting.
    • Define your pilot program methodologies and processes, including criteria to assess and compare the success of pilot projects.
    • Conduct an end-of-year program retrospective to evaluate the success of your innovation program.

    This phase involves the following participants:

    • CINO
    • Innovation team

    Case study

    INDUSTRY: Government
    SOURCE: Interview

    Confidential US government agency

    The business applications group at this government agency strongly believes that innovation is key to progress and has instituted a formal innovation program as part of their agile operations. The group uses a Scaled Agile Framework (SAFe) with 2-week sprints and a 12-week program cycle.

    To support innovation across the business unit, the last sprint of each cycle is dedicated toward innovation and teams do not commit to any other during these two weeks. At the end of each innovation sprint, ideas are presented to leadership and the valuable ones were either implemented initially or were given time in the next cycle of sprints for further development. This has resulted in a more innovative culture across the practice.

    Results

    There have been several successful innovations since this process began. Notably, the agency had previously purchased a robotic process automation platform which was only being used for a few specific applications. One team used their innovation sprint to expand the use cases for this solution and save nearly 10,000 hours of effort.

    Standard 12-week Program Cycle
    An image of a standard 12-week program

    Design your innovation operating model to maximize value and learning opportunities

    Pilots are an iterative process which brings together innovators and business teams to test and evaluate ideas.

    Your operating model should include several steps including ideation, validation, evaluation and prioritization, piloting, and a retrospective which follows the pilot. Use the example on this slide when designing your own innovation operating model.

    An image of the design process for innovation operation model.

    3.1 Build your ideation and prioritization methodologies

    Engage the business to generate ideas, then prioritize based on value to the business.

    • There are many ways of generating ideas, from informal discussion to formal ideation sessions or submission forms. Whatever you decide to use, make sure that you're getting the right information to evaluate ideas for prioritization.
    • Use quantitative and qualitative metrics to evaluate ideas generated during the ideation process.
      • Quantitative metrics might include potential return on investment (ROI) or effort and resources required to implement.
      • Qualitative metrics might include alignment with the organizational strategy or the level of risk associated with the idea.

    Engage the business to generate ideas

    There are many ways of generating innovative ideas. Pick the methods that best suit your organization and goals.

    Design Thinking
    A structured approach that encourages participants to think creatively about the needs of the end user.

    An image including the following words: Empathize, Define; Ideate; Test.

    Ideation Workshop
    A formal session that is used to understand a problem then generate potential solutions. Workshops can incorporate the other methodologies (such as brainstorming, design thinking, or mind mapping) to generate ideas.

    • Define the problem
    • Generate ideas
    • Capture ideas
    • Evaluate and prioritize
    • Assign next steps

    Crowdsourcing
    An informal method of gathering ideas from a large group of people. This can be a great way to generate many ideas but may lack focus.

    Value Proposition Canvas
    A visual tool which helps to identify customer (or user) needs and design products and services that meet those needs.

    an image of the Value Proposition Canvas

    Evaluate ideas and focus on those with the greatest value

    Evaluation should be transparent and use both quantitative and qualitative metrics. The exact metrics used will depend on your organization and goals.

    It is important to include qualitative metrics as these dimensions are better suited to evaluating highly innovative ideas and can capture important criteria like alignment with overall strategy and feasibility.

    Develop 5 to 10 criteria that you can use to evaluate and prioritize ideas. Some criteria may be a pass/fail (for example, minimum ROI) and some may be comparative.

    Evaluate
    The first step is to evaluate ideas to determine if they meet the minimum criteria. This might include quantitative criteria like ROI as well as qualitative criteria like strategic alignment and feasibility.

    Prioritize
    Ideas that pass the initial evaluation should be prioritized based on additional criteria which might include quantitative criteria such as potential market size and cost to implement, and qualitative criteria such as risk, impact, and creativity.

    Quantitative Metrics

    Quantitative metrics are objective and easily comparable between initiatives, providing a transparent and data-driven process for evaluation and prioritization.
    Examples:

    • Potential market size
    • ROI
    • Net present value
    • Payback period
    • Number of users impacted
    • Customer acquisition cost
    • Customer lifetime value
    • Breakeven analysis
    • Effort required to implement
    • Cost to implement

    Qualitative Metrics

    Qualitative metrics are less easily comparable but are equally important when it comes to evaluating ideas. These should be developed based on your organization strategy and innovation goals.
    Examples:

    • Strategy alignment
    • Impact on users
    • Uncertainty and risk
    • Innovation potential
    • Culture impact
    • Feasibility
    • Creativity and originality
    • Type of innovation

    Activity 3.1 Develop prioritization metrics

    1-3 hours

    1. Review your mandate, purpose, innovation goals and the sample prioritization and evaluation metrics.
    2. Write down a list of your goals and their associated metrics, then prioritize which are the most important.
    3. Determine which metrics will be used to evaluate ideas before they move on to the prioritization stage, and which metrics will be used to compare initiatives in order to determine which will receive further investment.
    4. For each evaluation metric, determine the minimum threshold required for an idea to move forward. For each prioritization metric identify the definition and how it will be evaluated. Qualitative metrics may require more precise definitions than quantitative metrics.
    5. Enter your metrics into the Initiative Prioritization Template.

    Input

    • Innovation mandate
    • Innovation goals
    • Sample metrics

    Output

    • Evaluation and prioritization metrics for ideas

    Materials

    • Whiteboard/Flip charts
    • Innovation Program Template

    Participants

    • Innovation leader

    Download the Initiative Prioritization Template

    3.2 Build your program to pilot initiatives

    Test and refine ideas through real-world pilot projects.

    • The purpose of your pilot is to test and refine ideas in the real world. In order to compare pilot projects, it's important to track key performance indicators throughout the pilot. Measurements should be useful and comparable.
    • Innovation facilitators are responsible for supporting pilot projects, including designing the pilot, setting up metrics, tracking outcomes, and facilitating retrospectives.
    • Pilots generally follow an Agile methodology where ideas may be refined as the pilot proceeds, and the process iterates until either the idea is discarded or it has been refined into an initiative which can be scaled.
    • Expect that most pilots will fail the first time, and many will fail completely. This is not a loss; lessons learned from the retrospective can be used to improve the process and later pilots.

    Use pilot projects to test and refine initiatives before scaling to the rest of the organization

    "Learning is as powerful as the outcome." – Brett Trelfa, CIO, Arkansas Blue Cross

    1. Clearly define the goals and objectives of the pilot project. Goals and objectives ensure that the pilot stays on track and can be measured.
    2. Your pilot group should include a variety of participants with diverse perspectives and skill sets, in order to gather unique insights.
    3. Continuously track the progress of the pilot project. Regularly identify areas of improvement and implement changes as necessary to refine ideas.
    4. Regularly elicit feedback from participants and iterate in order to improve the final innovation. Not all pilots will be successful, but every failure can help refine future solutions.
    5. Consider scalability. If the pilot project is successful, it should be scalable and the lessons learned should be implemented in the larger organization.

    Sample pilot metrics

    Metrics are used to validate and test pilot projects to ensure they deliver value. This is an important step before scaling to the rest of the organization.

    Adoption: How many end users have adopted the pilot solution?

    Utilization: Is the solution getting utilized?

    Support Requests: How many support requests have there been since the pilot was initiated?

    Value: Is the pilot delivering on the value that it proposed? For example, time savings.

    Feasibility: Has the feasibility of the solution changed since it was first proposed?

    Satisfaction: Focus groups or surveys can provide feedback on user/customer satisfaction.

    A/B Testing: Compare different methods, products or services.

    Info-Tech Insight

    Ensure standard core metrics are used across all pilot projects so that outcomes can be compared. Additional metrics may be used to refine and test hypotheses through the pilot process.

    Activity 3.2 Build your program to pilot initiatives

    1-2 hours

    1. Gather the innovation team and review your mandate, purpose, goals, and the sample innovation operating model and metrics.
    2. As a group, brainstorm the steps needed from idea generation to business case. Use sticky notes if in person, or a collaboration tool if remote.
    3. Determine the metrics that will be used to evaluate ideas at each decision step (for example, prior to piloting). Outline what the different decisions might be (for example, proceed, refine or discard) and what happens as a result of each decision.
    4. Document your final steps and metrics in the Innovation Program Template.

    Input

    • Innovation mandate
    • Innovation goals
    • Sample metrics

    Output

    • Pilot project methodology
    • Pilot project metrics

    Materials

    • Innovation Program Template
    • Sticky notes (in person) or digital collaboration tool (if remote)

    Participants

    • Innovation leader
    • Innovation team

    3.3 Conduct a program retrospective

    Generate value from your successful pilots by scaling ideas across the organization.

    • The final step in the innovation process is to scale ideas to the enterprise in order to realize the full potential.
    • Keeping track of notable wins is important for showing the value of the innovation program. Track performance of initiatives that come out of the innovation program, including their financial, cultural, market, and brand impacts.
    • Track the success of the innovation program itself by evaluating the number of ideas generated, the number of pilots run and the success of the pilots. Keep in mind that many failed pilots is not a failure of the program if the lessons learned were valuable.
    • Complete an innovation program retrospective every 6 to 12 months in order to adjust and make any changes if necessary to improve your process.

    Retrospectives should be objective, constructive, and action-oriented

    A retrospective is a review of your innovation program with the aim of identifying lessons learned, areas for improvement, and opportunities for growth.

    During a retrospective, the team will reflect on past experiences and use that information to inform future decision making and improve outcomes.

    The goal of a retrospective is to learn from the past and use that knowledge to improve in the future.

    Objective

    Ensure that the retrospective is based on facts and objective data, rather than personal opinions or biases.

    Constructive

    Ensure that the retrospective is a positive and constructive experience, with a focus on finding solutions rather than dwelling on problems.

    Action-Oriented

    The retrospective should result in a clear action plan with specific steps to improve future initiatives.

    Activity 3.3 Conduct a program retrospective

    1-2 hours

    1. Post a large piece of paper on the wall with a timeline from the last year. Include dates and a few key events, but not much more. Have participants place sticky notes in the spots to describe notable wins or milestones that they were proud of. This can be done as part of a formal meeting or asynchronously outside of meetings.
    2. Bring the innovation team together and review the poster with notable wins. Do any themes emerge? How does the team feel the program is doing? Are there any changes needed?
    3. Consider the metrics you use to track your innovation program success. Did the scaled projects meet their targets? Is there anything that could be refined about the innovation process?
    4. Evaluate the outcomes of your innovation program. Did it meet the targets set for it? Did the goals and innovation ambitions come to fruition?
    5. Complete this step every 6 to 12 months to assess the success of your program.
    6. Complete the "Notable Wins" section of the Innovation Program Template.

    Input

    • Innovation mandate
    • Innovation goals
    • Sample metrics

    Output

    • Notable wins
    • Action items for refining the innovation process

    Materials

    • Innovation Program Template
    • Sticky notes (in person) or digital collaboration tool (if remote)

    Participants

    • CIO
    • Innovation team
    • Others who have participated in the innovation process

    Related Info-Tech Research

    Adopt Design Thinking in Your Organization

    • A user's perspective while interacting with the products and services is very different from the organization's internal perspective while implementing and provisioning those. A design-based organization balances the two perspectives to drive user-satisfaction over end-to-end journeys.

    Prototype With an Innovation Design Sprint

    • Build and test a prototype in four days using Info-Tech's Innovation Design Sprint Methodology.
    • Create an environment for co-creation between IT and the business.

    Fund Innovation With a Minimum Viable Business Case

    • Our approach guides you through effectively designing a solution, de-risking a project through impact reduction techniques, building and pitching the case for your project, and applying the business case as a mechanism to ensure that benefits are realized.

    Summary of Accomplishment

    Congratulations on launching your innovation program!

    You have now completed your innovation strategy, covering the following topics:

    • Executive Summary
    • Our Purpose
    • Scope and Value Proposition
    • Guiding Principles
    • Building an Innovative Culture
    • Program Structure
    • Success Metrics
    • Notable Wins

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Related Info-Tech Research

    Accelerate Digital Transformation With a Digital Factory

    • Understand the foundations of good design: purpose, organizational support, and leadership.
    • Understand the design of the operating model: structure and organization, management practices, culture, environment, teams, technology platforms, and meaningful metrics and KPIs.

    Sustain and Grow the Maturity of Innovation in Your Enterprise

    • Unlock your innovation potential by looking at your innovation projects on both a macro and micro level.
    • Innovation capacity is directly linked with creativity; allow your employees' creativity to flourish using Info-Tech's positive innovation techniques.

    Define Your Digital Business Strategy

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    Research Contributors and Experts

    Kim Osborne Rodriguez

    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Kim is a professional engineer and Registered Communications Distribution Designer with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach, with a track record of supporting successful projects.
    Kim holds a Bachelor's degree in Mechatronics Engineering from University of Waterloo.

    Joanne Lee

    Joanne Lee
    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Joanne is an executive with over 25 years of experience in digital technology and management consulting across both public and private entities from solution delivery to organizational redesign across Canada and globally.
    Prior to joining Info-Tech Research Group, Joanne was a management consultant within KPMG's CIO management consulting services and the Western Canadas Digital Health Practice lead. She has held several executive roles in the industry with the most recent position as Chief Program Officer for a large $450M EHR implementation. Her expertise spans cloud strategy, organizational design, data and analytics, governance, process redesign, transformation, and PPM. She is passionate about connecting people, concepts, and capital.
    Joanne holds a Master's in Business and Health Policy from the University of Toronto and a Bachelor of Science (Nursing) from the University of British Columbia.

    Jack Hakimian

    Jack Hakimian
    Senior Vice President
    Info-Tech Research Group

    Jack has more than 25 years of technology and management consulting experience. He has served multi-billion-dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.
    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master's degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

    Michael Tweedie

    Michael Tweedie
    Practice Lead, CIO Strategy
    Info-Tech Research Group

    Mike Tweedie brings over 25 years as a technology executive. He's led several large transformation projects across core infrastructure, application, and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.
    Mike holds a Bachelor's degree in Architecture from Ryerson University.

    Mike Schembri

    Mike Schembri
    Senior Executive Advisor
    Info-Tech Research Group

    Mike is the former CIO of Fuji Xerox Australia and has 20+ years' experience serving IT and wider business leadership roles. Mike has led technical and broader business service operations teams to value and growth successfully in organizations ranging from small tech startups through global IT vendors, professional service firms, and manufacturers.
    Mike has passion for strategy and leadership and loves working with individuals/teams and seeing them grow.

    John Leidl

    John Leidl
    Senior Director, Member Services
    Info-Tech Research Group

    With over 35 years of IT experience, including senior-level VP Technology and CTO leadership positions, John has a breadth of knowledge in technology innovation, business alignment, IT operations, and business transformation. John's experience extends from start-ups to corporate enterprise and spans higher education, financial services, digital marketing, and arts/entertainment.

    Joe Riley

    Joe Riley
    Senior Workshop Director
    Info-Tech Research Group

    Joe ensures our members get the most value out of their Info-Tech memberships by scoping client needs, current state and desired business outcomes, and then drawing upon his extensive experience, certifications, and degrees (MBA, MS Ops/Org Mgt, BS Eng/Sci, ITIL, PMP, Security+, etc.) to facilitate our client's achievement of desired and aspirational business outcomes. A true advocate of ITSM, Joe approaches technology and technology practices as a tool and enabler of people, core business, and competitive advantage activities.

    Denis Goulet

    Denis Goulet
    Senior Workshop Director
    Info-Tech Research Group

    Denis is a transformational leader and experienced strategist who has worked with 100+ organizations to develop their digital, technology, and governance strategies.
    He has held positions as CIO, Chief Administrative Office (City Manager), General Manager, Vice President of Engineering, and Management Consultant, specializing in enterprise and technology strategy.

    Cole Cioran

    Cole Cioran
    Managing Partner
    Info-Tech Research Group

    I knew I wanted to build great applications that would delight their users. I did that over and over. Along the way I also discovered that it takes great teams to deliver great applications. Technology only solves problems when people, processes, and organizations change as well. This helped me go from writing software to advising some of the largest organizations in the world on how to how to build a digital delivery umbrella of Product, Agile, and DevOps and create exceptional products and services powered by technology.

    Carlene McCubbin

    Carlene McCubbin
    Research Lead, CIO Practice
    Info-Tech Research Group

    During her tenure at Info-Tech, Carlene has led the development of Info-Tech's Organization and Leadership practice and worked with multiple clients to leverage the methodologies by creating custom programs to fit each organization's needs.
    Before joining Info-Tech, Carlene received her Master of Communications Management from McGill University, where she studied development of internal and external communications, government relations, and change management.

    Isabelle Hertanto

    Isabelle Hertanto
    Principal Research Director
    Info-Tech Research Group

    Isabelle Hertanto has over 15 years of experience delivering specialized IT services to the security and intelligence community. As a former federal officer for Public Safety Canada, Isabelle trained and led teams on data exploitation and digital surveillance operations in support of Canadian national security investigations. Since transitioning into the private sector, Isabelle has held senior management and consulting roles across a variety of industry sectors, including retail, construction, energy, healthcare, and the broader Canadian public sector.

    Hans Eckman

    Hans Eckman
    Principal Research Director
    Info-Tech Research Group

    Hans Eckman is a business transformation leader helping organizations connect business strategy and innovation to operational excellence. He supports Info-Tech members in SDLC optimization, Agile and DevOps implementation, CoE/CoP creation, innovation program development, application delivery, and leadership development. Hans is based out of Atlanta, Georgia.

    Valence Howden

    Valence Howden
    Principal Research Director
    Info-Tech Research Group

    With 30 years of IT experience in the public and private sector, Valence has developed experience in many Information Management and Technology domains, with a particular focus in the areas of Service Management, Enterprise and IT Governance, Development and Execution of Strategy, Risk Management, Metrics Design and Process Design, and Implementation and Improvement. Prior to joining Info-Tech, he served in technical and client-facing roles at Bell Canada and CGI Group Inc., as well as managing the design, integration, and implementation of services and processes in the Ontario Public Sector.

    Clayton Gillett

    Clayton Gillett
    Managing Partner
    Info-Tech Research Group

    Clayton Gillett is a Managing Partner for Info-Tech, providing technology management advisory services to healthcare clients. Clayton joined Info-Tech with more than 28 years of experience in health care information technology. He has held senior IT leadership roles at Group Health Cooperative of Puget Sound and OCHIN, as well as advisory or consulting roles at ECG Management Consultants and Gartner.

    Donna Bales

    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Donna Bales is a Principal Research Director in the CIO Practice at Info-Tech Research Group specializing in research and advisory services in IT risk, governance, and compliance. She brings over 25 years of experience in strategic consulting and product development and has a history of success in leading complex, multi-stakeholder industry initiatives.

    Igor Ikonnikov

    Igor Ikonnikov
    Research Director
    Info-Tech Research Group

    Igor Ikonnikov is a Research and Advisory Director in the Data and Analytics practice. Igor has extensive experience in strategy formation and execution in the information management domain, including master data management, data governance, knowledge management, enterprise content management, big data, and analytics.
    Igor has an MBA from the Ted Rogers School of Management (Toronto, Canada) with a specialization in Management of Technology and Innovation.

    Research Contributors and Experts

    Michael Newcity

    Michael Newcity
    Chief Innovation Officer
    ArcBest

    Kevin Yoder

    Kevin Yoder
    Vice President, Innovation
    ArcBest

    Gary Boyd

    Gary Boyd
    Vice President, Information Systems & Digital Transformation
    Arkansas Blue Cross and Blue Shield

    Brett Trelfa

    Brett Trelfa
    Chief Information Officer
    Arkansas Blue Cross and Blue Shield

    Kristen Wilson-Jones

    Kristen Wilson-Jones
    Chief Technology & Product Officer
    Medcurio

    Note: additional contributors did not wish to be identified

    Bibliography

    Altringer, Beth. "A New Model for Innovation in Big Companies" Harvard Business Review. 19 Nov. 2013. Accessed 30 Jan. 2023. https://hbr.org/2013/11/a-new-model-for-innovation-in-big-companies
    Arpajian, Scott. "Five Reasons Why Innovation Fails" Forbes Magazine. 4 June 2019. Accessed 31 Jan. 2023. https://www.forbes.com/sites/forbestechcouncil/2019/06/04/five-reasons-why-innovation-fails/?sh=234e618914c6
    Baldwin, John & Gellatly, Guy. "Innovation Capabilities: The Knowledge Capital Behind the Survival and Growth of Firms" Statistics Canada. Sept. 2006. Accessed 30 Jan. 2023. https://www.bdc.ca/fr/documents/other/innovation_capabilities_en.pdf
    Bar Am, Jordan et al. "Innovation in a Crisis: Why it is More Critical Than Ever" McKinsey & Company, 17 June 2020. Accessed 12 Jan. 2023. <https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/innovation-in-a-crisis-why-it-is-more-critical-than-ever >
    Boston Consulting Group, "Most Innovative Companies 2021" BCG, April 2021. Accessed 30 Jan. 2023. https://web-assets.bcg.com/d5/ef/ea7099b64b89860fd1aa3ec4ff34/bcg-most-innovative-companies-2021-apr-2021-r.pdf
    Boston Consulting Group, "Most Innovative Companies 2022" BGC, 15 Sept. 2022. Accessed 6 Feb. 2023. https://www.bcg.com/en-ca/publications/2022/innovation-in-climate-and-sustainability-will-lead-to-green-growth
    Christensen, Clayton M. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business Review Press, 2016.
    Gerber, Niklaus. "What is innovation? A beginner's guide into different models, terminologies and methodologies" Medium. 20 Sept 2022. Accessed 7 Feb. 2023. https://world.hey.com/niklaus/what-is-innovation-a-beginner-s-guide-into-different-models-terminologies-and-methodologies-dd4a3147
    Google X, Homepage. Accessed 6 Feb. 2023. https://x.company/
    Harnoss, Johann D. & Baeza, Ramón. "Overcoming the Four Big Barriers to Innovation Success" Boston Consulting Group, 24 Sept. 2019. Accessed 30 Jan 2023. https://www.bcg.com/en-ca/publications/2019/overcoming-four-big-barriers-to-innovation-success
    Jaruzelski, Barry et al. "Global Innovation 1000 Study" Pricewaterhouse Cooper, 30 Oct. 2018. Accessed 13 Jan. 2023. <https://www.strategyand.pwc.com/gx/en/insights/innovation1000.html>
    Kharpal, Arjun. "Huawei posts first-ever yearly revenue decline as U.S. sanctions continue to bite, but profit surges" CNBC. 28 March 2022. Accessed 7 Feb. 2023. https://www.cnbc.com/2022/03/28/huawei-annual-results-2021-revenue-declines-but-profit-surges.html
    Kirsner, Scott. "The Biggest Obstacles to Innovation in Large Companies" Harvard Business Review, 30 July 2018. Accessed 12 Jan. 2023. <https://hbr.org/2018/07/the-biggest-obstacles-to-innovation-in-large-companies>
    Macrotrends. "Apple Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/AAPL/apple/revenue
    Macrotrends. "Microsoft Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/MSFT/microsoft/revenue
    Macrotrends. "Amazon Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/AMZN/amazon/revenue
    Macrotrends. "Alphabet Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/GOOG/alphabet/revenue
    Macrotrends. "Tesla Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/TSLA/tesla/revenue
    Macrotrends. "Moderna Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/MRNA/moderna/revenue
    Macrotrends. "Sony Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/SONY/sony/revenue
    Macrotrends. "IBM Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/IBM/ibm/revenue
    Macrotrends. "Meta Platforms Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/META/meta-platforms/revenue
    Macrotrends. "NIKE Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/NKE/nike/revenue
    Macrotrends. "Walmart Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/WMT/walmart/revenue
    Macrotrends. "Dell Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/DELL/dell/revenue
    Macrotrends. "NVIDIA Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/NVDA/nvidia/revenue
    Sloan, Paul. "How to Develop a Vision for Innovation" Innovation Management, 10 Aug. 2009. Accessed 7 Feb. 2023. https://innovationmanagement.se/2009/08/10/how-to-develop-a-vision-for-innovation/
    Statista. "Samsung Electronics' global revenue from 2005 to 2021" Statista. Accessed 7 Feb. 2023. https://www.statista.com/statistics/236607/global-revenue-of-samsung-electronics-since-2005/
    Tichy, Noel & Ram Charan. "Speed, Simplicity, Self-Confidence: An Interview with Jack Welch" Harvard Business Review, 2 March 2020. Accessed 7 Feb. 2023. https://hbr.org/1989/09/speed-simplicity-self-confidence-an-interview-with-jack-welch
    Weick, Karl and Kathleen Sutcliffe. Managing the Unexpected: Sustained Performance in a Complex World, Third Edition. John Wiley & Sons, 2015.
    Xuan Tian, Tracy Yue Wang, Tolerance for Failure and Corporate Innovation, The Review of Financial Studies, Volume 27, Issue 1, 2014, Pages 211–255, Accessed https://doi.org/10.1093/rfs/hhr130

    Optimize IT Change Management

    • Buy Link or Shortcode: {j2store}409|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $33,585 Average $ Saved
    • member rating average days saved: 27 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Infrastructure managers and change managers need to re-evaluate their change management processes due to slow change turnaround time, too many unauthorized changes, too many incidents and outages because of poorly managed changes, or difficulty evaluating and prioritizing changes.
    • IT system owners often resist change management because they see it as slow and bureaucratic.
    • Infrastructure changes are often seen as different from application changes, and two (or more) processes may exist.

    Our Advice

    Critical Insight

    • ITIL provides a usable framework for change management, but full process rigor is not appropriate for every change request.
    • You need to design a process that is flexible enough to meet the demand for change, and strict enough to protect the live environment from change-related incidents.
    • A mature change management process will minimize review and approval activity. Counterintuitively, with experience in implementing changes, risk levels decline to a point where most changes are “pre-approved.”

    Impact and Result

    • Create a unified change management process that reduces risk. The process should be balanced in its approach toward deploying changes while also maintaining throughput of innovation and enhancements.
    • Categorize changes based on an industry-standard risk model with objective measures of impact and likelihood.
    • Establish and empower a change manager and change advisory board with the authority to manage, approve, and prioritize changes.
    • Integrate a configuration management database with the change management process to identify dependencies.

    Optimize IT Change Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize change management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Optimize IT Change Management – Phases 1-4

    1. Define change management

    Assess the maturity of your existing change management practice and define the scope of change management for your organization.

    • Change Management Maturity Assessment Tool
    • Change Management Risk Assessment Tool

    2. Establish roles and workflows

    Build your change management team and standardized process workflows for each change type.

    • Change Manager
    • Change Management Process Library – Visio
    • Change Management Process Library – PDF
    • Change Management Standard Operating Procedure

    3. Define the RFC and post-implementation activities

    Bookend your change management practice by standardizing change intake, implementation, and post-implementation activities.

    • Request for Change Form Template
    • Change Management Pre-Implementation Checklist
    • Change Management Post-Implementation Checklist

    4. Measure, manage, and maintain

    Form an implementation plan for the project, including a metrics evaluation, change calendar inputs, communications plan, and roadmap.

    • Change Management Metrics Tool
    • Change Management Communications Plan
    • Change Management Roadmap Tool
    • Optimize IT Change Management Improvement Initiative: Project Summary Template

    [infographic]

    Workshop: Optimize IT Change Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Change Management

    The Purpose

    Discuss the existing challenges and maturity of your change management practice.

    Build definitions of change categories and the scope of change management.

    Key Benefits Achieved

    Understand the starting point and scope of change management.

    Understand the context of change request versus other requests such as service requests, projects, and operational tasks.

    Activities

    1.1 Outline strengths and challenges

    1.2 Conduct a maturity assessment

    1.3 Build a categorization scheme

    1.4 Build a risk assessment matrix

    Outputs

    Change Management Maturity Assessment Tool

    Change Management Risk Assessment Tool

    2 Establish Roles and Workflows

    The Purpose

    Define roles and responsibilities for the change management team.

    Develop a standardized change management practice for approved changes, including process workflows.

    Key Benefits Achieved

    Built the team to support your new change management practice.

    Develop a formalized and right-sized change management practice for each change category. This will ensure all changes follow the correct process and core activities to confirm changes are completed successfully.

    Activities

    2.1 Define the change manager role

    2.2 Outline the membership and protocol for the Change Advisory Board (CAB)

    2.3 Build workflows for normal, emergency, and pre-approved changes

    Outputs

    Change Manager Job Description

    Change Management Standard Operating Procedure (SOP)

    Change Management Process Library

    3 Define the RFC and Post-Implementation Activities

    The Purpose

    Create a new change intake process, including a new request for change (RFC) form.

    Develop post-implementation review activities to be completed for every IT change.

    Key Benefits Achieved

    Bookend your change management practice by standardizing change intake, implementation, and post-implementation activities.

    Activities

    3.1 Define the RFC template

    3.2 Determine post-implementation activities

    3.3 Build your change calendar protocol

    Outputs

    Request for Change Form Template

    Change Management Post-Implementation Checklist

    Project Summary Template

    4 Measure, Manage, and Maintain

    The Purpose

    Develop a plan and project roadmap for reaching your target for your change management program maturity.

    Develop a communications plan to ensure the successful adoption of the new program.

    Key Benefits Achieved

    A plan and project roadmap for reaching target change management program maturity.

    A communications plan ready for implementation.

    Activities

    4.1 Identify metrics and reports

    4.2 Build a communications plan

    4.3 Build your implementation roadmap

    Outputs

    Change Management Metrics Tool

    Change Management Communications Plan

    Change Management Roadmap Tool

    Further reading

    Optimize IT Change Management

    Right-size IT change management practice to protect the live environment.

    EXECUTIVE BRIEF

    Analyst Perspective

    Balance risk and efficiency to optimize IT change management.

    Change management (change enablement, change control) is a balance of efficiency and risk. That is, pushing changes out in a timely manner while minimizing the risk of deployment. On the one hand, organizations can attempt to avoid all risk and drown the process in rubber stamps, red tape, and bureaucracy. On the other hand, organizations can ignore process and push out changes as quickly as possible, which will likely lead to change related incidents and debilitating outages.

    Right-sizing the process does not mean adopting every recommendation from best-practice frameworks. It means balancing the efficiency of change request fulfillment with minimizing risk to your organization. Furthermore, creating a process that encourages adherence is key to avoid change implementers from skirting your process altogether.

    Benedict Chang, Research Analyst, Infrastructure and Operations, Info-Tech Research Group

    Executive Summary

    Your Challenge

    Infrastructure and application change occurs constantly and is driven by changing business needs, requests for new functionality, operational releases and patches, and resolution of incidents or problems detected by the service desk.

    IT managers need to follow a standard change management process to ensure that rogue changes are never deployed while the organization remains responsive to demand.

    Common Obstacles

    IT system owners often resist change management because they see it as slow and bureaucratic.

    At the same time, an increasingly interlinked technical environment may cause issues to appear in unexpected places. Configuration management systems are often not kept up-to-date and do not catch the potential linkages.

    Infrastructure changes are often seen as “different” from application changes and two (or more) processes may exist.

    Info-Tech’s Approach

    Info-Tech’s approach will help you:

    • Create a unified change management practice that balances risk and throughput of innovation.
    • Categorize changes based on an industry-standard risk model with objective measures of impact and likelihood.
    • Establish and empower a Change Manager and Change Advisory Board (CAB) with the authority to manage, approve, and prioritize changes.

    Balance Risk and Efficiency to Optimize IT Change Management

    Two goals of change management are to protect the live environment and deploying changes in a timely manner. These two may seem to sometimes be at odds against each other, but assessing risk at multiple points of a change’s lifecycle can help you achieve both.

    Your challenge

    This research is designed to help organizations who need to:

    • Build a right-sized change management practice that encourages adherence and balances efficiency and risk.
    • Integrate the change management practice with project management, service desk processes, configuration management, and other areas of IT and the business.
    • Communicate the benefits and impact of change management to all the stakeholders affected by the process.

    Change management is heavily reliant on organizational culture

    Having a right-sized process is not enough. You need to build and communicate the process to gather adherence. The process is useless if stakeholders are not aware of it or do not follow it.

    Increase the Effectiveness of Change Management in Your Organization

    The image is a bar graph, with the segments labelled 1 and 2. The y-axis lists numbers 1-10. Segment 1 is at 6.2, and segment 2 is at 8.6.

    Of the eight infrastructure & operations processes measured in Info-Tech’s IT Management and Governance Diagnostic (MGD) program, change management has the second largest gap between importance and effectiveness of these processes.

    Source: Info-Tech 2020; n=5,108 IT professionals from 620 organizations

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Gaining buy-in can be a challenge no matter how well the process is built.
    • The complexity of the IT environment and culture of tacit knowledge for configuration makes it difficult to assess cross-dependencies of changes.
    • Each silo or department may have their own change management workflows that they follow internally. This can make it difficult to create a unified process that works well for everyone.

    “Why should I fill out an RFC when it only takes five minutes to push through my change?”

    “We’ve been doing this for years. Why do we need more bureaucracy?”

    “We don’t need change management if we’re Agile.”

    “We don’t have the right tools to even start change management.”

    “Why do I have to attend a CAB meeting when I don’t care what other departments are doing?”

    Info-Tech’s approach

    Build change management by implementing assessments and stage gates around appropriate levels of the change lifecycle.

    The image is a circle, comprised of arrows, with each arrow pointing to the next, forming a cycle. Each arrow is labelled, as follows: Improve; Request; Assess; Plan; Approve; Implement

    The Info-Tech difference:

    1. Create a unified change management process that balances risk and throughput of innovation.
    2. Categorize changes based on an industry-standard risk model with objective measures of impact and likelihood.
    3. Establish and empower a Change Manager and Change Advisory Board (CAB) with the authority to manage, approve, and prioritize changes.

    IT change is constant and is driven by:

    Change Management:

    1. Operations - Operational releases, maintenance, vendor-driven updates, and security updates can all be key drivers of change. Example: ITSM version update
      • Major Release
      • Maintenance Release
      • Security Patch
    2. Business - Business-driven changes may include requests from other business departments that require IT’s support. Examples: New ERP or HRIS implementation
      • New Application
      • New Version
    3. Service desk → Incident & Problem - Some incident and problem tickets require a change to facilitate resolution of the incident. Examples: Outage necessitating update of an app (emergency change), a user request for new functionality to be added to an existing app
      • Workaround
      • Fix
    4. Configuration Management Database (CMDB) ↔ Asset Management - In addition to software and hardware asset dependencies, a configuration management database (CMDB) is used to keep a record of changes and is queried to assess change requests.
      • Hardware
      • Software

    Insight summary

    “The scope of change management is defined by each organization…the purpose of change management is to maximize the number of successful service and product changes by ensuring that the risk have been properly assessed, authorizing changes to process, and managing the change schedule.” – ALEXOS Limited, ITIL 4

    Build a unified change management process balancing risk and change throughput.

    Building a unified process that oversees all changes to the technical environment doesn’t have to be burdensome to be effective. However, the process is a necessary starting point to identifying cross dependencies and avoiding change collisions and change-related incidents.

    Use an objective framework for estimating risk

    Simply asking, “What is the risk?” will result in subjective responses that will likely minimize the perceived risk. The level of due diligence should align to the criticality of the systems or departments potentially impacted by the proposed changes.

    Integrate your change process with your IT service management system

    Change management in isolation will provide some stability, but maturing the process through service integrations will enable data-driven decisions, decrease bureaucracy, and enable faster and more stable throughput.

    Change management and DevOps can work together effectively

    Change and DevOps tend to be at odds, but the framework does not have to change. Lower risk changes in DevOps are prime candidates for the pre-approved category. Much of the responsibility traditionally assigned to the CAB can be diffused throughout the software development lifecycle.

    Change management and DevOps can coexist

    Shift the responsibility and rigor to earlier in the process.

    • If you are implementing change management in a DevOps environment, ensure you have a strong DevOps lifecycle. You may wish to refer to Info-Tech’s research Implementing DevOps Practices That Work.
    • Consider starting in this blueprint by visiting Appendix II to frame your approach to change management. Follow the blueprint while paying attention to the DevOps Callouts.

    DEVOPS CALLOUTS

    Look for these DevOps callouts throughout this storyboard to guide you along the implementation.

    The image is a horizontal figure eight, with 7 arrows, each pointing into the next. They are labelled are follows: Plan; Create; Verify; Package; Release; Configure; Monitor. At the centre of the circles are the words Dev and Ops.

    Successful change management will provide benefits to both the business and IT

    Respond to business requests faster while reducing the number of change-related disruptions.

    IT Benefits

    • Fewer change-related incidents and outages
    • Faster change turnaround time
    • Higher rate of change success
    • Less change rework
    • Fewer service desk calls related to poorly communicated changes

    Business Benefits

    • Fewer service disruptions
    • Faster response to requests for new and enhanced functionalities
    • Higher rate of benefits realization when changes are implemented
    • Lower cost per change
    • Fewer “surprise” changes disrupting productivity

    IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.

    Change management improves core benefits to the business: the four Cs

    Most organizations have at least some form of change control in place, but formalizing change management leads to the four Cs of business benefits:

    Control

    Change management brings daily control over the IT environment, allowing you to review every relatively new change, eliminate changes that would have likely failed, and review all changes to improve the IT environment.

    Collaboration

    Change management planning brings increased communication and collaboration across groups by coordinating changes with business activities. The CAB brings a more formalized and centralized communication method for IT.

    Consistency

    Request for change templates and a structured process result in implementation, test, and backout plans being more consistent. Implementing processes for pre-approved changes also ensures these frequent changes are executed consistently and efficiently.

    Confidence

    Change management processes will give your organization more confidence through more accurate planning, improved execution of changes, less failure, and more control over the IT environment. This also leads to greater protection against audits.

    You likely need to improve change management more than any other infrastructure & operations process

    The image shows a vertical bar graph. Each segment of the graph is labelled for an infrastructure/operations process. Each segment has two bars one for effectiveness, and another for importance. The first segment, Change Management, is highlighted, with its Effectiveness at a 6.2 and Importance at 8.6

    Source: Info-Tech 2020; n=5,108 IT Professionals from 620 organizations

    Of the eight infrastructure and operations processes measured in Info-Tech’s IT Management and Governance Diagnostic (MGD) program, change management consistently has the second largest gap between importance and effectiveness of these processes.

    Executives and directors recognize the importance of change management but feel theirs is currently ineffective

    Info-Tech’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified change management as an area for immediate improvement.

    The image is a vertical bar graph, with four segments, each having 2 bars, one for Effectiveness and the other for Importance. The four segments are (with Effectiveness and Importance ratings in brackets, respectively): Frontline (6.5/8.6); Manager (6.6/8.9); Director (6.4/8.8); and Executive (6.1/8.8)

    Source: Info-Tech 2020; n=5,108 IT Professionals from 620 organizations

    Importance Scores

    No importance: 1.0-6.9

    Limited importance: 7.0-7.9

    Significant importance: 8.0-8.9

    Critical importance: 9.0-10.0

    Effectiveness Scores

    Not in place: n/a

    Not effective: 0.0-4.9

    Somewhat Ineffective: 5.0-5.9

    Somewhat effective: 6.0-6.9

    Very effective: 7.0-10.0

    There are several common misconceptions about change management

    Which of these have you heard in your organization?

     Reality
    “It’s just a small change; this will only take five minutes to do.” Even a small change can cause a business outage. That small fix could impact a large system connected to the one being fixed.
    “Ad hoc is faster; too many processes slow things down.” Ad hoc might be faster in some cases, but it carries far greater risk. Following defined processes keeps systems stable and risk-averse.
    “Change management is all about speed.” Change management is about managing risk. It gives the illusion of speed by reducing downtime and unplanned work.
    “Change management will limit our capacity to change.” Change management allows for a better alignment of process (release management) with governance (change management).

    Overcome perceived challenges to implementing change management to reap measurable reward

    Before: Informal Change Management

    Change Approval:

    • Changes do not pass through a formal review process before implementation.
    • 10% of released changes are approved.
    • Implementation challenge: Staff will resist having to submit formal change requests and assessments, frustrated at the prospect of having to wait longer to have changes approved.

    Change Prioritization

    • Changes are not prioritized according to urgency, risk, and impact.
    • 60% of changes are urgent.
    • Implementation challenge: Influential stakeholders accustomed to having changes approved and deployed might resist having to submit changes to a standard cost-benefit analysis.

    Change Deployment

    • Changes often negatively impact user productivity.
    • 25% of changes are realized as planned.
    • Implementation challenge: Engaging the business so that formal change freeze periods and regular maintenance windows can be established.

    After: Right-Sized Change Management

    Change Approval

    • All changes pass through a formal review process. Once a change is repeatable and well-tested, it can be pre-approved to save time. Almost no unauthorized changes are deployed.
    • 95% of changes are approved.
    • KPI: Decrease in change-related incidents

    Change Prioritization

    • The CAB prioritizes changes so that the business is satisfied with the speed of change deployment.
    • 35% of changes are urgent.
    • KPI: Decrease in change turnaround time.

    Change deployment

    • Users are always aware of impending changes and changes don’t interrupt critical business activities.
    • Over 80% of changes are realized as planned
    • KPI: Decrease in the number of failed deployments.

    Info-Tech’s methodology for change management optimization focuses on building standardized processes

     1. Define Change Management2. Establish Roles and Workflows3. Define the RFC and Post-Implementation Activities4. Measure, Manage, and Maintain
    Phase Steps

    1.1 Assess Maturity

    1.2 Categorize Changes and Build Your Risk Assessment

    2.1 Determine Roles and Responsibilities

    2.2 Build Core Workflows

    3.1 Design the RFC

    3.2 Establish Post-Implementation Activities

    4.1 Identify Metrics and Build the Change Calendar

    4.2 Implement the Project
      Change Management Standard Operating Procedure (SOP) Change Management Project Summary Template
    Phase Deliverables
    • Change Management Maturity Assessment Tool
    • Change Management Risk Assessment Tool
    • Change Manager Job Description
    • Change Management Process Library
    • Request for Change (RFC) Form Template
    • Change Management Pre-Implementation Checklist
    • Change Management Post-Implementation Checklist
    • Change Management Metrics Tool
    • Change Management
    • Communications Plan
    • Change Management Roadmap Tool

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Change Management Process Library

    Document your normal, pre-approved, and emergency change lifecycles with the core process workflows .

    Change Management Risk Assessment Tool

    Test Drive your impact and likelihood assessment questionnaires with the Change Management Risk Assessment Tool.

    Project Summary Template

    Summarize your efforts in the Optimize IT Change Management Improvement Initiative: Project Summary Template.

    Change Management Roadmap Tool

    Record your action items and roadmap your steps to a mature change management process.

    Key Deliverable:

    Change Management SOP

    Document and formalize your process starting with the change management standard operating procedure (SOP).

    These case studies illustrate the value of various phases of this project

    Define Change Management

    Establish Roles and Workflows

    Define RFC and Post-Implementation Activities

    Measure, Manage, and Maintain

    A major technology company implemented change management to improve productivity by 40%. This case study illustrates the full scope of the project.

    A large technology firm experienced a critical outage due to poor change management practices. This case study illustrates the scope of change management definition and strategy.

    Ignorance of change management process led to a technology giant experiencing a critical cloud outage. This case study illustrates the scope of the process phase.

    A manufacturing company created a makeshift CMDB in the absence of a CMDB to implement change management. This case study illustrates the scope of change intake.

    A financial institution tracked and recorded metrics to aid in the success of their change management program. This case study illustrates the scope of the implementation phase.

    Working through this project with Info-Tech can save you time and money

    Engaging in a Guided Implementation doesn’t just offer valuable project advice, it also results in significant cost savings.

    Guided ImplementationMeasured Vale
    Phase 1: Define Change Management
    • We estimate Phase 1 activities will take 2 FTEs 10 days to complete on their own, but the time saved by using Info-Tech’s methodology will cut that time in half, thereby saving $3,100 (2 FTEs * 5 days * $80,000/year).

    Phase 2: Establish Roles and Workflows
    • We estimate Phase 2 will take 2 FTEs 10 days to complete on their own, but the time saved by using Info-Tech’s methodology will cut that time in half, thereby saving $3,100 (2 FTEs * 5 days * $80,000/year).
    Phase 3: Define the RFC and Post-Implementation Activities
    • We estimate Phase 3 will take 2 FTEs 10 days to complete on their own, but the time saved by using Info-Tech’s methodology will cut that time in half, thereby saving $3,100 (2 FTEs * 5 days * $80,000/year).

    Phase 4: Measure, Manage, and Maintain
    • We estimate Phase 4 will take 2 FTEs 5 days to complete on their own, but the time saved by using Info-Tech’s methodology will cut that time in half, thereby saving $1,500 (2 FTEs * 2.5 days * $80,000/year).
    Total Savings $10,800

    Case Study

    Industry: Technology

    Source: Daniel Grove, Intel

    Intel implemented a robust change management program and experienced a 40% improvement in change efficiency.

    Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

    ITIL Change Management Implementation

    With close to 4,000 changes occurring each week, managing Intel’s environment is a formidable task. Before implementing change management within the organization, over 35% of all unscheduled downtime was due to errors resulting from change and release management. Processes were ad hoc or scattered across the organization and no standards were in place.

    Results

    After a robust implementation of change management, Intel experienced a number of improvements including automated approvals, the implementation of a formal change calendar, and an automated RFC form. As a result, Intel improved change productivity by 40% within the first year of the program’s implementation.

    Define Change Management

    Establish Roles and Workflows

    Define RFC and Post-Implementation Activities

    Measure, Manage, and Maintain

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Define Change Management

    • Call #1: Introduce change concepts.
    • Call #2: Assess current maturity.
    • Call #3: Identify target-state capabilities.

    Establish Roles and Workflows

    • Call #4: Review roles and responsibilities.
    • Call #5: Review core change processes.

    Define RFC and Post- Implementation Activities

    • Call #6: Define change intake process.
    • Call #7: Create pre-implementation and post-implementation checklists.

    Measure, Manage, and Maintain

    • Call #8: Review metrics.
    • Call #9: Create roadmap.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

     Day 1Day 2Day 3Day 4Day 5
    Activities

    Define Change Management

    1.1 Outline Strengths and Challenges

    1.2 Conduct a Maturity Assessment

    1.3 Build a Change Categorization Scheme

    1.4 Build Your Risk Assessment

    Establish Roles and Workflows

    2.1 Define the Change Manager Role

    2.2 Outline CAB Protocol and membership

    2.3 Build Normal Change Process

    2.4 Build Emergency Change Process

    2.5 Build Pre-Approved Change Process

    Define the RFC and Post-Implementation Activities

    3.1 Create an RFC Template

    3.2 Determine Post-Implementation Activities

    3.3 Build a Change Calendar Protocol

    Measure, Manage, and Maintain

    4.1 Identify Metrics and Reports

    4.2 Create Communications Plan

    4.3 Build an Implementation Roadmap

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps
    Deliverables
    1. Maturity Assessment
    2. Risk Assessment
    1. Change Manager Job Description
    2. Change Management Process Library
    1. Request for Change (RFC) Form Template
    2. Pre-Implementation Checklist
    3. Post-Implementation Checklist
    1. Metrics Tool
    2. Communications Plan
    3. Project Roadmap
    1. Change Management Standard Operating Procedure (SOP)
    2. Workshop Summary Deck

    Phase 1

    Define Change Management

    Define Change Management

    1.1 Assess Maturity

    1.2 Categorize Changes and Build Your Risk Assessment

    Establish Roles and Workflows

    2.1 Determine Roles and Responsibilities

    2.2 Build Core Workflows

    Define the RFC and Post-Implementation Activities

    3.1 Design the RFC

    3.2 Establish Post-Implementation Activities

    Measure, Manage, and Maintain

    4.1 Identify Metrics and Build the Change Calendar

    4.2 Implement the Project

    This phase will guide you through the following steps:

    • Assess Maturity
    • Categorize Changes and Build Your Risk Assessment

    This phase involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Step 1.1

    Assess Maturity

    Activities

    1.1.1 Outline the Organization’s Strengths and Challenges

    1.1.2 Complete a Maturity Assessment

    This step involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Outcomes of this step

    • An understanding of maturity change management processes and frameworks
    • Identification of existing change management challenges and potential causes
    • A framework for assessing change management maturity and an assessment of your existing change management processes

    Define Change Management

    Step 1.1: Assess Maturity → Step 1.2: Categorize Changes and Build Your Risk Assessment

    Change management is often confused with release management, but they are distinct processes

    Change

    • Change management looks at software changes as well as hardware, database, integration, and network changes, with the focus on stability of the entire IT ecosystem for business continuity.
    • Change management provides a holistic view of the IT environment, including dependencies, to ensure nothing is negatively affected by changes.
    • Change documentation is more focused on process, ensuring dependencies are mapped, rollout plans exist, and the business is not at risk.

    Release

    • Release and deployment are the detailed plans that bundle patches, upgrades, and new features into deployment packages, with the intent to change them flawlessly into a production environment.
    • Release management is one of many actions performed under change management’s governance.
    • Release documentation includes technical specifications such as change schedule, package details, change checklist, configuration details, test plan, and rollout and rollback plans.

    Info-Tech Insight

    Ensure the Release Manager is present as part of your CAB. They can explain any change content or dependencies, communicate business approval, and advise the service desk of any defects.

    Integrate change management with other IT processes

    As seen in the context diagram, change management interacts closely with many other IT processes including release management and configuration management (seen below). Ensure you delineate when these interactions occur (e.g. RFC updates and CMDB queries) and which process owns each task.

    The image is a chart mapping the interactions between Change Management and Configuration Management (CMDB).

    Avoid the challenges of poor change management

    1. Deployments
      • Too frequent: The need for frequent deployments results in reduced availability of critical business applications.
      • Failed deployments or rework is required: Deployments are not successful and have to be backed out of and then reworked to resolve issues with the installation.
      • High manual effort: A lack of automation results in high resource costs for deployments. Human error is likely, which adds to the risk of a failed deployment.
    2. Incidents
      • Too many unauthorized changes: If the process is perceived as cumbersome and ineffective, people will bypass it or abuse the emergency designation to get their changes deployed faster.
      • Changes cause incidents: When new releases are deployed, they create problems with related systems or applications.
    3. End Users
      • Low user satisfaction: Poor communication and training result in surprised and unhappy users and support staff.

    “With no controls in place, IT gets the blame for embarrassing outages. Too much control, and IT is seen as a roadblock to innovation.” – Anonymous, VP IT of a federal credit union

    1.1.1 Outline the Organization’s Strengths and Challenges

    Input

    • Current change documentation (workflows, SOP, change policy, etc.)
    • Organizational chart(s)

    Output

    • List of strengths and challenges for change management

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. As group, discuss and outline the change management challenges facing the organization. These may be challenges caused by poor change management processes or by a lack of process.
    2. Use the pain points found on the previous slide to help guide the discussion.
    3. As a group, also outline the strengths of change management and the strengths of the current organization. Use these strengths as a guide to know what practices to continue and what strengths you can leverage to improve the change management process.
    4. Record the activity results in the Project Summary Template.

    Download the Optimize IT Change Management Improvement Initiative: Project Summary Template

    Assess current change management maturity to create a plan for improvement

     ChaosReactiveControlled

    Proactive

    		Optimized
    Change Requests No defined processes for submitting changes Low process adherence and no RFC form RFC form is centralized and a point of contact for changes exists RFCs are reviewed for scope and completion RFCs trend analysis and proactive change exists
    Change Review Little to no change risk assessment Risk assessment exists for each RFC RFC form is centralized and a point of contact for changes exists Change calendar exists and is maintained System and component dependencies exist (CMDB)
    Change Approval No formal approval process exists Approval process exists but is not widely followed Unauthorized changes are minimal or nonexistent Change advisory board (CAB) is established and formalized Trend analysis exists increasing pre-approved changes
    Post-Deployment No post-deployment change review exists Process exists but is not widely followed Reduction of change-related incidents Stakeholder satisfaction is gathered and reviewed Lessons learned are propagated and actioned
    Process Governance Roles & responsibilities are ad hoc Roles, policies & procedures are defined & documented Roles, policies & procedures are defined & documented KPIs are tracked, reported on, and reviewed KPIs are proactively managed for improvement

    Info-Tech Insight

    Reaching an optimized level is not feasible for every organization. You may be able to run a very good change management process at the Proactive or even Controlled stage. Pay special attention to keeping your goals attainable.

    1.1.2 Complete a Maturity Assessment

    Input

    • Current change documentation (workflows, SOP, change policy, etc.)

    Output

    • Assessment of current maturity level and goals to improve change management

    Materials

    Participants

    • Change Manager
    • Service Desk Manager
    • Operations (optional)
    1. Use Info-Tech’s Change Management Maturity Assessment Tool to assess the maturity and completeness of your change process.
    2. Significant gaps revealed in this assessment should be the focal points of your discussion when investigating root causes and brainstorming remediation activities:
      1. For each activity of each process area of change management, determine the degree of completeness of your current process.
      2. Review your maturity assessment results and discuss as a group potential reasons why you arrived at your maturity level. Identify areas where you should focus your initial attention for improvement.
      3. Regularly review the maturity of your change management practices by completing this maturity assessment tool periodically to identify other areas to optimize.

    Download the Change Management Maturity Assessment Tool

    Case Study

    Even Google isn’t immune to change-related outages. Plan ahead and communicate to help avoid change-related incidents

    Industry: Technology

    Source: The Register

    As part of a routine maintenance procedure, Google engineers moved App Engine applications between data centers in the Central US to balance out traffic.

    Unfortunately, at the same time that applications were being rerouted, a software update was in progress on the traffic routers, which triggered a restart. This temporarily diminished router capacity, knocking out a sizeable portion of Google Cloud.

    The server drain resulted in a huge spike in startup requests, and the routers simply couldn’t handle the traffic.

    As a result, 21% of Google App Engine applications hosted in the Central US experienced error rates in excess of 10%, while an additional 16% of applications experienced latency, albeit at a lower rate.

    Solution

    Thankfully, engineers were actively monitoring the implementation of the change and were able to spring into action to halt the problem.

    The change was rolled back after 11 minutes, but the configuration error still needed to be fixed. After about two hours, the change failure was resolved and the Google Cloud was fully functional.

    One takeaway for the engineering team was to closely monitor how changes are scheduled. Ultimately, this was the result of miscommunication and a lack of transparency between change teams.

    Step 1.2

    Categorize Changes and Build Your Risk Assessment

    Activities

    1.2.1 Define What Constitutes a Change

    1.2.2 Build a Change Categorization Scheme

    1.2.3 Build a Classification Scheme to Assess Impact

    1.2.4 Build a Classification Scheme to Define Likelihood

    1.2.5 Evaluate and Adjust Your Risk Assessment Scheme

    Define Change Management

    Step 1.1: Assess Maturity → Step 1.2: Categorize Changes and Build Your Risk Assessment

    This step involves the following participants:

    • Infrastructure/Applications Manager
    • Change Manager
    • Members of the Change Advisory Board

    Outcomes of this step

    • A clear definition of what constitutes a change in your organization
    • A defined categorization scheme to classify types of changes
    • A risk assessment matrix and tool for evaluating and prioritizing change requests according to impact and likelihood of risk

    Change must be managed to mitigate risk to the infrastructure

    Change management is the gatekeeper protecting your live environment.

    Successfully managed changes will optimize risk exposure, severity of impact, and disruption. This will result in the bottom-line business benefits of removal of risk, early realization of benefits, and savings of money and time.

    • IT change is constant; change requests will be made both proactively and reactively to upgrade systems, acquire new functionality, and to prevent or resolve incidents.
    • Every change to the infrastructure must pass through the change management process before being deployed to ensure that it has been properly assessed and tested, and to check that a backout /rollback plan is in place.
    • It will be less expensive to invest in a rigorous change management process than to resolve incidents, service disruptions, and outages caused by the deployment of a bad change.
    • Change management is what gives you control and visibility regarding what is introduced to the live environment, preventing incidents that threaten business continuity.

    80%

    In organizations without formal change management processes, about 80% (The Visible Ops Handbook) of IT service outage problems are caused by updates and changes to systems, applications, and infrastructure. It’s crucial to track and systematically manage change to fully understand and predict the risks and potential impact of the change.

    Attributes of a change

    Differentiate changes from other IT requests

    Is this in the production environment of a business process?

    The core business of the enterprise or supporting functions may be affected.

    Does the task affect an enterprise managed system?

    If it’s for a local application, it’s a service request

    How many users are impacted?

    It should usually impact more than a single user (in most cases).

    Is there a configuration, or code, or workflow, or UI/UX change?

    Any impact on a business process is a change; adding a user or a recipient to a report or mailing list is not a change.

    Does the underlying service currently exist?

    If it’s a new service, then it’s better described as a project.

    Is this done/requested by IT?

    It needs to be within the scope of IT for the change management process to apply.

    Will this take longer than one week?

    As a general rule, if it takes longer than 40 hours of work to complete, it’s likely a project.

    Defining what constitutes a change

    Every change request will initiate the change management process; don’t waste time reviewing requests that are out of scope.

    ChangeService Request (User)Operational Task (Backend)
    • Fixing defects in code
    • Changing configuration of an enterprise system
    • Adding new software or hardware components
    • Switching an application to another VM
    • Standardized request
    • New PC
    • Permissions request
    • Change password
    • Add user
    • Purchases
    • Change the backup tape
    • Delete temporary files
    • Maintain database (one that is well defined, repeatable, and predictable)
    • Run utilities to repair a database

    Do not treat every IT request as a change!

    • Many organizations make the mistake of calling a standard service request or operational task a “change.”
    • Every change request will initiate the change management process; don’t waste time reviewing requests that are out of scope.
    • While the overuse of RFCs for out-of-scope requests is better than a lack of process, this will slow the process and delay the approval of more critical changes.
    • Requiring an RFC for something that should be considered day-to-day work will also discourage people from adhering to the process, because the RFC will be seen as meaningless paperwork.

     

    1.2.1 Define What Constitutes a Change

    Input

    • List of examples of each category of the chart

    Output

    • Definitions for each category to be used at change intake

    Materials

    • Whiteboard/flip charts (or shared screen if working remotely)
    • Service catalog (if applicable)
    • Sticky notes
    • Markers/pens
    • Change Management SOP

    Participants

    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. As a group, brainstorm examples of changes, projects, service requests (user), operational tasks (backend), and releases. You may add additional categories as needed (e.g. incidents).
    2. Have each participant write the examples on sticky notes and populate the following chart on the whiteboard/flip chart.
    3. Use the examples to draw lines and define what defines each category.
      • What makes a change distinct from a project?
      • What makes a change distinct from a service request?
      • What makes a change distinct from an operational task?
      • When do the category workflows cross over with other categories? (For example, when does a project interact with change management?)
    4. Record the definitions of requests and results in section 2.3 of the Change Management Standard Operating Procedure (SOP).
    ChangeProjectService Request (User)Operational Task (Backend)Release
    Changing Configuration ERP upgrade Add new user Delete temp files Software release

    Download the Change Management Standard Operating Procedure (SOP).

    Each RFC should define resources needed to effect the change

    In addition to assigning a category to each RFC based on risk assessment, each RFC should also be assigned a priority based on the impact of the change on the IT organization, in terms of the resources needed to effect the change.

    Categories include

    Normal

    Emergency

    Pre-Approved

    The majority of changes will be pre-approved or normal changes. Definitions of each category are provided on the next slide.

    Info-Tech uses the term pre-approved rather than the ITIL terminology of standard to more accurately define the type of change represented by this category.

    A potential fourth change category of expedited may be employed if you are having issues with process adherence or if you experience changes driven from outside change management’s control (e.g. from the CIO, director, judiciary, etc.) See Appendix I for more details.

    Info-Tech Best Practice

    Do not rush to designate changes as pre-approved. You may have a good idea of which changes may be considered pre-approved, but make sure they are in fact low-risk and well-documented before moving them over from the normal category.

    The category of the change determines the process it follows

     Pre-ApprovedNormalEmergency
    Definition
    • Tasks are well-known, documented, and proven
    • Budgetary approval is preordained or within control of change requester
    • Risk is low and understood
    • There’s a low probability of failure
    • All changes that are not pre-approved or emergency will be classified as normal
    • Further categorized by priority/risk
    • The change is being requested to resolve a current or imminent critical/severity-1 incident that threatens business continuity
    • Associated with a critical incident or problem ticket
    Trigger
    • The same change is built and changed repeatedly using the same install procedures and resulting in the same low-risk outcome
    • Upgrade or new functionality that will capture a business benefit
    • A fix to a current problem
    • A current or imminent critical incident that will impact business continuity
    • Urgency to implement the change must be established, as well as lack of any alternative or workaround
    Workflow
    • Pre-established
    • Repeatable with same sequence of actions, with minimal judgment or decision points
    • Dependent on the change
    • Different workflows depending on prioritization
    • Dependent on the change
    Approval
    • Change Manager (does not need to be reviewed by CAB)
    • CAB
    • Approval from the Emergency Change Advisory Board (E-CAB) is sufficient to proceed with the change
    • A retroactive RFC must be created and approved by the CAB

    Pay close attention to defining your pre-approved changes. They are going to be critical for running a smooth change management practice in a DevOps Environment

    1.2.2 Build a Change Categorization Scheme

    Input

    • List of examples of each change category

    Output

    • Definitions for each change category

    Materials

    • Whiteboard/flip charts (or shared screen if working remotely)
    • Service catalog (if applicable)
    • Sticky notes
    • Markers
    • Change Management SOP

    Participants

    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. Discuss the change categories on the previous slide and modify the types of descriptions to suit your organization.
    2. Once the change categories or types are defined, identify several examples of change requests that would fall under each category.
    3. Types of normal changes will be further defined in the next activity and can be left blank for now.
    4. Examples are provided below. Capture your definitions in section 4 of your Change Management SOP.
    Pre-Approved (AKA Standard)NormalEmergency
    • Microsoft patch management/deployment
    • Windows update
    • Minor form changes
    • Service pack updates on non-critical systems
    • Advance label status on orders
    • Change log retention period/storage
    • Change backup frequency

    Major

    • Active directory server upgrade
    • New ERP

    Medium

    • Network upgrade
    • High availability implementation

    Minor

    • Ticket system go-live
    • UPS replacement
    • Cognos update
    • Any change other than a pre-approved change
    • Needed to resolve a major outage in a Tier 1 system

    Assess the risk for each normal change based on impact (severity) and likelihood (probability)

    Create a change assessment risk matrix to standardize risk assessment for new changes. Formalizing this assessment should be one of the first priorities of change management.

    The following slides guide you through the steps of formalizing a risk assessment according to impact and likelihood:

    1. Define a risk matrix: Risk matrices can either be a 3x3 matrix (Minor, Medium, or High Risk as shown on the next slide) or a 4x4 matrix (Minor, Medium, High, or Critical Risk).
    2. Build an impact assessment: Enable consistent measurement of impact for each change by incorporating a standardized questionnaire for each RFC.
    3. Build a likelihood assessment: Enable the consistent measurement of impact for each change by incorporating a standardized questionnaire for each RFC.
    4. Test drive your risk assessment and make necessary adjustments: Measure your newly formed risk assessment questionnaires against historical changes to test its accuracy.

    Consider risk

    1. Risk should be the primary consideration in classifying a normal change as Low, Medium, High. The extent of governance required, as well as minimum timeline to implement the change, will follow from the risk assessment.
    2. The business benefit often matches the impact level of the risk – a change that will provide a significant benefit to a large number of users may likely carry an equally major downside if deviations occur.

    Info-Tech Insight

    All changes entail an additional level of risk. Risk is a function of impact and likelihood. Risk may be reduced, accepted, or neutralized through following best practices around training, testing, backout planning, redundancy, timing and sequencing of changes, etc.

    Create a risk matrix to assign a risk rating to each RFC

    Every normal RFC should be assigned a risk rating.

    How is risk rating determined?

    • Priority should be based on the business consequences of implementing or denying the change.
    • Risk rating is assigned using the impact of the risk and likelihood/probability that the event may occur.

    Who determines priority?

    • Priority should be decided with the change requester and with the CAB, if necessary.
    • Don’t let the change requester decide priority alone, as they will usually assign it a higher priority than is justified. Use a repeatable, standardized framework to assess each request.

    How is risk rating used?

    • Risk rating is used to determine which changes should be discussed and assessed first.
    • Time frames and escalation processes should be defined for each risk level.

    RFCs need to clearly identify the risk level of the proposed change. This can be done through statement of impact and likelihood (low/medium/high) or through pertinent questions linked with business rules to assess the risk.

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    Risk Matrix

    Risk Matrix. Impact vs. Likelihood. Low impact, Low Likelihood and Medium Impact, Medium Likelihood are minor risks. High Likelihood, Low Impact; Medium Likelihood, Medium Impact; and Low Likelihood, High Impact are Medium Risk. High Impact, High Likelihood; High Impact, Medium Likelihood; and Medium Impact, High Likelihood are Major risk.

    1.2.3 Build a Classification Scheme to Assess Impact

    Input

    • Current risk assessment (if available)

    Output

    • Tailored impact assessment

    Materials

    Participants

    • CIO
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. Define a set of questions to measure risk impact.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk as high, medium, or low.
    4. Capture your results in section 4.3.1 of your Change Management SOP.
    Impact
    Weight Question High Medium Low
    15% # of people affected 36+ 11-35 <10
    20% # of sites affected 4+ 2-3 1
    15% Duration of recovery (minutes of business time) 180+ 30-18 <3
    20% Systems affected Mission critical Important Informational
    30% External customer impact Loss of customer Service interruption None

    1.2.4 Build a Classification Scheme to Define Likelihood

    Input

    • Current risk assessment (if available)

    Output

    • Tailored likelihood assessment

    Materials

    Participants

    • CIO
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. Define a set of questions to measure risk likelihood.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk as high, medium, or low.
    4. Capture your results in section 4.3.2 of your Change Management SOP.
    LIKELIHOOD
    Weight Question High Medium Low
    25% Has this change been tested? No   Yes
    10% Have all the relevant groups (companies, departments, executives) vetted the change? No Partial Yes
    5% Has this change been documented? No   Yes
    15% How long is the change window? When can we implement? Specified day/time Partial Per IT choice
    20% Do we have trained and experienced staff available to implement this change? If only external consultants are available, the rating will be “medium” at best. No   Yes
    25% Has an implementation plan been developed? No   Yes

    1.2.5 Evaluate and Adjust Your Risk Assessment Scheme

    Input

    • Impact and likelihood assessments from previous two activities

    Output

    • Vetted risk assessment

    Materials

    Participants

    • CIO
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. Draw your risk matrix on a whiteboard or flip chart.
    2. As a group, identify up to 10 examples of requests for changes that would apply within your organization. Depending on the number of people participating, each person could identify one or two changes and write them on sticky notes.
    3. Take turns bringing your sticky notes up to the risk matrix and placing each where it belongs, according to the assessment criteria you defined.
    4. After each participant has taken a turn, discuss each change as a group and adjust the placement of any changes, if needed. Update the risk assessment weightings or questions, if needed.

    Download the Change Management Rick Assessment Tool.

    #

    Change Example

    Impact

    Likelihood

    Risk

    1

    ERP change

    High

    Medium

    Major

    2

    Ticket system go-live

    Medium

    Low

    Minor

    3

    UPS replacement

    Medium

    Low

    Minor

    4

    Network upgrade

    Medium

    Medium

    Medium

    5

    AD upgrade

    Medium

    Low

    Minor

    6

    High availability implementation

    Low

    Medium

    Minor

    7

    Key-card implementation

    Low

    High

    Medium

    8

    Anti-virus update

    Low

    Low

    Minor

    9

    Website

    Low

    Medium

    Minor

     

    Case Study

    A CMDB is not a prerequisite of change management. Don’t let the absence of a configuration management database (CMDB) prevent you from implementing change management.

    Industry: Manufacturing

    Source: Anonymous Info-Tech member

    Challenge

    The company was planning to implement a CMDB; however, full implementation was still one year away and subject to budget constraints.

    Without a CMDB, it would be difficult to understand the interdependencies between systems and therefore be able to provide notifications to potentially affected user groups prior to implementing technical changes.

    This could have derailed the change management project.

    Solution

    An Excel template was set up as a stopgap measure until the full implementation of the CMDB. The template included all identified dependencies between systems, along with a “dependency tier” for each IT service.

    Tier 1: The dependent system would not operate if the upstream system change resulted in an outage.

    Tier 2: The dependent system would suffer severe degradation of performance and/or features.

    Tier 3: The dependent system would see minor performance degradation or minor feature unavailability.

    Results

    As a stopgap measure, the solution worked well. When changes ran the risk of degrading downstream dependent systems, the impacted business system owner’s authorization was sought and end users were informed in advance.

    The primary takeaway was that a system to manage configuration linkages and system dependencies was key.

    While a CMDB is ideal for this use case, IT organizations shouldn’t let the lack of such a system stop progress on change management.

    Case Study (part 1 of 4)

    Intel used a maturity assessment to kick-start its new change management program.

    Industry: Technology

    Source: Daniel Grove, Intel

    Challenge

    Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

    Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.

    Intel’s change management program is responsible for over 4,000 changes each week.

    Solution

    Due to the sheer volume of change management activities present at Intel, over 35% of unscheduled outages were the result of changes.

    Ineffective change management was identified as the top contributor of incidents with unscheduled downtime.

    One of the major issues highlighted was a lack of process ownership. The change management process at Intel was very fragmented, and that needed to change.

    Results

    Daniel Grove, Senior Release & Change Manager at Intel, identified that clarifying tasks for the Change Manager and the CAB would improve process efficiency by reducing decision lag time. Roles and responsibilities were reworked and clarified.

    Intel conducted a maturity assessment of the overall change management process to identify key areas for improvement.

    Phase 2

    Establish Roles and Workflows

    For running change management in DevOps environment, see Appendix II.

    Define Change Management

    1.1 Assess Maturity

    1.2 Categorize Changes and Build Your Risk Assessment

    Establish Roles and Workflows

    2.1 Determine Roles and Responsibilities

    2.2 Build Core Workflows

    Define RFC and Post-Implementation Activities

    3.1 Design the RFC

    3.2 Establish Post-Implementation Activities

    Measure, Manage, and Maintain

    4.1 Identify Metrics and Build the Change Calendar

    4.2 Implement the Project

    This phase will guide you through the following steps:

    • Determine Roles and Responsibilities
    • Build Core Workflows

    This phase involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Step 2.1

    Determine Roles and Responsibilities

    Activities

    2.1.1 Capture Roles and Responsibilities Using a RACI Chart

    2.1.2 Determine Your Change Manager’s Responsibilities

    2.1.3 Define the Authority and Responsibilities of Your CAB

    2.1.4 Determine an E-CAB Protocol for Your Organization

    Establish Roles and Workflows

    Step 2.1: Determine Roles and Responsibilities → Step 2.2: Build Core Workflows

    This step involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Outcomes of this step

    • Clearly defined responsibilities to form the job description for a Change Manager
    • Clearly defined roles and responsibilities for the change management team, including the business system owner, technical SME, and CAB members
    • Defined responsibilities and authority of the CAB
    • Protocol for an emergency CAB (E-CAB) meeting

    Identify roles and responsibilities for your change management team

    Business System Owner

    • Provides downtime window(s)
    • Advises on need for change (prior to creation of RFC)
    • Validates change (through UAT or other validation as necessary)
    • Provides approval for expedited changes (needs to be at executive level)

    Technical Subject Matter Expert (SME)

    • Advises on proposed changes prior to RFC submission
    • Reviews draft RFC for technical soundness
    • Assesses backout/rollback plan
    • Checks if knowledgebase has been consulted for prior lessons learned
    • Participates in the PIR, if necessary
    • Ensures that the service desk is trained on the change

    CAB

    • Approves/rejects RFCs for normal changes
    • Reviews lessons learned from PIRs
    • Decides on the scope of change management
    • Reviews metrics and decides on remedial actions
    • Considers changes to be added to list of pre-approved changes
    • Communicates to organization about upcoming changes

    Change Manager

    • Reviews RFCs for completeness
    • Ensures RFCs brought to the CAB have a high chance of approval
    • Chairs CAB meetings, including scheduling, agenda preparation, reporting, and follow-ups
    • Manages post-implementation reviews and reporting
    • Organizes internal communications (within IT)

    2.1.1 Capture Roles and Responsibilities Using a RACI Chart

    Input

    • Current SOP

    Output

    • Documented roles and responsibilities in change management in a RACI chart

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. As a group, work through developing a RACI chart to determine the roles and responsibilities of individuals involved in the change management practice based on the following criteria:
      • Responsible (performs the work)
      • Accountable (ensures the work is done)
      • Consulted (two-way communication)
      • Informed (one-way communication)
    2. Record your results in slide 14 of the Project Summary Template and section 3.1 of your Change Management SOP.
    Change Management TasksOriginatorSystem OwnerChange ManagerCAB MemberTechnical SMEService DeskCIO/ VP ITE-CAB Member
    Review the RFC C C A C R C R  
    Validate changes C C A C R C R  
    Assess test plan A C R R C   I  
    Approve the RFC I C A R C   I  
    Create communications plan R I A     I I  
    Deploy communications plan I I A I   R    
    Review metrics   C A R   C I  
    Perform a post implementation review   C R A     I  
    Review lessons learned from PIR activities     R A   C    

    Designate a Change Manager to own the process, change templates, and tools

    The Change Manager will be the point of contact for all process questions related to change management.

    • The Change Manager needs the authority to reject change requests, regardless of the seniority of the requester.
    • The Change Manager needs the authority to enforce compliance to a standard process.
    • The Change Manager needs enough cross-functional subject-matter expertise to accurately evaluate the impact of change from both an IT and business perspective.

    Info-Tech Best Practice

    Some organizations will not be able to assign a dedicated Change Manager, but they must still task an individual with change review authority and with ownership of the risk assessment and other key parts of the process.

    Responsibilities

    1. The Change Manager is your first stop for change approval. Both the change management and release and deployment management processes rely on the Change Manager to function.
    2. Every single change that is applied to the live environment, from a single patch to a major change, must originate with a request for change (RFC), which is then approved by the Change Manager to proceed to the CAB for full approval.
    3. Change templates and tools, such as the change calendar, list of preapproved changes, and risk assessment template are controlled by the Change Manager.
    4. The Change Manager also needs to have ownership over gathering metrics and reports surrounding deployed changes. A skilled Change Manager needs to have an aptitude for applying metrics for continual improvement activities.

    2.1.2 Document Your Change Manager’s Responsibilities

    Input

    • Current Change Manager job description (if available)

    Output

    • Change Manager job description and list of responsibilities

    Materials

    • Whiteboard/flip charts (or shared screen if working remotely)
    • Markers/pens
    • Info-Tech’s Change Manager Job Description
    • Change Management SOP

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    1.Using the previous slide, Info-Tech’s Change Manager Job Description, and the examples below, brainstorm responsibilities for the Change Manager.

    2.Record the responsibilities in Section 3.2 of your Change Management SOP.

    Example:

    Change Manager: James Corey

    Responsibilities

    1. Own the process, tools, and templates.
    2. Control the Change Management SOP.
    3. Provide standard RFC forms.
    4. Distribute RFCs for CAB review.
    5. Receive all initial RFCs and check them for completion.
    6. Approve initial RFCs.
    7. Approve pre-approved changes.
    8. Approve the conversion of normal changes to pre-approved changes.
    9. Assemble the Emergency CAB (E-CAB) when emergency change requests are received.
    10. Approve submission of RFCs for CAB review.
    11. Chair the CAB:
      • Set the CAB agenda and distribute it at least 24 hours before the meeting.
      • Ensure the agenda is adhered to.
      • Make the final approval/prioritization decision regarding a change if the CAB is deadlocked and cannot come to an agreement.
      • Distribute CAB meeting minutes to all members and relevant stakeholders.

    Download the Change Manager Job Description

    Create a Change Advisory Board (CAB) to provide process governance

    The primary functions of the CAB are to:

    1. Protect the live environment from poorly assessed, tested, and implemented changes.
      • CAB approval is required for all normal and emergency changes.
      • If a change results in an incident or outage, the CAB is effectively responsible; it’s the responsibility of the CAB to assess and accept the potential impact of every change.
    2. Prioritize changes in a way that fairly reflects change impact and urgency.
      • Change requests will originate from multiple stakeholders, some of whom have competing interests.
      • It’s up to the CAB to prioritize these requests effectively so that business need is balanced with any potential risk to the infrastructure.
      • The CAB should seek to reduce the number of emergency/expedited changes.
    3. Schedule deployments in a way that minimizes conflict and disruption.
      • The CAB uses a change calendar populated with project work, upcoming organizational initiatives, and change freeze periods. They will schedule changes around these blocks to avoid disrupting user productivity.
      • The CAB should work closely with the release and deployment management teams to coordinate change/release scheduling.

    See what responsibilities in the CAB’s process are already performed by the DevOps lifecycle (e.g. authorization, deconfliction etc.). Do not duplicate efforts.

    Use diverse representation from the business to form an effective CAB

    The CAB needs insight into all areas of the business to avoid approving a high-risk change.

    Based on the core responsibilities you have defined, the CAB needs to be composed of a diverse set of individuals who provide quality:

    • Change need assessments – identifying the value and purpose of a proposed change.
    • Change risk assessments – confirmation of the technical impact and likelihood assessments that lead to a risk score, based on the inputs in RFC.
    • Change scheduling – offer a variety of perspectives and responsibilities and will be able to identify potential scheduling conflicts.
     CAB RepresentationValue Added
    Business Members
    • CIO
    • Business Relationship Manager
    • Service Level Manager
    • Business Analyst
    • Identify change blackout periods, change impact, and business urgency.
    • Assess impact on fiduciary, legal, and/or audit requirements.
    • Determine acceptable business risk.
    IT Operations Members
    • Managers representing all IT functions
    • IT Directors
    • Subject Matter Experts (SMEs)
    • Identify dependencies and downstream impacts.
    • Identify possible conflicts with pre-existing OLAs and SLAs.
    CAB Attendees
    • Specific SMEs, tech specialists, and business and vendor reps relevant to a particular change
    • Only attend meetings when invited by the Change Manager
    • Provide detailed information and expertise related to their particular subject areas.
    • Speak to requirements, change impact, and cost.

    Info-Tech Best Practice

    Form a core CAB (members attend every week) and an optional CAB (members who attend only when a change impacts them or when they can provide value in discussions about a change). This way, members can have their voice heard without spending every week in a meeting where they do not contribute.

    2.1.3 Define the Authority and Responsibilities of Your CAB

    Input

    • Current SOP or CAB charter (if available)

    Output

    • Documented list of CAB authorities and responsibilities

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    1.Using the previous slide and the examples below, list the authorities and responsibilities of your CAB.

    2.Record the responsibilities in section 3.3.2 of your Change Management SOP and the Project Summary Template.

    Example:

    CAP AuthorityCAP Responsibilities
    • Final authority over the deployment of all normal and emergency changes.
    • Authority to absorb the risk of a change.
    • Authority to set the change calendar:
      • Maintenance windows.
      • Change freeze periods.
      • Project work.
      • Authority to delay changes.
    • Evaluate all normal and emergency changes.
    • Verify all normal change test, backout, and implementation plans.
    • Verify all normal change test results.
    • Approve all normal and emergency changes.
    • Prioritize all normal changes.
    • Schedule all normal and emergency changes.
    • Review failed change deployments.

    Establish an emergency CAB (E-CAB) protocol

    • When an emergency change request is received, you will not be able to wait until the regularly scheduled CAB meeting.
    • As a group, decide who will sit on the E-CAB and what their protocol will be when assessing and approving emergency changes.

    Change owner conferences with E-CAB (best efforts to reach them) through email or messaging.

    E-CAB members and business system owners are provided with change details. No decision is made without feedback from at least one E-CAB member.

    If business continuity is being affected, the Change Manager has authority to approve change.

    Full documentation of the change (a retroactive RFC) is done after the change and is then reviewed by the CAB.

    Info-Tech Best Practice

    Members of the E-CAB should be a subset of the CAB who are typically quick to respond to their messages, even at odd hours of the night.

    2.1.4 Determine an E-CAB Protocol for Your Organization

    Input

    • Current SOP or CAB charter (if available)

    Output

    • E-CAB protocol

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. Gather the members of the E-CAB and other necessary representatives from the change management team.
    2. Determine the order of operations for the E-CAB in the event that an emergency change is needed.
    3. Consult the example emergency protocol below. Determine what roles and responsibilities are involved at each stage of the emergency change’s implementation.
    4. Document the E-CAB protocol in section 3.4 of your Change Management SOP.

    Example

    Assemble E-CAB

    Assess Change

    Test (if Applicable)

    Deploy Change

    Create Retroactive RFC

    Review With CAB

    Step 2.2

    Build Core Workflows

    Activities

    2.2.1 Build a CMDB-lite as a Reference for Requested Changes

    2.2.2 Create a Normal Change Process

    2.2.3 Create a Pre-Approved Change Process

    2.2.4 Create an Emergency Change Process

    Establish Roles and Workflows

    Step 2.1: Determine Roles and Responsibilities → Step 2.2: Build Core Workflows

    This step involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Outcomes of this step

    • Emergency change workflow
    • Normal process workflow
    • Pre-approved change workflow

    Establishing Workflows: Change Management Lifecycle

    Improve

    • A post-implementation review assesses the value of the actual change measured against the proposed change in terms of benefits, costs, and impact.
    • Results recorded in the change log.
    • Accountability: Change Manager Change Implementer

    Request

    • A change request (RFC) can be submitted via paper form, phone, email, or web portal.
    • Accountability: Change requester/Initiator

    Assess

    • The request is screened to ensure it meets an agreed-upon set of business criteria.
    • Changes are assessed on:
      • Impact of change
      • Risks or interdependencies
      • Resourcing and costs
    • Accountability: Change Manager

    Plan

    • Tasks are assigned, planned, and executed.
    • Change schedule is consulted and necessary resources are identified.
    • Accountability: Change Manager

    Approve

    • Approved requests are sent to the most efficient channel based on risk, urgency, and complexity.
    • Change is sent to CAB members for final review and approval
    • Accountability: Change Manager
      • Change Advisory Board

    Implement

    • Approved changes are deployed.
    • A rollback plan is created to mitigate risk.
    • Accountability: Change Manager Change Implementer

    Establishing workflows: employ a SIPOC model for process definition

    A good SIPOC (supplier, input, process, output, customer) model helps establish the boundaries of each process step and provides a concise definition of the expected outcomes and required inputs. It’s a useful and recommended next step for every workflow diagram.

    For change management, employ a SIPOC model to outline your CAB process:

    Supplier

    • Who or what organization provides the inputs to the process? The supplier can be internal or external.

    Input

    • What goes into the process step? This can be a document, data, information, or a decision.

    Process

    • Activities that occur in the process step that’s being analyzed.

    Output

    • What does the process step produce? This can be a document, data, information, or a decision.

    Customer

    • Who or what organization(s) takes the output of the process? The customer can be internal or external.

    Optional Fields

    Metrics

    • Top-level indicators that usually relate to the input and output, e.g. turnaround time, risk matrix completeness.

    Controls

    • Checkpoints to ensure process step quality.

    Dependencies

    • Other process steps that require the output.

    RACI

    • Those who are Responsible, Accountable, Consulted, or Informed (RACI) about the input, output, and/or process.

    Establish change workflows: assess requested changes to identify impact and dependencies

    An effective change assessment workflow is a holistic process that leaves no stone unturned in an effort to mitigate risk before any change reaches the approval stage. The four crucial areas of risk in a change workflow are:

    Dependencies

    Identify all components of the change.

    Ask how changes will affect:

    • Services on the same infrastructure?
    • Applications?
    • Infrastructure/app architecture?
    • Security?
    • Ability to support critical systems?

    Business Impact

    Frame the change from a business point of view to identify potential disruptions to business activities.

    Your assessment should cover:

    • Business processes
    • User productivity
    • Customer service
    • BCPs

    SLA Impact

    Each new change can impact the level of service available.

    Examine the impact on:

    • Availability of critical systems
    • Infrastructure and app performance
    • Infrastructure and app capacity
    • Existing disaster recovery plans and procedures

    Required Resources

    Once risk has been assessed, resources need to be identified to ensure the change can be executed.

    These include:

    • People (SMEs, tech support, work effort/duration)
    • System time for scheduled implementation
    • Hardware or software (new or existing, as well as tools)

    Establishing workflows: pinpoint dependencies to identify the need for additional changes

    An assessment of each change and a query of the CMDB needs to be performed as part of the change planning process to mitigate outage risk.

    • A version upgrade on one piece of software may require another component to be upgraded as well. For example, an upgrade to the database management system requires that an application that uses the database be upgraded or modified.
    • The sequence of the release must also be determined, as certain components may need to be upgraded before others. For example, if you upgrade the Exchange Server, a Windows update must be installed prior to the Exchange upgrade.
    • If you do not have a CMDB, consider building a CMDB-lite, which consists of a listing of systems, primary users, SMEs, business owners, and system dependencies (see next slide).

    Services Impacted

    • Have affected services been identified?
    • Have supporting services been identified?
    • Has someone checked the CMDB to ensure all dependencies have been accounted for?
    • Have we referenced the service catalog so the business approves what they’re authorizing?

    Technical Teams Impacted

    • Who will support the change throughout testing and implementation?
    • Will additional support be needed?
    • Do we need outside support from eternal suppliers?
    • Has someone checked the contract to ensure any additional costs have been approved?

    Build a dependency matrix to avoid change related collisions (optional)

    A CMDB-lite does not replace a CMDB but can be a valuable tool to leverage when requesting changes if you do not currently have configuration management. Consider the following inputs when building your own CMDB-lite.

    • System
      • To build a CMDB-lite, start with the top 10 systems in your environment that experience changes. This list can always be populated iteratively.
    • Primary Users
      • Listing the primary users will give a change requester a first glance at the impact of the change.
      • You can also use this information when looking at the change communication and training after the change is implemented.
    • SME/Backup
      • These are the staff that will likely build and implement the change. The backup is listed in case the primary is on holiday.
    • Business System Owner
      • The owner of the system is one of the people needed to sign off on the change. Having their support from the beginning of a change is necessary to build and implement it successfully.
    • Tier 1 Dependency
      • If the primary system experiences and outage, Tier 1 dependency functionality is also lost. To request a change, include the business system owner signoffs of the Tier 1 dependencies of the primary system.
    • Tier 2 Dependency
      • If the primary system experiences an outage, Tier 2 dependency functionality is lost, but there is an available workaround. As with Tier 1, this information can help you build a backout plan in case there is a change-related collision.
    • Tier 3 Dependency
      • Tier 3 functionality is not lost if the primary system experiences an outage, but nice-to-haves such as aesthetics are affected.

    2.2.1 Build a CMDB-lite as a Reference for Requested Changes

    Input

    • Current system ownership documentation

    Output

    • Documented reference for change requests (CMDB-lite)

    Materials

    • Whiteboard/flip charts (or shared screen if working remotely)
    • Sticky notes
    • Markers/pens

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. Start with a list of your top 10-15 systems/services with the highest volume of changes.
    2. Using a whiteboard, flip chart, or shared screen, complete the table below by filling the corresponding Primary Users, SMEs, Business System Owner, and Dependencies as shown below. It may help to use sticky notes.
    3. Iteratively populate the table as you notice gaps with incoming changes.
    SystemPrimary UsersSMEBackup SME(s)Business System OwnerTier 1 Dependency (system functionality is down)Tier 2 (impaired functionality/ workaround available)Tier 3 Dependency (nice to have)
    Email Enterprise Naomi Amos James
    • ITSMs
    • Scan-to-email
    • Reporting
    		  
    • Lots
    Conferencing Tool Enterprise Alex Shed James
    • Videoconferencing
    • Conference rooms (can use Facebook messenger instead in worst case scenario)
    • IM
    ITSM (Service Now) Enterprise (Intl.) Anderson TBD Mike
    • Work orders
    • Dashboards
    • Purchasing
    		  
    ITSM (Manage Engine) North America Bobbie Joseph Mike
    • Work orders
    • Dashboards
    • Purchasing
    		  

    Establishing workflows: create standards for change approvals to improve efficiency

    • Not all changes are created equal, and not all changes require the same degree of approval. As part of the change management process, it’s important to define who is the authority for each type of change.
    • Failure to do so can create bureaucratic bottlenecks if each change is held to an unnecessary high level of scrutiny, or unplanned outages may occur due to changes circumventing the formal approval process.
    • A balance must be met and defined to ensure the process is not bypassed or bottlenecked.

    Info-Tech Best Practice

    Define a list pre-approved changes and automate them (if possible) using your ITSM solution. This will save valuable time for more important changes in the queue.

    Example:

    Change CategoryChange Authority
    Pre-approved change Department head/manager
    Emergency change E-CAB
    Normal change – low and medium risk CAB
    Normal change – high risk CAB and CIO (for visibility)

    Example process: Normal Change – Change Initiation

    Change initiation allows for assurance that the request is in scope for change management and acts as a filter for out-of-scope changes to be redirected to the proper workflow. Initiation also assesses who may be assigned to the change and the proper category of the change, and results in an RFC to be populated before the change reaches the build and test phase.

    The image is a horizontal flow chart, depicting an example of a change process.

    The change trigger assessment is critical in the DevOps lifecycle. This can take a more formal role of a technical review board (TRB) or, with enough maturity, may be automated. Responsibilities such as deconfliction, dependency identification, calendar query, and authorization identification can be done early in the lifecycle to decrease or eliminate the burden on CAB.

    For the full process, refer to the Change Management Process Library.

    Example process: Normal Change – Technical Build and Test

    The technical build and test stage includes all technical prerequisites and testing needed for a change to pass before proceeding to approval and implementation. In addition to a technical review, a solution consisting of the implementation, rollback, communications, and training plan are also built and included in the RFC before passing it to the CAB.

    The image is a flowchart, showing the process for change during the technical build and test stage.

    For the full process, refer to the Change Management Process Library.

    Example process: Normal Change – Change Approval (CAB)

    Change approval can start with the Change Manager reviewing all incoming RFCs to filter them for completeness and check them for red flags before passing them to the CAB. This saves the CAB from discussing incomplete changes and allows the Change Manager to set a CAB agenda before the CAB meeting. If need be, change approval can also set vendor communications necessary for changes, as well as the final implementation date of the change. The CAB and Change Manager may follow up with the appropriate parties notifying them of the approval decision (accepted, rescheduled, or rejected).

    The image shows a flowchart illustrating the process for change approval.

    For the full process, refer to the Change Management Process Library.

    Example process: Normal Change – Change Implementation

    Changes should not end at implementation. Ensure you define post-implementation activities (documentation, communication, training etc.) and a post-implementation review in case the change does not go according to plan.

    The image is a flowchart, illustrating the work process for change implementation and post-implementation review.

    For the full process, refer to the Change Management Process Library.

    2.2.2 Create a Normal Change Process

    Input

    • Current SOP/workflow library

    Output

    • Normal change process

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. Gather representatives from the change management team.
    2. Using the examples shown on the previous few slides, work as a group to determine the workflow for a normal change, with particular attention to the following sub-processes:
      1. Request
      2. Assessment
      3. Plan
      4. Approve
      5. Implementation and Post-Implementation Activities
    3. Optionally, you may create variations of the workflow for minor, medium, and major changes (e.g. there will be fewer authorizations for minor changes).
    4. For further documentation, you may choose to run the SIPOC activity for your CAB as outlined on this slide.
    5. Document the resulting workflows in the Change Management Process Library and section 11 of your Change Management SOP.

    Download the Change Management Process Library.

    Identify and convert low-risk normal changes to pre-approved once the process is established

    As your process matures, begin creating a list of normal changes that might qualify for pre-approval. The most potential for value in gains from change management comes from re-engineering and automating of high-volume changes. Pre-approved changes should save you time without threatening the live environment.

    IT should flag changes they would like pre-approved:

    • Once your change management process is firmly established, hold a meeting with all staff that make change requests and build changes.
    • Run a training session detailing the traits of pre-approved changes and ask these individuals to identify changes that might qualify.
    • These changes should be submitted to the Change Manager and reviewed, with the help of the CAB, to decide whether or not they qualify for pre-approval.

    Pre-approved changes are not exempt from due diligence:

    • Once a change is designated as pre-approved, the deployment team should create and compile all relevant documentation:
      • An RFC detailing the change, dependencies, risk, and impact.
      • Detailed procedures and required resources.
      • Implementation and backout plan.
      • Test results.
    • When templating the RFC for pre-approved changes, aim to write the documentation as if another SME were to implement it. This reduces confusion, especially if there’s staff turnover.
    • The CAB must approve, sign off, and keep a record of all documents.
    • Pre-approved changes must still be documented and recorded in the CMDB and change log after each deployment.

    Info-Tech Best Practice

    At the beginning of a change management process, there should be few active pre-approved changes. However, prior to launch, you may have IT flag changes for conversion.

    Example process: Pre-Approved Change Process

    The image shows two horizontal flow charts, the first labelled Pre-Approval of Recurring RFC, and the second labelled Implementation of Child RFC.

    For the full process, refer to the Change Management Process Library.

    Review the pre-approved change list regularly to ensure the list of changes are still low-risk and repeatable.

    IT environments change. Don’t be caught by surprise.

    • Changes which were once low-risk and repeatable may cause unforeseen incidents if they are not reviewed regularly.
    • Dependencies change as the IT environment changes. Ensure that the changes on the pre-approved change list are still low-risk and repeatable, and that the documentation is up to date.
    • If dependencies have changed, then move the change back to the normal category for reassessment. It may be redesignated as a pre-approved change once the documentation is updated.

    Info-Tech Best Practice

    Other reasons for moving a pre-approved change back to the normal category is if the change led to an incident during implementation or if there was an issue during implementation.

    Seek new pre-approved change submissions. → Re-evaluate the pre-approved change list every 4-6 months.

    The image shows a horizontal flow chart, depicting the process for a pre-approved change list review.

    For the full process, refer to the Change Management Process Library.

    2.2.3 Create a Pre-Approved Change Process

    Input

    • Current SOP/workflow library

    Output

    • Pre-approved change process

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. Gather representatives from the change management team.
    2. Using the examples shown on the previous few slides, work as a group to determine the workflow for a pre-approved change, with particular attention to the following sub-processes:
      1. Request
      2. Assessment
      3. Plan
      4. Approve
    3. Document the process of a converting a normal change to pre-approved. Include the steps from flagging a low-risk change to creating the related RFC template.
    4. Document the resulting workflows in the Change Management Process Library and sections 4.2 and 13 of your Change Management SOP.

    Reserve the emergency designation for real emergencies

    • Emergency changes have one of the following triggers:
      • A critical incident is impacting user productivity.
      • An imminent critical incident will impact user productivity.
    • Unless a critical incident is being resolved or prevented, the change should be categorized as normal.
    • An emergency change differs from a normal change in the following key aspects:
      • An emergency change is required to recover from a major outage – there must be a validated service desk critical incident ticket.
      • An urgent business requirement is not an “emergency.”
      • An RFC is created after the change is implemented and the outage is over.
      • A review by the full CAB occurs after the change is implemented.
      • The first responder and/or the person implementing the change may not be the subject matter expert for that system.
    • In all cases, an RFC must be created and the change must be reviewed by the full CAB. The review should occur within two business days of the event.
    Sample ChangeQuick CheckEmergency?
    Install the latest critical patches from the vendor. Are the patches required to resolve or prevent an imminent critical incident? No
    A virus or worm invades the network and a patch is needed to eliminate the threat. Is the patch required to resolve or prevent an imminent critical incident? Yes

    Info-Tech Best Practice

    Change requesters should be made aware that senior management will be informed if an emergency RFC is submitted inappropriately. Emergency requests trigger urgent CAB meetings, are riskier to deploy, and delay other changes waiting in the queue.

    Example process: Emergency Change Process

    The image is a flowchart depicting the process for an emergency change process

    When building your emergency change process, have your E-CAB protocol from activity 2.1.4 handy.

    • Focus on the following requirements for an emergency process:
      • E-CAB protocol and scope: Does the SME need authorization first before working on the change or can the SME proceed if no E-CAB members respond?
      • Documentation and communication to stakeholders and CAB after the emergency change is completed.
      • Input from incident management.

    For the full process, refer to the Change Management Process Library.

    2.2.4 Create an Emergency Change Process

    Input

    • Current SOP/workflow library

    Output

    • Emergency change process

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. Gather representatives from the change management team.
    2. Using the examples shown on the previous few slides, work as a group to determine the workflow for an emergency change, with particular attention to the following sub-processes:
      1. Request
      2. Assessment
      3. Plan
      4. Approve
    3. Ensure that the E-CAB protocol from activity 2.1.4 is considered when building your process.
    4. Document the resulting workflows in the Change Management Process Library and section 12 of your Change Management SOP.

    Case Study (part 2 of 4)

    Intel implemented a robust change management process.

    Industry: Technology

    Source: Daniel Grove, Intel

    Challenge

    Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

    Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.

    Intel’s change management program is responsible for over 4,000 changes each week.

    Solution

    Intel identified 37 different change processes and 25 change management systems of record with little integration.

    Software and infrastructure groups were also very siloed, and this no doubt contributed to the high number of changes that caused outages.

    The task was simple: standards needed to be put in place and communication had to improve.

    Results

    Once process ownership was assigned and the role of the Change Manager and CAB clarified, it was a simple task to streamline and simplify processes among groups.

    Intel designed a new, unified change management workflow that all groups would adopt.

    Automation was also brought into play to improve how RFCs were generated and submitted.

    Phase 3

    Define the RFC and Post-Implementation Activities

    Define Change Management

    1.1 Assess Maturity

    1.2 Categorize Changes and Build Your Risk Assessment

    Establish Roles and Workflows

    2.1 Determine Roles and Responsibilities

    2.2 Build Core Workflows

    Define the RFC and Post-Implementation Activities

    3.1 Design the RFC

    3.2 Establish Post-Implementation Activities

    Measure, Manage, and Maintain

    4.1 Identify Metrics and Build the Change Calendar

    4.2 Implement the Project

    This phase will guide you through the following activities:

    • Design the RFC
    • Establish Post-Implementation Activities

    This phase involves the following participants:

    • IT Director
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board

    Step 3.1

    Design the RFC

    Activities

    3.1.1 Evaluate Your Existing RFC Process

    3.1.2 Build the RFC Form

    Define the RFC and Post-Implementation Activities

    Step 3.1: Design the RFC

    Step 3.2: Establish Post-Implementation Activities

    This step involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Outcomes of this step

    • A full RFC template and process that compliments the workflows for the three change categories

    A request for change (RFC) should be submitted for every non-standard change

    An RFC should be submitted through the formal change management practice for every change that is not a standard, pre-approved change (a change which does not require submission to the change management practice).

    • The RFC should contain all the information required to approve a change. Some information will be recorded when the change request is first initiated, but not everything will be known at that time.
    • Further information can be added as the change progresses through its lifecycle.
    • The level of detail that goes into the RFC will vary depending on the type of change, the size, and the likely impact of the change.
    • Other details of the change may be recorded in other documents and referenced in the RFC.

    Info-Tech Insight

    Keep the RFC form simple, especially when first implementing change management, to encourage the adoption of and compliance with the process.

    RFCs should contain the following information, at a minimum:

    1. Contact information for requester
    2. Description of change
    3. References to external documentation
    4. Items to be changed, reason for the change, and impact of both implementing and not implementing the change
    5. Change type and category
    6. Priority and risk assessment
    7. Predicted time frame, resources, and cost
    8. Backout or remediation plan
    9. Proposed approvers
    10. Scheduled implementation time
    11. Communications plan and post-implementation review

    3.1.1 Evaluate Your Existing RFC Process

    Input

    • Current RFC form or stock ITSM RFC
    • Current SOP (if available)

    Output

    • List of changes to the current RFC form and RFC process

    Materials

    Participants

    • IT Director
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. If the organization is already using an RFC form, review it as a group now and discuss its contents:
      • Does this RFC provide adequate information for the Change Manager and/or CAB to review?
      • Should any additional fields be added?
    2. Show the participants Info-Tech’s Request for Change Form Template and compare it to the one the organization is currently using.
    3. As a group, finalize an RFC table of contents that will be used to formalize a new or improved RFC.
    4. Decide which fields should be filled out by the requester before the initial RFC is submitted to the Change Manager:
      • Many sections of the RFC are relevant for change assessment and review. What information does the Change Manager need when they first receive a request?
      • The Change Manager needs enough information to ensure that the change is in scope and has been properly categorized.
    5. Decide how the RFC form should be submitted and reviewed; this can be documented in section 5 of your Change Management SOP.

    Download the Request for Change Form Template.

    Design the RFC to encourage process buy-in

    • When building the RFC, split the form up into sections that follow the normal workflow (e.g. Intake, Assessment and Build, Approval, Implementation/PIR). This way the form walks the requester through what needs to be filled and when.
    • Revisit the form periodically and solicit feedback to continually improve the user experience. If there’s information missing on the RFC that the CAB would like to know, add the fields. If there are sections that are not used or not needed for documentation, remove them.
    • Make sure the user experience surrounding your RFC form is a top priority – make it accessible, otherwise change requesters simply will not use it.
    • Take advantage of your ITSM’s dropdown lists, automated notifications, CMDB integrations, and auto-generated fields to ease the process of filling the RFC

    Draft:

    • Change requester
    • Requested date of deployment
    • Change risk: low/medium/high
    • Risk assessment
    • Description of change
    • Reason for change
    • Change components

    Technical Build:

    • Assess change:
      • Dependencies
      • Business impact
      • SLA impact
      • Required resources
      • Query the CMS
    • Plan and test changes:
      • Test plan
      • Test results
      • Implementation plan
      • Backout plan
      • Backout plan test results

    CAB:

    • Approve and schedule changes:
      • Final CAB review
      • Communications plan

    Complete:

    • Deploy changes:
      • Post-implementation review

    Designing your RFC: RFC draft

    • Change requester – link your change module to the active directory to pull the change requester’s contact information automatically to save time.
    • A requested date of deployment gives approvers information on timeline and can be used to query the change calendar for possible conflicts
    • Information about risk assessment based on impact and likelihood questionnaires are quick to fill out but provide a lot of information to the CAB. The risk assessment may not be complete at the draft stage but can be updated as the change is built. Ensure this field is up-to- date before it reaches CAB.
    • If you have a technical review stage where changes are directed to the proper workflow and resourcing is assessed, the description, reason, and change components are high-level descriptors of the change that will aid in discovery and lining the change up with the business vision (viability from both a technical and business standpoint).
    • Change requester
    • Requested date of deployment
    • Change Risk: low/medium/high
    • Risk assessment
    • Description of change
    • Reason for change
    • Change components

    Use the RFC to point to documentation already gathered in the DevOps lifecycle to cut down on unnecessary manual work while maintaining compliance.

    Designing your RFC: technical build

    • Dependencies and CMDB query, along with the proposed implementation date, are included to aid in calendar deconfliction and change scheduling. If there’s a conflict, it’s easier to reschedule the proposed change early in the lifecycle.
    • Business, SLA impact, and required resources can be tracked to provide the CAB with information on the business resources required. This can also be used to prioritize the change if conflicts arise.
    • Implementation, test, and backout plans must be included and assessed to increase the probability that a change will be implemented without failure. It’s also useful in the case of PIRs to determine root causes of change-related incidents.
    • Assess change:
      • Dependencies
      • Business impact
      • SLA impact
      • Required resources
      • Query the CMS
    • Plan and test changes:
      • Test plan
      • Test results
      • Implementation plan
      • Backout plan
      • Backout plan test results

    Designing your RFC: approval and deployment

    • Documenting approval, rejection, and rescheduling gives the change requester the go-ahead to proceed with the change, rationale on why it was prioritized lower than another change (rescheduled), or rationale on rejection.
    • Communications plans for appropriate stakeholders can also be modified and forwarded to the communications team (e.g. service desk or business system owners) before deployment.
    • Post-implementation activities and reviews can be conducted if need be before a change is closed. The PIR, if filled out, should then be appended to any subsequent changes of the same nature to avoid making the same mistake twice.
    • Approve and schedule changes:
      • Final CAB review
      • Communications plan
    • Deploy changes:
      • Post-implementation review

    Standardize the request for change protocol

    1. Submission Standards
      • Electronic submission will make it easier for CAB members to review the documentation.
      • As the change goes through the assessment, plan, and test phase, new documentation (assessments, backout plans, test results, etc.) can be attached to the digital RFC for review by CAB members prior to the CAB meeting.
      • Change management software won’t be necessary to facilitate the RFC submission and review; a content repository system, such as SharePoint, will suffice.
    2. Designate the first control point
      • All RFCs should be submitted to a single point of contact.
      • Ideally, the Change Manager or Technical Review Board should fill this role.
      • Whoever is tasked with this role needs the subject matter expertise to ensure that the change has been categorized correctly, to reject out-of-scope requests, or to ask that missing information be provided before the RFC moves through the full change management practice.

    Info-Tech Best Practice

    Technical and SME contacts should be noted in each RFC so they can be easily consulted during the RFC review.

    3.1.2 Build the RFC Form

    Input

    • Current RFC form or stock ITSM RFC
    • Current SOP (if available)

    Output

    • List of changes to the current RFC and RFC process

    Materials

    Participants

    • IT Director
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board
    1. Use Info-Tech’s Request for Change Form Template as a basis for your RFC form.
    2. Use this template to standardize your change request process and ensure that the appropriate information is documented effectively each time a request is made. The change requester and Change Manager should consolidate all information associated with a given change request in this form. This form will be submitted by the change requester and reviewed by the Change Manager.

    Case Study (part 3 of 4)

    Intel implemented automated RFC form generation.

    Industry: Technology

    Source: Daniel Grove, Intel

    Challenge

    Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

    Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.

    Intel’s change management program is responsible for over 4,000 changes each week.

    Solution

    One of the crucial factors that was impacting Intel’s change management efficiency was a cumbersome RFC process.

    A lack of RFC usage was contributing to increased ad hoc changes being put through the CAB, and rescheduled changes were quite high.

    Additionally, ad hoc changes were also contributing heavily to unscheduled downtime within the organization.

    Results

    Intel designed and implemented an automated RFC form generator to encourage end users to increase RFC usage.

    As we’ve seen with RFC form design, the UX/UI of the form needs to be top notch, otherwise end users will simply circumvent the process. This will contribute to the problems you are seeking to correct.

    Thanks to increased RFC usage, Intel decreased emergency changes by 50% and reduced change-caused unscheduled downtime by 82%.

    Step 3.2

    Establish Post-Implementation Activities

    Activities

    3.2.1 Determine When the CAB Would Reject Tested Changes

    3.2.2 Create a Post-Implementation Activity Checklist

    Define the RFC and Post-Implementation Activities

    Step 3.1: Design RFC

    Step 3.2: Establish Post-Implementation Activities

    This step involves the following participants:

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board

    Outcomes of this step

    • A formalized post-implementation process for continual improvement

    Why would the CAB reject a change that has been properly assessed and tested?

    Possible reasons the CAB would reject a change include:

    • The product being changed is approaching its end of life.
    • The change is too costly.
    • The timing of the change conflicts with other changes.
    • There could be compliance issues.
    • The change is actually a project.
    • The risk is too high.
    • There could be regulatory issues.
    • The peripherals (test, backout, communication, and training plans) are incomplete.

    Info-Tech Best Practice

    Many reasons for rejection (listed above) can be caught early on in the process during the technical review or change build portion of the change. The earlier you catch these reasons for rejection, the less wasted effort there will be per change.

    Sample RFCReason for CAP Rejection
    There was a request for an update to a system that a legacy application depends on and only a specific area of the business was aware of the dependency. The CAB rejects it due to the downstream impact.
    There was a request for an update to a non-supported application, and the vendor was asking for a premium support contract that is very costly. It’s too expensive to implement, despite the need for it. The CAB will wait for an upgrade to a new application.
    There was a request to update application functionality to a beta release. The risk outweighs the business benefits.

    Determine When the CAB Would Reject Tested Changes

    Input

    • Current SOP (if available)

    Output

    • List of reasons to reject tested changes

    Materials

    • Whiteboard/flip charts (or shared screen if working remotely)
    • Projector
    • Markers/pens
    • Laptop with ITSM admin access
    • Project Summary Template

    Participants

    • IT Director
    • Infrastructure Manager
    • Change Manager
    • Members of the Change Advisory Board

    Avoid hand-offs to ensure a smooth implementation process

    The implementation phase is the final checkpoint before releasing the new change into your live environment. Once the final checks have been made to the change, it’s paramount that teams work together to transition the change effectively rather than doing an abrupt hand-off. This could cause a potential outage.

    1.

    • Deployment resources identified, allocated, and scheduled
    • Documentation complete
    • Support team trained
    • Users trained
    • Business sign-off
    • Target systems identified and ready to receive changes
    • Target systems available for installation maintenance window scheduled
    • Technical checks:
      • Disk space available
      • Pre-requisites met
      • Components/Services to be updated are stopped
      • All users disconnected
    • Download Info-Tech’sChange Management Pre-Implementation Checklist

    Implement change →

    2.

    1. Verification – once the change has been implemented, verify that all requirements are fulfilled.
    2. Review – ensure that all affected systems and applications are operating as predicted. Update change log.
    3. Transition – a crucial phase of implementation that’s often overlooked. Once the change implementation is complete from a technical point of view, it’s imperative that the team involved with the change inform and train the group responsible for managing the new change.

    Create a backout plan to reduce the risk of a failed change

    Every change process needs to plan for the potential for failure and how to address it effectively. Change management’s solution to this problem is a backout plan.

    A backout plan needs to contain a record of the steps that need to be taken to restore the live environment back to its previous state and maintain business continuity. A good backout plan asks the following questions:

    1. How will failure be determined? Who will make the determination to back out of a change be made and when?
    2. Do we fix on fail or do we rollback to the previous configuration?
    3. Is the service desk aware of the impending change? Do they have proper training?

    Notify the Service Desk

    • Notify the Service Desk about backout plan initiation.

    Disable Access

    • Disable user access to affected system(s).

    Conduct Checks

    • Conduct checks to all affected components.

    Enable User Access

    • Enable user access to affected systems.

    Notify the Service Desk

    • Notify the service desk that the backout plan was successful.

    Info-Tech Best Practice

    As part of the backout plan, consider the turnback point in the change window. That is, the point within the change window where you still have time to fully back out of the change.

    Ensure the following post-implementation review activities are completed

    Service Catalog

    Update the service catalog with new information as a result of the implemented change.

    CMDB

    Update new dependencies present as a result of the new change.

    Asset DB

    Add notes about any assets newly affected by changes.

    Architecture Map

    Update your map based on the new change.

    Technical Documentation

    Update your technical documentation to reflect the changes present because of the new change.

    Training Documentation

    Update your training documentation to reflect any information about how users interact with the change.

    Use a post-implementation review process to promote continual improvement

    The post-implementation review (PIR) is the most neglected change management activity.

    • All changes should be reviewed to understand the reason behind them, appropriateness, and recommendations for next steps.
    • The Change Manager manages the completion of information PIRs and invites RFC originators to present their findings and document the lessons learned.

    Info-Tech Best Practice

    Review PIR reports at CAB meetings to highlight the root causes of issues, action items to close identified gaps, and back-up documentation required. Attach the PIR report to the relevant RFC to prevent similar changes from facing the same issues in the future.

    1. Why do a post-implementation review?
      • Changes that don’t fail but don’t perform well are rarely reviewed.
      • Changes may fail subtly and still need review.
      • Changes that cause serious failures (i.e. unplanned downtime) receive analysis that is unnecessarily in-depth.
    2. What are the benefits?
      • A proactive, post-implementation review actually uses less resources than reactionary change reviews.
      • Root-cause analysis of failed changes, no matter what the impact.
      • Insight into changes that took longer than projected.
      • Identification of previously unidentified risks affecting changes.

    Determine the strategy for your PIR to establish a standardized process

    Capture the details of your PIR process in a table similar to the one below.

    Frequency Part of weekly review (IT team meeting)
    Participants
    • Change Manager
    • Originator
    • SME/supervisor/impacted team(s)

    Categories under review

    Current deviations and action items from previous PIR:

    • Complete
    • Partially complete
    • Complete, late
    • Change failed, rollback succeeded
    • Change failed, rollback failed
    • Major deviation from implementation plan
    Output
    • Root cause or failure or deviation
    • External factors
    • Remediation focus areas
    • Remediation timeline (follow-up at appropriate time)
    Controls
    • Reviewed at next CAB meeting
    • RFC close is dependent on completion of PIR
    • Share with the rest of the technical team
    • Lessons learned stored in the knowledgebase and attached to RFC for easy search of past issues.

    3.2.2 Create a Post-Implementation Activity Checklist

    Input

    • Current SOP (if available)

    Output

    • List of reasons to reject tested changes

    Materials

    Participants

    • CIO
    • IT Managers
    • Change Manager
    • Members of the Change Advisory Board
    1. Gather representatives from the change management team.
    2. Brainstorm duties to perform following the deployment of a change. Below is a sample list:
      • Example:
        • Was the deployment successful?
          • If no, was the backout plan executed successfully?
        • List change-related incidents
        • Change assessment
          • Missed dependencies
          • Inaccurate business impact
          • Incorrect SLA impact
          • Inaccurate resources
            • Time
            • Staff
            • Hardware
        • System testing
        • Integration testing
        • User acceptance testing
        • No backout plan
        • Backout plan failure
        • Deployment issues
    3. Record your results in the Change Management Post-Implementation Checklist.

    Download the Change Management Post-Implementation Checklist

    Case Study

    Microsoft used post-implementation review activities to mitigate the risk of a critical Azure outage.

    Industry: Technology

    Source: Jason Zander, Microsoft

    Challenge

    In November 2014, Microsoft deployed a change intended to improve Azure storage performance by reducing CPU footprint of the Azure Table Front-Ends.

    The deployment method was an incremental approach called “flighting,” where software and configuration deployments are deployed incrementally to Azure infrastructure in small batches.

    Unfortunately, this software deployment caused a service interruption in multiple regions.

    Solution

    Before the software was deployed, Microsoft engineers followed proper protocol by testing the proposed update. All test results pointed to a successful implementation.

    Unfortunately, engineers pushed the change out to the entire infrastructure instead of adhering to the traditional flighting protocol.

    Additionally, the configuration switch was incorrectly enabled for the Azure Blob storage Front-Ends.

    A combination of the two mistakes exposed a bug that caused the outage.

    Results

    Thankfully, Microsoft had a backout plan. Within 30 minutes, the change was rolled back on a global scale.

    It was determined that policy enforcement was not integrated across the deployment system. An update to the system shifted the process of policy enforcement from human-based decisions and protocol to automation via the deployment platform.

    Defined PIR activities enabled Microsoft to take swift action against the outage and mitigate the risk of a serious outage.

    Phase 4

    Measure, Manage, and Maintain

    Define Change Management

    1.1 Assess Maturity

    1.2 Categorize Changes and Build Risk Assessment

    Establish Roles and Workflows

    2.1 Determine Roles and Responsibilities

    2.2 Build Core Workflows

    Define RFC and Post-Implementation Activities

    3.1 Design RFC

    3.2 Establish post-implementation activities

    Measure, Manage, and Maintain

    4.1 Identify Metrics and Build the Change Calendar

    4.2 Implement the Project

    This phase will guide you through the following activities:

    • Identify Metrics and Build the Change Calendar
    • Implement the Project

    This phase involves the following participants:

    • CIO/IT Director
    • IT Managers
    • Change Manager

    Step 4.1

    Identify Metrics and Build the Change Calendar

    Activities

    4.1.1 Create an Outline for Your Change Calendar

    4.1.2 Determine Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)

    4.1.3 Track and Record Metrics Using the Change Management Metrics Tool

    Measure, Manage, and Maintain

    Step 4.1: Identify Metrics and Build the Change Calendar

    Step 4.2: Implement the Project

    This step involves the following participants:

    • CIO/IT Director
    • IT Managers
    • Change Manager

    Outcomes of this step

    • Clear definitions of change calendar content
    • Guidelines for change calendar scheduling
    • Defined metrics to measure the success of change management with associated reports, KPIs, and CSFs

    Enforce a standard method of prioritizing and scheduling changes

    The impact of not deploying the change and the benefit of deploying it should determine its priority.

    Risk of Not Deploying

    • What is the urgency of the change?
    • What is the risk to the organization if the change is not deployed right away?
    • Will there be any lost productivity, service disruptions, or missed critical business opportunities?
      • Timing
        • Does the proposed timing work with the approved changes already on the change schedule?
        • Has the change been clash checked so there are no potential conflicts over services or resources?
      • Once prioritized, a final deployment date should be set by the CAB. Check the change calendar first to avoid conflicts.

    Positive Impact of Deployment

    • What benefits will be realized once the change is deployed?
    • How significant is the opportunity that triggered the change?
    • Will the change lead to a positive business outcome (e.g. increased sales)?

    “The one who has more clout or authority is usually the one who gets changes scheduled in the time frame they desire, but you should really be evaluating the impact to the organization. We looked at the risk to the business of not doing the change, and that’s a good way of determining the criticality and urgency of that change.” – Joseph Sgandurra, Director, Service Delivery, Navantis

    Info-Tech Insight

    Avoid a culture where powerful stakeholders are able to push change deployment on an ad hoc basis. Give the CAB the full authority to make approval decisions based on urgency, impact, cost, and availability of resources.

    Develop a change schedule to formalize the planning process

    A change calendar will help the CAB schedule changes more effectively and increase visibility into upcoming changes across the organization.

    1. Establish change windows in a consistent change schedule:
      • Compile a list of business units that would benefit from a change.
      • Look for conflicts in the change schedule.
      • Avoid scheduling two or more major business units in a day.
      • Consider clients when building your change windows and change schedule.
    2. Gain commitments from key participants:
      • These individuals can confirm if there are any unusual or cyclical business requirements that will impact the schedule.
    3. Properly control your change calendar to improve change efficiency:
      • Look at the proposed start and end times: Are they sensible? Does the implementation window leave time for anything going wrong or needing to roll back the change?
      • Special considerations: Are there special circumstances that need to be considered? Ask the business if you don’t know.
      • The key principle is to have a sufficient window available for implementing changes so you only need to set up calendar freezes for sound business or technical reasons.

    Our mantra is to put it on the calendar. Even if it’s a preapproved change and doesn’t need a vote, having it on the calendar helps with visibility. The calendar is the one-stop shop for scheduling and identifying change dependencies.“ – Wil Clark, Director of Service and Performance Management, University of North Texas Systems

    Provide clear definitions of what goes on the change calendar and who’s responsible

    Roles

    • The Change Manager will be responsible for creating and maintaining a change calendar.
    • Only the Change Manager can physically alter the calendar by adding a new change after the CAB has agreed upon a deployment date.
    • All other CAB members, IT support staff, and other impacted stakeholders should have access to the calendar on a read-only basis to prevent people from making unauthorized changes to deployment dates.

    Inputs

    • Freeze periods for individual business departments/applications (e.g. finance month-end periods, HR payroll cycle, etc. – all to be investigated).
    • Maintenance windows and planned outage periods.
    • Project schedules, and upcoming major/medium changes.
    • Holidays.
    • Business hours (some departments work 9-5, others work different hours or in different time zones, and user acceptance testing may require business users to be available).

    Guidelines

    • Business-defined freeze periods are the top priority.
    • No major or medium normal changes should occur during the week between Christmas and New Year’s Day.
    • Vendor SLA support hours are the preferred time for implementing changes.
    • The vacation calendar for IT will be considered for major changes.
    • Change priority: High > Medium > Low.
    • Minor changes and preapproved changes have the same priority and will be decided on a case-by-case basis.

    The change calendar is a critical pre-requisite to change management in DevOps. Use the calendar to be proactive with proposed implementation dates and deconfliction before the change is finished.

    4.1.1 Create Guidelines for Your Change Calendar

    Input

    • Current change calendar guidelines

    Output

    • Change calendar inputs and schedule checklist

    Materials

    Participants

    • Change Manager
    • Members of the Change Advisory Board
    • Service Desk Manager
    • Operations (optional)
    1. Gather representatives from the change management team.
      • Example:
        • The change calendar/schedule includes:
          • Approved and scheduled normal changes.
          • Scheduled project work.
          • Scheduled maintenance windows.
          • Change freeze periods with affected users noted:
            • Daily/weekly freeze periods.
            • Monthly freeze periods.
            • Annual freeze periods.
            • Other critical business events.
    2. Create a checklist to run through before each change is scheduled:
      • Check the schedule and assess resource availability:
        • Will user productivity be impacted?
        • Are there available resources (people and systems) to implement the change?
        • Is the vendor available? Is there a significant cost attached to pushing change deployment before the regularly scheduled refresh?
        • Are there dependencies? Does the deployment of one change depend on the earlier deployment of another?
    3. Record your results in your Project Summary Template.

    Start measuring the success of your change management project using three key metrics

    Number of change-related incidents that occur each month

    • Each month, record the number of incidents that can be directly linked to a change. This can be done using an ITSM tool or manually by service desk staff.
    • This is a key success metric: if you are not tracking change-related incidents yet, start doing so as soon as possible. This is the metric that the CIO and business stakeholders will be most interested in because it impacts users directly.

    Number of unauthorized changes applied each month

    • Each month, record the number of changes applied without approval. This is the best way to measure adherence to the process.
    • If this number decreases, it demonstrates a reduction in risk, as more changes are formally assessed and approved before being deployed.

    Percentage of emergency changes

    • Each month, compare the number of emergency change requests to the total number of change requests.
    • Change requesters often designate changes as emergencies as a way of bypassing the process.
    • A reduction in emergency changes demonstrates that your process is operating smoothly and reduces the risk of deploying changes that have not been properly tested.

    Info-Tech Insight

    Start simple. Metrics can be difficult to tackle if you’re starting from scratch. While implementing your change management practice, use these three metrics as a starting point, since they correlate well with the success of change management overall. The following few slides provide more insight into creating metrics for your change process.

    If you want more insight into your change process, measure the progress of each step in change management with metrics

    Improve

    • Number of repeat failures (i.e. making the same mistake twice)
    • Number of changes converted to pre-approved
    • Number of changes converted from pre-approved back to normal

    Request

    • What percentage of change requests have errors or lack appropriate support?
    • What percentage of change requests are actually projects, service requests, or operational tasks?
    • What percentage of changes have been requested before (i.e. documented)?

    Assess

    • What percentage of change requests are out of scope?
    • What percentage of changes have been requested before (i.e. documented)?
    • What are the percentages of changes by category (normal, pre-approved, emergency)?

    Plan

    • What percentage of change requests are reviewed by the CAB that should have been pre-approved or emergency (i.e. what percentage of changes are in the wrong category)?

    Approve

    • Number of changes broken down by department (business unit/IT department to be used in making core/optional CAB membership more efficient)
    • Number of workflows that can be automated

    Implement

    • Number of changes completed on schedule
    • Number of changes rolled back
    • What percentage of changes caused an incident?

    Use metrics to inform project KPIs and CSFs

    Leverage the metrics from the last slide and convert them to data communicable to IT, management, and leadership

    • To provide value, metrics and measurements must be actionable. What actions can be taken as a result of the data being presented?
    • If the metrics are not actionable, there is no value and you should question the use of the metric.
    • Data points in isolation are mostly meaningless to inform action. Observe trends in your metrics to inform your decisions.
    • Using a framework to develop measurements and metrics provides a defined methodology that enables a mapping of base measurements through CSFs.
    • Establishing the relationship increases the value that measurements provide.

    Purposely use SDLC and change lifecycle metrics to find bottlenecks and automation candidates.

    Metrics:

    Metrics are easily measured datapoints that can be pulled from your change management tool. Examples: Number of changes implemented, number of changes without incident.

    KPIs:

    Key Performance Indicators are metrics presented in a way that is easily digestible by stakeholders in IT. Examples: Change efficiency, quality of changes.

    CSFs:

    Critical Success Factors are measures of the business success of change management taken by correlating the CSF with multiple KPIs. Examples: consistent and efficient change management process, a change process mapped to business needs

    List in-scope metrics and reports and align them to benefits

    Metric/Report (by team)Benefit
    Total number of RFCs and percentages by category (pre-approved, normal, emergency, escalated support, expedited)
    • Understand change management activity
    • Tracking maturity growth
    • Identifying “hot spots”
    Pre-approved change list (and additions/removals from the list) Workload and process streamlining (i.e. reduce “red tape” wherever possible)
    Average time between RFC lifecycle stages (by service/application) Advance planning for proposed changes
    Number of changes by service/application/hardware class
    • Identifying weaknesses in the architecture
    • Vendor-specific TCO calculations
    Change triggers Business- vs. IT-initiated change
    Number of RFCs by lifecycle stage Workload planning
    List of incidents related to changes Visible failures of the CM process
    Percentage of RFCs with a tested backout/validation plan Completeness of change planning
    List of expedited changes Spotlighting poor planning and reducing the need for this category going forward (“The Hall of Shame”)
    CAB approval rate Change coordinator alignment with CAB priorities – low approval rate indicates need to tighten gatekeeping by the change coordinator
    Calendar of changes Planning

    4.1.2 Determine Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)

    Input

    • Current metrics

    Output

    • List of trackable metrics, KPIs and CSFs

    Materials

    Participants

    • Change Manager
    • Members of the Change Advisory Board
    • Service Desk Manager
    • Operations (optional)
    1. Draw three tables for metrics, KPIs, and CSFs.
    2. Starting with the CSF table, fill in all relevant CSFs that your group wishes to track and measure.
    3. Next, work to determine relevant KPIs correlated with the CSFs and metrics needed to measure the KPIs. Use the tables included below (taken from section 14 of the Change Management SOP) to guide the process.
    4. Record the results in the tables in section 14 of your Change Management SOP.
    5. Decide on where and when to review the metrics to discuss your change management strategy. Designate and owner and record in the RACI and Communications section of your Change Management SOP.
    Ref #Metric

    M1

    		 Number of changes implemented for a time period
    M2 Number of changes successfully implemented for a time period
    M3 Number of changes implemented causing incidents
    M4 Number of accepted known errors when change is implemented
    M5 Total days for a change build (specific to each change)
    M6 Number of changes rescheduled
    M7 Number of training questions received following a change
    Ref#KPIProduct
    K1 Successful changes for a period of time (approach 100%) M2 / M1 x 100%
    K2 Changes causing incidents (approach 0%) M3 / M1 x 100%
    K3 Average days to implement a change ΣM5 / M1
    K4 Change efficiency (approach 100%) [1 - (M6 / M1)] x 100%
    K5 Quality of changes being implemented (approach 100%) [1 - (M4 / M1)] x 100%
    K6 Change training efficiency (approach 100%) [1 - (M7 / M1)] x 100%
    Ref#CSFIndicator
    C1 Successful change management process producing quality changes K1, K5
    C2 Consistent efficient change process K4, K6
    C3 Change process maps to business needs K5, K6

    Measure changes in selected metrics to evaluate success

    Once you have implemented a standardized change management practice, your team’s goal should be to improve the process, year over year.

    • After a process change has been implemented, it’s important to regularly monitor and evaluate the CSFs, KPIs, and metrics you chose to evaluate. Examine whether the process change you implemented has actually resolved the issue or achieved the goal of the critical success factor.
    • Establish a schedule for regularly reviewing the key metrics. Assess changes in those metrics and determine progress toward reaching objectives.
    • In addition to reviewing CSFs, KPIs, and metrics, check in with the release management team and end users to measure their perceptions of the change management process once an appropriate amount of time has passed.
    • Ensure that metrics are telling the whole story and that reporting is honest in order to be informative.

    Outcomes of standardizing change management should include:

    1. Improved efficiency, effectiveness, and quality of changes.
    2. Changes and processes are more aligned with the business needs and strategy.
    3. Improved maturity of change processes.

    Info-Tech Best Practice

    Make sure you’re measuring the right things and considering all sources of information. It’s very easy to put yourself in a position where you’re congratulating yourselves for improving on a specific metric such as number of releases per month, but satisfaction remains low.

    4.1.3 Track and Record Metrics Using the Change Management Metrics Tool

    Input

    • Current metrics

    Output

    • List of trackable metrics, KPIs and CSFs to be observed over the length of a year

    Materials

    Participants

    • Change Manager
    • Members of the Change Advisory Board
    • Service Desk Manager
    • Operations (optional)

    Tracking the progress of metrics is paramount to the success of any change management process. Use Info-Tech’s Change Management Metrics Tool to record metrics and track your progress. This tool is intended to be a substitute for organizations who do not have the capability to track change-related metrics in their ITSM tool.

    1. Input metrics from the previous activity to track over the course of a year.
    2. To record your metrics, open the tool and go to tab 2. The tool is currently primed to record and track five metrics. If you need more than that, you can edit the list in the hidden calculations tab.
    3. To see the progress of your metrics, move to tab 3 to view a dashboard of all metrics in the tool.

    Download the Change Management Metrics Tool

    Case Study

    A federal credit union was able to track maturity growth through the proper use of metrics.

    Industry: Federal Credit Union (anonymous)

    Source: Info-Tech Workshop

    Challenge

    At this federal credit union, the VP of IT wanted a tight set of metrics to engage with the business, communicate within IT, enable performance management of staff, and provide visibility into workload demands, among other requirements.

    The organization was suffering from “metrics fatigue,” with multiple reports being generated from all groups within IT, to the point that weekly/monthly reports were being seen as spam.

    Solution

    Stakeholders were provided with an overview of change management benefits and were asked to identify one key attribute that would be useful to their specific needs.

    Metrics were designed around the stakeholder needs, piloted with each stakeholder group, fine-tuned, and rolled out.

    Some metrics could not be automated off-the-shelf and were rolled out in a manual fashion. These metrics were subsequently automated and finally made available through a dashboard.

    Results

    The business received clear guidance regarding estimated times to implement changes across different elements of the environment.

    The IT managers were able to plan team workloads with visibility into upstream change activity.

    Architects were able to identify vendors and systems that were the leading source of instability.

    The VP of IT was able to track the maturity growth of the change management process and proactively engage with the business on identified hot spots.

    Step 4.2

    Implement the Project

    Activities

    4.2.1 Use a Communications Plan to Gain End User Buy-In

    4.2.2 Create a Project Roadmap to Track Your Implementation Progress

    Measure, Manage, and Maintain

    Step 4.1: Identify Metrics and Build the Change Calendar

    Step 3.2: Implement the Project

    This step involves the following participants:

    • CIO/IT Director
    • IT Managers
    • Change Manager

    Outcomes of this step

    • A communications plan for key messages to communicate to relevant stakeholders and audiences
    • A roadmap with assigned action items to implement change management

    Success of the new process will depend on introducing change and gaining acceptance

    Change management provides value by promptly evaluating and delivering changes required by the business and by minimizing disruption and rework caused by failed changes. Communication of your new change management process is key. If people do not understand the what and why, it will fail to provide the desired value.

    Info-Tech Best Practice

    Gather feedback from end users about the new process: if the process is too bureaucratic, end users are more likely to circumvent it.

    Main Challenges with Communication

    • Many people fail before they even start because they are buried in a mess created before they arrived – either because of a failed attempt to get change management implemented or due to a complicated system that has always existed.
    • Many systems are maintained because “that’s the way it’s always been done.”
    • Organizations don’t know where to start; they think change management is too complex a process.
    • Each group needs to follow the same procedure – groups often have their own processes, but if they don’t agree with one another, this could cause an outage.

    Educate affected stakeholders to prepare for organizational change

    An organizational change management plan should be part of your change management project.

    • Educate stakeholders about:
      • The process change (describe it in a way that the user can understand and is clear and concise).
        • IT changes will be handled in a standardized and repeatable fashion to minimize change-related incidents.
      • Who is impacted?
        • All users.
      • How are they impacted?
        • All change requests will be made using a standard form and will not be deployed until formal approval is received.
      • Change messaging.
        • How to communicate the change (benefits).
      • Learning and development – training your users on the change.
        • Develop and deliver training session on the Change Management SOP to familiarize users with this new method of handling IT change.

    Host a lunch-and-learn session

    • For the initial deployment, host a lunch-and-learn session to educate the business on the change management practice. Relevant stakeholders of affected departments should host it and cover the following topics:
    • What is change management (change management/change control)?
    • The value of change management.
    • What the Change Management SOP looks like.
    • Who is involved in the change management process (the CAB, etc.)?
    • What constitutes a pre-approved change and an emergency change?
    • An overview of the process, including how to avoid unauthorized changes.
    • Who should they contact in case of questions?

    Communicate the new process to all affected stakeholders

    Do not surprise users or support staff with changes. This will result in lost productivity and low satisfaction with IT services.

    • User groups and the business need to be given sufficient notice of an impending change.
    • This will allow them to make appropriate plans to accept the change, minimizing the impact of the change on productivity.
    • A communications plan will be documented in the RFC while the release is being built and tested.
    • It’s the responsibility of the change team to execute on the communications plan.

    Info-Tech Insight

    The success of change communication can be measured by monitoring the number of service desk tickets related to a change that was not communicated to users.

    Communication is crucial to the integration and overall implementation of your change management initiative. An effective communications plan will:

    • Gain support from management at the project proposal phase.
    • Create end-user buy-in once the program is set to launch.
    • Maintain the presence of the program throughout the business.
    • Instill ownership throughout the business from top-level management to new hires.

    Create your communications plan to anticipate challenges, remove obstacles, and ensure buy-in

    Management

    Technicians

    Business Stakeholders

    Provide separate communications to key stakeholder groups

    Why? What problems are you trying to solve?

    What? What processes will it affect (that will affect me)?

    Who? Who will be affected? Who do I go to if I have issues with the new process?

    When? When will this be happening? When will it affect me?

    How? How will these changes manifest themselves?

    Goal? What is the final goal? How will it benefit me?

    Info-Tech Insight

    Pay close attention to the medium of communication. For example, stakeholders on their feet all day would not be as receptive to an email communication compared to those who primarily work in front of a computer. Put yourself into various stakeholders’ shoes to craft a tailored communication of change management.

    4.2.1 Use a Communications Plan to Gain End User Buy-In

    Input

    • List of stakeholder groups for change management

    Output

    • Tailored communications plans for various stakeholder groups

    Materials

    Participants

    • Change Manager
    • Members of the Change Advisory Board
    • Service Desk Manager
    • Operations (optional)
    1. Using Info-Tech’s Change Management Communications Plan, identify key audiences or stakeholder groups that will be affected by the new change management practice.
    2. For each group requiring a communications plan, identify the following:
      • The benefits for that group of individuals.
      • The impact the change will have on them.
      • The best communication method(s) for them.
      • The time frame of the communication.
    3. Complete this information in a table like the one below:
    GroupBenefitsImpactMethodTimeline
    IT Standardized change process All changes must be reviewed and approved Poster campaign 6 months
    End Users Decreased wait time for changes Formal process for RFCs Lunch-and-learn sessions 3 months
    Business Reduced outages Increased involvement in planning and approvals Monthly reports 1 year
    1. Discuss the communications plan:
      • Will this plan ensure that users are given adequate opportunities to accept the changes being deployed?
      • Is the message appropriate for each audience? Is the format appropriate for each audience?
      • Does the communication include training where necessary to help users adopt any new functions/workflows being introduced?

    Download the Change Management Communications Plan

    Present your SOP to key stakeholders and obtain their approval

    Now that you have completed your Change Management SOP, the final step is to get sign-off from senior management to begin the rollout process.

    Know your audience:

    • Determine the service management stakeholders who will be included in the audience for your presentation.
    • You want your presentation to be succinct and hard hitting. Management’s time is tight and they will lose interest if you drag out the delivery.
    • Briefly speak about the need for more formal change management and emphasize the benefits of implementing a more formal process with a SOP.
    • Present your current state assessment results to provide context before presenting the SOP itself.
    • As with any other foundational activity, be prepared with some quick wins to gain executive attention.
    • Be prepared to review with both technical and less technical stakeholders.

    Info-Tech Insight

    The support of senior executive stakeholders is critical to the success of your SOP rollout. Try to wow them with project benefits and make sure they know about the risks/pain points.

    Download the Change Management Project Summary Template

    4.2.2 Create a Project Roadmap to Track Your Implementation Progress

    Input

    • List of implementation tasks

    Output

    • Roadmap and timeline for change management implementation

    Materials

    Participants

    • Change Manager
    • Members of the Change Advisory Board
    • Service Desk Manager
    • Operations (optional)
    1. Info-Tech’s Change Management Roadmap Tool helps you identify and prioritize tasks that need to be completed for the change management implementation project.
    2. Use this tool to identify each action item that will need to be completed as part of the change management initiative. Chart each action item, assign an owner, define the duration, and set a completion date.
    3. Use the resulting rocket diagram as a guide to task completion as you work toward your future state.

    Download the Change Management Roadmap Tool

    Case Study (part 4 of 4)

    Intel implemented a robust change management process.

    Industry: Technology

    Source: Daniel Grove, Intel

    Challenge

    Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

    Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.

    Intel’s change management program is responsible for over 4,000 changes each week.

    Solution

    Intel had its new change management program in place and the early milestones planned, but one key challenge with any new project is communication.

    The company also needed to navigate the simplification of a previously complex process; end users could be familiar with any of the 37 different change processes or 25 different change management systems of record.

    Top-level buy-in was another concern.

    Results

    Intel first communicated the process changes by publishing the vision and strategy for the project with top management sponsorship.

    The CIO published all of the new change policies, which were supported by the Change Governance Council.

    Intel cited the reason for success as the designation of a Policy and Guidance Council – a group designed to own communication and enforcement of the new policies and processes put in place.

    Summary of Accomplishment

    Problem Solved

    You now have an outline of your new change management process. The hard work starts now for an effective implementation. Make use of the communications plan to socialize the new process with stakeholders and the roadmap to stay on track.

    Remember as you are starting your implementation to keep your documents flexible and treat them as “living documents.” You will likely need to tweak and refine the processware and templates several times to continually improve the process. Furthermore, don’t shy away from seeking feedback from your stakeholders to gain buy-in.

    Lastly, keep an eye on your progress with objective, data-driven metrics. Leverage the trends in your data to drive your decisions. Be sure to revisit the maturity assessment not only to measure and visualize your progress, but to gain insight into your next steps.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic office in Toronto, Ontario, Canada to participate in an innovative onsite workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.2 Complete a Change Management Maturity Assessment

    Run through the change management maturity assessment with tailored commentary for each action item outlining context and best practices.

    2.2.1 Plot the Process for a Normal Change

    Build a normal change process using Info-Tech’s Change Management Process Library template with an analyst helping you to right size the process for your organization.

    Related Info-Tech Research

    Standardize the Service Desk

    Improve customer service by driving consistency in your support approach and meeting SLAs.

    Stabilize Release and Deployment Management

    Maintain both speed and control while improving the quality of deployments and releases within the infrastructure team.

    Incident and Problem Management

    Don’t let persistent problems govern your department.

    Select Bibliography

    AXELOS Limited. ITIL Foundation: ITIL 4th edition. TSO, 2019, pp. 118–120.

    Behr, Kevin and George Spafford. The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps. IT Revolution Press. 2013.

    BMC. “ITIL Change Management.” BMC Software Canada, 22 December 2016.

    Brown, Vance. “Change Management: The Greatest ROI of ITIL.” Cherwell Service Management.

    Cisco. “Change Management: Best Practices.” Cisco, 10 March 2008.

    Grove, Daniel. “Case Study ITIL Change Management Intel Corporation.” PowerShow, 2005.

    ISACA. “COBIT 5: Enabling Processes.” ISACA, 2012.

    Jantti, M. and M. Kainulainen. “Exploring an IT Service Change Management Process: A Case Study.” ICDS 2011: The Fifth International Conference on Digital Society, 23 Feb. 2011.

    Murphy, Vawns. “How to Assess Changes.” The ITSM Review, 29 Jan. 2016.

    Nyo, Isabel. “Best Practices for Change Management in the Age of DevOps.” Atlassian Engineering, 12 May 2021.

    Phillips, Katherine W., Katie A. Liljenquist, and Margaret A. Neale. “Better Decisions Through Diversity.” Kellogg Insight, 1 Oct. 2010.

    Pink Elephant. “Best Practices for Change Management.” Pink Elephant, 2005.

    Sharwood, Simon. “Google broke its own cloud by doing two updates at once.” The Register, 24 Aug. 2016.

    SolarWinds. “How to Eliminate the No: 1 Cause of Network Downtime.” SolarWinds Tech Tips, 25 Apr. 2014.

    The Stationery Office. “ITIL Service Transition: 2011.” The Stationary Office, 29 July 2011.

    UCISA. “ITIL – A Guide to Change Management.” UCISA.

    Zander, Jason. “Final Root Cause Analysis and Improvement Areas: Nov 18 Azure Storage Service Interruption.” Microsoft Azure: Blog and Updates, 17 Dec. 2014.

    Appendix I: Expedited Changes

    Employ the expedited change to promote process adherence

    In many organizations, there are changes which may not fit into the three prescribed categories. The reason behind why the expedited category may be needed generally falls between two possibilities:

    1. External drivers dictate changes via mandates which may not fall within the normal change cycle. A CIO, judge, state/provincial mandate, or request from shared services pushes a change that does not fall within a normal change cycle. However, there is no imminent outage (therefore it is not an emergency). In this case, an expedited change can proceed. Communicate to the change requester that IT and the change build team will still do their best to implement the change without issue, but any extra risk of implementing this expedited change (compared to an normal change) will be absorbed by the change requester.
    2. The change requester did not prepare for the change adequately. This is common if a new change process is being established (and stakeholders are still adapting to the process). Change requesters or the change build team may request the change to be done by a certain date that does not fall within the normal change cycle, or they simply did not give the CAB enough time to vet the change. In this case, you may use the expedited category as a metric (or a “Hall of Shame” example). If you identify a department or individual that frequently request expedited changes, use the expedited category as a means to educate them about the normal change to discourage the behavior moving forward.

    Two possible ways to build an expedited change category”

    1. Build the category similar to an emergency change. In this case, one difference would be the time allotted to fully obtain authorization of the change from the E-CAB and business owner before implementing the change (as opposed to the emergency change workflow).
    2. Have the expedited change reflect the normal change workflow. In this case, all the same steps of the normal change workflow are followed except for expedited timelines between processes. This may include holding an impromptu CAB meeting to authorize the change.

    Example process: Expedited Change Process

    The image is a flowchart, showing the process for Expedited Change.

    For the full process, refer to the Change Management Process Library.

    Appendix II: Optimize IT Change Management in a DevOps Environment

    Change Management cannot be ignored because you are DevOps or Agile

    But it can be right-sized.

    The core tenets of change management still apply no matter the type of development environment an organization has. Changes in any environment carry risk of degrading functionality, and must therefore be vetted. However, the amount of work and rigor put into different stages of the change life cycle can be altered depending on the maturity of the development workflows. The following are several stage gates for change management that MUST be considered if you are a DevOps or Agile shop:

    • Intake assessment (separation of changes from projects, service requests, operational tasks)
      • Within a DevOps or Agile environment, many of the application changes will come directly from the SDLC and projects going live. It does not mean a change must go through CAB, but leveraging the pre-approved category allows for an organization to stick to development lifecycles without being heavily bogged down by change bureaucracy.
    • Technical review
      • Leveraging automation, release contingencies, and the current SDLC documentation to decrease change risk allows for various changes to be designated as pre-approved.
    • Authorization
      • Define the authorization and dependencies of a change early in the lifecycle to gain authorization and necessary signoffs.
    • Documentation/communication
      • Documentation and communication are post-implementation activities that cannot be ignored. If documentation is required throughout the SDLC, then design the RFC to point to the correct documentation instead of duplicating information.

    "Understand that process is hard and finding a solution that fits every need can be tricky. With this change management process we do not try to solve every corner case so much as create a framework by which best judgement can be used to ensure maximum availability of our platforms and services while still complying with our regulatory requirements and making positive changes that will delight our customers.“ -IT Director, Information Cybersecurity Organization

    Five principals for implementing change in DevOps

    Follow these best practices to make sure your requirements are solid:

    People

    The core differences between an Agile or DevOps transition and a traditional approach are the restructuring and the team behind it. As a result, the stakeholders of change management must be onboard for the process to work. This is the most difficult problem to solve if it’s an issue, but open avenues of feedback for a process build is a start.

    DevOps Lifecycles

    • Plan the dev lifecycle so people can’t skirt it. Ensure the process has automated checks so that it’s more work to skirt the system than it is to follow it. Make the right process the process of least resistance.
    • Plan changes from the start to ensure that cross-dependencies are identified early and that the proposed implementation date is deconflicted and visible to other change requesters and change stakeholders.

    Automation

    Automation comes in many forms and is well documented in many development workflows. Having automated signoffs for QA/security checks and stakeholders/cross dependency owner sign offs may not fully replace the CAB but can ease the burden on discussions before implementation.

    Contingencies

    Canary releases, phased releases, dark releases, and toggles are all options you can employ to reduce risk during a release. Furthermore, building in contingencies to the test/rollback plan decreases the risk of the change by decreasing the factor of likelihood.

    Continually Improve

    Building change from the ground up doesn’t meant the process has to be fully fledged before launch. Iterative improvements are possible before achieving an optimal state. Having the proper metrics on the pain points and bottlenecks in the process can identify areas for automation and improvement.

    Increasing the proportion of pre-approved changes

    Leverage the traditional change infrastructure to deploy changes quickly while keeping your risk low.

    • To designate a change as a pre-approved change it must have a low risk rating (based on impact and likelihood). Fortunately, many of the changes within the Agile framework are designed to be small and lower risk (at least within application development). Putting in the work ahead of time to document these changes, template RFCs, and document the dependencies for various changes allows for a shift in the proportion of pre-approved changes.
    • The designation of pre-approved changes is an ongoing process. This is not an overnight initiative. Measure the proportion of changes by category as a metric, setting goals and interim goals to shift the change proportion to a desired ratio.

    The image is a bar graph, with each bar having 3 colour-coded sections: Emergency, Normal, and Pre-Approved. The first bar is before, where the largest change category is Normal. The second bar is after, and the largest change category is Pre-Approved.

    Turn your CAB into a virtual one

    • The CAB does not have to fully disappear in a DevOps environment. If the SDLC is built in a way that authorizes changes through peer reviews and automated checks, by the time it’s deployed, the job of the CAB should have already been completed. Then the authorization stage-gate (traditionally, the CAB) shifts to earlier in the process, reducing the need for an actual CAB meeting. However, the change must still be communicated and documented, even if it’s a pre-approved change.
    • As the proportion of changes shifts from a high degree of normal changes to a high degree of pre-approved changes, the need for CAB meetings should decrease even further. As an end-state, you may reserve actual CAB meetings for high-profile changes (as defined by risk).
    • Lastly, change management does not disappear as a process. Periodic reviews of change management metrics and the pre-approved change list must still be completed.

    Security Priorities 2023

    • Buy Link or Shortcode: {j2store}254|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $909 Average $ Saved
    • member rating average days saved: 1 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Most people still want a hybrid work model but there is a shortage in security workforce to maintain secure remote work, which impacts confidence in the security practice.
    • Pressure of operational excellence drives organizational modernization with the consequence of higher risks of security attacks that impact not only cyber but also physical systems.
    • The number of regulations with stricter requirements and reporting is increasing, along with high sanctions for violations.
    • Accurate assessment of readiness and benefits to adopt next-gen cybersecurity technologies can be difficult. Additionally, regulation often faces challenges to keep up with next-gen cybersecurity technologies implications and risks of adoption, which may not always be explicit.
    • Software is usually produced as part of a supply chain instead in a silo. Thus, a vulnerability in any part of the supply chain can become a threat surface.

    Our Advice

    Critical Insight

    • Secure remote work still needs to be maintained to facilitate the hybrid work model post pandemic.
    • Despite all the cybersecurity risks, organizations continue modernization plans due to the long-term overall benefits. Hence, we need to secure organization modernization.
    • Organizations should use regulatory changes to improve security practices, instead of treating them as a compliance burden.
    • Next-gen cybersecurity technologies alone are not the silver bullet. A combination of technologies with skilled talent, useful data, and best practices will give a competitive advantage.

    Impact and Result

    • Use this report to help decide your 2023 security priorities by:
      • Collecting and analyzing your own related data, such as your organization 2022 incident reports. Use Info-Tech’s Security Priorities 2023 material for guidance.
      • Identifying your needs and analyzing your capabilities. Use Info-Tech's template to explain the priorities you need to your stakeholders.
      • Determining the next steps. Refer to Info-Tech's recommendations and related research.

    Security Priorities 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Security Priorities 2023 Report – A report to help decide your 2023 security priorities.

    Each organization is different, so a generic list of security priorities will not be applicable to every organization. Thus, you need to:

  • Collect and analyze your own related data such as your organization 2022 incident reports. Use Info-Tech’s Security Priorities 2023 material for guidance.
  • Identify your needs and analyze your capabilities. Use Info-Tech's template to explain the priorities you need to your stakeholders.
  • Refer to Info-Tech's recommendations and related research for guidance on the next steps.

    • Security Priorities 2023 Report

    Infographic

    Further reading

    Security Priorities 2023

    How we live post pandemic

    Each organization is different, so a generic list of priorities will not be applicable to every organization.

    During 2022, ransomware campaigns declined from quarter to quarter due to the collapse of experienced groups. Several smaller groups are developing to recapture the lost ransomware market. However, ransomware is still the most worrying cyber threat.

    Also in 2022, people returned to normal activities such as traveling and attending sports or music events but not yet to the office. The reasons behind this trend can be many fold, such as employees perceive that work from home (WFH) has positive productivity effects and time flexibility for employees, especially for those with families with younger children. On the other side of the spectrum, some employers perceive that WFH has negative productivity effects and thus are urging employees to return to the office. However, employers also understand the competition to retain skilled workers is harder. Thus, the trend is to have hybrid work where eligible employees can WFH for a certain portion of their work week.

    Besides ransomware and the hybrid work model, in 2022, we saw an evolving threat landscape, regulatory changes, and the potential for a recession by the end of 2023, which can impact how we prioritize cybersecurity this year. Furthermore, organizations are still facing the ongoing issues of insufficient cybersecurity resources and organization modernization.

    This report will explore important security trends, the security priorities that stem from these trends, and how to customize these priorities for your organization.

    In Q2 2022, the median ransom payment was $36,360 (-51% from Q1 2022), a continuation of a downward trend since Q4 2021 when the ransom payment median was $117,116.
    Source: Coveware, 2022

    From January until October 2022, hybrid work grew in almost all industries in Canada especially finance, insurance, real estate, rental and leasing (+14.7%), public administration and professional services (+11.8%), and scientific and technical services (+10.8%).
    Source: Statistics Canada, Labour Force Survey, October 2022; N=3,701

    Hybrid work changes processes and infrastructure

    Investment on remote work due to changes in processes and infrastructure

    As part of our research process for the 2023 Security Priorities Report, we used the results from our State of Hybrid Work in IT Survey, which collected responses between July 10 and July 29, 2022 (total N=745, with n=518 completed surveys). This survey details what changes in processes and IT infrastructure are likely due to hybrid work.

    Process changes to support hybrid work

    A bar graph is depicted with the following dataset: None of the above - 12%; Change management - 29%; Asset management - 34%; Service request support - 41%; Incident management - 42%

    Survey respondents (n=518) were asked what processes had the highest degree of change in response to supporting hybrid work. Incident management is the #1 result and service request support is #2. This is unsurprising considering that remote work changed how people communicate, how they access company assets, and how they connect to the company network and infrastructure.

    Infrastructure changes to support hybrid work

    A bar graph is depicted with the following dataset: Changed queue management and ticketing system(s) - 11%; Changed incident and service request processes - 23%; Addition of chatbots as part of the Service Desk intake process - 29%; Reduced the need for recovery office spaces and alternative work mitigations - 40%; Structure & day-to-day operation of Service Desk - 41%; Updated network architecture - 44%

    For 2023, we believe that hybrid work will remain. The first driver is that employees still prefer to work remotely for certain days of the week. The second driver is the investment from employers on enabling WFH during the pandemic, such as updated network architecture (44%) and the infrastructure and day-to-day operations (41%) as shown on our survey.

    Top cybersecurity concerns and organizational preparedness for them

    Concerns may correspond to readiness.

    In the Info-Tech Research Group 2023 Trends and Priorities Survey of IT professionals, we asked about cybersecurity concerns and the perception about readiness to meet current and future government legislation regarding cybersecurity requirements.

    Cybersecurity issues

    A bar graph is depicted with the following dataset: Cyber risks are not on the radar of the executive leaders or board of directors - 3.19; Organization is not prepared to respond to a cyber attack - 3.08; Supply chain risks related to cyber threats - 3.18; Talent shortages leading to capacity constraints in cyber security - 3.51; New government or industry-imposed regulations - 3.15

    Survey respondents were asked how concerned they are about certain cybersecurity issues from 1 (not concerned at all) to 5 (very concerned). The #1 concern was talent shortages. Other issues with similar concerns included cyber risks not on leadership's radar, supply chain risks, and new regulations (n=507).

    Cybersecurity legislation readiness

    A bar graph is depicted with the following dataset: 1 (Not confident at all) - 2.4%; 2 - 11.2%; 3 - 39.7%; 4 - 33.3%; 5 (Very confident) - 13.4%

    When asked about how confident organizations are about being prepared to meet current and future government legislation regarding cybersecurity requirements, from 1 (not confident at all) to 5 (very confident), the #1 response was 3 (n=499).

    Unsurprisingly, the ever-changing government legislation environment in a world emerging from a pandemic and ongoing wars may not give us the highest confidence.

    We know the concerns and readiness…

    But what is the overall security maturity?

    As part of our research process for the 2023 Security Priorities Report, we reviewed results of completed Info-Tech Research Group Security Governance and Management Benchmark diagnostics (N=912). This report details what we see in our clients' security governance maturity. Setting aside the perception on readiness – what are their actual security maturity levels?

    A bar graph is depicted with the following dataset: Security Culture - 47%; Policy and Process Governance - 47%; Event and Incident Management - 58%; Vulnerability - 57%; Auditing - 52%; Compliance Management - 58%; Risk Analysis - 52%

    Overall, assessed organizations are still scoring low (47%) on Security Culture and Policy and Process Governance. This justifies why most security incidents are still due to gaps in foundational security and security awareness, not lack of advanced controls such as event and incident management (58%).

    And how will the potential recession impact security?

    Organizations are preparing for recession, but opportunities for growth during recession should be well planned too.

    As part of our research process for the 2023 Security Priorities Report, we reviewed the results of the Info-Tech Research Group 2023 Trends and Priorities Survey of IT professionals, which collected responses between August 9 and September 9, 2022 (total N=813 with n=521 completed surveys).

    Expected organizational spending on cybersecurity compared to the previous fiscal year

    A bar graph is depicted with the following dataset: A decrease of more than 10% - 2.2%; A decrease of between 1-10% - 2.6%; About the same - 41.4%; An increase of between 1-10% - 39.6%; An increase of more than 10% - 14.3%

    Keeping the same spending is the #1 result and #2 is increasing spending up to 10%. This is a surprising finding considering the survey was conducted after the middle of 2022 and a recession has been predicted since early 2022 (n=489).

    An infographic titled Cloudy with a Chance of Recession

    Source: Statista, 2022, CC BY-ND

    US recession forecast

    Contingency planning for recessions normally includes tight budgeting; however, it can also include opportunities for growth such as hiring talent who have been laid off by competitors and are difficult to acquire in normal conditions. This can support our previous findings on increasing cybersecurity spending.

    Five Security Priorities for 2023

    This image describes the Five Security Priorities for 2023.

    Maintain Secure Hybrid Work

    PRIORITY 01

    • HOW TO STRATEGICALLY ACQUIRE, RETAIN, OR UPSKILL TALENT TO MAINTAIN SECURE SYSTEMS.

    Executive summary

    Background

    If anything can be learned from COVID-19 pandemic, it is that humans are resilient. We swiftly changed to remote workplaces and adjusted people, processes, and technologies accordingly. We had some hiccups along the way, but overall, we demonstrated that our ability to adjust is amazing.

    The pandemic changed how people work and how and where they choose to work, and most people still want a hybrid work model. However, the number of days for hybrid work itself varies. For example, from our survey in July 2022 (n=516), 55.8% of employees have the option of 2-3 days per week to work offsite, 21.0% for 1 day per week, and 17.8% for 4 days per week.

    Furthermore, the investment (e.g. on infrastructure and networks) to initiate remote work was huge, and the cost doesn't end there, as we need to maintain the secure remote work infrastructure to facilitate the hybrid work model.

    Current situation

    Remote work: A 2022 survey by WFH Research (N=16,451) reports that ~14% of full-time employees are fully remote and ~29% are in a hybrid arrangement as of Summer-Fall 2022.

    Security workforce shortage: A 2022 survey by Bridewell (N=521) reports that 68% of leaders say it has become harder to recruit the right people, impacting organizational ability to secure and monitor systems.

    Confidence in the security practice: A 2022 diagnostic survey by Info-Tech Research Group (N=55) reports that importance may not correspond to confidence; for example, the most important selected cybersecurity area, namely Data Access/Integrity (93.7%), surprisingly has the lowest confidence of the practice (80.5%).

    "WFH doubled every 15 years pre-pandemic. The increase in WFH during the pandemic was equal to 30 years of pre-pandemic growth."

    Source: National Bureau of Economic Research, 2021

    Leaders must do more to increase confidence in the security practice

    Importance may not correspond to confidence

    As part of our research process for the 2023 Security Priorities Report, we analyzed results from the Info-Tech Research Group diagnostics. This report details what we see in our clients' perceived importance of security and their confidence in existing security practices.

    Cybersecurity importance

    A bar graph is depicted with the following dataset: Importance to the Organization - 94.3%; Importance to My Department 92.2%

    Cybersecurity importance areas

    A bar graph is depicted with the following dataset: Mobility (Remote & Mobile Access) - 90.2%; Regulatory Compliance - 90.1%; Desktop Computing - 90.9%; Data Access / Integrity - 93.7%

    Confidence in cybersecurity practice

    A bar graph is depicted with the following dataset: Confidence in the Organization's Overall Security - 79.4%; Confidence in Security for My Department - 79.8%

    Confidence in cybersecurity practice areas

    A bar graph is depicted with the following dataset: Mobility (Remote & Mobile Access) - 75.8%; Regulatory Compliance - 81.5%; Desktop Computing - 80.9%; Data Access / Integrity - 80.5%

    Diagnostics respondents (N=55) were asked about how important security is to their organization or department. Importance to the overall organization is 2.1 percentage points (pp) higher, but confidence in the organization's overall security is slightly lower (-0.4 pp).

    If we break down to security areas, we can see that the most important area, Data Access/Integrity (93.7%), surprisingly has the lowest confidence of the practice: 80.5%. From this data we can conclude that leaders must build a strong cybersecurity workforce to increase confidence in the security practice.

    Use this template to explain the priorities you need your stakeholders to know about.

    Maintain secure hybrid work plan

    Provide a brief value statement for the initiative.

    Build a strong cybersecurity workforce to increase confidence in the security practice to facilitate hybrid work.

    Initiative Description:

    • Description must include what organization will undertake to complete the initiative.
    • Review your security strategy for hybrid work.
    • Identify skills gaps that hinder the successful execution of the hybrid work security strategy.
    • Use the identified skill gaps to define the technical skill requirements for current and future work roles.
    • Conduct a skills assessment on your current workforce to identify employee skill gaps.
    • Decide whether to train, hire, contract, or outsource each skill gap.

    Drivers:

    List initiative drivers.

    • Employees still prefer to WFH for certain days of the week.
    • The investment on WFH during pandemic such as updated network architecture and infrastructure and day-to-day operations.
    • Tech companies' huge layoffs, e.g. Meta laid off more than 11,000 employees.

    Risks:

    List initiative risks and impacts.

    • Unskilled workers lacking certificates or years of experience who are trained and become skilled workers then quit or are hijacked by competitors.
    • Organizational and cultural changes cause friction with work-life balance.
    • Increased attack surface of remote/hybrid workforce.

    Benefits:

    List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

    • Increase perceived productivity by employees and increase retention.
    • Increase job satisfaction and work-life balance.
    • Hiring talent that has been laid off who are difficult to acquire in normal conditions.

    Related Info-Tech Research:

    Recommended Actions

    1. Identify skill requirements to maintain secure hybrid work

    Review your security strategy for hybrid work.

    Determine the skill needs of your security strategy.

    2. Identify skill gaps

    Identify skills gaps that hinder the successful execution of the hybrid work security strategy.

    Use the identified skill gaps to define the technical skill requirements for work roles.

    3. Decide whether to build or buy skills

    Conduct a skills assessment on your current workforce to identify employee skill gaps.

    Decide whether to train, hire, contract, or outsource each skill gap.

    Source: Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan, Info-Tech

    Secure Organization Modernization

    PRIORITY 02

    • TRENDS SUGGEST MODERNIZATION SUCH AS DIGITAL
      TRANSFORMATION TO THE CLOUD, OPERATIONAL TECHNOLOGY (OT),
      AND THE INTERNET OF THINGS (IOT) IS RISING; ADDRESSING THE RISK
      OF CONVERGING ENVIRONMENTS CAN NO LONGER BE DEFERRED.

    Executive summary

    From computerized milk-handling systems in Wisconsin farms, to automated railway systems in Europe, to Ausgrid's Distribution Network Management System (DNMS) in Australia, to smart cities and beyond; system modernization poses unique challenges to cybersecurity.

    The threats can be safety, such as the trains stopped in Denmark during the last weekend of October 2022 for several hours due to an attack on a third-party IT service provider; economics, such as a cream cheese production shutdown that occurred at the peak of cream cheese demand in October 2021 due to hackers compromising a large cheese manufacturer's plants and distribution centers; and reliability, such as the significant loss of communication for the Ukrainian military, which relied on Viasat's services.

    Despite all the cybersecurity risks, organizations continue modernization plans due to the long-term overall benefits.

    Current situation

    • Pressure of operational excellence: Competitive markets cannot keep pace with demand without modernization. For example, in automated milking systems, the labor time saved from milking can be used to focus on other essential tasks such as the decision-making process.
    • Technology offerings: Technologies are available and affordable such as automated equipment, versatile communication systems, high-performance human machine interaction (HMI), IIoT/Edge integration, and big data analytics.
    • Higher risks of cyberattacks: Modernization enlarges attack surfaces, which are not only cyber but also physical systems. Most incidents indicate that attackers gained access through the IT network, which was followed by infiltration into OT networks.

    IIoT market size is USD 323.62 billion in 2022 and projected to be around USD 1 trillion in 2028.

    Source: Statista,
    March 2022

    Modernization brings new opportunities and new threats

    Higher risks of cyberattacks on Industrial Control System (ICS)

    Target: Australian sewage plant.

    Method: Insider attack. Impact: 265,000 gallons of untreated sewage released.

    Target: Middle East energy companies.

    Method: Shamoon.

    Impact: Overwritten Windows-based systems files.

    Target: German Steel Mill

    Method: Spear-phishing

    Impact: Blast furnace control shutdown failure.

    Target: Middle East Safety Instrumented System (SIS).

    Method: TRISIS/TRITON.

    Impact: Modified safety system ladder logic.

    Target: Viasat's KA-SAT Network.

    Method: AcidRain.

    Impact: Significant loss of communication for the Ukrainian military, which relied on Viasat's services.

    A timeline displaying the years 1903; 2000; 2010; 2012; 2013; 2014; 2018; 2019; 2021; 2022 is displayed.

    Target: Marconi wireless telegraphs presentation. Method: Morse code.

    Impact: Fake message sent "Rats, rats, rats, rats. There was a young fellow of Italy, Who diddled the public quite prettily."

    Target: Iranian uranium enrichment plant.

    Method: Stuxnet.

    Impact: Compromised programmable logic controllers (PLCs).

    Target: ICS supply chain.

    Method: Havex.

    Impact: Remote Access Trojan (RAT) collected information and uploaded data to command-and-control (C&C) servers.

    Target: Ukraine power grid.

    Method: BlackEnergy.

    Impact: Manipulation of HMI View causing 1-6 hour power outages for 230,000 consumers.

    Target: Colonial Pipeline.

    Method: DarkSide ransomware.

    Impact: Compromised billing infrastructure halted the pipeline operation.

    Sources:

    • DOE, 2018
    • CSIS, 2022
    • MIT Technology Review, 2022

    Info-Tech Insight

    Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.

    Use this template to explain the priorities you need your stakeholders to know about.

    Secure organization modernization

    Provide a brief value statement for the initiative.

    The systems (OT, IT, IIoT) are evolving now – ensure your security plan has you covered.

    Initiative Description:

    • Description must include what organization will undertake to complete the initiative.
    • Identify the drivers to align with your organization's business objectives.
    • Build your case by leveraging a cost-benefit analysis and update your security strategy.
    • Identify people, process, and technology gaps that hinder the modernization security strategy.
    • Use the identified skill gaps to update risks, policies and procedures, IR, DR, and BCP.
    • Evaluate and enable modernization technology top focus areas and refine security processes.
    • Decide whether to train, hire, contract, or outsource to fill the security workforce gap.

    Drivers:

    List initiative drivers.

    • Pressure of operational excellence
    • Technology offerings
    • Higher risks of cyberattacks

    Risks:

    List initiative risks and impacts.

    • Complex systems with many components to implement and manage require diligent change management.
    • Organizational and cultural changes cause friction between humans and machines.
    • Increased attack surface of cyber and physical systems.

    Benefits:

    List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

    • Improve service reliability through continuous and real-time operation.
    • Enhance efficiency through operations visibility and transparency.
    • Gain cost savings and efficiency to automate operations of complex and large equipment and instrumentations.

    Related Info-Tech Research:

    Recommended Actions

    1. Identify modernization business cases to secure

    Identify the drivers to align with your organization's business objectives.

    Build your case by leveraging a cost-benefit analysis, and update your security strategy.

    2. Identify gaps

    Identify people, process, and technology gaps that hinder the modernization
    security strategy.

    Use the identified skill gaps to update risks, policies and procedures, IR, DR, and BCP.

    3. Decide whether to build or buy capabilities

    Evaluate and enable modernization technology top focus areas and refine
    security processes.

    Decide whether to train, hire, contract, or outsource to fill the security workforce gap.

    Sources:

    Industrial Control System (ICS) Modernization: Unlock the Value of Automation in Utilities, Info-Tech

    Secure IT-OT Convergence, Info-Tech

    Develop a cost-benefit analysis

    Identify a modernization business case for security.

    Benefits

    Metrics

    Operational Efficiency and Cost Savings

    • Reduction in truck rolls and staff time of manual operations of equipment or instrumentation.
    • Cost reduction in energy usage such as substation power voltage level or water treatment chemical level.

    Improve Reliability and Resilience

    • Reduction in field crew time to identify the outage locations by remotely accessing field equipment to narrow down the
      fault areas.
    • Reduction in outage time impacting customers and avoiding financial penalty in service quality metrics.
    • Improve operating reliability through continuous and real-time trend analysis of equipment performance.

    Energy & Capacity Savings

    • Optimize energy usage of operation to reduce overall operating cost and contribution to organizational net-zero targets.

    Customers & Society Benefits

    • Improve customer safety for essential services such as drinkable water consumption.
    • Improve reliability of services and address service equity issues based on data.

    Cost

    Metrics

    Equipment and Infrastructure

    Upgrade existing security equipment or instrumentation or deploy new, e.g. IPS on Enterprise DMZ and Operations DMZ.

    Implement communication network equipment and labor to install and configure.

    Upgrade or construct server room including cooling/heating, power backup, and server and rack hardware.

    Software and Commission

    The SCADA/HMI software and maintenance fee as well as lifecycle upgrade implementation project cost.

    Labor cost of field commissioning and troubleshooting.

    Integration with security systems, e.g. log management and continuous monitoring.

    Support and Resources

    Cost to hire/outsource security FTEs for ongoing managing and operating security devices, e.g. SOC.

    Cost to hire/outsource IT/OT FTEs to support and troubleshoot systems and its integrations with security systems, e.g. MSSP.

    An example of a cost-benefit analysis for ICS modernization

    Sources:

    Industrial Control System (ICS) Modernization: Unlock the Value of Automation in Utilities, Info-Tech

    Lawrence Berkeley National Laboratory, 2021

    IT-OT convergence demands new security approach and solutions

    Identify gaps

    Attack Vectors

    IT

    • User's compromised credentials
    • User's access device, e.g. laptop, smartphone
    • Access method, e.g. denial-of-service to modem, session hijacking, bad data injection

    OT

    • Site operations, e.g. SCADA server, engineering workstation, historian
    • Controls, e.g. SCADA Client, HMI, PLCs, RTUs
    • Process devices, e.g. sensors, actuators, field devices

    Defense Strategies

    • Limit exposure of system information
    • Identify and secure remote access points
    • Restrict tools and scripts
    • Conduct regular security audits
    • Implement a dynamic network environment

    (Control System Defense: Know the Opponent, CISA)

    An example of a high-level architecture of an electric utility's control system and its interaction with IT systems.

    An example of a high-level architecture of an electric utility's control system and its interaction with IT systems.

    Source: ISA-99, 2007

    RESPOND TO REGULATORY CHANGES

    PRIORITY 03

    • GOVERNMENT-ENACTED POLICY CHANGES AND INDUSTRY REGULATORY CHANGES COULD BE A COMPLIANCE BURDEN … OR PREVENT YOUR NEXT SECURITY INCIDENT.

    Executive summary

    Background

    Government-enacted regulatory changes are occurring at an ever-increasing rate these days. As one example, on November 10, 2022, the EU Parliament introduced two EU cybersecurity laws: the Network and Information Security (NIS2) Directive (applicable to organizations located within the EU and organizations outside the EU that are essential within an EU country) and the Digital Operational Resilience Act (DORA). There are also industry regulatory changes such as PCI DSS v4.0 for the payment sector and the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) for Bulk Electric Systems (BES).

    Organizations should use regulatory changes as a means to improve security practices, instead of treating them as a compliance burden. As said by lead member of EU Parliament Bart Groothuis on NIS2, "This European directive is going to help around 160,000 entities tighten their grip on security […] It will also enable information sharing with the private sector and partners around the world. If we are being attacked on an industrial scale, we need to respond on an industrial scale."

    Current situation

    Stricter requirements and reporting: Regulations such as NIS2 include provisions for incident response, supply chain security, and encryption and vulnerability disclosure and set tighter cybersecurity obligations for risk management reporting obligations.

    Broader sectors: For example, the original NIS directive covers 19 sectors such as Healthcare, Digital Infrastructure, Transport, and Energy. Meanwhile, the new NIS2 directive increases to 35 sectors by adding other sectors such as providers of public electronic communications networks or services, manufacturing of certain critical products (e.g. pharmaceuticals), food, and digital services.

    High sanctions for violations: For example, Digital Services Act (DSA) includes fines of up to 6% of global turnover and a ban on operating in the EU single market in case of repeated serious breaches.

    Approximately 100 cross-border data flow regulations exist in 2022.

    Source: McKinsey, 2022

    Stricter requirements for payments

    Obligation changes to keep up with emerging threats and technologies

    64 New requirements were added
    A total of 64 requirements have been added to version 4.0 of the PCI DSS.

    13 New requirements become effective March 31, 2024
    The other 51 new requirements are considered best practice until March 31, 2025, at which point they will become effective.

    11 New requirements only for service providers
    11 of the new requirements are applicable only to entities that provide third-party services to merchants.

    Defined roles must be assigned for requirements.

    Focus on periodically assessing and documenting scope.

    Entities may choose a defined approach or a customized approach to requirements.

    An example of new requirements for PCI DSS v4.0

    Source: Prepare for PCI DSS v4.0, Info-Tech

    Use this template to explain the priorities you need your stakeholders to know about.

    Respond to regulatory changes

    Provide a brief value statement for the initiative.

    The compliance obligations are evolving – ensure your security plan has you covered.

    Initiative Description:

    Description must include what organization will undertake to complete the initiative.

    • Identify relevant security and privacy compliance and conformance levels.
    • Identify gaps for updated obligations, and map obligations into control framework.
    • Review, update, and implement policies and strategy.
    • Develop compliance exception process and forms.
    • Develop test scripts.
    • Track status and exceptions

    Drivers:

    List initiative drivers.

    • Pressure of new regulations
    • Governance, risk & compliance (GRC) tool offerings
    • High administrative or criminal penalties of non-compliance

    Risks:

    List initiative risks and impacts.

    • Complex structures and a great number of compliance requirements
    • Restricted budget and lack of skilled workforce for organizations such as local municipalities and small or medium organizations compared to private counterparts
    • Personal liability for some regulations for non-compliance

    Benefits:

    List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

    • Reduces compliance risk.
    • Reduces complexity within the control environment by using a single framework to align multiple compliance regimes.
    • Reduces costs and efforts related to managing IT audits through planning and preparation.

    Related Info-Tech Research:

    Recommended Actions

    1. Identify compliance obligations

    Identify relevant security and privacy obligations and conformance levels.

    Identify gaps for updated obligations, and map obligations into control framework.

    2. Implement compliance strategy

    Review, update, and implement policies and strategy.

    Develop compliance exception process.

    3. Track and report

    Develop test scripts to check your remediations to ensure they are effective.

    Track and report status and exceptions.

    Sources: Build a Security Compliance Program and Prepare for PCI DSS v4.0, Info-Tech

    Identify relevant security and privacy compliance obligations

    Identify obligations

    # Security Jurisdiction
    1 Network and Information Security (NIS2) Directive European Union (EU) and organizations outside the EU that are essential within an EU country
    2 North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) North American electrical utilities
    3 Executive Order (EO) 14028: Improving the Nation's Cybersecurity, The White House, 2021 United States

    #

    		Privacy Jurisdiction
    1 General Data Protection Regulation (GDPR) EU and EU citizens
    2 Personal Information Protection and Electronic Documents Act (PIPEDA) Canada
    3 California Consumer Privacy Act (CCPA) California, USA
    4 Personal Information Protection Law of the People’s Republic of China (PIPL) China

    An example of security and privacy compliance obligations

    How much does it cost to become compliant?

    • It is important to understand the various frameworks and to adhere to the appropriate compliance obligations.
    • Many factors influence the cost of compliance, such as the size of organization, the size of network, and current security readiness.
    • To manage compliance obligations, it is important to use a platform that not only performs internal and external monitoring but also provides third-party vendors (if applicable) with visibility into potential threats in their organization.

    Adopt Next-Generation Cybersecurity Technologies

    PRIORITY 04

    • GOVERNMENTS AND HACKERS ARE RECOGNIZING THE IMPORTANCE OF EMERGING TECHNOLOGIES, SUCH AS ZERO TRUST ARCHITECTURE AND AI-BASED CYBERSECURITY. SO SHOULD YOUR ORGANIZATION.

    Executive summary

    Background

    The cat and mouse game between threat actors and defenders is continuing. The looming question "can defenders do better?" has been answered with rapid development of technology. This includes the automation of threat analysis (signature-based, specification-based, anomaly-based, flow-based, content-based, sandboxing) not only on IT but also on other relevant environments, e.g. IoT, IIoT, and OT based on AI/ML.

    More fundamental approaches such as post-quantum cryptography and zero trust (ZT) are also emerging.
    ZT is a principle, a model, and also an architecture focused on resource protection by always verifying transactions using the least privilege principle. Hopefully in 2023, ZT will be more practical and not just a vendor marketing buzzword.

    Next-gen cybersecurity technologies alone are not a silver bullet. A combination of skilled talent, useful data, and best practices will give a competitive advantage. The key concepts are explainable, transparent, and trustworthy. Furthermore, regulation often faces challenges to keep up with next-gen cybersecurity technologies, especially with the implications and risks of adoption, which may not always be explicit.

    Current situation

    ZT: Performing an accurate assessment of readiness and benefits to adopt ZT can be difficult due to ZT's many components. Thus, an organization needs to develop a ZT roadmap that aligns with organizational goals and focuses on access to data, assets, applications, and services; don't select solutions or vendors too early.

    Post-quantum cryptography: Current cryptographic applications, such as RSA for PKI, rely on factorization. However, algorithms such as Shor's show quantum speedup for factorization, which can break current crypto when sufficient quantum computing devices are available. Thus, threat actors can intercept current encrypted information and store it to decrypt in the future.

    AI-based threat management: AI helps in analyzing and correlating data extremely fast compared to humans. Millions of telemetries, malware samples, raw events, and vulnerability data feed into the AI system, which humans cannot process manually. Furthermore, AI does not get tired in processing this big data, thus avoiding human error and negligence.

    Data breach mitigation cost without AI: USD 6.20 million; and with AI: USD 3.15 million

    Source: IBM, 2022

    Traditional security is not working

    Alert Fatigue

    Too many false alarms and too many events to process. Evolving threat landscapes waste your analysts' valuable time on mundane tasks, such as evidence collection. Meanwhile, only limited time is spared for decisions and conclusions, which results in the fear of missing an incident and alert fatigue.

    Lack of Insight

    To report progress, clear metrics are needed. However, cybersecurity still lacks in this area as the system itself is complex and some systems work in silos. Furthermore, lessons learned are not yet distilled into insights for improving future accuracy.

    Lack of Visibility

    System integration is required to create consistent workflows across the organization and to ensure complete visibility of the threat landscape, risks, and assets. Also, the convergence of OT, IoT, and IT enhances this challenge.

    Source: IBM Security Intelligence, 2020

    A business case for AI-based cybersecurity

    Threat management

    Prevention

    Risk scores are generated by machine learning based on variables such as behavioral patterns and geolocation. Zero trust architecture is combined with machine learning. Asset management leverages visibility using machine learning. Comply with regulations by improving discovery, classification, and protection of data using machine learning. Data security and data privacy services use machine learning for data discovery.

    Detection

    AI, advanced machine learning, and static approaches, such as code file analysis, combine to automatically detect and analyze threats and prevent threats from spreading, assisted by threat intelligence.

    Response

    AI helps in orchestrating security technologies for organizations to reduce the number of security agents installed, which may not talk to each other or, worse, may conflict with each other.

    Recovery

    AI continuously tunes based on lessons learned, such as creating security policies for improving future accuracy. AI also does not get fatigue, and it assists humans in a faster recovery.

    Prevention; Detection; Response; Recovery

    AI has been around since the 1940s, but why is it only gaining traction now? Because supporting technologies are only now available, including faster GPUs for complex computations and cheaper storage for massive volumes of data.

    Use this template to explain the priorities you need your stakeholders to know about.

    Adopt next-gen cybersecurity technologies

    Use this template to explain the priorities you need your stakeholders to know about.

    Develop a practical roadmap that shows the business value of next-gen cybersecurity technologies investment.

    Initiative Description:

    Description must include what organization will undertake to complete the initiative.

    • Identify the stakeholders who will be affected by the next-gen cybersecurity technologies implementation and define responsibilities based on skillsets and the degree of support.
    • Adopt well-established data governance practices for cross-functional teams.
    • Conduct a maturity assessment of key processes and highlight interdependencies.
    • Develop a baseline and periodically review risks, policies and procedures, and business plan.
    • Develop a roadmap and deploy next-gen cybersecurity architecture and controls step by step, working with trusted technology partners.
    • Monitor metrics on effectiveness and efficiency.

    Drivers:

    List initiative drivers.

    • Pressure of attacks by sophisticated threat actors
    • Next-gen cybersecurity technologies tool offerings
    • High cost of traditional security, e.g. longer breach lifecycle

    Risks:

    List initiative risks and impacts.

    • Lack of transparency of the model or bias, leading to non-compliance with policies/regulations
    • Risks related with data quality and inadequate data for model training
    • Adversarial attacks, including, but not limited to, adversarial input and model extraction

    Benefits:

    List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

    • Reduces the number of alerts, thus reduces alert fatigue.
    • Increases the identification of unknown threats.
    • Leads to faster detection and response.
    • Closes skills gap and increases productivity.

    Related Info-Tech Research:

    Recommended Actions

    1. People

    Identify the stakeholders who will be affected by the next-gen cybersecurity technologies implementation and define responsibilities based on skillsets and the degree of support.

    Adopt well-established data governance practices for cross-functional teams.

    2. Process

    Conduct a maturity assessment of key processes and highlight interdependencies.

    Develop a baseline and periodically review risks, policies and procedures, and business plan.

    3. Technology

    Develop a roadmap and deploy next-gen cybersecurity architecture and controls step by step, working with trusted technology partners.

    Monitor metrics on effectiveness and efficiency.

    Source: Leverage AI in Threat Management (keynote presentation), Info-Tech

    Secure Services and Applications

    PRIORITY 05

    • APIS ARE STILL THE #1 THREAT TO APPLICATION SECURITY.

    Executive summary

    Background

    Software is usually produced as part of a supply chain instead of in silos. A vulnerability in any part of the supply chain can become a threat surface. We have learned this from recent incidents such as Log4j, SolarWinds, and Kaseya where attackers compromised a Virtual System Administrator tool used by managed service providers to attack around 1,500 organizations.

    DevSecOps is a culture and philosophy that unifies development, security, and operations to answer this challenge. DevSecOps shifts security left by automating, as much as possible, development and testing. DevSecOps provides many benefits such as rapid development of secure software and assurance that, prior to formal release and delivery, tests are reliably performed and passed.

    DevSecOps practices can apply to IT, OT, IoT, and other technology environments, for example, by integrating a Secure Software Development Framework (SSDF).

    Current situation

    Secure Software Supply Chain: Logging is a fundamental feature of most software, and recently the use of software components, especially open source, are based on trust. From the Log4j incident we learned that more could be done to improve the supply chain by adopting ZT to identify related components and data flows between systems and to apply the least privilege principle.

    DevSecOps: A software error wiped out wireless services for thousands of Rogers customers across Canada in 2021. Emergency services were also impacted, even though outgoing 911 calls were always accessible. Losing such services could have been avoided, if tests were reliably performed and passed prior to release.

    OT insecure-by-design: In OT, insecurity-by-design is still a norm, which causes many vulnerabilities such as insecure protocols implementation, weak authentication schemes, or insecure firmware updates. Additional challenges are the lack of CVEs or CVE duplication, the lack of Software Bill of Materials (SBOM), and product supply chains issues such as vulnerable products that are certified because of the scoping limitation and emphasis on functional testing.

    Technical causes of cybersecurity incidents in EU critical service providers in 2019-2021 shows: software bug (12%) and faulty software changes/update (9%).

    Source: CIRAS Incident reporting, ENISA (N=1,239)

    Software development keeps evolving

    DOD Maturation of Software Development Best Practices

    Best Practices 30 Years Ago 15 Years Ago Present Day
    Lifecycle Years or Months Months or Weeks Weeks or Days
    Development Process Waterfall Agile DevSecOps
    Architecture Monolithic N-Tier Microservices
    Deployment & Packaging Physical Virtual Container
    Hosting Infrastructure Server Data Center Cloud
    Cybersecurity Posture Firewall + SIEM + Zero Trust

    Best practices in software development are evolving as shown on the diagram to the left. For example, 30 years ago the lifecycle was "Years or Months," while in the present day it is "Weeks or Days."

    These changes also impact security such as the software architecture, which is no longer "Monolithic" but "Microservices" normally built within the supply chain.

    The software supply chain has known integrity attacks that can happen on each part of it. Starting from bad code submitted by a developer, to compromised source control platform (e.g. PHP git server compromised), to compromised build platform (e.g. malicious behavior injected on SolarWinds build), to a compromised package repository where users are deceived into using the bad package by the similarity between the malicious and the original package name.

    Therefore, we must secure each part of the link to avoid attacks on the weakest link.

    Software supply chain guidance

    Secure each part of the link to avoid attacks on the weakest link.

    Guide for Developers

    Guide for Suppliers

    		 Guide for Customers

    Secure product criteria and management, develop secure code, verify third-party components, harden build environment, and deliver code.

    Define criteria for software security checks, protect software, produce well-secured software, and respond to vulnerabilities.

    Secure procurement and acquisition, secure deployment, and secure software operations.

    Source: "Securing the Software Supply Chain" series, Enduring Security Framework (ESF), 2022

    "Most software today relies on one or more third-party components, yet organizations often have little or no visibility into and understanding of how these software components are developed, integrated, and deployed, as well as the practices used to ensure the components' security."

    Source: NIST – NCCoE, 2022

    Use this template to explain the priorities you need your stakeholders to know about.

    Secure services and applications

    Provide a brief value statement for the initiative.

    Adopt recommended practices for securing the software supply chain.

    Initiative Description:

    Description must include what organization will undertake to complete the initiative.

    • Define and keep security requirements and risk assessments up to date.
    • Require visibility into provenance of product, and require suppliers' self-attestation of security hygiene.
    • Verify distribution infrastructure, product and individual components integrity, and SBOM.
    • Use multi-layered defenses, e.g. ZT for integration and control configuration.
    • Train users on how to detect and report anomalies and when to apply updates to a system.
    • Ensure updates from authorized and authenticated sources and verify the integrity of the updated SBOM.

    Drivers:

    List initiative drivers.

    • Cyberattacks exploit the vulnerabilities of weak software supply chain
    • Increased need to enhance software supply chain security, e.g. under the White House Executive Order (EO) 14028
    • OT insecure-by-design hinders OT modernization

    Risks:

    List initiative risks and impacts.

    Only a few developers and suppliers explicitly address software security in detail.

    Time pressure to deliver functionality over security.

    Lack of security awareness and lack of trained workforce.

    Benefits:

    List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

    Customers (acquiring organizations) achieve secure acquisition, deployment, and operation of software.

    Developers and suppliers provide software security with minimal vulnerabilities in its releases.

    Automated processes such as automated testing avoid error-prone and labor-intensive manual test cases.

    Related Info-Tech Research:

    Recommended Actions

    1. Procurement and Acquisition

    Define and keep security requirements and risk assessments up to date.

    Perform analysis on current market and supplier solutions and acquire security evaluation.

    Require visibility into provenance of product, and require suppliers' self-attestation of security hygiene

    2. Deployment

    Verify distribution infrastructure, product and individual components integrity, and SBOM.

    Save and store the tests and test environment and review and verify the
    self-attestation mechanism.

    Use multi-layered defenses, e.g. ZT for integration and control configuration.

    3. Software Operations

    Train users on how to detect and report anomalies and when to apply updates to a system.

    Ensure updates from authorized and authenticated sources and verify the integrity of the updated SBOM.

    Apply supply chain risk management (SCRM) operations.

    Source: "Securing the Software Supply Chain" series, Enduring Security Framework (ESF), 2022

    Bibliography

    Aksoy, Cevat Giray, Jose Maria Barrero, Nicholas Bloom, Steven J. Davis, Mathias Dolls, and Pablo Zarate. "Working from Home Around the World." Brookings Papers on Economic Activity, 2022.
    Barrero, Jose Maria, Nicholas Bloom, and Steven J. Davis. "Why working from home will stick." WFH Research, National Bureau of Economic Research, Working Paper 28731, 2021.
    Boehm, Jim, Dennis Dias, Charlie Lewis, Kathleen Li, and Daniel Wallance. "Cybersecurity trends: Looking over the horizon." McKinsey & Company, March 2022. Accessed
    31 Oct. 2022.
    "China: TC260 issues list of national standards supporting implementation of PIPL." OneTrust, 8 Nov. 2022. Accessed 17 Nov. 2022.
    Chmielewski, Stéphane. "What is the potential of artificial intelligence to improve cybersecurity posture?" before.ai blog, 7 Aug. 2022. Accessed 15 Aug. 2022.
    Conerly, Bill. "The Recession Will Begin Late 2023 Or Early 2024." Forbes, 1 Nov. 2022. Accessed 8 Nov. 2022.
    "Control System Defense: Know the Opponent." CISA, 22 Sep. 2022. Accessed 17 Nov. 2022.
    "Cost of a Data Breach Report 2022." IBM, 2022.
    "Cybersecurity: Parliament adopts new law to strengthen EU-wide resilience." European Parliament News, 10 Nov. 2022. Press Release.
    "Cyber Security in Critical National Infrastructure Organisations: 2022." Bridewell, 2022. Accessed 7 Nov. 2022.
    Davis, Steven. "The Big Shift to Working from Home." NBER Macro Annual Session On
    "The Future of Work," 1 April 2022.
    "Digital Services Act: EU's landmark rules for online platforms enter into force."
    EU Commission, 16 Nov. 2022. Accessed 16 Nov. 2022.
    "DoD Enterprise DevSecOps Fundamentals." DoD CIO, 12 May 2022. Accessed 21 Nov. 2022.
    Elkin, Elizabeth, and Deena Shanker. "That Cream Cheese Shortage You Heard About? Cyberattacks Played a Part." Bloomberg, 09 Dec. 2021. Accessed 27 Oct. 2022.
    Evan, Pete. "What happened at Rogers? Day-long outage is over, but questions remain." CBC News, 21 April 2022. Accessed 15 Nov. 2022.
    "Fewer Ransomware Victims Pay, as Median Ransom Falls in Q2 2022." Coveware,
    28 July 2022. Accessed 18 Nov. 2022.
    "Fighting cybercrime: new EU cybersecurity laws explained." EU Commission, 10 Nov. 2022. Accessed 16 Nov. 2022.
    "Guide to PCI compliance cost." Vanta. Accessed 18 Nov. 2022.
    Hammond, Susannah, and Mike Cowan. "Cost of Compliance 2022: Competing priorities." Thomson Reuters, 2022. Accessed 18 Nov. 2022.
    Hemsley, Kevin, and Ronald Fisher. "History of Industrial Control System Cyber Incidents." Department of Energy (DOE), 2018. Accessed 29 Aug. 2022.
    Hofmann, Sarah. "What Is The NIS2 And How Will It Impact Your Organisation?" CyberPilot,
    5 Aug. 2022. Accessed 16 Nov. 2022.
    "Incident reporting." CIRAS Incident Reporting, ENISA. Accessed 21 Nov. 2022.
    "Introducing SLSA, an End-to-End Framework for Supply Chain Integrity." Google,
    16 June 2021. Accessed 25 Nov. 2022.
    Kovacs, Eduard. "Trains Vulnerable to Hacker Attacks: Researchers." SecurityWeek, 29 Dec. 2015. Accessed 15 Nov. 2022.
    "Labour Force Survey, October 2022." Statistics Canada, 4 Nov. 2022. Accessed 7 Nov. 2022.
    Malacco, Victor. "Promises and potential of automated milking systems." Michigan State University Extension, 28 Feb. 2022. Accessed 15 Nov. 2022.
    Maxim, Merritt, et al. "Planning Guide 2023: Security & Risk." Forrester, 23 Aug. 2022. Accessed 31 Oct. 2022.
    "National Cyber Threat Assessment 2023-2024." Canadian Centre for Cyber Security, 2022. Accessed 18 Nov. 2022.
    Nicaise, Vincent. "EU NIS2 Directive: what's changing?" Stormshield, 20 Oct. 2022. Accessed
    17 Nov. 2022.
    O'Neill, Patrick. "Russia hacked an American satellite company one hour before the Ukraine invasion." MIT Technology Review, 10 May 2022. Accessed 26 Aug. 2022.
    "OT ICEFALL: The legacy of 'insecure by design' and its implications for certifications and risk management." Forescout, 2022. Accessed 21 Nov. 2022.
    Palmer, Danny. "Your cybersecurity staff are burned out - and many have thought about quitting." ZDNet, 8 Aug. 2022. Accessed 19 Aug. 2022.
    Placek, Martin. "Industrial Internet of Things (IIoT) market size worldwide from 2020 to 2028 (in billion U.S. dollars)." Statista, 14 March 2022. Accessed 15 Nov. 2022.
    "Revised Proposal Attachment 5.13.N.1 ADMS Business Case PUBLIC." Ausgrid, Jan. 2019. Accessed 15 Nov. 2022.
    Richter, Felix. "Cloudy With a Chance of Recession." Statista, 6 April 2022. Web.
    "Securing the Software Supply Chain: Recommended Practices Guide for Developers." Enduring Security Framework (ESF), Aug. 2022. Accessed 22 Sep. 2022.
    "Securing the Software Supply Chain: Recommended Practices Guide for Suppliers." Enduring Security Framework (ESF), Sep. 2022. Accessed 21 Nov. 2022.
    "Securing the Software Supply Chain: Recommended Practices Guide for Customers." Enduring Security Framework (ESF), Oct. 2022. Accessed 21 Nov. 2022.
    "Security Guidelines for the Electricity Sector: Control System Electronic Connectivity."
    North American Electric Reliability Corporation (NERC), 28 Oct. 2013. Accessed 25 Nov. 2022.
    Shepel, Jan. "Schreiber Foods hit with cyberattack; plants closed." Wisconsin State Farmer,
    26 Oct. 2022. Accessed 15 Nov. 2022.
    "Significant Cyber Incidents." Center for Strategic and International Studies (CSIS). Accessed
    1 Sep. 2022.
    Souppaya, Murugiah, Michael Ogata, Paul Watrobski, and Karen Scarfone. "Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps." NIST - National Cybersecurity Center of Excellence (NCCoE), Nov. 2022. Accessed
    22 Nov. 2022.
    "Ten Things Will Change Cybersecurity in 2023." SOCRadar, 23 Sep. 2022. Accessed
    31 Oct. 2022.
    "The Nature of Cybersecurity Defense: Pentagon To Reveal Updated Zero-Trust Cybersecurity Strategy & Guidelines." Cybersecurity Insiders. Accessed 21 Nov. 2022.
    What Is Threat Management? Common Challenges and Best Practices." IBM Security Intelligence, 2020.
    Woolf, Tim, et al. "Benefit-Cost Analysis for Utility-Facing Grid Modernization Investments: Trends, Challenges, and Considerations." Lawrence Berkeley National Laboratory, Feb. 2021. Accessed 15 Nov. 2022.
    Violino, Bob. "5 key considerations for your 2023 cybersecurity budget planning." CSO Online,
    14 July 2022. Accessed 27 Oct. 2022

    Research Contributors and Experts

    Andrew Reese
    Cybersecurity Practice Lead
    Zones

    Ashok Rutthan
    Chief Information Security Officer (CISO)
    Massmart

    Chris Weedall
    Chief Information Security Officer (CISO)
    Cheshire East Council

    Jeff Kramer
    EVP Digital Transformation and Cybersecurity
    Aprio

    Kris Arthur
    Chief Information Security Officer (CISO)
    SEKO Logistics

    Mike Toland
    Chief Information Security Officer (CISO)
    Mutual Benefit Group

    Manage Service Catalogs

    • Buy Link or Shortcode: {j2store}44|cart{/j2store}
    • Related Products: {j2store}44|crosssells{/j2store}
    • member rating overall impact: 9.0/10
    • member rating average dollars saved: $3,956
    • member rating average days saved: 24
    • Parent Category Name: Service Planning and Architecture
    • Parent Category Link: /service-planning-and-architecture
    • byline: Design and build a customer-facing service catalog.

    The challenge

    • Your business users may not be aware of the full scope of your services.
    • Typically service information is written in technical jargon. For business users, this means that the information will be tough to understand.
    • Without a service catalog, you have no agreement o what is available, so business will assume that everything is.

    Our advice

    Insight

    • Define your services from a user's or customer perspective.
      • When your service catalog contains too much information that does not apply to most users, they will not use it.
    • Separate the line-of-business services from enterprise services. It simplifies your documentation process and makes the service catalog more comfortable to use.

    Impact and results 

    • Our approach helps you organize your service catalog in a business-friendly way while keeping it manageable for IT.
    • And manageable also means that your service catalog remains a living document. You can update your service records easily.
    • Your service catalog forms a visible bridge between IT and the business. Improve IT's perception by communicating the benefits of the service catalog.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why building a service catalog is a good idea for your company. We'll show you our methodology and the ways we can help you in handling this.

    Minimize the risks from attrition through an effective knowledge transfer process.

    Launch the initiative

    Our launch phase will walk you through the charter template, build help a balanced team, create your change message and communication plan to obtain buy-in from all your organization's stakeholders.

    • Design & Build a User-Facing Service Catalog – Phase 1: Launch the Project (ppt)
    • Service Catalog Project Charter (doc)

    Identify and define the enterprise services

    Group enterprise services which you offer to everyone in the company, logically together.

    • Design & Build a User-Facing Service Catalog – Phase 2: Identify and Define Enterprise Services (ppt)
    • Sample Enterprise Services (ppt)

    Identify and define your line-of-business (LOB) services

    These services apply only to one business line. Other business users should not see them in the catalog.

    • Design & Build a User-Facing Service Catalog – Phase 3: Identify and Define Line of Business Services (ppt)
    • Sample LOB Services – Industry Specific (ppt)
    • Sample LOB Services – Functional Group (ppt)

    Complete your services definition chart

    Complete this chart to allow the business to pick what services to include in the service catalog. It also allows you to extend the catalog with technical services by including IT-facing services. Of course, separated-out only for IT.

    • Design & Build a User-Facing Service Catalog – Phase 4: Complete Service Definitions (ppt)
    • Services Definition Chart (xls)

    Secure Operations in High-Risk Jurisdictions

    • Buy Link or Shortcode: {j2store}369|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting

    Business operations in high-risk areas of the world contend with complex threat environments and risk scenarios that often require a unique response. But traditional approaches to security strategy often miss these jurisdictional risks, leaving organizations vulnerable to threats that range from cybercrime and data breaches to fines and penalties.

    Security leaders need to identify high-risk jurisdictions, inventory critical assets, identify vulnerabilities, assess risks, and identify security controls necessary to mitigate those risks.

    Secure operations and protect critical assets in high-risk regions

    Across risks that include insider threats and commercial surveillance, the two greatest vulnerabilities that organizations face in high-risk parts of the world are travel and compliance. Organizations can make small adjustments to their security program to address these risks:

    1. Support high-risk travel: Put measures and guidelines in place to protect personnel, data, and devices before, during, and after employee travel.
    2. Mitigate compliance risk: Consider data residency requirements, data breach notification, cross-border data transfer, and third-party risks to support business growth.

    Using these two prevalent risk scenarios in high-risk jurisdictions as examples, this research walks you through the steps to analyze the threat landscape, assess security risks, and execute a response to mitigate them.

    Secure Operations in High-Risk Jurisdictions Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Secure Operations in High-Risk Jurisdictions – A step-by-step approach to mitigating jurisdictional security and privacy risks.

    Traditional approaches to security strategy often miss jurisdictional risks. Use this storyboard to make small adjustments to your security program to mitigate security risks in high-risk jurisdictions.

    • Secure Operations in High-Risk Jurisdictions – Phases 1-3

    2. Jurisdictional Risk Register and Heat Map Tool – A tool to inventory, assess, and treat jurisdictional risks.

    Use this tool to track jurisdictional risks, assess the exposure of critical assets, and identify mitigation controls. Use the geographic heatmap to communicate inherent jurisdictional risk with key stakeholders.

    • Jurisdictional Risk Register and Heat Map Tool

    3. Guidelines for Key Jurisdictional Risk Scenarios – Two structured templates to help you develop guidelines for two key jurisdictional risk scenarios: high-risk travel and compliance risk

    Use these two templates to develop help you develop your own guidelines for key jurisdictional risk scenarios. The guidelines address high-risk travel and compliance risk.

    • Digital Safety Guidelines for International Travel
    • Guidelines for Compliance With Local Security and Privacy Laws Template

    Infographic

    Workshop: Secure Operations in High-Risk Jurisdictions

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Context for Risk Assessment

    The Purpose

    Assess business requirements and evaluate security pressures to set the context for the security risk assessment.

    Key Benefits Achieved

    Understand the goals of the organization in high-risk jurisdictions.

    Assess the threats to critical assets in these jurisdictions and capture stakeholder expectations for information security.

    Activities

    1.1 Determine assessment scope.

    1.2 Determine business goals.

    1.3 Determine compliance obligations.

    1.4 Determine risk appetite.

    1.5 Conduct pressure analysis.

    Outputs

    Business requirements

    Security pressure analysis

    2 Analyze Key Risk Scenarios for High-Risk Jurisdictions

    The Purpose

    Build key risk scenarios for high-risk jurisdictions.

    Key Benefits Achieved

    Identify critical assets in high-risk jurisdictions, their vulnerabilities to relevant threats, and the adverse impact should malicious agents exploit them.

    Assess risk exposure of critical assets in high-risk jurisdictions.

    Activities

    2.1 Identify critical assets.

    2.2 Identify threats.

    2.3 Assess risk likelihood.

    2.4 Assess risk impact.

    Outputs

    Key risk scenarios

    Jurisdictional risk exposure

    Jurisdictional Risk Register and Heat Map

    3 Build Risk Treatment Roadmap

    The Purpose

    Prioritize and treat jurisdictional risks to critical assets.

    Key Benefits Achieved

    Build an initiative roadmap to reduce residual risks in high-risk jurisdictions.

    Activities

    3.1 Identify and assess risk response.

    3.2 Assess residual risks.

    3.3 Identify security controls.

    3.4 Build initiative roadmap.

    Outputs

    Action plan to mitigate key risk scenarios

    Further reading

    Secure Operations in High-Risk Jurisdictions

    Assessments often omit jurisdictional risks. Are your assets exposed?

    EXECUTIVE BRIEF

    Analyst Perspective

    Operations in high-risk jurisdictions face unique security scenarios.

    The image contains a picture of Michel Hebert.

    Michel Hébert

    Research Director

    Security and Privacy

    Info-Tech Research Group


    The image contains a picture of Alan Tang.

    Alan Tang

    Principal Research Director

    Security and Privacy

    Info-Tech Research Group


    Traditional approaches to security strategies may miss key risk scenarios that critical assets face in high-risk jurisdictions. These include high-risk travel, heightened insider threats, advanced persistent threats, and complex compliance environments. Most organizations have security strategies and risk management practices in place, but securing global operations requires its own effort. Assess the security risk that global operations pose to critical assets. Consider the unique assets, threats, and vulnerabilities that come with operations in high-risk jurisdictions. Focus on the business activities you support and integrate your insights with existing risk management practices to ensure the controls you propose get the visibility they need. Your goal is to build a plan that mitigates the unique security risks that global operations pose and secures critical assets in high-risk areas. Don’t leave security to chance.

    Executive Summary

    Your Challenge

    • Security leaders who support operations in many countries struggle to mitigate security risks to critical assets. Operations in high-risk jurisdictions contend with complex threat environments and security risk scenarios that often require a unique response.
    • Security leaders need to identify critical assets, assess vulnerabilities, catalog threats, and identify the security controls necessary to mitigate related operational risks.

    Common Obstacles

    • Securing operations in high-risk jurisdictions requires additional due diligence. Each jurisdiction involves a different risk context, which complicates efforts to identify, assess, and mitigate security risks to critical assets.
    • Security leaders need to engage the organization with the right questions and identify high-risk vulnerabilities and security risk scenarios to help stakeholders make an informed decision about how to assess and treat the security risks they face in high-risk jurisdictions.

    Info-Tech’s Approach

    Info-Tech has developed an effective approach to protecting critical assets in high-risk jurisdictions.

    This approach includes tools for:

    • Evaluating the security context of your organization’s high-risk jurisdictions.
    • Identifying security risk scenarios unique to high-risk jurisdictions and assessing the exposure of critical assets.
    • Planning and executing a response.

    Info-Tech Insight

    Organizations with global operations must contend with a more diverse set of assets, threats, and vulnerabilities when they operate in high-risk jurisdictions. Security leaders need to take additional steps to secure operations and protect critical assets.

    Business operations in high-risk jurisdictions face a more complex security landscape

    Information security risks to business operations vary widely by region.

    The 2022 Allianz Risk Barometer surveyed 2,650 business risk specialists in 89 countries to identify the most important risks to operations. The report identified cybercrime, IT failures, outages, data breaches, fines, and penalties as the most important global business risks in 2022, but their results varied widely by region. The standout finding of the 2022 Allianz Risk Barometer is the return of security risks as the most important threat to business operations. Security risks will continue to be acute beyond 2022, especially in Africa, the Middle East, Europe, and the Asia-Pacific region, where they will dwarf risks of supply chain interruptions, natural catastrophe, and climate change.

    Global operations in high-risk jurisdictions contend with more diverse threats. These security risk scenarios are not captured in traditional security strategies.

    The image contains a picture of the world map that has certain areas of the map highlighted in various shades of blue based on higher security-related business risks.

    Figures represent the number of cybersecurity risks business risk specialists selected as a percentage of all business risks (Allianz, 2022). Higher scores indicate jurisdictions with higher security-related business risks. Jurisdictions without data are in grey.

    Different jurisdictions’ commitment to cybersecurity also varies widely, which increases security risks further

    The Global Cybersecurity Index (GCI) provides insight into the commitment of different countries to cybersecurity.

    The index assesses a country’s legal framework to identify basic requirements that public and private stakeholders must uphold and the legal instruments prohibiting harmful actions.

    The 2020 GCI results show overall improvement and strengthening of the cybersecurity agenda globally, but significant regional gaps persist. Of the 194 countries surveyed:

    • 33% had no data protection legislation.
    • 47% had no breach notification measures in place.
    • 50% had no legislation on the theft of personal information.
    • 19% still had no legislation on illegal access.

    Not every jurisdiction has the same commitment to cybersecurity. Protecting critical assets in high-risk jurisdictions requires additional due diligence.

    The image contains a picture of the world map that has certain areas of the map highlighted in various shades of blue based on scores in relation to the Global Security Index.

    The diagram sets out the score and rank for each country that took part in the Global Cybersecurity Index (ITU, 2021)

    Higher scores show jurisdictions with a lower rank on the CGI, which implies greater risk. Jurisdictions without data are in grey.

    Securing critical assets in high-risk jurisdictions requires additional effort

    Traditional approaches to security strategy may miss these key risk scenarios.

    As a result, security leaders who support operations in many countries need to take additional steps to mitigate security risks to critical assets.

    Guide stakeholders to make informed decisions about how to assess and treat the security risks and secure operations.

    • Engage the organization with the right questions.
    • Identify critical assets and assess vulnerabilities.
    • Catalogue threats and build risk scenarios.
    • Identify the security controls necessary to mitigate risks.

    Work with your organization to analyze the threat landscape, assess security risks unique to high-risk jurisdictions, and execute a response to mitigate them.

    This project blueprint works through this process using the two most prevalent risk scenarios in high-risk jurisdictions: high-risk travel and compliance risk.

    Key Risk Scenarios

    • High-Risk Travel
    • Compliance Risk
    • Insider Threat
    • Advanced Persistent Threat
    • Commercial Surveillance
    The image contains a screenshot of an Info-Tech thought model regarding secure global operations in high-risk jurisdictions.

    Travel risk is the first scenario we use as an example throughout the blueprint

    • This project blueprint outlines a process to identify, assess, and mitigate key risk scenarios in high-risk jurisdictions. We use two common key risk scenarios as examples throughout the deck to illustrate how you create and assess your own scenarios.
    • Supporting high-risk travel is the first scenario we will study in-depth as an example. Business growth, service delivery, and mergers and acquisitions can lead end users to travel to high-risk jurisdictions where staff, devices, and data are at risk.
    • Compromised or stolen devices can provide threat actors with access to data that could compromise the organization’s strategic, economic, or competitive advantage or expose the organization to regulatory risk.

    The project blueprint includes template guidance in Phase 3 to help you build and deploy your own travel guidelines to protect critical assets and support end users before they leave, during their trip, and when they return.

    Before you leave

    • Identify high-risk countries.
    • Enable controls.
    • Limit what you pack.

    During your trip

    • Assume you are monitored.
    • Limit access to systems.
    • Prevent theft.

    When you return

    • Change your password.
    • Restore your devices.

    Compliance risk is the second scenario we use as an example

    • Mitigating compliance risk is the second scenario we will study as an example in this blueprint. The legal and regulatory landscape is evolving rapidly to keep step with the pace of technological change. Security and privacy leaders are expected to mitigate the risk of noncompliance as the organization expands to new jurisdictions.
    • Later sections will show how to think through at least four compliance risks, including:
      • Cross-border data transfer
      • Third-party risk management
      • Data breach notification
      • Data residency

    The project blueprint includes template guidance in Phase 3 to help you deploy your own compliance governance controls as a risk mitigation measure.

    Secure Operations in High-Risk Jurisdictions: Info-Tech’s methodology

    1. Identify Context

    2. Assess Risks

    3. Execute Response

    Phase Steps

    1. Assess business requirements
    2. Evaluate security pressures
    1. Identify risks
    2. Assess risk exposure
    1. Treat security risks
    2. Build initiative roadmap

    Phase Outcomes

    • Internal security pressures that capture the governance, policies, practices, and risk tolerance of the organization
    • External security pressures that capture the expectations of customers, regulators, legislators, and business partners
    • A heatmap that captures not only the global exposure of your critical assets but also the business processes they support
    • A security risk register to allow for the easy transfer of critical assets’ global security risk data to your organization’s enterprise risk management practice
    • A roadmap of prioritized initiatives to apply relevant controls and secure global assets
    • A set of key risk indicators to monitor and report your progress

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Business Security Requirements

    Identify the context for the global security risk assessment, including risk appetite and risk tolerance.

    Jurisdictional Risk Register and Heatmap

    Identify critical global assets and the threats they face in high-risk jurisdictions and assess exposure.

    Mitigation Plan

    Roadmap of initiatives and security controls to mitigate global risks to critical assets. Tools and templates to address key security risk scenarios.

    Key deliverable:

    Jurisdictional Risk Register and Heatmap

    Use the Jurisdictional Risk Register and Heatmap Tool to capture information security risks to critical assets in high-risk jurisdictions. The tool generates a world chart that illustrates the risks global operations face to help you engage the business and execute a response.

    Blueprint benefits

    Protect critical assets in high-risk jurisdictions

    IT Benefits

    Assess and remediate information security risk to critical assets in high-risk jurisdictions.

    Easily integrate your risk assessment with enterprise risk assessments to improve communication with the business.

    Illustrate key information security risk scenarios to make the case for action in terms the business understands.

    Business Benefits

    Develop mitigation plans to protect staff, devices, and data in high-risk jurisdictions.

    Support business growth in high-risk jurisdictions without compromising critical assets.

    Mitigate compliance risk to protect your organization’s reputation, avoid fines, and ensure business continuity.

    Quantify the impact of securing global operations

    The tool included with this blueprint can help you measure the impact of implementing the research

    • Use the Jurisdictional Risk Register and Heatmap Tool to describe the key risk scenarios you face, assess their likelihood and impact, and estimate the cost of mitigating measures. Working through the project in this way will help you quantify the impact of securing global operations.
    The image contains a screenshot of Info-Tech's Jurisdictional Risk Register and Heatmap Tool. The image contains a screenshot of the High-Risk Travel Jurisdiction.

    Establish Baseline Metrics

    • Review existing information security and risk management metrics and the output of the tools included with the blueprint.
    • Identify metrics to measure the impact of your risk management efforts. Focus specifically on high-risk jurisdictions.
    • Compare your results with those in your overall security and risk management program.

    ID

    Metric

    Why is this metric valuable?

    How do I calculate it?

    1.

    Overall Exposure – High-Risk Jurisdictions

    Illustrates the overall exposure of critical assets in high-risk jurisdictions.

    Use the Jurisdictional Risk Register and Heatmap Tool. Calculate the impact times the probability rating for each risk. Take the average.

    2.

    # Risks Identified – High-Risk Jurisdictions

    Informs risk tolerance assessments.

    Use the Jurisdictional Risk Register and Heatmap Tool.

    3.

    # Risks Treated – High-Risk Jurisdictions

    Informs residual risk assessments.

    Use the Jurisdictional Risk Register and Heatmap Tool.

    4.

    Mitigation Cost – High-Risk Jurisdictions

    Informs cost-benefit analysis to determine program effectiveness.

    Use the Jurisdictional Risk Register and Heatmap Tool.

    5.

    # Security Incidents – High-Risk Jurisdictions

    Informs incident trend calculations to determine program effectiveness.

    Draw the information from your service desk or IT service management tool.

    6.

    Incident Remediation Cost – High-Risk Jurisdictions

    Informs cost-benefit analysis to determine program effectiveness.

    Estimate based on cost and effort, including direct and indirect cost such as business disruptions, administrative finds, reputational damage, etc.

    7.

    TRENDS: Program Effectiveness – High-Risk Jurisdictions

    # of security incidents over time. Remediation : Mitigation costs over time

    Calculate based on metrics 5 to 7.

    Info-Tech offers various levels of support to best suit your needs.

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Call #1: Scope project requirements, determine assessment scope, and discuss challenges.

    Phase 2

    Call #2: Conduct initial risk assessment and determine risk tolerance.

    Call #3: Evaluate security pressures in high-risk jurisdictions.

    Call #4: Identify risks in high-risk jurisdictions.

    Call #5: Assess risk exposure.

    Phase 3

    Call #6: Treat security risks in high-risk jurisdictions.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Days 1

    Days 2-3

    Day 4

    Day 5

    Identify Context

    Key Risk Scenarios

    Build Roadmap

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1.1 Determine assessment scope.

    1.1.2 Determine business goals.

    1.1.3 Identify compliance obligations.

    1.2.1 Determine risk appetite.

    1.2.2 Conduct pressure analysis.

    2.1.1 Identify assets.

    2.1.2 Identify threats.

    2.2.1 Assess risk likelihood.

    2.2.2 Assess risk impact.

    3.1.1 Identify and assess risk response.

    3.1.2 Assess residual risks.

    3.2.1 Identify security controls.

    3.2.2 Build initiative roadmap.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Business requirements for security risk assessment
    2. Identification of high-risk jurisdictions
    3. Security threat landscape for high-risk jurisdictions
    1. Inventory of relevant threats, critical assets, and their vulnerabilities
    2. Assessment of adverse effects should threat agents exploit vulnerabilities
    3. Risk register with key risk scenarios and heatmap of high-risk jurisdictions
    1. Action plan to mitigate key risk scenarios
    2. Investment and implementation roadmap
    1. Completed information security risk assessment for two key risk scenarios
    2. Risk mitigation roadmap

    No safe jurisdictions

    Stakeholders sometimes ask information security and privacy leaders to produce a list of safe jurisdictions from which to operate. We need to help them see that there are no safe jurisdictions, only relatively risky ones. As you build your security program, deepen the scope of your risk assessments to include risk scenarios critical assets face in different jurisdictions. These risks do not need to rule out operations, but they may require additional mitigation measures to keep staff, data, and devices safe and reduce potential reputational harms.

    Traditional approaches to security strategy often omit jurisdictional risks.

    Global operations must contend with a more complex security landscape. Secure critical assets in high-risk jurisdictions with a targeted risk assessment.

    The two greatest risks are high-risk travel and compliance risk.

    You can mitigate them with small adjustments to your security program.

    Support High-Risk Travel

    When securing travel to high-risk jurisdictions, you must consider personnel safety as well as data and device security. Put measures and guidelines in place to protect them before, during, and after travel.

    Mitigate Compliance Risk

    Think through data residency requirements, data breach notification, cross-border data transfer, and third-party risks to support business growth and mitigate compliance risks in high-risk jurisdictions to protect your organization’s reputation and avoid hefty fines or business disruptions.

    Phase 1

    Identify Context

    This phase will walk you through the following activities:

    • Assess business requirements to understand the goals of the organization’s global operations, as well as its risk governance, policies, and practices.
    • Evaluate jurisdictional security pressures to understand threats to critical assets and capture the expectations of external stakeholders, including customers, regulators, legislators, and business partners, and assess risk tolerance.

    This phase involves the following participants:

    • Business stakeholders
    • IT leadership
    • Security team
    • Risk and Compliance

    Step 1.1

    Assess Business Requirements

    Activities

    1.1.1 Determine assessment scope

    1.1.2 Identify enterprise goals in high-risk jurisdictions

    1.1.3 Identify compliance obligations

    This step involves the following participants:

    • Business stakeholders
    • IT leadership
    • Security team
    • Risk and Compliance

    Outcomes of this step

    • Assess business requirements to understand the goals of the organization’s global operations, as well as its risk governance, policies, and practices.

    Focus the risk assessment on high-risk jurisdictions

    Traditional approaches to information security strategy often miss threats to global operations

    • Successful security strategies are typically sensitive to risks to different IT systems and lines of business.
    • However, securing global operations requires additional focus on high-risk jurisdictions, considering what makes them unique.
    • This first phase of the project will help you evaluate the business context of operations in high-risk jurisdictions, including:
      • Enterprise and security goals.
      • Lines of business, physical locations, and IT systems that need additional oversight.
      • Unique compliance obligations.
      • Unique risks and security pressures.
      • Organizational risk tolerance in high-risk jurisdictions.

    Focus your risk assessment on the business activities security supports in high-risk jurisdictions and the unique threats they face to bridge gaps in your security strategy.

    Identify jurisdictions with higher inherent risks

    Your security strategy may not describe jurisdictional risk adequately.

    • Security strategies list lines of business, physical locations, and IT systems the organization needs to secure and those whose security will depend on a third-party. You can find additional guidance on fixing the scope and boundaries of a security strategy in Phase 1 of Build an Information Security Strategy.
    • However, security risks vary widely from one jurisdiction to another according to:
      • Active cyber threats.
      • Legal and regulatory frameworks.
      • Regional security and preparedness capabilities.
    • Your first task is to identify high-risk jurisdictions to target for additional oversight.

    Work closely with your enterprise risk management function.

    Enterprise risk management functions are often tasked with developing risk assessments from composite sources. Work closely with them to complete your own assessment.

    Countries at heightened risk of money laundering and terrorism financing are examples of high-risk jurisdictions. The Financial Action Task Force and the U.S. Treasury publish reports three times a year that identify Non-Cooperative Countries or Territories.

    Develop a robust jurisdictional assessment

    Design an intelligence collection strategy to inform your assessment

    Strategic Intelligence

    White papers, briefings, reports. Audience: C-Suite, board members

    Tactical Intelligence

    Internal reports, vendor reports. Audience: Security leaders

    Operational intelligence

    Indicators of compromise. Audience: IT Operations

    Operational intelligence focuses on machine-readable data used to block attacks, triage and validate alerts, and eliminate threats from the network. It becomes outdated in a matter of hours and is less useful for this exercise.

    Determine travel risks to bolster your assessments

    Not all locations and journeys will require the same security measures.

    • Travel risks vary significantly according to destination, the nature of the trip, and traveler profile.
    • Access to an up-to-date country risk rating system enables your organization and individual staff to quickly determine the overall level of risk in a specific country or location.
    • Based on this risk rating, you can specify what security measures are required prior to travel and what level of travel authorization is appropriate, in line with the organization's security policy or travel security procedures.
    • While some larger organizations can maintain their own country risk ratings, this requires significant capacity, particularly to obtain the necessary information to keep these regularly updated.
    • It may be more effective for your organization to make use of the travel risk ratings provided by an external security information provider, such as a company linked to your travel insurance or travel booking service, if available.
    • Alternatively, various open-source travel risk ratings are available via embassy travel sites or other website providers.

    Without a flexible system to account for the risk exposures of different jurisdictions, staff may perceive measures as a hindrance to operations.

    Develop a tiered risk rating

    The example below outlines potential risk indicators for high-risk travel.

    Rating

    Description

    Low

    Generally secure with adequate physical security. Low violent crime rates. Some civil unrest during significant events. Acts of terrorism rare. Risks associated with natural disasters limited and health threats mainly preventable.

    Moderate

    Periodic civil unrest. Antigovernment, insurgent, or extremist groups active with sporadic acts of terrorism. Staff at risk from common and violent crime. Transport and communications services are unreliable and safety records are poor. Jurisdiction prone to natural disasters or disease epidemics.

    High

    Regular periods of civil unrest, which may target foreigners. Antigovernment, insurgent, or extremist groups very active and threaten political or economic stability. Violent crime rates high, often targeting foreigners. Infrastructure and emergency services poor. May be regular disruption to transportation or communications services. Certain areas off-limits to foreigners. Jurisdictions experiencing natural disasters or epidemics are considered high risk.

    Extreme

    Undergoing active conflict or persistent civil unrest. Risk of being caught up in a violent incident or attack is very high. Authorities may have lost control of significant portions of the country. Lines between criminality and political and insurgent violence are blurred. Foreigners are likely to be denied access to parts of the country. Transportation and communication services are severely degraded or nonexistent. Violence presents a direct threat to staff security.

    Ratings are formulated by assessing several types of risk, including conflict, political/civil unrest, terrorism, crime, and health and infrastructure risks.

    1.1.1 Determine assessment scope

    1 – 2 hours

    1. As a group, brainstorm a list of high-risk jurisdictions to target for additional assessment. Write down as many items as possible to include in:
    • Lines of business
    • Physical locations
    • IT systems

    Pay close attention to elements of the assessment that are not in scope.

  • Discuss the response and the rationale for targeting each of them for additional risk assessments. Identify security-related concerns for different lines of business, locations, user groups, IT systems, and data.
  • Record your responses and your comments in the Information Security Requirements Gathering Tool.

    • Input

    Output

    • Corporate strategy
    • IT strategy
    • Security strategy
    • Relevant threat intelligence
    • A list of high-risk jurisdictions to focus your risk assessment

    Materials

    Participants

    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Enterprise Risk Management
    • Compliance
    • Legal

    Download the Information Security Requirements Gathering Tool

    Position your efforts in a business context

    Securing critical assets in high-risk jurisdictions is a business imperative

    • Many companies relegate their information security strategies to their IT department. Aside from the strain the choice places on a department that already performs many different functions, it wrongly implies that mitigating information security risk is simply an IT problem.
    • Managing information security risks is a business problem. It requires that organizations identify their risk appetite, prioritize relevant threats, and define risk mitigation initiatives. Business leaders can only do these activities effectively in a context that recognizes the business and financial benefits of implementing protections.
    • This is notably true of businesses with operations in many different countries. Each jurisdiction has its own set of security risks the organization must account for, as well as unique local laws and regulations that affect business operations.
    • In high-risk jurisdictions, your efforts must consider the unique operational challenges your organization may not face in its home country. Your efforts to secure critical assets will be most successful if you describe key risk scenarios in terms of their impact on business goals.
    • You can find additional guidance on assessing the business context of a security strategy in Phase 1 of Build an Information Security Strategy.

    Do you understand the unique business context of operations in high-risk jurisdictions?

    1.1.2 Identify business goals

    Estimated Time: 1-2 hours

    1. As a group, brainstorm the primary and secondary business goals of the organization. Focus your assessment on operations in high-risk jurisdictions you identified in Exercise 1.1.1. Review:
    • Relevant corporate and IT strategies.
    • The business goal definitions and indicator metrics in tab 2, “Goals Definition,” of the Information Security Requirements Gathering Tool.
  • Limit business goals to no more than two primary goals and three secondary goals. This limitation will help you prioritize security initiatives at the end of the project.
  • For each business goal, identify up to two security alignment goals that will support business goals in high-risk jurisdictions.

    • Input

    Output

    • Corporate strategy
    • IT strategy
    • Security strategy
    • Your goals for the security risk assessment for high-risk jurisdictions

    Materials

    Participants

    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Risk Management
    • Compliance
    • Legal

    Download the Information Security Requirements Gathering Tool

    Record business goals

    Capture the results in the Information Security Requirements Gathering Tool

    1. Record the primary and secondary business goals you identified in tab 3, “Goals Cascade,” of the Information Security Requirements Gathering Tool.
    2. Next, record the two security alignment goals you selected for each business goal based on the tool’s recommendations.
    3. Finally, review the graphic diagram that illustrates your goals on tab 6, “Results,” of the Information Security Requirements Gathering Tool.
    4. Revisit this exercise whenever operations expands to a new jurisdiction to capture how they contribute to the organization’s mission and vision and how the security program can support them.
    The image contains a screenshot of Tab 3, Goals Cascade.

    Tab 3, Goals Cascade

    The image contains a screenshot of Tab 6, Results.

    Tab 6, Results

    Analyze business goals

    Assess how operating in multiple jurisdictions adds nuance to your business goals

    • Security leaders need to understand the direction of the business to propose relevant security initiatives that support business goals in high-risk jurisdictions.
    • Operating in different jurisdictions carries its own degree of risk. The organization is subject not only to the information security risks and legal frameworks of its country of origin but also to those associated with international jurisdictions.
    • You need to understand where your organization operates and how these different jurisdictions contribute to your business goals to support their performance and protect the firm’s reputation.
    • This exercise will make an explicit link between security and privacy concerns in high-risk jurisdictions, what the business cares about, and what security is trying to accomplish.

    If the organization is considering a merger and acquisition project that will expand operations in jurisdictions with different travel risk profiles, the security organization needs to revise the security strategy to ensure the organization can support high-risk travel and mitigate risks to critical assets.

    Identify compliance obligations

    Data compliance obligations loom large in high-risk jurisdictions

    The image contains four hexagons, each with their own words. SOX, PCI DSS, HIPAA, HITECH.

    Security leaders are familiar with most conventional regulatory obligations that govern financial, personal, and healthcare data in North America and Europe.

    The image contains four hexagons, each with their own words. Residency, Cross-Border Transfer, Breach Notification, Third-Party Risk Mgmt.

    Data privacy concerns, nationalism, and the economic value of data are all driving jurisdictions to adopt data residency and data localization and to shut down the cross-border transfer of data.

    The next step requires you to consider the compliance obligations the organization needs to meet to support the business as it expands to other jurisdictions through natural growth, mergers, and acquisitions.

    1.1.3 Identify compliance obligations

    Estimated Time: 1-2 hours

    1. As a group, brainstorm compliance obligations in target jurisdictions. Focus your assessment on operations in high-risk jurisdictions.

      2. Include:

    • Laws
    • Governing regulations
    • Industry standards
    • Contractual agreements
  • Record your compliance obligations and comments on tab 4, “Compliance Obligations,” of the Information Security Requirements Gathering Tool.
  • If you need to take full stock of the laws and regulations in place in the jurisdictions where you operate that you are not familiar with, consider seeking local legal counsel to help you navigate this exercise.

    • Input

    Output

    • Legal and compliance frameworks in target jurisdictions
    • Mandatory and voluntary compliance obligations for target jurisdictions

    Materials

    Participants

    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Risk Management
    • Compliance
    • Legal

    Download the Information Security Requirements Gathering Tool

    Step 1.2

    Evaluate Security Pressures

    Activities

    1.2.1 Conduct initial risk assessment

    1.2.2 Conduct pressure analysis

    1.2.3 Determine risk tolerance

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    Identify threats to global assets and capture the security expectations of external stakeholders, including customers, regulators, legislators, and business partners, and determine risk tolerance.

    Evaluate security pressures to set the risk context

    Perform an initial assessment of high-risk jurisdictions to set the context.

    Assess:

    • The threat landscape.
    • The security pressures from key stakeholders.
    • The risk tolerance of your organization.

    You should be able to find the information in your existing security strategy. If you don’t have the information, work through the next three steps of the project blueprint.

    The image contains a diagram to demonstrate evaluating security pressures, as described in the text above.

    Some jurisdictions carry inherent risks

    • Jurisdictional risks stem from legal, regulatory, or political factors that exist in different countries or regions. They can also stem from unexpected legal changes in regions where critical assets have exposure. Understanding jurisdictional risks is critical because they can require additional security controls.
    • Jurisdictional risk tends to be higher in jurisdictions:
      • Where the organization:
        • Conducts high-value or high-volume financial transactions.
        • Supports and manages critical infrastructure.
        • Has high-cost data or data whose compromise could undermine competitive advantage.
        • Has a high percentage of part-time employees and contractors.
        • Experiences a high rate of employee turnover.
      • Where state actors:
        • Have a low commitment to cybersecurity, financial, and privacy legislation and regulation.
        • Support cybercrime organizations within their borders.

    Jurisdictional risk is often reduced to countries where money laundering and terrorist activities are high. In this blueprint, the term refers to the broader set of information security risks that arise when operating in a foreign country or jurisdiction.

    Five key risk scenarios are most prevalent

    Key Risk Scenarios

    • High-Risk Travel
    • Compliance Risk
    • Insider Threat
    • Advanced Persistent Threat
    • Commercial Surveillance

    Security leaders who support operations in many countries need to take additional steps to mitigate security risks to critical assets. The goal of the next two exercises is to analyze the threat landscape and security pressures unique to high-risk jurisdictions, which will inform the construction of key scenarios in Phase 2. These five scenarios are most prevalent in high-risk jurisdictions. Keep them in mind as you go through the exercises in this section.

    1.2.1 Assess jurisdictional risk

    1-3 hours

    1. As a group, review the questions on tab 2, “Risk Assessment,” of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following risk elements with a focus on high-risk jurisdictions:
    3. Review each question in tab 2 of the Information Security Pressure Analysis Tool and select the most appropriate response.

    Input

    Output

    • Existing security strategy
    • List of organizational assets
    • Historical data on information security incidents
    • Completed risk assessment

    Materials

    Participants

    • Information Security Pressure Analysis Tool
    • Security team
    • IT leadership
    • Risk Management

    For more information on how to complete the risk assessment questionnaire, see Step 1.2.1 of Build an Information Security Strategy.

    1.2.2 Conduct pressure analysis

    1-3 hours

    1. As a group, review the questions on tab 3, “Pressure Analysis,” of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following pressure elements with a focus on high-risk jurisdictions:
    • Compliance and oversight
    • Customer expectations
    • Business expectations
    • IT expectations
  • Review each question in the questionnaire and provide the most appropriate response using the drop-down list. It may be helpful to consult with the appropriate departments to obtain their perspectives.

    • For more information on how to complete the pressure analysis questionnaire, see Step 1.3 of Build an Information Security Strategy.

    Input

    Output

    • Information on various pressure elements within the organization
    • Existing security strategy
    • Completed pressure analysis

    Materials

    Participants

    • Information Security Pressure Analysis Tool
    • Security team
    • IT leadership
    • Business leaders
    • Compliance

    A low security pressure means that your stakeholders do not assign high importance to information security. You may need to engage stakeholders with the right key risk scenarios to illustrate jurisdictional risk and generate support for new security controls.

    Download the Information Security Pressure Analysis Tool

    Assess risk tolerance

    • Risk tolerance expresses the types and amount of risk the organization is willing to accept in pursuit of its goals.
    • These expectations can help you identify, manage, and report on key risk scenarios in high-risk jurisdictions.
    • For instance, an organization with a low risk tolerance will require a stronger information security program to minimize operational security risks.
    • It’s up to business leaders to determine the risks they are willing to accept. They may need guidance to understand how system-level risks affect the organization’s ability to pursue its goals.

    A formalized risk tolerance statement can help:

    • Support risk-based security decisions that align with business goals.
    • Provide a meaningful rationale for security initiatives.
    • Improve the transparency of investments in the organization’s security program.
    • Provide guidance for monitoring inherent risk and residual risk exposure.

    The role of security professionals is to identify and analyze key risk scenarios that may prevent the organization from reaching its goals.

    1.2.3 Determine risk tolerance

    1-3 hours

    1. As a group, review the questions on tab 4, “Risk Tolerance,” of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following risk tolerance elements:
    • Recent IT problems, especially downtime and data recovery issues
    • Historical security incidents
  • Review any relevant documentation, including:
    • Existing security strategy
    • Business impact assessments
    • Service-level agreements

    For more information on how to complete the risk tolerance questionnaire, see Step 1.4 of Build an Information Security Strategy.

    Input

    Output

    • Existing security strategy
    • Data on recent IT problems and incidents
    • Business impact assessments
    • Completed risk tolerance statement

    Materials

    Participants

    • Information Security Pressure Analysis Tool
    • Security team
    • IT leadership
    • Risk Management

    Download the Information Security Pressure Analysis Tool

    Review the output of the results tab

    • The organizational risk assessment provides a high-level assessment of inherent risks in high-risk jurisdictions. Use the results to build and assess key risk scenarios in Phase 2.
    • Use the security pressure analysis to inform stakeholder management efforts. A low security pressure indicates that stakeholders do not yet grasp the impact of information security on organizational goals. You may need to communicate its importance before you discuss additional security controls.
    • Jurisdictions in which organizations have a low risk tolerance will require stronger information security controls to minimize operational risks.
    The image contains a screenshot of the organizational risk assessment. The image contains a screenshot of the security pressure analysis. The image contains a screenshot of the risk tolerance curve.

    Phase 2

    Assess Security Risks to Critical Assets

    This phase will walk you through the following activities:

    • Identify critical assets, their vulnerabilities to relevant threats, and the adverse impact a successful threat event would have on the organization.
    • Assess risk exposure of critical assets in high-risk jurisdictions for each risk scenario through an analysis of its likelihood and impact.

    This phase involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Step 2.1

    Identify Risks

    Activities

    2.1.1 Identify assets

    2.1.2 Identify threats

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Define risk scenarios that identify critical assets, their vulnerabilities to relevant threats, and the adverse impact a successful threat event would have on the organization.

    This blueprint focuses on mitigating jurisdictional risks

    The image contains a screenshot of the IT Risk Management Framework. The framework includes: Risk Identification, Risk Assessment, Risk Response, and Risk Governance.

    For a deeper dive into building a risk management program, see Info-Tech’s core project blueprints on risk management:

    Build an IT Risk Management Program

    Combine Security Risk Management Components Into One Program

    Draft key risk scenarios to illustrate adverse events

    Risk scenarios help decision-makers understand how adverse events affect business goals.

    • Risk-scenario building is the process of identifying the critical factors that contribute to an adverse event and crafting a narrative that describes the circumstances and consequences if it were to happen.
    • Risk scenarios set up the risk analysis stage of the risk assessment process. They are narratives that describe in detail:
      • The asset at risk.
      • The threat that can act against the asset.
      • Their intent or motivation.
      • The circumstances and threat actor model associated with the threat event.
      • The potential effect on the organization.
      • When or how often the event might occur.

    Risk scenarios are further distilled into a single sentence or risk statement that communicates the essential elements from the scenario.

    Well-crafted risk scenarios have four components

    The second phase of the project will help you craft meaningful risk scenarios

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    An actor capable of harming an asset

    Anything of value that can be affected and results in loss

    Technique an actor uses to affect an asset

    How loss materializes

    Examples: Malicious or untrained employees, cybercriminal groups, malicious state actors

    Examples: Systems, regulated data, intellectual property, people

    Examples: Credential compromise, privilege escalation, data exfiltration

    Examples: Loss of data confidentiality, integrity, or availability; impact on staff health & safety

    Risk scenarios are concise, four to six sentence narratives that describe the core elements of forecasted adverse events. Use them to engage stakeholders with the right questions and guide them to make informed decisions about how to address and treat security risks in high-risk jurisdictions.

    The next slides review five key risk scenarios prevalent in high-risk jurisdictions. Use them as examples to develop your own.

    Travel to high-risk jurisdictions requires special measures to protect staff, devices, and data

    Governmental, academic, and commercial advisors compile lists of jurisdictions that pose greater travel risks annually.

    For instance, in the US, these lists might include countries that are:

    • Subjects of travel warnings by the US Department of State.
    • Identified as high risk by other US government sources such as:
      • The Department of the Treasury Office of Foreign Assets Control (OFAC).
      • The Federal Bureau of Investigation (FBI).
      • The Office of the Director of National Intelligence (ODNI).
    • Compiled from academic and commercial sources, such as Control Risks.

    When securing travel to high-risk jurisdictions, you must consider personnel safety as well as data and device security.

    The image contains a diagram to present high-risk jurisdictions.

    The diagram presents high-risk jurisdictions based on US governmental sources (2021) listed on this slide.

    High-risk travel

    Likelihood: Medium

    Impact: Medium

    Key Risk Scenario #1

    Malicious state actors, cybercriminals, and competitors can threaten staff, devices, and data during travel to high-risk jurisdictions. Device theft or compromise may occur while traveling through airports, accessing hotel computer and phone networks, or in internet cafés or other public areas. Threat actors can exploit data from compromised or stolen devices to undermine the organization’s strategic, economic, or competitive advantage. They can also infect compromised devices with malware that delivers malicious payloads once they reconnect with home networks.

    Threat Actor:

    • Malicious state actors
    • Cybercriminals
    • Competitors

    Assets:

    • Staff
    • IT systems
    • Sensitive data

    Effect:

    • Compromised staff health and safety
    • Loss of data
    • Lost of system integrity

    Methods:

    • Identify, steal, or target mobile devices.
    • Compromise network, wireless, or Bluetooth connections.
    • Leverage stolen devices as a means of infecting other networks.
    • Access devices to track user location.
    • Activate microphones on devices to collect information.
    • Intercept electronic communications users send from high-risk jurisdictions.

    The data compliance landscape is a jigsaw puzzle of data protection and data residency requirements

    Since the EU passed the GDPR in 2016, jurisdictions have turned to data regulations to protect citizen data

    Data privacy concerns, nationalism, and the economic value of data are all driving jurisdictions to adopt data residency, breach notification, and cross-border data transfer regulations. As 2021 wound down to a close, nearly all the world’s 30 largest economies had some form of data regulation in place. The regulatory landscape is shifting rapidly, which complicates operations as organizations grow into new markets or engage in merger and acquisition activities.

    Global operations require special attention to data-residency requirements, data breach notification requirements, and cross-border data transfer regulations to mitigate compliance risk.

    The image contains a diagram to demonstrate the data regulations placed in various places around the world.

    Compliance risk

    Likelihood: Medium

    Impact: High

    Key Risk Scenario #2

    Rapid changes in the privacy and security regulatory landscape threaten organizations’ ability to meet their compliance obligations from local legal and regulatory frameworks. Organizations risk reputational damage, administrative fines, criminal charges, and loss of market share. In extreme cases, organizations may lose their license to operate in high-risk jurisdictions. Shifts in the regulatory landscape can involve additional requirements for data residency, cross-border data transfer, data breach notification, and third-party risk management.

    Threat Actor:

    • Local, regional, and national state actors

    Asset:

    • Reputation, market share
    • License to operate

    Effect:

    • Administrative fines
    • Loss of reputation, brand trust, and consumer loyalty
    • Loss of market share
    • Suspension of business operations
    • Lawsuits due to collective actions and claims
    • Criminal charges

    Methods:

    • Shifts in the privacy and security regulatory landscape, including requirements for:
      • Data residency.
      • Cross-border data transfer.
      • Data breach notification.
      • Third-party security and privacy risk management.

    The incidence of insider threats varies widely by jurisdiction in unexpected ways

    On average, companies in North America, the Middle East, and Africa had the most insider incidents in 2021, while those in the Asia-Pacific region had the least.

    The Ponemon Institute set out to understand the financial consequences that result from insider threats and gain insight into how well organizations are mitigating these risks.

    In the context of this research, insider threat is defined as:

    • Employee or contractor negligence.
    • Criminal or malicious insider activities.
    • Credential theft (imposter risk).

    On average, the total cost to remediate insider threats in 2021 was US$15.4 million per incident.

    In all regions, employee or contractor negligence occurred most frequently. Organizations in North America and in the Middle East and Africa were most likely to experience insider threat incidents in 2021.

    the image contains a diagram of the world, with various places coloured in different shades of blue.

    The diagram represents the average number of insider incidents reported per organization in 2021. The results are analyzed in four regions (Ponemon Institute, 2022)

    Insider threat

    Likelihood: Low to Medium

    Impact: High

    Key Risk Scenario #3

    Malicious insiders, negligent employees, and credential thieves can exploit inside access to information systems to commit fraud, steal confidential or commercially valuable information, or sabotage computer systems. Insider threats are difficult to identify, especially when security is geared toward external threats. They are often familiar with the organization’s data and intellectual property as well as the methods in place to protect them. An insider may steal information for personal gain or install malicious software on information systems. They may also be legitimate users who make errors and disregard policies, which places the organization at risk.

    Threat Actor:

    • Malicious insiders
    • Negligent employees
    • Infiltrators

    Asset:

    • Sensitive data
    • Employee credentials
    • IT systems

    Effects:

    • Loss of system integrity
    • Loss of data confidentiality
    • Financial loss

    Methods:

    • Infiltrators may compromise credentials.
    • Malicious or negligent insiders may use corporate email to steal or share sensitive data, including:
      • Regulated data.
      • Intellectual property.
      • Critical business information.
    • Malicious agents may facilitate data exfiltration, as well as open-port and vulnerability scans.

    The risk of advanced persistent threats is more prevalent in Central and South America and the Asia-Pacific region

    Attacks from advanced persistent threat (APT) actors are more sophisticated than traditional ones.

    • More countries will use legal indictments as part of their cyber strategy. Exposing toolsets of APT groups carried out at the governmental level will drive more states to do the same.
    • Expect APTs to increasingly target network appliances like VPN gateways as organizations continue to sustain hybrid workforces.
    • The line between APTs and state-sanctioned ransomware groups is blurring. Expect cybercriminals to wield better tools, mount more targeted attacks, and use double-extortion tactics.
    • Expect more disruption and collateral damage from direct attacks on critical infrastructure.

    Top 10 Significant Threat Actors:

    • Lazarus
    • DeathStalker
    • CactusPete
    • IAmTheKing
    • TransparentTribe
    • StrongPity
    • Sofacy
    • CoughingDown
    • MuddyWater
    • SixLittleMonkeys

    Top 10 Targets:

    • Government
    • Banks
    • Financial Institutions
    • Diplomatic
    • Telecommunications
    • Educational
    • Defense
    • Energy
    • Military
    • IT Companies
    The image contains a world map coloured in various shades of blue.
    Top 12 countries targeted by APTs (Kaspersky, 2020)

    Track notable APTs to revise your list of high-risk jurisdictions and review the latest tactics and techniques

    Governmental advisors track notable APT actors that pose greater risks.

    The CISA Shields Up site, SANS Storm Center site, and MITRE ATT&CK group site provide helpful and timely information to understand APT risks in different jurisdictions.

    The following threat actors are currently associated with cyberattacks affiliated with the Russian government.

    Activity Group

    Risks

    APT28 (GRU)

    Known as Fancy Bear, this threat group has been tied to espionage since 2004. They compromised the Hillary Clinton campaign, amid other major events.

    APT29 (SVT)

    Tied to espionage since 2008. Reportedly compromised the Democratic National Committee in 2015. Cited in the 2021 SolarWinds compromise.

    Buhtrap/RTM Group

    Group focused on financial targets since 2014. Currently known to target Russian and Ukrainian banks.

    Gamaredon

    Operating in Crimea. Aligned with Russian interests. Has previously targeted Ukrainian government officials and organizations.

    DEV-0586

    Carried out wiper malware attacks on Ukrainian targets in January 2022.

    UNC1151

    Active since 2016. Linked to information operation campaigns and the distribution of anti-NATO material.

    Conti

    Most successful ransomware gang of 2021, with US$188M revenue. Supported Russian invasion of Ukraine, threatening attacks on allied critical infrastructure.

    Sources: MITRE ATT&CK; Security Boulevard, 2022; Reuters, 2022; The Verge, 2022

    Advanced persistent threat

    Likelihood: Low to Medium

    Impact: High

    Key Risk Scenario #4

    Advanced persistent threats are state actors or state-sponsored affiliates with the means to avoid detection by anti-malware software and intrusion detection systems. These highly-skilled and persistent malicious agents have significant resources with which to bypass traditional security controls, establish a foothold in the information technology infrastructure, and exfiltrate data undetected. APTs have the resources to adapt to a defender’s efforts to resist them over time. The loss of system integrity and data confidentiality over time can lead to financial losses, business continuity disruptions, and the destruction of critical infrastructure.

    Threat Actor:

    • State actors
    • State-sponsored affiliates

    Asset:

    • Sensitive data
    • IT systems
    • Critical infrastructure

    Effects:

    • Loss of system integrity
    • Loss of data confidentiality
    • Financial loss
    • Business continuity disruptions
    • Infrastructure destruction

    Methods:

    • Persistent, consistent attacks using the most advanced threats and tactics to bypass security defenses.
    • The goal of APTs is to maintain access to networks for prolonged periods without being detected.
    • The median dwell time differs widely between regions. FireEye reported the mean dwell time for 2018:
      • Americas: 71 days
      • Europe, Middle East, and Africa: 177 days
      • Asia-Pacific: 204 days
    Sources: Symantec, 2011; FireEye, 2019

    Threat agents have deployed invasive technology for commercial surveillance in at least 76 countries since 2015

    State actors and their affiliates purchased and used invasive spyware from companies in Europe, Israel, and the US.

    • “Customers are predominantly repressive regimes looking for new ways to control the flow of information and stifle dissent. Less than 10% of suspected customers are considered full democracies by the Economist Intelligence Unit.” (Top10VPN, 2021)
    • Companies based in economically developed and largely democratic states are profiting off the technology.
    • The findings demonstrate the need to consider geopolitical realities when assessing high-risk jurisdictions and to take meaningful action to increase layered defenses against invasive malware.
    • Spyware is having an increasingly well-known impact on civil society. For instance, since 2016, over 50,000 individual phone numbers have been identified as potential targets by NSO Group, the Israeli manufacturers of the notorious Pegasus Spyware. The target list contained the phone numbers of politicians, journalists, activists, doctors, and academics across the world.
    • The true number of those affected by spyware is almost impossible to determine given that many fall victim to the technology and do not notice.
    The image contains a map of the world with various countries highlighted in shades of blue.

    Countries where commercial surveillance tools have been deployed (“Global Spyware Market Index,” Top10VPN, 2021)

    The risks and effects of spyware vary greatly

    Spyware can steal mundane information, track a user’s every move, and everything in between.

    Adware

    Software applications that display advertisements while the program is running.

    Keyboard Loggers

    Applications that monitor and record keystrokes. Malicious agents use them to steal credentials and sensitive enterprise data.

    Trojans

    Applications that appear harmless but inflict damage or data loss to a system.

    Mobile Spyware

    Surveillance applications that infect mobile devices via SMS or MMS channels, though the most advanced can infect devices without user input.

    State actors and their affiliates use system monitors to track browsing habits, application usage, and keystrokes and capture information from devices’ GPS location data, microphone, and camera. The most advanced system monitor spyware, such as NSO Group’s Pegasus, can infect devices without user input and record conversations from end-to-end encrypted messaging systems.

    Commercial surveillance

    Likelihood: Low to Medium

    Impact: Medium

    Key Risk Scenario #5

    Malicious agents can deploy malware on end-user devices with commercial tools available off the shelf to secretly monitor the digital activity of users. Attacks exploit widespread vulnerabilities in telecommunications protocols. They occur through email and text phishing campaigns, malware embedded in untested applications, and sophisticated zero-click attacks that deliver payloads without requiring user interactions. Attacks target sensitive as well as mundane information. They can be used to track employee activities, investigate criminal activity, or steal credentials, credit card numbers, or other personally identifiable information.

    Threat Actor:

    • State actors
    • State-sponsored affiliates

    Asset:

    • Sensitive data
    • Staff health and safety
    • IT systems

    Effects:

    • Data breaches
    • Loss of data confidentiality
    • Increased risk to staff health and safety
    • Misuse of private data
    • Financial loss

    Methods:

    • Email and text phishing attacks that delivery malware payloads
    • Sideloading untested applications from a third-party source rather than an official retailer
    • Sophisticated zero-click attacks that deliver payloads without requiring user interaction

    Use the Jurisdictional Risk Register and Heatmap Tool

    The tool included with this blueprint can help you draft risk scenarios and risk statements in this section.

    The risk register will capture a list of critical assets and their vulnerabilities, the threats that endanger them, and the adverse effect your organization may face.

    The image includes two screenshots of the jurisdictional risk register and heatmap tool. The image contains a screenshot of the High-Risk Travel Jurisdiction.

    Download the Jurisdictional Risk Register and Heatmap Tool

    2.1.1 Identify assets

    1 – 2 hours

    1. As a group, consider critical or mission-essential functions in high-risk jurisdictions and the systems on which they depend. Brainstorm a list of the organization’s mission-supporting assets in high-risk jurisdictions. Consider:
    • Staff
    • Critical IT systems
    • Sensitive data
    • Critical operational processes
  • On a whiteboard, brainstorm the potential adverse effect of malicious agents in high-risk jurisdictions compromising critical assets. Consider the impact on:
    • Information systems.
    • Sensitive or regulated data.
    • Staff health and safety.
    • Critical operations and objectives.
    • Organizational finances.
    • Reputation and brand loyalty

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    Inputs for risk scenario identification

    Input

    Output

    • Corporate strategy
    • IT strategy
    • Security strategy
    • Business impact analyses
    • A list of the organization’s mission-supporting assets

    Materials

    Participants

    • Laptop
    • Projector
    • Whiteboard
    • Security team
    • IT leadership
    • System owner
    • Enterprise Risk Management

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    Inputs for risk scenario identification

    The image contains an example of the activity mentioned in the text above.

    Model threats to narrow the range of scenarios

    Motives and capabilities to perform attacks on critical assets vary across different threat actors.

    Category

    Actions

    Motivation

    Sophistication

    Nation-states

    Cyberespionage, cyberattacks

    Geopolitical

    High. Dedicated resources and personnel, extensive planning and coordination.

    Proxy organizations

    Espionage, destructive attacks

    Geopolitical, Ideological, Profit

    Moderate. Some planning and support functions and technical expertise.

    Cybercrime

    Theft, fraud, extortion

    Profit

    Moderate. Some planning and support functions and technical expertise.

    Hacktivists

    Disrupt operations, attack brands, release sensitive data

    Ideological

    Low. Rely on widely available tools that require little skill to deploy.

    Insiders

    Destruction or release of sensitive data, theft, exposure through negligence

    Incompetence, Discontent

    Internal access. Acting on their own or in concert with any of the above.

    • Criminals, hacktivists, and insiders vary in sophistication. Some criminal groups demonstrate a high degree of sophistication; however, a large cyber event that damages critical infrastructure does not align with their incentives to make money at minimal risk.
    • Proxy actors conduct offensive cyber operations on behalf of a beneficiary. They may be acting on behalf of a competitor, national government, or group of individuals.
    • Nation-states engage in long-term espionage and offensive cyber operations that support geopolitical and strategic policy objectives.

    2.1.2 Identify threats

    1 – 2 hours

    1. Review the outputs from activity 1.1.1 and activity 2.1.1.
    2. Identify threat agents that could undermine the security of critical assets in high-risk jurisdictions. Include internal and external actors.
    3. Assess their motives, means, and opportunities.
    • Which critical assets are most attractive? Why?
    • What paths and vulnerabilities can threat agents exploit to reach critical assets without going through a control?
    • How could they defeat existing controls? Draw on the MITRE framework to inform your analysis.
    • Once agents defeat a control, what further attack can they launch?

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    Inputs for risk scenario identification

    Input

    Output

    • Jurisdictional assessment from activity 1.1.1
    • Critical assets from activity 2.1.1
    • Potential vulnerabilities from:
      • Security control gap analysis
      • Security risk register
    • Threat intelligence
    • MITRE framework
    • A list of critical assets, threat agents, vulnerabilities, and potential attack vectors.

    Materials

    Participants

    • Laptop
    • Projector
    • Whiteboard
    • Security team
    • Infrastructure & Operations team
    • Enterprise Risk Management

    2.1.2 Identify threats (continued)

    1 – 2 hours

    1. On a whiteboard, brainstorm how threat agents will exploit vulnerabilities in critical assets to reach their goal. Redefine attack vectors to capture what could result from a successful initial attack.

    For example:

    • State actors and cybercriminals may steal or compromise end-user devices during travel to high-risk jurisdictions using malware they embed in airport charging stations, internet café networks, or hotel business centers.
    • Compromised devices may infect corporate networks and threaten sensitive data once they reconnect to them.

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    The image contains a screenshot of activity 2.1.2 as described in the text above.

    Bring together the critical risk elements into a single risk scenario

    Summarize the scenario further into a single risk statement

    Risk Scenario: High-Risk Travel

    State actors and cybercriminals can threaten staff, devices, and data during travel to high-risk jurisdictions. Device theft or compromise may occur while traveling through airports, accessing hotel computer and phone networks, or in internet cafés or other public areas. Threat actors can exploit data from compromised or stolen devices to undermine the organization’s strategic, economic, or competitive advantage. They can also infect compromised devices with malware that delivers malicious payloads once they reconnect with home networks.

    Risk Statement

    Cybercriminals compromise end-user devices during travel to high-risk jurisdictions, jeopardizing staff safety and leading to loss of sensitive data.

    Risk Scenario: Compliance Risk

    Rapid changes in the privacy and security regulatory landscape threaten an organization’s ability to meet its compliance obligations from local legal and regulatory frameworks. Organizations that fail to do so risk reputational damage, administrative fines, criminal charges, and loss of market share. In extreme cases, organizations may lose their license to operate in high-risk jurisdictions. Shifts in the regulatory landscape can involve additional requirements for data residency, cross-border data transfer, data breach notification, and third-party risk management.

    Risk Statement

    Rapid changes in the privacy and security regulations landscape threaten our ability to remain compliant, leading to reputational and financial loss.

    Fill out the Jurisdictional Risk Register and Heatmap Tool

    The tool is populated with data from two key risk scenarios: high-risk travel and compliance risk.

    The image includes two screenshots of the Jurisdictional Risk Register and Heatmap Tool.

    1. Label the risk in Tab 3, Column B.
    2. Record your risk scenario in Tab 3, Column C.
    3. Record your risk statement in Tab 3, Column D.
    4. Identify the applicable jurisdictions in Tab 3, Column E.
    5. You can further categorize the scenario as:
      • an enterprise risk (Column G).
      • an IT risk (Column H).

    Download the Jurisdictional Risk Register and Heatmap Tool

    Step 2.2

    Assess Risk Exposure

    Activities

    2.2.1 Identify existing controls

    2.2.2 Assess likelihood and impact

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Assess risk exposure for each risk scenario through an analysis of its likelihood and impact.

    Brush up on risk assessment essentials

    The next step will help you prioritize IT risks based on severity.

    Likelihood of Occurrence X Likelihood of Impact = Risk Severity

    Likelihood of occurrence: How likely the risk is to occur.

    Likelihood of impact: The likely impact of a risk event.

    Risk severity: The significance of the risk.

    Evaluate risk severity against the risk tolerance thresholds and the cost of risk response.

    Identify existing controls before you proceed

    Existing controls will reduce the inherent likelihood and impact of the risk scenario you face.

    Existing controls were put in place to avoid, mitigate, or transfer key risks your organization faced in the past. Without considering existing controls, you run the risk of overestimating the likelihood and impact of the risk scenarios your organization faces in high-risk jurisdictions.

    For instance, the ability to remote-wipe corporate-owned devices will reduce the potential impact of a device lost or compromised during travel to high-risk jurisdictions.

    As you complete the risk assessment for each scenario, document existing controls that reduce their inherent likelihood and impact.

    2.2.1 Document existing controls

    6-10 hours

    1. Document the Risk Category and Existing Controls in the Jurisdictional Risk Register and Heatmap Tool.
      • Tactical controls apply to individual risks only. For instance, the ability to remote-wipe devices mitigates the impact of a device lost in a high-risk jurisdiction.
      • Strategic controls apply to multiple risks. For instance, deploying MFA for critical applications mitigates the likelihood that malicious actors can compromise a lost device and impedes their access in devices they do compromise.

    Input

    Output

    • Risk scenarios
    • Existing controls for risk scenarios

    Materials

    Participants

    • Jurisdictional Risk Register and Heatmap Tool
    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Enterprise Risk Management

    Download the Jurisdictional Risk Register and Heatmap Tool.

    Assess the risk scenarios you identified in Phase 1

    The risk register is the central repository for risks in high-risk jurisdictions.

    • Use the second tab of the Jurisdictional Risk Register and Heatmap Tool to create likelihood, impact, and risk tolerance assessment scales to evaluate every risk event effectively.
    • Severity-level assessment is a “first pass” of your risk scenarios that will reveal your organization’s most severe risks in high-risk jurisdictions.
    • You can incorporate expected cost calculations into your evaluation to assess scenarios in greater detail.
    • Expected cost represents how much you would expect to pay in an average year for each risk event. Expected cost calculations can help compare IT risks to non-IT risks that may not use the same scales and communicate system-level risk to the business in a language they will understand.

    Expected cost calculations may not be practical. Determining robust likelihood and impact values to produce cost estimates can be challenging and time consuming. Use severity-level assessments as a first pass to make the case for risk mitigation measures and take your lead from stakeholders.

    The image contains two screenshots of the Jurisdictional Risk Register and Heatmap Tool.

    Use the Jurisdictional Risk Register and Heatmap Tool to capture and analyze your data.

    2.2.2 Assess likelihood and impact

    6-10 hours

    1. Assign each risk scenario a likelihood of occurrence and a likely impact level that represents the impact of the scenario on the whole organization considering existing controls. Record your results in Tab 3, column R and S, respectively.
    2. You can further dissect likelihood and impact into component parameters but focus first on total likelihood and impact to keep the task manageable.
    3. As you input the first few likelihood and impact values, compare them to one another to ensure consistency and accuracy. For instance, is a device lost in a high-risk jurisdiction truly more impactful than a device compromised with commercial surveillance software?
    4. The tool will calculate the probability of risk exposure based on the likelihood and consequence associated with the scenario. The results are published in Tab 3, Column T.

    Input

    Output

    • Risk scenarios
    • Assessed the likelihood of occurrence and impact for all identified risk events

    Materials

    Participants

    • Jurisdictional Risk Register and Heatmap Tool
    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Enterprise Risk Management

    Download the Jurisdictional Risk Register and Heatmap Tool.

    Refine your risk assessment to justify your estimates

    Document the rationale behind each value and the level of consensus in group discussions.

    Stakeholders will likely ask you to explain some of the numbers you assigned to likelihood and impact assessments. Pointing to an assessment methodology will give your estimates greater credibility.

    • Assign one individual to take notes during the assessment exercise.
    • Have them document the main rationale behind each value and the level of consensus.

    The goal is to develop robust intersubjective estimates of the likelihood and impact of a risk scenario.

    We assigned a 50% likelihood rating to a risk scenario. Were we correct?

    Assess the truth of the following statements to test likelihood assessments. In this case, do these two statements seem true?

    • The risk event will likely occur once in the next two years, all things being equal.
    • In two nearly identical organizations, one out of two will experience the risk event this year.
    The image includes a screenshot of the High-Risk Travel Jurisdictions.

    Phase 3

    Execute Response

    This phase will walk you through the following activities:

    • Prioritize and treat global risks to critical assets based on their value and exposure.
    • Build an initiative roadmap that identifies and applies relevant controls to protect critical assets. Identify key risk indicators to monitor progress.

    This phase involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Step 3.1

    Treat Security Risks

    Activities

    3.1.1 Identify and assess risk response

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Prioritize and treat global risks to critical assets based on their value and exposure.

    Analyze and select risk responses

    The next step will help you treat the risk scenarios you built in Phase 2.

    Identify

    Identify risk responses.

    Predict

    Predict the effectiveness of the risk response, if implemented, by estimating the residual likelihood and impact of the risk.

    Calculate

    The tool will calculate the residual severity of the risk after applying the risk response.

    The first part of the phase outlines project activities. The second part elaborates on high-risk travel and compliance risk, the two key risk scenarios we are following throughout the project. Use the Jurisdictional Risk Register and Heatmap Tool to capture your work.

    Analyze likelihood and impact to identify response

    The image contains a diagram of he risk response analysis. Risk Transfer and Risk Avoidance has the most likelihood, and Risk Acceptance and Risk Mitigation have the most impact. Risk Avoidance has the most likelihood and most impact in regards to risk response.

    3.1.1 Identify and assess risk response

    Complete the following steps for each risk scenario.

    1. Identify a risk response action that will help reduce the likelihood of occurrence or the impact if the scenario were to occur. Indicate the type of risk response (avoidance, mitigation, transfer, acceptance, or no risk exists).
    2. Assign each risk response action a residual likelihood level and a residual impact level. This is the same step you performed in Activity 2.2.2, but you are now are estimating the likelihood and impact of the risk event after you implemented the risk response action successfully. The Jurisdictional Risk Register and Heatmap Tool will generate a residual risk severity level for each risk event.
    3. Identify the potential Risk Action Owner (Project Manager) if the response is selected and turned into an IT project, and document this in the Jurisdictional Risk Register and Heatmap Tool .
    4. For each risk event, document risk response actions, residual likelihood and impact levels, and residual risk severity level.

    Input

    Output

    • Risk scenarios from Phase 2
    • Risk scenario mitigation plan

    Materials

    Participants

    • Whiteboard/flip charts
    • Jurisdictional Risk Register and Heatmap Tool
    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Download the Jurisdictional Risk Register and Heatmap Tool

    Step 3.2

    Mitigate Travel Risk

    Activities

    3.2.1 Develop a travel policy

    3.2.2 Develop travel procedures

    3.2.3 Design high-risk travel guidelines

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Prioritize and treat global risks to critical assets based on their value and exposure.

    Identify controls to mitigate jurisdictional risk

    This section provides guidance on the most prevalent risk scenarios identified in Phase 2 and provides a more in-depth examination of the two most prevalent ones, high-risk travel and compliance risk. Determine the appropriate response to each risk scenario to keep global risks to critical assets aligned with the organization’s risk tolerance.

    Key Risk Scenarios

    • High-Risk Travel
    • Compliance Risk
    • Insider Threat
    • Advanced Persistent Threat
    • Commercial Surveillance

    Travel risk is a common concern in organizations with global operations

    • The security of staff, devices, and data is one of the biggest challenges facing organizations with a global footprint. Working and traveling in unpredictable environments will aways carry a degree of risk, but organizations can do much to develop a safer and more secure working environment.
    • Compromised or stolen devices can provide threat actors with access to data that could compromise the organization’s strategic, economic, or competitive advantage or expose the organization to regulatory risk.
    • For many organizations, security risk assessments, security plans, travel security procedures, security training, and incident reporting systems are a key part of their operating language.
    • The following section provides a simple structure to help organizations demystify travel in high-risk jurisdictions.

    The image contains a diagram to present high-risk jurisdictions.

    Before you leave

    • Identify high-risk countries.
    • Enable controls.
    • Limit what you pack.

    During your trip

    • Assume you are monitored.
    • Limit access to systems.
    • Prevent theft.

    When you return

    • Change your password.
    • Restore your devices.

    Case study

    Higher Education: Camosun College

    Interview: Evan Garland

    Frame additional security controls as a value-added service.

    Situation

    The director of the international department at Camosun College reached out to IT security for additional support. Department staff often traveled to hostile environments. They were concerned malicious agents would either steal end-user devices or compromise them and access sensitive data. The director asked IT security for options that would better protect traveling staff, their devices, and the information they contain.

    Challenges

    First, controls would need to admit both work and personal use of corporate devices. Staff relied exclusively on work devices for travel to mitigate the risk of personal device theft. Personal use of corporate devices during travel was common. Second, controls needed to strike the right balance between friction and effortless access. Traveling staff had only intermittent access to IT support. Restrictive controls could prevent them from accessing their devices and data altogether.

    Solution

    IT consulted staff to discuss light-touch solutions that would secure devices without introducing too much complexity or compromising functionality. They then planned security controls that involved user interaction and others that did not and identified training requirements.

    Results

    Controls with user interaction

    Controls without user interaction

    • Multifactor authentication for college systems and collaboration platforms
    • Password manager for both work and personal use for staff for stronger passwords and practices
    • Security awareness training to help traveling staff identify potential threats while traveling through airports or accessing public Wi-Fi.
    • Drive encryption and always-on VPN to protect data at rest and in transit
    • Increased setting for phishing and spam filtering for traveling staff email
    • Enhanced anti-malware/endpoint detection and response (EDR) solution for traveling laptops

    Build a program to mitigate travel risks

    There is no one-size-fits-all solution.

    The most effective solution will take advantage of existing risk management policies, processes, and procedures at your organization.

    • Develop a framework. Outline the organization’s approach to high-risk travel, including the policies, procedures, and mechanisms put in place to ensure safe travel to high-risk jurisdictions.
    • Draft a policy. Outline the organization’s risk attitude and key security principles and define roles and responsibilities. Include security responsibilities and obligations in job descriptions of staff members and senior managers.
    • Provide flexible options. Inherent travel risk will vary from one jurisdiction to another. You will likely not find an approach that works for every case. Establish locally relevant measures and plans in different security contexts and risk environments.
    • Look for quick wins. Identify measures or requirements that you can establish quickly but that can have a positive effect on the security of staff, data, and devices.
    • Monitor and review. Undertake periodic reviews of the organization’s security approach and management framework, as well as their implementation, to ensure the framework remains effective.

    3.2.1 Develop a travel policy

    1. Work with your business leaders to build a travel policy for high-risk jurisdictions. The policy should be a short and accessible document structured around four key sections:
      • A statement on the importance of staff security and safety, the scope of the policy, and who it applies to (staff, consultants, contractors, volunteers, visitors, accompanying dependants, etc.).
      • A principles section explaining the organization’s security culture, risk attitude, and the key principles that shape the organization’s approach to staff security and safety.
      • A responsibilities section setting out the organization’s security risk management structure and the roles and actions allocated to specific positions.
      • A minimal security requirements section establishing the specific security requirements that must be in place in all locations and specific locations.
    2. Common security principles include:
    • Shared responsibility – Managing risks to staff is a shared organizational responsibility.
    • Acknowledgment of risk – Managing security will not remove all risks. Staff need to appreciate, as part of their informed consent, that they are still exposed to risk.
    • Primacy of life – Staff safety is of the highest importance. Staff should never place themselves at excessive risk to meet program objectives or protect property.
    • Proportionate risk – Risks must be assessed to ensure they are proportionate to the benefits organizational activities provide and the ability to manage those risks.
    • Right to withdraw – Staff have the right to withdraw from or refuse to take up work in a particular area due to security concerns.
    • No right to remain – The organization has the right to suspend activities that it considers too dangerous.
  • Cross-reference the organization’s other governing policies that outline requirements related to security risk management, such as the health and safety policy, access control policy, and acceptable use of security assets.

    • Input

    Output

    • List of high-risk jurisdictions
    • Risk scenarios from Phase 2
    • Data inventory and data flows
    • Travel policy for high-risk jurisdictions

    Materials

    Participants

    • Whiteboard/flip charts
    • Jurisdictional Risk Register and Heatmap Tool
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Develop security plans for high-risk travel

    Security plans advise staff on how to manage the risk identified in assessments.

    Security plans are key country documents that outline the security measures and procedures in place and the responsibilities and resources required to implement them. Security plans should be established in high-risk jurisdictions where your organization has a regular, significant presence. Security plans must remain relevant and accessible documents that address the specific risks that exist in that location, and, if appropriate, are specific about where the measures apply and who they apply to. Plans should be updated regularly, especially following significant incidents or changes in the operating environment or activities.

    Key Components

    Critical information – One-page summary of pertinent information for easy access and quick reference (e.g. curfew times, no-go areas, important contacts).

    Overview – Purpose and scope of the document, responsibilities for security plan, organization’s risk attitude, date of completion and review date, and a summary of the security strategy and policy.

    Current Context – Summary of current operating context and overall security situation; main risks to staff, assets, and operations; and existing threats and risk rating.

    Procedures – Simple security procedures that staff should adhere to in order to prevent incidents and how to respond should problems arise. Standard operating procedures (SOPs) should address key risks identified in the assessment.

    Security levels – The organization's security levels/phases, with situational indicators that reflect increasing risks to staff in that context and location and specific actions/measures required in response to increasing insecurity.

    Incident reporting – The procedures and responsibilities for reporting security-related incidents; for example, the type of incidents to be reported, the reporting structure, and the format for incident reporting.

    Determine travel risk

    Tailor your risk response to the security risk assessment you conducted in earlier stages of this project.

    Ratings are formulated by assessing several types of risk, including conflict, political/civil unrest, terrorism, crime, and health and infrastructure risks.

    Rating

    Description (Examples)

    Recommended Action

    Low

    Generally secure with adequate physical security. Low violent crime rates. Some civil unrest during significant events. Acts of terrorism rare. Risks associated with natural disasters limited and health threats mainly preventable.

    Basic personal security, travel, and health precautions required.

    Moderate

    Periodic civil unrest. Antigovernment, insurgent, or extremist groups active with sporadic acts of terrorism. Staff at risk from common and violent crime. Transport and communications services are unreliable and safety records are poor. Jurisdiction prone to natural disasters or disease epidemics.

    Increased vigilance and routine security procedures required.

    High

    Regular periods of civil unrest, which may target foreigners. Antigovernment, insurgent, or extremist groups very active and threaten political or economic stability. Violent crime rates high and targeting of foreigners is common. Infrastructure and emergency services poor. May be regular disruption to transportation or communications services. Certain areas off-limits to foreigners. Jurisdictions experiencing a natural disaster or a disease epidemic are considered high risk.

    High level of vigilance and effective, context-specific security precautions required.

    Extreme

    Undergoing active conflict or persistent civil unrest. Risk of being caught up in a violent incident or attack is very high. Civil authorities may have lost control of significant portions of the country. Lines between criminality and political and insurgent violence are blurred. Foreigners are likely to be denied access to significant parts of the country. Transportation and communication services are severely degraded or non-existent. Violence presents a direct threat to staff security.

    Stringent security precautions essential and may not be sufficient to prevent serious incidents.

    Program activities may be suspended and staff withdrawn at very short notice.

    3.2.2 Develop travel procedures

    1. Work with your business leaders to build travel procedures for high-risk jurisdictions. The procedures should be tailored to the risk assessment and address the risk scenarios identified in Phase 2.
    2. Use the categories outlined in the next two slides to structure the procedure. Address all types of travel, detail security measures, and outline what the organization expects of travelers before, during, and after their trip.
    3. Consider the implementation of special measures to limit the impact of a potential security event, including:
      • Information end-user device loaner programs.
      • Temporary travel service email accounts.
    4. Specify what happens when staff add personal travel to their work trip to cover issues such as insurance, check-in, actual travel times, etc.
    5. Discuss the rationale for each procedure. Ensure the components align with the policy statements outlined in the high-risk travel policy developed in the previous step.

    Input

    Output

    • List of high-risk jurisdictions
    • Risk scenarios from Phase 2
    • High-risk travel policy
    • Travel procedures for high-risk jurisdictions

    Materials

    Participants

    • Whiteboard/flip charts
    • Jurisdictional Risk Register and Heatmap Tool
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Draft procedures to mitigate travel risks

    Address all types of travel, detail security measures, and outline what the organization expects of travelers before, during, and after their trip

    Introduction

    Clarifies who the procedures apply to. Highlights any differences in travel security requirements or support provided to staff, consultants, partners, and official visitors.

    Travel risk ratings

    Explains the travel or country risk rating system, how staff access the information, the different categories and indicators, and their implications.

    Roles and responsibilities

    Clarifies the responsibilities of travelers, their line managers or contact points, and senior management regarding travel security and how this changes for destinations with higher risk ratings.

    Travel authorization

    Stipulates who in the organization authorizes travel, the various compliance measures required, and how this changes for destinations with higher risk ratings.

    Travel risk assessment

    Explains when travel risk assessments are required, the template that should be used, and who approves the completed assessments.

    Travel security procedures should specify what happens when staff add personal travel to their work trip to cover issues such as insurance, check-in, actual travel times, etc.

    Pre-travel briefings

    Outlines the information that must be provided to travelers prior to departure, the type of briefing required and who provides it, and how these requirements change as risk ratings increase.

    Security training

    Explain security training required prior to travel. This may vary depending on the country’s risk rating. Includes information on training waiver system, including justifications and authorization.

    Traveler profile forms

    Travelers should complete a profile form, which includes personal details, emergency contacts, medical details, social media footprint, and proof-of-life questions (in contexts where there are abduction risks).

    Check-in protocol

    Specifies who travelers must maintain contact with while traveling and how often, as well as the escalation process in case of loss of contact. The frequency of check-ins should reflect the increase in the risk rating for the destination.

    Emergency procedures

    Outlines the organization's emergency procedures for security and medical emergencies.

    3.2.3 Design high-risk travel guidelines

    • Supplement the high-risk travel policies and procedures with guidelines to help international travelers stay safe.
    • The document is intended for an end-user audience and should reflect your organization’s policies and procedures for the use of information and information systems during international travel.
    • Use the Digital Safety Guidelines for International Travel template in concert with this blueprint to provide guidance on what end users can do to stay safe before they leave, during their trip, and when they return.
    • Consider integrating the guidelines into specialized security awareness training sessions that target end users who travel to high-risk jurisdictions.
    • The guidelines should supplement and align with existing technical controls.

    Input

    Output

    • List of high-risk jurisdictions
    • Risk scenarios from Phase 2
    • High-risk travel policy
    • High-risk travel procedure
    • Travel guidelines for high-risk jurisdictions

    Materials

    Participants

    • Whiteboard/flip charts
    • Jurisdictional Risk Register and Heatmap Tool
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Digital Safety Guidelines for International Travel template

    Step 3.3

    Mitigate Compliance Risk

    Activities

    3.3.1 Identify data localization obligations

    3.3.2 Integrate obligations into IT system design

    3.3.3 Document data processing activities

    3.3.4 Choose the right mechanism

    3.3.5 Implement the appropriate controls

    3.3.6 Identify data breach notification obligations

    3.3.7 Integrate data breach notification into incident response

    3.3.8 Identify vendor security and data protection requirements

    3.3.9 Build due diligence questionnaire

    3.3.10 Build appropriate data processing agreement

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Prioritize and treat global risks to critical assets based on their value and exposure.

    Compliance risk is a prevalent risk in organizations with a global footprint

    • The legal and regulatory landscape is evolving rapidly to keep step with the pace of technological change. Security and privacy leaders are expected to mitigate the risk of noncompliance as the organization expands to new jurisdictions.
    • Organizations with a global footprint must stay abreast of local regulations and provide risk management guidance to business leaders to support global operations.
    • This sections describes four compliance risks in this context:
      • Cross-border data transfer
      • Third-party risk management
      • Data breach notification
      • Data residency

    Compliance with local obligations

    Likelihood: Medium to High

    Impact: High

    Data Residency

    Gap Controls

    • Identify and document the data localization obligations for the jurisdictions that the organization is operating in.
    • Design and implement IT systems that satisfy the data localization requirements.
    • Comply with data localization obligations within each jurisdiction.

    Heatmap of Global Data Residency Regulations

    The image contains a screenshot of a picture of a world map with various shades of blue to demonstrate the heatmap of global data residency regulations.
    Source: InCountry, 2021

    Examples of Data Residency Requirements

    Country

    Data Type

    Local Storage Requirements

    Australia

    Personal data – heath record

    My Health Records Act 2012

    China

    Personal information — critical information infrastructure operators

    Cybersecurity law

    Government cloud data

    Opinions of the Office of the Central Leading Group for Cyberspace Affairs on Strengthening Cybersecurity Administration of Cloud Computing Services for Communist Party and Government Agencies

    India

    Government email data

    The Public Records Act of 1993

    Indonesia

    Data held by electronic system operator for the public service

    Regulation 82 concerning “Electronic System and Transaction Operation”

    Germany

    Government cloud service data

    Criteria for the procurement and use of cloud services by the federal German administration

    Russia

    Personal data

    The amendments of Data Protection Act No. 152 FZ

    Vietnam

    Data held by internet service providers

    The Decree on Management, Provision, and Use of Internet Services and Information Content Online (Decree 72)

    US

    Government cloud service data

    Defense Federal Acquisition Regulation Supplement: Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013-D018)

    3.3.1 Identify data localization obligations

    1-2 hours

    1. Work with your business leaders to identify and document the jurisdictions where your organization is operating in or providing services and products to consumers within.
    2. Work with your legal team to identify and document all relevant data localization obligations for the data your organization generates, collects, and processes in order to operate your business.
    3. Record your data localization obligations in the table below.

    Jurisdiction

    Relevant Regulations

    Local Storage Requirements

    Date Type

    Input

    Output

    • List of jurisdictions your organization is operating in
    • Relevant security and data protection regulations
    • Data inventory and data flows
    • Completed list of data localization obligations

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Privacy team
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.2 Integrate obligations into your IT system design

    1-2 hours

    1. Work with your IT department to design the IT architecture and systems to satisfy the data localization requirements.
    2. The table below provides a checklist for integrating privacy considerations into your IT systems.

    Item

    Consideration

    Answer

    Supporting Document

    1

    Have you identified business services that process data that will be subject to localization requirements?

    2

    Have you identified IT systems associated with the business services mentioned above?

    3

    Have you established a data inventory (i.e. data types, business purposes) for the IT systems mentioned above?

    4

    Have you established a data flow diagram for the data identified above?

    5

    Have you identified the types of data that should be stored locally?

    6

    Have you confirmed whether a copy of the data locally stored will satisfy the obligations?

    7

    Have you confirmed whether an IT redesign is needed or whether modifications (e.g. adding a server) to the IT systems would satisfy the obligations?

    8

    Have you confirmed whether access from another jurisdiction is allowed?

    9

    Have you identified how long the data should be stored?

    Input

    Output

    • Data localization obligations
    • Business services that process data that will be subject to localization requirements
    • IT systems associated with business services
    • Data inventory and data flows
    • Completed checklist of localization obligations for IT system design

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Privacy team
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    Compliance with local obligations

    Likelihood: Medium to High

    Impact: High

    Cross-Border Transfer

    Gap Controls

    • Know where you transfer your data.
    • Identify jurisdictions that your organization is operating in and that impose different requirements for the cross-border transfer of personal data.
    • Adopt and implement a proper cross-border data transfer mechanism in accordance with applicable privacy laws and regulations.
    • Re-evaluate at appropriate intervals.

    Which cross-border transfer mechanism should I choose?

    Transfer Mechanism

    Advantages

    Disadvantages

    Standard Contractual Clauses (SCC)

    • Easy to implement
    • No DPA (data processing agreement) approval
    • Not suitable for complex data transfers
    • Do not meet business agility
    • Needs legal solution

    Binding Corporate Rules (BCRs)

    • Meets business agility needs
    • Raises trust in the organization
    • Doubles as solution for art. 24/25 of the GDPR
    • Sets high compliance maturity level
    • Takes time to draft/implement
    • Requires DPA approval (scrutiny)
    • Requires culture of compliance
    • Approved by one "lead" authority and two other "co-lead“ authorities
    • Takes usually between six and nine months for the approval process only

    Code of Conduct

    • Raises trust in the sector
    • Self-regulation instead of law
    • No code of conduct approved yet
    • Takes time to draft/implement
    • Requires DPA approval and culture of compliance
    • Needs of organization may not be met

    Certification

    • Raises trust in the organization
    • No certification schemes available yet
    • Risk of compliance at minimum necessary
    • Requires audits

    Consent

    • Legal certainty
    • Transparent
    • Administrative burden
    • Some data subjects are incapable of consenting all or nothing

    3.3.3 Document data processing activities

    1-2 hours

    1. Identify and document the following information:
      • Name of business process
      • Purposes of processing
      • Lawful basis
      • Categories of data subjects and personal data
      • Data subject categories
      • Which system the data resides in
      • Recipient categories
      • Third country/international organization
      • Documents for appropriate safeguards for international transfer (adequacy, SCCs, BCRs, etc.)
      • Description of mitigating measures

    Input

    Output

    • Name of business process
    • Categories of personal data
    • Which system the data resides
    • Third country/international organization
    • Documents for appropriate safeguards for international transfer
    • Completed list of data processing activities

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Privacy team
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.4 Choose the right mechanism

    1-2 hours

    1. Identify jurisdictions that your organization is operating in and that impose different requirements for the cross-border transfer of personal data. For example, the EU’s GDPR and China’s Personal Information Protection Law require proper cross-border transfer mechanisms before the data transfers. Your organization should decide which cross-border transfer mechanism is the best fit for your cross-border data transfer scenarios.
    2. Use the following table to identify and document the pros and cons of each data transfer mechanism and the final decision.

    Data Transfer Mechanism

    Pros

    Cons

    Final Decision

    SCC

    BCR

    Code of Conduct

    Certification

    Consent

    Input

    Output

    • List of relevant data transfer mechanisms
    • Assessment of the pros and cons of each mechanism
    • Final decision regarding which data transfer mechanism is the best fit for your organization

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Privacy team
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.5 Implement the appropriate controls

    1-3 hours

    • One of the most common mechanisms is standard contractual clauses (SCCs).
    • Use Info-Tech’s Standard Contractual Clauses Template to facilitate your cross-border transfer activities.
    • Identify and check whether the following core components are covered in your SCC and record the results in the table below.
    # Core Components Status Note
    1 Purpose and scope
    2 Effect and invariability of the Clauses
    3 Description of the transfer(s)
    4 Data protection safeguards
    5 Purpose limitation
    6 Transparency
    7 Accuracy and data minimization
    8 Duration of processing and erasure or return of data
    9 Storage limitation
    10 Security of processing
    11 Sensitive data
    12 Onward transfers
    13 Processing under the authority of the data importer
    14 Documentation and compliance
    15 Use of subprocessors
    16 Data subject rights
    17 Redress
    18 Liability
    19 Local laws and practices affecting compliance with the Clauses
    20 Noncompliance with the Clauses and termination
    21 Description of data processing activities, such as list of parties, description of transfer, etc.
    22 Technical and organizational measures
    InputOutput
    • Description of the transfer(s)
    • Duration of processing and erasure or return of data
    • Onward transfers
    • Use of subprocessors
    • Etc.
    • Draft of the standard contractual clauses (SCC)
    MaterialsParticipants
    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    Compliance with local obligations

    Likelihood: High

    Impact: Medium to High

    Data Breach

    Gap Controls

    • Identify jurisdictions that your organization is operating in and that impose different obligations for data breach reporting.
    • Document the notification obligations for various business scenarios, such as controller to DPA, controller to data subject, and processor to controller.
    • Integrate breach notification obligations into security incident response process.

    Examples of Data Breach Notification Obligations

    Location

    Regulation/ Standard

    Reporting Obligation

    EU

    GDPR

    72 hours

    China

    PIPL

    Immediately

    US

    HIPAA

    No later than 60 days

    Canada

    PIPEDA

    As soon as feasible

    Global

    PCI DSS

    • Visa – immediately after breach discovered
    • Mastercard – within 24 hours of discovering breach
    • American Express – immediately after breach discovered

    Summary of US State Data Breach Notification Statutes

    The image contains a graph to show the summary of the US State Data Breach Notification Statutes.

    Source: Davis Wright Tremaine

    3.3.6 Identify data breach notification obligations

    1-2 hours

    1. Identify jurisdictions that your organization is operating in and that impose different obligations for data breach reporting.
    2. Document the notification obligations for various business scenarios, such as controller to DPA, controller to data subject, and processor to controller.
    3. Record your data breach obligations in the table below.
    Region Regulation/Standard Reporting Obligation

    Input

    Output

    • List of regions and jurisdictions your business is operating in
    • List of relevant regulations and standards
    • Documentation of data breach reporting obligations in applicable jurisdictions

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.7 Integrate data breach notification into incident response

    1-2 hours

    • Integrate breach notification obligations into the security incident response process. Understand the security incident management framework.
    • All incident runbooks follow the same process: detection, analysis, containment, eradication, recovery, and post-incident activity.
    • The table below provides a basic checklist for you to consider when implementing your data breach and incident handling process.
    # Phase Considerations Status Notes
    1 Prepare Ensure the appropriate resources are available to best handle an incident.
    2 Detect Leverage monitoring controls to actively detect threats.
    3 Analyze Distill real events from false positives.
    4 Contain Isolate the threat before it can cause additional damage.
    5 Eradicate Eliminate the threat from your operating environment.
    6 Recover Restore impacted systems to a normal state of operations.
    7 Report Report data breaches to relevant regulators and data subjects if required.
    8 Post-Incident Activities Conduct a lessons-learned post-mortem analysis.
    InputOutput
    • Security and data protection incident response steps
    • Key considerations for integrating data breach notifications into incident response
    • Data breach notifications integrated into the incident response process
    MaterialsParticipants
    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Security team
    • Privacy team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    Compliance with local obligations

    Likelihood: High

    Impact: Medium to High

    Third-Party Risk

    Gap Controls

    • Build an end-to-end third-party security and privacy risk management process.
    • Perform internal due diligence prior to selecting a service provider.
    • Stipulate the security and privacy protection obligations of the third party in a legally binding document such as contract or data processing agreement, etc.

    End-to-End Third-Party Security and Privacy Risk Management

    1. Pre-Contract
    • Due diligence check
  • Signing of Contract
    • Data processing agreement
  • Post-Contract
    • Continuous monitoring
    • Regular check or audit
  • Termination of Contract
    • Data deletion
    • Access deprovisioning

    Examples of Vendor Security Management Requirements

    Region

    Law/Standard

    Section

    EU

    General Data Protection Regulation (GDPR)

    Article 28 (1)

    Article 46 (1)

    US

    Health Insurance Portability and Accountability Act (HIPAA)

    §164.308(b)(1)

    US

    New York Department of Financial Services Cybersecurity Requirements

    500.11(a)

    Global

    ISO 27002:2013

    15.1.1

    15.1.2

    15.1.3

    15.2.1

    15.2.2

    US

    NIST 800-53

    SA-12

    SA-12 (2)

    US

    NIST Cybersecurity Framework

    ID-SC-1

    ID-SC-2

    ID-SC-3

    ID-SC-4

    Canada

    OSFI Cybersecurity Guidelines

    4.25

    4.26

    3.3.8 Identify vendor security and data protection requirements

    1-2 hours

    • Effective vendor security risk management is an end-to-end process that includes assessment, risk mitigation, and periodic reassessments.
    • An efficient and effective assessment process can only be achieved when all stakeholders are participating.
    • Identify and document your vendor security and data protection requirements in the table below.
    Region Law/Standard Section Requirements

    Input

    Output

    • List of regions and jurisdictions your business is operating in
    • List of relevant regulations and standards
    • Documentation of vendor security and data protection obligations in applicable jurisdictions

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.9 Build due diligence questionnaire

    1-2 hours

    Perform internal due diligence prior to selecting a service provider.

    1. Build and right-size your vendor security questionnaire by leveraging Info-Tech’s Vendor Security Questionnaire template.
    2. Document your vendor security questionnaire in the table below.
    # Question Vendor Request Vendor Comments
    1 Document Requests
    2 Asset Management
    3 Governance
    4 Supply Chain Risk Management
    5 Identify Management, Authentication, and Access Control
    InputOutput
    • List of regions and jurisdictions your business is operating in
    • List of relevant regulations and standards
    • Business security and data protection requirements and expectations
    • Draft of due diligence questionnaire
    MaterialsParticipants
    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.10 Build appropriate data processing agreement

    1-2 hours

    1. Stipulate the security and privacy protection obligations of the third party in a legally binding document such as contract or data processing agreement, etc.
    2. Leverage Info-Tech’s Data Processing Agreement Template to put the language into your legally binding document.
    3. Use the table below to check whether core components of a typical DPA are covered in your document.
    # Core Components Status Note
    1 Processing of personal data
    2 Scope of application and responsibilities
    3 Processor's obligations
    4

    Controller's obligations

    5 Data subject requests
    6 Right to audit and inspection
    7 Subprocessing
    8 Data breach management
    9 Security controls
    10 Transfer of personal data
    11 Duty of confidentiality
    12 Compliance with applicable laws
    13 Service termination
    14 Liability and damages
    InputOutput
    • Processing of personal data
    • Processor’s obligations
    • Controller’s obligations
    • Subprocessing
    • Etc.
    • Draft of data processing agreement (DPA)
    MaterialsParticipants
    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    Summary of Accomplishment

    Problem Solved

    By following Info-Tech’s methodology for securing global operations, you have:

    • Evaluated the security context of your organization’s global operations.
    • Identified security risks scenarios unique to high-risk jurisdictions and assessed the exposure of critical assets.
    • Planned and executed a response.

    You have gone through a deeper analysis of two key risk scenarios that affect global operations:

    • Travel to high-risk jurisdictions.
    • Compliance risk.

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

    Contact your account representative for more information.

    workshop@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    The image contains a picture of Michel Hebert.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    The image contains a screenshot of High-Risk Travel Jurisdictions.

    Identify High-Risk Jurisdictions

    Develop requirements to identify high-risk jurisdictions.

    The image contains a screenshot of Build Risk Scenarios.

    Build Risk Scenarios

    Build risk scenarios to capture assets, vulnerabilities, threats, and the potential effect of a compromise.

    External Research Contributors

    Ken Muir

    CISO

    LMC Security

    Premchand Kurup

    CEO

    Paramount Computer Systems

    Preeti Dhawan

    Manager, Security Governance

    Payments Canada

    Scott Wiggins

    Information Risk and Governance

    CDPHP

    Fritz Y. Jean Louis

    CISO

    Globe and Mail

    Eric Gervais

    CIO

    Ovivo Water

    David Morrish

    CEO

    MBS Techservices

    Evan Garland

    Manager, IT Security

    Camosun College

    Jacopo Fumagalli

    CISO

    Axpo

    Dennis Leon

    Governance and Security Manager

    CPA Canada

    Tero Lehtinen

    CIO

    Planmeca Oy

    Related Info-Tech Research

    Build an IT Risk Management Program

    • Build a program to identify, evaluate, assess, and treat IT risks.
    • Monitor and communicate risks effectively to support business decision making.

    Combine Security Risk Management Components Into One Program

    • Develop a program focused on assessing and managing information system risks.
    • Build a governance structure that integrates security risks within the organization’s broader approach to risk management.

    Build an Information Security Strategy

    • Build a holistic, risk-aware strategy that aligns to business goals.
    • Develop a roadmap of prioritized initiatives to implement the strategy over 18 to 36 months.

    Bibliography

    2022 Cost of Insider Threats Global Report.” Ponemon Institute, NOVIPRO, 9 Feb. 2022. Accessed 25 May 22.

    “Allianz Risk Barometer 2022.” Allianz Global Corporate & Specialty, Jan. 2022. Accessed 25 May 22.

    Bickley, Shaun. “Security Risk Management: a basic guide for smaller NGOs”. European Interagency Security Forum (EISF), 2017. Web.

    “Biden Administration Warns against spyware targeting dissidents.” New York Times, 7 Jan 22. Accessed 20 Jan 2022.

    Boehm, Jim, et al. “The risk-based approach to cybersecurity.” McKinsey & Company, October 2019. Web.

    “Cost of a Data Breach Report 2021.” IBM Security, July 2021. Web.

    “Cyber Risk in Asia-Pacific: The Case for Greater Transparency.” Marsh & McLennan Companies, 2017. Web.

    “Cyber Risk Index.” NordVPN, 2020. Accessed 25 May 22

    Dawson, Maurice. “Applying a holistic cybersecurity framework for global IT organizations.” Business Information Review, vol. 35, no. 2, 2018, pp. 60-67.

    “Framework for improving critical infrastructure cybersecurity.” National Institute of Standards and Technology, 16 Apr 2018. Web.

    “Global Cybersecurity Index 2020.” International Telecommunication Union (ITU), 2021. Accessed 25 May 22.

    “Global Risk Survey 2022.” Control Risks, 2022. Accessed 25 May 22.

    “International Travel Guidance for Government Mobile Devices.” Federal Mobility Group (FMG), Aug. 2021. Accessed 18 Nov 2021.

    Kaffenberger, Lincoln, and Emanuel Kopp. “Cyber Risk Scenarios, the Financial System, and Systemic Risk Assessment.” Carnegie Endowment for International Peace, September 2019. Accessed 11 Jan 2022.

    Koehler, Thomas R. Understanding Cyber Risk. Routledge, 2018.

    Owens, Brian. “Cybersecurity for the travelling scientist.” Nature, vol. 548, 3 Aug 2017. Accessed 19 Jan. 2022.

    Parsons, Fintan J., et al. “Cybersecurity risks and recommendations for international travellers.” Journal of Travel Medicine, vol. 1, no. 4, 2021. Accessed 19 Jan 2022.

    Quinn, Stephen, et al. “Identifying and estimating cybersecurity risk for enterprise risk management.” National Institute of Standards and Technology (NIST), Interagency or Internal Report (IR) 8286A, Nov. 2021.

    Quinn, Stephen, et al. “Prioritizing cybersecurity risk for enterprise risk management.” NIST, IR 8286B, Sept. 2021.

    “Remaining cyber safe while travelling security recommendations.” Government of Canada, 27 April 2022. Accessed 31 Jan 2022.

    Stine, Kevin, et al. “Integrating cybersecurity and enterprise risk management.” NIST, IR 8286, Oct. 2020.

    Tammineedi, Rama. “Integrating KRIs and KPIs for effective technology risk management.” ISACA Journal, vol. 4, 1 July 2018.

    Tikk, Eneken, and Mika Kerttunen, editors. Routledge Handbook of International Cybersecurity. Routledge, 2020.

    Voo, Julia, et al. “National Cyber Power Index 2020.” Belfer Center for Science and International Affairs, Harvard Kennedy School, Sept. 2020. Web.

    Zhang, Fang. “Navigating cybersecurity risks in international trade.” Harvard Business Review, Dec 2021. Accessed 31 Jan 22.

    Appendix

    Insider Threat

    Key Risk Scenario

    Likelihood: Medium to High

    Impact: High

    Gap Controls

    The image contains a picture of the Gap Controls. The controls include: Policy and Awareness, Identification, Monitoring and Visibility, which leads to Cooperation.

    • Identification: Effective and efficient management of insider threats begins with a threat and risk assessment to establish which assets and which employees to consider, especially in jurisdictions associated with sensitive or critical data. You need to pay extra attention to employees who are working in satellite offices in jurisdictions with loose security and privacy laws.
    • Monitoring and Visibility: Organizations should monitor critical assets and groups with privileged access to defend against malicious behavior. Implement an insider threat management platform that provides your organization with the visibility and context into data movement, especially cross-border transfers that might cause security and privacy breaches.
    • Policy and Awareness Training: Insider threats will persist without appropriate action and culture change. Training and consistent communication of best practices will mitigate vulnerabilities to accidental or negligent attacks. Customized training materials using local languages and role-based case studies might be needed for employees in high-risk jurisdictions.
    • Cooperation: An effective insider threat management program should be built with cross-team functions such as Security, IT, Compliance and Legal, etc.

    For more holistic approach, you can leverage our Reduce and Manage Your Organization’s Insider Threat Risk blueprint.

    Info-Tech Insight

    You can’t just throw tools at a human problem. While organizations should monitor critical assets and groups with privileged access to defend against malicious behavior, good management and supervision can help detect attacks and prevent them from happening in the first place.

    Insider threats are not industry specific, but malicious insiders are

    Industry

    Actors

    Risks

    Tactics

    Motives

    State and Local Government

    • Full-time employees
    • Current employees
    • Privileged access to personally identifiable information, financial assets, and physical property
    • Abuse of privileged access
    • Received or transferred fraudulent funds
    • Financial gain
    • Recognition
    • Benefiting foreign entity

    Information Technology

    • Equal mix of former and current employees
    • Privileged access to networks or systems as well as data
    • Highly technical attacks
    • Received or transferred fraudulent funds
    • Revenge
    • Financial gain

    Healthcare

    • Majority were full-time and current employees
    • Privileged access to customer data with personally identifiable information, financial assets
    • Abuse of privileged access
    • Received or transferred fraudulent funds
    • Financial gain
    • Entitlement

    Finance and Insurance

    • Majority were full-time and current employees
    • Authorized users
    • Electronic financial assets
    • Privileged access to customer data
    • Created or used fraudulent accounts
    • Fraudulent purchases
    • Identity theft
    • Financial gain
    • Gambling addiction
    • Family pressures
    • Multiple motivations

    Source: Carnegie Mellon University Software Engineering Institute, 2019

    Advanced Persistent Threat

    Key Risk Scenario #4

    Likelihood: Medium to High

    Impact: High

    Gap Controls

    The image contains a screenshot of the Gap Controls listed: Prevent, Detect, Analyze, Respond.

    Prevent: Defense in depth is the best approach to protect against unknown and unpredictable attacks. Effective anti-malware, diligent patching and vulnerability management, and strong human-centric security are essential.

    Detect: There are two types of companies – those who have been breached and know it, and those who have been breached and don’t know it. Ensure that monitoring, logging, and event detection tools are in place and appropriate to your organizational needs.

    Analyze: Raw data without interpretation cannot improve security and is a waste of time, money, and effort. Establish a tiered operational process that not only enriches data but also provides visibility into your threat landscape.

    Respond: Organizations can’t rely on ad hoc response anymore – don’t wait until a state of panic. Formalize your response processes in a detailed incident runbook to reduce incident remediation time and effort.

    Best practices moving forward

    Defense in Depth

    Lock down your organization. Among other tactics, control administrative privileges, leverage threat intelligence, use IP whitelisting, adopt endpoint protection and two-factor authentication, and formalize incident response measures.

    Block Indicators

    Information alone is not actionable. A successful threat intelligence program contextualizes threat data, aligns intelligence with business objectives, and then builds processes to satisfy those objectives. Actively block indicators and act upon gathered intelligence.

    Drive Adoption

    Create organizational situational awareness around security initiatives to drive adoption of foundational security measures: network hardening, threat intelligence, red-teaming exercises, and zero-day mitigation, policies, and procedures.

    Supply Chain Security

    Security extends beyond your organization. Ensure your organization has a comprehensive view of your organizational threat landscape and a clear understanding of the security posture of any managed service providers in your supply chain.

    Awareness and Training

    Conduct security awareness and training. Teach end users how to recognize current cyberattacks before they fall victim – this is a mandatory first line of defense.

    Additional Resources

    Follow only official sources of information to help you assess risk

    The image contains an image highlighting a few additional resources.

    As misinformation is a major attack vector for malicious actors, follow only reliable sources for cyberalerts and actionable intelligence. Aggregate information from these reliable sources.

    Federal Cyber Agency Alerts

    Informational Resources

    Info-Tech Insight

    The CISA Shields Up site provides the latest cyber risk updates on the Russia-Ukraine conflict and should provide the most value in staying informed.

    Cost and Budget Management

    • Buy Link or Shortcode: {j2store}8|cart{/j2store}
    • Related Products: {j2store}8|crosssells{/j2store}
    • Up-Sell: {j2store}8|upsells{/j2store}
    • member rating overall impact: 9.5/10
    • member rating average dollars saved: $2,000
    • member rating average days saved: 5
    • Parent Category Name: Financial Management
    • Parent Category Link: /financial-management
    • byline: Effective IT budgets tell a story.

    The challenge

    • IT is seen as a cost center in most organizations. Your IT spend is fuelled by negative sentiment instead of contributing to business value.

    • Budgetary approval is difficult, and in many cases, the starting point is lowering the cost-income ratio without looking at the benefits.
    • Provide the right amount of detail in your budgets to tell your investment and spending story. Align it with the business story. Too much detail only increases confusion, too little suspicion.

    Our advice

    Insight

    An effective IT budget complements the business story with how you will achieve the expected business targets.

    • Partner with the business to understand the strategic direction of the company and its future needs.
    • Know your costs and the value you will deliver.
    • Present your numbers and story clearly and credibly. Excellent delivery is part of good communication.
    • Guide your company by clearly explaining the implications of different choices they can make.

    Impact and results 

    • Get a head-start on your IT forecasting exercise by knowing the business strategy and what initiatives they will launch.
    • The coffee corner works! Pre-sell your ideas in quick chats.
    • Do not make innovation budgets bigger than they need to be. It undermines your credibility.
    • You must know your history to accurately forecast your IT operations cost and how it will evolve based on expected business changes.
    • Anticipate questions. IT discretionary proposals are often challenged. Think ahead of time about what areas your business partners will focus on and be ready with researched and credible responses.
    • When you have an optimized budget, tie further cost reductions to consequences in service delivery or deferred projects, or a changed operating model.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why you should develop a budget based on value delivery. We'll show you our methodology and the ways we can help you in completing this.

    Plan for budget success

    • Build an IT Budget That Demonstrates Value Delivery – Phase 1: Plan (ppt)
    • IT Budget Interview Guide (doc)

    Build your budget.

    • Build an IT Budget That Demonstrates Value Delivery – Phase 2: Build (ppt)
    • IT Cost Forecasting Tool (xls)

    Sell your budget

    • Build an IT Budget That Demonstrates Value Delivery – Phase 3: Sell (ppt)
    • IT Budget Presentation (ppt)

     

    Improve Service Desk Ticket Intake

    • Buy Link or Shortcode: {j2store}481|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk

    • Customers expect a consumer experience with IT. It won’t be long until this expectation expands to IT service support.
    • Messaging and threads are becoming central to how businesses organize information and conversations, but voice isn’t going away. It is still by far people’s favorite channel.
    • Tickets are becoming more complicated. BYOD, telework, and SaaS products present a perfect storm.
    • Traditional service metrics are not made for self service. Your mean-time-to-resolve will increase and first-contact resolution will decrease.

    Our Advice

    Critical Insight

    • Bring the service desk to the people. Select channels that are most familiar to your users, and make it as easy possible to talk to a human.
    • Integrate channels. Users should have a consistent experience, and technicians should know user history.
    • Don’t forget the human aspect. People aren’t always good with technology. Allow them to contact a person if they are struggling.

    Impact and Result

    • Define which channels will be prioritized.
    • Identify improvements to these channels based on best practices and our members’ experiences.
    • Streamline your ticket intake process to remove unnecessary steps.
    • Prioritize improvements based on their value. Implement a set of improvements every quarter.

    Improve Service Desk Ticket Intake Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should improve your ticket intake, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define and prioritize ticket channels

    Align your improvements with business goals and the shift-left strategy.

    • Improve Service Desk Ticket Intake – Phase 1: Define and Prioritize Ticket Channels
    • Service Desk Maturity Assessment
    • Service Desk Improvement Presentation Template

    2. Improve ticket channels

    Record potential improvements in your CSI Register, as you review best practices for each channel.

    • Improve Service Desk Ticket Intake – Phase 2: Improve Ticket Channels
    • Service Desk Continual Improvement Roadmap
    • Service Desk Ticket Intake Workflow Samples (Visio)
    • Service Desk Ticket Intake Workflow Samples (PDF)
    • Service Definition Checklist
    • Service Desk Site Visit Checklist Template

    3. Define next steps

    Streamline your ticket intake process and prioritize opportunities for improvement.

    • Improve Service Desk Ticket Intake – Phase 3: Define Next Steps
    [infographic]

    Workshop: Improve Service Desk Ticket Intake

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Optimize Ticket Channels

    The Purpose

    Brainstorm improvements to your systems and processes that will help you optimize.

    Key Benefits Achieved

    Develop a single point of contact.

    Reduce the time before a technician can start productively working on a ticket.

    Enable Tier 1 and end users to complete more tickets.

    Activities

    1.1 Prioritize channels for improvement.

    1.2 Optimize the voice channel.

    1.3 Identify improvements for self service.

    1.4 Improve Tier 1 agents’ access to information.

    1.5 Optimize supplementary ticket channels.

    Outputs

    Action items to improve the voice channel.

    Populated CSI Register for self-service channels.

    Identified action items for the knowledgebase.

    Populated CSI Register for additional ticket channels.

    2 Streamline Ticket Intake

    The Purpose

    Create long-term growth by taking a sustainable approach to improvements.

    Key Benefits Achieved

    Streamline your overall ticket intake process for incidents and service requests.

    Activities

    2.1 Map out the incident intake processes.

    2.2 Identify opportunities to streamline the incident workflow.

    2.3 Map out the request processes.

    2.4 Identify opportunities to streamline the request workflow.

    Outputs

    Streamlined incident intake process.

    Streamlined request intake process.

    Populated CSI Register for request intake.

    AI Trends 2023

    • Buy Link or Shortcode: {j2store}207|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy

    As AI technologies are constantly evolving, organizations are looking for AI trends and research developments to understand the future applications of AI in their industries.

    Our Advice

    Critical Insight

    • Understanding trends and the focus of current and future AI research helps to define how AI will drive an organization’s new strategic opportunities.
    • Understanding the potential application of AI and its promise can help plan the future investments in AI-powered technologies and systems.

    Impact and Result

    Understanding AI trends and developments enables an organization’s competitive advantage.

    AI Trends 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. AI Trends 2023 – An overview of trends that will continue to drive AI innovation.

    • AI Trends Report 2023
    [infographic]

    Further reading

    AI Trends Report 2023

    The eight trends:

    1. Design for AI
    2. Event-Based Insights
    3. Synthetic Data
    4. Edge AI
    5. AI in Science and Engineering
    6. AI Reasoning
    7. Digital Twin
    8. Combinatorial Optimization
    Challenges that slowed the adoption of AI

    To overcome the challenges, enterprises adopted different strategies

    Data Readiness

    • Lack of unified systems and unified data
    • Data quality issues
    • Lack of the right data required for machine learning
    • Improve data management capabilities, including data governance and data initiatives
    • Create data catalogs
    • Document data and information architecture
    • Solve data-related problems including data quality, privacy, and ethics

    ML Operations Capabilities

    • Lack of tools, technologies, and methodologies to operationalize models created by data scientists
    • Increase availability of cloud platforms, tools, and capabilities
    • Develop and grow machine learning operations (MLOps) tools, platforms, and methodologies to enable model operationalizing and monitoring in production

    Understanding of AI Role and Its Business Value

    • Lack of understanding of AI use cases – how AI/ML can be applied to solve specific business problems
    • Lack of understanding how to define the business value of AI investments
    • Identify AI C-suite toolkits (for example, Empowering AI Leadership from the World Economic Forum, 2022)
    • Document industry use cases
    • Use frameworks and tools to define business value for AI investments

    Design for AI

    Sustainable AI system design needs to consider several aspects: the business application of the system, data, software and hardware, governance, privacy, and security.

    It is important to define from the beginning how AI will be used by and for the application to clearly articulate business value, manage expectations, and set goals for the implementation.

    Design for AI will change how we store and manage data and how we approach the use of data for development and operation of AI systems.

    An AI system design approach should cover all stages of AI lifecycle, from design to maintenance. It should also support and enable iterative development of an AI system.

    To take advantage of different tools and technologies for AI system development, deployment, and monitoring, the design of an AI system should consider software and hardware needs and design for seamless and efficient integrations of all components of the system and with other existing systems within the enterprise.

    AI in Science and Engineering

    AI helps sequence genomes to identify variants in a person’s DNA that indicate genetic disorders. It allows researchers to model and calculate complicated physics processes, to forecast the genesis of the universe’s structure, and to understand planet ecosystem to help advance the climate research. AI drives advances in drug discovery and can assist with molecule synthesis and molecular property identification.

    AI finds application in all areas of science and engineering. The role of AI in science will grow and allow scientists to innovate faster.

    AI will further contribute to scientific understanding by assisting scientists in deriving new insights, generating new ideas and connections, generalizing scientific concepts, and transferring them between areas of scientific research.

    Using synthetic data and combining physical and machine learning models and other advances of AI/ML – such as graphs, use of unstructured data (language models), and computer vision – will accelerate the use of AI in science and engineering.

    Event- and Scenario-Driven AI

    AI-driven signal-gathering systems analyze a continuous stream of data to generate insights and predictions that enable strategic decision modeling and scenario planning by providing understanding of how and what areas of business might be impacted by certain events.

    AI enables the scenario-based approach to drive insights through pattern identification in addition to familiar pattern recognition, helping to understand how events are related.

    A system with anticipatory capabilities requires an event-driven architecture that enables gathering and analyzing different types of data (text, video, images) across multiple channels (social media, transactional systems, news feeds, etc.) for event-driven and event-sequencing modeling.

    ML simulation-based training of the model using advanced techniques under the umbrella of Reinforcement Learning in conjunction with statistically robust Bayesian probabilistic framework will aid in setting up future trends in AI.

    AI Reasoning

    Most of the applications of machine learning and AI today is about predicting future behaviors based on historical data and past behaviors. We can predict what product the customer would most likely buy or the price of a house when it goes on sale.

    Most of the current algorithms use the correlation between different parameters to make a prediction, for example, the correlation between the event and the outcome can look like “When X occurs, we can predict that Y will occur.” This, however, does not translate into “Y occurred because of X.”

    The development of a causal AI that uses causal inference to reason and identify the root cause and the causal relationships between variables without mistaking correlation and causation is still in its early stages but rapidly evolving.

    Some of the algorithms that the researchers are working with are casual graph models and algorithms that are at the intersection of causal inference with decision making and reinforcement learning (Causal Artificial Intelligence Lab, 2022).

    Synthetic Data

    Synthetic data is artificially generated data that mimics the structure of real-life data. It should also have the same mathematical and statistical properties as the real-world data that it is created to replicate.

    Synthetic data is used to train machine learning models when there is not enough real data or the existing data does not meet specific needs. It allows users to remove contextual bias from data sets containing personal data, prevent privacy concerns, and ensure compliance with privacy laws and regulations.

    Another application of synthetic data is solving data-sharing challenges.

    Researchers learned that quite often synthetic data sets outperform real-world data. Recently, a team of researchers at MIT built a synthetic data set of 150,000 video clips capturing human actions and used that data set to train the model. The researchers found that “the synthetically trained models performed even better than models trained on real data for videos that have fewer background objects” (MIT News Office, 2022).

    Today, synthetic data is used in language systems, in training self-driving cars, in improving fraud detection, and in clinical research, just to name a few examples.

    Synthetic data opens the doors for innovation across all industries and applications of AI by enabling access to data for any scenario and technology and business needs.

    Digital Twins

    Digital twins (DT) are virtual replicas of physical objects, devices, people, places, processes, and systems. In Manufacturing, almost every product and manufacturing process can have a complete digital replica of itself thanks to IoT, streaming data, and cheap cloud storage.

    All this data has allowed for complex simulations of, for example, how a piece of equipment will perform over time to predict future failures before they happen, reducing costly maintenance and extending equipment lifetime.

    In addition to predictive maintenance, DT and AI technologies have enabled organizations to design and digitally test complex equipment such as aircraft engines, trains, offshore oil platforms, and wind turbines before physically manufacturing them. This helps to improve product and process quality, manufacturing efficiency, and costs. DT technology also finds applications in architecture, construction, energy, infrastructure industries, and even retail.

    Digital twins combined with the metaverse provide a collaborative and interactive environment with immersive experience and real-time physics capabilities (as an example, Siemens presented an Immersive Digital Twin of a Plant at the Collision 2022 conference).

    Future trends include enabling autonomous behavior of a DT. An advanced DT can replicate itself as it moves into several devices, hence requiring the autonomous property. Such autonomous behavior of the DT will in turn influence the growth and further advancement of AI.

    Edge AI

    A simple definition for edge AI: A combination of edge computing and artificial intelligence, it enables the deployment of AI applications in devices of the physical world, in the field, where the data is located, such as IoT devices, devices on the manufacturing floor, healthcare devices, or a self-driving car.

    Edge AI integrates AI into edge computing devices for quicker and improved data processing and smart automation.

    The main benefits of edge AI include:

    • Real-time data processing capabilities to reduce latency and enable near real-time analytics and insights.
    • Reduced cost and bandwidth requirements as there is no need to transfer data to the cloud for computing.
    • Increased data security as the data is processed locally, on the device, reducing the risk of loss of sensitive data.
    • Improved automation by training machines to perform automated tasks.

    Edge AI is already used in a variety of applications and use cases including computer vision, geospatial intelligence, object detection, drones, and health monitoring devices.

    Combinatorial Optimization

    “Combinatorial optimization is a subfield of mathematical optimization that consists of finding an optimal object from a finite set of objects” (Wikipedia, retrieved December 2022).

    Applications of combinatorial optimization include:

    • Supply chain optimization
    • Scheduling and logistics, for example, vehicle routing where the trucks are making stops for pickup and deliveries
    • Operations optimization

    Classical combinatorial optimization (CO) techniques were widely used in operations research and played a major role in earlier developments of AI.

    The introduction of deep learning algorithms in recent years allowed researchers to combine neural network and conventional optimization algorithms; for example, incorporating neural combinatorial optimization algorithms in the conventional optimization framework. Researchers confirmed that certain combinations of these frameworks and algorithms can provide significant performance improvements.

    The research in this space continues and we look forward to learning how machine learning and AI (backtracking algorithms, reinforcement learning, deep learning, graph attention networks, and others) will be used for solving challenging combinatorial and decision-making problems.

    References

    “AI Can Power Scenario Planning for Real-Time Strategic Insights.” The Wall Street Journal, CFO Journal, content by Deloitte, 7 June 2021. Accessed 11 Dec. 2022.
    Ali Fdal, Omar. “Synthetic Data: 4 Use Cases in Modern Enterprises.” DATAVERSITY, 5 May 2022. Accessed
    11 Dec. 2022.
    Andrews, Gerard. “What Is Synthetic Data?” NVIDIA, 8 June 2021. Accessed 11 Dec. 2022.
    Bareinboim, Elias. “Causal Reinforcement Learning.” Causal AI, 2020. Accessed 11 Dec. 2022.
    Bengio, Yoshua, Andrea Lodi, and Antoine Prouvost. “Machine learning for combinatorial optimization: A methodological tour d’horizon.” European Journal of Operational Research, vol. 290, no. 2, 2021, pp. 405-421, https://doi.org/10.1016/j.ejor.2020.07.063. Accessed 11 Dec. 2022.
    Benjamins, Richard. “Four design principles for developing sustainable AI applications.” Telefónica S.A., 10 Sept. 2018. Accessed on 11 Dec. 2022.
    Blades, Robin. “AI Generates Hypotheses Human Scientists Have Not Thought Of.” Scientific American, 28 October 2021. Accessed 11 Dec. 2022.
    “Combinatorial Optimization.” Wikipedia article, Accessed 11 Dec. 2022.
    Cronholm, Stefan, and Hannes Göbel. “Design Principles for Human-Centred Artificial Intelligence.” University of Borås, Sweden, 11 Aug. 2022. Accessed on 11 Dec. 2022
    Devaux, Elise. “Types of synthetic data and 4 real-life examples.” Statice, 29 May 2022. Accessed 11 Dec. 2022.
    Emmental, Russell. “A Guide to Causal AI.” ITBriefcase, 30 March 2022. Accessed 11 Dec. 2022.
    “Empowering AI Leadership: AI C-Suite Toolkit.” World Economic Forum, 12 Jan. 2022. Accessed 11 Dec 2022.
    Falk, Dan. “How Artificial Intelligence Is Changing Science.” Quanta Magazine, 11 March 2019. Accessed 11 Dec. 2022.
    Fritschle, Matthew J. “The Principles of Designing AI for Humans.” Aumcore, 17 Aug. 2018. Accessed 8 Dec. 2022.
    Garmendia, Andoni I., et al. Neural Combinatorial Optimization: a New Player in the Field.” IEEE, arXiv:2205.01356v1, 3 May 2022. Accessed 11 Dec. 2022.
    Gülen, Kerem. “AI Is Revolutionizing Every Field and Science is no Exception.” Dataconomy Media GmbH, 9 Nov. 9, 2022. Accessed 11 Dec. 2022
    Krenn, Mario, et al. “On scientific understanding with artificial intelligence.” Nature Reviews Physics, vol. 4, 11 Oct. 2022, pp. 761–769. https://doi.org/10.1038/s42254-022-00518-3. Accessed 11 Dec. 2022.
    Laboratory for Information and Decision Systems. “The real promise of synthetic data.” MIT News, 16 Oct. 2020. Accessed 11 Dec. 2022.
    Lecca, Paola. “Machine Learning for Causal Inference in Biological Networks: Perspectives of This Challenge.” Frontiers, 22 Sept. 2021. Accessed 11 Dec. 2022. Mirabella, Lucia. “Digital Twin x Metaverse: real and virtual made easy.” Siemens presentation at Collision 2022 conference, Toronto, Ontario. Accessed 11 Dec. 2022. Mitchum, Rob, and Louise Lerner. “How AI could change science.” University of Chicago News, 1 Oct. 2019. Accessed 11 Dec. 2022.
    Okeke, Franklin. “The benefits of edge AI.” TechRepublic, 22 Sept. 2022, Accessed 11 Dec. 2022.
    Perlmutter, Nathan. “Machine Learning and Combinatorial Optimization Problems.” Crater Labs, 31 July 31, 2019. Accessed 11 Dec. 2022.
    Sampson, Ovetta. “Design Principles for a New AI World.” UX Magazine, 6 Jan. 2022. Accessed 11 Dec. 2022.
    Sgaier, Sema K., Vincent Huang, and Grace Charles. “The Case for Causal AI.” Stanford Social Innovation Review, Summer 2020. Accessed 11 Dec. 2022.
    “Synthetic Data.” Wikipedia article, Accessed 11 Dec. 2022.
    Take, Marius, et al. “Software Design Patterns for AI-Systems.” EMISA Workshop 2021, CEUR-WS.org, Proceedings 30. Accessed 11 Dec. 2022.
    Toews, Rob. “Synthetic Data Is About To Transform Artificial Intelligence.” Forbes, 12 June 2022. Accessed
    11 Dec. 2022.
    Zewe, Adam. “In machine learning, synthetic data can offer real performance improvements.” MIT News Office, 3 Nov. 2022. Accessed 11 Dec. 2022.
    Zhang, Junzhe, and Elias Bareinboim. “Can Humans Be out of the Loop?” Technical Report, Department of Computer Science, Columbia University, NY, June 2022. Accessed 11 Dec. 2022.

    Contributors

    Irina Sedenko Anu Ganesh Amir Feizpour David Glazer Delina Ivanova

    Irina Sedenko

    Advisory Director

    Info-Tech

    Anu Ganesh

    Technical Counselor

    Info-Tech

    Amir Feizpour

    Co-Founder & CEO

    Aggregate Intellect Inc.

    David Glazer

    VP of Analytics

    Kroll

    Delina Ivanova

    Associate Director, Data & Analytics

    HelloFresh

    Usman Lakhani

    DevOps

    WeCloudData

    Build an Extensible Data Warehouse Foundation

    • Buy Link or Shortcode: {j2store}342|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Data warehouse implementation is a costly and complex undertaking, and can end up not serving the business' needs appropriately.
    • Too heavy a focus on technology creates a data warehouse that isn’t sustainable and ends up with poor adoption.
    • Emerging data sources and technologies add complexity to how the appropriate data is made available to business users.

    Our Advice

    Critical Insight

    • A data warehouse is a project; but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Governance, not technology needs to be the core support system for enabling a data warehouse program.
    • Understand business processes at the operational, tactical, and ad hoc levels to ensure a fit-for-purpose DW is built.

    Impact and Result

    • Leverage an approach that focuses on constructing a data warehouse foundation that is able to address a combination of operational, tactical, and ad hoc business needs.
    • Invest time and effort to put together pre-project governance to inform and provide guidance to your data warehouse implementation.
    • Develop “Rosetta Stone” views of your data assets to facilitate data modeling.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Build an Extensible Data Warehouse Foundation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why the data warehouse is becoming an important tool for driving business value, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare for the data warehouse foundation project

    Begin the data warehouse foundation by defining the project and governance teams, as well as reviewing supporting data management practices.

    • Build an Extensible Data Warehouse Foundation – Phase 1: Prepare for the Data Warehouse Foundation Project
    • Data Warehouse Foundation Project Plan Template
    • Data Warehouse Work Breakdown Structure Template
    • Data (Warehouse) Architect
    • Data Integration Specialist
    • Business Intelligence Specialist
    • Director of Data Warehousing/Business Intelligence
    • Data Warehouse Program Charter Template
    • Data Warehouse Steering Committee Charter Template

    2. Establish the business drivers and data warehouse strategy

    Using the business activities as a guide, develop a data model, data architecture, and technology plan for a data warehouse foundation.

    • Build an Extensible Data Warehouse Foundation – Phase 2: Establish the Business Drivers and Data Warehouse Strategy
    • Business Data Catalog
    • Data Classification Inventory Tool
    • Data Warehouse Architecture Planning Tool
    • Master Data Mapping Tool

    3. Plan for data warehouse governance

    Start developing a data warehouse program by defining how users will interact with the new data warehouse environment.

    • Build an Extensible Data Warehouse Foundation – Phase 3: Plan for Data Warehouse Governance
    • Data Warehouse Standard Operating Procedures Template
    • Data Warehouse Service Level Agreement
    [infographic]

    Workshop: Build an Extensible Data Warehouse Foundation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare for the Data Warehouse Foundation Project

    The Purpose

    Identify the members of the foundation project team.

    Define overarching statements and define success factors/risks.

    Outline basic project governance.

    Key Benefits Achieved

    Defined membership, roles, and responsibilities involved in the foundation project.

    Establishment of a steering committee as a starting point for the data warehouse program.

    Activities

    1.1 Identify foundation project team and create a RACI chart.

    1.2 Understand what a data warehouse can and cannot enable.

    1.3 Define critical success factors, key performance metrics, and project risks.

    1.4 Develop rough timelines for foundation project completion.

    1.5 Define the current and future states for key data management practices.

    Outputs

    Job Descriptions and RACI

    Data Warehouse Steering Committee Charter

    Data Warehouse Foundation Project Plan

    Work Breakdown Structure

    2 Establish the Business Drivers and Data Warehouse Strategy

    The Purpose

    Define the information needs of the business and its key processes.

    Create the components that will inform an appropriate data model.

    Design a data warehouse architecture model.

    Key Benefits Achieved

    Clear definition of business needs that will directly inform the data and architecture models.

    Activities

    2.1 Understand the most fundamental needs of the business.

    2.2 Define the data warehouse vision, mission, purpose, and goals.

    2.3 Detail the most important operational, tactical, and ad hoc activities the data warehouse should support.

    2.4 Link the processes that will be central to the data warehouse foundation.

    2.5 Walk through the four-column model and business entity modeling as a starting point for data modeling.

    2.6 Create data models using the business data glossary and data classification.

    2.7 Identify master data elements to define dimensions.

    2.8 Design lookup tables based on reference data.

    2.9 Create a fit-for-purpose data warehousing model.

    Outputs

    Data Warehouse Program Charter

    Data Warehouse Vision and Mission

    Documentation of Business Processes

    Business Entity Map

    Business Data Glossary

    Data Classification Scheme

    Data Warehouse Architecture Model

    3 Plan for Data Warehouse Governance

    The Purpose

    Create a plan for governing your data warehouse efficiently and effectively.

    Key Benefits Achieved

    Documentation of current standard operating procedures.

    Identified members of a data warehouse center of excellence.

    Activities

    3.1 Develop a technology capability map to visualize your desired state.

    3.2 Establish a data warehouse center of excellence.

    3.3 Create a data warehouse foundation roadmap.

    3.4 Define data warehouse service level agreements.

    3.5 Create standard operating procedures.

    Outputs

    Technology Capability Map

    Project Roadmap

    Service Level Agreement

    Data Warehouse Standard Operating Procedure Workbook

    IT Strategy

    • Buy Link or Shortcode: {j2store}20|cart{/j2store}
    • Related Products: {j2store}20|crosssells{/j2store}
    • Up-Sell: {j2store}20|upsells{/j2store}
    • member rating overall impact: 9.3/10
    • member rating average dollars saved: $105,465
    • member rating average days saved: 35
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: strategy-and-governance
    • byline: Align your IT strategy to business value creation.
    Success depends on IT initiatives clearly aligned to business goals.

    Streamline Application Maintenance

    • Buy Link or Shortcode: {j2store}402|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: 20 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Maintenance
    • Parent Category Link: /maintenance
    • Application maintenance teams are accountable for the various requests and incidents coming from a variety business and technical sources. The sheer volume and variety of requests create unmanageable backlogs.
    • The increasing complexity and reliance on technology within the business has set unrealistic expectations on maintenance teams. Stakeholders expect teams to accommodate maintenance without impact on project schedules.

    Our Advice

    Critical Insight

    • Improving maintenance’s focus and attention may mean doing less but more valuable work. Teams need to be realistic about what can be committed and be prepared to justify why certain requests have to be pushed down the backlog (e.g. lack of business value, high risks).
    • Maintenance must be treated like any other development activity. The same intake and prioritization practices and quality standards must be upheld, and best practices followed.

    Impact and Result

    • Justify the necessity of streamlined maintenance. Gain a grounded understanding of stakeholder objectives and concerns, and validate their achievability against the current state of the people, process, and technologies involved in application maintenance.
    • Strengthen triaging and prioritization practices. Obtain a holistic picture of the business and technical impacts, risks, and urgencies of each accepted maintenance requests in order to justify its prioritization and relevance within your backlog. Identify opportunities to bundle requests together or integrate them within project commitments to ensure completion.
    • Establish and govern a repeatable process. Develop a maintenance process with well-defined stage gates, quality controls, and roles and responsibilities, and instill development best practices to improve the success of delivery.

    Streamline Application Maintenance Research & Tools

    Start here – read the Executive Brief

    Read our Executive Brief to understand the common struggles found in application maintenance, their root causes, and the Info-Tech methodology to overcoming these hurdles.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand your maintenance priorities

    Understand the stakeholder priorities driving changes in your application maintenance practice.

    • Streamline Application Maintenance – Phase 1: Assess the Current Maintenance Landscape
    • Application Maintenance Operating Model Template
    • Application Maintenance Resource Capacity Assessment
    • Application Maintenance Maturity Assessment

    2. Instill maintenance governance

    Identify the appropriate level of governance and enforcement to ensure accountability and quality standards are upheld across maintenance practices.

    • Streamline Application Maintenance – Phase 2: Develop a Maintenance Release Schedule

    3. Enhance triaging and prioritization practices

    Build a maintenance triage and prioritization scheme that accommodates business and IT risks and urgencies.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities

    4. Streamline maintenance delivery

    Define and enforce quality standards in maintenance activities and build a high degree of transparency to readily address delivery challenges.

    • Streamline Application Maintenance – Phase 4: Streamline Maintenance Delivery
    • Application Maintenance Business Case Presentation Document
    [infographic]

    Workshop: Streamline Application Maintenance

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Your Maintenance Priorities

    The Purpose

    Understand the business and IT stakeholder priorities driving the success of your application maintenance practice.

    Understand any current issues that are affecting your maintenance practice.

    Key Benefits Achieved

    Awareness of business and IT priorities.

    An understanding of the maturity of your maintenance practices and identification of issues to alleviate.

    Activities

    1.1 Define priorities for enhanced maintenance practices.

    1.2 Conduct a current state assessment of your application maintenance practices.

    Outputs

    List of business and technical priorities

    List of the root-cause issues, constraints, and opportunities of current maintenance practice

    2 Instill Maintenance Governance

    The Purpose

    Define the processes, roles, and points of communication across all maintenance activities.

    Key Benefits Achieved

    An in-depth understanding of all maintenance activities and what they require to function effectively.

    Activities

    2.1 Modify your maintenance process.

    2.2 Define your maintenance roles and responsibilities.

    Outputs

    Application maintenance process flow

    List of metrics to gauge success

    Maintenance roles and responsibilities

    Maintenance communication flow

    3 Enhance Triaging and Prioritization Practices

    The Purpose

    Understand in greater detail the process and people involved in receiving and triaging a request.

    Define your criteria for value, impact, and urgency, and understand how these fit into a prioritization scheme.

    Understand backlog management and release planning tactics to accommodate maintenance.

    Key Benefits Achieved

    An understanding of the stakeholders needed to assess and approve requests.

    The criteria used to build a tailored prioritization scheme.

    Tactics for efficient use of resources and ideal timing of the delivery of changes.

    A process that ensures maintenance teams are always working on tasks that are valuable to the business.

    Activities

    3.1 Review your maintenance intake process.

    3.2 Define a request prioritization scheme.

    3.3 Create a set of practices to manage your backlog and release plans.

    Outputs

    Understanding of the maintenance request intake process

    Approach to assess the impact, urgency, and severity of requests for prioritization

    List of backlog management grooming and release planning practices

    4 Streamline Maintenance Delivery

    The Purpose

    Understand how to apply development best practices and quality standards to application maintenance.

    Learn the methods for monitoring and visualizing maintenance work.

    Key Benefits Achieved

    An understanding of quality standards and the scenarios for where they apply.

    The tactics to monitor and visualize maintenance work.

    Streamlined maintenance delivery process with best practices.

    Activities

    4.1 Define approach to monitor maintenance work.

    4.2 Define application quality attributes.

    4.3 Discuss best practices to enhance maintenance development and deployment.

    Outputs

    Taskboard structure and rules

    Definition of application quality attributes with user scenarios

    List of best practices to streamline maintenance development and deployment

    5 Finalize Your Maintenance Practice

    The Purpose

    Create a target state built from appropriate metrics and attainable goals.

    Consider the required items and steps for the implementation of your optimization initiatives.

    Key Benefits Achieved

    A realistic target state for your optimized application maintenance practice.

    A well-defined and structured roadmap for the implementation of your optimization initiatives.

    Activities

    5.1 Refine your target state maintenance practices.

    5.2 Develop a roadmap to achieve your target state.

    Outputs

    Finalized application maintenance process document

    Roadmap of initiatives to achieve your target state

    Develop a Web Experience Management Strategy

    • Buy Link or Shortcode: {j2store}555|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Web Experience Management (WEM) solutions have emerged as applications that provide marketers and other customer experience professionals with a complete set of tools for web content management, delivery, campaign execution, and site analytics.
    • However, many organizations are unsure of how to leverage these new technologies to enhance their customer interaction strategy.

    Our Advice

    Critical Insight

    • WEM products are not a one-size-fits-all investment: unique evaluations and customization is required in order to deploy a solution that fits your organization.
    • WEM technology often complements core CRM and marketing management products – it does not supplant it, and must augment the rest of your customer experience management portfolio.
    • WEM provides benefits by giving web visitors a better experience – leveraging tools such as web analytics gives the customer a tailored experience. Marketing can then monitor their behavior and use this information to warm leads.

    Impact and Result

    • Deploy a WEM platform and execute initiatives that will strengthen the web-facing customer experience, improving customer satisfaction and unlocking new revenue opportunities.
    • Avoid making unnecessary new WEM investments.
    • Make informed decisions about the types of technologies and initiatives that are necessary to support WEM.

    Develop a Web Experience Management Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a WEM strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Harness the value of web experience management

    Make the case for a web experience management suite and structure the WEM strategy project.

    • Develop a Web Experience Management Strategy Phase 1: Harness the Value of Web Experience Management
    • Web Experience Management Strategy Summary Template
    • WEM Project Charter Template

    2. Create the vision for web experience management

    Identify the target state WEM strategy, assess current state, and identify gaps.

    • Develop a Web Experience Management Strategy Phase 2: Create the Vision for Web Experience Management

    3. Execute initiatives for WEM deployment

    Build the WEM technology stack and create a web strategy initiatives roadmap.

    • Develop a Web Experience Management Strategy Phase 3: Execute Initiatives for WEM Deployment
    • Web Process Automation Investment Appropriateness Assessment Tool
    [infographic]

    Workshop: Develop a Web Experience Management Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the WEM Selection Project

    The Purpose

    Discuss the general project overview for the WEM selection.

    Key Benefits Achieved

    Launch of your WEM selection project.

    Development of your organization’s WEM requirements. 

    Activities

    1.1 Facilitation of activities from the Launch the WEM Project and Collect Requirements phase, including project scoping and resource planning.

    1.2 Conduct overview of the WEM market landscape, trends, and vendors.

    1.3 Conduct process mapping for selected marketing processes.

    1.4 Interview business stakeholders.

    1.5 Prioritize WEM functional requirements.

    Outputs

    WEM Procurement Project Charter

    WEM Use-Case Fit Assessment

    2 Plan the Procurement and Implementation Process

    The Purpose

    Plan the procurement and the implementation of the WEM solution.

    Key Benefits Achieved

    Selection of a WEM solution.

    A plan for implementing the selected WEM solution. 

    Activities

    2.1 Complete marketing process mapping with business stakeholders.

    2.2 Interview IT staff and project team, identify technical requirements for the WEM suite, and document high-level solution requirements.

    2.3 Perform a use-case scenario assessment, review use-case scenario results, identify use-case alignment, and review the WEM Vendor Landscape vendor profiles and performance.

    2.4 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.

    2.5 Meet with project manager to discuss results and action items.

    Outputs

    Vendor Shortlist

    WEM RFP

    Vendor Evaluations

    Selection of a WEM Solution

    WEM projected work break-down

    Implementation plan

    Framework for WEM deployment and CRM/Marketing Management Suite Integration

    Build Your First RPA Bot

    • Buy Link or Shortcode: {j2store}238|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $53,126 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • Your organization has many business processes that rely on manual, routine, and repetitive data collection and processing work. These processes need to be automated to meet strategic priorities.
    • Your stakeholders decided to invest in robotic process automation (RPA). They are ready to begin the planning and delivery of their first RPA bot.
    • However, your organization lacks the critical foundations involved in successful RPA delivery, such as analysis of the suitability of candidate processes, business and IT collaboration, and product ownership.

    Our Advice

    Critical Insight

    • Manage your business and IT debt before you adopt RPA. RPA doubles down on your process inefficiencies, lack of operations and architectural standardization, and unenforced quality standards. RPA solutions will be fragile and prone to failure if debt is not managed.
    • Adopt BizDevOps. RPA will not be successful if your lines-of-business (LOBs) and IT are not working together. IT must empathize with how LOBs operate and proactively support the underlying operational systems. LOBs must be accountable for all products leveraging RPA and be able to rationalize RPA’s technical feasibility.
    • Start with RPA 1.0. Don’t get caught up in the AI and machine learning (RPA 2.0) hype. Evaluate the acceptance and value of RPA 1.0 to establish a sustainable and collaborative foundation for its delivery and management. Then use the lessons learned to prepare for future RPA 2.0 adoption. In many cases, RPA 1.0 is good enough.

    Impact and Result

    • Establish the right expectations. Gain a grounded understanding of RPA value and limitations in your context. Discuss current IT and business operations challenges to determine if they will impact RPA success.
    • Build your RPA governance. Clarify the roles, processes, and tools needed to support RPA delivery and management through IT and business collaboration.
    • Evaluate the fit of RPA. Obtain a thorough view of the business and technical complexities of your candidate processes. Indicate where and how RPA is expected to generate the most return.

    Build Your First RPA Bot Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how you should build your first RPA bot, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your RPA governance

    Set the expectations of your first RPA bot. Define the guiding principles, ethics, and delivery capabilities that will govern RPA delivery and support.

    • Build Your First RPA Bot – Phase 1: Define Your RPA Governance

    2. Deliver and manage your bots

    Validate the fit of your candidate business processes for RPA and ensure the support of your operational system. Shortlist the features of your desired RPA vendor. Modernize your delivery process to accommodate RPA.

    • Build Your First RPA Bot – Phase 2: Deliver and Manage Your Bots

    3. Roadmap your RPA adoption

    Build a roadmap of initiatives to implement your first bot and build the foundations of your RPA practice.

    • Build Your First RPA Bot – Phase 3: Roadmap Your RPA Adoption
    [infographic]

    Workshop: Build Your First RPA Bot

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your RPA Governance

    The Purpose

    State the success criteria of your RPA adoption through defined objectives and metrics.

    Define your RPA guiding principles and ethics.

    Build the RPA capabilities that will support the delivery and management of your bots.

    Key Benefits Achieved

    Grounded stakeholder expectations

    RPA guiding principles

    RPA capabilities and the key roles to support RPA delivery and management

    Activities

    1.1 State Your RPA Objectives.

    1.2 Define Your RPA Principles

    1.3 Develop Your RPA Capabilities

    Outputs

    RPA objectives and metrics

    RPA guiding principles and ethics

    RPA and product ownership, RPA capabilities, RPA role definitions

    2 Deliver and Manage Your Bots

    The Purpose

    Evaluate the fit of your candidate business processes for automation.

    Define the operational platform to support your RPA solution.

    Shortlist the desired RPA vendor features.

    Optimize your product delivery process to support RPA.

    Key Benefits Achieved

    Verifies the decision to implement RPA for the candidate business process

    The system changes and modifications needed to support RPA

    Prioritized list of RPA vendor features

    Target state RPA delivery process

    Activities

    2.1 Prepare Your RPA Platform

    2.2 Select Your RPA Vendor

    2.3 Deliver and Manage Your Bots

    Outputs

    Assessment of candidate business processes and supporting operational platform

    List of desired RPA vendor features

    Optimized delivery process

    3 Roadmap Your RPA Adoption

    The Purpose

    Build your roadmap to implement your first RPA bot and build the foundations of your RPA practice.

    Key Benefits Achieved

    Implementation initiatives

    RPA adoption roadmap

    Activities

    3.1 Roadmap Your RPA Adoption

    Outputs

    RPA adoption roadmap

    Build an IT Risk Management Program

    • Buy Link or Shortcode: {j2store}192|cart{/j2store}
    • member rating overall impact: 8.3/10 Overall Impact
    • member rating average dollars saved: $31,532 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
    • The business could be making decisions that are not informed by risk.
    • Reacting to risks AFTER they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

    Our Advice

    Critical Insight

    • IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

    Impact and Result

    • Transform your ad hoc IT risk management processes into a formalized, ongoing program, and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders including the business senior management team to gain buy-in and to focus on IT risks most critical to the organization.

    Build an IT Risk Management Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an IT Risk Management Program – A holistic approach to managing IT risks within your organization and involving key business stakeholders.

    Gain business buy-in to understanding the key IT risks that could negatively impact the organization and create an IT risk management program to properly identify, assess, respond, monitor, and report on those risks.

    • Build an IT Risk Management Program – Phases 1-3

    2. Risk Management Program Manual – A single source of truth for the risk management program to exist and be updated to reflect changes.

    Leverage this Risk Management Program Manual to ensure that the decisions around how IT risks will be governed and managed can be documented in a single source accessible by those involved.

    • Risk Management Program Manual

    3. Risk Register & Risk Costing Tool – A set of tools to document identified risk events. Assess each risk event and consider the appropriate response based on your organization’s threshold for risk.

    Engage these tools in your organization if you do not currently have a GRC tool to document risk events as they relate to the IT function. Consider the best risk response to high severity risk events to ensure all possible situations are considered.

    • Risk Register Tool
    • Risk Costing Tool

    4. Risk Event Action Plan and Risk Report – A template to document the chosen risk responses and ensure accountable owners agree on selected response method.

    Establish clear guidelines and responses to risk events that will leave your organization vulnerable to unwanted threats. Ensure risk owners have agreed to the risk responses and are willing to take accountability for that response.

    • Risk Event Action Plan
    • Risk Report

    Infographic

    Workshop: Build an IT Risk Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review IT Risk Fundamentals and Governance

    The Purpose

    To assess current risk management maturity, develop goals, and establish IT risk governance.

    Key Benefits Achieved

    Identified obstacles to effective IT risk management.

    Established attainable goals to increase maturity.

    Clearly laid out risk management accountabilities and responsibilities for IT and business stakeholders.

    Activities

    1.1 Assess current program maturity

    1.2 Complete RACI chart

    1.3 Create the IT risk council

    1.4 Identify and engage key stakeholders

    1.5 Add organization-specific risk scenarios

    1.6 Identify risk events

    Outputs

    Maturity Assessment

    Risk Management Program Manual

    Risk Register

    2 Identify IT Risks

    The Purpose

    Identify and assess all IT risks.

    Key Benefits Achieved

    Created a comprehensive list of all IT risk events.

    Risk events prioritized according to risk severity – as defined by the business.

    Activities

    2.1 Identify risk events (continued)

    2.2 Augment risk event list using COBIT 5 processes

    2.3 Determine the threshold for (un)acceptable risk

    2.4 Create impact and probability scales

    2.5 Select a technique to measure reputational cost

    2.6 Conduct risk severity level assessment

    Outputs

    Finalized List of IT Risk Events

    Risk Register

    Risk Management Program Manual

    3 Identify IT Risks (continued)

    The Purpose

    Prioritize risks, establish monitoring responsibilities, and develop risk responses for top risks.

    Key Benefits Achieved

    Risk monitoring responsibilities are established.

    Risk response strategies have been identified for all key risks.

    Activities

    3.1 Conduct risk severity level assessment

    3.2 Document the proximity of the risk event

    3.3 Conduct expected cost assessment

    3.4 Develop key risk indicators (KRIs) and escalation protocols

    3.5 Root cause analysis

    3.6 Identify and assess risk responses

    Outputs

    Risk Register

    Risk Management Program Manual

    Risk Event Action Plans

    4 Monitor, Report, and Respond to IT Risk

    The Purpose

    Assess and select risk responses for top risks and effectively communicate recommendations and priorities to the business.

    Key Benefits Achieved

    Thorough analysis has been conducted on the value and effectiveness of risk responses for high severity risk events.

    Authoritative risk response recommendations can be made to senior leadership.

    A finalized Risk Management Program Manual is ready for distribution to key stakeholders.

    Activities

    4.1 Identify and assess risk responses

    4.2 Risk response cost-benefit analysis

    4.3 Create multi-year cost projections

    4.4 Review techniques for embedding risk management in IT

    4.5 Finalize the Risk Report and Risk Management Program Manual

    4.6 Transfer ownership of risk responses to project managers

    Outputs

    Risk Report

    Risk Management Program Manual

    Further reading

    Build an IT Risk Management Program

    Mitigate the IT risks that could negatively impact your organization.

    Table of Contents

    3 Executive Brief

    4 Analyst Perspective

    5 Executive Summary

    19 Phase 1: Review IT Risk Fundamentals & Governance

    43 Phase 2: Identify and Assess IT Risk

    74 Phase 3: Monitor, Communicate, and Respond to IT Risk

    102 Appendix

    108 Bibliography

    Build an IT Risk Management Program

    Mitigate the IT risks that could negatively impact your organization.

    EXECUTIVE BRIEF

    Analyst Perspective

    Siloed risks are risky business for any enterprise.

    Photo of Valence Howden, Principal Research Director, CIO Practice.
    Valence Howden
    Principal Research Director, CIO Practice    		 Photo of Brittany Lutes, Senior Research Analyst, CIO Practice.
    Brittany Lutes
    Senior Research Analyst, CIO Practice

    Risk is an inherent part of life but not very well understood or executed within organizations. This has led to risk being avoided or, when it’s implemented, being performed in isolated siloes with inconsistencies in understanding of impact and terminology.

    Looking at risk in an integrated way within an organization drives a truer sense of the thresholds and levels of risks an organization is facing – making it easier to manage and leverage risk while reducing risks associated with different mitigation responses to the same risk events.

    This opens the door to using risk information – not only to prevent negative impacts but as a strategic differentiator in decision making. It helps you know which risks are worth taking, driving strong positive outcomes for your organization.

    Executive Summary

    Your Challenge

    IT has several challenges when it comes to addressing risk management:

    • Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
    • The business could be making decisions that are not informed by risk.
    • Reacting to risks after they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

    Common Obstacles

    Many IT organizations realize these obstacles:

    • IT risks and business risks are often addressed separately, causing inconsistencies in the approach.
    • Security risk receives such a high profile that it often eclipses other important IT risks, leaving the organization vulnerable.
    • Failing to include the business in IT risk management leaves IT leaders too accountable; the business must have accountability as well.

    Info-Tech’s Approach

    • Transform your ad hoc IT risk management processes into a formalized, ongoing program and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders, including the business senior management team, to gain buy-in and to focus on the IT risks most critical to the organization.

    Info-Tech Insight

    IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

    Ad hoc approaches to managing risk fail because…

    If you are like the majority of IT departments, you do not have a consistent and comprehensive strategy for managing IT risk.

    1. Ad hoc risk management is reactionary.
    2. Ad hoc risk management is often focused only on IT security.
    3. Ad hoc risk management lacks alignment with business objectives.

    The results:

    • Increased business risk exposure caused by a lack of understanding of the impact of IT risks on the business.
    • Increased IT non-compliance, resulting in costly settlements and fines.
    • IT audit failure.
    • Ineffective management of risk caused by poor risk information and wrong risk response decisions.
    • Increased unnecessary and avoidable IT failures and fixes.

    58% of organizations still lack a systematic and robust method to actually report on risks (Source: AICPA, 2021)

    Data is an invaluable asset – ensure it’s protected

    Case Studies

    Logo for Cognyte.

    Cognyte, a vendor hired to be a cybersecurity analytics company, had over five billion records exposed in Spring 2021. The data was compromised for four days, providing attackers with plenty of opportunities to obtain personally identifying information. (SecureBlink., 2021 & Security Magazine, 2021)

    Logo for Facebook.

    Facebook, the world’s largest social media giant, had over 533 million Facebook users’ personal data breached when data sets were able to be cross-listed with one another. (Business Insider, 2021 & Security Magazine, 2021)

    Logo for MGM Resorts.

    In 2020, over 10.6 million customers experienced some sort of data being accessible, with 1,300 having serious personally identifying information breached. (The New York Times, 2020)

    Risk management is a business enabler

    Formalize risk management to increase your likelihood of success.

    By identifying areas of risk exposure and creating solutions proactively, obstacles can be removed or circumvented before they become a real problem.

    A certain amount of risk is healthy and can stimulate innovation:

    • A formal risk management strategy doesn’t mean trying to mitigate every possible risk; it means exposing the organization to the right amount of risk.
    • Taking a formal risk management approach allows an organization to thoughtfully choose which risks it is willing to accept.
    • Organizations with high risk management maturity will vault themselves ahead of the competition because they will be aware of which risks to prepare for, which risks to ignore, and which risks to take.

    Only 12% of organizations are using risk as a strategic tool most or all of the time (Source: AICPA, 2021)

    IT risk is enterprise risk

    Accountability for IT risks and the decisions made to address them should be shared between IT and the business.

    Multiple types of risk, 'Finance', 'IT', 'People', and 'Digital', funneling into 'ENTERPRISE RISKS'. IT risks have a direct and often aggregated impact on enterprise risks and opportunities in the same way other business risks can. This relationship must be understood and addressed through integrated risk management to ensure a consistent approach to risk.

    Follow the steps of this blueprint to build or optimize your IT risk management program

    Cycle of 'Goverance' beginning with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report'.

    Start Here

    		 PHASE 1
    Review IT Risk Fundamentals and Governance
    		 PHASE 2
    Identify and Assess IT Risk
    		 PHASE 3
    Monitor, Report, and Respond to IT Risk

    1.1

    Review IT Risk Management Fundamentals

    1.2

    Establish a Risk Governance Framework

    2.1

    Identify IT Risks

    2.2

    Assess and Prioritize IT Risks

    3.1

    Monitor IT Risks and Develop Risk Responses

    3.2

    Report IT Risk Priorities

    Integrate Risk and Use It to Your Advantage

    Accelerate and optimize your organization by leveraging meaningful risk data to make intelligent enterprise risk decisions.

    Risk management is more than checking an audit box or demonstrating project due diligence.

    Risk Drivers
    • Audit & compliance
    • Preserve value & avoid loss
    • Previous risk impact driver
    • Major transformation
    • Strategic opportunities
    		 Arrow pointing right. Only 7% of organizations are in a “leading” or “aspirational” level of risk maturity. (OECD, 2021) 63% of organizations struggle when it comes to defining their appetite toward strategy related risks. (“Global Risk Management Survey,” Deloitte, 2021) Late adopters of risk management were 70% more likely to use instinct over data or facts to inform an efficient process. (Clear Risk, 2020) 55% of organizations have little to no training on ERM to properly implement such practices. (AICPA, NC State Poole College of Management, 2021)
    1. Assess Enterprise Risk Maturity 3. Build a Risk Management Program Plan 4. Establish Risk Management Processes 5. Implement a Risk Management Program
    2. Determine Authority with Governance
    Unfortunately, less than 50% of those in risk focused roles are also in a governance role where they have the authority to provide risk oversight. (Governance Institute of Australia, 2020)
    IT can improve the maturity of the organization’s risk governance and help identify risk owners who have authority and accountability.

    Governance and related decision making is optimized with integrated and aligned risk data.

    		 List of 'Integrated Risk Maturity Categories': '1. Context & Strategic Direction', '2. Risk Culture and Authority', '3. Risk Management Process', and '4. Risk Program Optimization'. The five types of a risk in 'Enterprise Risk Management (ERM)': 'IT', 'Security', 'Digital', 'Vendor/TPRM', and 'Other'.

    ERM incorporates the different types of risk, including IT, security, digital, vendor, and other risk types.

    The program plan is meant to consider all the major risk types in a unified approach.

    		 The 'Risk Process' cycle starting with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report', and back to the beginning. Implementation of an integrated risk management program requires ongoing access to risk data by those with decision making authority who can take action.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Risk Management Program Manual

    Use the tools and activities in each phase of the blueprint to create a comprehensive, customized program manual for the ongoing management of IT risk.

    Sample of the key deliverable, Risk Manangement Program Fund.    		 Integrated Risk Maturity Assessment

    Assess the organization's current maturity and readiness for integrated risk management (IRM).

    		 Sample of the Integrated Risk Maturity Assessment blueprint. Centralized Risk Register

    The repository for all the risks that have been identified within your environment.

    		 Sample of the Centralized Risk Register blueprint.
    Risk Costing Tool

    A potential cost-benefit analysis of possible risk responses to determine a good method to move forward.

    		 Sample of the Risk Costing Tool blueprint. Risk Report & Risk Event Action Plan

    A method to report risk severity and hold risk owners accountable for chosen method of responding.

    		 Samples of the Risk Report & Risk Event Action Plan blueprints.

    Benefit from industry-leading best practices

    As a part of our research process, we used the COSO, ISO 31000, and COBIT 2019 frameworks. Contextualizing IT risk management within these frameworks ensured that our project-focused approach is grounded in industry-leading best practices for managing IT risk.

    Logo for COSO.

    COSO’s Enterprise Risk Management — Integrating with Strategy and Performance addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. (COSO)

    Logo for ISO.

    ISO 31000
    Risk Management can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment. (ISO 31000)

    Logo for COBIT.

    COBIT 2019’s IT functions were used to develop and refine our Ten IT Risk Categories used in our top-down risk identification methodology. (COBIT 2019)

    Abandon ad hoc risk management

    A strong risk management foundation is valuable when building your IT risk management program.

    This research covers the following IT risk fundamentals:

    • Benefits of formalized risk management
    • Key terms and definitions
    • Risk management within ERM
    • Risk management independent of ERM
    • Four key principles of IT risk management
    • Importance of a risk management program manual
    • Importance of buy-in and support from the business

    Drivers of Formalized Risk Management:
    Drivers External to IT
    External Audit Internal Audit
    Mandated by ERM
    Occurrence of Risk Event
    Demonstrating IT’s value to the business Proactive initiative
    Emerging IT risk awareness
    Grassroots Drivers

    Blueprint benefits

    IT Benefits

    • Increased on-time, in-scope, and on-budget completion of IT projects.
    • Meet the business’ service requirements.
    • Improved satisfaction with IT by senior leadership and business units.
    • Fewer resources wasted on fire-fighting.
    • Improved availability, integrity, and confidentiality of sensitive data.
    • More efficient use of resources.
    • Greater ability to respond to evolving threats.

    Business Benefits

    • Reduced operational surprises or failures.
    • Improved IT flexibility when responding to risk events and market fluctuations.
    • Reduced budget uncertainty.
    • Improved ability to make decisions when developing long-term strategies.
    • Improved stakeholder and shareholder confidence.
    • Achieved compliance with external regulations.
    • Competitive advantage over organizations with immature risk management practices.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 8 calls over the course of 3 to 6 months.

    What does a typical GI on this topic look like?

      Phase 1

    • Call #1: Assess current risk maturity and organizational buy-in.
    • Call #2: Establish an IT risk council and determine IT risk management program goals.

      • Phase 2

    • Call #3: Identify the risk categories used to organize risk events.
    • Call #4: Identify the threshold for risk the organization can withstand.

      • Phase 3

    • Call #5: Create a method to assess risk event severity.
    • Call #6: Establish a method to monitor priority risks and consider possible risk responses.
    • Call #7: Communicate risk priorities to the business and implement risk management plan.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Review IT Risk Fundamentals and Governance

    1.1 Assess current program maturity

    1.2 Complete RACI chart

    1.3 Create the IT risk council

    1.4 Identify and engage key stakeholders

    1.5 Add organization-specific risk scenarios

    1.6 Identify risk events
    Identify IT Risks

    2.1 Identify risk events (continued)

    2.2 Augment risk event list using COBIT5 processes

    2.3 Determine the threshold for (un)acceptable risk

    2.4 Create impact and probability scales

    2.5 Select a technique to measure reputational cost

    2.6 Conduct risk severity level assessment
    Assess IT Risks

    3.1 Conduct risk severity level assessment

    3.2 Document the proximity of the risk event

    3.3 Conduct expected cost assessment

    3.4 Develop key risk indicators (KRIs) and escalation protocols

    3.5 Perform root cause analysis

    3.6 Identify and assess risk responses
    Monitor, Report, and Respond to IT Risk

    4.1 Identify and assess risk responses

    4.2 Risk response cost-benefit analysis

    4.3 Create multi-year cost projections

    4.4 Review techniques for embedding risk management in IT

    4.5 Finalize the Risk Report and Risk Management Program Manual

    4.6 Transfer ownership of risk responses to project managers
    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps
    Outcomes
    1. Maturity Assessment
    2. Risk Management Program Manual
    1. Finalized List of IT Risk Events
    2. Risk Register
    3. Risk Management Program Manual
    1. Risk Register
    2. Risk Event Action Plans
    3. Risk Management Program Manual
    1. Risk Report
    2. Risk Management Program Manual
    1. Workshop Report
    2. Risk Management Program Manual

    Build an IT Risk Management Program

    Phase 1

    Review IT Risk Fundamentals and Governance

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework
      •

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Gain buy-in from senior leadership
    • Assess current program maturity
    • Identify obstacles and pain points
    • Determine the risk culture of the organization
    • Develop risk management goals
    • Develop SMART project metrics
    • Create the IT risk council
    • Complete a RACI chart

    This phase involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Step 1.1

    Review IT Risk Management Fundamentals

    Activities
    • 1.1.1 Gain buy-in from senior leadership
    • 1.1.2 Assess current program maturity

    This step involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Outcomes of this step

    • Reviewed key IT principles and terminology
    • Gained understanding of the relationship between IT risk management and ERM
    • Introduced to Info-Tech’s IT Risk Management Framework
    • Obtained the support of senior leadership
    Step 1.1 Step 1.2

    Effective IT risk management is possible with or without ERM

    Whether or not your organization has ERM, integrating your IT risk management program with the business is possible.

    Most IT departments find themselves in one of these two organizational frameworks for managing IT risk:

    Core Responsibilities With an ERM Without an ERM
    • Risk Decision-Making Authority
    • Final Accountability
    		 Senior Leadership Team Senior Leadership Team
    • Risk Governance
    • Risk Prioritization & Communication
    		 ERM IT Risk Management
    • Risk Identification
    • Risk Assessment
    • Risk Monitoring
    		 IT Risk Management
    Pro: IT’s risk management responsibilities are defined (assessment schedules, escalation and reporting procedures).
    Con: IT may lack autonomy to implement IT risk management best practices.    		 Pro: IT is free to create its own IT risk council and develop customized processes that serve its unique needs.
    Con: Lack of clear reporting procedures and mechanisms to share accountability with the business.

    Info-Tech’s IT risk management framework walks you through each step to achieve risk readiness

    IT Risk Management Framework

    Risk Governance
    • Optimize Risk Management Processes
    • Assess Risk Maturity
    • Measure the Success of the Program
    		 A cycle surrounds the words 'Business Objectives', referring to the surrounding lists. On the top half is 'Communication', and the bottom is 'Monitoring'. Risk Identification
    • Engage Stakeholder Participation
    • Use Risk Identification Frameworks
    • Compile IT-Related Risks
    Risk Response
    • Establish Monitoring Responsibilities
    • Perform Cost-Benefit Analysis
    • Report Risk Response Actions
    		 Risk Assessment
    • Establish Thresholds for Unacceptable Risk
    • Calculate Expected Cost
    • Determine Risk Severity & Prioritize IT Risks

    Effective IT risk management benefits

    Obtain the support of the senior leadership team or IT steering committee by communicating how IT risk impacts their priorities.

    Risk management benefits To engage the business...
    IT is compliant with external laws and regulations. Identify the industry or legal legislation and regulations your organization abides by.
    IT provides support for business compliance. Find relevant business compliance issues, and relate compliance failures to cost.
    IT regularly communicates costs, benefits, and risks to the business. Acknowledge the number of times IT and the business miscommunicate critical information.
    Information and processing infrastructure are very secure. Point to past security breaches or potential vulnerabilities in your systems.
    IT services are usually delivered in line with business requirements. Bring up IT services that the business was unsatisfied with. Explain that their inputs in identifying risks are correlated with project quality.
    IT related business risks are managed very well. Make it clear that with no risk tracking process, business processes become exposed and tend to slow down.
    IT projects are completed on time and within budget. Point out late or over-budget projects due to the occurrence of unforeseen risks.

    1.1.1 Gain buy-in from senior leadership

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Buy-in from senior leadership for an IT risk management program

    Materials: Risk Management Program Manual

    Participants: IT executive leadership, Business executive leadership

    The resource demands of IT risk management will vary from organization to organization. Here are typical requirements:

    • Occasional participation of key IT personnel and select business stakeholders in IT risk council meetings (e.g. once every two weeks).
    • Periodic risk assessments (e.g. 4 days, twice a year).
    • IT personnel must take on risk monitoring responsibilities (e.g. 1-4 hours per week).
    • Record the results in the Program Manual sections 3.3, 3.4 and 3.5.

    Record the results in the Risk Management Program Manual.

    Integrated Risk Maturity Assessment

    The purpose of the Integrated Risk Maturity Assessment is to assess the organization's current maturity and readiness for integrated risk management (IRM)

    Frequently and continually assessing your organization’s maturity toward integrated risk ensures the right risk management program can be adopted by your organization.

    Integrated Risk Maturity Assessment
    A simple tool to understand if your organization is ready to embrace integrated risk management by measuring maturity across four key categories: Context & Strategic Direction, Risk Culture & Authority, Risk Management Process, and Risk Program Optimization.    		 Sample of the Integrated Risk Maturity Assessment deliverable.

    Use the results from this integrated risk maturity assessment to determine the type of risk management program that can and should be adopted by your organizations.

    Some organizations will need to remain siloed and focused on IT risk management only, while others will be able to integrate risk-related information to start enabling automatic controls that respond to this data.

    1.1.2 Assess current program maturity

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Maturity scores across four key risk categories

    Materials: Integrated Risk Maturity Assessment Tool

    Participants: IT executive leadership, Business executive leadership

    This assessment is intended for frequent use; process completeness should be re-evaluated on a regular basis.

    How to Use This Assessment:

    1. Download the Integrated Risk Management Maturity Assessment Tool.
    2. Tab 2, "Data Entry:" This is a qualitative assessment of your integrated risk management process and is organized by the categories of integrated risk maturity. You will be asked to rate the extent to which you are executing the activities required to successfully complete each phase of the assessment. Use the drop-down menus provided to select the appropriate level of execution for each activity listed.
    3. Tab 3, "Results:" This tab will display your rate of IRM completeness/maturity. You will receive a score for each category as well as an overall score. The results will be displayed numerically, by percentage, and graphically.

    Record the results in the Integrated Risk Maturity Assessment.

    Integrated Risk Maturity Categories

    		 Semi-circle with colored points indicating four categories.

    1

    		Context & Strategic Direction Understanding of the organization’s main objectives and how risk can support or enhance those objectives.

    2

    		Risk Culture and Authority Examine if risk-based decisions are being made by those with the right level of authority and if the organization’s risk appetite is embedded in the culture.

    3

    		Risk Management Process Determine if the current process to identify, assess, respond to, monitor, and report on risks is benefitting the organization.

    4

    		Risk Program Optimization Consider opportunities where risk-related data is being gathered, reported, and used to make informed decisions across the enterprise.

    Step 1.2

    Establish a Risk Governance Framework

    Activities
    • 1.2.1 Identify pain points/obstacles and opportunities
    • 1.2.2 Determine the risk culture of the organization
    • 1.2.3 Develop risk management goals
    • 1.2.4 Develop SMART project metrics
    • 1.2.5 Create the IT risk council
    • 1.2.6 Complete a RACI chart

    This step involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Outcomes of this step

    • Developed goals for the risk management program
    • Established the IT risk council
    • Assigned accountability and responsibility for risk management processes

    Review IT Risk Fundamentals and Governance

    Step 1.1 Step 1.2

    Create an IT risk governance framework that integrates with the business

    Follow these best practices to make sure your requirements are solid:

    1. Self-assess your current approach to IT risk management.
    2. Identify organizational obstacles and set attainable risk management goals.
    3. Track the effectiveness and success of the program using SMART risk management metrics.
    4. Establish an IT risk council tasked with managing IT risk.
    5. Set clear risk management accountabilities and responsibilities for IT and business stakeholders.

    Key metrics for your IT risk governance framework

    Challenges:
    • Key stakeholders are left out or consulted once risks have already occurred.
    • Failure to employ consistent risk identification methodologies results in omitted and unknown risks.
    • Risk assessments do not reflect organizational priorities and may not align with thresholds for acceptable risk.
    • Risk assessment occurs sporadically or only after a major risk event has already occurred.
    		 Key metrics:
    • Number of risk management processes done ad hoc.
    • Frequency that IT risk appears as an agenda item at IT steering committee meetings.
    • Percentage of IT employees whose performance evaluations reflect risk management objectives.
    • Percentage of IT risk council members who are trained in risk management activities.
    • Number of open positions in the IT risk council.
    • Cost of risk management program operations per year.

    Info-Tech Insight

    Metrics provide the foundation for determining the success of your IT risk management program and ensure ongoing funding to support appropriate risk responses.

    IT risk management success factors

    Support and sponsorship from senior leadership

    IT risk management has more success when initiated by a member of the senior leadership team or the board, rather than emerging from IT as a grassroots initiative.

    Sponsorship increases the likelihood that risk management is prioritized and receives the necessary resources and attention. It also ensures that IT risk accountability is assumed by senior leadership.

    		 Risk culture and awareness

    A risk-aware organizational culture embraces new policies and processes that reflect a proactive approach to risk.

    An organization with a risk-aware culture is better equipped to facilitate communication vertically within the organization.

    Risk awareness can be embedded by revising job descriptions and performance assessments to reflect IT risk management responsibilities.

    		 Organization size

    Smaller organizations can often institute a mature risk management program much more quickly than larger organizations.

    It is common for key personnel within smaller organizations to be responsible for multiple roles associated with risk management, making it easier to integrate IT and business risk management.

    Larger organizations may find it more difficult to integrate a more complex and dispersed network of individuals responsible for various risk management responsibilities.

    1.2.1 Identify obstacles and pain points

    1-4 hours

    Input: Integrated Risk Maturity Assessment

    Output: Obstacles and pain points identified

    Materials: IT Risk Management Success Factors

    Participants: IT executive leadership, Business executive leadership

    Anticipate potential challenges and “blind spots” by determining which success factors are missing from your current situation.

    Instructions:

    1. List the potential obstacles and missing success factors that you must overcome to effectively manage IT risk and build a risk management program.
    2. Consider some opportunities that could be leveraged to increase the success of this program.
    3. Use this list in Activity 1.2.3 to develop program goals.

    Risk Management

    Replace the example pain points and opportunities with real scenarios in your organization.

    Pain Points/Obstacles
    • Lack of leadership buy-in
    • Skills and understanding around risk management within IT
    • Skills and understanding around risk management within the organization
    • Lack of a defined risk management posture
    		 Opportunities
    • Changes in regulations related to risk
    • Organization moving toward an integrated risk management program
    • Ability to leverage lessons learned from similar companies
    • Strong process management and adherence to policies by employees in the organization

    1.2.2 Determine the risk culture of your organization

    1-3 hours

    Determine how your organization fits the criteria listed below. Descriptions and examples do not have to match your organization perfectly.

    Risk Tolerant
    • You have no compliance requirements.
    • You have no sensitive data.
    • Customers do not expect you to have strong security controls.
    • Revenue generation and innovative products take priority and risk is acceptable.
    • The organization does not have remote locations.
    • It is likely that your organization does not operate within the following industries:
      • Finance
      • Health care
      • Telecom
      • Government
      • Research
      • Education
    		 Moderate
    • You have some compliance requirements, e.g.:
      • HIPAA
      • PIPEDA
    • You have sensitive data, and are required to retain records.
    • Customers expect strong security controls.
    • Information security is visible to senior leadership.
    • The organization has some remote locations.
    • Your organization most likely operates within the following industries:
      • Government
      • Research
      • Education
    		 Risk Averse
    • You have multiple, strict compliance and/or regulatory requirements.
    • You house sensitive data, such as medical records.
    • Customers expect your organization to maintain strong and current security controls.
    • Information security is highly visible to senior management and public investors.
    • The organization has multiple remote locations.
    • Your organization operates within the following industries:
      • Finance
      • Healthcare
      • Telecom

    Be aware of the organization’s attitude towards risk

    Risk culture is an organization’s attitude towards taking risks. This attitude manifests itself in two ways:

    One element of risk culture is what levels of risk the organization is willing to accept to pursue its objectives and what levels of risk are deemed unacceptable. This is often called risk appetite.
    Risk tolerant

    Risk-tolerant organizations embrace the potential of accelerating growth and the attainment of business objectives by taking calculated risks.

    		 Risk averse

    Risk-averse organizations prefer consistent, gradual growth and goal attainment by embracing a more cautious stance toward risk.
    The other component of risk culture is the degree to which risk factors into decision making.
    Risk conscious

    Risk-conscious organizations place a high priority on being aware of all risks impacting business objectives, regardless of whether they choose to accept or respond to those risks.

    		 Unaware

    Organizations that are largely unaware of the impact of risk generally believe there are few major risks impacting business objectives and choose to invest resources elsewhere.

    Info-Tech Insight

    Organizations typically fall in the middle of these spectrums. While risk culture will vary depending on the industry and maturity of the organization, a culture with a balanced risk appetite that is extremely risk conscious is able to make creative, dynamic decisions with reasonable limits placed on risk-related decision making.

    1.2.3 Develop goals for the IT risk management program

    1-4 hours

    Input: Integrated Risk Maturity Assessment, Risk Culture, Pain Points and Opportunities

    Output: Goals for the IT risk management program

    Materials: Risk Management Program Manual

    Participants: IT executive leadership, Business executive leadership

    Translate your maturity assessment and knowledge about organizational risk culture, potential obstacles, and success factors to develop goals for your IT risk management program.

    Instructions:

    1. In the Risk Management Program Manual, revise, replace, or add to the high-level goals provided in section 2.4.
    2. Make sure that you have three to five high-level goals that reflect the current and targeted maturity of IT risk management processes.
    3. Integrate potential obstacles, pain points, and insights from the organization’s risk culture.

    Record the results in the Risk Management Program Manual.

    1.2.4 Develop SMART project metrics

    1-3 hours

    Create metrics for measuring the success of the IT risk management program.

    Ensure that all success metrics are SMART Instructions
    1. Document a list of appropriate metrics to assess the success of the IT risk management program on a whiteboard.
    2. Use the sample metrics listed in the table on the next slide as a starting point.
    3. Fill in the chart to indicate the:
      1. Name of the success metric
      2. Method for measuring success
      3. Baseline measurement
      4. Target measurement
      5. Actual measurements at various points throughout the process of improving the risk management program
      6. A deadline for each metric to meet the target measurement
    Strong Make sure the objective is clear and detailed.
    Measurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    Actionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    Realistic Objectives must be achievable given your current resources or known available resources.
    Time-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.

    1.2.4 Develop SMART project metrics (continued)

    1-3 hours

    Attach metrics to your goals to gauge the success of the IT risk management program.

    Replace the example metrics with accurate KPIs or metrics for your organization.

    Sample Metrics
    Name Method Baseline Target Deadline Checkpoint 1 Checkpoint 2 Final
    Number of risks identified (per year) Risk register 0 100 Dec. 31
    Number of business units represented (risk identification) Meeting minutes 0 5 Dec. 31
    Frequency of risk assessment Assessments recorded in risk management program manual 0 2 per year Year 2
    Percentage of identified risk events that undergo expected cost assessment Ratio of risks assessed in the risk costing tool to risks assessed in the risk register 0 20% Dec. 31
    Number of top risks without an identified risk response Risk register 5 0 March 1
    Cost of risk management program operations per year Meeting frequency and duration, multiplied by the cost of participation $2,000 $5,000 Dec. 31

    Create the IT risk committee (ITRC)

    Responsibilities of the ITRC:
    1. Formalize risk management processes.
    2. Identify and review major risks throughout the IT department.
    3. Recommend an appropriate risk appetite or level of exposure.
    4. Review the assessment of the impact and likelihood of identified risks.
    5. Review the prioritized list of risks.
    6. Create a mitigation plan to minimize risk likelihood and impact.
    7. Review and communicate overall risk impact and risk management success.
    8. Assign risk ownership responsibilities of key risks to ensure key risks are monitored and risk responses are effectively implemented.
    9. Address any concerns in regards to the risk management program, including, but not limited to, reviewing their risk management duties and resourcing.
    10. Communicate risk reports to senior management annually.
    11. Make any alterations to the committee roster and the individuals’ responsibilities as needed and document changes.
    		 Must be on the ITRC:
    • CIO
    • CRO (if applicable)
    • Senior Directors
    • Security Officer
    • Head of Operations

    Must be on the ITRC:

    • CFO
    • Senior representation from every business unit impacted by IT risk

    1.2.5 Create the IT risk council

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Goals for the IT risk management program

    Materials: Risk Management Program Manual

    Participants: CIO, CRO (if applicable), Senior Directors, Head of Operations

    Identify the essential individuals from both the IT department and the business to create a permanent committee that meets regularly and carries out IT risk management activities.

    Instructions:

    1. Review sections 3.1 (Mandate) and 3.2 (Agenda and Responsibilities) of the IT Risk Committee Charter, located in the Risk Management Program Manual. Make any necessary revisions.
    2. In section 3.3, document how frequently the council is scheduled to meet.
    3. In section 3.4, document members of the IT risk council.
    4. Obtain sign-off for the IT risk council from the CIO or another member of the senior leadership team in section 3.5 of the manual.

    Record the results in the Risk Management Program Manual.

    1.2.6 Complete RACI chart

    1-3 hours

    A RACI diagram is a useful visualization that identifies redundancies and ensures that every role, project, or task has an accountable party.

    RACI is an acronym made up of four participatory roles: Instructions
    1. Use the template provided on the following slide, and add key stakeholders who do not appear and are relevant for your organization.
    2. For each activity, assign each stakeholder a letter.
    3. There must be an accountable party for each activity (every activity must have an “A”).
    4. For activities that do not apply to a particular stakeholder, leave the space blank.
    5. Once the chart is complete, copy/paste it into section 4.1 of the Risk Management Program Manual.
    Responsible Stakeholders who undertake the activity.
    Accountable Stakeholders who are held responsible for failure or take credit for success.
    Consulted Stakeholders whose opinions are sought.
    Informed Stakeholders who receive updates.

    1.2.6 Complete RACI chart (continued)

    1-3 hours

    Assign risk management accountabilities and responsibilities to key stakeholders:

    Stakeholder Coordination Risk Identification Risk Thresholds Risk Assessment Identify Responses Cost-Benefit Analysis Monitoring Risk Decision Making
    ITRC A R I R R R A C
    ERM C I C I I I I C
    CIO I A A A A A I R
    CRO I R C I R
    CFO I R C I R
    CEO I R C I A
    Business Units I C C C
    IT I I I I I I R C
    PMO C C C
    Legend: Responsible Accountable Consulted Informed

    Build an IT Risk Management Program

    Phase 2

    Identify and Assess IT Risk

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks
      •

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Add organization-specific risk scenarios
    • Identify risk events
    • Augment risk event list using COBIT 2019 processes
    • Conduct a PESTLE analysis
    • Determine the threshold for (un)acceptable risk
    • Create a financial impact assessment scale
    • Select a technique to measure reputational cost
    • Create a likelihood scale
    • Assess risk severity level
    • Assess expected cost

    This phase involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business Risk Owners

    Step 2.1

    Identify IT Risks

    Activities
    • 2.1.1 Add organization-specific risk scenarios
    • 2.1.2 Identify risk events
    • 2.1.3 Augment risk event list using COBIT 19 processes
    • 2.1.4 Conduct a PESTLE analysis

    This step involves the following participants:

    • IT executive leadership
    • IT Risk Council
    • Business executive leadership
    • Business risk owners

    Outcomes of this step

    • Participation of key stakeholders
    • Comprehensive list of IT risk events
    Identify and Assess IT Risk
    Step 2.1 Step 2.2

    Get to know what you don’t know

    1. Engage the right stakeholders in risk identification.
    2. Employ Info-Tech’s top-down approach to risk identification.
    3. Augment your risk event list using alternative frameworks.
    		 Key metrics:
    • Total risks identified
    • New risks identified
    • Frequency of updates to the Risk Register Tool
    • Number of realized risk events not identified in the Risk Register Tool
    • Level of business participation in enterprise IT risk identification
      • Number of business units represented
      • Number of meetings attended in person
      • Number of risk reports received

    Info-Tech Insight

    What you don’t know CAN hurt you. How do you identify IT-related threats and vulnerabilities that you are not already aware of? Now that you have created a strong risk governance framework that formalizes risk management within IT and connects it to the enterprise, follow the steps outlined in this section to reveal all of IT’s risks.

    Engage key stakeholders

    Ensure that all key risks are identified by engaging key business stakeholders.

    Benefits of obtaining business involvement during the risk identification stage:
    • You will identify risk events you had not considered or you weren’t aware of.
    • You will identify risks more accurately.
    • Risk identification is an opportunity to raise awareness of IT risk management early in the process.

    Executive Participation:

    • CIO participation is integral when building a comprehensive register of risk events impacting IT.
    • CIOs and IT directors possess a holistic view of all of IT’s functions.
    • CIOs and IT directors are uniquely placed to identify how IT affects other business units and the attainment of business objectives. If applicable, CRO and CTO participation is also critical.

    Prioritizing and Selecting Stakeholders

    1. Reliance on IT services and technologies to achieve business objectives.
    2. Relationship with IT, and willingness to engage in risk management activities.
    3. Unique perspectives, skills, and experiences that IT may not possess.

    Info-Tech Insight

    While IT personnel are better equipped to identify IT risk than anyone, IT does not always have an accurate view of the business’ exposure to IT risk. Strive to maintain a 3 to 1 ratio of IT to non-IT personnel involved in the process.

    Enable IT to target risk holistically

    Take a top-down approach to risk identification to guide brainstorming

    Info-Tech’s risk categories are consistent with a risk identification method called Risk Prompting.

    A risk prompt list is a list that categorizes risks into types or areas. The n10 risk categories encapsulate the services, activities, responsibilities, and functions of most IT departments. Use these categories and the example risk scenarios provided as prompts to guide brainstorming and organize risks.

    Risk Category: High-level groupings that describe risk pertaining to major IT functions. See the following slide for all ten of Info-Tech’s IT risk categories. Risk Scenario: An abstract profile representing common risk groups that are more specific than risk categories. Typically, organizations are able to identify two to five scenarios for each category. Risk Event: Specific threats and vulnerabilities that fall under a particular risk scenario. Organizations are able to identify anywhere between 1 and 20 events for each scenario. See the Appendix of the Risk Management Program Manual for a list of risk event examples.

    Risk Category

    Risk Scenario

    Risk Event
    Compliance Regulatory compliance Being fined for not complying/being aware of a new regulation.
    Externally originated attack Phishing attack on the organization.
    Operational Technology evaluation & selection Partnering with a vendor that is not in compliance with a key regulation.
    Capacity planning Not having sufficient resources to support a DRP.
    Third-Party Risk Vendor management Vendor performance requirements are improperly defined.
    Vendor selection Vendors are improperly selected to meet the defined use case.

    2.1.1 Add organization-specific risk scenarios

    1-3 hours

    Review Info-Tech’s ten IT risk categories and add risk scenarios to the examples provided.

    IT Reputational
    • Negative PR
    • Consumers writing negative reviews
    • Employees writing negative reviews
    		 IT Financial
    • Stock prices drop
    • Value of the organization is reduced
    		 IT Strategic
    • Organization prioritizes innovation but remains focused on operational
    • Unable to access data to support strategic initiative
    		 Operational
    • Enterprise architecture
    • Technology evaluation and selection
    • Capacity planning
    • Operational errors
    		 Availability
    • Power outage
    • Increased data workload
    • Single source of truth
    • Lacking knowledge transfer processes for critical tasks
    Performance
    • Network failure
    • Service levels not being met
    • Capacity overload
    		 Compliance
    • Regulatory compliance
    • Standards compliance
    • Audit compliance
    		Security
    • Malware
    • Internally originated attack
    		 Third Party
    • Vendor selection
    • Vendor management
    • Contract termination
    		 Digital
    • No back-up process if automation fails

    2.1.2 Identify risk events

    1-4 hours

    Input: IT risk categories

    Output: Risk events identified and categorized

    Materials: Risk Register Tool

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owners, CRO (if applicable)

    Use Info-Tech’s IT risk categories and scenarios to brainstorm a comprehensive list of IT-related threats and vulnerabilities impacting your organization.

    Instructions:

    1. Document risk events in the Risk Register Tool.
    2. List risk scenarios (organized by risk category) in the Risk Events/Threats column.
    3. Disseminate the list to key stakeholders who were unable to participate and solicit their feedback.
      • Consult the RACI chart located in section 4.1 of the Risk Management Program Manual.
    4. Attack one scenario at a time, exhausting all realistic risk events for that grouping before moving onto the next scenario. Each scenario should take approximately 45-60 minutes.

    Tip: If disagreement arises regarding whether a specific risk event is relevant to the organization or not and it cannot be resolved quickly, include it in the list. The applicability of these risks will become apparent during the assessment process.

    Record the results in the Risk Register Tool.

    2.1.3 Augment the risk event list using COBIT 2019 processes (Optional)

    1-3 hours

    Other industry-leading frameworks provide alternative ways of conceptualizing the functions and responsibilities of IT and may help you uncover additional risk events.

    1. Managed IT Management Framework
    2. Managed Strategy
    3. Managed Enterprise Architecture
    4. Managed Innovation
    5. Managed Portfolio
    6. Managed Budget and Costs
    7. Managed Human Resources
    8. Managed Relationships
    9. Managed Service Agreements
    10. Managed Vendors
    11. Managed Quality
    12. Managed Risk
    13. Managed Security
    14. Managed Data
    15. Managed Programs
    16. Managed Requirements Definition
    17. Managed Solutions Identification and Build
    18. Managed Availability and Capacity
    19. Managed Organizational Change Enablement
    20. Managed IT Changes
    1. Managed IT Change Acceptance and Transitioning
    2. Managed Knowledge
    3. Managed Assets
    4. Managed Configuration
    5. Managed Projects
    6. Managed Operations
    7. Managed Service Requests and Incidents
    8. Managed Problems
    9. Managed Continuity
    10. Managed Security Services
    11. Managed Business Process Controls
    12. Managed Performance and Conformance Monitoring
    13. Managed System of Internal Control
    14. Managed Compliance with External Requirements
    15. Managed Assurance
    16. Ensured Governance Framework Setting and Maintenance
    17. Ensured Benefits Delivery
    18. Ensured Risk Optimization
    19. Ensured Resource Optimization
    20. Ensured Stakeholder Engagement

    Instructions:

    1. Review COBIT 2019’s 40 IT processes and identify additional risk events.
    2. Match risk events to the corresponding risk category and scenario and add them to the Risk Register Tool.

    2.1.4 Finalize your risk register by conducting a PESTLE analysis (Optional)

    1-3 hours

    Explore alternative identification techniques to incorporate external factors and avoid “groupthink.”

    Consider the External Environment – PESTLE Analysis

    Despite efforts to encourage equal participation in the risk identification process, key risks may not have been shared in previous exercises.

    Conduct a PESTLE analysis as a final safety net to ensure that all key risk events have been identified.

    		 Avoid “Groupthink” – Nominal Group Technique

    The Nominal Group Technique uses the silent generation of ideas and an enforced “safe” period of time where ideas are shared but not discussed to encourage judgement-free idea generation.

    • Ideas are generated silently and independently.
    • Ideas are then shared and documented; however, discussion is delayed until all of the group’s ideas have been recorded.
    • Idea generation can occur before the meeting and be kept anonymous.

    Note: Employing either of these techniques will lengthen an already time-consuming process. Only consider these techniques if you have concerns regarding the homogeneity of the ideas being generated or if select individuals are dominating the exercise.
    List the following factors influencing the risk event:
    • Political factors
    • Economic factors
    • Social factors
    • Technological factors
    • Legal factors
    • Environmental factors
    		 'PESTLE Analysis' presented as a wheel with the acronym's meanings surrounding the title. 'Political Factors', 'Economic Factors', 'Social Factors', 'Technological Factors', 'Legal Factors', and 'Environmental Factors'.

    Step 2.2

    Assess and Prioritize IT Risks

    Activities
    • 2.2.1 Determine the threshold for (un)acceptable risk
    • 2.2.2 Create a financial impact assessment scale
    • 2.2.3 Select a technique to measure reputational cost
    • 2.2.4 Create a likelihood scale
    • 2.2.5 Risk severity level assessment
    • 2.2.6 Expected cost assessment

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business risk owners

    Outcomes of this step

    • Business-approved thresholds for unacceptable risk
    • Completed Risk Register Tool with risks prioritized according to severity
    • Expected cost calculations for high-priority risks

    Identify and Assess IT Risk

    Step 2.1 Step 2.2

    Reveal the organization’s greatest IT threats and vulnerabilities

    1. Establish business-approved risk thresholds for acceptable and unacceptable risk.
    2. Conduct a streamlined assessment of all risks to separate acceptable and unacceptable risks.
    3. Perform a deeper, cost-based assessment of prioritized risks.
    		 Key metrics:
    • Frequency of IT risk assessments
      • (Annually, bi-annually, etc.)
    • Assessment accuracy
      • Percentage of risk assessments that are substantiated by later occurrences or testing
      • Ratio of cumulative actual costs to expected costs
    • Assessment consistency
      • Percentage of risk assessments that are substantiated by third-party audit
    • Assessment rigor
      • Percentage of identified risk events that undergo first-level assessment (severity scores)
      • Percentage of identified risk events that undergo second-level assessment (expected cost)
    • Stakeholder oversight and participation
      • Level of executive participation in IT risk assessment (attend in person, receive report, etc.)
      • Number of business stakeholder reviews per risk assessment

    Info-Tech Insight

    Risk is money. It’s impossible to make intelligent decisions about risks without knowing what their financial impact will be.

    Review risk assessment fundamentals

    Risk assessment provides you with the raw materials to conduct an informed cost-benefit analysis and make robust risk response decisions.

    In this section, you will be prioritizing your IT risks according to their risk severity, which is a reflection of their expected cost.

    Calculating risk severity

    How much you expect a risk event to cost if it were to occur:

    Likelihood of Risk Impact

    e.g. $250,000 or “High”

    X

    		 Calibrated by how likely the risk is to occur:

    Likelihood of Risk Occurrence

    e.g. 10% or “Low”

    =

    		 Produces a dollar value or “severity level” for comparing risks:

    Risk Severity

    e.g. $25,000 or “Medium”    		 Which must be evaluated against thresholds for acceptable risk and the cost of risk responses.

    Risk Tolerance
    Risk Response
    CBA
    Cost-benefit analysis

    Maintain the engagement of key stakeholders in the risk assessment process

    1

    Engage the Business During Assessment Process

    Asking business stakeholders to make significant contributions to the assessment exercise may be unrealistic (particularly for members of the senior leadership team, other than the CIO).

    Ensure that they work with you to finalize thresholds for acceptable or unacceptable risk.

    2

    Verify the Risk Impact and Assessment

    If IT has ranked risk events appropriately, the business will be more likely to offer their input. Share impact and likelihood values for key risks to see if they agree with the calculated risk severity scores.

    3

    Identify Where the Business Focuses Attention

    While verifying, pay attention to the risk events that the business stresses as key risks. Keep these risks in mind when prioritizing risk responses as they are more likely to receive funding.

    Try to communicate the assessments of these risk events in terms of expected cost to attract the attention of business leaders.

    Info-Tech Insight

    If business executives still won’t provide the necessary information to update your initial risk assessments, IT should approach business unit leaders and lower-level management. Lean on strong relationships forged over time between IT and business managers or supervisors to obtain any additional information.

    Info-Tech recommends a two-level approach to risk assessment

    Review the two levels of risk assessment offered in this blueprint.

    Risk severity level assessment (mandatory)

    1

    		Information

    Number of risks: Assess all risk events identified in Phase 1.
    Units of measurement: Use customized likelihood and impact “levels.”
    Time required: One to five minutes per risk event.

    		Assess Likelihood

    Negligible
    Low
    Moderate
    High
    Very High

    X

    		Assess Likelihood

    Negligible
    Low
    Moderate
    High
    Very High

    =

    		Output


    Risk Security Level:

    Moderate

    Example of a risk severity level assessment chart.
    Chart risk events according to risk severity as this allows you to organize and prioritize IT risks.

    Assess all of your identified risk events with a risk severity-level assessment.

    • By creating a likelihood and impact assessment scale divided into three to nine “levels” (sometimes referred to as “buckets”), you can evaluate every risk event quickly while being confident that risks are being assessed accurately.
    • In the following activities, you will create likelihood and impact scales that align with your organizational risk appetite and tolerance.
    • Severity-level assessment is a “first pass” of your risk list, revealing your organization’s most severe IT risks, which can be assessed in greater detail by incorporating expected cost into your evaluation.

    Info-Tech recommends a two-level approach to risk assessment (continued)

    Expected cost assessment (optional)

    2

    		Information

    Number of risks: Only assess high-priority risks revealed by severity-level assessment.
    Units of measurement: Use actual likelihood values (%) and impact costs ($).
    Time required: 10-20 minutes per risk event.

    		Assess Likelihood

    15%

    Moderate

    X

    		Assess Likelihood

    $100,000

    High

    =

    		Output


    Expected Cost:

    $15,000

    Expected cost is useful for conducting cost-benefit analysis and comparing IT risks to non-IT risks and other budget priorities for the business.

    Conduct expected cost assessments for IT’s greatest risks.

    For risk events warranting further analysis, translate risk severity levels into hard expected-cost numbers.

    Why conduct expected cost assessments?
    • Expected cost represents how much you would expect to pay in an average year for each risk event.
    • Communicate risk priorities to the business in language they can understand.
    • While risk severity levels are useful for comparing one IT risk to another, expected cost data allows the business to compare IT risks to non-IT risks that may not use the same scales.
    		 Why is expected cost assessment optional?
    • Determining robust likelihood values and precise impact estimates can be challenging and time consuming.
    • Some risk events may require extensive data gathering and industry analysis.

    Implement and leverage a centralized risk register

    The purpose of the risk register is to act as the repository for all the risks that have been identified within your environment.

    Use this tool to:

    1. Collect and maintain a repository for all IT risk events impacting the organization and relevant information for each risk.
      • Capture all relevant IT risk information in one location.
      • Organize risk identification and assessment information for transparent risk management, stakeholder review, and/or internal audit.
    2. Calculate risk severity scores to prioritize risk events and determine which risks require a risk response.
      • Separate acceptable and unacceptable risks (as determined by the business).
      • Rank risks based on severity levels.
    3. Assess risk responses and calculate residual risk.
      • Evaluate the effect that proposed risk response actions will have on top risk events and quantify residual risk magnitude.
      • This step will be completed in section 3.1

    2.2.1 Determine the threshold for (un)acceptable risk

    1-4 hours

    Input: Risk events, Risk appetite

    Output: Threshold for risk identified

    Materials: Risk Register Tool, Risk Management Program Manual

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    There are times when the business needs to know about IT risks with high expected costs.

    1. Create an expected cost threshold that defines what constitutes an acceptable and unacceptable risk for the organization. This figure should be a concrete dollar value. In the next exercises, you will build risk impact and likelihood scales with this value in mind, ensuring that “high” or “extreme” risks are immediately communicated to senior leadership.
    2. Do not consider IT budget restrictions when developing this number. The acceptable risk threshold should reflect the business’ tolerance/appetite for risk.

    This threshold is typically based on the organization’s ability to absorb financial losses, and its tolerance/appetite towards risk.

    If your organization has ERM, adopt the existing acceptability threshold.

    Record this threshold in section 5.3 of the Risk Management Program Manual

    2.2.2 Create a financial impact assessment scale

    1-4 hours

    Input: Risk events, Risk threshold

    Output: Financial impact scale created

    Materials: Risk Register Tool, Risk Management Program Manual

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    1. Create a scale to assess the financial impact of risk events.
      • Typically, risk impacts are assessed on a scale of 1-5; however, some organizations may prefer to assess risks using 3, 4, 7, or 9-point scales.
    2. Ensure that the unacceptable risk threshold is reflected in the scale.
      • In the example provided, the unacceptable risk threshold ($100,000) is represented as “High” on the impact scale.
    3. Attach labels to each point on the scale. Effective labels will easily distinguish between risks on either side of the unacceptable risk threshold.

    Record the risk impact scale in section 5.3 of the Risk Management Program Manual

    Convert project overruns and service outages into costs

    Use the tables below to quickly convert impacts typically measured in units of time to financial cost. Replace the values in the table with those that reflect your own costs.

    • While project overruns and service outages may have intangible impacts beyond the unexpected costs stemming from paying employees and lost revenue (such as adding complexity to project management and undermining the business’ confidence in IT), these measurements will provide adequate impact estimations for risk assessment.
    • Remember, complex risk events can be analyzed further with an expected cost assessment.
    Project Overruns Scale for the use of cost assessment with dollar amounts associated with impact levels. '$250,000 - Extreme', '$100,000 - High', '$60,000 - Moderate', '$35,000 - Low', '$10,000 - Negligible'.

    Project

    Time (days)

    20 days

    Number of employees

    8

    Average cost per employee (per day)

    $300

    Estimated cost

    $48,000
    Service Outages

    Service

    Time (hours)

    4 hours

    Lost revenue (per hour)

    $10,000

    Estimated cost

    $40,000

    Impact scale

    Low

    2.2.3 Select a technique to measure reputational cost (1 of 3)

    1-3 hours

    Realized risk events may have profound reputational costs that do not immediately impact your bottom line.

    Reputational cost can take several forms, including the internal and external perception of:
    1. Brand likeability
    2. Product quality
    3. Leadership capability
    4. Social responsibility

    Based on your industry and the nature of the risk, select one of the three techniques described in this section to incorporate reputational costs into your risk assessment.

    		 Technique #1 – Use financial indicators:

    For-profit companies typically experience reputational loss as a gradual decline in the strength of their brand, exclusion from industry groups, or lost revenue.

    If possible, use these measures to put a price on reputational loss:

    • Lost revenue attributable to reputation loss
    • Loss of market share attributable to reputation loss
    • Drops in share price attributable to reputation loss (for public companies)

    Match this dollar value to the corresponding level on the impact scale created in Activity 2.2.2.

    • If you are not able to effectively translate all reputational costs into financial costs, proceed to techniques 2 and 3 on the following slides.

    2.2.3 Select a technique to measure reputational cost (2 of 3)

    1-3 hours
    It is common for public sector or not-for-profit organizations to have difficulty putting a price tag on intangible reputational costs.
    • For example, a government organization may be unable to directly quantify the cost of losing the confidence and/or support of the public.
    • A helpful technique is to reframe how reputation is assigned value.
    		 Technique #2 – Calculate the value of avoiding reputational cost:
    1. Imagine that the particular risk event you are assessing has occurred. Describe the resulting reputational cost using qualitative language.

    For example:

    A data breach, which caused the unsanctioned disclosure of 2,000 client files, has inflicted high reputational costs on the organization. These have impacted the organization in the following ways:

    • Loss of organizational trust in IT
    • IT’s reputation as a value provider to the organization is tarnished
    • Loss of client trust in the organization
    • Potential for a public reprimand of the organization by the government to restore public trust
  • Then, determine (hypothetically) how much money the organization would be willing to spend to prevent the reputational cost from being incurred.
  • Match this dollar value to the corresponding level on the impact scale created in Activity 2.2.2.
    		•

    2.2.3 Select a technique to measure reputational cost (3 of 3)

    1-3 hours

    If you feel that the other techniques have not reflected reputational impacts in the overall severity level of the risk, create a parallel scale that roughly matches your financial impact scale.

    Technique #3 – Create a parallel scale for reputational impact:

    Visibility is a useful metric for measuring reputational impact. Visibility measures how widely knowledge of the risk event has spread and how negatively the organization is perceived. Visibility has two main dimensions:

    • Internal vs. External
    • Low Amplification vs. High Amplification

      • Internal/External: The further outside of the organization that the risk event is visible, the higher the reputational impact.
      Low/High Amplification: The greater the ability of the actor to communicate and amplify the occurrence of a risk event, the higher the reputational impact.
      After establishing a scale for reputational impact, test whether it reflects the severity of the financial impact levels in the financial impact scale.

    • For example, if the media learns about a recent data breach, does that feel like a $100,000 loss?
    		 Example:
    Scale for the use of cost assessment of reputational impact with dimension combinations associated with impact levels. 'External, High Amp, (regulators, lawsuits) - Extreme', 'Internal, High Amp, (CEO) - Low', 'Internal, Low Amp (IT) - Negligible'.

    2.2.4 Create a likelihood scale

    1-3 hours

    Instructions:
    1. Create a scale to assess the likelihood that a risk event will occur over a given period of time.
      • Info-Tech recommends assessing the likelihood that the risk event will occur over a period of one year (the IT risk council should be reassessing the risk event no less than once per year).
    2. Ensure that the likelihood scale contains the same number of levels as the financial impact scale (3, 4, 5, 7, or 9).
    3. The example provided is likely to satisfy most IT departments; however, you may customize the distribution of likelihood values to reflect the organization’s aversion towards uncertainty.
      • For example, an extremely risk-averse organization may consider any risk event with a likelihood greater than 20% to have a “High” likelihood of occurrence.
    4. Attach the same labels used for the financial impact scale (Low, Moderate, High, etc.)

    Record the risk impact scale in section 5.3 of the Risk Management Program Manual

    		 Scale to assess the likelihood that a risk event will occur. '80-99% - Extreme', '60-79% - High', '40-59% - Moderate' '20-39% - Low', '1-19% - Negligible'.

    Info-Tech Insight

    Note: Info-Tech endorses the use of likelihood values (1-99%) rather than frequency (3 times per year) as a measurement.
    For an explanation of why likelihood values lead to more precise and robust risk assessment, see the Appendix.

    2.2.5 Risk severity level assessment

    6-10 hours

    Input: Risk events identified

    Output: Assessed the likelihood of occurrence and impact for all identified risk events

    Materials: Risk Register Tool

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    1. Document the “Risk Category” and “Existing Controls.” in the Risk Register Tool.
      • (See the slide following this activity for tips on identifying existing controls.)
    2. Assign each risk event a likelihood and impact level.
      • Remember, you are assessing the impact that a risk event will have on the organization as a whole, not just on IT.
    3. When assigning a financial impact level to a risk event, factor in the likely number of instances that the event will occur within the time frame for which you are assessing (usually one year).
      • For risk events like third-party service outages that typically occur a few times each year, assign them an impact level that reflects the likelihood of financial impact the risk event will have over the entire year.
      • E.g. If your organization is likely to experience two major service outages next year and each outage costs the organization approximately $15,000, the total financial impact is $30,000.

    Record results in the Risk Register Tool

    2.2.5 Risk severity level assessment (continued)

    Instructions (continued):
    1. Assign a risk owner to non-negligible risk events.
      • For organizations that practice ongoing risk management and frequently reassess their risk portfolio (minimum once per year), risk ownership does not need to be assigned to “Negligible” or low-level risks.
      • View the following slides for advice on how to select a risk owner and information on their responsibilities.
    2. As you input the first few likelihood and impact values, compare them to one another to ensure consistency and accuracy:
      • Is a service outage really twice as impactful as our primary software provider going out of business?
      • Is a data breach far more likely than a ›1 hour web-services outage?
    		 Tips for Selecting Likelihood Values:

    Does ~10% sound right?

    Test a likelihood estimate by assessing the truth of the following statements:

    • The risk event will likely occur once in the next ten years (if the environment remains nearly identical).
    • If ten organizations existed that were nearly identical to our own, it is likely that one out of ten would experience the risk event this year.

    Screenshot of a risk severity level assessment.

    Identify current risk controls

    Consider how IT is already addressing key risks.

    Types of current risk control

    Tactical controls

    Apply to individual risks only.

    Example: A tactical control for backup/replication failure is faster WAN lines.

    		 Tactical risk control Strategic controls

    Apply to multiple risks.

    Example: A strategic control for backup/replication failure is implementing formal DR plans.

    		 Strategic risk control
    Risk event Risk event Risk event

    Screenshot of the column headings on the risk severity level assessment with 'Current Controls' highlighted.
    Consider both tactical and strategic controls already in place when filling out risk event information in the Risk Register Tool.

    Info-Tech Insight

    Identifying existing risk controls (past risk responses) provides a clear picture of the measures already in place to avoid, mitigate, or transfer key risks. This reveals opportunities to improve existing risk controls, or where new strategies are needed, to reduce risk severity levels below business thresholds.

    Assign a risk owner for each risk event

    Designate a member of the IT risk council to be responsible for each risk event.

    Selecting the Appropriate Risk Owner

    Use the following considerations to determine the best owner for each risk:

    • The risk owner should be familiar with the process, project, or IT function related to the risk event.
    • The risk owner should have access to the necessary data to monitor and measure the severity of the risk event.
    • The risk owner’s performance assessment should reflect their ability to demonstrate the ongoing management of their assigned risk events.

    Screenshot of the column headings on the risk severity level assessment with 'Risk Owner' highlighted.

    		 Risk Owner Responsibilities

    Risk ownership means that an individual is responsible for the following activities:

    • Monitoring the threat or vulnerability for changes in the likelihood of occurrence and/or likely impact.
    • Monitoring changes in the market and external environment that may alter the severity of the risk event.
    • Monitoring changes of closely related risks with interdependencies.
    • Developing and using key risk indicators (KRIs) to measure changes in risk severity.
    • Regularly reporting changes in risk severity to the IT risk council.
    • If necessary, escalating the risk event to other IT risk council personnel or senior management for reassessment.
    • Monitoring risk severity levels for risk events after a risk response has been implemented.

    Use Info-Tech’s Risk Costing Tool to calculate the expected cost of IT’s high-priority risks (optional)

    Sample of the Risk Costing Tool.

    Use this tool to:

    1. Conduct a deeper analysis of severe risks.
      • Determine specific likelihood and financial impact values to communicate the severity of the risk in the Expected Cost tab.
      • Identify the maximum financial impact that the risk event may inflict.
    2. Assess the effectiveness of multiple risk responses for each risk event.
      • Determine how proposed risk events will change the likelihood of occurrence and financial impact of the risk event.
    3. Incorporate risk proximity into your cost-benefit analysis of risk responses.
      • Illustrate how spending decisions will impact the expected cost of the risk event over time.

    2.2.6 Expected cost assessment (optional)

    Assign likelihood and financial impact values to high-priority risks.

    Select risks with these characteristics:

    Strongly consider conducting an expected cost assessment for risk events that meet one or more of the following criteria.

    The risk:

    • Has been assigned to the highest risk severity level.
    • Has exposed the organization previously and had severe implications.
    • Exceeds the organization’s threshold for financial impact.
    • Involves an IT function that is highly visible to the business.
    • Will likely require risk response actions that will exceed current IT budgetary constraints.
    • Is conducive to expected cost assessment:
      • There is general consensus on likelihood estimates.
      • There is general consensus on financial impact estimates.
      • Historical data exists to support estimates.
    		 Determine which risks require a deeper assessment:

    Info-Tech recommends conducting a second-level assessment for 5-15% of your IT risk register.

    Communicating the expected cost of high-priority risks significantly increases awareness of IT risks by the business.

    Communicating risks to the business using their language also increases the likelihood that risk responses will receive the necessary support and investment


    Record the list of risk events requiring second-level assessment in the Risk Costing Tool.

    • Transfer the likelihood and impact levels for each event into the Risk Costing Tool using data from the Risk Register Tool.

    2.2.6 Expected cost assessment (continued)

    Assign likelihood and financial impact values to high-priority risks.

    Instructions:
    1. Go through the list of prioritized risks in the Risk Costing Tool one by one. Indicate the likelihood and impact level (from the Risk Register Tool) for the risk event being assessed.
    2. Record likelihood values (1-99%) and impact values ($) from participants.
      • Only record values from individuals that indicate they are fairly confident with their estimates.
      • Keep likelihood estimates to values that are multiples of five.
    3. Estimate and record the maximum impact that the risk event could inflict.
      • See Appendix III for information on how the possibility of high-impact scenarios may influence your decision making.
    4. Discuss the estimates provided. Eliminate outliers and retracted estimates.
      • If you are unable to achieve consensus, take the average of the values provided.
    5. If you are having difficulty arriving at a likelihood or impact value, select the median value of the level assigned to the risk during the risk severity level assessment.
      • E.g. Risk event assigned to likelihood level “Moderate” (20-39%). Select a likelihood value of 30%.

    Screenshot of the column headings on the risk severity level assessment with 'Optional Inherent Likelihood Parameters' and 'Optional Inherent Impact Parameters' highlighted.

    		 Who should participate?
    • Depending on the size of your IT risk council, you may want to consider conducting this exercise in a smaller group.
    • Ideally, you should try to find the right balance between ensuring that the necessary experience and knowledge is in the room while insulating the exercise from outlier opinions, noise, and distractions.

    Evaluate likelihood and impact

    Refine your risk assessment process by developing more accurate measurements of likelihood and impact.

    Intersubjective likelihood

    The goal of the expected cost assessment is to develop robust intersubjective estimates of likelihood and financial impact.

    By aggregating a number of expert opinions of what they deem to be the “correct” value, you will arrive at a collectively determined value that better reflects reality than an individual opinion.

    Example: The Delphi Method

    The Delphi Method is a common technique to produce a judgement that is representative of the collective opinion of a group.

    • Participants are sent a series of sequential questionnaires (typically by email).
    • The first questionnaire asks them what the likelihood, likely impact, and expected cost is for a specific risk event.
    • Data from the questionnaire is compiled and then communicated in a subsequent questionnaire, which encourages participants to restate or revise their estimates given the group’s judgements.
    • With each successive questionnaire, responses will typically converge around a single intersubjective value.
    		Justifying Your Estimates:

    When asked to explain the numbers you arrived at during the risk assessment, pointing to an assessment methodology gives greater credibility to your estimates.

    • Assign one individual to take notes during the assessment exercise.
    • Have them document the main rationale behind each value and the level of consensus.

    Info-Tech Insight

    The underlying assumption behind intersubjective forecasting is that group judgements are more accurate than individual judgements. However, this may not be the case at all.

    Sometimes, a single expert opinion is more valuable than many uninformed opinions. Defining whose opinion is valuable and whose is not is an unpleasant exercise; therefore, selecting the right personnel to participate in the exercise is crucially important.

    Build an IT Risk Management Program

    Phase 3

    Monitor, Respond, and Report on IT Risk

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities
      •

    This phase will walk you through the following activities:

    • Develop key risk indicators (KRIs) and escalation protocols
    • Establish the reporting schedule
    • Identify and assess risk responses
    • Analyze risk response cost-benefit
    • Create multi-year cost projections
    • Obtain executive approval for risk action plans
    • Socialize the Risk Report
    • Transfer ownership of risk responses to project managers
    • Finalize the Risk Management Program Manual

    This phase involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Risk business owner

    Step 3.1

    Monitor IT Risks and Develop Risk Responses

    Activities
    • 3.1.1 Develop key risk indicators (KRIs) and escalation protocols
    • 3.1.2 Establish the reporting schedule
    • 3.1.3 Identify and assess risk responses
    • 3.1.4 Risk response cost-benefit analysis
    • 3.1.5 Create multi-year cost projections

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business risk owner

    Outcomes of this step

    • Completed risk event action plans
    • Risk responses identified and assessed for top risks
    • Risk response selected for top risks

    Monitor, Respond, and Report on IT Risk

    Step 3.1 Step 3.2

    Use Info-Tech’s Risk Event Action Plan to manage high-priority risks

    Manage risks in between risk assessments and create a paper trail for key risks that exceed the unacceptable risk threshold. Use a new form for every high-priority risk that requires tracking.

    Risk Event Action Plan Sample of the Risk Event Action Plan deliverable.

    Obtaining sign-off from the senior leadership team or from the ERM office is an important step of the risk management process. The Risk Event Action Plan ensures that high-priority risks are closely monitored and that changes in risk severity are detected and reported.

    Clear documentation is a way to ensure that critical information is shared with management so that they can make informed risk decisions. These reports should be succinct yet comprehensive; depending on time and resources, it is good practice to fill out this form and obtain sign-off for the majority of IT risks.

    3.1.1 Develop key risk indicators (KRIs) and escalation protocols

    The risk owner should be held accountable for monitoring their assigned risks but may delegate responsibility for these tasks.

    Instructions:
    1. Design key risk indicators (KRIs) for risks that measure changes in their severity and document them in the Risk Event Action Plan.
      • See the following slide for examples.
    2. Clearly document the risk owner and the individual(s) carrying out risk monitoring activities (delegates) in the Risk Event Action Plan.

    Note: Examples of KRIs can be found on the following slide.

    		 What are KRIs?
    • KRIs should be observable metrics that alert the IT risk council and management when risk severity exceeds acceptable risk thresholds.
    • KRIs should serve as tripwires or early-warning indicators that trigger further actions to be taken on the risk.
    • Further actions may include:
      • Escalation to the risk owner (if delegated) or to a member of the senior leadership team.
      • Reporting to the IT risk council or IT steering committee.
      • Reassessment.
      • Updating the risk monitoring schedule.

    Document KRIs, escalation thresholds, and escalation protocols for each risk in a Risk Event Action Plan.

    Developing KRIs for success

    Visualization of KRI development, from the 'Risk Event' to the 'Intermediate Steps' with 'KRI Measurements' to the image of a growing seed.

    Examples of KRIs

    • Number of resources who quit or were fired who had access to critical data
    • Number of risk mitigation initiatives unfunded
    • Changes in time horizon of mitigation implementation
    • Number of employees who did not report phishing attempts
    • Amount of time required to get critical operations access to necessary data
    • Number of days it takes to implement a new regulation or compliance control

    3.1.2 Establish the reporting schedule

    For each risk event, document how frequently the risk owner must report to the IT risk council in the Risk Event Action Plan.

    • A clear reporting schedule enforces accountability for each risk event, ensuring that risk owners are fulfilling their monitoring responsibilities.
    • The ongoing discussion of risks between assessment cycles also increases overall awareness of how IT risks are not static but constantly evolving.
    Reporting Risk Event
    Weekly reports to ITRC Risk event severity represented as a thermometer with levels 'Extreme', 'High', 'Moderate', 'Low', and 'Negligible'.
    Bi-weekly reports to ITRC
    Monthly reports to ITRC
    Report to ITRC only if KRI thresholds triggered
    No reports; reassessed bi-annually

    Use Info-Tech’s tools to identify, analyze, and select risk responses

    1

    (Mandatory)    		Tool

    Screenshot of the Risk Register Tool.

    Risk Register Tool

    		Information
    • Develop risk responses for all risk events pre-populated on the “2. Risk Register” sheet of the Risk Register Tool.
    • Document the root cause of the risk (Activity 3.1.3) and other contributing factors (Activity 3.1.4).
    • Identify risk responses (Activity 3.1.5).
    • Predict the effectiveness of the risk response, if implemented, by estimating the residual likelihood and impact of the risk (Activity 3.1.5).
    • The tool will calculate the residual severity of the risk after applying the risk response.

    2

    (Optional)    		Tool

    Screenshot of the Risk Costing Tool.

    Risk Costing Tool

    		Information
    • Continue your second-level risk analysis for top risks for which you calculated expected cost in section 2.2.
    • Activity 3.1.5:
      • Identify between one and four risk response options for each risk.
      • Develop precise values for residual likelihood and impact.
      • Compare expected cost of the risk event to expected residual cost.
      • Select the risk response to recommend to senior leadership and document it in the Risk Register Tool.

    Determine the root cause of IT risks

    Root cause analysis

    Use the “Five Whys” methodology to identify the root cause and contributing/exacerbating factors for each risk event.

    Diagnosing the root cause of a risk as well as the environmental factors that increase its potential impact and likelihood of occurring allow you to identify more effective risk responses.

    Risk responses that only address the symptoms of the risk are less likely to succeed than responses that address the core issue.

    Concentric circles with 'Root Cause' at the center, 'Contributing Factors' around it, and 'Symptoms' on the outer circle.

    		 Example of 'The Five Whys Methodology', tracing symptoms to their root cause. In 'Symptoms' we see 'Risk Event: Network outage', Why? 'Network congestion', Why? Then on to 'Contributing Factors' the answer is 'Inadequate bandwidth for latency-sensitive applications', Why? 'Increased business use of latency-sensitive applications', Why? And finally to the 'Root Cause', 'Business units rely on 'real-time' data gathered from latency-sensitive applications', Why?

    Identify factors that contribute to the severity of the risk

    Environmental factors interact with the root cause to increase the likelihood or impact of the risk event.

    What factors matter?

    Identify relevant actors and assets that amplify or diminish the severity of the risk.

    Actors

    • Internal (business units)
    • External (vendor, regulator, market, competitor, hostile actor)

    Assets/Resources

    • Infrastructure
    • Applications
    • Processes
    • Information/data
    • Personnel
    • Reputation
    • Operations
    		 Develop risk responses that target contributing factors.
    Root cause:
    Business units rely on “real-time” data gathered from latency-sensitive applications

    Actors: Enterprise App users (Finance, Product Development, Product Management)

    Asset/resource: Applications, network

    Risk response:
    Decrease the use of latency-sensitive applications.

    X

    Decreasing the use of key apps contradicts business objectives.

    		 Contributing factors:
    Unreliable router software

    Actors: Network provider, router vendor, router software vendor, IT department

    Asset/resource: Network, router, router software

    Risk response:
    Replace the vendor that provides routers and router software.

    Replacing the vendor would reduce network outages at a relatively low cost.

    		 Symptoms:
    Network outage

    Actors: All business units, network provider

    Asset/resource: Network, business operations, employee productivity

    Risk response:
    Replace legacy systems.

    X

    Replacing legacy systems would be too costly.

    3.1.3 Identify and assess risk responses

    Instructions:
    Complete the following steps for each risk event.
    1. Identify a risk response action that will help reduce the likelihood of occurrence or the impact if the event were to occur.
      • Indicate the type of risk response (avoidance, mitigation, transfer, acceptance, or no risk exists).
    2. Assign each risk response action a residual likelihood level and a residual impact level.
      • This is the same step performed in Activity 2.2.6, when initial likelihood and impact levels were determined; however, now you are estimating the likelihood and impact of the risk event after the risk response action has been implemented successfully.
      • The Risk Register Tool will generate a residual risk severity level for each risk event.
    3. Identify the potential Risk Action Owner (Project Manager) if the response is selected and turned into an IT project, and document this in the Risk Register Tool.
    		 Document the following in the Risk Event Action Plan for each risk event:
      • Risk response actions
      • Residual likelihood and impact levels
      • Residual risk severity level
    • Review the following slides about the four types of risk response to help complete the activity.
      1. Avoidance
      2. Mitigation
      3. Transfer
      4. Acceptance

    Record the results in the Risk Event Action Plan.

    Take actions to avoid the risk entirely

    Risk Avoidance

    • Risk avoidance involves taking evasive maneuvers to avoid the risk event.
    • Risk avoidance targets risk likelihood, decreasing the likelihood of the risk event occurring.
    • Since risk avoidance measures are fairly drastic, the likelihood is often reduced to negligible levels.
    • However, risk avoidance response actions often sacrifice potential benefits to eliminate the possibility of the risk entirely.
    • Typically, risk avoidance measures should only be taken for risk events with extremely high severity and when the severity (expected cost) of the risk event exceeds the cost (benefits sacrificed) of avoiding the risk.

    Example

    Risk event: Information security vulnerability from third-party cloud services provider.

    • Risk avoidance action: Store all data in-house.
    • Benefits sacrificed: Cost savings, storage flexibility, etc.
    		 Stock photo of a person hikiing along a damp, foggy, valley path.

    Pursue projects that reduce the likelihood or impact of the risk event

    Risk Mitigation

    • Risk mitigation actions are risk responses that reduce the likelihood and impact of the risk event.
    • Risk mitigation actions can be to either implement new controls or enhance existing ones.
    Example 1

    Most risk responses will reduce both the likelihood of the risk event occurring and its potential impact.

    Example

    Mitigation: Purchase and implement enterprise mobility management (EMM) software with remote wipe capability.

    • EMM reduces the likelihood that sensitive data is accessed by a nefarious actor.
    • The remote-wipe capability reduces the impact by closing the window that sensitive data can be accessed from.
    		 Example 2

    However, some risk responses will have a greater effect on decreasing the likelihood of a risk event with little effect on decreasing impact.

    Example

    Mitigation: Create policies that restrict which personnel can access sensitive data on mobile devices.

    • This mitigation decreases the number of corporate phones that have access to (or are storing) sensitive data, thereby decreasing the likelihood that a device is compromised.
    		 Example 3

    Others will reduce the potential impact without decreasing its likelihood of occurring.

    Example

    Mitigation: Use robust encryption for all sensitive data.

    • Corporate-issued mobile phones are just as likely to fall into the hands of nefarious actors, but the financial impact they can inflict on the organization is greatly reduced.

    Pursue projects that reduce the likelihood or impact of the risk event (continued)

    Use the following IT functions to guide your selection of risk mitigation actions:

    Process Improvement

    Key processes that would most directly improve the risk profile:

    • Change Management
    • Project Management
    • Vendor Management
    		 Infrastructure Management
    • Disaster Recovery Plan/Business Continuity Plan
    • Redundancy and Resilience
    • Preventative Maintenance
    • Physical Environment Security
    Personnel
    • Greater staff depth in key areas
    • Increased discipline around documentation
    • Knowledge Management
    • Training
    		 Rationalization and Simplification

    This is a foundational activity, as complexity is a major source of risk:

    • Application Rationalization – reducing the number of applications
    • Data Management – reducing the volume and locations of data

    Transfer risks to a third party

    Risk transfer: the exchange of uncertain future costs for fixed present costs.

    Insurance

    The most common form of risk transfer is the purchase of insurance.

    • The uncertain future cost of an IT risk event can be transferred to an insurance company who assumes the risk in exchange for insurance premiums.
    • The most common form of IT-relevant insurance is cyberinsurance.

    Not all risks can be insured. Insurable risks typically possess the following five characteristics:

    1. The loss must be accidental (the risk event cannot be insured if it could have been avoided by taking reasonable actions).
    2. The insured cannot profit from the occurrence of the risk event.
    3. The loss must be able to be measured in monetary terms.
    4. The organization must have an insurable interest (it must be the party that incurs the loss).
    5. An insurance company must offer insurance against that risk.
    		 Other Forms of Risk Transfer

    Other forms of risk transfer include:

    • Self-insurance
      • Appropriate funds can be set aside in advance to address the financial impact of a risk event should it occur.
    • Warranties
    • Contractual transfer
      • The financial impact of a risk event can be transferred to a third party through clauses agreed to in a contract.
      • For example, a vendor can be contractually obligated to assume all costs resulting from failing to secure the organization’s data.

      • Example email addressing fields of an IT Risk Transfer to an insurance company.

    Accept risks that fall below established thresholds

    Risk Acceptance

    Accepting a risk means tolerating the expected cost of a risk event. It is a conscious and deliberate decision to retain the threat.

    You may choose to accept a risk event for one of the following three reasons:

    1. The risk severity (expected cost) of the risk event falls below acceptability thresholds and does not justify an investment in a risk avoidance, mitigation, or transfer measure.
    2. The risk severity (expected cost) exceeds acceptability thresholds but all effective risk avoidance, mitigation, and transfer measures are ineffective or prohibitively expensive.
    3. The risk severity (expected cost) exceeds acceptability thresholds but there are no feasible risk avoidance, mitigation, and transfer measures to be implemented.

    Info-Tech Insight

    Constant monitoring and the assignment of responsibility and accountability for accepted risk events is crucial for effective management of these risks. No IT risk should be accepted without detailed documentation outlining the reasoning behind that decision and evidence of approval by senior management.

    3.1.4 Risk response cost-benefit analysis (optional)

    The purpose of a cost-benefit analysis (CBA) is to guide financial decision making.

    This helps IT make risk-conscious investment decisions that fall within the IT budget and helps the organization make sound budgetary decisions for risk response projects that cannot be addressed by IT’s existing budget.

    Instructions:
    1. Reopen the Risk Costing Tool. For each risk that you conducted an expected cost assessment in section 2.2 for, find the Excel sheet that corresponds to the risk number (e.g. R001).
    2. Identify between one and four risk response options for the risk event and document them in the Risk Costing Tool.
      • The “Risk Response 1” field will be automatically populated with expected cost data for a scenario where no action was taken (risk acceptance). This will serve as a baseline for comparing alternative responses.
      • For the following steps, go through the risk responses one by one.
    3. Estimate the first-year cost for the risk response.
      • This cost should reflect initial capital expenditures and first-year operating expenditures.
    		 Screenshot of the Risk Response cost-benefit-analysis from the Risk Costing Tool with 'Capital Expenditures' and 'Operating Expenditures' highlighted.

    Record the results in the Risk Costing Tool.

    3.1.4 Risk response cost-benefit analysis (continued)

    The purpose of a cost-benefit analysis (CBA) is to guide financial decision making.

    Instructions:

    1. Estimate residual risk likelihood and financial impact for Year 1 with the risk response in place.
      • Rather than estimating the likelihood level (low, medium, high), determine a precise likelihood value of the risk event occurring once the response has been implemented.
      • Estimate the dollar value of financial impacts if the risk event were to occur with the risk response in place.
        • Screenshot of the Risk Response cost-benefit-analysis from the Risk Costing Tool with figured for 'Financial Impact' and 'Probability' highlighted. The tool will calculate the expected residual cost of the risk event: (Financial Impact x Likelihood) - Costs = Expected Residual Cost
    2. Select the highest value risk response and document it in the Risk Register Tool.
    3. Document your analysis and recommendations in the Risk Event Action Plan.

    Note: See Activity 3.1.5 to build multi-year cost projections for risk responses.

    3.1.5 Create multi-year cost projections (optional)

    Select between risk response options by projecting their costs and benefits over multiple years.

    • It can be difficult to choose between risk response options that require different payment schedules. A risk response project with costs spread out over more than one year (e.g. incremental upgrades to an IT system) may be more advantageous than a project with costs concentrated up front that may cost less in the long run (e.g. replacing the system).
    • However, the impact that risk response projects have on reducing risk severity is not necessarily static. For example, an expensive project like replacing a system may drastically reduce the risk severity of a system failure. Whereas, incremental system upgrades may only marginally reduce risk severity in the short term but reach similar levels as a full system replacement in a few years.
    Instructions:

    Calculate expected cost for multiple years using the Risk Costing Tool for:

    • Risk events that are subject to change in severity over time.
    • Risk responses that reduce the severity of the risk gradually.
    • Risk responses that cannot be implemented immediately.

    Copy and paste the graphs into the Risk Report and the Risk Event Action Plan for the risk event.

    		Sample charts on the cost of risk responses from the Risk Costing Tool.

    Record the results in the Risk Costing Tool.

    Step 3.2

    Report IT Risk Priorities

    Activities
    • 3.2.1 Obtain executive approval for risk action plans
    • 3.2.2 Socialize the Risk Report
    • 3.2.3 Transfer ownership of risk responses to project managers
    • 3.2.4 Finalize the Risk Management Program Manual

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team

    Outcomes of this step

    • Obtained approval for risk action plans
    • Communicated IT’s risk recommendations to senior leadership
    • Embedded risk management into day-to-day IT operations

    Monitor, Respond, and Report on IT Risk

    Step 3.1 Step 3.2

    Effectively deliver IT risk expertise to the business

    Communicate IT risk management in two directions:

    1. Up to senior leadership (and ERM if applicable)
    2. Down to IT employees (embedding risk awareness)

      3. Visualization of communicating Up to 'Senior Leadership' and Down to 'IT Personnel'.

    		 Create a strong paper trail and obtain sign-off for the ITRC’s recommendations.

    Now that you have collected all of the necessary raw data, you must communicate your insights and recommendations effectively.

    A fundamental task of risk management is communicating risk information to senior management. It is your responsibility to enable them to make informed risk decisions. This can be considered upward communication.

    The two primary goals of upward communication are:

    1. Transferring accountability for high-priority IT risks to the ERM or to senior leadership.
    2. Obtaining funds for risk response projects recommended by the ITRC.

    Good risk management also has a trickle-down effect impacting all of IT. This can be considered downward communication.

    The two primary goals of downward communication are:

    1. Fostering a risk-aware IT culture.
    2. Ensuring that the IT risk management program maintains momentum and runs effectively.

    3.2.1 Obtain executive approval for risk action plans

    Best Practices and Key Benefits

    Best practice is for all acceptable risks to also be signed-off by senior leadership. However, for ITRCs that brainstorm 100+ risks, this may not be possible. If this is the case, prioritize accepted risks that were assessed to be closest to the organization’s thresholds.

    By receiving a stamp of approval for each key risk from senior management, you ensure that:

    1. The organization is aware of important IT risks that may impact business objectives.
    2. The organization supports the risk assessment conducted by the ITRC.
    3. The organization supports the plan of action and monitoring responsibilities proposed by the ITRC.
    4. If a risk event were to occur, the organization holds ultimate accountability.
    		 Sample of the Risk Event Action Plan template.

    Task:
    All IT risks that were flagged for exceeding the organization’s severity thresholds must obtain sign-off by the CIO or another member of the senior leadership team.

    • In the assessment phase, you evaluated risks using severity thresholds approved by the business and determined whether or not they justified a risk response.
    • Whether your recommendation was to accept the risk or to analyze possible risk responses, the business should be made aware of most IT risks.

    3.2.2 Socialize the risk report

    Create a succinct, impactful document that summarizes the outcomes of risk assessment and highlights the IT risk council’s top recommendations to the senior leadership team.

    The Risk Report contains:
    • An executive summary page highlighting the main takeaways for senior management:
      • A short summary of results from the most recent risk assessment
      • Dashboard
      • A list of top 10 risks ordered from most severe to least
    • Subsequent individual risk analyses (1 to 10)
      • Detailed risk assessment data
      • Risk responses
      • Risk response analysis
      • Multi-year cost projection (see the following slide)
      • Dashboard
      • Recommendations
    		 Sample of the Risk Report template.

    Risk Report

    Pursue projects that reduce the likelihood or impact of the risk event

    Encourage risk awareness to extend the benefits of risk management to every aspect of IT.

    Benefits of risk awareness:

    • More preventative and proactive approaches to IT projects are discussed and considered.
    • Changes to the IT threat landscape are more likely to be detected, communicated, and acted upon.
    • IT possesses a realistic perception of its ability to perform functions and provide services.
    • Contingency plans are put in place to hedge against risk events.
    • Fewer IT risks go unidentified.
    • CIOs and business executives make better risk decisions.

    Consequences of low risk awareness:

    • False confidence about the number of IT risks impacting the organization and their severity.
    • Risk-relevant information is not communicated to the ITRC, which may result in inaccurate risk assessments.
    • Confusion surrounding whose responsibility it is to consider how risk impacts IT decision making.
    • Uncertainty and panic when unanticipated risks impact the IT department and the organization.

    Embedding risk management in the IT department is a full-time job

    Take concrete steps to increase risk-aware decision making in IT.

    The IT risk council plays an instrumental role in fostering a culture of risk awareness throughout the IT department. In addition to periodic risk assessments, fulfilling reporting requirements, and undertaking ongoing monitoring responsibilities, members of the ITRC can take a number of actions to encourage other IT employees to adopt a risk-focused approach, particularly at the project planning stage.

    Embed risk management in project planning

    Make time for discussing project risks at every project kick-off.
    • A main benefit of including senior personnel from across IT in the ITRC is that they are able to disseminate the IT risk council’s findings to their respective practices.
    • At project kick-off meetings, schedule time to identify and assess project-specific risks.
    • Encourage the project team to identify strategies to reduce the likelihood and impact of those risks and document these in the project charter.
    • Lead by example by being clear and open about what constitutes acceptable and unacceptable risks.

    Embed risk management with employee

    Train IT staff on the ITRC’s planned responses to specific risk events.
    • If a response to a particular risk event is not to implement a project but rather to institute new policies or procedures, ensure that changes are communicated to employees and that they receive training.
    Provide risk management education opportunities.
    • Remember that a more risk-aware IT employee provides more value to the organization.
    • Invest in your employees by encouraging them to pursue education opportunities like receiving risk management accreditation or providing them with educational experiences such as workshops, seminars, and eLearning.

    Embedding risk management in the IT department is a full-time job (continued)

    Encourage risk awareness by adjusting performance metrics and job titles.

    Performance metrics:

    Depending on the size of your IT department and the amount of resources dedicated to ongoing risk management, you may consider embedding risk management responsibilities into the performance assessments of certain ITRC members or other IT personnel.

    • Personalize the risk management program metrics you have documented in your Risk Management Program Manual.
    • Evidence that KPIs are monitored and frequently reported is also a good indicator that risk owners are fulfilling their risk management responsibilities.

      • Info-Tech Insight

      If risk management responsibilities are not built into performance assessments, it is less likely that they will invest time and energy into these tasks. Adding risk management metrics to performance assessments directly links good job performance with good risk management, making it more likely that ITRC activities and initiatives gain traction throughout the IT department.

    Job descriptions:

    Changing job titles to reflect the focus of an individual’s role on managing IT risk may be a good way to distinguish personnel tasked with developing KRIs and monitoring risks on a week-to-week basis.

    • Some examples include IT Risk Officer, IT Risk Manager, and IT Risk Analyst.

    3.2.3 Transfer ownership of risk responses to project managers

    Once risk responses have obtained approval and funding, it is time to transform them into fully-fledged projects.

    Image of a hand giving a key to another hand and a circle split into quadrants of Governance with 'Governance of Risks' being put into 'Governance of Projects'.

    3.2.4 Finalize the Risk Management Program Manual

    Go back through the Risk Management Program Manual and ensure that the material will accurately reflect your approach to risk management going forward.

    Remember, the program manual is a living document that should be evolving alongside your risk management program, reflecting best practices, knowledge, and experiences accrued from your own assessments and experienced risk events.

    The best way to ensure that the program manual continues to guide and document your risk management program is to make it the focal point of every ITRC meeting and ensure that one participant is tasked with making necessary adjustments and additions.

    Sample of the Risk Management Program Manual. Risk Management Program Manual

    “Upon completing the Info-Tech workshop, the deliverables that we were left with were really outstanding. We put together a 3-year project plan from a high level, outlining projects that will touch upon our high risk areas.” (Director of Security & Risk, Water Management Company)

    Don’t allow your risk management program to flatline

    54% of small businesses haven’t implemented controls to respond to the threat of cyber attacks (Source: Insurance Bureau of Canada, 2021)

    Don’t be lulled into a false sense of security. It might be your greatest risk.

    So you’ve identified the most important IT risks and implemented projects to protect IT and the business.

    Unfortunately, your risk assessment is already outdated.

    Perform regular health checks to keep your finger on the pulse of the key risks threatening the business and your reputation.

    To continue the momentum of your newly forged IT risk management program, read Info-Tech’s research on conducting periodic risk assessments and “health checks”:

    Revive Your Risk Management Program With a Regular Health Check

    • Complete Info-Tech’s Risk Management Health Check to seize the momentum you created by building a robust IT risk management program and create a process for conducting periodic health checks and embedding ongoing risk management into every aspect of IT.
    • Our focus is on using data to make IT risk assessment less like an art and more like a science. Ongoing data-driven risk management is self-improving and grounded in historical data.

    Appendix I: Familiarize yourself with key risk terminology

    Review important risk management terms and definitions.

    Risk

    		An uncertain event or set of events which, should it occur, will have an effect on the achievement of objectives. A risk consists of a combination of the likelihood of a perceived threat or opportunity occurring and the magnitude of its impact on objectives (Office of Government Commerce, 2007).

    Threat

    		An event that can create a negative outcome (e.g. hostile cyber/physical attacks, human errors).

    Vulnerability

    		A weakness that can be taken advantage of in a system (e.g. weakness in hardware, software, business processes).

    Risk Management

    		The systematic application of principles, approaches, and processes to the tasks of identifying and assessing risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision making (Office of Government Commerce, 2007).

    Risk Category

    		Distinct from a risk event, a category is an abstract profile of risk. It represents a common group of risks. For example, you can group certain types of risks under the risk category of IT Operations Risks.

    Risk Event

    		A specific occurrence of an event that falls under a particular risk category. For example, a phishing attack is a risk event that falls under the risk category of IT Security Risks.

    Risk Appetite

    		An organization’s attitude towards risk taking, which determines the amount of risk that it considers acceptable. Risk appetite also refers to an organization’s willingness to take on certain levels of exposure to risk, which is influenced by the organization’s capacity to financially bear risk.

    Enterprise Risk Management

    		(ERM) – A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of organizational risks and managing the combined impact of those risks as an interrelated risk portfolio (RIMS, 2015).

    Appendix II: Likelihood vs. Frequency

    Why we measure likelihood, not frequency:

    The basic formula of Likelihood x Impact = Severity is a common methodology used across risk management frameworks. However, some frameworks measure likelihood using Frequency rather than Likelihood.

    Frequency is typically measured as the number of instances an event occurs over a given period of time (e.g. once per month).

    • For risk assessment, historical data regarding the frequency of a risk event is commonly used to indicate the likelihood that the event will happen in the future.

    Likelihood is a numerical representation of the “degree of belief” that the risk event will occur in a given future timeframe (e.g. 25% likelihood that the event will occur within the next year).

    False Objectivity

    While some may argue that frequency provides an objective measurement of likelihood, it is well understood in the field of likelihood theory that historical data regarding the frequency of a risk event may have little bearing over the likelihood of that event happening in the future. Frequency is often an indication of future likelihood but should not be considered an objective measurement of it.

    Likelihood scales that use frequency underestimate the magnitude of risks that lack historical precedent. For example, an IT department that has never experienced a high-impact data breach would adopt a very low likelihood score using the frequentist approach. However, if all of the organization’s major competitors have suffered a major breach within the last two years, they ought to possess a much higher degree of belief that the risk event will occur within the next year.

    Likelihood is a more comprehensive measurement of future likelihood, as frequency can be used to inform the selection of a likelihood value. The process of selecting intersubjective likelihood values will naturally internalize historical data such as the frequency that the event occurred in the past. Further, the frequency that the event is expected to occur in the future can be captured by the expected impact value. For example, a risk event that has an expected impact per occurrence of $10,000 that is expected to occur three times over the next year has an expected impact of $30,000.

    Appendix III: Should max impacts sway decision making?

    Don’t just fixate on the most likely impact – be aware of high-impact outcomes.

    During assessment, risks are evaluated according to their most likely financial impact.

    • For example, a service outage will likely last for two hours and may have an expected cost of $14,000.

    Naturally, focusing on the most likely financial impact will exclude higher impacts that – while theoretically possible – are so unlikely that they do not warrant any real consideration.

    • For example, it is possible that a service outage could last for days; however, the likelihood for such an event may be well below 1%.

    While the risk severity level assessment allows you to present impacts as a range of values (e.g. $50,000 to $75,000), the expected cost assessment requires you to select specific values.

    • However, this analysis may fail to consider much higher potential impacts that have non-negligible likelihood values (likelihood values that you cannot ignore).
    • What you consider “non-negligible” will depend on your organizational risk tolerance/appetite.

    Sometimes called Black Swan events or Fat-Tailed outcomes, high-impact events may occur when the far right of the likelihood distribution – or the “tail” – is thicker than a normal distribution (see fig. 2).

    • A good example is a data breach. While small to medium impacts are far more likely to occur than a devastating intrusion, the high-impact scenario cannot be ignored completely.

    For risk events that contain non-negligible likelihoods (too high to be ignored) consider elevating the risk severity level or expected cost.

    		 Figure 1 is a graph presenting a 'Normal Likelihood Distribution', the axes being 'Likelihood' and 'Financial Impact'.
    Figure 2 is a graph presenting a 'Fat-Tailed Likelihood Distribution' with a point at the top of the parabola labelled 'Most Likely Impact' but with a much wider bottom labelled 'Fat-Tailed Outcomes', the axes being 'Likelihood' and 'Financial Impact'.

    Leverage Info-Tech’s research on security and compliance risk to identify additional risk events

    Title card of the Info-tech blueprint 'Take Control of Compliance Improvement to Conquer Every Audit' with subtitle 'Don't gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.


    Take Control of Compliance Improvement to Conquer Every Audit

    Info-Tech Insight

    Don’t gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.

    Take an agile approach to analyze your gaps and prioritize your remediations. You don’t always have to be fully compliant as long as your organization understands and can live with the consequences.

    Stock photo of a woman sitting at a computer surrounded by rows of computers.


    Develop and Implement a Security Risk Management Program

    Info-Tech Insight

    Security risk management equals cost effectiveness.

    Time spent upfront identifying and prioritizing risks can mean the difference between spending too much and staying on budget.

    Research Contributors and Experts

    Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Christine Coz
    Executive Counsellor
    Info-Tech Research Group

    Milena Litoiu
    Principal Research Director
    Info-Tech Research Group

    Scott Magerfleisch
    Executive Advisor
    Info-Tech Research Group

    Aadil Nanji
    Research Director
    Info-Tech Research Group

    Andy Neill
    Associate Vice-President of Research
    Info-Tech Research Group

    Daisha Pennie
    IT Risk Management
    Oklahoma State University

    Ken Piddington
    CIO and Executive Advisor
    MRE Consulting

    Frank Sewell
    Research Director
    Info-Tech Research Group

    Andrew Sharpe
    Research Director
    Info-Tech Research Group

    Chris Warner
    Consulting Director- Security
    Info-Tech Research Group

    Sterling Bjorndahl
    Director of IT Operations
    eHealth Saskatchewan

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst
    Info-Tech Research Group

    Tamara Dwarika
    Internal Auditor
    A leading North American Utility

    Anne Leroux
    Director
    ES Computer Training

    Ian Mulholland
    Research Director
    Info-Tech Research Group

    Michel Fossé
    Consulting Services Manager
    IBM Canada (LGS)

    Petar Hristov
    Research Director
    Info-Tech Research Group

    Steve Woodward
    Research Director
    CEO, Cloud Perspectives

    *Plus 10 additional interviewees who wish to remain anonymous.

    Bibliography

    “2021 State of the CIO.” IDG, 28 January 2021. Web.

    “4 Reasons Why CIOs Lose Their Jobs.” Silverton Consulting, 2012. Web.

    Beasley, Mark, Bruce Branson, and Bonnie Hancock. “The State of Risk Oversight,” AICPA, April 2021. Web.

    COBIT 2019. ISACA, 2019. Web.

    “Cognyte jeopardized its database exposing 5 billion records, including earlier data breaches.” SecureBlink, 21 June 2021. Web.

    Culp, Steve. “Accenture 2019 Global Risk Management Study, Financial Services Report.” Accenture, 2019. Web.

    Curtis, Patchin, and Mark Carey. “Risk Assessment in Practice.” COSO Committee of Sponsoring Organizations of the Treadway Commission, Deloitte & Touche LLP, 2012. Web.

    “Cyber Risk Management.” Insurance Bureau of Canada (IBC), 2022. Web.

    Eccles, Robert G., Scott C. Newquist, and Roland Schatz. “Reputation and Its Risks.” Harvard Business Review, February 2007. Web.

    Eden, C. and F. Ackermann. Making Strategy: The Journey of Strategic Management. Sage Publications, 1998.

    “Enterprise Risk Management Maturity Model.” OECD, 9 February 2021. Web.

    Ganguly, Saptarshi, Holger Harreis, Ben Margolis, and Kayvaun Rowshankish. “Digital Risks: Transforming risk management for the 2020s.” McKinsey & Company, 10 February 2017. Web.

    “Governance Institute of Australia Risk Management Survey 2020.” Governance Institute of Australia, 2020. Web.

    “Guidance on Enterprise Risk Management.” COSO, 2022. Web.

    Henriquez, Maria. “The Top 10 Data Breaches of 2021” Security Magazine, 9 December 2021. Web.

    Holmes, Aaron. “533 million Facebook users’ phone numbers and personal data have been leaked online.” Business Insider, 3 April 2021. Web.

    Bibliography

    “Integrated Risk and Compliance Management for Banks and Financial Services Organizations: Benefits of a Holistic Approach.” MetricStream, 2022. Web.

    “ISACA’s Risk IT Framework Offers a Structured Methodology for Enterprises to Manage Information and Technology Risk.” ISACA, 25 June 2020. Web.

    ISO 31000 Risk Management. ISO, 2018. Web.

    Lawton, George. “10 Enterprise Risk Management Trends in 2022.” TechTarget, 2 February 2022. Web.

    Levenson, Michael. “MGM Resorts Says Data Breach Exposed Some Guests’ Personal Information.” The New York Times, 19 February 2020. Web.

    Management of Risk (M_o_R): Guidance for Practitioners. Office of Government Commerce, 2007. Web.

    “Many small businesses vulnerable to cyber attacks.” Insurance Bureau of Canada (IBC), 5 October 2021.

    Maxwell, Phil. “Why risk-informed decision-making matters.” EY, 3 December 2019. Web.

    “Measuring and Mitigating Reputational Risk.” Marsh, September 2014. Web.

    Natarajan, Aarthi. “The Top 6 Business Risks you should Prepare for in 2022.” Diligent, 22 December 2021. Web.

    “Operational Risk Management Excellence – Get to Strong Survey: Executive Report.” KMPG and RMA, 2014. Web.

    “Third-party risk is becoming a first priority challenge.” Deloitte, 2022. Web.

    Thomas, Adam, and Dan Kinsella. “Extended Enterprise Risk Management Survey, 2020.” Deloitte, 2021. Web.

    Treasury Board Secretariat. “Guide to Integrated Risk Management.” Government of Canada, 12 May 2016. Web.

    Webb, Rebecca. “6 Reasons Data is Key for Risk Management.” ClearRisk, 13 January 2021. Web.

    “What is Enterprise Risk Management (ERM)?” RIMS, 2015. Web.

    Wiggins, Perry. “Do you spend enough time assessing strategic risks?” CFO, 26 January 2022. Web.

    Maximize Your American Rescue Plan Funding

    • Buy Link or Shortcode: {j2store}74|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $661,499 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Will funding from COVID-19 stimulus opportunities mean more human and financial resources for IT?
    • Are there governance processes in place to successfully execute large projects?
    • What does a large, one-time influx of capital mean for keeping-the-lights-on budgets?
    • How will ARP funding impact your internal resourcing?
    • How can you ensure that IT is not left behind or an afterthought?

    Our Advice

    Critical Insight

    • Seek a one-to-many relationship between IT solutions and business problems. Use the central and overarching nature of IT to identify one solution to multiple business problems that span multiple programs, departments, and agencies.
    • Lack of specific guidance should not be a roadblock to starting. Be proactive by initiating the planning process so that you are ready to act as soon as details are clear.
    • IT involvement is the lynchpin for success. The pandemic has made this theme self-evident, and it needs to stay that way.
    • The fact that this funding is called COVID-19 relief might make you think you should only use it for recovery, but actually it should be viewed as an opportunity to help the organization thrive post-pandemic.

    Impact and Result

    • Shift IT’s role from service provider to innovator. Take ARP funding as a once-in-a-lifetime opportunity to create future enterprise capabilities by thinking big to consider IT innovation that can transform the business and its initiatives for the post-pandemic world.
    • Whether your organization is eligible for a direct or an indirect transfer, be sure you understand the requirements to apply for funding internally through a business case or externally through a grant application.
    • Gain the skills to execute the project with confidence by developing a comprehensive statement of work and managing your projects and vendor relationships effectively.

    Maximize Your American Rescue Plan Funding Research & Tools

    Use our research to help maximize ARP funding.

    Follow Info-Tech's approach to think big, align with the business, analyze budget and staffing, execute with confidence, and ensure compliance and reporting.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    [infographic]

    Workshop: Maximize Your American Rescue Plan Funding

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Think Big

    The Purpose

    Push the boundaries of conventional thinking and consider IT innovations that truly transform the business.

    Key Benefits Achieved

    A list of innovative IT opportunities that your IT department can use to transform the business

    Activities

    1.1 Discuss the objectives of ARP and what they mean to IT departments.

    1.2 Identify drivers for change.

    1.3 Review IT strategy.

    1.4 Augment your IT opportunities list.

    Outputs

    Revised IT vision

    List of innovative IT opportunities that can transform the business

    2 Align With the Business

    The Purpose

    Partner with the business to reprioritize projects and initiatives for the post-pandemic world.

    Key Benefits Achieved

    Assessment of the organization’s new and existing IT opportunities and alignment with business objectives

    Activities

    2.1 Assess alignment of current and new IT initiatives with business objectives.

    2.2 Review and update prioritization criteria for IT projects.

    Outputs

    Preliminary list of IT initiatives

    Revised project prioritization criteria

    3 Analyze IT Budget and Staffing

    The Purpose

    Identify IT budget deficits resulting from pandemic response and discover opportunities to support innovation through new staff and training.

    Key Benefits Achieved

    Prioritized shortlist of business-aligned IT initiative and projects

    Activities

    3.1 Classify initiatives into project categories using ROM estimates.

    3.2 Identify IT budget needs for projects and ongoing services.

    3.3 Identify needs for new staff and skills training.

    3.4 Determine business benefits of proposed projects.

    3.5 Prioritize your organization’s projects.

    Outputs

    Prioritized shortlist of business-aligned IT initiatives and projects

    4 Plan Next Steps

    The Purpose

    Tie IT expenditures to direct transfers or link them to ARP grant opportunities.

    Key Benefits Achieved

    Action plan to obtain ARP funding

    Activities

    4.1 Tie projects to direct transfers, where applicable.

    4.2 Align list of projects to indirect ARP grant opportunities.

    4.3 Develop an action plan to obtain ARP funding.

    4.4 Discuss required approach to project governance.

    Outputs

    Action plan to obtain ARP funding

    Project governance gaps

    Select and Implement a Social Media Management Platform

    • Buy Link or Shortcode: {j2store}554|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • The proliferation of social media networks, customer data, and use cases has made ad hoc social media management challenging.
    • Many organizations struggle with shadow IT when it comes to technology enablement for social media; SMMP fragmentation leads to increased costs and no uniformity in enterprise social media management capabilities.

    Our Advice

    Critical Insight

    • SMMP selection must be driven by your overall customer experience management strategy; link your SMMP selection to your organization’s CXM framework.
    • Shadow IT will dominate if IT does not step in. Even more so than other areas, SMMP selection is rife with shadow IT.
    • Ensure strong points of integration between SMMP and other software such as CRM. SMMPs can contribute to a unified, 360-degree customer view.

    Impact and Result

    • The value proposition of SMMPs revolves around enhancing the effectiveness and efficiency of social media. Using an SMMP to manage social media is considerably more cost effective than ad hoc (manual) management.
    • IT must partner with other departments (e.g. Marketing) to successfully evaluate, select, and implement an SMMP. Before selecting an SMMP, the organization must have a solid overall strategy for leveraging social media in place. If IT does not work as a trusted advisor to the business, shadow IT in social media management will be rampant.

    Select and Implement a Social Media Management Platform Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement an SMMP, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop a technology enablement approach

    Conduct a maturity assessment to determine whether a dedicated SMMP is right for your organization.

    • Select and Implement a Social Media Management Platform – Phase 1: Develop a Technology Enablement Approach for Social Media
    • Social Media Maturity Assessment Tool
    • Social Media Opportunity Assessment Tool
    • SMMP Use-Case Fit Assessment Tool

    2. Select an SMMP

    Use the Vendor Landscape findings and project guidance to develop requirements for your SMMP RFP, and evaluate and shortlist vendors based on your expressed requirements.

    • Select and Implement a Social Media Management Platform – Phase 2: Select an SMMP
    • SMMP Vendor Shortlist & Detailed Feature Analysis Tool
    • SMMP Vendor Demo Script
    • SMMP RFP Template
    • SMMP RFP Evaluation and Scoring Tool
    • Vendor Response Template

    3. Review implementation considerations

    Even a solution that is a perfect fit for an organization will fail to generate value if it is not properly implemented or measured. Conduct the necessary planning before implementing your SMMP.

    • Select and Implement a Social Media Management Platform – Phase 3: Review Implementation Considerations
    • Social Media Steering Committee Charter Template
    [infographic]

    Workshop: Select and Implement a Social Media Management Platform

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch Your SMMP Selection Project

    The Purpose

    Discuss the general project overview for the SMMP selection.

    Key Benefits Achieved

    Determine your organization’s readiness for SMMP.

    Activities

    1.1 Identify organizational fit for the technology.

    1.2 Evaluate social media opportunities within your organization.

    1.3 Determine the best use-case scenario for your organization.

    Outputs

    Organizational maturity assessment

    SMMP use-case fit assessment

    2 Plan Your Procurement and Implementation Process

    The Purpose

    Plan the procurement and implementation of the SMMP.

    Key Benefits Achieved

    Select an SMMP.

    Review implementation considerations.

    Activities

    2.1 Review use-case scenario results, identify use-case alignment

    2.2 Review the SMMP Vendor Landscape vendor profiles and performance.

    2.3 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.

    2.4 Meet with the project manager to discuss results and action items.

    Outputs

    Vendor shortlist

    SMMP RFP

    Vendor evaluations

    Selection of an SMMP

    Framework for SMMP deployment and integration

    Further reading

    Select and Implement a Social Media Management Platform

    Rein in social media by choosing a management platform that’s right for you.

    ANALYST PERSPECTIVE

    Enterprise use of social media for customer interaction has exploded. Select the right management platform to maximize the value of your social initiatives.

    Social media has rapidly become a ubiquitous channel for customer interaction. Organizations are using social media for use cases from targeted advertising, to sales prospecting, to proactive customer service. However, the growing footprint of social media initiatives – and the constant proliferation of new social networks – has created significant complexity in effectively capturing the value of social.

    Organizations that are serious about social manage this complexity by leveraging dedicated social media management platforms. These platforms provide comprehensive capabilities for managing multiple social media networks, creating engagement and response workflows, and providing robust social analytics. Selecting a best-fit SMMP allows for standardized, enterprise-wide capabilities for managing all aspects of social media.

    This report will help you define your requirements for social media management and select a vendor that is best fit for your needs, as well as review critical implementation considerations such as CRM integration and security.

    Ben Dickie
    Research Director, Enterprise Applications
    Info-Tech Research Group

    Executive summary

    Situation

    • Social media has reached maturity as a proven, effective channel for customer interaction across multiple use cases, from customer analytics to proactive customer service.
    • Organizations are looking to IT to provide leadership with social media technology enablement and integration with other enterprise systems.

    Complication

    • The proliferation of social media networks, customer data, and use cases has made ad hoc social media management challenging.
    • Many organizations struggle with shadow IT when it comes to technology enablement for social media; SMMP fragmentation leads to increased costs and no uniformity in enterprise social media management capabilities.

    Resolution

    • Social media management platforms (SMMPs) reduce complexity and increase the results of enterprise social media initiatives. SMMPs integrate with a variety of different social media services, including Facebook, Twitter, LinkedIn, and YouTube. The platforms offer a variety of tools for managing social media, including account management, in-band response and engagement, and social monitoring and analytics.
    • The value proposition of SMMPs revolves around enhancing the effectiveness and efficiency of social media. Using an SMMP to manage social media is considerably more cost effective than ad hoc (manual) management.
    • IT must partner with other departments (e.g. Marketing) to successfully evaluate, select, and implement an SMMP. Before selecting an SMMP, the organization must have a solid overall strategy for leveraging social media in place. If IT does not work as a trusted advisor to the business, shadow IT in social media management will be rampant.

    Info-Tech Insight

    1. SMMP selection must be driven by your overall customer experience management strategy: link your SMMP selection to your organization’s CXM framework.
    2. Shadow IT will dominate if IT does not step in: even more so than other areas, SMMP selection is rife with shadow IT.
    3. Ensure strong points of integration between SMMP and other software such as customer relationship management (CRM). SMMPs can contribute to a unified, 360-degree customer view.

    Framing the SMMP selection and implementation project

    This Research Is Designed For:
    • IT directors advising the business on how to improve the effectiveness and efficiency of social media campaigns through technology.
    • IT professionals involved in evaluating, selecting, and deploying an SMMP.
    • Business analysts tasked with collection and analysis of SMMP business requirements.
    		 This Research Will Help You:
    • Clearly link your business requirements to SMMP selection criteria.
    • Select an SMMP vendor that meets your organization’s needs across marketing, sales, and customer service use cases.
    • Adopt standard operating procedures for SMMP deployment that address issues such as platform security and CRM integration.
    This Research Will Also Assist:
    • Executive-level stakeholders in the following roles:
      • Vice-president of Sales, Marketing, or Customer Service.
      • Business unit managers tasked with ensuring strong end-user adoption of an SMMP.
    		 This Research Will Help Them
    • Understand what’s new in the SMMP market.
    • Evaluate SMMP vendors and products for your enterprise needs.
    • Determine which products are most appropriate for particular use cases and scenarios.

    Social media management platforms augment social capabilities within a broader customer experience ecosystem

    Customer Experience Management (CXM)

    'Customer Relationship Management Platform' surrounded by supporting capabilities, one of which is highlighted, 'Social Media Management Platform'.

    		 Social Media Management Platforms are one piece of the overall customer experience management ecosystem, alongside tools such as CRM platforms and adjacent point solutions for sales, marketing, and customer service. Review Info-Tech’s CXM blueprint to build a complete, end-to-end customer interaction solution portfolio that encompasses SMMP alongside other critical components. The CXM blueprint also allows you to develop strategic requirements for SMMP based on customer personas and external market analysis.

    SMMPs reduce complexity and increase the effectiveness of enterprise social media programs

    • SMMPs are solutions (typically cloud based) that offer a host of features for effectively monitoring the social cloud and managing your organization’s presence in the social cloud. SMMPs give businesses the tools they need to run social campaigns in a timely and cost-effective manner.
    • The typical SMMP integrates with two or more social media services (e.g. Facebook, Twitter) via the services’ API or a dedicated connector. SMMPs are not simply a revised “interface layer” for a single social media service. They provide layers for advanced management and analytics across multiple services.
    • The unique value of SMMPs comes from their ability to manage and track multiple social media services. Aggregating and managing data from multiple services gives businesses a much more holistic view of their organization’s social initiatives and reputation in the social cloud.
    		 Diagram with 'End Users (e.g. marketing managers)' at the top and social platforms like Facebook and Twitter at the bottom; in between them are 'SMMPs’: 'Account & Campaign Management', 'Social Engagement', and 'Social Monitoring/Analytics'.
    SMMPs mediate interactions between end users and the social cloud.

    Info-Tech Best Practice

    The increasing complexity of social media, coupled with the rising importance of social channels, has led to a market for formal management platforms. Organizations with an active presence in social media (i.e. multiple services or pages) should strongly consider selecting and deploying an SMMP.

    Failing to rein in social media initiatives leads to more work, uninformed decisions, and diminishing returns

    • The growth of social media services has made manually updating pages and feeds an ineffective and time-consuming process. The challenge is magnified when multiple brands, product lines, or geographic subsidiaries are involved.
      • Use the advanced account management features of an SMMP to reduce the amount of time spent updating social media services.
    • Engaging customers through social channels can be a delicate task – high volumes of social content can easily overwhelm marketing and service representatives, leading to missed selling opportunities and unacceptable service windows.
      • Use the in-band engagement capabilities of an SMMP to create an orderly queue for social interactions.
    • Consumer activity in the social cloud has been increasing exponentially. As the volume of content grows, separating the signal from the noise becomes increasingly difficult.
      • Use the advanced social analytics of an SMMP to ensure critical consumer insights are not overlooked.
    		 Ad Hoc Management vs. SMMPs:
    What’s the difference?

    Ad Hoc Social Media Management

    Social media initiatives are managed directly through the services themselves. For example, a marketing professional would log in to multiple corporate Twitter accounts to post the same content for a promotional campaign.

    Social Media Management Platform

    Social media initiatives are managed through a third-party software platform. For example, a marketing professional would update all social account simultaneously with just a couple clicks. SMMPs also provide cross-service social analytics – highly valuable for decision makers!

    Info-Tech Best Practice

    Effectively managing a social media campaign is not a straightforward exercise. If you have (or plan to have) a large social media footprint, now is the time to procure formal software tools for social media management. Continuing to manage social media in an ad hoc manner is sapping time and money.

    Review the critical success factors for SMMP across the project lifecycle, from planning to post-implementation

    Info-Tech Insight

    Executive management support is crucial. The number one overall critical success factor for an SMMP strategy is top management support. This emphasizes the importance of sales, service, and marketing and prudent corporate strategic alignment. A strategic objective in SMMP projects is to position top management as an enabler rather than a barrier.

    Planning Implementation Post-Implementation Overall
    1 Appropriate Selection Project Management Top Management Support Top Management Support
    2 Clear Project Goals Top Management Support Project Management Appropriate Selection
    3 Top Management Support Training Training Project Management
    4 Business Mission and Vision Effective Communication Effective Communication Training
    5 Project Management Supplier Supports Appropriate Selection Clear Project Goals

    (Source: Information Systems Frontiers)

    Dell uses a dedicated social media management platform to power a comprehensive social command center

    CASE STUDY
    Industry: High-Tech | Source: Dell
    With a truly global customer base, Dell gets about 22,000 mentions on the social web daily, and does not sit idly by. Having established a physical Social Media Command Center powered by Salesforce’s Social Studio, Dell was one of the companies that pioneered the command center concept for social response.

    The SMMP carries out the following activities:

    • Tracking mentions of Dell in the social cloud
    • Sentiment analysis
    • Connecting customers who need assistance with experts who can help them
    • Social media training
    • Maintenance of standards for social media interactions
    • Spreading best social media practices across the organization

    Today the company claims impressive results, including:

    • “Resolution rate” of 99% customer satisfaction
    • Boosting its customer reach with the same number of employees
    • One third of Dell’s former critics are now fans

    Logo for Dell.

    Tools:
    • Salesforce Social Studio
    • Three rows of monitors offering instant insights into customer sentiment, share of voice, and geography.
    Staff:
    • The center started with five people; today it is staffed by a team of 15 interacting with customers in 11 languages.
    • Dell values human interaction; the center is not running on autopilot, and any ambiguous activity is analyzed (and dealt with) manually on an individual basis.

    Follow Info-Tech’s methodology for selection and implementation of enterprise applications

    Prior to embarking on the vendor selection stage, ensure you have set the right building blocks and completed the necessary prerequisites.

    Diagram with 'Enterprise Applications' at the center surrounded by a cycle of 'conceptual', 'consensus', 'concrete', and 'continuous'. The outer circle has three categories with three actions each, 'Governance and Optimization: Process Optimization, Support/ Maintenance, Transition to Operations', 'Strategy and Alignment: Foundation, Assessment, Strategy/ Business Case', and 'Implementation: System Implementation, Business Process Management, Select and Implement'. Follow Info-Tech’s enterprise applications program that covers the application lifecycle from the strategy stage, through selection and implementation, and up to governance and optimization.

    The implementation and execution stage entails the following steps:

    1. Define the business case.
    2. Gather and analyze requirements.
    3. Build the RFP.
    4. Conduct detailed vendor evaluations.
    5. Finalize vendor selection.
    6. Review implementation considerations.

    Info-Tech Insight

    A critical preceding task to selecting a social media management platform is ensuring a strategy is in place for enterprise social media usage. Use our social media strategy blueprint to ensure the foundational elements are in place prior to proceeding with platform selection.

    Use this blueprint to support your SMMP selection and implementation

    Launch the SMMP Project and Collect Requirements — Phase 1

    Benefits — Use the project steps and activity instructions outlined in this blueprint to streamline your selection process and implementation planning. Save time and money, and improve the impact of your SMMP selection by leveraging Info-Tech’s research and project steps.

    Select Your SMMP Solution — Phase 2

    Use Info-Tech’s SMMP Vendor Landscape contained in Phase 2 of this project to support your vendor reviews and selection. Refer to the use-case performance results to identify vendors that align with the requirements and solution needs identified by your earlier project findings.

    Get Ready for Your SMMP Implementation — Phase 3

    Info-Tech Insight — Not everyone’s connection and integration needs are the same. Understand your own business’s integration environment and the unique technical and functional requirements that accompany them to create criteria and select a best-fit SMMP solution.

    Use Info-Tech’s use-case scenario approach to select a best-fit solution for your business needs

    Readiness

    Determine where you are right now and where your organization needs to go with a social media strategy.

    Three stages eventually leading to shapes in a house, 'Distributed Stage', 'Loosely Coupled Stage', and 'Command Center Stage'.    		 Use-Case Assessment

    Identify the best-fit use-case scenario to determine requirements that best align with your strategy.

    Three blocks labelled 'Social Listening & Analytics', 'Social Customer Care', and 'Social Publishing & Campaign Management'.    		 Selection

    Approach vendor selection through a use-case centric lens to balance the need for different social capabilities.

    Logos for vendors including Adobe, Hootsuite, CISION, and more.

    Info-Tech walks you through the following steps to help you to successfully select and implement your SMMP

    Steps of this blueprint represented by circles of varying colors and sizes, labelled by text of different sizes.

    Locate your starting point in the research based on the current stage of your project.

    Legend for the diagram above: lines represent Major Milestones, size of circles represent Low or High effort, size of text represents Average or Greater importance, and color of the circles represents the phase.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Select and Implement a Social Media Management Platform – project overview

    1. Develop a Technology Enablement Approach 2. Select an SMMP 3. Review Implementation Considerations
    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Determine if a dedicated SMMP is right for your organization

    • Social Media Maturity Assessment Tool
    • Social Media Opportunity Assessment Tool

    1.2 Use an SMMP to enable marketing, sales, and service use cases

    • SMMP Use-Case Fit Assessment Tool

    2.1 SMMP Vendor Landscape

    • CRM Suite Evaluation and RFP Scoring Tool

    2.2 Select your SMMP

    • SMMP Vendor Demo Script Template
    • SMMP RFP Template

    3.1 Establish best practices for SMMP implementation

    • Social Media Steering Committee

    3.2 Assess the measured value from the project

    Guided Implementations
    • Identify organizational fit for the technology.
    • Evaluate social media opportunities within your organization.
    • Evaluate which SMMP use-case scenario is best fit for your organization
    • Discuss the use-case fit assessment results and the Vendor Landscape.
    • Review contract.
    • Determine what is the right governance structure to overlook the SMMP implementation.
    • Identify the right deployment model for your organization.
    • Identify key performance indicators for business units using an SMMP.
    Associated Activity icon

    Onsite Workshop

    		 Module 1:
    Launch Your SMMP Selection Project    		 Module 2:
    Plan Your Procurement and Implementation Process
    Phase 1 Outcome:
    • Social Media Maturity Assessment
    • SMMP Use-Case Assessment
    		 Phase 2 Outcome:
    • Selection of an SMMP
    		 Phase 3 Outcome:
    • A plan for implementing the selected SMMP

    SMMP selection and implementation workshop overview

    Associated Activity icon Contact your account representative or email Workshops@InfoTech.com for more information.

    Day 1

    Preparation

    		 Day 2

    Workshop Day

    		 Day 3

    Workshop Day

    		 Day 4

    Workshop Day

    		 Day 5

    Working Session
    Workshop Preparation
    • Facilitator meets with the project manager and reviews the current project plans and IT landscape of the organization.
    • A review of scheduled meetings and engaged IT and business staff is performed.
    		 Morning Itinerary
    • Conduct activities from Develop a technology enablement approach for social media phase, including social media maturity and readiness assessment.
    • Conduct overview of the market landscape, trends, and vendors.
    Afternoon Itinerary
    • Interview business stakeholders.
    • Prioritize SMMP requirements.
    		 Morning Itinerary
    • Perform a use-case scenario assessment.
    Afternoon Itinerary
    • Review use-case scenario results; identify use-case alignment.
    • Review the SMMP Vendor Landscape vendor profiles and performance.
    		 Morning Itinerary
    • Continue review of SMMP Vendor Landscape results and use-case performance results.
    Afternoon Itinerary
    • Create a custom vendor shortlist.
    • Investigate additional vendors for exploration in the market.
    		 Workshop Debrief
    • Meet with project manager to discuss results and action items.
    • Wrap up outstanding items from workshop.
    (Post-Engagement): Procurement Support
    • The facilitator will support the project team to outline the RFP contents and evaluation framework.
    • Planning of vendor demo script. Input: solution requirements and use-case results.
    Example of a light blue slide. The light blue slides at the end of each section highlight the key activities and exercises that will be completed during the engagement with our analyst team.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.
    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members who will come onsite to facilitate a workshop for your organization.
    A small monochrome icon depicting a descending bar graph.

    This icon denotes a slide that pertains directly to the Info-Tech vendor profiles on marketing management technology. Use these slides to support and guide your evaluation of the MMS vendors included in the research.

    Select and Implement a Social Media Management Platform

    PHASE 1

    Develop a Technology Enablement Approach for Social Media

    Phase 1: Develop a technology enablement approach for social media

    Steps of this blueprint represented by circles of varying colors and sizes, labelled by text of different sizes. Only Phase 1 is highlighted.
    Estimated Timeline: 1-3 Months

    Info-Tech Insight

    Before an SMMP can be selected, the organization must have a strategy in place for enterprise social media. Implementing an SMMP before developing a social media strategy would be akin to buying a mattress without knowing the size of the bed frame.

    		Major Milestones Reached
    • Project launch
    • Completion of requirements gathering and documentation

    Key Activities Completed

    • Readiness assessment
    • Project plan / timeline
    • Stakeholder buy-in
    • Technical assessment
    • Functional assessment

    Outcomes from This Phase

    Social Media Maturity Assessment

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Develop a technology enablement approach for social media

    Proposed Time to Completion: 2 weeks
    Step 1.1: Determine if a dedicated SMMP is right for your organization Step 1.2: Use an SMMP to enable marketing, sales, and service use cases
    Start with an analyst kick-off call:
    • Assess your readiness for the SMMP project.
    • Evaluate social media opportunities within your organization.
    		 Review findings with analyst:
    • Discuss how an SMMP can assist with marketing, sales, and customer service.
    • Evaluate which SMMP use case scenario is best fit for your organization.
    Then complete these activities…
    • Assess your social media maturity.
    • Inventory social media networks to be supported by the SMMP.
    		 Then complete these activities…
    • Assess best-fit use-case scenario.
    • Build the metrics inventory.
    With these tools & templates:
    • Social Media Maturity Assessment Tool
    • Social Media Opportunity Assessment Tool
    		 With these tools & templates:
    • SMMP Use-Case Fit Assessment Tool
    Phase 1 Results & Insights:
    • Social Media Maturity Assessment
    • SMMP Use-Case Assessment

    Phase 1, Step 1: Determine if a dedicated SMMP is right for your organization

    1.1

    1.2
    Determine if a dedicated SMMP is right for your organization Use an SMMP to enable marketing, sales, and service use cases

    This step will walk you through the following activities:

    • Assess where your organization sits on the social media maturity curve.
    • Inventory the current social media networks that must be supported by the SMMP.
    • Go/no-go assessment on SMMP.

    This step involves the following participants:

    • Digital Marketing Executive
    • Digital Strategy Executive
    • Business stakeholders

    Outcomes of this step

    • Social media maturity assessment
    • Inventory of enterprise social media
    • SMMP Go/no-go decision

    Before selecting an SMMP, start with the fundamentals: build a comprehensive strategy for enterprise social media

    Why build a social media strategy?

    • Social media is neither a fad nor a phenomenon; it is simply another tool in the business process. Social channels do not necessitate a radical departure from the organization’s existing customer interaction strategy. Rather, social media should be added to your channel mix and integrated within the existing CRM strategy.
    • Social media allows organizations to form direct and indirect connections through the Friend-of-a-Friend (FOAF) model, which increases the credibility of the information in the eyes of the consumer.
    • Social media enables organizations to share, connect, and engage consumers in an environment where they are comfortable. Having a social media presence is rapidly becoming a pre-requisite for successful business-to-consumer enterprises.

    Important considerations for an enterprise social media strategy:

    • Determine how social media will complement existing customer interaction goals.
    • Assess which social media opportunities exist for your organization.
    • Consider the specific goals you want to achieve using social channels and pick your services accordingly.
    • Not all social media services (e.g. Facebook, Twitter, LinkedIn) are equal. Consider which services will be most effective for goal achievement.
    For more information on developing a strategy for enterprise social media, please refer to Info-Tech’s research on Social Media.

    Implement a social media strategy by determining where you are right now and where your organization needs to go

    Organizations pass through three main stages of social media maturity: distributed, loosely coupled, and command center. As you move along the maturity scale, the business significance of the social media program increases. Refer to Info-Tech’s Implement a Social Media Program for guidance on how to execute an ongoing social media program.
    The y-axis 'Business Significance'.

    Distributed Stage

    Shapes labelled 'Sales', 'Customer Service', and 'Marketing'.

    • Open-source or low-cost solutions are implemented informally by individual depts. for specific projects.
    • Solutions are deployed to fulfill a particular function without an organizational vision. The danger of this stage is lack of consistent customer experience and wasted resources.

    Loosely Coupled Stage

    Same shapes with the addition of 'PR' and surrounded by a dotted-line house.

    • More point solutions are implemented across the organization. There is a formal cross-departmental effort to integrate some point solutions.
    • Risks include failing to put together an effective steering committee and not including IT in the decision-making process.

    Command Center Stage

    Same shapes with a solid line house.

    • There’s enterprise-level steering committee with representation from all areas: execution of social programs is handled by a fully resourced physical (or virtual) center.
    • Risks include improper resource allocation and lack of end-user training.
    The x-axis 'Maturity Stages'.
    Optimal stages for SMMP purchase

    Assess where your organization sits on the social media maturity curve

    Associated Activity icon 1.1.1 30 Minutes

    INPUT: Social media initiatives, Current status

    OUTPUT: Current State Maturity Assessment

    MATERIALS: Whiteboard, Markers, Sticky notes

    PARTICIPANTS: Digital Strategy Executive, Business stakeholders

    Before you can move to an objective assessment of your social media program’s maturity, take an inventory of your current efforts across different departments (e.g. Marketing, PR, Sales, and Customer Service). Document the results in the Social Media Maturity Assessment Tool to determine your social media readiness score.

    Department Social Media Initiative(s) Current Status
    Marketing Branded Facebook page with updates and promotions Stalled: insufficient resources
    Sales LinkedIn prospecting campaign for lead generation, qualification, and warm open Active: however, new reps are poorly trained on LinkedIn prospect best practices
    Customer Service Twitter support initiative: mentions of our brand are paired with sentiment analysis to determine who is having problems and to reach out and offer support Active: program has been highly successful to date
    HR Recruitment campaign through LinkedIn and Branch Out Stalled: insufficient technology support for identifying leading candidates
    Product Development Defect tracking for future product iterations using social media Partially active: Tracked, but no feedback loop present
    Social Media Maturity Level Distributed

    Determine your organization’s social media maturity with Info-Tech’s Maturity Assessment Tool

    Supporting Tool icon 1.1 Social Media Maturity Assessment Tool

    Assessing where you fit on the social media maturity continuum is critical for setting the future direction of your social media program. We’ll work through a short tool that assesses the current state of your social media program, then discuss the results.

    Info-Tech’s Social Media Maturity Assessment Tool will help you determine your company’s level of maturity and recommend steps to move to the next level or optimize the status quo of your current efforts.

    		 INFO-TECH TOOL Sample of the Social Media Current State Assessment.

    The social cloud is a dominant point of interaction: integrate social channels with existing customer interaction channels

    • Instead of thinking of customers as an island, think of them interacting with each other and with organizations in the social cloud. As a result, the social cloud itself becomes a point of interaction, not just individual customers.
    • The social cloud is accessible with services like social networks (e.g. Facebook) and micro-blogs (Twitter).
    • Previous lessons learned from the integration of Web 1.0 e-channels should be leveraged as organizations add the social media channel into their overall customer interaction framework:
      • Do not design exclusively around a single channel. Design hybrid-channel solutions that include social channels.
      • Balance customer segment goals and attributes, product and service goals and attributes, and channel capabilities.
    		 The 'Web 2.0 Customer Interaction Framework' with 'Social Cloud' above, connected to the below through 'Conversations & Information'. Below are two categories with their components interconnected, 'Communication Channels: Face to Face, Phone, E-mail, Web, and Social Media' and 'Customer Experience Management: Marketing, Sales, and Service'.

    Info-Tech Best Practice

    Don’t believe that social channel integration will require an entire rebuild of your CXM strategy. Social channels are just new interaction channels that need to be integrated – as you’ve done in the past with Web 1.0 e-channels.

    Understand the different types of social media services and how they link to social media strategy and SMMP selection

    Before adopting an SMMP, it’s important to understand the underlying services they manage. Social media services facilitate the creation and dissemination of user-generated content, and can be grouped according to their purpose and functionality:
    • Social Networking: Social networking services use the Friend-of-a-Friend model to allow users to communicate with their personal networks. Users can share a wide variety of information and media with one another. Social networking sites include Facebook and LinkedIn.
    • Blogging: Blogs are websites that allow users to upload text and media entries, typically displayed in reverse-chronological order. Prominent blogging services include Blogger and WordPress.
    • Micro-Blogging: Micro-blogging is similar to blogging, with the exception that written content is limited to a set number of characters. Twitter, the most popular service, allows users to post messages up to 140 characters.
    • Social Multimedia: Social multimedia sites provide an easy way for users to upload and share multimedia content (e.g. pictures, video) with both their personal contacts as well as the wider community. YouTube is extremely popular for video sharing, while Instagram is a popular option for sharing photos and short videos.

    Info-Tech Best Practice

    In many cases, services do not fit discretely within each category. With minor exceptions, creating an account on a social media service is free, making use of these services extremely cost effective. If your organization makes extensive use of a particular service, ensure it is supported by your SMMP vendor.

    		Four categories of social media company logos: 'Social multimedia', 'Micro-blogging', 'Blogging', and 'Social Networking'.

    Inventory the current social media networks that must be supported by the SMMP

    Associated Activity icon 1.1.2

    INPUT: Social media services

    OUTPUT: Inventory of enterprise social media

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project team

    1. List all existing social media networks used by your organization.
    2. For each network, enumerate all the accounts that are being used for organizational objectives.
    3. Identify the line of business that administers and manages each service.
    Network Use Case Account Ownership
    Facebook
    • Branding
    • Marketing
    • Social Monitoring
    • Facebook recruitment
    • Corporate Communications
    • Marketing
    Twitter
    • Social monitoring
    • Customer response
    • Corporate
    • Customer Service
    ... ... ...

    An explosion of social media services and functionality has made effectively managing social interactions a complex task

    • Effectively managing social channels is an increasingly complicated task. Proliferation of social media services and rapid end-user uptake has made launching social interactions a challenge for small and large organizations.
    • Using multiple social media services can be a nightmare for account management (particularly when each brand or product line has its own set of social accounts).
    • The volume of data generated by the social cloud has also created barriers for successfully responding in-band to social stakeholders (social engagement), and for carrying out social analytics.
    • There are two methods for managing social media: ad hoc management and platform-based management.
      • Ad hoc social media management is accomplished using the built-in functionality and administrative controls of each social media service. It is appropriate for small organizations with a very limited scope for social media interaction, but poses difficulties once “critical mass” has been reached.
    		 Comparison of 'Ad Hoc Management' with each social media platform managed directly by the user and 'Platform-Based Management' with social platforms managed by a 'SMMP' which is managed by the user.
    Ad hoc management results in a number of social media touch points. SMMPs serve as a single go-to point for all social media initiatives

    Info-Tech Best Practice

    Managing social media is becoming increasingly difficult to do through ad hoc methods, particularly for larger organizations and those with multiple brand portfolios. Ad hoc management is best suited for small organizations with an institutional client base who only need a bare bones social media presence.

    Select social media services that will achieve your specific objectives – and look for SMMPs that integrate with them

    What areas are different social media services helpful in?
    Domain Opportunity Consumer Social Networks (Facebook) Micro-Blogging (Twitter) Professional Social Networks (LinkedIn) Consumer Video Sharing Networks (YouTube)
    Marketing Building Positive Brand Image Green circle 'Proven Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
    Increase Mind Share Green circle 'Proven Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
    Gaining Customer Insights Green circle 'Proven Useful'. Green circle 'Proven Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
    Sales Gaining Sales Insights Dark Blue circle 'Potentially Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
    Increase Revenue Dark Blue circle 'Potentially Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
    Customer Acquisition Green circle 'Proven Useful'. Green circle 'Proven Useful'. Green circle 'Proven Useful'.
    Service Customer Satisfaction Green circle 'Proven Useful'. Green circle 'Proven Useful'. Green circle 'Proven Useful'. Green circle 'Proven Useful'.
    Increase Customer Retention Green circle 'Proven Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
    Reducing Cost of Service Dark Blue circle 'Potentially Useful'. Dark Blue circle 'Potentially Useful'. Dark Blue circle 'Potentially Useful'. Green circle 'Proven Useful'.

    Green circle 'Proven Useful'. Proven Useful*

    Dark Blue circle 'Potentially Useful'. Potentially Useful

    *Proven useful by Info-Tech statistical analysis carried out on a cross-section of real-world implementations.

    Social media is invaluable for marketing, sales, and customer service. Some social media services have a higher degree of efficacy than others for certain functions. Be sure to take this into account when developing a social media strategy.

    Info-Tech Best Practice

    Different social media services are more effective than others for different goals. For example, YouTube is useful as an avenue for marketing campaigns, but it’s of substantially less use for sales functions like lead generation. The services you select while planning your social media strategy must reflect concrete goals.

    Ad hoc social media management results in manual, resource-intensive processes that are challenging to measure

    • Most organizations that have pursued social media initiatives have done so in an ad hoc fashion rather than outlining a formal strategy and deploying software solutions (e.g. SMMP).
    • Social media is often a component of Customer Experience Management (CXM); Info-Tech’s research shows many organizations are handling CRM without a strategy in place, too.
    • Social media management platforms reduce the resource-intensive processes required for ongoing social media involvement and keep projects on track by providing reporting metrics.
    Social media and CRM are often being done without a defined strategy in place.

    Four-square matrix titled 'Strategy' presenting percentages with y-axis 'CRM', x-axis 'Social Media', both having two sections 'Ad hoc' and 'Defined'.
    Source: Info-Tech Survey, N=64

    		 Many processes related to social media are being done manually, despite the existence of SMMPs.

    Four-square matrix titled 'technology' presenting percentages with y-axis 'CRM', x-axis 'Social Media', both having two sections 'Ad hoc' and 'Defined'.
    “When we started our social media campaign, it took 34 man-hours a week. An SMMP that streamlines these efforts is absolutely an asset.” (Edie May, Johnson & Johnson Insurance Company)

    SMMPs provide functionality for robust account management, in-band customer response, and social monitoring/analytics

    • Features such as unified account management and social engagement capabilities boost the efficiency of social campaigns. These features reduce duplication of effort (e.g. manually posting the same content to multiple services). Leverage account management functionality and in-band response to “do more with less.”
    • Features such as comprehensive monitoring of the social cloud and advanced social analytics (i.e. sentiment analysis, trends and follower demographics) allow organizations to more effectively use social media. These features empower organizations with the information they need to make informed decisions around messaging and brand positioning. Use social analytics to zero in on your most important brand advocates.

    The value proposition of SMMPs revolves around enhancing the effectiveness and efficiency of social media initiatives.

    		 Three primary use cases for social media management:

    Social Listening & Analytics — Monitor and analyze a variety of social media services: provide demographic analysis, frequency analysis, sentiment analysis, and content-centric analysis.

    Social Publishing & Campaign Management — Executing marketing campaigns through social channels (e.g. Facebook pages).

    Social Customer Care — Track customer conversations and provide the ability to respond in-platform to social interactions.

    Info-Tech Best Practice

    SMMPs are a technology platform, but this alone is insufficient to execute a social media program. Organization and process must be integrated as well. See Info-Tech’s research on developing a social media strategy for a step-by-step guide on how to optimize your internal organization and processes.

    Social analytics vary: balance requirements among monitoring goals and social presence/property management

    Segment your requirements around common SMMP vendor product design points. Current market capabilities vary between two primary feature categories: social cloud monitoring and social presence and property management.

    Cloud-Centric

    Social Monitoring

    Content-Centric
    Social cloud monitoring enables:
    • Brand and product monitoring
    • Reputation monitoring
    • Proactive identification of service opportunities
    • Competitive intelligence
    		 Social presence and property management enables:
    • Monitor and manage discussions on your social properties (e.g. Twitter feeds, Facebook Pages, YouTube channels)
    • Execute marketing campaigns within your social properties

    Social Analytics

    Social analytics provide insights to both dimensions of social media monitoring.

    Some firms only need social cloud monitoring, some need to monitor their own social media properties, and others will need to do both. Some vendors do both while other vendors excel in only one feature dimension. If you are NOT prepared to act on results from social cloud monitoring, then don’t expand your reach into the social cloud for no reason. You can always add cloud monitoring services later. Likewise, if you only need to monitor the cloud and have no or few of your own social properties, don’t buy advanced management and engagement features.

    Use social analytics to gain the most value from your SMMP

    Research indicates successful organizations employ both social cloud monitoring and management of their own properties with analytical tools to enhance both or do one or the other well. Few vendors excel at both larger feature categories. But the market is segmented into vendors that organizations should be prepared to buy more than one product from to satisfy all requirements. However, we expect feature convergence over the next 1–3 years, resulting in more comprehensive vendor offerings.

    Most sought social media analytics capabilities

    Bar Chart of SM analytics capabilities, the most sought after being 'Demographic analysis', 'Geographic analysis', 'Semantic analysis', 'Automated identification of subject and content', and 'Predictive modeling'.
    (Source: The State of Social Media Analytics (2016))

    		 Value driven from social analytics comes in the form of:
    • Improved customer service
    • Increased revenue
    • Uncovered insights for better targeted marketing
    • A more personalized customer experience offered
    Social analytics is integral to the success of the SMMP – take advantage of this functionality!

    Cost/Benefit Scenario: A mid-sized consumer products company wins big by adopting an SMMP

    The following example shows how an SMMP at a mid-sized consumer products firm brought in $36 000 a year.

    Before: Manual Social Media Management

    • Account management: a senior marketing manager was responsible for updating all twenty of the firm’s social media pages and feeds. This activity consumed approximately 20% of her time. Her annual salary was $80,000. Allocated cost: $16,000 per year.
    • In-band response: Customer service representatives manually tracked service requests originating from social channels. Due to the use of multiple Twitter feeds, several customers were inadvertently ignored and subsequently defected to competitors. Lost annual revenue due to customer defections: $10,000.
    • Social analytics: Analytics were conducted in a crude, ad hoc fashion using scant data available from the services themselves. No useful insights were discovered. Gains from social insights: $0.

    Ad hoc management is costing this organization $26,000 a year.

    After: Social Media Management Platform

    • Account management: Centralized account controls for rapidly managing several social media services meant the amount of time spent updating social media was cut 75%. Allocated cost savings: $12,000 per year.
    • In-band response: Using an SMMP provided customer service representatives with a console for quickly and effectively responding to customer service issues. Service window times were significantly reduced, resulting in increased customer retention. Revenue no longer lost due to defections: $10,000.
    • Social analytics: The product development group used keyword-based monitoring to assist with designing a successful new product. Social feedback noticeably boosted sales. Gains from social insights: $20,000
    • Cost of SMMP: $6,000 per year.

    The net annual benefit of adopting an SMMP is $36,000.

    Go with an SMMP if your organization needs a heavy social presence; stick with ad hoc management if it doesn’t

    The value proposition of acquiring an SMMP does not resonate the same for all organizations: in some cases, it is more cost effective to forego an SMMP and stick with ad hoc social media management.

    Follow these guidelines for determining if an SMMP is a natural fit for your organization.

    Go with an SMMP if…

    • Your organization already has a large social footprint: you manage multiple feeds/pages on three or more social media services.
    • Your organization’s primary activity is B2C marketing; your target consumers are social media savvy. Example: consumer packaged goods.
    • The volume of marketing, sales and service inquiries received over social channels has seen a sharp increase in the last 12 months.
    • Your firm or industry is the topic of widespread discussion in the social cloud.

    Stick with ad hoc management if…

    • Regulatory compliance prohibits the extensive use of social media in your organization.
    • Your organization is focused on a small number of institutional clients with well-defined organizational buying behaviors.
    • Your target market is antipathetic towards using social channels to interact with your organization.
    • Your organization is in a market space where only a bare-bones social media presence is seen as a necessity (for example, only a basic informational Facebook page is maintained).

    Info-Tech Best Practice

    Using an SMMP is definitively superior to ad hoc social media management for those organizations with multiple brands and product portfolios (e.g. consumer packaged goods). Ad hoc management is best for small organizations with an institutional client base who only need a bare bones social media presence.

    Assess which social media opportunities exist for your organization with Info-Tech’s tool

    Supporting Tool icon 1.2 Social Media Opportunity Assessment Tool

    Use Info-Tech’s Social Media Opportunity Assessment Tool to determine, based on your unique criteria, where social media opportunities exist for your organization in marketing, sales, and service.

    Info-Tech Best Practice

    1. Remember that departmental goals will overlap; gaining customer insight is valuable to marketing, sales, and customer service.
    2. The social media benefits you can expect to achieve will evolve as your processes mature.
    3. Often, organizations jump into social media because they feel they have to. Use this assessment to identify early on what your drivers should be.
    		Sample of the Social Media Opportunity Assessment Tool.

    Go/no-go assessment on SMMP

    Associated Activity icon 1.1.3

    INPUT: Social Media Opportunity Questionnaire

    OUTPUT: SMMP go/no-go decision

    MATERIALS: Whiteboard, Opportunity Assessment Tool

    PARTICIPANTS: Digital Strategy Executive, Business stakeholders

    Identify whether an SMMP will help you achieve your goals in sales, marketing, and customer service.

    1. Complete the questionnaire in the Social Media Opportunity Assessment Tool. Ensure all relevant stakeholders are present to answer questions pertaining to their business area.
    2. Evaluate the results to better understand whether your organization has the opportunity to achieve each established goal in marketing, sales, and customer service with an SMMP or you are not likely to benefit from investing in a social media management solution.

    Phase 1, Step 2: Use an SMMP to enable marketing, sales, and service use cases

    1.1

    1.2
    Determine if a dedicated SMMP is right for your organization Use an SMMP to enable marketing, sales, and service use cases

    This step will walk you through the following activities:

    • Profile and rank your top use cases for social media management
    • Build the metrics inventory

    This step involves the following participants:

    • Project Manager
    • Project Team

    Outcomes of this step

    • Use case suitability
    • SMMP metrics inventory

    SMMPs equip front-line sales staff with the tools they need for effective social lead generation

    • Content-centric social analytics allow sales staff to see click-through details for content posted on social networks. In many cases, these leads are warm and ready for immediate follow-up.
    • A software development firm uses an SMMP to post a whitepaper promoting its product to multiple social networks.
      • The whitepaper is subsequently downloaded by a number of potential prospects.
      • Content-centric analytics within the SMMP link the otherwise-anonymous downloads to named social media accounts.
      • Leads assigned to specific account managers, who use existing CRM software to pinpoint contact information and follow-up in a timely manner.
    • Organizations that intend to use their SMMP for sales purposes should ensure their vendor of choice offers integration with LinkedIn. LinkedIn is the business formal of social networks, and is the network with the greatest proven efficacy from a sales perspective.

    Using an SMMP to assist the sales process can…

    • Increase the number of leads generated through social channels as a result of social sharing.
    • Increase the quality of leads generated through social channels by examining influence scores.
    • Increase prospecting efficiency by finding social leads faster.
    • Keep account managers in touch with prospects and clients through social media.

    Info-Tech Best Practice

    Social media is on the rise in sales organizations. Savvy companies are using social channels at all points in the sales process, from prospecting to account management. Organizations using social channels for sales will want an SMMP to manage the volume of information and provide content-centric analytics.

    Incorporate social media into marketing workflows to gain customer insights, promote your brand, and address concerns

    While most marketing departments have used social media to some extent, few are using it to its full potential. Identify marketing workflows that can be enhanced through the use of social channel integration.
    • Large organizations must define separate workflows for each stakeholder organization if marketing’s duties are divided by company division, brand, or product lines.
    • Inquiries stemming from marketing campaigns and advertising must be handled by social media teams. For example, if a recent campaign sparks customer questions on the company’s Facebook page, be ready to respond!
    • Social media can be used to detect issues that may indicate product defects, provided defect tracking is not already incorporated into customer service workflows. If defect tracking is part of customer service processes, then such issues should be routed to the customer service organization.
    • If social listening is employed, in addition to monitoring the company's own social properties, marketing teams may elect to receive notices of major trends concerning the company's products or those of competitors.
    		 Word jumble of different sized buzz words around 'Brand Building'.

    I’m typically using my social media team as a proactive marketing team in the social space, whereas I’m using my consumer relations team as a reactive marketing and a reactive consumer relations taskforce. So a little bit different perspective.” (Greg Brickl, IT Director, Organic Valley)

    SMMPs allow marketers to satisfy all of their needs with one solution

    • Have a marketing manager jointly responsible for the selection of an SMMP to realize higher overall success. This will significantly improve customer acquisition approval and competitive intelligence, as well as the overall SMMP success.
    • The marketing manager should be involved in fleshing out the business requirements of the SMMP in order to select the most appropriate solution.
    • Once selected, the SMMP has multiple benefits for marketing professionals. One pivotal benefit of SMMPs for marketing is the capability for centralized account management. Multiple social pages and feeds can be rapidly managed at pre-determined times, through an easy-to-use dashboard delivered from one source.
    • Centralized account management is especially pertinent for organizations with a wide geographic client base, as they can manage wide social media campaigns within multiple time zones, delivering their messaging appropriately. (e.g. contests, product launches, etc.)
    		 Bar Chart comparing 'Average Success Scores' of different goals based on whether the 'Marketing Manager [was] Responsible' or not. Scores are always higher when they were.
    (Source: Info-Tech Research Group N = 37)

    Info-Tech Best Practice

    Managing multiple social media accounts on an ad hoc basis is time consuming and costs money. Lower costs and get the best results out of your social media campaigns by involving the marketing team in the SMMP selection process and knowing their functional requirements.

    Leverage SMMPs to proactively identify and respond to customer service issues occurring in the social cloud

    • SMMPs are an invaluable tool in customer service organizations. In-band response capabilities allow customer service representatives to quickly and effectively address customer service issues – either reactively or proactively.
    • Reactive customer service can be provided through SMMPs by providing response capabilities for private messages or public mentions (e.g. “@AcmeCo” on Twitter). Many SMMPs provide a queue of social media messages directed at the organization, and also give the ability to assign specific messages to an individual service representative or product expert. Responding to a high-volume of reactive social media requests can be time consuming without an SMMP.
    • Proactive customer service uses the ability of SMMPs to monitor the social cloud for specific keywords in order to identify customers having issues. Forward-thinking companies actively monitor the social cloud for customer service opportunities, to protect and improve their image.
    		 Illustration of reactive service where the customer initiates the process and then receives service.
    Reactive service is customer-initiated.

    Illustration of proactive service with a complaint through Twitter monitored by an SMMP allowing an associate to provide a 'Proactive Resolution'.
    SMMPs enable organizations to monitor the social cloud for service opportunities and provide proactive service in-band.

    Info-Tech Best Practice

    Historically, customer service has been “reactive” (i.e. customer initiated) and solely between the customer and supplier. Social media forces proactive service interactions between customer, supplier, and the entire social cloud. Using an SMMP significantly improves reactive and proactive service. The ability to integrate with customer service applications is essential.

    Customer service is a vital department to realize value from leveraging an SMMP

    Info-Tech’s research shows that the more departments get involved with social media implementation, the higher the success score (calculated based on respondents’ report of the positive impact of social media on business objectives). On average, each additional department involved in social media programs increases the overall social media success score by 5%. For example, organizations that leveraged social media within the customer service department, achieved a higher success score than those that did not.

    The message is clear: encourage broad participation in coordinated social media efforts to realize business goals.

    Line graph comparing 'Social Media Success Score' with the 'Number of Departments Involved'. The line trends upward on both axes.
    (Source: Info-Tech Research Group N=65)    		 Bar chart comparing 'Social Media Success Scores' if 'Customer Service Involvement' was Yes or No. 'Yes' has a higher score.

    Our research indicates that the most important stakeholder to ensure steering committee success is Customer Service. This has a major impact on CRM integration requirements – more on this later.

    SMMPs are indispensable for allowing PR managers to keep tabs on the firm and its brands

    • Public relations is devoted to relationship management; as such, it is critical for savvy PR departments to have a social media presence.
    • SMMPs empower PR professionals with the ability to track the sentiment of what is said about their organization. Leverage keyword searches and heuristic analysis to proactively mitigate threats and capitalize on positive opportunities. For example, sentiment analysis can be used to identify detractors making false claims over social channels. These claims can then be countered by the Public Relations team.
    • Sentiment analysis can be especially important to the PR professional through change and crisis management situations. These tools allow an organization to track the flow of information, as well as the balance of positive and negative postings and their influence on others in the social cloud.
    • Social analytics provided by SMMPs also serve as a goldmine for competitive intelligence about rival firms and their products.

    Benefits of Sentiment Analysis for PR

    • Take the pulse of public perception of your brands (and competitors).
    • Mitigate negative comments being made and respond immediately.
    • Identify industry and consumer thought leaders to follow on social networks.

    Illustration of sentiment analysis.
    Use sentiment analysis to monitor the social cloud.

    Info-Tech Best Practice

    Leaving negative statements unaddressed can cause harm to an organization’s reputation. Use an SMMP to track what is being said about your organization; take advantage of response capabilities to quickly respond and mitigate PR risk.

    SMMPs for recruiting is an emerging talent recruitment technique and will lead to stronger candidates

    • Social media provides more direct connections between employer and applicant. It’s faster and more flexible than traditional e-channels.
    • SMMPs should be deployed to the HR silo to aid with recruiting top-quality candidates. Account management functionality can dramatically reduce the amount of time HR managers spend synchronizing content between various social media services.
    • In-band response capabilities flag relevant social conversations and allow HR managers to rapidly respond to prospective employee inquiries. Rapid response over social channels gives candidates a positive impression of the organization.
    • Analytics give HR managers insight into hiring trends and the job market at large – sentiment analysis is useful for gauging not just candidate interests, but also anonymous employee engagement.

    A social media campaign managed via SMMP can…

    • Increase the size of the applicant pool by “fishing where the fish are.”
    • Increase the quality of applicants by using monitoring to create targeted recruitment materials.
    • Increase recruiting efficiency by having a well-managed, standing presence on popular social media sites – new recruiting campaigns require less “awareness generation” time.
    • Allow HR/recruiters to be more in-touch with hiring trends via social analytics.
    Horizontal bar chart of social media platforms that recruiters use. LinkedIn is at the top with 87%. Only 4% of recruiters are NOT using social media for recruitment, while 50% of recruiters plan to increase their investment in SMR in the coming year. (Source: Jobvite, 2015)

    Collapse your drivers for SMMP and link them to Info-Tech’s Vendor Landscape use cases

    Vendor Profiles icon

    USE CASES

    Social Listening and Analytics

    What It Looks Like
    Functionality for capturing, aggregating, and analyzing social media content in order to create actionable customer or competitive insights.

    How It Works
    Social listening and analytics includes features such as sentiment and contextual analysis, workflow moderation, and data visualization.

    		Social Publishing and Campaign Management

    What It Looks Like
    Functionality for publishing content to multiple networks or accounts simultaneously, and managing social media campaigns in-depth (e.g. social property management and post scheduling).

    How It Works
    Social publishing and campaign management include features such as campaign execution, social post integration, social asset management, and post time optimization.

    		 Social Customer Care

    What It Looks Like
    Functionality for management of the social customer service queue as well as tools for expedient resolution of customer issues.

    How It Works
    Social customer care use case primarily relies on strong social moderation and workflow management.

    Identify the organizational drivers for social media management – whether it is recruiting, public relations, customer service, marketing, or sales – and align them with the most applicable use case.

    Profile and rank your top use cases for social media management using the Use-Case Fit Assessment Tool

    Associated Activity icon 1.2.1 1 Hour

    INPUT: Project Manager, Core project team

    OUTPUT: Use-case suitability

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project Manager, Core project team

    1. Download your own version of the tool and complete the questionnaire on tab 2, Assessment.
      • Use the information gathered from your assessments and initial project scoping to respond to the prompts to identify the business and IT requirements for the tool.
      • Answer the prompts for each statement from a range of strongly disagree to strongly agree.
    2. Review the outcomes on tab 3, Results.
      • This tab provides a qualitative measure assessing the strength of your fit against the industry use-case scenarios.
    3. If not completed as a team, debrief the results and implications to your core project team.

    Use the SMMP Use-Case Fit Assessment Tool to identify which areas you should focus on

    Supporting Tool icon 1.3 Use Case Fit Assessment Tool
    Use the Use-Case Fit Assessment Tool to understand how your unique requirements map into a specific SMMP use case.

    This tool will assess your answers and determine your relative fit against the use-case scenarios.

    Fit will be assessed as “Weak,” “Moderate,” or “Strong.”

    Consider the common pitfalls, which were mentioned earlier, that can cause IT projects to fail. Plan and take clear steps to avoid or mitigate these concerns.

    Note: These use-case scenarios are not mutually exclusive. Your organization can align with one or more scenarios based on your answers. If your organization shows close alignment to multiple scenarios, consider focusing on finding a more robust solution and concentrate your review on vendors that performed strongly in those scenarios or meet the critical requirements for each.

    INFO-TECH DELIVERABLE

    Sample of the SMMP Use-Case Fit Assessment Tool.

    Identify the marketing, sales, and customer service metrics that you will target for improvement using an SMMP

    Create measurable S.M.A.R.T. goals for the project.

    Consider the following questions when building your SMMP metrics:
    1. What are the top marketing objectives for your company? For example, is building initial awareness or driving repeat customers more important?
    2. What are the corresponding social media goals for this business objective?
    3. What are some of the metrics that could be used to determine if business and social media objectives are being attained?
    Use Case Sample Metric Descriptions Target Metric
    Social Listening and Analytics Use a listening tool to flag all mentions of our brands or company on social Increase in mentions with neutral or positive sentiment, decrease in mentions with negative sentiment
    Social Publishing and Campaign Management Launch a viral video campaign showcasing product attributes to drive increased YT traffic Net increase in unaided customer recall
    Social Customer Care Create brand-specific social media pages to increase customer sentiment for individual brand extensions Net increase in positive customer sentiment (i.e. as tracked by an SMMP)

    Build the metrics inventory

    Associated Activity icon 1.2.2 45 Minutes

    INPUT: Marketing, sales, and customer service objectives

    OUTPUT: Metrics inventory

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project Manager, Core project team

    1. Identify the top marketing, sales, and customer service objectives for your company? For example, is building initial awareness or driving repeat customers more important?
    2. What are the corresponding social media goals for each business objective?
    3. What are some of the metrics that could be used to determine if business and social media objectives are being attained?
    Marketing/PR Objectives Social Media Goals Goal Attainment Metrics
    E.g. build a positive brand image
    • Create brand-specific social media pages to increase customer sentiment for individual brand extensions
    		 Net increase in positive customer sentiment (i.e. as tracked by an SMMP)
    E.g. increase customer mind share
    • Launch a viral video campaign showcasing product attributes to drive increased YT traffic
    		 Net increase in unaided customer recall
    E.g. monitor public mentions
    • Use a listening tool to flag all mentions of our brands or company on social
    		 Increase in mentions with neutral or positive sentiment, decrease in mentions with negative sentiment

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1

    		 Sample of activity 1.1.1 'Assess where your organization sits on the social media maturity curve'. Assess your organization’s social media maturity

    An Info-Tech analyst will facilitate a discussion to assess the maturity of your organization’s social media program and take an inventory of your current efforts across different departments (e.g. Marketing, PR, Sales, and Customer Service).

    1.1.2

    		 Sample of activity 1.1.2 'Inventory the current social media networks that must be supported by SMMP'. Inventory your current social media networks

    The analyst will facilitate an exercise to catalog all social media networks used in the organization.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    1.1.3

    		 Sample of activity 1.1.3 'Go/no-go assessment on SMMP'. Go/no go assessment on SMMP

    Based on the maturity assessment, the analyst will help identify whether an SMMP will help you achieve your goals in sales, marketing, and customer service.

    1.2.1

    		 Sample of activity 1.2.1 'Profile and rank your top use cases for social media management using the Use Case Fit Assessment Tool'. Rank your top use cases for social media management

    An analyst will facilitate the exercise to answer a series of questions in order to determine best-fit scenario for social media management for your organization.

    1.2.2

    		 Sample of activity 1.2.2 'Build the metrics inventory'. Build the metrics inventory

    An analyst will lead a whiteboarding exercise to brainstorm and generate metrics for your organization’s social media goals.

    Select and Implement a Social Media Management Platform

    PHASE 2

    Select an SMMP

    This phase also includes Info-Tech’s SMMP Vendor Landscape Title icon for vendor slides.

    Phase 2: Select an SMMP

    Steps of this blueprint represented by circles of varying colors and sizes, labelled by text of different sizes. Only Phase 2 is highlighted.
    Estimated Timeline: 1-3 Months

    Info-Tech Insight

    Taking a use-case-centric approach to vendor selection allows you to balance the need for different social capabilities between analytics, campaign management and execution, and customer service.

    		Major Milestones Reached
    • Vendor Selection
    • Finalized and Approved Contract

    Key Activities Completed

    • RFP Process
    • Vendor Evaluations
    • Vendor Selection
    • Contract Negotiation

    Outcomes from This Phase

    The completed procurement of an SMMP solution.

    • Selected SMMP solution
    • Negotiated and finalized contract

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Select an SMMP

    Proposed Time to Completion: 4 weeks
    Step 2.1: Analyze and shortlist SMMP vendors Step 2.2: Evaluate vendor responses
    Start with an analyst kick-off call:
    • Evaluate the SMMP marketspace.
    • Re-evaluate best-fit use case.
    		 Review findings with analyst:
    • Determine your SMMP procurement strategy.
    • Reach out to SMMP vendors.
    Then complete these activities…
    • Review vendor profiles and analysis.
    • Create your own evaluation framework and shortlisting criteria.
    		 Then complete these activities…
    • Prioritize your requirements.
    • Create an RFP for SMMP procurement.
    • Evaluate vendor responses.
    • Set up product demonstrations.
    With these tools & templates:
    • SMMP Vendor Landscape (included here)
    • SMMP Vendor Shortlist Tool
    		 With these tools & templates:
    • SMMP RFP Template
    • SMMP Vendor Demo Script Template
    • SMMP Evaluation and RFP Scoring Tool
    Phase 1 Results & Insights:
    • Finalize vendor and product selection

    Phase 2, Step 1: Analyze and shortlist vendors in the space

    2.1

    2.2
    Analyze and shortlist vendors in the space Select your SMMP solution

    This step will walk you through the following activities:

    • Review vendor landscape methodology
    • Shortlist SMMP vendors

    This step involves the following participants:

    • Core team
    • Representative stakeholders from Digital Marketing, Sales, and IT

    The SMMP Vendor Landscape includes the following sections:

    VENDOR LANDSCAPE

    Info-Tech's Methodology

    		 Vendor title icon.

    Vendor Landscape use-case scenarios are evaluated based on weightings of features and vendor/product considerations

    Vendor Profiles icon

    Use cases were scored around the features from the general scoring identified as being relevant to the functional considerations and drivers for each scenario.

    Calculation Overview
    Advanced Features Score X Vendor Multiplier = Vendor Performance for Each Scenario
    Pie Chart of Product and Vendor Weightings.
    Product and Vendor Weightings    		 Pie Chart of Advanced Features Weightings.
    Advanced Features Weightings

    Please note that both advanced feature scores and vendor multipliers are based on the specific weightings calibrated for each scenario.

    Vendor performance for each use-case scenario is documented in a weighted bar graph

    Vendor Profiles icon
    Sample of the 'Vendor performance for the use-case scenario' slide. Vendor Performance

    Vendors qualify and rank in each use-case scenario based on their relative placement and scoring for the scenario.

    Vendor Ranking

    Champion: The top vendor scored in the scenario

    Leaders: The vendors who placed second and third in the scenario

    Players: Additional vendors who qualified for the scenarios based on their scoring
    Sample of the 'Value Index for the use case scenario' slide. Value ScoreTM

    Each use-case scenario also includes a Value Index that identifies the Value Score for a vendor relative to their price point. This additional framework is meant to help price-conscious organizations identify vendors who provide the best “bang for the buck.”

    VENDOR LANDSCAPE

    Review the SMMP Vendor Evaluation

    		Vendor title icon.

    SMMP market overview

    Vendor Profiles icon

    How It Got Here

    • The SMMP market was created in response to the exploding popularity of social media and the realization that it can be harnessed for a wide variety of enterprise purposes (from consumer intelligence to marketing campaigns and customer service).
    • As the number of social media services has expanded, and as the volume of content generated via social networks has ballooned, it became increasingly difficult to mine insights and manage social campaigns. A number of vendors (mostly start-ups) began offering platforms that attempted to streamline and harness social media processes.
    • As usage of social media expanded beyond just the marketing and PR function, being able to successfully scale a social strategy to a large number of customer care and sales interactions became paramount: SMMPs filled a niche by offering large-scale response and workflow management capabilities.

    Where It’s Going

    • The market is segmented into two broad camps: SMMPs focused on social listening and analytics, and SMMPs focused on social engagement. Although the two have begun to converge, there continues to be a clear junction in the market between the two, with a surprising lack of vendors that are equally adept at both sides.
    • With the rise of SMMPs, the expectation was that CRM vendors would offer feature sets similar to those of standalone SMMPS. However, CRM vendors have been slow in incorporating the functionality directly into their products. While some major vendors have made ground in this direction in the last year, organizations that are serious about social will still need a best-of-breed SMMP.
    • Other major trends include using application integration to build a 360-degree view of the customer, workflow automation, and competitive benchmarking.

    Info-Tech Insight

    As the market evolves, capabilities that were once cutting edge become default and new functionality becomes differentiating. Supporting multiple social media services and accounts has become a Table Stakes capability and should no longer be used to differentiate solutions. Instead focus on an SMMP’s social listening, campaign management, and customer care to help you find a solution that best fits your requirements.

    Review Info-Tech’s Vendor Landscape of the SMMP market to identify vendors that meet your requirements

    Vendors Evaluated

    Various logos of the vendors who were evaluated.

    Each vendor in this landscape was evaluated based on their features, product considerations, and vendor considerations. Each vendor was profiled using these evaluations and, based on their performance, qualified and placed in specific use-case scenarios.

    These vendors were included due to consideration of their market share, mind share, and platform coverage

    Vendor Profiles icon

    Vendors included in this report provide a comprehensive, innovative, and functional solution for integrating applications and automating their messaging.

    Included in this Vendor Landscape:

    Adobe: Adobe Social is a key pillar of Adobe’s ecosystem that is heavily focused on social analytics and engagement.

    Hootsuite: A freemium player with strong engagement and collaboration tools, particularly well suited for SMBs.

    Salesforce: Social Studio is a leading social media management solution and is a key channel of Salesforce Marketing Cloud.

    Sendible: A fairly new entrant to the social media management space, Sendible offers robust campaign management capability that is well suited for agencies and SMBs.

    Sprinklr: A leading solution that focuses on social customer care, offering strong ability to prioritize, route, and categorize high-volume social messaging.

    Sprout Social: A great choice for mid-sized companies looking to provide robust social engagement and customer care.

    Sysomos: Their MAP and Heartbeat products offer customers in-depth analysis of a wide array of social channels.

    Viralheat (Cision): Now a Cision product, Viralheat is an excellent option for analytics, social response workflow management, and in-band social engagement.

    Table Stakes represent the minimum standard; without these, a product doesn’t even get reviewed

    Vendor Profiles icon

    The Table Stakes

    Feature: What it is:
    Multiple Services Supported The ability to mange or analyze at least two or more social media services.
    Multiple Accounts Supported The ability to manage or analyze content from at least two or more social media accounts.
    Basic Engagement The ability to post status updates to multiple social media sites.
    Basic Analytics The ability to display inbound feeds and summary info from multiple social media sites.

    What does this mean?

    The products assessed in this Vendor Landscape meet, at the very least, the requirements outlined as Table Stakes.

    Many of the vendors go above and beyond the outlined Table Stakes, some even do so in multiple categories. This section aims to highlight the products’ capabilities in excess of the criteria listed here.

    Info-Tech Insight

    If Table Stakes are all you need from your SMMP solution, the only true differentiator for the organization is price. Otherwise, dig deeper to find the best price to value for your needs.

    Advanced Features are the capabilities that allow for granular differentiation of market players and use-case performance

    Vendor Profiles icon

    Scoring Methodology

    Info-Tech scored each vendor’s features on a cumulative four-point scale. Zero points are awarded to features that are deemed absent or unsatisfactory, one point is assigned to features that are partially present, two points are assigned to features that require an extra purchase in the vendor’s product portfolio or through a third party, three points are assigned to features that are fully present and native to the solution, and four points are assigned to the best-of-breed native feature.

    For an explanation of how Advanced Features are determined, see Information Presentation – Feature Ranks (Stoplights) in the Appendix.
    Feature: What we looked for:
    Social Media Channel Integration - Inbound Ability to monitor social media services, such as Facebook, Twitter, LinkedIn, YouTube, and more.
    Social Media Channel Integration - Outbound Ability to publish to social media services such as Facebook, Twitter, LinkedIn, YouTube, and more.
    Social Response Management Ability to respond in-band to social media posts.
    Social Moderation and Workflow Management Ability to create end-to-end routing and escalation workflows from social content.
    Campaign Execution Ability to manage social and media assets: tools for social campaign execution, reporting, and analytics.
    Social Post Archival Ability to archive social posts and platform activity to create an audit trail.
    Trend Analysis Ability to monitor trends and traffic on multiple social media sites.
    Sentiment Analysis Ability to analyze and uncover insights from attitudes and opinions expressed on social media.
    Contextual Analysis Ability to use NLP, deep learning and semantic analysis to extract meaning from social posts.
    Social Asset Management Ability to access visual asset library with access permissions and expiry dates to be used on social media.
    Post Time Optimization Ability to optimize social media posts by maximizing the level of interaction and awareness around the posts.
    Dashboards and Visualization Ability to visualize data and create analytics dashboards.

    Vendor scoring focused on overall product attributes and vendor performance in the market

    Vendor Profiles icon

    Scoring Methodology

    Info-Tech Research Group scored each vendor’s overall product attributes, capabilities, and market performance.

    Features are scored individually as mentioned in the previous slide. The scores are then modified by the individual scores of the vendor across the product and vendor performance features.

    Usability, overall affordability of the product, and the technical features of the product are considered, and scored on a five-point scale. The score for each vendor will fall between worst and best in class.

    The vendor’s performance in the market is evaluated across four dimensions on a five-point scale. Where the vendor places on the scale is determined by factual information, industry position, and information provided by customer references and/or available from public sources.

    Product Evaluation Features

    Usability The end-user and administrative interfaces are intuitive and offer streamlined workflow.
    Affordability Implementing and operating the solution is affordable given the technology.
    Architecture Multiple deployment options, platform support, and integration capabilities are available.

    Vendor Evaluation Features

    Viability Vendor is profitable, knowledgeable, and will be around for the long term.
    Focus Vendor is committed to the space and has a future product and portfolio roadmap.
    Reach Vendor offers global coverage and is able to sell and provide post-sales support.
    Sales Vendor channel partnering, sales strategies, and process allow for flexible product acquisition.

    Balance individual strengths to find the best fit for your enterprise

    Vendor Profiles icon

    A list of vendors with ratings for their 'Product: Overall, Usability, Affordability, and Architecture' and their 'Vendor: Overall, Viability, Focus, Reach, and Sales'. It uses a quarters rating system where 4 quarters of a circle is Exemplary and 0 quarters is Poor.

    For an explanation of how the Info-Tech Harvey Balls are calculated, see Information Presentation – Criteria Scores (Harvey Balls) in the Appendix.

    Balance individual strengths to find the best fit for your enterprise

    Vendor Profiles icon

    A list of vendors with ratings for their 'Evaluated Features'. Rating system uses Color coding with green being 'Feature is fully present...' and red being 'Feature is absent', and if a star is in the green then 'Feature is best in its class'.

    For an explanation of how Advanced Features are determined, see Information Presentation – Feature Ranks (Stoplights) in the Appendix.

    Vendor title icon.

    USE CASE 1

    Social Listening and Analytics

    Seeking functionality for capturing, aggregating, and analyzing social media content in order to create actionable customer or competitive insights.

    Feature weightings for the social listening and analytics use-case scenario

    Vendor Profiles icon

    Core Features

    Sentiment Analysis Uncovering attitudes and opinions expressed on social media is important for generating actionable customer insights.
    Dashboards and Visualization Capturing and aggregating social media insights is ineffective without proper data visualization and analysis.
    Trend Analysis The ability to monitor trends across multiple social media services is integral for effective social listening.
    Contextual Analysis Understanding and analyzing language and visual content on social media is important for generating actionable customer insights.

    Additional Features

    Social Media Channel Integration – Inbound

    Social Moderation and Workflow Management

    Social Post Archival

    Feature Weightings

    Pie chart of feature weightings.

    Vendor considerations for the social listening and analytics use-case scenario

    Vendor Profiles icon

    Product Evaluation Features

    Usability A clean and intuitive user interface is important for users to fully leverage the benefits of an SMMP.
    Affordability Affordability is an important consideration as the price of SMMPs can vary significantly depending on the breadth and depth of capability offered.
    Architecture SMMP is more valuable to organizations when it can integrate well with their applications, such as CRM and marketing automation software.

    Vendor Evaluation Features

    Viability Vendor viability is critical for long-term stability of an application portfolio.
    Focus The vendor is committed to the space and has a future product and portfolio roadmap.
    Reach Companies with processes that cross organizational and geographic boundaries require effective and available support.
    Sales Vendors need to demonstrate flexibility in terms of industry and technology partnerships to meet evolving customer needs.

    Pie chart for Product and Vendor Evaluation Features.

    Vendor performance for the social listening and analytics use-case scenario

    Vendor Profiles icon
    Champion badge.

    Champions for this use case:
    Salesforce: Salesforce Social Studio offers excellent trend and in-depth contextual analysis and is among the best vendors in presenting visually appealing and interactive dashboards.
    Leader badge.

    Leaders for this use case:
    Sysomos: Sysomos MAP and Heartbeat are great offerings for conducting social media health checks using in-depth contextual analytics.

    Adobe: Adobe Social is a great choice for digital marketers that need in-depth sentiment and longitudinal analysis of social data – particularly when managing social alongside other digital channels.
    Best Overall Value badge.

    Best Overall Value Award
    Sysomos: A strong analytics capability offered in Sysomos MAP and Heartbeat at a relatively low cost places Sysomos as the best bang for your buck in this use case.

    Players in the social listening and analytics scenario

    • Sprinklr
    • Hootsuite
    • Sprout Social

    Vendor performance for the social listening and analytics use-case scenario

    Vendor Profiles icon

    Stacked bar chart comparing vendors' use-case performance in multiple areas of 'Social Listening and Analytics'.

    Value Index for the social listening and analytics scenario

    Vendor Profiles icon
    What is a Value Score?

    The Value Score indexes each vendor’s product offering and business strength relative to its price point. It does not indicate vendor ranking.

    Vendors that score high offer more bang-for-the-buck (e.g. features, usability, stability) than the average vendor, while the inverse is true for those that score lower.

    Price-conscious enterprises may wish to give the Value Score more consideration than those who are more focused on specific vendor/product attributes.

    		 On a relative basis, Sysomos maintained the highest Info-Tech Value ScoreTM of the vendor group for this use-case scenario. Vendors were indexed against Sysomos’ performance to provide a complete, relative view of their product offerings.

    Bar chart of vendors' Value Scores in social listening and analytics. Sysomos has the highest and the Average Score is 66.8.
    For an explanation of how price is determined, see Information Presentation – Price Evaluation in the Appendix.

    For an explanation of how the Info-Tech Value Index is calculated, see Information Presentation – Value Index in the Appendix.

    Vendor title icon.

    USE CASE 2

    Social Publishing and Campaign Management

    Seeking functionality for publishing content to multiple networks or accounts simultaneously, and managing social media campaigns in-depth (e.g. social property management and post scheduling).

    Feature weightings for the social publishing and campaign management use-case scenario

    Vendor Profiles icon

    Core Features

    Campaign Execution The ability to manage multiple social media services simultaneously is integral for carrying out social media campaigns.
    Social Response Management Creating response workflows is equally important to publishing capability for managing social campaigns.

    Additional Features

    Social Media Channel Integration – Outbound

    Social Moderation and Workflow Management

    Social Post Archival

    Social Asset Management

    Post Time Optimization

    Social Media Channel Integration – Inbound

    Trend Analysis

    Sentiment Analysis

    Dashboards and Visualization

    Feature Weightings

    Pie chart of feature weightings.

    Vendor considerations for the social publishing and campaign management use-case scenario

    Vendor Profiles icon

    Product Evaluation Features

    Usability A clean and intuitive user interface is important for users to fully leverage the benefits of an SMMP.
    Affordability Affordability is an important consideration as the price of SMMPs can vary significantly depending on the breadth and depth of capability offered.
    Architecture SMMP is more valuable to organizations when it can integrate well with their applications, such as CRM and marketing automation software.

    Vendor Evaluation Features

    Viability Vendor viability is critical for long-term stability of an application portfolio.
    Focus The vendor is committed to the space and has a future product and portfolio roadmap.
    Reach Companies with processes that cross organizational and geographic boundaries require effective and available support.
    Sales Vendors need to demonstrate flexibility in terms of industry and technology partnerships to meet evolving customer needs.

    Pie chart of Product and Vendor Evaluation Features.

    Vendor performance for the social publishing and campaign management use-case scenario

    Vendor Profiles icon

    Champion badge.

    Champions for this use case:

    Adobe: Adobe has the best social campaign execution capability in the market, enabling marketers to manage and auto-track multiple campaigns. It also offers a strong asset management feature that allows users to leverage Marketing Cloud content.
    Leader badge.

    Leaders for this use case:

    Salesforce: SFDC has built a social marketing juggernaut, offering top-notch response workflows and campaign execution capability.

    Hootsuite: Hootsuite has good response capabilities backed up by a strong team collaboration feature set. It offers simplified cross-platform posting and post-time optimization capabilities.

    Best Overall Value badge.

    Best Overall Value Award

    Sendible: Sendible offers the best value for your money in this use case with good response workflows and publishing capability.

    Players in the social publishing and campaign management scenario

    • Sprout Social
    • Sprinklr
    • Sendible

    Vendor performance for the social publishing and campaign management use-case scenario

    Vendor Profiles icon

    Stacked bar chart comparing vendors' use-case performance in multiple areas of 'Social publishing and campaign management'.

    Value Index for the social publishing and campaign management scenario

    Vendor Profiles icon

    What is a Value Score?

    The Value Score indexes each vendor’s product offering and business strength relative to its price point. It does not indicate vendor ranking.

    Vendors that score high offer more bang-for-the-buck (e.g. features, usability, stability) than the average vendor, while the inverse is true for those that score lower.

    Price-conscious enterprises may wish to give the Value Score more consideration than those who are more focused on specific vendor/product attributes.

    		On a relative basis, Sendible maintained the highest Info-Tech Value ScoreTM of the vendor group for this use-case scenario. Vendors were indexed against Sendible’s performance to provide a complete, relative view of their product offerings.

    Bar chart of vendors' Value Scores in social publishing and campaign management. Sendible has the highest and the Average Score is 72.9.

    For an explanation of how Price is determined, see Information Presentation – Price Evaluation in the Appendix.

    For an explanation of how the Info-Tech Value Index is calculated, see Information Presentation – Value Index in the Appendix.

    Vendor title icon.

    USE CASE 3

    Social Customer Care

    Seeking functionality for management of the social customer service queue as well as tools for expedient resolution of customer issues.

    Feature weightings for the social customer care use-case scenario

    Vendor Profiles icon

    Core Features

    Social Moderation and Workflow Management Creating escalation workflows is important for triaging customer service, managing the social customer service queue and offering expedient resolution to customer complaints.

    Additional Features

    Social Media Channel Integration – Outbound

    Social Moderation and Workflow Management

    Social Response Management

    Social Post Archival

    Sentiment Analysis

    Dashboards and Visualization

    Campaign Execution

    Trend Analysis

    Post Time Optimization

    Feature Weightings

    Pie chart with Feature Weightings.

    Vendor considerations for the social customer case use-case scenario

    Vendor Profiles icon

    Product Evaluation Features

    Usability A clean and intuitive user interface is important for users to fully leverage the benefits of an SMMP.
    Affordability Affordability is an important consideration as the price of SMMPs can vary significantly depending on the breadth and depth of capability offered.
    Architecture SMMP is more valuable to organizations when it can integrate well with their applications, such as CRM and marketing automation software.

    Vendor Evaluation Features

    Viability Vendor viability is critical for long-term stability of an application portfolio.
    Focus The vendor is committed to the space and has a future product and portfolio roadmap.
    Reach Companies with processes that cross organizational and geographic boundaries require effective and available support.
    Sales Vendors need to demonstrate flexibility in terms of industry and technology partnerships to meet evolving customer needs.

    Pie chart with Product and Vendor Evaluation Features.

    Vendor performance for the social customer care use-case scenario

    Vendor Profiles icon

    Champion badge.

    Champions for this use case:

    Salesforce: Salesforce offers exceptional end-to-end social customer care capability with strong response escalation workflows.
    Leader badge.

    Leaders for this use case:

    Sprinklr: Sprinklr’s offering gives users high flexibility to configure escalation workflows and role-based permissions for managing the social customer service queue.

    Hootsuite: Hootsuite’s strength lies in the breadth of social networks that the platform supports in offering expedient resolution to customer complaints.

    Best Overall Value badge.

    Best Overall Value Award

    Sysomos: Sysomos is the best bang for your buck in this use case, offering essential response and workflow capabilities.

    Players in the social listening and analytics scenario

    • Sendible
    • Sysomos
    • Viralheat (Cision)

    Vendor performance for the social customer care use-case scenario

    Vendor Profiles icon

    Stacked bar chart comparing vendors' use-case performance in multiple areas of 'Social customer care'.

    Value Index for the social customer care scenario

    Vendor Profiles icon

    What is a Value Score?

    The Value Score indexes each vendor’s product offering and business strength relative to its price point. It does not indicate vendor ranking.

    Vendors that score high offer more bang-for-the-buck (e.g. features, usability, stability) than the average vendor, while the inverse is true for those that score lower.

    Price-conscious enterprises may wish to give the Value Score more consideration than those who are more focused on specific vendor/product attributes.

    		On a relative basis, Sendible maintained the highest Info-Tech Value ScoreTM of the vendor group for this use-case scenario. Vendors were indexed against Sendible’s performance to provide a complete, relative view of their product offerings.

    Bar chart of vendors' Value Scores in social customer care. Sysomos has the highest and the Average Score is 79.6.

    For an explanation of how Price is determined, see Information Presentation – Price Evaluation in the Appendix.

    For an explanation of how the Info-Tech Value Index is calculated, see Information Presentation – Value Index in the Appendix.

    VENDOR LANDSCAPE

    Vendor Profiles and Scoring

    		Vendor title icon.

    Use the information in the SMMP Vendor Landscape analysis to streamline your own vendor analysis process

    Vendor Profiles icon

    This section of the Vendor Landscape includes the profiles and scoring for each vendor against the evaluation framework previously outlined.

    Sample of the SMMP Vendor Landscape analysis. Vendor Profiles
    • Include an overview for each company.
    • Identify the strengths and weaknesses of the product and vendor.
    • Identify the three-year TCO of the vendor’s solution (based on a ten-tiered model).
    		Sample of the Vendor Landscape profiles slide.
    Vendor Scoring

    Use the Harvey Ball scoring of vendor and product considerations to assess alignment with your own requirements.

    Review the use-case scenarios relevant to your organization’s Use-Case Fit Assessment results to identify a vendor’s fit to your organization's SMMP needs. (See the following slide for further clarification on the use-case assessment scoring process.)

    Review the stoplight scoring of advanced features to identify the functional capabilities of vendors.

    		 Sample of the Vendor Scoring slide.

    Adobe Social is a powerhouse for digital marketers, with extremely well-developed analytics capabilities

    Vendor Profiles icon
    Product Adobe Social
    Employees 15,000+
    Headquarters San Jose, CA
    Website Adobe.com
    Founded 1982
    Presence NASDAQ: ADBE

    Logo for Adobe.

    3 year TCO for this solution falls into pricing tier 8 between $500,000 and $1,000,000.

    Pricing tier for Adobe, tier 8.
    Pricing provided by vendor

    		 OVERVIEW
    • Adobe Social is a strong offering included within the broader Adobe Marketing Cloud. The product is tightly focused on social analytics and social campaign execution. It’s particularly well-suited to dedicated digital marketers or social specialists.
    STRENGTHS
    • Adobe Social provides broad capabilities across social analytics and social campaign management; its integration with Adobe Analytics is a strong selling point for organizations that need a complete, end-to-end solution.
    • It boasts great archiving capabilities (up to 7 years for outbound posts), meeting the needs of compliance-centric organizations and providing for strong longitudinal analysis capabilities.
    CHALLENGES
    • The product plays well with the rest of the Adobe Marketing Cloud, but the list of third-party CRM and CSM integrations is shorter than some other players in the market.
    • While the product is unsurprisingly geared towards marketers, organizations that want a scalable platform for customer service use cases will need to augment the product due to its focus on campaigns and analytics – service-related workflow and automation capabilities are not a core focus for the company.

    Adobe Social

    Vendor Profiles icon
    'Product' and 'Vendor' scores for Adobe. Overall product is 3/4; overall vendor is 4/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Adobe earned 'Leader' in Social Listening & Analytics and 'Champion' in Social Publishing & Campaign Management.    		 Info-Tech Recommends

    Adobe Social provides impressive features, especially for companies that position social media within a larger digital marketing strategy. Organizations that need powerful social analytics or social campaign execution capability should have Adobe on their shortlist, though the product may be an overbuy for social customer care use cases.
    Scores for Adobe's individual features, color-coded as they were previously.

    Hootsuite is a capable vendor that offers a flexible solution for monitoring many different social media services

    Vendor Profiles icon
    Product Hootsuite
    Employees 800
    Headquarters Vancouver, BC
    Website Hootsuite.com
    Founded 2007
    Presence Privately held

    Logo for Hootsuite.

    3 year TCO for this solution falls into pricing tier 6, between $100,000 and $250,000.

    Pricing tier for Hootsuite, tier 6.
    Pricing derived from public information

    		 OVERVIEW
    • In the past, Hootsuite worked on the freemium model by providing basic social account management features. The company has since expanded its offering and put a strong focus on enterprise feature sets, such as collaboration and workflow management.
    STRENGTHS
    • Hootsuite is extremely easy to use, having one of the most straightforward interfaces of vendors evaluated.
    • It has extensive monitoring capabilities for a wide variety of social networks as well as related services, which are supported through an app store built into the Hootsuite platform.
    • The product provides a comprehensive model for team-based collaboration and workflow management, demonstrated through nice cross-posting and post-time optimization capabilities.
    CHALLENGES
    • Hootsuite’s reporting and analytics capabilities are relatively basic, particularly when contrasted with more analytics-focused vendors in the market.
    • Running cross-channel campaigns is challenging without integration with third-party applications.

    Hootsuite

    Vendor Profiles icon
    'Product' and 'Vendor' scores for Hootsuite. Overall product is 3/4; overall vendor is 4/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Hootsuite earned 5th out of 6 in Social Listening & Analytics, 'Leader' in Social Publishing & Campaign Management, and 'Leader' in Social Customer Care.    		 Info-Tech Recommends

    The free version of Hootsuite is useful for getting your feet wet with social management. The paid version is a great SMMP for monitoring and engaging your own social properties with good account and team management at an affordable price. This makes it ideal for SMBs. However, organizations that need deep social analytics may want to look elsewhere.
    Scores for Hootsuite's individual features, color-coded as they were previously.

    Salesforce Marketing Cloud continues to be a Cadillac solution; it’s a robust platform with a host of features

    Vendor Profiles icon
    Product Salesforce Social Studio
    Employees 24,000+
    Headquarters San Francisco, CA
    Website Salesforce.com
    Founded 1999
    Presence NASDAQ: CRM

    Logo for Salesforce.

    3 year TCO for this solution falls into pricing tier 7, between $250,000 and $500,000

    Pricing tier for Salesforce, tier 7.
    Pricing provided by vendor

    		 OVERVIEW
    • Social Studio is a powerful solution fueled by Salesforce’s savvy acquisitions in the marketing automation and social media management marketspace. The product has rapidly matured and is adept at both marketing and customer service use cases.
    STRENGTHS
    • Salesforce continues to excel as one of the best SMMP vendors in terms of balancing inbound analytics and outbound engagement. The recent addition of Salesforce Einstein to the platform bolsters deep learning capabilities and enhances the product’s value proposition to those that want a tool for robust customer intelligence.
    • Salesforce’s integration of Marketing Cloud, with its Sales and Service Clouds, also creates a good 360-degree customer view.
    CHALLENGES
    • Salesforce’s broad and deep feature set comes at a premium: the solution is priced materially higher than many other vendors. Before you consider Marketing Cloud, it’s important to evaluate which social media capabilities you want to develop: if you only need basic response workflows or dashboard-level analytics, purchasing Marketing Cloud runs the risk of overbuying.
    • In part due to its price point and market focus, Marketing Cloud is more suited to enterprise use cases than SMB use cases.

    Salesforce

    Vendor Profiles icon
    'Product' and 'Vendor' scores for . Overall product is 3/4; overall vendor is 4/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Salesforce earned 'Champion' in Social Listening & Analytics, 'Leader' in Social Publishing & Campaign Management, and 'Champion' in Social Customer Care.    		 Info-Tech Recommends

    Social Studio in Salesforce Marketing Cloud remains a leading solution. Organizations that need to blend processes across the enterprise that rely on social listening, deep analytics, and customer engagement should have the product on their shortlist. However, companies with more basic needs may be off-put by the solution’s price point.
    Scores for 's individual features, color-coded as they were previously.

    Sendible offers multiple social media management capabilities for SMBs and agencies

    Vendor Profiles icon
    Product Sendible
    Employees 27
    Headquarters London, UK
    Website Sendible.com
    Founded 2009
    Presence Privately held

    Logo for Sendible.

    3 year TCO for this solution falls into pricing tier 4, between $25,000 and $50,000

    Pricing tier for Sendible, tier 4.
    Pricing derived from public information

    		 OVERVIEW
    • Founded in 2009, Sendible is a rising player in the SMMP market. Sendible is primarily focused on the SMB space. A growing segment of its client base is digital marketing agencies and franchise companies.
    STRENGTHS
    • Sendible’s user interface is very intuitive and user friendly.
    • The product offers the ability to manage multiple social accounts simultaneously as well as schedule posts to multiple groups on different social networks, making Sendible a strong choice for social engagement and customer care.
    • Its affordability is strong given its feature set, making it an attractive option for organizations that are budget conscious.
    CHALLENGES
    • Sendible remains a smaller vendor in the market – its list of channel partners lags behind larger incumbents.
    • Sendible’s contextual and visual content analytics are lacking vis-à-vis more analytics-centric vendors.

    Sendible

    Vendor Profiles icon
    'Product' and 'Vendor' scores for Sendible. Overall product is 3/4; overall vendor is 4/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Sendible earned 6th out of 6 and 'Best Overall Value' in Social Publishing & Campaign Management and 4th out of 6 in Social Customer Care.    		 Info-Tech Recommends

    Sendible offers a viable solution for small and mid-market companies, as well as social agencies with a focus on customer engagement for marketing and customer service use cases. However, organizations that need deep social analytics may want to look elsewhere.
    Scores for Sendible's individual features, color-coded as they were previously.

    Sprinklr

    Vendor Profiles icon
    Product Sprinklr
    Employees 1,100
    Headquarters New York, NY
    Website Sprinklr.com
    Founded 2009
    Presence Privately held

    Logo for Sprinklr.

    Pricing tier for Sprinklr, tier 6.
    Pricing derived from public information

    		 OVERVIEW
    • Sprinklr has risen rapidly as a best-of-breed player in the social media management market. It markets a solution geared towards multiple use cases, from customer intelligence and analytics to service-centric response management.
    STRENGTHS
    • Sprinklr’s breadth of capabilities are impressive: the vendor has maintained a strong focus on social-specific functionality. As a result of this market focus, they have invested prudently in advanced social analytics and moderation workflow capabilities.
    • Sprinklr’s user experience design and data visualization capabilities are top-notch, making it a solution that’s easy for end users and decision makers to get up and running with quickly.
    CHALLENGES
    • Relative to other players in the market, the breadth and scope of Sprinklr’s integrations with other customer experience management solutions is limited.
    • Based on its feature set and price point, Sprinklr is best suited for mid-to-large organizations. SMBs run the risk of an overbuy situation.

    Sprinklr

    Vendor Profiles icon

    'Product' and 'Vendor' scores for Sprinklr. Overall product is 3/4; overall vendor is 3/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Sprinklr earned 4th out of 6 in Social Listening & Analytics, 5th out of 6 in Social Publishing & Campaign Management, and 'Leader' in Social Customer Care.    		 Info-Tech Recommends

    Sprinklr is a strong choice for small and mid-market organizations offering breadth of social media management capabilities that covers social analytics, engagement, and customer service.
    Scores for Sprinklr's individual features, color-coded as they were previously.

    Sprout Social provides small-to-medium enterprises with robust social response capabilities at a reasonable price

    Vendor Profiles icon
    Product Sprout Social
    Employees 200+
    Headquarters Chicago, IL
    Website Sproutsocial.com
    Founded 2010
    Presence Privately held

    Logo for Sprout Social.

    3 year TCO for this solution falls into pricing tier 6, between $100,000 and $250,000

    Pricing tier for Sprout Social, tier 6.
    Pricing derived from public information

    		 OVERVIEW
    • Sprout Social has built out its enterprise capabilities over the last several years. It offers strong feature sets for account management, social monitoring and analytics, and customer care – it particularly excels at the latter.
    STRENGTHS
    • Sprout’s unified inbox and response management features are some of the most intuitive we’ve seen. This makes it a natural option for providing customer service via social channels.
    • Sprout Social is priced competitively in relation to other vendors.
    • The product provides strong social asset management capabilities where users can set content permissions and expiration dates, and limit access.
    CHALLENGES
    • Deep contextual analysis is lacking: the solution clearly falls more to the engagement side of the spectrum, and is particularly suited for social customer service.
    • Sprout Social has a limited number of technology partners for integrations with applications such as CRM and marketing automation software.
    • It still has a predominantly North American market focus.

    Sprout Social

    Vendor Profiles icon
    'Product' and 'Vendor' scores for Sprout Social. Overall product is 3/4; overall vendor is 3/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Sprout Social earned 6th out of 6 in Social Listening & Analytics and 4th out of 6 in Social Publishing & Campaign Management.    		 Info-Tech Recommends

    Sprout Social’s easy-to-understand benchmarking and dashboards, paired with strong response management, make it a great choice for mid-sized enterprises concerned with social engagement. However, organizations that want to do deep social analytics will need to augment the solution.
    Scores for Sprout Social's individual features, color-coded as they were previously.

    Sysomos’ prime feature is its hardy analytics built atop a plethora of inbound social channels

    Vendor Profiles icon

    Product Sysomos MAP and Heartbeat
    Employees 200+
    Headquarters Toronto, ON
    Website Sysomos.com
    Founded 2007
    Presence Privately held

    Logo for Sysomos.

    3 year TCO for this solution falls into pricing tier 4, between $25,000 and $50,000

    Pricing tier for Sysomos, tier 4.
    Pricing derived from public information

    		OVERVIEW
    • Sysomos began life as a project at the University of Toronto prior to its acquisition by Marketwire in 2010.
    • It split from Marketwire in 2015 and redesigned its product to focus on social monitoring, analysis, and engagement.

    STRENGTHS

    • MAP and Heartbeat offer extensive contextual and sentiment analytics, consolidating findings through a spam-filtering process that parses out a lot of the “noise” inherent in social media data.
    • The solution provides an unlimited number of profiles, enabling more opportunities for collaboration.
    • It provides workflow summaries, documenting the actions of staff and providing an audit trail through the entire process.

    CHALLENGES

    • Sysomos has introduced a publishing tool for social campaigns. However, its outbound capabilities continue to lag, and there are currently no tools for asset management.
    • Sysomos’ application integration stack is limited relative to other vendors.

    Sysomos

    Vendor Profiles icon
    'Product' and 'Vendor' scores for Sysomos. Overall product is 3/4; overall vendor is 3/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Sysomos earned 'Leader' and 'Best Overall Value' in Social Listening & Analytics and 5th out of 6 as well as 'Best Overall Value' in Social Customer Care.    		 Info-Tech Recommends

    Sysomos’ broad array of good features has made it a frequent challenger to Marketing Cloud on analytics-centric SMMP evaluation shortlists. Enterprise-scale customers specifically interested in social listening and analytics, rather than customer engagement and campaign execution, will definitely want to take a look.
    Scores for Sysomos's individual features, color-coded as they were previously.

    Viralheat offers a clean analysis of an organization’s social media activity and has beefed up response workflows

    Vendor Profiles icon

    Product Viralheat
    Employees 1,200
    Headquarters Chicago, IL
    Website Cision.com
    Founded 2015
    Presence Privately held

    Logo for Cision (Viralheat).

    3 year TCO for this solution falls into pricing tier 6, between $100,000 and $250,000

    Pricing tier for Cision (Viralheat), tier 6.
    Pricing derived from public information

    		OVERVIEW
    • Viralheat has been in the social media market since 2009. It provides tools for analytics and in-band social engagement.
    • The company was acquired by Cision in 2015, a Chicago-based public relations technology company.

    STRENGTHS

    • Viralheat offers robust workflow management capabilities for social response and is particularly useful for customer service.
    • The product has strong post time optimization capability through its ViralPost scheduling feature.
    • Cision’s acquisition of Viralheat makes the product a great choice for third-party social media management, namely public relations and digital marketing agencies.

    CHALLENGES

    • Viralheat remains a smaller vendor in the market – its list of channel partners lags behind larger incumbents.
    • Contextual and sentiment analysis are lacking relative to other vendors.

    Cision (Viralheat)

    Vendor Profiles icon
    'Product' and 'Vendor' scores for Cision (Viralheat). Overall product is 3/4; overall vendor is 2/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Cision (Viralheat) earned in Social Listening & Analytics, in Social Publishing & Campaign Management, and in Social Customer Care.    		 Info-Tech Recommends

    Cision has upped its game in terms of social workflow and response management and it monitors an above-average number of services. It is a steadfast tool for brands that are primarily interested in outbound customer engagement for marketing and customer service use cases.
    Scores for Cision (Viralheat)'s individual features, color-coded as they were previously.

    Use the SMMP Vendor Shortlist Tool to customize the vendor analysis for your organization

    Vendor Profiles icon SMMP Vendor Shortlist & Detailed Feature Analysis Tool

    Instructions

    1. Eliminate misaligned vendors with knock-out criteria
      Use the SMMP Vendor Shortlist &am; Detailed Feature Analysis Tool to eliminate vendors based on specific knock-out criteria on tab 2, Knock-Out Criteria.
    2. Create your own evaluation framework
      Tailor the vendor evaluation to include your own product and vendor considerations on tab 3, Weightings. Identify the significance of advanced features for your own procurement on a scale of Mandatory, Optional, and Not Required on tab 4, Detailed Feature Analysis.
    3. Review the results of your customized evaluation
      Review your custom vendor shortlist on tab 5, Results.
    		 This evaluation uses both functional and architectural considerations to eliminate vendors.

    Knock-Out Criteria

    COTS vs. Open Source
    Deployment Models

    Sample of the SMMP Vender Shortlist & Detailed Feature Analysis Tool tab 5, Results.
    Sample Vendor Shortlist from tab 5, Results

    Interpreting the Results
    Your custom shortlist will rank vendors that passed the initial knock-out criteria based on their overall score.
    The shortlist will provide broken-down scoring, as well as a custom value index based on the framework set in the tool.

    Phase 2, Step 2: Select your SMMP solution

    2.1

    2.2
    Analyze and shortlist vendors in the space Select your SMMP solution

    This step will walk you through the following activities:

    • Prioritize your solution requirements.
    • Create an RFP to submit to vendors.
    • Solicit and review vendor proposals.
    • Conduct onsite vendor demonstrations.
    • Select the right solution.

    This step involves the following participants:

    • Core Project Team
    • Procurement Manager
    • Representative Stakeholders from Digital Marketing, Sales, and IT

    Outcomes of this step:

    • SMMP Selection Strategy

    Determine your SMMP procurement strategy

    Critical Points and Checks in Your Procurement
    • Follow your own organization’s procurement procedures to ensure that you adhere to your organization’s policies.
    • Based on your organization’s policies, identify if you are going to conduct a private or public RFP process.
      • If your RFP will contain sensitive information, use a private RFP process that is directed to specific vendors in order to protect the proprietary practices of your business.

    Info-Tech Insight

    If you are still not sure of a vendor’s capabilities, we recommend sending an RFI before proceeding with an RFP.

    INFO-TECH OPPORTUNITY

    If your organization lacks a clear procurement process, refer to Info-Tech's Optimize IT Procurement research to help construct a formal process for selecting application technology.

    Info-Tech’s 15-Step Procurement Process

    Use Info-Tech's procurement process to ensure that your SMMP selection is properly planned and executed.

    1. Initiate procurement.
    2. Select procurement manager.
    3. Prepare for procurement; check that prerequisites are met.
    4. Select appropriate procurement vehicle.
    5. Assemble procurement teams.
    6. Create procurement project plan.
    7. Identify and notify vendors about procurement.
    8. Configure procurement process.
    9. Gather requirements.
    10. Prioritize requirements.
    11. Build the procurement documentation package.
    12. Issue the procurement.
    13. Evaluate proposals.
    14. Recommend a vendor.
    15. Present to management.
      16.

    Much of your procurement process should already be outlined from your charter and initial project structuring.
    In this stage of the process, focus on the successful completion of steps 7-15.

    Prioritize your solution requirements based on your business, architecture, and performance needs

    Associated Activity icon

    INPUT: Requirements Workbook and requirements gathering findings

    OUTPUT: Full documentation of requirements for the RFP and solution evaluation process

    Completed in Section 3

    1. Identify Your Requirements
      Use the findings being collected in the Requirements Workbook and related materials to define clear requirements around your organization’s desired SMMP.
    2. Prioritize Your Requirements
      • Identify the significance of each requirement for your solution evaluation.
      • Identify features and requirements as mandatory, important, or optional.
      • Control the number of mandatory requirements you document. Too many mandatory requirements could create an unrealistic framework for evaluating solutions.
    3. Create a Requirements Package
      • Consolidate your identified requirements into one list, removing redundancies and conflicts.
      • Categorize the requirements based on their priority and nature.
        • Use this requirements package as you evaluate vendors and create your RFP for shortlisted vendors.

    Info-Tech Insight

    No solution will meet 100% of your requirements. Control the number of mandatory requirements you place in your procurement process to ensure that vendors that are the best fit for your organization are not eliminated unnecessarily.

    Create an RFP to submit to vendors

    Supporting Tool icon Request for Proposal Template
    Associated Activity icon Activity: Interpreting the Results

    INPUT: Requirements package, Organization’s procurement procedures

    OUTPUT: RFP

    MATERIALS: Whiteboard and markers

    PARTICIPANTS: Project manager, Core project team

    Leverage Info-Tech’s SMMP RFP Template to convey your desired suite requirements to vendors and outline the proposal and procurement steps set by your organization.

    Build Your RFP
    1. Outline the organization's procurement instructions for vendors (Sections 1, 3, and 5).
    2. Input the requirements package created in Activity 5.2 into your RFP (Section 4).
    3. Create a scenario overview to provide vendors an opportunity to give an estimated price.

    Approval Process

    Each organization has a unique procurement process; follow your own organization’s process as you submit your RFPs to vendors.

    1. Ensure compliance with your organization's standards and gain approval for submitting your RFP.

    Info-Tech RFP
    Table of Contents

    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Standardize the potential responses from vendors and streamline your evaluation with a response template

    Supporting Tool icon Vendor Response Template
    Sample of the Vendor Response Template. Adjust the scope and content of the Vendor Response Template to fit your SMMP procurement process and vendor requirements.

    Section

    Why is this section important?
    About the Vendor This is where the vendor will describe itself and prove its organizational viability.
    Understanding of the Challenge Demonstrates that understanding of the problem is the first step in being able to provide a solution.
    Methodology Shows that there is a proven methodology to approach and solve the challenge.
    Proposed Solution Describes how the vendor will address the challenge. This is a very important section as it articulates what you will receive from the vendor as a solution.
    Project Management, Plan, and Timeline Provides an overview of the project management methodology, phases of the project, what will be delivered, and when.
    Vendor Qualifications Provides evidence of prior experience with delivering similar projects for similar clients.
    References Provides contact information for individuals/organizations for which the vendor has worked and who can vouch for the experience and success of working with this vendor.
    Value Added Services Remember, this could lead to a long-term relationship. It’s not only about what you need now, but also what you may need in the future.
    Requirements Confirmation from the vendor as to which requirements it can meet and how it will meet them.

    Evaluate the RFPs you receive within a clear scoring process

    Supporting Tool icon SMMP RFP Evaluation and Scoring Tool
    Steps to follow: 'Review, Evaluate, Shortlist, Brief, Select' with the first 3 highlighted.

    Associated Activity icon Activity

    Build a fair evaluation framework that evaluates vendor solutions against a set criteria rather than relative comparisons.

    INSTRUCTIONS

    1. Have members of the SMMP evaluation team review the RFP responses given by vendors.
    2. Input vendor solution information into the SMMP RFP Evaluation and Scoring Tool.
    3. Analyze the vendors against your identified evaluation framework.
    4. Identify vendors with whom you wish to arrange vendor briefings.
    5. Contact vendors and arranging briefings.
    		 How to use this tool
    • Review the feature list and select where each feature is mandatory, desirable, or not applicable.
    • Select if each feature has been met by the vendor RFP response.
    • Enter the costing information provided by each vendor.
    • Determine the relative importance of the features, architecture, and support.
    Tool Output
    • Costing
    • Overall score
    • Evaluation notes and comments

    Vendor product demonstration

    Vendor Profiles icon Demo Script Template

    Demo

    		 Invite vendors to come onsite to demonstrate the product and to answer questions. Use a demo script to help identify how a vendor’s solution will fit your organization’s particular business capability needs.
    Make sure the solution will work for your business

    Provide the vendor with some usage patterns for the SMMP tool in preparation for the vendor demo.

    Provide the following information to vendors in your script:

    • Usage for different groups.
    • SMMP usage and [business analytics] usage.
    • The requirements for administration.
    		 How to challenge the vendors in the demo
    • Change visualization/presentation.
    • Change the underlying data.
    • Add additional datasets to the artifacts.
    • Collaboration capabilities.
    • Perform an investigation in terms of finding BI objects and identifying previous changes, and examine the audit trail.
    		 Sample of the SMMP Demo Script Template
    SMMP Demo Script Template

    INFO-TECH ACTIVITY

    INPUT: Requirements package, Use-case results

    OUTPUT: Onsite demo

    1. Create a demo script that will be sent to vendors that outlines SMMP usage patterns from your organization.
    2. Construct the demo script with your SMMP evaluation team, providing both prompts for the vendor to display the capabilities and some sample data for the vendor to model.

    Use vendor RFPs and demos to select the SMMP that best fits your organization’s needs

    Supporting Tool icon Suite Evaluation and Scoring Tool: Tab 5, Overall Score

    Don’t just choose the vendor who gave the best presentation. Instead, select the vendor who meets your functional requirements and organizational needs.

    Category Weight Vendor 1 Vendor 2 Vendor 3 Vendor 4
    SMMP Features 60% 75% 80% 80% 90%
    Architecture 25% 55% 60% 90% 90%
    Support 15% 10% 70% 60% 95%
    Total Score 100% 60% 74% 80% 91%
    Use your objective evaluation to select a vendor to recommend to management for procurement. Arrow from 'Vendor 4' to post script.

    Don’t automatically decide to go with the highest score; validate that the vendor is someone you can envision working with for the long term.

    • Select a vendor based not only on their evaluation performance, but also on your belief that you could form a lasting and supportive relationship with them.
    • Integration needs are dynamic, not static. Find an SMMP tool and vendor that have strong capabilities and will fit with the application and integration plans of the business.
    • In many cases, you will require professional services together with your SMMP purchase to make sure you have some guidance in the initial development and your own staff are trained properly.

    Following the identification of your selected suite, submit your recommendation to the organization’s management or evaluation team for final approval.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of 'Create an RFP to submit to vendors' slide with 'Request for Proposal Template'. Create an RFP for SMMP procurement

    Our Info-Tech analyst will walk you through the RFP preparation to ensure the SMMP requirements are articulated clearly to vendors in this space.
    Sample of 'Vendor product demonstration' slide with 'Demo Script Template'. Create SMMP demo scripts

    An analyst will walk you through the demo script preparation to guide the SMMP product demonstrations and briefings offered by vendors. The analyst will ensure the demo script addresses key requirements documented earlier in the process.

    Select and Implement a Social Media Management Platform

    PHASE 3

    Review Implementation Considerations

    Phase 3: Review implementation considerations

    Steps of this blueprint represented by circles of varying colors and sizes, labelled by text of different sizes. Only Phase 3 is highlighted.
    Estimated Timeline:

    Info-Tech Insight

    Even a solution that is a perfect fit for an organization will fail to generate value if it is not properly implemented or measured. Conduct the necessary planning before implementing your SMMP.

    		Major Milestones Reached
    • Plan for implementation and expected go-live date

    Key Activities Completed

    • SMMP Implementation Plan
    • Governance Plan
    • Change Control Methods

    Outcomes from This Phase

    Plans for implementing the selected SMMP tool.

    Phase 3 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Review Implementation Considerations

    Proposed Time to Completion: 2 weeks
    Step 3.1: Establish best practices for SMMP implementation Step 3.2: Assess the measured value from the project
    Start with an analyst kick-off call:
    • Determine the right governance structure to overlook the SMMP implementation.
    • Identify integrations with other applications.
    • Establish an ongoing maintenance plan.
    • Assess the different deployment models.
    		 Review findings with analyst:
    • Determine the key performance indicators for each department using the SMMP
    • Identify key performance indicators for business units using an SMMP
    Then complete these activities…
    • Establish a governance structure for social media.
    • Specify data linkages with CRM.
    • Identify risks and mitigation strategies
    • Determine the right deployment model for your organization.
    		 Then complete these activities…
    • Identify key performance indicators for business units using an SMMP
    With these tools & templates:
    • Social Media Steering Committee
    Phase 3 Results & Insights:
    • Implementation Plan
    • SMMP KPIs

    Phase 3, Step 1: Establish best practices for SMMP implementation

    3.1

    3.2
    Establish best practices for SMMP implementation Assess the measured value from the project

    This step will walk you through the following activities:

    • Establish a governance structure for social media management.
    • Specify the data linkages you will need between your CRM platform and SMMP.

    This step involves the following participants:

    • Core Project Team

    Outcomes of this step

    • Social Media Steering Committee Charter
    • SMMP data migration Inventory
    • Determination of the deployment model that works best for your organization
    • Deployment Model

    Follow these steps for effective SMMP implementation

    What to Consider

    • Creating an overall social media strategy is the critical first step in implementing an SMMP.
    • Selecting an SMMP involves gathering business requirements, then translating those requirements into specific selection criteria. Know exactly what your business needs are to ensure the right SMMP is selected.
    • Implement the platform with an eye toward creating business value: establish points of integration with the existing CRM solution, establish ongoing maintenance policies, select the right deployment model, and train end users around role-based objectives.
    Arrow pointing down.

    Plan
    • Develop a strategy for customer interaction
    • Develop a formal strategy for social media
    • Determine business requirements
    Arrow pointing down.

    Create RFP
    • Translate into functional requirements
    • Determine evaluation criteria
    Arrow pointing down.

    Evaluate
    • Evaluate vendors against criteria
    • Shortlist vendors
    • Perform in-depth vendor review

    Implement
    • Integrate with existing CRM ecosystem (if applicable)
    • Establish ongoing maintenance policies
    • Map deployment to organizational models
    • Train end-users and establish acceptable use policies
    • Designate an SMMP subject matter expert

    Before deploying the SMMP, ensure the right social media governance structures are in place to oversee implementation

    An SMMP is a tool, not a substitute, for adequate cross-departmental social media oversight. You must coordinate efforts across constituent stakeholders.

    • Successful organizations have permanent governance structures in place for managing social media. For example, mature companies leverage Social Media Steering Committees (SMSCs) to coordinate the social media initiatives of different business units and departments. Large organizations with highly complex needs may even make use of a physical command center.
    • Compared to traditional apps projects (like CRM or ERP), social media programs tend to start as grassroots initiatives. Marketing and Public Relations departments are the most likely to spearhead the initial push, often selecting their own tools without IT involvement or oversight. This causes application fragmentation and a proliferation of shadow IT.
    • This organic adoption contrasts with the top-down approach many IT leaders are accustomed to. Bottom-up growth can ensure rapid response to social media opportunities, but it also leads to insufficient coordination. A conscious effort should be made to mature your social media strategy beyond this disorganized initial state.
    • IT can help be a “cat herder” to shepherd departments into shared initiatives.

    Info-Tech Best Practice

    Before implementing the SMMP, go through the appropriate organizational governance structures to ensure they have input into the deployment. If a social media steering committee is not already in place, rolling out an SMMP is a great opportunity to get one going. See our research on social media program execution for more details.

    Establish a governance structure for social media management

    Associated Activity icon 3.1.1 60 minutes

    INPUT: Project stakeholders, SMMP mandate

    OUTPUT: Social Media Governance Structure

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project Manager, Core project team

    1. Describe the unique role that the governance team will play in social media management.
    2. Describe the overall purpose statement of the governance team.
    3. Define the roles and responsibilities of the governance team.
    4. Document the outcome in the Social Media Steering Committee Charter.

    EXAMPLE

    Executive Sponsorship
    Social Media Steering Committee
    VP Marketing VP Sales VP Customer Service VP Public Relations CIO/ IT Director
    Marketing Dept. Sales Dept. Customer Service Dept. Public Relations Dept. IT Dept.

    Use Info-Tech’s Social Media Steering Committee Charter Template to define roles and ensure value delivery

    Supporting Tool icon 3.1

    Leaders must ensure that the SMSC has a formal mandate with clear objectives, strong executive participation, and a commitment to meeting regularly. Create an SMSC Charter to formalize the committee governance capabilities.

    Developing a Social Media Steering Committee Charter:
    • Outline the committee’s structure, composition, and responsibilities using the Info-Tech Social Media Steering Committee Charter Template.
    • This template also outlines the key tasks and responsibilities for the committee:
      • Providing strategic leadership for social media
      • Leading SMMP procurement efforts
      • Providing process integration
      • Governing social media initiatives
      • Ensuring open communications between departments with ownership of social media processes
    • Keep the completed charter on file and available to all committee members. Remember to periodically update the document as organizational priorities shift to ensure the charter remains relevant.

    INFO-TECH DELIVERABLE

    Sample of the Social Media Steering Committee Charter Template.

    Integrate your social media management platform with CRM to strengthen the realization of social media goals

    • Linking social media to existing customer relationship management solutions can improve information accuracy, reduce manual effort and provide more in-depth customer insights.
      • Organizations Info-Tech surveyed, and who integrated their solutions, achieved more goals as a result.
    • Several major CRM vendors are now offering products that integrate with popular social networking services (either natively or by providing support for third-party add-ons).
      • For example, Salesforce.com now allows for native integration with Twitter, while an add-on available for Oracle gathers real-time information about prospects by pulling their extended information from publicly available LinkedIn profiles.
    • Some CRM vendors are acquiring established SMMPs outright.
      • For example, Salesforce.com acquired Radian6 for their clients that have advanced social media requirements.
    		 Bar chart comparing the social media goal realization of organizations that integrated their SMMP and CRM technology and those that didn't.

    Info-Tech Best Practice

    CRM vendors still lag in out-of-the-box social features, making a separate SMMP purchase a given. For companies that have not formally integrated social media with CRM, IT should develop the business case in conjunction with the applicable business-side partner (e.g. Marketing, Sales, Service, PR, etc.).

    Establish points of integration between SMMPs and CRM suites to gain a 360 degree view of the customer

    • Social media is a valuable tool from a standalone perspective, but its power is considerably magnified when it’s paired with the CRM suite.
    • Many SMMPs offer native integration with CRM platforms. IT should identify and enable these connectors to strengthen the business value of the platform.
      • An illustrated example of how an SMMP linked via CRM can provide proactive service while contributing to sales and marketing.
      An example of how an SMMP linked via CRM can provide proactive service while contributing to sales and marketing.
    • New channels do not mean they stand alone and do not need to be integrated into the rest of the customer interaction architecture.
    • Challenge SMMP vendors to demonstrate integration experience with CRM vendors and multimedia queue vendors.
    • Manual integration – adding resolved social inquiries yourself to a CRM system after closure – cannot scale given the rapid increase in customer inquiries originating in the social cloud. Integration with interaction management workflows is most desirable.

    These tools are enabling sales, and they help us serve our customers better. And anything that does that, is a good investment on our part.” Chip Meyers, (Sales Operation Manager, Insource)

    Info-Tech Best Practice

    SMMPs are a necessary single-channel evolutionary step, just like there used to be email-only and web chat-only customer service options in the late 1990s. But they are temporary. SMMPs will eventually be subsumed into the larger marketing automation ecosystem. Only a few best of breed will survive in 10 years.

    Specify the data linkages you will need between your CRM platform and SMMP

    Associated Activity icon 3.1.2 1 hour

    INPUT: SMMP data sources

    OUTPUT: SMMP data migration inventory

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project Manager, Core project team

    1. Build a list of sources of information that you’ll need to integrate with your CRM tool.
    2. Identify:
      1. Data Source
      2. Integration Direction
      3. Data Type and Use Case
    Data Source Migration/Integration Direction Data Type/Use Case
    Social Platform Bidirectional Recent Social Posts
    Customer Data Warehouse Bidirectional Contact Information, Cases, Tasks, Opportunities

    Establish a plan for ongoing platform maintenance

    • Like other enterprise applications, the SMMP will require periodic upkeep. IT must develop and codify policies around ongoing platform maintenance.
    • Platform maintenance should touch on the following areas:
      • Account access and controls – periodically, access privileges for employees no longer with the organization should be purged.
      • Platform security – cloud-based platforms will be automatically updated by the vendor to plug security holes, but on-premises solutions must be periodically updated to ensure that there are no gaps in security.
      • Pruning of old or outdated material – pages (e.g. Facebook Groups, Events, and Twitter feeds) that are no longer in use should be pruned. For example, a management console for an event that was held two years ago is unnecessary. Remove it from the platform (and the relevant service) to cut down on clutter (and reduce costs for “per-topic” priced platforms.)
    		 SMMP being fixed by a wrench.

    IT: SMMP Maintenance Checklist

    • Account upkeep and pruning
    • Security, privacy, and access
    • Content upkeep and pruning

    Info-Tech Best Practice

    Even cloud-based platforms like SMMPs require a certain degree of maintenance around account controls, security, and content pruning. IT should assist the business units in carrying out periodic maintenance.

    Social media is a powerful medium, but organizations must develop a prudent strategy for minimizing associated risks

    Using an SMMP can help mitigate many of the risks associated with social media. Review the risk categories on the next several slides to determine which ones can be mitigated by effective utilization of a dedicated SMMP.

    Risk Category Likelihood Risk(s) Suggested Mitigation Strategy
    Privacy and Confidentiality High
    • Risk of inappropriate exchange of information between personal and business social networks (e.g. a personal account used for company business).
    • Abuse of privacy and confidentiality laws.
    • Whenever possible, implement separate social network accounts for business, and train your employees to avoid using personal accounts at work.
    • Have a policy in place for how to treat pre-existing accounts versus newly created ones for enterprise use.
    • Use the “unified sign-on” capabilities of an SMMP to prevent employees from directly accessing the underlying social media services.

    Good governance means being proactive in mitigating the legal and compliance risks of your social media program

    Risk Category Likelihood Risk(s) Suggested Mitigation Strategy
    Trademark and Intellectual Property Medium
    • Copyrighted information could inappropriately be used for promotional and other business purposes (e.g. using a private user’s images in collateral).
    • Legal should conduct training to make sure the organization’s social media representatives only use information in the public domain, nothing privileged or confidential. This is particularly sensitive for Marketing and PR.
    Control over Brand Image and Inappropriate Content Medium
    • Employees on social media channels may post something inappropriate to the nature of your business.
    • Employees can post something that compromises industry and/or ethical standards.
    • Use SMMP outbound filtering/post approval workflows to censor certain inappropriate keywords.
    • Select the team carefully and ensure they are fully trained on both official company policy and social media etiquette.
    • Ensure strong enforcement of Social Media AUPs: take a zero tolerance approach to flagrant abuses.

    Security is a top-of-mind risk, though bandwidth is a low priority issue for most organizations

    Risk Category Likelihood Risk(s) Suggested Mitigation Strategy
    IT Security Medium Risk of employees downloading or being sent malware through social media services. Your clients are also exposed to this risk; this may undermine their trust of your brand.
    • Implement policies that outline appropriate precautions by employees, such as using effective passwords and not downloading unauthorized software.
    • Use web-filtering and anti-malware software that incorporates social media as a threat vector.
    Bandwidth Low Increase in bandwidth needs to support social media efforts, particularly when using video social media such as YouTube.
    • Plan for any bandwidth requirements with IT network staff.
    • Most social media strategies shouldn’t have a material impact on bandwidth.

    Poaching of client lists and increased costs are unlikely to occur, but address as a worst case scenario

    Risk Category Likelihood Risk(s) Suggested Mitigation Strategy
    Competitors Poaching Client Lists Low The ability for a competitor to view lists of clients that have joined your organization’s social media groups.
    • In a public social network, you cannot prevent this. Monitor your own brand as well as competitors’. If client secrecy must be maintained, then you should use a private social network (e.g. Jive, Lithium, private SharePoint site), not a public network.
    Increased Cost of Servicing Customers Low Additional resources may be allocated to social media without seeing immediate ROI.
    • Augment existing customer service responsibilities with social media requests.
    • If a dedicated resource is not available, dedicate a specific amount of time per employee to be spent addressing customer concerns via social media.

    Determine your top social media risks and develop an appropriate mitigation strategy that incorporates an SMMP

    Associated Activity icon 3.1.3 20 minutes

    INPUT: Risk assessment inventory

    OUTPUT: Top social media risks and mitigation plan

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project Manager, Core project team

    1. Based on your unique business variables, which social media risk categories are most applicable to your organization? In what order?
    2. Summarize the top risks below and identify mitigation steps (which often involve effective use of a dedicated SMMP).
    Rank Risk Category Mitigation Steps
    High Confidentiality We have strong records retention requirements, so using a rules-based SMMP like SocialVolt is a must.
    Medium Brand Image Ensure that only personnel who have undergone mandatory training can touch our social accounts via an SMMP.
    Low Competitors’ Poaching Lists Migrate our Business Services division contacts onto LinkedIn – maintain no Facebook presence for these clients.

    Determine the workflows that will be supported using your social media management platform

    Determine when, where, and how social media services should be used to augment existing workflows across (and between) the business process domains. Establish escalation rules and decide whether workflows will be reactive or proactively.

    • Fine tune your efforts in each business process domain by matching social technologies to specific business workflows. This will clearly delineate where value is created by leveraging social media.
    • Common business process domains that should be targeted include marketing, sales, and customer service. Public relations, human resources, and analyst relations are other areas to consider for social process support.
    • For each business process domain, IT should assist with technology enablement and execution.
    		 Target domains: 'Marketing', 'Sales', 'Customer Service', 'Public Relations', 'Human Resources'.

    Info-Tech Best Practice

    The social media governance team should have high-level supervision of process workflows. Ask to see reports from line managers on what steps they have taken to put process in place for reactive and proactive customer interactions, as well as escalations and channel switching. IT helps orchestrate these processes through knowledge and expertise with SMMP workflow capability.

    There are three primary models for SMMP deployment: the agency model uses the SMMP as a third-party offering

    There are three models for deploying an SMMP: agency, centralized, and distributed.

    Agency Model
    Visual of the Agency Model with the 'Social Cloud' attached to the 'SMMP' attached to the 'Agency (e.g. marketing or public relations agency)' attached to the 'Client Organization (Marketing, Sales, Service)'
    • In the agency model of SMMP deployment, the platform is managed on behalf of the organization by a third party – typically a marketing or public relations agency.
    • The agency serves as the primary touch point for the client organization: the client requests the types of market research it wants done, or the campaigns it wants managed. The agency uses its own SMMP(s) to execute the requests. Often, the SMMP’s results or dashboards will be rebranded by the agency.
    • Pros: The agency model is useful when large portions of marketing, service, or public relations are already being outsourced to a third-party provider. Going with an agency also splits the cost of more expensive SMMPs over multiple clients, and limits deployment costs.
    • Cons: The client organization has no direct control over the platform; going with an agency is not cost effective for firms with in-house marketing or PR capabilities.
    • Advice: Go with an agency-managed SMMP if you already use an agency for marketing or PR.

    Select the centralized deployment model when SMMP functionality rests in the hands of a single department

    Centralized Model
    Visual of the Centralized Model with the 'Social Cloud' attached to the 'SMMP' attached to 'Marketing' attached to the 'Sales' and 'Service'
    In this example, marketing owns and manages a single SMMP
    • In the centralized model, a single SMMP workspace is owned and operated predominantly by a single business unit or department. Unlike the agency model, the SMMP functionality is utilized in-house.
    • Information from the SMMP may occasionally be shared with other departments, but normally the platform is used almost exclusively by a single group in the company. Marketing or public relations are usually the groups that maintain ownership of the SMMP in the centralized model (with selection and deployment assistance from the IT department).
    • Pros: The centralized model provides small organizations with an in-house, dedicated SMMP without having to go through an agency. Having a single group own and manage the SMMP is considerably more cost effective than having SMMPs licensed to multiple business units in a small company.
    • Cons: If more and more departments start clamoring for control of SMMP resources, the centralized model will fail to meet the overall needs of the organization.
    • Advice: Small-to-medium enterprises with mid-sized topic or brand portfolios should use the centralized model.

    Go with a distributed deployment if multiple business units require advanced SMMP functionality

    Distributed Model
    Visual of the Distributed Model with the 'Social Cloud' attached to two 'SMMPs', one attached to 'Marketing' and 'Sales', the other to 'Customer Service' and 'Public Relations'.
    • In the distributed model, multiple SMMPs (sometimes from different vendors) or multiple SMMP workspaces (from a single vendor) are deployed to several groups (e.g. multiple departments or brand portfolios) in the organization.
    • Pros: The distributed model is highly effective in large organizations with multiple departments or brands that each are interested in SMMP functionality. Having separate workspaces for each business group enables customizing workspaces to satisfy different goals of the different business groups.
    • Cons: The cost of deploying multiple SMMP workspaces can be prohibitive.
    • Advice: Go with the distributed model if your organization is large and has multiple relevant departments or product marketing groups, with differing social media goals.

    Determine which deployment model works best for your organization

    Associated Activity icon 3.1.4 1 Hour

    INPUT: Deployment models

    OUTPUT: Best fit deployment model

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project Manager, Core project team

    1. Assess and understand the three models of SMMP deployments: agency, centralized and distributed. Consider the pros and cons of each model.
    2. Understand how your organization manages enterprise social media. Consider the follow questions:
      • What is the size of your organization?
      • Who owns the management of social media in your organization?
      • Is social media managed in-house or outsourced to an agency?
      • What are the number of departments that use and rely on social media?
    3. Select the best deployment model for your organization.
    Agency Model Centralized Model Distributed Model
    Visual of the Agency Model with the 'Social Cloud' attached to the 'SMMP' attached to the 'Agency (e.g. marketing or public relations agency)' attached to the 'Client Organization (Marketing, Sales, Service)' Visual of the Centralized Model with the 'Social Cloud' attached to the 'SMMP' attached to 'Marketing' attached to the 'Sales' and 'Service' Visual of the Distributed Model with the 'Social Cloud' attached to two 'SMMPs', one attached to 'Marketing' and 'Sales', the other to 'Customer Service' and 'Public Relations'.

    Create an SMMP training matrix based on social media roles

    IT must assist the business by creating and executing a role-based training program. An SMMP expert in IT should lead training sessions for targeted groups of end users, training them only on the functions they require to perform their jobs.

    Use the table below to help identify which roles should be trained on which SMMP features.

    PR Professionals Marketing Brand, Product, and Channel Managers Customer Service Reps and Manager Product Development and Market Research IT Application Support
    Account Management Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field.
    Response and Engagement Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field.
    Social Analytics and Data Mining Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field.
    Marketing Campaign Execution Circle indicating a positive field. Circle indicating a positive field.
    Mobile Access Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field.
    Archiving Circle indicating a positive field.
    CRM Integration Circle indicating a positive field.

    Phase 3, Step 2: Track your metrics

    3.1

    3.2
    Establish best practices for SMMP implementation Assess the measured value from the project

    This step will walk you through the following activities:

    • Identify metrics and KPIs for business units using a dedicated SMMP

    This step involves the following participants:

    • Core Project Team
    • Representative Stakeholders from Digital Marketing, Sales, and IT

    Outcomes of this step

    • Key Performance Indicators

    Know key performance indicators (KPIs) for each department that employs a dedicated social media management platform

    Share of Voice
    How often a brand is mentioned, relative to other brands competing in a defined market.

    User Engagement
    Quantity and quality of customer interactions with a brand or with each other, either on- or offline.

    Campaign Success
    Tracking reception of campaigns and leads brought in as a result.    		 Marketing KPIs Reach
    Measurement of the size of market your brand advertisements and communications reach.

    Impressions
    The number of exposures your content, ad, or social post has to people in your target audience.

    Cost per Point (CPP)
    Cost to reach one percent of your organization’s audience.

    Product Innovation
    The quantity and quality of improvements, updates, and changes to existing products.

    Time-to-Market
    Time that passes between idea generation and the product being available to consumers.

    		 Product Development KPIs

    New Product Launches
    A ratio of completely new product types released to brand extensions and improvements.

    Cancelled Projects
    Measure of quality of ideas generated and quality of idea assessment method.

    Use social media metrics to complement your existing departmental KPIs – not usurp them

    Cost per Lead
    The average amount an organization spends to find leads.

    Conversion Rate
    How many sales are made in relation to the number of leads.

    Quantity of Leads
    How many sales leads are in the funnel at a given time.    		 Sales KPIs Average Cycle Time
    Average length of time it takes leads to progress through the sales cycle.

    Revenue by Lead
    Total revenue divided by total number of leads.

    Avg. Revenue per Rep
    Total revenue divided by number of sales reps.

    Time to Resolution
    Average amount of time it takes for customers to get a response they are satisfied with.

    First Contact Resolution
    How often customer issues are resolved on the first contact.

    		 Customer Service KPIs

    Contact Frequency
    The number of repeated interactions from the same customers.

    Satisfaction Scores
    Determined from customer feedback – either through surveys or gathered sporadically.

    Social analytics don’t operate alone; merge social data with traditional data to gain the deepest insights

    Employee Retention
    The level of effort an organization exerts to maintain its current staff.

    Employee Engagement
    Rating of employee satisfaction overall or with a given aspect of the workplace.

    Preferred Employer
    A company where candidates would rather work over other companies.    		 Marketing KPIs Recruitment Cycle Time
    Average length of time required to recruit a new employee.

    Employee Productivity
    A comparison of employee inputs (time, effort, etc.) and outputs (work).

    Employee Referrals
    The ratio of employee referrals that complete the recruitment process.

    There are conversations going on behind your back, and if you're not participating in them, then you're either not perpetuating the positive conversation or not diffusing the negative. And that's irresponsible in today's business world.” (Lon Safko, Social Media Bible)

    Identify key performance indicators for business units using an SMMP

    Associated Activity icon 3.2.1 30 minutes

    INPUT: Social media goals

    OUTPUT: SMMP KPIs

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Representative stakeholders from different business units

    For each listed department, identify the social media goals and departmental key performance indicators to measure the impact of the SMMP.

    DepartmentSocial Media GoalsKPI
    Marketing
    • E.g. build a positive brand image
    • Net increase in brand recognition
    Product Development
    • Launch a viral video campaign showcasing product attributes to drive increased YT traffic
    • Net increase in unaided customer recall
    Sales
    • Enhance sales lead generation through social channels
    • Net increase in sales lead generation in the social media sales funnel
    Customer Service
    • Produce more timely responses to customer enquiries and complaints
    • Reduced time to resolution
    HR
    • Enhance social media recruitment channels
    • Number of LinkedIn recruitment

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1

    		 Sample of activity 3.1.1 'Establish a governance structure for social media management'. Establish a governance structure for social media management

    Our Info-Tech analyst will walk you through the exercise of developing roles and responsibilities to govern your social media program.

    3.1.2

    		 Sample of activity 3.1.2 'Specify the data linkages you will need between your CRM platform and SMMP'. Specify the data linkages you will need between your CRM and SMMP

    The analyst will help you identify the points of integration between the SMMP and your CRM platform.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    3.1.3

    		 Sample of activity 3.1.3 'Determine your top social media risks and develop an appropriate mitigation strategy that incorporates an SMMP'. Determine your top social media risks

    Our Info-Tech analyst will facilitate the discussion to identify the top risks associated with the SMMP and determine mitigation strategies for each risk.

    3.1.4

    		 Sample of activity 3.1.4 'Determine which deployment model works best for your organization'. Determine the best-fit deployment model

    An analyst will demonstrate the different SMMP deployment models and assist in determining the most suitable model for your organization.

    3.2.1

    		 Sample of activity 3.2.1 'Identify key performance indicators for business units using an SMMP'. Identify departmental KPIs

    An analyst will work with different stakeholders to determine the top social media goals for each department.

    Appendices

    Works Cited

    Ashja, Mojtaba, Akram Hadizadeh, and Hamid Bidram. “Comparative Study of Large Information Systems’ CSFs During Their Life Cycle.” Information Systems Frontiers. September 8, 2013.

    UBM. “The State of Social Media Analytics.” January, 2016.

    Jobvite. “2015 Recruiter Nation Survey.” September, 2015.

    Vendor Landscape Analysis Appendices

    Vendor Landscape Methodology:
    Overview

    Info-Tech’s Vendor Landscapes are research materials that review a particular IT market space, evaluating the strengths and abilities of both the products available in that space, as well as the vendors of those products. These materials are created by a team of dedicated analysts operating under the direction of a senior subject matter expert over a period of several weeks.

    Evaluations weigh selected vendors and their products (collectively “solutions”) on the following eight criteria to determine overall standing:

    • Features: The presence of advanced and market-differentiating capabilities.
    • User Interface: The intuitiveness, power, and integrated nature of administrative consoles and client software components.
    • Affordability: The three-year total cost of ownership of the solution; flexibility of the pricing and discounting structure.
    • Architecture: The degree of integration with the vendor’s other tools, flexibility of deployment, and breadth of platform applicability.
    • Viability: The stability of the company as measured by its history in the market, the size of its client base, and its percentage of growth.
    • Focus: The commitment to both the market space, as well as to the various sized clients (small, mid-sized, and enterprise clients).
    • Reach: The ability of the vendor to support its products on a global scale.
    • Sales: The structure of the sales process and the measure of the size of the vendor’s channel and industry partners.

    Evaluated solutions within scenarios are visually represented by a Pathway to Success, based off a linear graph using above scoring methods:

    • Use-case scenarios are decided upon based on analyst expertise and experience with Info-Tech clients.
    • Use-case scenarios are defined through feature requirements, predetermined by analyst expertise.
    • Placement within scenario rankings consists of features being evaluated against the other scoring criteria.

    Info-Tech’s Vendor Landscapes are researched and produced according to a strictly adhered to process that includes the following steps:

    • Vendor/product selection
    • Information gathering
    • Vendor/product scoring
    • Information presentation
    • Fact checking
    • Publication

    This document outlines how each of these steps is conducted.

    Vendor Landscape Methodology:
    Vendor/Product Selection & Information Gathering

    Info-Tech works closely with its client base to solicit guidance in terms of understanding the vendors with whom clients wish to work and the products that they wish evaluated; this demand pool forms the basis of the vendor selection process for Vendor Landscapes. Balancing this demand, Info-Tech also relies upon the deep subject matter expertise and market awareness of its Senior Analysts to ensure that appropriate solutions are included in the evaluation. As an aspect of that expertise and awareness, Info-Tech’s analysts may, at their discretion, determine the specific capabilities that are required of the products under evaluation, and include in the Vendor Landscape only those solutions that meet all specified requirements.

    Information on vendors and products is gathered in a number of ways via a number of channels.

    Initially, a request package is submitted to vendors to solicit information on a broad range of topics. The request package includes:

    • A detailed survey.
    • A pricing scenario (see Vendor Landscape Methodology: Price Evaluation and Pricing Scenario, below).
    • A request for reference clients.
    • A request for a briefing and, where applicable, guided product demonstration.

    These request packages are distributed approximately eight weeks prior to the initiation of the actual research project to allow vendors ample time to consolidate the required information and schedule appropriate resources.

    During the course of the research project, briefings and demonstrations are scheduled (generally for one hour each session, though more time is scheduled as required) to allow the analyst team to discuss the information provided in the survey, validate vendor claims, and gain direct exposure to the evaluated products. Additionally, an end-user survey is circulated to Info-Tech’s client base and vendor-supplied reference accounts are interviewed to solicit their feedback on their experiences with the evaluated solutions and with the vendors of those solutions.

    These materials are supplemented by a thorough review of all product briefs, technical manuals, and publicly available marketing materials about the product, as well as about the vendor itself.

    Refusal by a vendor to supply completed surveys or submit to participation in briefings and demonstrations does not eliminate a vendor from inclusion in the evaluation. Where analyst and client input has determined that a vendor belongs in a particular evaluation, it will be evaluated as best as possible based on publicly available materials only. As these materials are not as comprehensive as a survey, briefing, and demonstration, the possibility exists that the evaluation may not be as thorough or accurate. Since Info-Tech includes vendors regardless of vendor participation, it is always in the vendor’s best interest to participate fully.

    All information is recorded and catalogued, as required, to facilitate scoring and for future reference.

    Vendor Landscape Methodology:
    Scoring

    Once all information has been gathered and evaluated for all vendors and products, the analyst team moves to scoring. All scoring is performed at the same time so as to ensure as much consistency as possible. Each criterion is scored on a ten-point scale, though the manner of scoring for criteria differs slightly:

    • Features is scored via Cumulative Scoring.
    • Affordability is scored via Scalar Scoring.
    • All other criteria are scored via Base5 Scoring.

    Cumulative Scoring is on a four-point scale. Zero points are awarded to features that are deemed absent or unsatisfactory, one point is assigned to features that are partially present, two points are assigned to features that require an extra purchase in the vendor’s product portfolio or through a third party, three points are assigned to features that are fully present and native to the solution, and four points are assigned to the best-of-breed native feature. The assigned points are summed and normalized to a value out of ten. For example, if a particular Vendor Landscape evaluates eight specific features in the Feature Criteria, the summed score out of eight for each evaluated product would be multiplied by 1.25 to yield a value out of ten to represent in a Harvey Ball format.

    In Scalar Scoring, a score of ten is assigned to the lowest cost solution, and a score of one is assigned to the highest cost solution. All other solutions are assigned a mathematically-determined score based on their proximity to / distance from these two endpoints. For example, in an evaluation of three solutions, where the middle cost solution is closer to the low end of the pricing scale it will receive a higher score, and where it is closer to the high end of the pricing scale it will receive a lower score; depending on proximity to the high or low price it is entirely possible that it could receive either ten points (if it is very close to the lowest price) or one point (if it is very close to the highest price). Where pricing cannot be determined (vendor does not supply price and public sources do not exist), a score of 0 is automatically assigned.

    In Base5 scoring a number of sub-criteria are specified for each criterion (for example, Longevity, Market Presence, and Financials are sub-criteria of the Viability criterion), and each one is scored on the following scale:

    • 5 - The product/vendor is exemplary in this area (nothing could be done to improve the status).
    • 4 - The product/vendor is good in this area (small changes could be made that would move things to the next level).
    • 3 - The product/vendor is adequate in this area (small changes would make it good, more significant changes required to be exemplary).
    • 2 - The product/vendor is poor in this area (this is a notable weakness and significant work is required).
    • 1 - The product/vendor fails in this area (this is a glaring oversight and a serious impediment to adoption).

    The assigned points are summed and normalized to a value out of ten as explained in Cumulative Scoring above.

    Scores out of ten, known as Raw scores, are transposed as is into Info-Tech’s Vendor Landscape Shortlist Tool, which automatically determines Vendor Landscape positioning (see Vendor Landscape Methodology: Information Presentation – Vendor Landscape, below), Criteria Score (see Vendor Landscape Methodology: Information Presentation – Criteria Score, below), and Value Index (see Vendor Landscape Methodology: Information Presentation – Value Index, below).

    Vendor Landscape Methodology:
    Information Presentation – Criteria Scores (Harvey Balls)

    Info-Tech’s criteria scores are visual representations of the absolute score assigned to each individual criterion, as well as of the calculated overall vendor and product scores. The visual representation used is Harvey Balls.

    Harvey Balls are calculated as follows:

    1. Raw scores are transposed into the Info-Tech Vendor Landscape Shortlist Tool (for information on how raw scores are determined, see Vendor Landscape Methodology: Scoring, above).
    2. Each individual criterion raw score is multiplied by a pre-assigned weighting factor for the Vendor Landscape in question. Weighting factors are determined prior to the evaluation process, based on the expertise of the Senior or Lead Research Analyst, to eliminate any possibility of bias. Weighting factors are expressed as a percentage, such that the sum of the weighting factors for the vendor criteria (Viability, Strategy, Reach, Channel) is 100%, and the sum of the product criteria (Features, Usability, Affordability, Architecture) is 100%.
    3. A sum-product of the weighted vendor criteria scores and of the weighted product criteria scores is calculated to yield an overall vendor score and an overall product score.
    4. Both overall vendor score / overall product score, as well as individual criterion raw scores are converted from a scale of one to ten to Harvey Ball scores on a scale of zero to four, where exceptional performance results in a score of four and poor performance results in a score of zero.
    5. Harvey Ball scores are converted to Harvey Balls as follows:
      • A score of four becomes a full Harvey Ball.
      • A score of three becomes a three-quarter full Harvey Ball.
      • A score of two becomes a half-full Harvey Ball.
      • A score of one becomes a one-quarter full Harvey Ball.
      • A score of zero becomes an empty Harvey Ball.
    6. Harvey Balls are plotted by solution in a chart where rows represent individual solutions and columns represent overall vendor / overall product, as well as individual criteria. Solutions are ordered in the chart alphabetically by vendor name.
    Harvey Balls
    Overall Harvey Balls represent weighted aggregates. Example of Harvey Balls with 'Overall' balls at the beginning of each category followed by 'Criteria' balls for individual raw scores. Criteria Harvey Balls represent individual raw scores.

    Vendor Landscape Methodology:
    Use-Case Scoring

    Within each Vendor Landscape a set of use-case scenarios are created by the analysts by considering the different outcomes and purposes related to the technology being evaluated. To generate the custom use-case vendor performances, the feature and Harvey Ball scoring performed in the Vendor Landscapes are set with custom weighting configurations.

    Calculations

    Each product has a vendor multiplier calculated based on its weighted performance, considering the different criteria scored in the Harvey Ball evaluations.

    To calculate each vendor’s performance, the advanced feature scores are multiplied against the weighting for the feature in the use-case scenario’s configuration.

    The weighted advanced feature score is then multiplied against the vendor multiplier.

    The sum of each vendor’s total weighted advanced features is calculated. This sum is used to identify the vendor’s qualification and relative rank within the use case.

    Example pie charts.

    Each use case’s feature weightings and vendor/product weighting configurations are displayed within the body of slide deck.

    Use-Case Vendor Performance

    Example stacked bar chart of use-case vendor performance.

    Vendors who qualified for each use-case scenario are ranked from first to last in a weighted bar graph based on the features considered.

    Vendor Landscape Methodology:
    Information Presentation – Feature Ranks (Stoplights)

    Advanced features are determined by analyst expertise, leveraging information gained from conversations with clients. Advanced features chosen as part of the evaluation are representative of what Info-Tech clients have indicated are of importance to their vendor solution. Advanced features are evaluated through a series of partial marks, dedicated to whether the solution performs all aspects of the Info-Tech definition of the feature and whether the feature is provided within the solution. Analysts hold the right to determine individual, unique scoring criteria for each evaluation. If a feature does not meet the criteria, Info-Tech holds the right to score the feature accordingly.

    Use cases use features as a baseline of the inclusion and scoring criteria.

    		 'Stoplight Legend' with green+star 'Feature category is present: best in class', green 'Feature category is present: strong', yellow 'Feature category is present: average', orange 'Feature category is partially present: weak', and red 'Feature category is absent or near-absent'.

    Vendor Landscape Methodology:
    Information Presentation – Value Index

    Info-Tech’s Value Index is an indexed ranking of solution value per dollar as determined by the raw scores assigned to each criteria (for information on how raw scores are determined, see Vendor Landscape Methodology: Scoring, above).

    Value scores are calculated as follows:

    1. The TCO Affordability criterion is removed from the Affordability score and the remaining product score criteria (Features, Usability, Architecture). Affordability scoring is adjusted with the TCO weighting distributed in proportion to the use case’s weighting for Affordability. Weighting is adjusted as to retain the same weightings relative to one another, while still summing to 100%.
    2. An adjusted multiplier is determined for each vendor using the recalculated Affordability scoring.
    3. The multiplier vendor score and vendor’s weighted feature score (based on the use-case scenario’s weightings), are summed. This sum is multiplied by the TCO raw score to yield an interim Value Score for each solution.
    4. All interim Value Scores are then indexed to the highest performing solution by dividing each interim Value Score by the highest interim Value Score. This results in a Value Score of 100 for the top solution and an indexed Value Score relative to the 100 for each alternate solution.
    5. Solutions are plotted according to Value Score, with the highest score plotted first, and all remaining scores plotted in descending numerical order.

    Where pricing is not provided by the vendor and public sources of information cannot be found, an Affordability raw score of zero is assigned. Since multiplication by zero results in a product of zero, those solutions for which pricing cannot be determined receive a Value Score of zero. Since Info-Tech assigns a score of zero where pricing is not available, it is always in the vendor’s best interest to provide accurate and up-to-date pricing. In the event that insufficient pricing is available to accurately calculate a Value Index, Info-Tech will omit it from the Vendor Landscape.

    Value Index

    Vendors are arranged in order of Value Score. The Value Score each solution achieved is displayed, and so is the average score.

    Example bar chart indicating the 'Value Score' vs the 'Average Score'.

    Those solutions that are ranked as Champions are differentiated for point of reference.

    Vendor Landscape Methodology:
    Information Presentation – Price Evaluation: Mid-Market

    Info-Tech’s Price Evaluation is a tiered representation of the three-year Total Cost of Ownership (TCO) of a proposed solution. Info-Tech uses this method of communicating pricing information to provide high-level budgetary guidance to its end-user clients while respecting the privacy of the vendors with whom it works. The solution TCO is calculated and then represented as belonging to one of ten pricing tiers.

    Pricing tiers are as follows:

    1. Between $1 and $2,500
    2. Between $2,500 and $10,000
    3. Between $10,000 and $25,000
    4. Between $25,000 and $50,000
    5. Between $50,000 and $100,000
    6. Between $100,000 and $250,000
    7. Between $250,000 and $500,000
    8. Between $500,000 and $1,000,000
    9. Between $1,000,000 and $2,500,000
    10. Greater than $2,500,000

    Where pricing is not provided, Info-Tech makes use of publicly available sources of information to determine a price. As these sources are not official price lists, the possibility exists that they may be inaccurate or outdated, and so the source of the pricing information is provided. Since Info-Tech publishes pricing information regardless of vendor participation, it is always in the vendor’s best interest to supply accurate and up to date information.

    Info-Tech’s Price Evaluations are based on pre-defined pricing scenarios (see Product Pricing Scenario, below) to ensure a comparison that is as close as possible between evaluated solutions. Pricing scenarios describe a sample business and solicit guidance as to the appropriate product/service mix required to deliver the specified functionality, the list price for those tools/services, as well as three full years of maintenance and support.

    Price Evaluation

    Call-out bubble indicates within which price tier the three-year TCO for the solution falls, provides the brackets of that price tier, and links to the graphical representation.

    Example price evaluation with a '3 year TCO...' statement, a visual gauge of bars, and a statement on the source of the information.

    Scale along the bottom indicates that the graphic as a whole represents a price scale with a range of $1 to $2.5M+, while the notation indicates whether the pricing was supplied by the vendor or derived from public sources.

    Vendor Landscape Methodology:
    Information Presentation – Vendor Awards

    At the conclusion of all analyses, Info-Tech presents awards to exceptional solutions in three distinct categories. Award presentation is discretionary; not all awards are extended subsequent to each Vendor Landscape and it is entirely possible, though unlikely, that no awards may be presented.

    Awards categories are as follows:

    • Champion Awards are presented to the top performing solution in a particular use-case scenario. As a result, only one Champion Award is given for each use case, and the entire Vendor Landscape will have the same number of Champion Awards as the number of evaluated use cases.
    • Leader Awards are presented to top performing solutions for each use-case scenario. Depending on the use-case scenario and the number of solutions being evaluated, a variable number of leader awards will be given. This number is at the discretion of the analysts, but is generally placed at two, and given to the solutions ranking second and third respectively for the use case.
    • Best Overall Value Awards are presented to the solution for each use-case scenario that ranked the highest in the Info-Tech Value Index for each evaluated scenario (see Vendor Landscape Methodology: Information Presentation – Value Index, above). If insufficient pricing information is made available for the evaluated solutions, such that a Value Index cannot be calculated, no Best Overall Value Award will be presented. Only one Best Overall Value Award is available for each use-case scenario.

    Vendor Awards for Use-Case Performance

    Vendor Award: 'Champion'. Info-Tech’s Champion Award is presented to solutions that placed first in an use-case scenario within the Vendor Landscape.
    Vendor Award: 'Leader'. Info-Tech Leader Award is given to solutions who placed in the top segment of a use-case scenario.
    Vendor Award: 'Best Overall Value'. Info-Tech’s Best Overall Value Award is presented to the solution within each use-case scenario with the highest Value Index score.

    Vendor Landscape Methodology:
    Fact Check & Publication

    Info-Tech takes the factual accuracy of its Vendor Landscapes, and indeed of all of its published content, very seriously. To ensure the utmost accuracy in its Vendor Landscapes, we invite all vendors of evaluated solutions (whether the vendor elected to provide a survey and/or participate in a briefing or not) to participate in a process of fact check.

    Once the research project is complete and the materials are deemed to be in a publication ready state, excerpts of the material specific to each vendor’s solution are provided to the vendor. Info-Tech only provides material specific to the individual vendor’s solution for review encompassing the following:

    • All written review materials of the vendor and the vendor’s product that comprise the evaluated solution.
    • Info-Tech’s Criteria Scores / Harvey Balls detailing the individual and overall vendor / product scores assigned.
    • Info-Tech’s Feature Rank / stoplights detailing the individual feature scores of the evaluated product.
    • Info-Tech’s Raw Pricing for the vendor either as received from the vendor or as collected from publicly available sources.
    • Info-Tech’s Scenario ranking for all considered scenarios for the evaluated solution.

    Info-Tech does not provide the following:

    • Info-Tech’s Vendor Landscape placement of the evaluated solution.
    • Info-Tech’s Value Score for the evaluated solution.
    • End-user feedback gathered during the research project.
    • Info-Tech’s overall recommendation in regard to the evaluated solution.

    Info-Tech provides a one-week window for each vendor to provide written feedback. Feedback must be corroborated (be provided with supporting evidence), and where it does, feedback that addresses factual errors or omissions is adopted fully, while feedback that addresses opinions is taken under consideration. The assigned analyst team makes all appropriate edits and supplies an edited copy of the materials to the vendor within one week for final review.

    Should a vendor still have concerns or objections at that time, they are invited to a conversation, initially via email, but as required and deemed appropriate by Info-Tech, subsequently via telephone, to ensure common understanding of the concerns. Where concerns relate to ongoing factual errors or omissions, they are corrected under the supervision of Info-Tech’s Vendor Relations personnel. Where concerns relate to ongoing differences of opinion, they are again taken under consideration with neither explicit not implicit indication of adoption.

    Publication of materials is scheduled to occur within the six weeks following the completion of the research project, but does not occur until the fact check process has come to conclusion, and under no circumstances are “pre-publication” copies of any materials made available to any client.

    Pricing Scenario

    Info-Tech Research Group is providing each vendor with a common pricing scenario to enable normalized scoring of Affordability, calculation of Value Index rankings, and identification of the appropriate solution pricing tier as displayed on each vendor scorecard.

    Vendors are asked to provide list costs for SMMP software licensing to address the needs of a reference organization described in the pricing scenario. Please price out the lowest possible 3-year total cost of ownership (TCO) including list prices for software and licensing fees to meet the requirements of the following scenario.

    Three-year total acquisition costs will be normalized to produce the Affordability raw scores and calculate Value Index ratings for each solution.

    The pricing scenario:

    • Enterprise Name: Imperial Products Incorporated
    • Enterprise Size: SMB
    • Enterprise Vertical: Consumer packaged goods
    • Total Number of Sites: Three office locations
    • Total Number of Employees: 500
    • Total Number SMMP End Users: 50
      • 20 dedicated CSRs who are handling all customer service issues routed to them
      • 5 PR managers who need the ability to monitor the social cloud
      • 24 brand portfolio managers – each portfolio has 5 products (25 total)
      • Each product has its own Facebook and Twitter presence
      • 1 HR manager (using social media for recruiting)
    • Total Number of IT Staff: 20
    • Operating System Environment: Windows 7
    • Functional Requirements and Additional Information: Imperial Products Incorporated is a mid-sized consumer packaged goods firm operating in the United States. The organization is currently looking to adopt a platform for social media monitoring and management. Functional requirements include the ability to monitor and publish to Facebook, Twitter, YouTube, and blogs. The platform must have the ability to display volume trends, show follower demographics, and conduct sentiment analysis. It must also provide tools for interacting in-platform with social contacts, provide workflow management capabilities, and offer the ability to manage specific social properties (e.g. Facebook Pages). Additional features that are desirable are the ability to archive social interactions, and a dedicated mobile application for one of the major smartphone/tablet operating systems (iOS, Android etc.).

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

    • Buy Link or Shortcode: {j2store}472|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • The organization is planning to move resources to cloud or devise a networking strategy for their existing cloud infrastructure to harness value from cloud.
    • The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies and provide access to shared services on cloud.
    • A perennial challenge for infrastructure on cloud is planning for governance vs flexibility which is often overlooked.

    Our Advice

    Critical Insight

    Don’t wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and the future.

    Impact and Result

    • Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.
    • Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Deck – A document to guide you through designing your network in the cloud.

    What cloud networking topology should you use? How do you provide access to shared resources in the cloud or hybrid infrastructure? What sits in the hub and what sits in the spoke?

    • Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Storyboard
    [infographic]

    Further reading

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

    Don't revolve around a legacy design; choose a network design that evolves with the organization.

    Analyst Perspective

    Cloud adoption among organizations increases gradually across both the number of services used and the amount those services are used. However, network builders tend to overlook the vulnerabilities of network topologies, which leads to complications down the road, especially since the structures of cloud network topologies are not all of the same quality. A network design that suits current needs may not be the best solution for the future state of the organization.

    Even if on-prem network strategies were retained for ease of migration, it is important to evaluate and identify the cloud network topology that can not only elevate the performance of your infrastructure in the cloud, but also that can make it easier to manage and provision resources.

    An "as the need arises" strategy will not work efficiently since changing network designs will change the way data travels within your network, which will then need to be adopted to existing application architectures. This becomes more complicated as the number of services hosted in the cloud grows.

    Keep a network strategy in place early on and start designing your infrastructure accordingly. This gives you more control over your networks and eliminates the need for huge changes to your infrastructure down the road.

    This is a picture of Nitin Mukesh

    Nitin Mukesh
    Senior Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The organization is planning to move resources to the cloud or devise a networking strategy for their existing cloud infrastructure to harness value from the cloud.

    The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies, and provide access to shared services in the cloud.

    A perennial challenge for infrastructure in the cloud is planning for governance vs. flexibility, which is often overlooked.

    Common Obstacles

    The choice of migration method may result in retaining existing networking patterns and only making changes when the need arises.

    Networking in the cloud is still new, and organizations new to the cloud may not be aware of the cloud network designs they can consider for their business needs.

    Info-Tech's Approach

    Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.

    Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

    Insight Summary

    Don't wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and future.

    Your challenge

    Selecting the right topology: Many organizations migrate to the cloud retaining a mesh networking topology from their on-prem design, or they choose to implement the mesh design leveraging peering technologies in the cloud without a strategy in place for when business needs change. While there may be many network topologies for on-prem infrastructure, the network design team may not be aware of the best approach in cloud platforms for their requirements, or a cloud networking strategy may even go overlooked during the migration.

    Finding the right cloud networking infrastructure for:

    • Management efficiencies
    • Network-level isolation of resources
    • Access to shared services

    Deciding between governance and flexibility in networking design: In the hub and spoke model, if a domain is in the hub, the greater the governance over it, and if it sits in the spoke, the higher the flexibility. Having a strategy for the most important domains is key. For example, some security belongs in the hub and some security belongs in the spoke. The tradeoff here is if it sits completely in the spoke, you give it a lot of freedom, but it becomes harder to standardize across the organization.

    Mesh network topology

    A mesh is a design where virtual private clouds (VPCs) are connected to each other individually creating a mesh network. The network traffic is fast and can be redirected since the nodes in the network are interconnected. There is no hierarchical relationship between the networks, and any two networks can connect with each other directly.

    In the cloud, this design can be implemented by setting up peering connections between any two VPCs. These VPCs can also be set up to communicate with each other internally through the cloud service provider's network without having to route the traffic via the internet.

    While this topology offers high redundancy, the number of connections grows tremendously as more networks are added, making it harder to scale a network using a mesh topology.

    Mesh Network on AWS

    This is an image of a Mesh Network on AWS

    Source: AWS, 2018

    Constraints

    The disadvantages of peering VPCs into a mesh quickly arise with:

    • Transitive connections: Transitive connections are not supported in the cloud, unlike with on-prem networking. This means that if there are two networks that need to communicate, a single peering link can be set up between them. However, if there are more than two networks and they all need to communicate, they should all be connected to each other with separate individual connections.
    • Cost of operation: The lack of transitive routing requires many connections to be set up, which adds up to a more expensive topology to operate as the number of networks grows. Cloud providers also usually limit the number of peering networks that can be set up, and this limit can be hit with as few as 100 networks.
    • Management: Mesh tends to be very complicated to set up, owing to the large number of different peering links that need to be established. While this may be manageable for small organizations with small operations, for larger organizations with robust cybersecurity practices that require multiple VPCs to be deployed and interconnected for communications, mesh opens you up to multiple points of failure.
    • Redundancy: With multiple points of failure already being a major drawback of this design, you also cannot have more than one peered connection between any two networks at the same time. This makes designing your networking systems for redundancy that much more challenging.
    Number of virtual networks 10 20 50 100
    Peering links required
    [(n-1)*n]/2         		45 190 1225 4950

    Proportional relationship of virtual networks to required peering links in a mesh topology

    Case study

    INDUSTRY: Blockchain
    SOURCE: Microsoft

    An organization with four members wants to deploy a blockchain in the cloud, with each member running their own virtual network. With only four members on the team, a mesh network can be created in the cloud with each of their networks being connected to each other, adding up to a total of 12 peering connections (four members with three connections each). While the members may all be using different cloud accounts, setting up connections between them will still be possible.

    The organization wants to expand to 15 members within the next year, with each new member being connected with their separate virtual networks. Once grown, the organization will have a total of 210 peering connections since each of the virtual networks will then need 14 peering connections. While this may still be possible to deploy, the number of connections makes it harder to manage and would be that much more difficult to deploy if the organization grows to even 30 or 40 members. The new scale of virtual connections calls for an alternative networking strategy that cloud providers offer – the hub and spoke topology.

    This is an image of the connections involved in a mesh network with four participants.

    Source: Microsoft, 2017

    Hub and spoke network topology

    In hub and spoke network design, each network is connected to a central network that facilitates intercommunication between the networks. The central network, also called the hub, can be used by multiple workloads/servers/services for hosting services and for managing external connectivity. Other networks connected to the hub through network peering are called spokes and host workloads.

    Communications between the workloads/servers/services on spokes pass in or out of the hub where they are inspected and routed. The spokes can also be centrally managed from the hub with IT rules and processes.

    A hub and spoke design enable a larger number of virtual networks to be interconnected as each network only needs one peered connection (to the hub) to be able to communicate with any other network in the system.

    Hub and Spoke Network on AWS

    This is an image of the Hub and Spoke Network on AWS

    What hub and spoke networks do better

    1. Ease of connectivity: Hub and spoke decreases the liabilities of scale that come from a growing business by providing a consistent connection that can be scaled easily. As more networks are added to an organization, each will only need to be connected once – to the hub. The number of connections is considerably lower than in a mesh topology and makes it easier to maintain and manage.
    2. Business agility and scalability: It is easier to increase the number of networks than in mesh, making it easier to grow your business into new channels with less time, investment, and risk.
    3. Data collection: With a hub and spoke design, all data flows through the hub – depending on the design, this includes all ingress and egress to and from the system. This makes it an excellent central network to collect all business data.
    4. Network-level isolation: Hub and spoke enables separation of workloads and tiers into different networks. This is particularly useful to ensure an issue affecting a network or a workload does not affect the rest.
    5. Network changes: Changes to a separated network are much easier to carry out knowing the changes made will not affect all the other connected networks. This reduces work-hours significantly when systems or applications need to be altered.
    6. Compliance: Compliance requirements such as SOC 1 and SOC 2 require separate environments for production, development, and testing, which can be done in a hub and spoke model without having to re-create security controls for all networks.

    Hub and spoke constraints

    While there are plenty of benefits to using this topology, there are still a few notable disadvantages with the design.

    Point-to-point peering

    The total number of total peered connections required might be lower than mesh, but the cost of running independent projects is cheaper on mesh as point-to-point data transfers are cheaper.

    Global access speeds with a monolithic design

    With global organizations, implementing a single monolithic hub network for network ingress and egress will slow down access to cloud services that users will require. A distributed network will ramp up the speeds for its users to access these services.

    Costs for a resilient design

    Connectivity between the spokes can fail if the hub site dies or faces major disruptions. While there are redundancy plans for cloud networks, it will be an additional cost to plan and build an environment for it.

    Leverage the hub and spoke strategy for:

    Providing access to shared services: Hub and spoke can be used to give workloads that are deployed on different networks access to shared services by placing the shared service in the hub. For example, DNS servers can be placed in the hub network, and production or host networks can be connected to the hub to access it, or if the central network is set up to host Active Directory services, then servers in other networks can act as spokes and have full access to the central VPC to send requests. This is also a great way to separate workloads that do not need to communicate with each other but all need access to the same services.

    Adding new locations: An expanding organization that needs to add additional global or domestic locations can leverage hub and spoke to connect new network locations to the main system without the need for multiple connections.

    Cost savings: Apart from having fewer connections than mesh that can save costs in the cloud, hub and spoke can also be used to centralize services such as DNS and NAT to be managed in one location rather than having to individually deploy in each network. This can bring down management efforts and costs considerably.

    Centralized security: Enterprises can deploy a center of excellence on the hub for security, and the spokes connected to it can leverage a higher level of security and increase resilience. It will also be easier to control and manage network policies and networking resources from the hub.

    Network management: Since each spoke is peered only once to the hub, detecting connectivity problems or other network issues is made simpler in hub and spoke than on mesh. A network manager deployed on the cloud can give access to network problems faster than on other topologies.

    Hub and spoke – mesh hybrid

    The advantages of using a hub and spoke model far exceed those of using a mesh topology in the cloud and go to show why most organizations ultimately end up using the hub and spoke as their networking strategy.

    However, organizations, especially large ones, are complex entities, and choosing only one model may not serve all business needs. In such cases, a hybrid approach may be the best strategy. The following slides will demonstrate the advantages and use cases for mesh, however limited they might be.

    Where it can be useful:

    An organization can have multiple network topologies where system X is a mesh and system Y is a hub and spoke. A shared system Z can be a part of both systems depending on the needs.

    An organization can have multiple networks interconnected in a mesh and some of the networks in the mesh can be a hub for a hub-spoke network. For example, a business unit that works on data analysis can deploy their services in a spoke that is connected to a central hub that can host shared services such as Active Directory or NAT. The central hub can then be connected to a regional on-prem network where data and other shared services can be hosted.

    Hub and spoke – mesh hybrid network on AWS

    This is an image of the Hub and spoke – mesh hybrid network on AWS

    Why mesh can still be useful

    Benefits Of Mesh

    Use Cases For Mesh

    Security: Setting up a peering connection between two VPCs comes with the benefit of improving security since the connection can be private between the networks and can isolate public traffic from the internet. The traffic between the networks never has to leave the cloud provider's network, which helps reduce a class of risks.

    Reduced network costs: Since the peered networks communicate internally through the cloud's internal networks, the data transfer costs are typically cheaper than over the public internet.

    Communication speed: Improved network latency is a key benefit from using mesh because the peered traffic does not have to go over the public internet but rather the internal network. The network traffic between the connections can also be quickly redirected as needed.

    Higher flexibility for backend services: Mesh networks can be desirable for back-end services if egress traffic needs to be blocked to the public internet from the deployed services/servers. This also helps avoid having to set up public IP or network address translation (NAT) configurations.

    Connecting two or more networks for full access to resources: For example, consider an organization that has separate networks for each department, which don't all need to communicate with each other. Here, a peering network can be set up only between the networks that need to communicate with full or partial access to each other such as finance to HR or accounting to IT.

    Specific security or compliance need: Mesh or VPC peering can also come in handy to serve specific security needs or logging needs that require using a network to connect to other networks directly and in private. For example, global organizations that face regulatory requirements of storing or transferring data domestically with private connections.

    Systems with very few networks that do not need internet access: Workloads deployed in networks that need to communicate with each other but do not require internet access or network address translation (NAT) can be connected using mesh especially when there are security reasons to keep them from being connected to the main system, e.g. backend services such as testing environments, labs, or sandboxes can leverage this design.

    Designing for governance vs. flexibility in hub and spoke

    Governance and flexibility in managing resources in the cloud are inversely proportional: The higher the governance, the less freedom you have to innovate.

    The complexities of designing an organization's networks grow with the organization as it becomes global and takes on more services and lines of business. Organizations that choose to deploy the hub and spoke model face a dilemma in choosing between governance and flexibility for their networks. Organizations need to find that sweet spot to find the right balance between how much they want to govern their systems, mainly for security- and cost-monitoring, and how much flexibility they want to provide for innovation and other operations, since the two usually tend to have an inverse relationship.

    This decision in hub and spoke usually means that the domains chosen for higher governance must be placed in the hub network, and the domains that need more flexibility in a spoke. The key variables in the following slide will help determine the placement of the domain and will depend entirely on the organization's context.

    The two networking patterns in the cloud have layered complexities that need to be systematically addressed.

    Designing for governance vs. flexibility in hub and spoke

    If a network has more flexibility in all or most of these domains, it may be a good candidate for a spoke-heavy design; otherwise, it may be better designed in a hub-centric pattern.

    • Function: The function the domain network is assigned to and the autonomy the function needs to be successful. For example, software R&D usually requires high flexibility to be successful.
    • Regulations: The extent of independence from both internal and external regulatory constraints the domain has. For example, a treasury reporting domain typically has high internal and external regulations to adhere to.
    • Human resources: The freedom a domain has to hire and manage its resources to perform its function. For example, production facilities in a huge organization have the freedom to manage their own resources.
    • Operations: The freedom a domain has to control its operations and manage its own spending to perform its functions. For example, governments usually have different departments and agencies, each with its own budget to perform its functions.
    • Technology: The independence and the ability a domain has to manage its selection and implementation of technology resources in the cloud. For example, you may not want a software testing team to have complete autonomy to deploy resources.

    Optimal placement of services between the hub and spoke

    Shared services and vendor management

    Resources that are shared between multiple projects or departments or even by the entire organization should be hosted on the hub network to simplify sharing these services. For example, e-learning applications that may be used by multiple business units to train their teams, Active Directory accessed by most teams, or even SAAS platforms such as O365 and Salesforce can leverage buying power and drive down the costs for the organization. Shared services should also be standardized across the organization and for that, it needs to have high governance.

    Services that are an individual need for a network and have no preexisting relationship with other networks or buying power and scale can be hosted in a spoke network. For example, specialized accounting software used exclusively by the accounting team or design software used by a single team. Although the services are still a part of the wider network, it helps separate duties from the shared services network and provides flexibility to the teams to customize and manage their services to suit their individual needs.

    Network egress and interaction

    Network connections, be they in the cloud or hybrid-cloud, are used by everyone to either connect to the internet, access cloud services, or access the organization's data center. Since this is a shared service, a centralized networking account must be placed in the hub for greater governance. Interactions between the spokes in a hub and spoke model happens through the hub, and providing internet access to the spokes through the hub can help leverage cost benefits in the cloud. The network account will perform routing duties between the spokes, on-prem assets, and egress out to the internet.

    For example, NAT gateways in the cloud that are managed services are usually charged by the hour, and deploying NAT on each spoke can be harder to manage and expensive to maintain. A NAT gateway deployed in a central networking hub can be accessed by all spokes, so centralizing it is a great option.

    Note that, in some cases, when using edge locations for data transfers, it may be cost effective to deploy a NAT in the spoke, but such cases usually do not apply to most organizational units.

    A centralized network hub can also be useful to configure network policies and network resources while organizational departments can configure non-network resources, which helps separate responsibilities for all the spokes in the system. For example, subnets and routes can be controlled from the central network hub to ensure standardized network policies across the network.

    Security

    While there needs to be security in the hub and the spokes individually, finding the balance of operation can make the systems more robust. Hub and spoke design can be an effective tool for security when a principal security hub is hosted in the hub network. The central security hub can collect data from the spokes as well as non-spoke sources such as regulatory bodies and threat intelligence providers, and then share the information with the spokes.

    Threat information sharing is a major benefit of using this design, and the hub can take actions to analyze and enrich the data before sharing it with spokes. Shared services such as threat intelligence platforms (TIP) can also benefit from being centralized when stationed in the hub. A collective defense approach between the hub and spoke can be very successful in addressing sophisticated threats.

    Compliance and regulatory requirements such as HIPAA can also be placed in the hub, and the spokes connected to it can make use of it instead of having to deploy it in each spoke individually.

    Cloud metering

    The governance vs. flexibility paradigm usually decides the placement of cloud metering, i.e. if the organization wants higher control over cloud costs, it should be in the central hub, whereas if it prioritizes innovation, the spokes should be allowed to control it. Regardless of the placement of the domain, the costs can be monitored from the central hub using cloud-native monitoring tools such as Azure Monitor or any third-party software deployed in the hub.

    For ease of governance and since resources are usually shared at a project level, most cloud service providers suggest that an individual metering service be placed in the spokes. The centralized billing system of the organization, however, can make use of scale and reserved instances to drive down the costs that the spokes can take advantage of. For example, billing and access control resources are placed in the lower levels in GCP to enable users to set up projects and perform their tasks. These billing systems in the lower levels are then controlled by a centralized billing system to decide who pays for the resources provisioned.

    Don't get stuck with your on-prem network design. Design for the cloud.

    1. Peering VPCs into a mesh design can be an easy way to get onto the cloud, but it should not be your networking strategy for the long run.
    2. Hub and spoke network design offers more benefits than any other network strategy to be adopted only when the need arises. Plan for the design early on and keep a strategy in place to deploy it as early as possible.
    3. Hybrid of mesh and hub and spoke will be very useful in connecting multiple large networks especially when they need to access the same resources without having to route the traffic over the internet.
    4. Governance vs. flexibility should be a key consideration when designing for hub and spoke to leverage the best out of your infrastructure.
    5. Distribute domains across the hub or spokes to leverage costs, security, data collection, and economies of scale, and to foster secure interactions between networks.

    Cloud network design strategy

    This is an image of the framework for developing a Cloud Network Design Strategy.

    Bibliography

    Borschel, Brett. "Azure Hub Spoke Virtual Network Design Best Practices." Acendri Solutions, 13 Jan. 2022. Web.
    Singh, Garvit. "Amazon Virtual Private Cloud Connectivity Options." AWS, January 2018. Web.
    "What Is the Hub and Spoke Information Sharing Model?" Cyware, 16 Aug. 2021. Web.
    Youseff, Lamia. "Mesh and Hub-and-Spoke Networks on Azure." Microsoft, Dec. 2017. Web.

    Demystify Blockchain: How Can It Bring Value to Your Organization?

    • Buy Link or Shortcode: {j2store}96|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Most leaders have an ambiguous understanding of blockchain and its benefits, let alone how it impacts their organization.
    • At the same time, with bitcoin drawing most of the media attention, organizations are finding it difficult to translate cryptocurrency usage to business case.

    Our Advice

    Critical Insight

    • Cut through the hype associated with blockchain by focusing on what is relevant to your organization. You have been hearing about blockchain for some time now and want to better understand it. While it is complex, you can beat the learning curve by analyzing its key benefits and purpose. Features such as transparency, efficiency, and security differentiate blockchain from existing technologies and help explain why it has transformative potential.
    • Ensure your use case is actually useful by first determining whether blockchain aligns with your organization. CIOs must take a practical approach to blockchain in order to avoid wasting resources (both time and money) and hurting IT’s image in the eyes of the business. While is easy to get excited and invest in a new technology to help maintain your image as a thought leader, you must ensure that your use case is fully developed prior to doing so.

    Impact and Result

    • Follow Info-Tech’s methodology for simplifying an otherwise complex concept. By focusing on its benefits and how they directly relate to a use case, blockchain technology is made easy to understand for business and IT professionals.
    • Our program will help you understand if blockchain is the optimal solution for your organization by mapping its key benefits (i.e. transparency, integrity, efficiency, and security) to your needs and capabilities.
    • Leverage a repeatable framework for brainstorming blockchain use case ideas and communicate your findings to business stakeholders who may otherwise be confused about the transformative potential of blockchain.

    Demystify Blockchain: How Can It Bring Value to Your Organization? Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should care about determining whether blockchain aligns with your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. What exactly is blockchain?

    Understand blockchain’s unique feature, benefits, and business use cases.

    • Demystify Blockchain – Phase 1: What Is Blockchain?
    • Blockchain Glossary

    2. What can blockchain do for your organization?

    Envision blockchain’s transformative potential for your organization by brainstorming and validating a use case.

    • Demystify Blockchain – Phase 2: What Can Blockchain Do for Your Organization?
    • Blockchain Alignment Tool
    • Blockchain Alignment Presentation
    [infographic]

    Recruit and Retain More Women in IT

    • Buy Link or Shortcode: {j2store}575|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $14,532 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select
    • While the number of jobs in IT has increased dramatically, the percentage of women in IT has progressed disproportionately, with only 25% of IT jobs being held by women (CIO from IDG, 2021).
    • The challenge is not a lack of talented women with the competencies to excel within IT, but rather organizations lack an effective strategy to recruit and retain women in IT.

    Our Advice

    Critical Insight

    • Retaining and attracting top women is good business, not personal. As per McKinsey Global Institute, “$4.3 trillion of additional annual GDP in 2025 could be added to the U.S. by fully bridging the gender gap.”
    • In the war on talent, having a strategy around how you will recruit & retain of women in IT is Marketing 101. What influences whether women apply for roles and stay at organizations is different than men; traditional models won’t cut it.

    Impact and Result

    To stay competitive, IT leaders need to radically change the way they recruit and retain talent, and women in IT represent one of the largest untapped markets for IT talent. CIOs need a targeted strategy to attract and retain the best, and this requires a shift in how leaders currently manage the talent lifecycle. Info-Tech offers a targeted solution that will help IT leaders:

    1. Build a Recruitment Playbook: Leverage Info-Tech tools to effectively sell to, search for, and secure top talent.
    2. Build a Retention Strategy: Follow Info-Tech’s step-by-step process to identify initiatives and opportunities to retain your top talent.

    Recruit and Retain More Women in IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Recruit and Retain More Women in IT Deck – A step-by-step document that walks you through how to build a recruitment and retention plan for women in IT.

    Create a targeted recruitment and retention strategy for women. Increase the number of viable candidates by leveraging best practices to sell to, search for, and secure top women in IT. Take a data-driven approach to improving retention of women by using best practices to measure and improve employee engagement.

    • Recruit and Retain More Women in IT – Phases 1-2

    2. Employee Value Proposition Tools – Build and road-test your employee value proposition to ensure that it is aligned, clear, compelling, and differentiated.

    These tools tap into best practices to help you collect the information you need to build, assess, test, and adopt an employee value proposition.

    • Employee Value Proposition (EVP) Interview Guide
    • Employee Value Proposition (EVP) Scorecard
    • Employee Value Proposition (EVP) Internal Scorecard Handout

    3. IT Behavioral Interview Question Library – A complete list of sample questions aligned with core, leadership, and IT competencies.

    Don’t hire by intuition, consider leveraging behavioral interview questions to reduce bias and uncover candidates that will be able to execute on the job.

    • IT Behavioral Interview Question Library

    4. Stay Interview Guide – Use this tool to guide one-on-one conversations with your team members to monitor employee engagement between surveys.

    Stay interviews are an effective method for monitoring employee engagement. Have these informal conversations to gain insight into what your employees really think about their jobs, what causes them to stay, and what may lead them to leave.

    • Stay Interview Guide

    Infographic

    Workshop: Recruit and Retain More Women in IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Make the Case for Strategically Recruiting and Retaining Women in IT

    The Purpose

    Identify the need for a targeted strategy to recruit and retain women in IT and pinpoint your largest opportunities to drive diversity in your IT team.

    Key Benefits Achieved

    Establish goals and targets for the changes to be made to your IT recruitment and retention strategies.

    Activities

    1.1 Understand trends in IT staffing.

    1.2 Assess your talent lifecycle challenges and opportunities.

    1.3 Make the case for changes to recruitment and retention strategies.

    Outputs

    Recruitment & Retention Metrics Report

    Business Case for Recruitment and Retention Changes

    2 Develop Strategies to Sell Your Organization to Wider Candidate Pool

    The Purpose

    The way you position the organization impacts who is likely to apply to posted positions. Ensure you are putting a competitive foot forward by developing a unique, meaningful, and aspirational employee value proposition and clear job descriptions.

    Key Benefits Achieved

    Implement effective strategies to drive more applications to your job postings.

    Activities

    2.1 Develop an IT employee value proposition.

    2.2 Adopt your employee value proposition.

    2.3 Write meaningful job postings.

    Outputs

    Employee Value Proposition

    EVP Marketing Plan

    Revised Job Ads

    3 Expand Your Talent Sourcing Strategy

    The Purpose

    Sourcing shouldn’t start with an open position, it should start with identifying an anticipated need and then building and nurturing a talent pipeline.

    IT participation in this is critical to effectively promote the employee experience and foster relationships before candidates even apply.

    Key Benefits Achieved

    Develop a modern job requisition form though role analysis.

    Increase your candidate pool by expanding sourcing programs.

    Activities

    3.1 Build realistic job requisition forms.

    3.2 Identify new alternative sourcing approaches for talent.

    3.3 Build a sourcing strategy.

    Outputs

    Job requisition form for key roles

    Sourcing strategy for key roles

    4 Secure Top Talent

    The Purpose

    Work with your HR department to influence the recruitment process by taking a data-driven approach to understanding the root cause of applicant drop-off and success and take corrective actions.

    Key Benefits Achieved

    Optimize your selection process.

    Implement non-bias interview techniques in your selection process.

    Activities

    4.1 Assess key selection challenges.

    4.2 Implement behavioral interview techniques.

    Outputs

    Root-Cause Analysis of Section Challenges

    Behavioral Interview Guide

    5 Retain Top Women in IT

    The Purpose

    Employee engagement is one of the greatest predictors of intention to stay.

    To retain employees you need to understand not only engagement, but also your employee experience and the moments that matter, and actively work to create positive experience.

    Key Benefits Achieved

    Identify opportunities to drive engagement across your IT organization.

    Implement tactical programs to reduce turnover in IT.

    Activities

    5.1 Measure employee engagement and review results.

    5.2 Identify new alternative sourcing approaches for talent.

    5.3 Train managers to conduct stay interviews and drive employee engagement.

    Outputs

    Identified Employee Engagement Action Plan

    Action Plan to Execute Stay Interviews

    Further reading

    Recruit and Retain More Women in IT

    Gender diversity is directly correlated to IT performance.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    Technology has never been more important to organizations, and as a result, recruiting and retaining quality IT employees is increasingly difficult.

    • IT unemployment rates continue to hover below 2% in the US.
    • The IT talent market has evolved into one where the employer is the seller and the employee is the buyer.

    Common Obstacles

    • While the number of jobs in IT has increased dramatically, the percentage of women in IT has progressed disproportionately, with only 25% of IT jobs being held by women.*
    • The challenge is not a lack of talented women with the competencies to excel within IT, but rather organizations lack an effective strategy to recruit and retain women in IT.

    Info-Tech’s Approach

    To stay competitive, IT leaders need to radically change the way they recruit and retain talent, and women in IT represent one of the largest untapped markets. CIOs need a targeted strategy to attract and retain the best, and this requires a shift in how leaders currently manage the talent lifecycle. Info-Tech offers a targeted solution to help:

    • Build a Recruitment Playbook: Leverage Info-Tech tools to effectively sell to, search for, and secure top talent.
    • Build a Retention Strategy: Follow Info-Tech’s step-by-step process to identify initiatives and opportunities to retain your top talent.

    Info-Tech Insight

    Retaining and attracting top women is good business, not personal. Companies with greater gender diversity on executive teams were 25% more likely to have above-average profitability.1 In the war on talent, having a strategy around how you will recruit and retain women in IT is Marketing 101. What influences whether women apply for roles and stay at organizations is different than men; traditional models won’t cut it.

    *– McKinsey & Company, 2020; 2 – CIO From IDG, 2021
    The image contains a screenshot of a thought model titled: Recruit and Retain More Women in IT. Its subheading is: Gender Diversity is Directly Correlated to IT Performance. The thought model lists critical methods to recruit and retain, and also a traditional method to compare.

    Diversity & inclusion – it’s good business, not personal

    Why should organizations care about diversity?

    1. The war for talent is real. Every CIO needs a plan of attack. Unemployment rates are dropping and 54% of CIOs report that the skills shortage is holding them up from meeting their strategic objectives.
      2. Source: Harvey Nash and KPMG, 2020
    2. Diversity has clear ROI – both in terms of recruitment and retention. Eighty percent of technology managers experienced increased turnover in 2021. Not only are employee tenures decreasing, the competition for talent is fierce and the average cost of turnover is 150% of an IT worker’s salary.
      3. Source: Robert Half, 2021
    3. Inability to recruit and retain talent will reduce business satisfaction. Organizations who are continuously losing talent will be unable to meet corporate objectives due to lost productivity, keeping them in firefighting mode. An engaged workforce is a requirement for driving innovation and project success.

    ISACA’s 2020 study shows a disconnect between what men and women think is being done to recruit and retain female employees

    Key findings from ISACA’s 2020 Tech Workforce survey

    65% of men think their employers have a program to encourage hiring women. But only 51% of women agree.

    71% of men believe their employers have a program to encourage the promotion or advancement of women. But only 59% of women agree.

    49% of women compared to 44% of men in the survey feel they must work harder than their peers.

    22% of women compared to 14% of men feel they are underpaid.

    66% of women compared to 72% of men feel they are receiving sufficient resources to sustain their career.

    30% of women compared to 23% of men feel they have unequal growth opportunities.

    74% of women compared to 64% of men feel they lack confidence to negotiate their salaries.

    To see ISACA’s full report click here.
    The image contains a screenshot of a multi bar graph to demonstrate the percentage of female employees in the workforce of major tech companies. The major tech companies include: Amazon, Facebook, Apple, Google, and Microsoft.
    Image: Statista, 2021, CC BY-ND 4.0

    The chart to the left, compiled by Statista, (based on self-reported company figures) shows that women held between 23% to 25% of the tech jobs at major tech companies.

    Women are also underrepresented in leadership positions: 34% at Facebook, 31% at Apple, 29% at Amazon, 28% at Google, and 26% at Microsoft.

    (Statista, 2021)

    To help support women in tech, 78% of women say companies should promote more women into leadership positions. Other solutions include:

    • Providing mentorship opportunities (72%)
    • Offering flexible scheduling (64%)
    • Conducting unconscious bias training (57%)
    • Offering equal maternity and paternity leave (55%)
      • (HRD America, 2021)

    Traditional retention initiatives target the majority – the drivers that impact the retention of women in IT are different

    Ranked correlation of impact of engagement drivers on retention

    The image contains a screenshot that demonstrates the differences in retaining men and women in IT.

    * Recent data stays consistent, but, the importance of compensation and recognition in retaining women in IT is increasing.

    Info-Tech Research Group Employee Engagement Diagnostic; N=1,856 IT employees

    The majority of organizations take a one-size-fits-all approach to retaining and engaging employees.

    However, studies show that women are leaving IT in significantly higher proportions than men and that the drivers impacting men’s and women’s retention are different. Knowing how men and women react differently to engagement drivers will help you create a targeted retention strategy.

    In particular, to increase the retention and engagement of women, organizations should develop targeted initiatives that focus on:

    • Organizational culture
    • Employee empowerment
    • Manager relationships

    Why organizations need to focus on the recruitment and retention of women in IT

    1. Women expand the talent pool. Women represent a vast, untapped talent pool that can bolster the technical workforce. Unfortunately, traditional IT recruitment processes are targeted toward a limited IT profile – the key to closing the IT skills gap is to look for agile learners and expand your search criteria to cast a larger net.
    2. Diversity increases innovation opportunities. Groups with greater diversity solve complex problems better and faster than homogenous groups, and the presence of women is more likely to increase the problem-solving and creative abilities of the group.
    3. Women increase your ROI. Research shows that companies with the highest representation of women in their management teams have a 34% higher return on investment than those with few or no women. Further, organizations who are unable to retain top women in their organization are at risk for not being able to deliver to SLAs or project expectations and lose the institutional knowledge needed for continuous improvement.
      4. Source: Bureau of Labour Statistics; Info-Tech Research Group/McLean & Company Analysis

    Improving the representation of women in your organization requires rethinking recruitment and retention strategies

    SIGNS YOU MAY NEED A TARGETED RECRUITMENT STRATEGY…

    SIGNS YOU MAY NEED A TARGETED RETENTION STRATEGY…
    • “It takes longer than 8 weeks to fill a posted IT position.”
    • “Less than 35% of applicants to posted positions are women.”
    • “In the last year the number of applicants to posted positions has decreased.”
    • “The number of female employees who have referred employees in the last year is significantly lower than men in the department.”
    • “Less than 35% of your IT workforce is made up of women.”
    • “Proportionally women decline IT roles in higher rates than men in IT.”
    • “Voluntary turnover of high performers and high potentials is above 5%.”
    • “Turnover of women in IT is disproportionate to the percentage of IT staff.”
    • “Employee rankings of the IT department on social networking sites (e.g. Glassdoor) are low.”
    • “Employees are frequently absent from their jobs.”
    • “Less than 25% of management roles in IT are filled by women.”
    • “Employee engagement scores are lower among women than men.”

    Info-Tech’s approach to improving gender diversity at your organization

    Info-Tech takes a practical, tactical approach to improving gender diversity at organizations, which starts with straightforward tactics that will help you improve the recruitment and retention of women in your organization.

    How we can help

    1. Leverage Info-Tech’s tools to define your current challenges and opportunities for gender diversity to improve your recruitment and retention issues.
    2. Employ straightforward and tested tactics to increase talent acquisition of women in IT by optimizing how you sell to, search for, and secure top female talent.
    3. Take a data-driven approach to measure and increase the retention and engagement of women within your IT organization, and know how and when to involve your staff for optimal results.

    Leverage Info-Tech’s customizable deliverables to improve the recruitment and retention of women in your organization

    RECRUIT Top Women in IT

    If you don’t have a targeted recruitment strategy for women, you are missing out on 50% of the candidate pool. Increase the number of viable candidates by leveraging best practices to sell to, search for, and secure top women in IT.

    Key metrics to track:

    • Average number of female candidates per posting
    • Average time to fill position
    • Percentage of new hires still at the organization one year later

    RETAIN Top Women in IT

    The drivers that impact the retention of men and women are different. Take a data-driven approach to improving retention of women in your organization by using best practices to measure and improve employee engagement.

    Key metrics to track:

    • Voluntary turnover rates of men and women
    • Average tenure of men and women
    • Percentage of internal promotions going to men and women
    • Employee engagement scores

    Info-Tech’s methodology for Recruit and Retain More Women in IT

    1. Enhance Your Recruitment Strategies

    2. Enhance Your Retention Strategies

    Phase Steps
    1. Sell:
    • Develop an attractive employee value proposition.
    • Understand the impact of language on applicants.
  • Search:
    • Define meaningful job requirements
    • Evaluate various sourcing pools.
  • Secure:
    • Improve the interview experience.
    • Leverage behavioral interview questions to limit bias.
    1. Drive engagement in key areas correlated with driving higher retention of women in IT.
    2. Train managers to understand key moments that matter in the employee experience.
    3. Understand what motivates key performers to stay at your organization.

    Phase Outcomes

    Recruitment Optimization Plan

    Retention Optimization Plan

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our teams knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 6 calls over the course of 1 to 2 months.

    1. Tactics to Recruit More Women in IT

    Call #1: Develop a strategy to better sell your organization to diverse candidates.

    Call #2: Evaluate your candidate search practices to reach a wider audience.

    Call #3: Introduce best practices in your interviews to improve the candidate experience and limit bias.

    2. Tactics to Retain More Women in IT

    Call #4: Launch focus groups to improve performance of key retention drivers.

    Call #5: Measure the employee experience and identify key moments that matter to staff.

    Call #6: Conduct stay interviews and establish actions to improve retention.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Make the Case

    Develop Strategies to Sell to a Wider Candidate Pool

    Expand Your Talent Sourcing Strategy

    Secure & Retain Top Talent

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Understand trends in IT staffing.

    1.2 Assess your talent lifecycle.

    1.3 Make the case for changes to recruitment and retention strategies.

    2.1 Develop an IT employee value proposition (EVP).

    2.2 Adopt your employee value proposition.

    2.3 Write meaningful job postings.

    3.1 Build realistic job requisition forms.

    3.2 Identify new alternative sourcing approaches for talent.

    3.3 Build a sourcing strategy.

    4.1 Assess key selection challenges.

    4.2 Implement behavioral interview techniques.

    4.3 Measure employee engagement and review results.

    4.4 Develop programs to improve employee engagement.

    4.5 Train managers to conduct stay interviews and drive employee engagement.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. Recruitment & retention metrics report
    2. Business case for recruitment and retention changes
    1. Employee Value Proposition
    2. EVP marketing plan
    3. Revised job ads
    1. Job requisition form for key roles
    2. Sourcing strategy for key roles
    1. Root-cause analysis of section challenges
    2. Behavioral interview guide
    3. Identified employee engagement action plan
    4. Action plan to execute stay interviews
    1. Completed recruitment optimization plan
    2. Completed retention optimization plan

    Phase 1

    Enhance Your Recruitment Strategies

    Phase 1

    • 1.1 Sell
    • 1.2 Search
    • 1.3 Secure

    Phase 2

    • 2.1 Engagement
    • 2.2 Employee Experience
    • 2.3 Stay Interviews

    Consider key factors within the recruitment process

    Key Talent Pipeline Opportunities:

    • In today’s talent landscape IT leaders need to be highly strategic about how they recruit new talent to the organization.
    • IT professionals have a huge number of options to choose from when considering their next career.
    • IT leaders need to actively market and expand their search to attract top talent. The “where” and “how” to recruit men and women in IT are different and your strategy should reflect this.
    • Partnering with your HR department to help you improve the number of applicants, expand your search criteria, and optimize the interview experience will all directly impact your talent pipeline.
    1. Sell

      2. How do you position the value of working for your organization and roles in a meaningful way?

    2. Search

      3. How can you expand your key search criteria and sourcing strategies to reach more candidates?

    3. Secure

      4. How can you reduce bias in your interview process and create positive candidate experiences?

    Info-Tech’s Sell-Search-Secure recruitment model

    Follow these steps to increase your pool of female candidates.

    1. Sell Tactics:

      2. 1. Develop an employee value proposition that will attract female candidates.

      2. Understand how your job postings may be deterring female candidates.

    2. Search Tactics:

      3. 3. Identify opportunities to expand your role analysis for job requisitions.

      4. Increase your candidate pool by expanding sourcing programs.

    3. Secure Tactics:

      4. 5. Identify tactics to improve women’s interview experience.

      6. Leverage behavioral interview questions to limit bias in interviews.

    Please note, this section is not a replacement or a full talent strategy. Rather, this blueprint will highlight key tactics within talent acquisition practices that the IT leadership team can help to influence to drive greater diversity in recruitment.

    Understand where leaks exist in your talent pipeline

    Start your recruitment enhancement here.

    Work with your HR department to track critical metrics around where you need to make improvements and where you can partner with your recruitment team to improve your recruitment process and build a more diverse pipeline. Identify where you have significant drops or variation in diversity or overall need and select where you’d like to focus your recruitment improvement efforts.

    Selection Process Step

    Sample Metrics to Track
    Sell

    Average time to fill a vacant position

    Average number of applicants for posted positions

    Total # of Candidates; # of Male Candidates (% of total);

    # of Female Candidates (% of total); % Difference Male & Female

    Number of page visits vs. applications for posted positions

    Total # of Candidates

    # of Male Candidates

    % of total

    # of Female Candidates

    % of total

    % Difference Male & Female
    Search

    Number of applicants coming from your different sourcing channels (one line per sourcing channel: LinkedIn Group A, website, job boards, specific events, etc.)

    Number of applicants coming from referrals

    Secure

    Number of applicants meeting qualifications

    Number of applicants selected for second interview

    Number of applicants rejecting an offer

    Number of applicants accepting an offer

    Number of employees retained for one year

    Enhance your recruitment strategies

    The way you position the organization impacts who is likely to apply to posted positions. Ensure you are putting a competitive foot forward by developing a unique, meaningful, and aspirational employee value proposition and clear job descriptions.

    Sell the organization

    What is an employee value proposition?

    An employee value proposition (EVP) is a unique and clearly defined set of attributes and benefits that capture an employee’s overall work experience within an organization. An EVP is your opportunity to showcase the unique benefits and opportunities of working at your organization, allowing you to attract a wider pool of candidates.

    How is an employee value proposition used?

    Your EVP should be used internally and externally to promote the unique benefits of working within the department. As a recruiting tool, you can use it to attract candidates, highlighting the benefits of working for your organization. The EVP is often highlighted where you are most likely to reach your target audience, whether that is through social media, in-person events, or in other advertising activities.

    Why tailor this to multiple audiences?

    While your employee value proposition should remain constant in terms of the unique benefits of working for your organization, you want to ensure that the EVP appeals to multiple audiences and that it is backed up by relevant stories that support how your organization lives your EVP every day. Candidates need to be able to relate to the EVP and see it as desirable, so ensuring that it is relatable to a diverse audience is key.

    Develop a strong employee value proposition

    Three key steps

    The image contains a cycle to demonstrate the three key steps. The steps are: Build and Assess the EVP, Test the EVP, and Adopt the EVP.

    1. Build and Assess the EVP

    Assess your existing employee value proposition and/or build a forward-looking, meaningful, authentic, aspirational EVP.

    2. Test the EVP

    Gather feedback from staff to ensure the EVP is meaningful internally and externally.

    3. Adopt the EVP

    Identify how and where you will leverage the EVP internally and externally, and integrate the EVP into your candidate experience, job ads, and employee engagement initiatives.

    As you build your EVP, keep in mind that while it’s important to brand your IT organization as an inclusive workplace to help you attract diverse candidates, be honest about your current level of diversity and your intentions to improve. Otherwise, new recruits will be disappointed and leave.

    What is an employee value proposition?

    And what are the key components?

    The employee value proposition is your opportunity to showcase the unique benefits and opportunities of working at your organization, allowing you to attract a wider pool of candidates.

    AN EMPLOYEE VALUE PROPOSITION IS:

    AN EMPLOYEE VALUE PROPOSITION IS NOT:
    • An authentic representation of the employee experience
    • Aligned with organizational culture
    • Fundamental to all stages of the employee lifecycle
    • A guide to help investment in programs and policies
    • Short and succinct
    • What the employee can do for you
    • A list of programs and policies
    • An annual project

    THE FOUR KEY COMPONENTS OF AN EMPLOYEE VALUE PROPOSITION

    Rewards

    Organizational Elements

    Working Conditions

    Day-to-Day Job Elements
    • Compensation
    • Health Benefits
    • Retirement Benefits
    • Vacation
    • Culture
    • Customer Focus
    • Organization Potential
    • Department Relationships
    • Senior Management Relationships
    • Work/Life Balance
    • Working Environment
    • Employee Empowerment
    • Development
    • Rewards & Recognition
    • Co-Worker Relationships
    • Manager Relationships

    Creating a compelling EVP that presents a picture of your employee experience, with a focus on diversity, will attract females to your team. This can lead to many internal and external benefits for your organization.

    Collect relevant information

    Existing Employee Value Proposition: If your organization or IT department has an existing employee value proposition, rather than starting from scratch, we recommend leveraging that and moving to the testing phase to see if the EVP still resonates with staff and external parties.

    Employee Engagement Results: If your organization does an employee engagement survey, review the results to identify the areas in which the IT organization is performing well. Identify and document any key comment themes in the report around why employees enjoy working for the organization or what makes your IT department a great place to work.

    Social Media Sites. Prepare for the good, the bad, and the ugly. Social media websites like Glassdoor and Indeed make it easier for employees to share their experiences at an organization honestly and candidly. While postings on these sites won’t relate exclusively to the IT department, they do invite participants to identify their department in the organization. You can search these to identify any positive things people are saying about working for the organization and potentially opportunities for improvement (which you can use as a starting point in the retention section of this report).

    Step 1.1

    Sell – Assess the current state and develop your employee value proposition

    Activities

    1.1.1 Gather feedback on unique benefits

    1.1.2 Build key messages

    1.1.3 Test your EVP

    1.1.4 Adopt your EVP

    1.1.5 Review job postings for gender bias

    1.1.1 Gather feedback

    1. Hold a series of focus groups with employees to understand what about the organization attracted them to join and to stay at the organization.
    2. Start by identifying if you will interview all employees or a subset. If you are going to use a subset, ensure you have at least one male and one female participating from each team and representation of all levels within the department.
    3. Print the EVP Interview Guide to focus your conversation, and ask each individual to take 15 minutes and respond to questions 1-3 in the Guide:
    4. Draw a quadrant on the board and mark each quadrant with four categories: Day-to-Day Elements, Organizational Elements, Compensation & Benefits, and Working Conditions. Provide each participant with sticky notes and ask them to brainstorm the top five things they value most about working at the organization. Ask them to place each sticky in the appropriate category and identify any key themes.
    5. Ask participants to hand in their EVP Interview Guides and document all of the key findings.

    Input

    Output
    • Employee opinions
    • Employee responses to four EVP components
    • Content for EVP

    Materials

    Participants
    • EVP Interview Guide handout
    • Pen and paper for documenting responses
    • Male and female employees
    • Different departments
    • Different role levels

    Download the EVP Interview Guide

    1.1.2 Build key messages

    1. Collect all of the information from the various focus groups and begin to build out the employee value proposition statements.
    2. Identify the key elements that staff felt were unique and highly valued by employees and group these into common themes.
    3. Identify categories that related to one of the five key drivers* of women’s retention in IT and highlight any key elements related to these:
    • Culture: The degree to which an employee identifies with the beliefs, values, and attitudes of the organization.
    • Company Potential: An employee’s understanding, commitment, and excitement about the organization’s mission and future.
    • Employee Empowerment: The degree to which employees have accountability and control over their work within a supported environment.
    • Learning and Development: A cooperative and continuous effort to enhance an employee’s skill set and expertise and meet an employee’s career objectives.
    • Manager Relationships: The professional and personal relationship an employee has with their manager, including trust, support, and development.
  • Identify up to four key statements to focus on for the EVP, ensuring that your EVP speaks to at least one of the five categories above.
  • Integrate these into one overall statement.

    • *See Engagement Driver Handout slides for more details on these five drivers.

    Input

    Output

    • Feedback from focus groups
    • EVP and supporting statements

    Materials

    Participants

    • EVP Interview Guide handout
    • Pen and paper for documenting responses
    • IT leadership team

    Quality test your revised EVP

    Use Info-Tech’s EVP Scorecard.

    Internally and Externally

    Use the EVP Scorecard and EVP Scorecard Handout throughout this step to assess your EVP against:

    Internal Criteria:

    • Accuracy
    • Alignment
    • Aspirational
    • Differentiation

    External Criteria:

    • Clear
    • Compelling
    • Concise
    • Differentiation
    The image contains screenshots of Info-Tech's EVP Scorecard.

    Ensure your EVP resonates with employees and prospects

    Test your EVP with internal and external audiences.

    INTERNAL TEST REVOLVES AROUND THE 3A’s

    EXTERNAL TEST REVOLVES AROUND THE 3C’s

    ALIGNED: The EVP is in line with the organization’s purpose, vision, values, and processes. Ensure policies and programs are aligned with the organization’s EVP.

    CLEAR: The EVP is straightforward, simple, and easy to understand. Without a clear message in the market, even the best intentioned EVPs can be lost in confusion.

    ACCURATE: The EVP is clear and compelling, supported by proof points. It captures the true employee experience, which matches the organization’s communication and message in the market.

    COMPELLING: The EVP emphasizes the value created for employees and is a strong motivator to join this organization. A strong EVP will be effective in drawing in external candidates. The message will resonate with them and attract them to your organization.

    ASPIRATIONAL: The EVP inspires both individuals and the IT organization as a whole. Identify and invest in the areas that are sure to generate the highest returns for employees.

    COMPREHENSIVE: The EVP provides enough information for the potential employee to understand the true employee experience and to self-assess whether they are a good fit for your organization. If the EVP lacks depth, the potential employee may have a hard time understanding the benefits and rewards of working for your organization.

    1.1.3 Test your EVP

    1. Identify the internal and external individuals who you want to gather feedback from about the EVP.
    2. For internal candidates, send a copy of the EVP and ask them to complete the Internal Assessment (ensure that you have at least 50% representation of women).
    3. For external candidates, identify first how you will reach out to them; popular options are to have team members in key roles reach out to members of their LinkedIn network who are in similar roles to themselves. Request that they look for a diverse group to gather feedback from.
    4. Have the external candidates complete the External Assessment.
    5. Collect the feedback around the EVP and enter the findings into the EVP Scorecard Tool.
    6. If you are dissatisfied with the scorecard results, go back to the employees you interviewed to ask for additional feedback, focusing on the areas that scored low.
    7. Incorporate the feedback and present the revised EVP to see if the changes resonate with stakeholders.
    8. If you are satisfied with the results, present to the leadership and HR teams for agreement and proceed to adopting the EVP in your organization.

    Input

    Output

    • Internal assessment
    • External assessment
    • Finalized EVP

    Materials

    Participants

    • EVP Internal Assessmentt
    • EVP External Assessment
    • Internal staff members
    • External IT professionals

    1.1.4 Adopt your EVP

    Identify your target audience and marketing channels.

    1. Identify the internal and external individuals who you want to gather feedback from about the EVP.
    • The target audience for your employee value proposition
    • Internal and/or external
    • Local, national, international
    • Experience
    • Applicant pool (e.g. new graduates, professionals, internship)
  • For each target audience, identify where you want to reach them with your employee value proposition.
    • Internal: Town hall meetings, fireside chats
    • External: Social media, advertising, job postings
    • Global: Professional affiliations, head hunters
  • For each target audience, build the communication strategy and identify messaging, mediums, timeline, and task ownership.

    • Input

    Output

    • Employee value proposition
    • EVP plan

    Materials

    Participants

    • Pen and paper
    • EVP participants

    Case Study

    INDUSTRY: Restaurant

    SOURCE: McDonald’s Careers, Canadian Business via McLean & Company

    McDonald’s saw a divide between employee experience and its vision. McDonald’s set out to reinvent its employer image and create the reputation it wanted.

    Challenge

    • Historically, McDonald’s has had a challenging employer brand. Founded on the goal of cost effectiveness, a “McJob” was often associated with lower pay and a poor reputation.
    • McDonald’s reached out to employees using a global survey and asked, “What is it you love most about working at McDonald’s?”

    Solution

    • McDonald’s revaluated its employer brand by creating an EVP focused on the three F’s.
    1. Future – career growth and development opportunities
    2. Flexibility – flexible working hours and job variety
    3. Family & Friends – a people-centric work culture

    Results

    • As a result of developing and promoting its EVP internally, McDonald’s has experienced higher engagement and a steady decrease in turnover.
    • Externally, McDonald’s has been recognized numerous times by the Great Place to Work Institute and has been classified by Maclean’s magazine as one of Canada’s top 50 employers for 13 years running.

    Make your job descriptions more attractive to female applicants

    10 WAYS TO REMOVE GENDER BIAS FROM JOB DESCRIPTIONS – GLASSDOOR – AN EXCERPT

    1. USE GENDER-NEUTRAL TITLES: Male-oriented titles can inadvertently prevent women from clicking on your job in a list of search results. Avoid including words in your titles like “hacker,” “rockstar,” “superhero,” “guru,” and “ninja,” and use neutral, descriptive titles like “engineer,” “project manager,” or “developer.
    2. CHECK PRONOUNS: When describing the tasks of the ideal candidate, use “they” or “you.” Example: “As Product Manager for XYZ, you will be responsible for setting the product vision and strategy.
    3. AVOID (OR BALANCE) YOUR USE OF GENDER-CHARGED WORDS: Analysis from language tool Textio found that the gender language bias in your job posting predicts the gender of the person you’re going to hire. Use a tool like Textio tool or the free Gender Decoder to identify problem spots in your word choices. Examples: “Analyze” and “determine” are typically associated with male traits, while “collaborate” and “support” are considered female. Avoid aggressive language like “crush it.
    4. AVOID SUPERLATIVES: Excessive use of superlatives such as “expert,” “superior,” and “world class” can turn off female candidates who are more collaborative than competitive in nature. Research also shows that women are less likely than men to brag about their accomplishments. In addition, superlatives related to a candidate’s background can limit the pool of female applicants because there may be very few females currently in leading positions at “world-class” firms
    5. LIMIT THE NUMBER OF REQUIREMENTS: Identify which requirements are “nice to have” versus “must have,” and eliminate the “nice to haves.” Research shows that women are unlikely to apply for a position unless they meet 100 percent of the requirements, while men will apply if they meet 60 percent of the requirements.

    For the full article please click here.

    1.1.5 Review job postings

    To understand potential gender bias

    1. Select a job posting that you are looking to fill, review the descriptions, and identify if any of the following apply:
    • Are the titles gender neutral? This doesn’t mean you can’t be creative in your naming, but consider if the name really represents the role you are looking to fill.
    • Do you use pronouns? If there are instances where the posting says “he” OR “she” change this to “they” or “you.”
    • Are you overusing superlatives? Review the posting and ensure that when words like “expert” or “world class” are used that you genuinely need someone who is at that level.
    • Are all of the tasks/responsibilities listed the ones that are absolutely essential to the job? Women are less likely to apply if they don’t have direct experience with 100% of the criteria – if it’s a non-essential, consider whether it’s needed in the posting.
    • Is there any organization-specific jargon used? Where possible, avoid using organization-specific jargon in order to create an inclusive posting. Avoid using terms/acronyms that are only known to your organization.
  • Select four to six members of your staff, both male and female, and have them highlight within the job posting what elements appeal to them and what elements do not appeal to them or would concern them about the job.
  • Review the feedback from staff, and identify potential opportunities to reduce bias within the posting.

    • Input

    Output

    • Job posting
    • Updated job posting

    Materials

    Participants

    • Pen and paper
    • IT staff members

    Case Study

    INDUSTRY: Social Media

    SOURCE: Buffer Open blog

    When the social media platform Buffer replaced one word in a job posting, it noticed an increase in female candidates.

    Challenge

    For the social media platform Buffer, all employees were called “hackers.” It had front-end hackers, back-end hackers, Android hackers, iOS hackers, and traction hackers.

    As the company began to grow and ramp up hiring, the Chief Technology Officer, Sunil Sadasivan, noticed that Buffer was seeing a very low percentage of female candidates for these “hacker” jobs.

    In researching the challenge in lack of female candidates, the Buffer team discovered that the word “hacker” may be just the reason why.

    Solution

    Understanding that wording has a strong impact on the type of candidates applying to work for Buffer started a great and important conversation on the Buffer team.

    Buffer wanted to be as inviting as possible in job listings, especially because it hires for culture fit over technical skill.

    Buffer went through a number of wording choices that could replace “hacker,” and ended on the term “developer.” All external roles were updated to reflect this wording change.

    Results

    By making this slight change to the wording used in their jobs, Buffer went from seeing a less than 2% female representation of applicants for developer jobs to around 12% female representation for the same job.

    Step 1.2

    Search – Reach more candidates by expanding key search criteria and sourcing strategies

    Activities

    1.2.1 Complete role analysis

    1.2.2 Expand your sourcing pools

    Enhance your recruitment strategies

    Sourcing shouldn’t start with an open position; it should start with identifying an anticipated need and building and nurturing a talent pipeline. IT participation in this is critical to effectively promote the employee experience and foster relationships before candidates even apply.

    Expand your search

    What is a candidate sourcing program?

    A candidate sourcing program is one element of the overall HR sourcing approach, which consists of the overall process (steps to source talent), the people responsible for sourcing, and the programs (internal talent mobility, social media, employee referral, alumni network, campus recruitment, etc.).

    What is a sourcing role analysis?

    Part of the sourcing plan will outline how to identify talent for a role, which includes both the role analysis and the market assessment. The market assessment is normally completed by the HR department and consists of analyzing the market conditions as they relate to specific talent needs. The role analysis looks at what is necessary to be successful in a role, including competencies, education, background experience, etc.

    How will this enable you to attract female candidates?

    Expanding your sourcing programs and supporting deeper role analysis will allow your HR department to reach a larger candidate pool and better understand the type of talent that will be successful in roles within your organization. By expanding from traditional pools and criteria you will open the organization up to a wider variety of talent options.

    Minimize bias in sourcing to hire the right talent and protect against risk

    Failure to take an inclusive approach to sourcing will limit your talent pool by sidelining entire groups or discouraging applicants from diverse backgrounds. Address bias in sourcing so that diverse candidates are not excluded from the start. Solutions such as removing biographical data from CVs prior to interviews may reduce bias, but they may come too late to impact diversity.

    Potential areas of bias in sourcing:

    Modifications to reduce bias:

    Intake Session

    • Describing a specific employee when identifying what it takes to be successful in the role. This may include attributes that do not actually promote success (e.g. school or program) but will decrease diversity of thought.
    • Hiring managers display a “like me” bias where they describe a successful candidate as similar to themselves.
    • Focus on competencies for the role rather than attributes of current employees or skills. Technology is changing rapidly – look for people who have demonstrated a capability over a specific skill.

    Sourcing Pools

    • Blindly hunting or sourcing individuals from a few sources, assuming that these sources are always better than others (e.g. Ivy League schools always produce the best candidates).
    • Expand sources. Don’t exclude diverse sources because they’re not popular.
    • Objectively measure source effectiveness to address underlying assumptions.

    1.2.1 Role analysis

    Customize a sourcing plan for key roles to guide talent pipeline creation.

    1. Complete a role analysis to understand key role requirements. If you are hiring for an existing role, start by taking an inventory of who your top and low performers are within the role today.
    2. Consider your top performers and identify what a successful employee can do better than a less successful one. Start by considering their alignment with job requirements, and identify the education, designations/certifications, and experiences that are necessary for this job. Do not limit yourself; carefully consider if the requirements you are including are actually necessary or just nice to have.

      3. Required Entry Criteria

      Preferred Entry Criteria

      Education
      • University Degree – Bachelors
      • University Degree – Masters

      Experience
      • 5+) years design, or related, experience
      • Experience leading a team
      • External consulting experience
      • Healthcare industry experience

      Designations/Certifications
      • ITIL Foundations
    3. Review Info-Tech’s Job Competency Library in the Workforce Planning Workbook, identify the key competencies that are ideal for this anticipated role, and write a description of how this would manifest in your organization.

      4. Competency

      Level of Proficiency

      Behavioral Descriptions

      Business Analysis

      Level 2: Capable
      • Demonstrates a basic understanding of business roles, processes, planning, and requirements in the organization.
      • Demonstrates a basic understanding of how technologies assist in business processes.
      • Develop basic business cases using internal environment analysis for the business unit level.
    4. Hold a meeting with your HR team or recruiter to highlight the types of experience and competencies you are looking for in a hire to expand the search criteria.

    Target diverse talent pools through different sources

    When looking to diversify your workforce, it’s critical that you look to attract and recruit talent from a variety of different talent pools.

    SOURCING APPROACH

    INTERNAL MOBILITY PROGRAM

    Positioning the right talent in the right place, at the right time, for the right reasons, and supporting them appropriately. Often tied to succession or workforce planning, mentorship, and learning and development.

    SOCIAL MEDIA PROGRAM

    The widely accessible electronic tools that enable anyone to publish and access information, collaborate on common efforts, and build relationships. Think beyond the traditional and consider niche social media platforms.

    EMPLOYEE REFERRAL PROGRAM

    Employees recommend qualified candidates. If the referral is hired, the referring employee typically receives some sort of reward.

    ALUMNI PROGRAM

    An alumni referral program is a formalized way to maintain ongoing relationships with former employees of the organization.

    CAMPUS RECRUITING PROGRAM

    A formalized means of attracting and hiring individuals who are about to graduate from schools, colleges, or universities.

    EVENTS & ASSOCIATION PROGRAM

    A targeted approach for participation in non-profit associations and industry events to build brand awareness of your organization and create a forward-looking talent pipeline.

    1.2.2 Expand your sourcing pools

    Increase the number of female applicants.

    1. Identify where your employees are currently being sourced from and identify how many female candidates you have gotten from each channel as a percentage of applicants.

      2. # of Candidates From Approach

      % of Female Candidates From Approach

      Target # of Female Candidates

      Internal Talent Mobility

      Social Media Program

      Employee Referral Program

      Alumni Program

      Campus Recruiting Program

      Events & Non-Profit Affiliations

      Other (job databases, corporate website, etc.)
    2. Work with your HR partner or organization’s recruiter to identify three recruitment channels from the list that you will work on expanding.
    3. Review the following two slides and identify key success factors for the implementation. Identify what role IT will play and what role HR will play in implementing the approach.
    4. Following implementation, monitor the impact of the tactics on the number of women candidates and determine whether to add additional tactics.

    Different talent sources

    Benefits and success factors of using different talent sources

    Benefits

    Keys to Success

    Internal Mobility Program

    • Drives retention by providing opportunities to develop professionally
    • Provides a ready pipeline for rapid changes
    • Reduces time and cost of recruitment
    • Identify career pathing opportunities
    • Identify potential successors for succession planning
    • Build learning and development and mentorship

    Social Media Program

    • Access to candidates
    • Taps extended networks
    • Facilitates consistent communication with candidates and talent in pipelines
    • Personalizes the candidate experience
    • Identify platforms – common and niche
    • Talk to your top performers and IT network and identify which sites they use
    • Identify how people use that platform – nature of posts and engagement
    • Define what content to share and who from IT should be engaging
    • Be timely with participation and responses

    Employee Referral Program

    • Higher applicant-to-hire rate
    • Decreased time to fill positions
    • Decreased turner
    • Increased quality of hire
    • Expands your network – women in IT often know other qualified women in IT and in project delivery
    • Educate employees (particularly female employees) to participate
    • Send reminders, incorporate into onboarding, and ask leaders to share job openings
    • Make it easy to share jobs by providing templates and shortened URLs
    • Where possible, simplify the process by avoiding paper forms, reaching out quickly
    • Select metrics that will identify areas of strength and gaps in the referral program

    Alumni Program

    • A formalized way to maintain ongoing relationship with former employees
    • Positive branding as alumni are regarded as a credible source of information
    • Source of talent – boomerang employees are doubly as valuable as they understand the organization
    • Increased referral potential provides access to a larger network and alumni know what is required to be successful in the organization
    • Identify the purpose of the network and set clear goals
    • Identify what the network will do: Will the network be virtual or in person? Who will chair? Who should participate? etc.
    • Create a simple process for alumni to share information about vacancies and refer people
    • Measure progress

    Campus Recruiting Program

    • Increases employer brand awareness among talent entering the workforce
    • Provides the opportunity to interact with large groups of potential candidates at one time
    • Offers access to a highly diverse audience
    • Identify key competencies and select programs based on relevant curriculum for building those competencies
    • Select targeted schools keeping in mind programs and existing relationships
    • Work with HR to get involved

    Events & Non-Profit Affiliations

    • Create a strong talent pipeline for future positions
    • Build relationships based on shared values in a comfortable environment for participants
    • Ability to expand diversity by targeting different types of events or by leveraging women-focused, specifically women in technology, groups
    • Look for events that attract similar participants to the skills or roles you are looking to attract, e.g. Women Who Code if you’re looking for developers
    • Actively engage and participate in the event
    • Couple this with learning and development activities, and invite female top performers to participate

    Enhance your recruitment strategies

    Work with your HR department to influence the recruitment process by taking a data-driven approach to understand the root cause of applicant drop-off and success and take corrective actions.

    Secure top candidates

    Why does the candidate experience matter?

    Until recently it was an employer’s market, so recruiters and hiring managers were able to get good talent without courting top candidates. Today, that’s not the case. You need to treat your IT candidates like customers and be mindful that this is often one of the first experiences future staff will have with the organization. It will give them their first real sense of the culture of the organization and whether they want to work for the organization.

    What can IT leaders do if they have limited influence over the interview process?

    Work with your HR department to evaluate the existing recruitment process, share challenges you’ve experienced, and offer additional support in the process. Identify where you can influence the process and if there are opportunities to build service-level agreements around the candidate experience.

    Take a data-driven approach

    Understand opportunities to enhance the talent selection process.

    While your HR department likely owns the candidate experience and processes, if you have identified challenges in diversity we recommend partnering with your HR department or recruitment team to identify opportunities for improvement within the process. If you are attracting a good amount of candidates through your sell and search tactics but aren’t finding that this is translating into more women selected, it’s time to take a look at your selection processes.

    SIMPLIFIED CANDIDATE SELECTION PROCESS STEPS

    1. Application Received
    2. Candidate Selected for Interview
    3. Offer Extended
    4. Offer Accepted
    5. Onboarding of Staff

    To understand the challenges within your selection process, start by baselining your drop-off rates throughout selection and comparing the differences in male and female candidates. Use this to pin point the issues within the process and complete a root-cause analysis to identify where to improve.

    Step 1.3

    Secure – reduce bias in your interview process and create positive candidate experiences

    Activities

    1.3.1 Identify selection challenges

    1.3.1 Identify your selection challenges

    Review your candidate data.

    1. Hold a meeting with your HR partner to identify trends in your selection data. If you have an applicant tracking system, pull all relevant information for analysis.
    2. Start by identifying the total number of candidates that move forward in each stage of the process. Record the overall number of applicants for positions (should have this number from your sourcing analysis), overall number of candidates selected for interviews, overall number of offers extended, overall number of offers rejected, and overall number of employees still employed after one year.
    3. Identify the number of female and male candidates in each of those categories and as a percentage of the total number of applicants.

      4. Selection Process Step

      Total # of Candidates

      Male Candidates

      Female Candidates

      % Difference Male & Female

      #

      #

      % of total

      #

      % of total

      Applicants for Posted Position

      150

      115

      76.7%

      35

      23.3%

      70% fewer females

      Selected for Interview

      (Selected for Second Interview)

      (Selected for Final Interview)

      Offer Extended

      Offer Rejected

      Employees Retained for One Year
    4. Identify where there are differences in the percentages of male and female candidates and where there are significant drop-off rates between steps in the process.

    Note: For larger organizations, we highly recommend analyzing differences in specific teams/roles and/or at different seniority levels. If you have that data available, repeat the analysis, controlling for those factors.

    Root-cause analysis can be conducted in a variety of ways

    Align your root-cause analysis technique with the problem that needs to be solved and leverage the skills of the root-cause analysis team.

    Brainstorming/Process of Elimination

    After brainstorming, identify which possible causes are not the issue’s root cause by removing unlikely causes.

    The Five Whys

    Use reverse engineering to delve deeper into a recruitment issue to identify the root cause.

    Ishikawa/Fishbone Diagram

    Use an Ishikawa/fishbone diagram to identify and narrow down possible causes by categories.

    Process of elimination

    Leveraging root-cause analysis techniques.

    Using the process of elimination can be a powerful tool to determine root causes.

    • To use the process of elimination to determine root cause, gather the participants from within your hiring team together once you have identified where your issues are within the recruitment process and brainstorm a list of potential causes.
    • Like all brainstorming exercises, remember that the purpose is to gather the widest possible variety of perspectives, so be sure not to eliminate any suggested causes out of hand.
    • Once you have an exhaustive list of potential causes, you can begin the process of eliminating unlikely causes to arrive at a list of likely potential causes.

    Example

    Problem: Women candidates are rejecting job offers more consistently

    Potential Causes

    • The process took too long to complete
    • Lack of information about the team and culture
    • Candidates aren’t finding benefits/salary compelling
    • Lack of clarity on role expectations
    • Lack of fit between candidate and interviewers
    • Candidates offered other positions
    • Interview tactics were negatively perceived

    As you brainstorm, ensure that you are identifying differentiators between male and female candidate experiences and rationale. If you ask candidates their rationale for turning down roles, ensure that these are included in the discussion.

    The five whys

    Leveraging root-cause analysis techniques

    Repeatedly asking “why” might seem overly simplistic, but it has the potential to be useful.

    • It can be useful, when confronting a problem, to start with the end result and work backwards.
    • According to Olivier Serrat, a knowledge management specialist at the Asian Development Bank, there are three key components that define successful use of the five whys: “(i) accurate and complete statements of problems, (ii) complete honesty in answering the questions, and (iii) the determination to get to the bottom of problems and resolve them.”
    • As a group, develop a consensus around the problem statement. Go around the room and have each person suggest a potential reason for its occurrence. Repeat the process for each potential reason (ask “why?”) until there are no more potential causes to explore.
    • Note: The total number of “whys” may be more or less than five.

    Example

    The image contains an example of the five whys activity as described in the text above.

    Ishikawa/fishbone diagram

    Leveraging root-cause analysis techniques.

    Use this technique to sort potential causes by category and match them to the problem.

    • The first step in creating a fishbone diagram is agreeing on a problem statement and populating a box on the right side of a whiteboard or a piece of chart paper.
    • Draw a horizontal line left from the box and draw several ribs on either side that will represent the categories of causes you will explore.
    • Label each rib with relevant categories. In the recruitment context, consider cause categories like technology, interview, process, etc. Go around the room and ask, “What causes this problem to happen?” Every result produced should fit into one of the identified categories. Place it there, and continue to brainstorm sub-causes.

    The image contains a screenshot example of the Ishikawa/fishbone diagram.

    Info-Tech Best Practice

    Avoid naming individuals in the fishbone diagram. The goal of the root-cause exercise is not to lay blame or zero in on a guilty party but rather to identify how you can rectify any challenges.

    Leverage behavioral interviews

    Use Info-Tech’s Behavioral Interview Questions Library.

    Reduce bias in your interviews.

    In the past, companies were pushing the boundaries of the conventional interview, using unconventional questions to find top talent, e.g. “what color is your personality?” The logic was that the best people are the ones who don’t necessarily show perfectly on a resume, and they were intent on finding the best.

    However, many companies have stopped using these questions after extensive statistical analysis revealed there was no correlation between candidates’ ability to answer them and their future performance on the job. Hiring by intuition – or “gut” – is usually dependent on an interpersonal connection being developed over a very short period of time. This means that people who were naturally likeable would be given preferential treatment in hiring decisions whether they were capable of doing the job.

    Asking behavioral interview questions based on the competency needs of the role is the best way to uncover if the candidates will be able to execute on the job.

    For more information see Info-Tech’s Behavioral Interview Question Library.

    The image contains screenshots of Info-Tech's Behavioral Interview Questions Library.

    Improve the level of diversity in your organization by considering inclusive candidate selection practices

    Key action items to create inclusivity in your candidate selection practices:

    1. Managers must be aware of how bias can influence hiring. Encourage your HR department to provide diversity training for recruiters and hiring managers. Ensure those responsible for recruitment are using best practices, are aware of the impact of unconscious bias, and are making decisions in alignment with your DEI strategy.
    2. Use a variety of interviewers to leverage multiple/diverse perspectives. Hiring decisions made by a group can offer a more balanced perspective. Include interviewers from multiple levels in the organization and both men and women.
    3. Hire for distinguished excellence. Be careful not to simply choose the same kind of people over and over, in the name of cultural fit (Source: Recruiter.com, 2015).

      4. Broaden the notion of fit:

    • Hire for skill fit: you might still hire certain types for a specific job (e.g. analytical types for analysis positions), but these candidates can still be diverse.
    • Hire for fit with your organization’s DEI values, regardless of whether the candidate is from a diverse background or not.
    • It can be tempting for hiring managers to hire individuals who are similar to themselves. However, doing so limits the amount of diversity entering your organization, and as a result, limits your organization’s ability to innovate.
  • Deliberately hire for cognitive diversity. Diverse thought processes, perspectives, and problem-solving abilities are positively correlated with firm performance (Source: Journal of Diversity Management, 2014).

    • Leverage a third-party tool

    Ensure recruiting and onboarding programs are effective by surveying your new hires.

    For a deeper analysis of your new hire processes Info-Tech’s sister company, McLean & Company, is an HR research and advisory firm that offers powerful diagnostics to measure HR processes effectiveness. If you are finding diversity issues to be systemic within the organization, leveraging a diagnostic can greatly improve your processes.

    Use this diagnostic to get vital feedback on:

    • Recruiting efforts. Find out if your job marketing efforts are successful, which paths your candidates took to find you, and whether your company is maintaining an attractive profile.
    • Interviewing process. Ensure candidates experience an organized, professional, and ethical process that accurately sets their expectations for the job.
    • Onboarding process. Make sure your new hires are being trained and integrated into their team effectively.
    • Organizational culture. Is your culture welcoming and inclusive? You need to know if top talent enjoy the environment you have to offer.
    The image contains a screenshot of the New Hire Survey.

    For more information on the New Hire Survey click here. If you are interested in referring your HR partner please contact your account manager.

    Phase 2

    Enhance Your Retention Strategies

    Phase 1

    • 1.1 Sell
    • 1.2 Search
    • 1.3 Secure

    Phase 2

    • 2.1 Engagement
    • 2.2 Employee Experience
    • 2.3 Stay Interviews

    Actively engage female staff to retain them

    Employee engagement: the measurement of effective management practices that create a positive emotional connection between the employee and the organization.

    Engaged employees do what’s best for the organization: they come up with product/service improvements, provide exceptional service to customers, consistently exceed performance expectations, and make efficient use of their time and resources. The result is happy customers, better products/services, and saved costs.

    Today, what we find is that 54% of women in IT are not engaged,* but…

    …engaged employees are: 39% more likely to stay at an organization than employees who are not engaged.*

    Additionally, engaging your female staff also has the additional benefit of increasing willingness to innovate by 30% and performance by 28%. The good news is that increasing employee engagement is not difficult, it just requires dedication and an effective toolkit to monitor, analyze, and implement tactics.*

    * Info-Tech and McLean & Company Diagnostics; N=1,308 IT employees

    Don’t seek to satisfy; drive IT success through engagement

    The image contains a screenshot of a diagram that highlights the differences between satisfied and engaged employees.

    Engagement drivers that impact retention for men and women are different – tailor your strategy to your audience

    Ranked correlation of impact of engagement drivers on retention

    The image contains a screenshot that demonstrates the differences in retaining men and women in IT.

    * Recent data stays consistent, but the importance of compensation and recognition in retaining women in IT is increasing.

    Info-Tech Research Group Employee Engagement Diagnostic; N=1,856 IT employees.

    An analysis of the differences between men and women in IT’s drivers indicates that women in IT are significantly less likely than men in IT to agree with the following statements:

    Culture:

    • They identify well with the organization’s values.
    • The organization has a very friendly atmosphere.

    Employee Empowerment:

    • They are given the chance to fully leverage their talents through their job.

    Manager Relationships:

    • They can trust their manager.
    • Their manager cares about them as a person

    Working Environment:

    • They have not seen incidents of discrimination at their organization based on age, gender, sexual orientation, religion, or ethnicity.

    Enhance your retention strategies

    Employee engagement is one of the greatest predictors of intention to stay. To retain you need to understand not only engagement but also your employee experience – the moments that matter – and actively work to create a positive experience.

    Improve employee engagement

    What differentiates an engaged employee?

    Engaged employees do what’s best for the organization: they come up with product/service improvements, provide exceptional service to customers, consistently exceed performance expectations, and make efficient use of their time and resources. The result is happy customers, better products/services, and saved costs.

    Why measure engagement when looking at retention?

    Engaged employees report 39%1 higher intention to stay at the organization than disengaged employees. The cost of losing an employee is estimated to be 150% to 200% of their annual salary.2 Can you afford to not engage your staff?

    Why should IT leadership be responsible for their staff engagement?

    Engagement happens every day, through every interaction, and needs to be tailored to individual team members to be successful. When engagement is owned by IT leadership, engagement initiatives are incorporated into daily experiences and personalized to their employees based on what is happening in real time. It is this active, dynamic leadership that inspires ongoing employee engagement and differentiates those who talk about engagement from those who succeed in engaging their teams.

    Sources: 1 - McLean & Company Employee Engagement Survey, 2 - Gallup, 2019

    Step 2.1

    Improve employee engagement

    Activities

    2.1.1 Review employee engagement results and trends

    2.1.2 Focus on areas that impact retention of women

    Take a data-driven approach

    Info-Tech’s employee engagement diagnostics are low-effort, high-impact programs that will give you detailed report cards on the organization’s engagement levels. Use these insights to understand your employees’ engagement levels by a variety of core demographics.

    FULL ENGAGEMENT DIAGNOSTIC

    EMPLOYEE EXPERIENCE MONITOR

    The full engagement diagnostic provides a comprehensive view of your organization’s engagement levels, informing you of what motivates employees and providing a detailed view of what engagement drivers to focus on for optimal results.

    Info-Tech & McLean & Company’s Full Engagement Diagnostic Survey has 81 questions in total.

    The survey should be completed annually and typically takes 15-20 minutes to complete.

    The EXM Dashboard is designed to give organizations a real-time view of employee engagement while being minimally intrusive.

    This monthly one-question survey allows organizations to track the impact of events and initiatives on employee engagement as they happen, creating a culture of engagement.

    The survey takes less than 30 seconds to complete and is fully automated.

    For the purpose of improving retention of women in IT, we encourage you to leverage the EXM tool, which will allow you to track how this demographic group’s engagement changes as you implement new initiatives.

    Engagement survey

    For a detailed breakdown of staff overall engagement priorities.

    Overall Engagement Results

    • A clear breakdown of employee engagement results by demographic, gender, and team.
    • Detailed engagement breakdown and benchmarking.
    The image contains a screenshot of the overall engagement results.

    Priority Matrix and Driver Scores

    • A priority matrix specific to your organization.
    • A breakdown of question scores by priority matrix quadrant.
    • Know what not to focus your effort on – not all engagement drivers will have a high impact on engagement.
    The image contains a screenshot of the priority matrix and driver scores.

    EXM dashboard

    Reporting to track engagement in real time.

    EXM Dashboard

    • Leverage Info-Tech’s real-time Employee Experience Monitor dashboard to track your team’s engagement levels over time.
    • Track changes in the number of supporters and detractors and slice the data by roles, teams, and gender.
    The image contains a screenshot of the EXM dashboard.

    Time Series Trends

    • As you implement new initiatives to improve the engagement and retention of staff, track their impact and continuously course correct.
    • Empower your leaders to actively manage their team culture to drive innovation, retention, and productivity.
    The image contains a screenshot of the time series trends.

    Start your diagnostic now

    Leverage your Info-Tech membership to seamlessly launch your employee engagement survey.

    Info-Tech’s dedicated team of program managers will facilitate this diagnostic program remotely, providing you with a convenient, low-effort, high-impact experience.

    We will guide you through the process with your goals in mind to deliver deep insight into your successes and areas to improve.

    What You Need to Do:

    Info-Tech’s Program Manager Will:
    1. Contact Info-Tech to launch the program.
    2. Review the two survey options to select the right survey for your organization.
    3. Work with an Info-Tech analyst to set up your personal diagnostic.
    4. Identify who you would like to take the survey.
    5. Customize Info-Tech’s email templates.
    6. Participate in a one-hour results call with an Info-Tech executive advisor.
    1. Work with you to define your engagement strategy and goals.
    2. Launch, maintain, and support the diagnostic in the field.
    3. Provide you with response rates throughout the process.
    4. Explore your results in a one-hour call with an executive advisor to fully understand key insights from the data.
    5. Provide quarterly updates and training materials for your leadership team.

    Start Now

    2.1.1 Review employee engagement results

    Identify trends

    1. In a call with one of Info-Tech’s executive advisors, review the results of your employee engagement survey.
    2. Identify which departments are most and least engaged and brainstorm some high-level reasons.
    3. Review the demographic information and highlight any inconsistencies or areas with high levels of variance. Document which demographics have the most and least engaged, disengaged, and indifferent employees.
    4. With help from the Info-Tech executive advisor, identify and document any dramatic differences in the demographic data, particularly around gender.
    5. Identify if the majority of issues effecting engagement are at an organization or department level and which stakeholders you need to engage to support the process moving forward.
    6. Identify next steps.
    Input
    • Employee engagement results
    Participants
    • CIO
    • Info-Tech Advisor

    2.1.2 Focus on areas that impact retention of women

    Hold focus groups with IT staff and focus on the five areas with the greatest impact on women’s retention.

    1. Review the handout slides on the following pages to get a better understanding of the definition of each of the top five drivers impacting women’s retention. Depending on your team’s size, pick one to three drivers to focus on for your first focus group.
    2. Divide the participants into teams and on flip chart paper or using sticky notes have the teams brainstorm what you can stop/start/continue doing to help you improve on your assigned driver.
    • Continue: actions that work for the team related to this driver and should proceed.
    • Start: actions/initiatives that the team would like to begin.
    • Stop: actions/initiatives that the team would like to stop.
  • Prioritize the initiatives by considering: Is this initiative something you feel will make an impact on the engagement driver? Eliminate any initiatives that would not make an impact.
  • Have the groups present back and vote on two to three initiatives to implement to drive improvements within that area.

    • Culture

    Engagement driver handout

    Culture: The degree to which an employee identifies with the beliefs, values, and attitudes of the organization.

    Questions:

    • I identify well with the organization’s values.
    • This organization has a collaborative work environment.
    • This organization has a very friendly atmosphere.
    • I am a fit for the organizational culture.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #1
    • Men in IT: #2

    Company Potential

    Engagement driver handout

    Company Potential: An employee’s understanding of and commitment to the organization’s mission, and the employee’s excitement about the organization’s mission and future.

    Questions:

    • This organization has a bright future.
    • I am impressed with the quality of people at this organization.
    • People in this organization are committed to doing high-quality work.
    • I believe in the organization’s overall business strategy.
    • This organization encourages innovation.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #2
    • Men in IT: #1

    Employee Empowerment

    Engagement driver handout

    Employee Empowerment: The degree to which employees have accountability and control over their work within a supported environment.

    Questions:

    • I am not afraid of trying out new ideas in my job.
    • If I make a suggestion to improve something in my department I believe it will be taken seriously.
    • I am empowered to make decisions about how I do my work.
    • I clearly understand what is expected of me on the job.
    • I have all the tools I need to do a great job.
    • I am given the chance to fully leverage my talents through my job.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #3
    • Men in IT: #6

    Learning and Development

    Engagement driver handout

    Learning and Development: A cooperative and continuous effort between an employee and the organization to enhance an employee’s skill set and expertise and meet an employee’s career objectives and the organization’s needs.

    Questions:

    • I can advance my career in this organization.
    • I am encouraged to pursue career development activities.
    • In the last year, I have received an adequate amount of training.
    • In the last year, the training I have received has helped me do my job better.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #4
    • Men in IT: #5

    Manager Relationships

    Engagement driver handout

    Manager Relationships: The professional and personal relationship an employee has with their manager. Manager relationships depend on the trust that exists between these two individuals and the extent that a manager supports and develops the employee.

    Questions:

    • My manager inspires me to improve.
    • My manager provides me with high-quality feedback.
    • My manager helps me achieve better results.
    • I trust my manager.
    • My manager cares about me as a person.
    • My manager keeps me well informed about decisions that affect me.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #5
    • Men in IT: #11

    Step 2.2

    Examine employee experience

    Activities

    2.2.1 Identify moments that matter

    Understand why and when employees plan to depart

    Leverage “psychology of quitting” expertise.

    Train your managers to provide them with the skills and expertise to recognize the warning signs of an employee’s departure and know how to re-engage and retain them.

    • The majority of resignations are not spur of the moment. They are the result of a compilation of events over a period of time. Normally, these instances are magnified by a stimulant. The final straw or the breaking point drives the employee to make a change. In fact, it has been estimated that a shock jumpstarts 65% of departures.*
      • These shocks could be a lack of promotion, loss of privilege or development opportunity, or a quarrel with a manager.
    • Employees rarely leave right away. Most wait until they have confirmed a new job opportunity before leaving. This creates a window in which you can reengage and retain them.
    • The majority of employees show signs that they are beginning to think of leaving. Whether that is leaving immediately, putting in the bare minimum of effort, or job searching online at work. Train your managers to know the signs and to keep an eye out for potentially dissatisfied and searching employees.*
    • It is easier and less costly to reengage an employee than to start the hiring process from the beginning.
    *Source: The Career Café, 2017

    Examine employee experience (EX)

    Look beyond engagement drivers to drive retention.

    Employee experience (EX) is the employee’s perception of their cumulative lived experiences with the organization. It is gauged by how well the employee’s expectations are met within the parameters of the workplace, especially by the “moments that matter” to them. Individual employee engagement is the outcome of a strong overall EX.

    The image contains a diagram as an example of examining employee experience.

    Drive a positive employee experience

    Identify moments that matter.

    Moments that matter are defining pieces or periods in an employee’s experience that create a critical turning point or memory that is of significant importance to them.

    These are moments that dramatically change the path of the emotional journey, influence the quality of the final outcome, or end the journey prematurely.

    To identify the moment that matters look for significant drops in the emotional journey that your organization needs to improve or significant bumps that your organization can capitalize on. Look for these drops or bumps in the journey and take stock of everything you have recorded at that point in the process. To improve the experience, analyze the hidden needs and how they are or aren’t being met.

    The image contains a screenshot of an example graph to demonstrate opportunities and issues to help drive a positive employee experience.

    Info-Tech Insight

    The moment that matters is key and it could be completely separate from organizational life, like the death of a family member. Leaders can more proactively address these moments that matter by identifying them and determining how to make the touchpoint at that moment more impactful.

    2.2.1 Identify moments that matter

    1. Review your Employee Experience Monitor weekly trends by logging into your dashboard and clicking on “Time Series Trends.”
    2. With your management team, identify any weekly trends where your Employee Experience Score has seen changes in the number of detractor, passive, or promoter responses.
    3. For each significant change identify:
    • Increase in promoters or decrease in detractors:
      • What can we do to duplicate positive moments that occurred this week?
      • What did I do as a leader to create positive employee experiences?
      • What happened in the organization that created a positive employee experience?
    • Increase in detractors or decrease in promoters:
      • What difficult change was delivered this week?
      • What about this change was negatively perceived?
      • During the difficult situation how did we as a leadership team support our staff?
      • Who did we engage and recognize during the difficult situation?
      • Was this situation a one-off issue or is this likely to occur again?
  • Consider your interactions with employees and identify how you made moments matter during those times related to four key engagement drivers impacting women in IT:
    • How did you promote a positive culture and friendly atmosphere?
    • How did you empower female staff to leverage their talents?
    • How did you interact with staff?
    • How did you promote a positive work environment? Where did you see bias in decisions?
  • Independently as manager, document three to five lessons learned from the changes in your detractors and promoters, and determine what action you will take.

    • Measured benefits of positive employee experience

    Positive employee experiences lead to engaged employees, and engaged employees are eight times more likely to recommend the organization (McLean & Company Employee Engagement Database, 2017; N=74,671).

    Retention

    Employees who indicate they are having a positive experience at work have a 52% higher level of intent to stay (Great Place To Work Institute, 2021)

    The bottom line

    Organizations that make employee experience a focus have: 23% higher profitability 10% higher customer loyalty (Achievers, 2021)

    Case Study

    INDUSTRY: Post-Secondary Education

    SOURCE: Adam Grant, “Impact and the Art of Motivation Maintenance: The Effects of Contact with Beneficiaries on Persistence Behavior”

    The future is here! Is your data architecture practice ready?

    Challenge

    A university call center, tasked with raising scholarship money from potential donors, had high employee turnover and low morale.

    Solution

    A study led by Grant arranged for a test group of employees to meet and interact with a scholarship recipient. In the five-minute meeting, employees learned what the student was studying.

    Results

    Demonstrating the purpose behind their work had significant returns. Employees who had met with the student demonstrated:

    More than two times longer “talk time” with potential donors.

    A productivity increase of 400%: the weekly average in donations went from $185.94 to $503.22 for test-group employees.

    Enhance your retention strategies

    Do not wait until employees leave to find out what they were unhappy with or why they liked the organization. Instead, perform stay interviews with top and core talent to create a holistic understanding of what they are perceiving and feeling.

    Conduct stay interviews

    What is a stay interview?

    A stay interview is a conversation with current employees. It should be performed on a yearly basis and is an informal discussion to generate deeper insight into the employee’s opinions, perspectives, concerns, and complaints. Stay interviews can have a multitude of uses. In this project they will be used to understand why top and core talent chose to stay with the organization to ensure that organizations understand and build upon their current strengths.

    When should you do stay interviews?

    We recommend completing stay interviews at least on an annual, if not quarterly, basis to truly understand how staff are feeling about the organization and their job, why they stay at the organization, and what would cause them to leave. Couple the outcomes of these interviews with employee engagement action planning to ensure that you are able to address talent needs.

    Step 2.3

    Conduct stay interviews and learn why employees stay

    Activities

    2.3.1 Conduct stay interviews

    Conduct regular “stay” or “retention” interviews

    Build stay interviews into the regular routine. By incorporating stay interviews into your schedule, they are more likely to stick. This regularity provides several advantages:

    1. Ensures that retention issues do not take you by surprise. With a finger on the pulse of the organization you will be aware of potential issues.
    2. Acts as a supplement to the engagement survey by providing additional information and context for the current level of emotion within the organization.
    3. Begins to build a wealth of information that can be analyzed to identify themes and trends. This can be used to track whether the reasons why individuals stay are consistent or if are they changing. This will ensure that the retention strategy remains up to date.

    Stay interview best practices:

    • Ideally is performed by managers, but can be performed by HR.
      • Ideally completed by managers as they are more familiar with their employees, have a greater reach, can hold meetings in a more informal setting, and will receive information first hand.
      • If conducted by managers, it’s a best practice to ensure that there is a central repository of themes so that you can identify if there are any trends in the responses, that consistent questions are asked, and that all of the information is in one place
    • Should be an informal conversation.
    • Should be conducted in a non-critical time in the business year.
    • Ask three types of questions:
      • What do you enjoy about working here?
      • What would you change about your working environment?
      • What would encourage or force you to leave the organization?
    • Interview a diverse employee base:
      • Demographics
      • Role
      • Performance level
      • Location
    Source: Talent Management & HT, 2013

    Leverage stay interviews

    Use Info-Tech’s Stay Interview Guide.

    Proactively identify opportunities to drive retention.

    The Stay Interview Guide helps managers conduct interviews with current employees, enabling the manager to understand:

    • The employee's current engagement level.
    • The employee's satisfaction with current role and responsibilities.
    • Suggestions for potential improvements.
    • An employee's intent to stay with the organization.

    Use this template to help you understand how you can best engage your employees and identify any challenges, in terms of moments that mattered, that negatively impacted their intention to stay at the organization.

    The image contains a screenshot of Info-Tech's Stay Interview Guide.

    2.3.1 Conduct stay interviews

    1. If you are using the Employee Experience Monitor, prepare for your stay interviews by reviewing your results and identifying if there have been any changes in the results over the previous six weeks. Identify which demographics have the highest and lowest engagement levels – and identify any changes in experience between different demographics.
    2. Identify a meeting schedule and cadence that seems appropriate for your stay interviews. For example, you likely will not do all staff at the same time and it may be beneficial to space out your meetings throughout the year. Select a candidate for your first stay interview and invite them for a one-on-one meeting. If it’s unusual for you to meet with this employee, we recommend providing some light context around the rationale, such as that you are looking for opportunities to strengthen the organizational culture and better understand how you can improve retention and engagement at the organization.
    3. Download the Stay Interview Template, review all of the questions beforehand, and identify the key questions that you want to ask in the meeting.
    • TIP: Even though this is called a “stay interview,” really it should be more of a conversation, and certainly not an interrogation. Know the questions you want to ask, and ask your staff member if it’s ok if you jot down some notes. It may even be beneficial to have the meeting outside of the office, over lunch, or out for coffee.
  • Hold your meeting with the employee and thank them for their time.
  • Following the meeting, send them a thank-you email to thank them for providing feedback, summarize your top three to five key takeaways from the meeting, verify with them that this aligns with their perspective, and see if they have anything else to add to the conversation. Identify any initiatives or changes that you will make as a result of the information – set a date for execution and follow-up.
  • If you are in the process of recruiting new employees to the organization, don’t forget to remind them of your referral program and ask if they might know of any candidates that would be a good fit for the organization.

    • Download the Stay Interview Guide

    Ten tips for best managing stay interviews

    Although stay interviews are meant to be informal, you should schedule them as you would any other meeting. Simply invite the employee for a chat.

    1. Step out of the office if possible. Opt for your local coffee shop, a casual lunch destination, or another public but informal location.
    2. Keep the conversation short, no more than 15 to 20 minutes. If there are any areas of concern that you think warrant action, ask the employee if they would like to discuss them another time. Suggest another meeting to delve deeper into specific issues.
    3. Be clear about the purpose of the conversation. Stay interviews are not performance reviews.
    4. Focus on what you can do for them. Ask about the employee’s preferences when it comes to feedback and communication (frequency, method, etc.) as well as development (preferences around methods, e.g. coaching or rotations, and personal goals).
    5. Be positive. Ask your employee what they like about their job and use positively framed questions.
    6. Ask about what they like doing. People enjoy talking about what they like to do. Ask employees about the talents and skills they would like to incorporate into their work duties.
    7. Show that you’re listening – paraphrase, ask for clarification, and use appropriate gestures.
    8. Refrain from taking notes during the meeting to preserve a conversational atmosphere.
    9. Pay attention to the employee’s body language and tone. If it appears that they are uncomfortable talking to you, stop the interview or pause to let them collect themselves.
    10. Be open to suggestions, but remember that you can’t control everything. If the employee brings up issues that are beyond your control, tell them that you will do all you can to improve the situation but can’t guarantee anything.

    Related Info-Tech Research

    Recruit and Retain People of Color in IT

    • To stay competitive, IT leaders need to be more involved and commit to a plan to recruit and retain people of color in their departments and organizations. A diverse team is an answer to innovation that can differentiate your company.
    • Treat recruiting and retaining a diverse team as a business challenge that requires full engagement. Info-Tech offers a targeted solution that will help IT leaders build a plan to attract, recruit, engage, and retain people of color.

    Recruit Top IT Talent

    • Changing workforce dynamics and increased transparency have shifted the power from employers to job seekers, stiffening the competition for talent.
    • Candidate expectations match high consumer expectations and affect the employer brand, the consumer brand, and overall organizational reputation. Delivering a positive candidate experience (CX2) is no longer optional.

    Acquire the Right Hires with Effective Interviewing

    • Talk is cheap. Hiring isn’t.
    • Gain insight into and understand the need for a strong interview process.
    • Strategize and plan your interview process.
    • Understand various hiring scenarios and how an interview process may be modified to reflect your organization’s scenario.

    Bibliography

    “4 Hiring Trends Technology Managers Need to Know.” Robert Half Talent Solutions, 4 Oct. 2021. Accessed 4 Feb. 2022.

    “89% of CIOs are concerned about Talent Retention: SOTD CIO.” 2016 Harvey Nash/KPMG CIO Survey, CIO From IDG, 12 Aug. 2016. Web.

    Angier, Michelle, and Beth Axelrod. “Realizing the power of talented women.” McKinsey Insights, Sept. 2014. Web.

    Beansontoast23. “Not being trained on my first dev job.” Reddit, 29 July 2016. Web.

    Birt, Martin. “How to develop a successful mentorship program: 8 steps.” Financial Post, 5 Dec. 2014. Web.

    Bort, Julie. “The 25 Best Tech Employers For Women [Ranked].” Business Insider, 18 Nov. 2014. Web.

    Bradford, Laurence. “15 of the Most Powerful Women in Tech.” The Balance Careers, Updated 4 Feb. 2018. Web.

    “Building A Stronger, Better, More Diverse eBay.” eBay Inc., 31 July 2014. Web.

    “Canada’s Best Employers 2015: The Top 50 Large Companies.” Canadian Business, 2014. Article.

    Cao, Jing, and Wei Xue. “What are the Best practices to Promote High-Ranking Female Employees Within Organizations?” Cornell University ILR School, Spring 2013. Web.

    Cheng, Roger. “Women in Tech: The Numbers Don't Add Up.” CNET, 6 May 2015. Web.

    “CIO Survey 2020: Everything Changed. Or Did It?” Harvey Nash and KPMG, 2020. Accessed 24 Feb. 2022.

    Daley, Sam. “Women in Tech Statistics Show the Industry Has a Long Way to Go.” Built In, 5 May 2021. Accessed 1 March 2022.

    Dixon-Fyle, Sundiatu, et al. “Diversity wins: How inclusion matters.” McKinsey & Company, 19 May 2020. Accessed 24 Feb. 2022.

    Donovan, Julia. “How to Quantify the Benefits of Enhancing Your Employee Experience.” Achievers Solution Inc., 21 Sept. 2021. Web.

    “Engage Me! Employee Engagement Explored.” SoftSolutions, 12 Jan. 2016. Web.

    Erb, Marcus. Global Employee Engagement Benchmark Study. Great Place to Work Institute, 29 Nov. 2021. Accessed 15 Feb. 2022.

    Garner, Mandy. “How to attract and recruit a more gender diverse team.” Working Mums, 4 March 2016. Web.

    Gaur, Shubhra. “Women in IT: Their path to the top is like a maze.” Firstpost, 28 Aug. 2015. Web.

    “Girls Gone Wired Subreddit.” Reddit, n.d. Web.

    Glassdoor Team. “10 Ways to Remove Gender Bias from Job Descriptions.” Glassdoor for Employers Blog, 9 May 2017. Web.

    Grant, Adam. “Impact and the Art of Motivation Maintenance: The Effects of Contact with Beneficiaries on Persistence Behavior.” Organizational Behavior and Human Decision Processes, vol. 103, no. 1, 2007, pp. 53-67. Accessed on ScienceDirect.

    IBM Smarter Workforce Institute. The Employee Experience Index. IBM Corporation, 2016. Web.

    ISACA. “Tech Workforce 2020: The Age and Gender Perception Gap.” An ISACA Global Survey Report, 2019. Accessed 17 Feb. 2022.

    Johnson, Stephanie K., David R. Hekman, and Elsa T. Chan. “If There’s Only One Woman in Your Candidate Pool, There’s Statistically No Chance She’ll Be Hired.” Harvard Business Review, 26 April 2016. Web.

    Kessler, Sarah. “Tech's Big Gender Diversity Push One Year In.” Fast Company, 19 Nov. 2015. Web.

    Kosinski, M. “Why You Might Want to Focus a Little Less on Hiring for Cultural Fit.” Recruiter.com, 11 Aug. 2015. Web.

    Krome, M. A. “Knowledge Transformation: A Case for Workforce Diversity.” Journal of Diversity Management (JDM), vol. 9, no. 2, Nov. 2014, pp. 103-110.

    Ladimeij, Kazim. “Why Staff Resign; the Psychology of Quitting.” The Career Café, 31 March 2017. Updated 9 Jan. 2018. Web.

    Loehr, Anne. “Why You Need a New Strategy For Retaining Female Talent.” ReWork, 10 Aug. 2015. Web.

    Lucas, Suzanne. “How Much Employee Turnover Really Costs You.” Inc., 30 Aug. 2013. Web.

    Marttila, Paula. “5 Step Action Plan To Attract Women Join Tech Startups.” LinkedIn, 10 March 2016. Web.

    Mayor, Tracy. “Women in IT: How deep is the bench?” Computerworld, 19 Nov. 2012. Web.

    McCracken, Douglas M. “Winning the Talent War for Women: Sometimes It Takes a Revolution.” Harvard Business Review, Nov.-Dec. 2000. Web.

    McDonald’s Careers. McDonald’s, n.d. Web.

    McFeely, Shane, and Ben Wigert. “This Fixable Problem Costs U.S. Businesses $1 Trillion.” Gallup, Inc., 31 March 2019. Accessed 4 March 2022.

    Morgan, Jacob. The Employee Experience Advantage: How to Win the War for Talent by Giving Employees the Workspaces they Want, the Tools they Need, and a Culture They Can Celebrate. John Wiley & Sons, Inc., 2017. Print.

    Napolitano, Amy. “How to Build a Successful Mentoring Program.” Training Industry, 20 April 2015. Web.

    Peck, Emily. “The Stats On Women In Tech Are Actually Getting Worse.” Huffington Post. 27 March 2015. Updated 6 Dec. 2017. Web. 20

    Porter, Jane. “Why Are Women Leaving Science, Engineering, And Tech Jobs?” Fast Company, 15 Oct. 2014. Web.

    Pratt, Siofra. “Emma Watson: Your New Recruitment Guru - How to: Attract, Source and Recruit Women.” SocialTalent, 25 Sept. 2014. Web.

    “RBC Diversity Blueprint 2012-2015.” 2012-2015 Report Card, RBC, 2015. Web.

    Richter, Felix. “Infographic: Women’s Representation in Big Tech.” Statista Infographics, 1 July 2021. Web.

    Rogers, Rikki. “5 Ways Companies Can Attract More Women (Aside From Offering to Freeze Their Eggs).” The Muse, n.d. Web.

    Sazzoid. “HOWTO recruit and retain women in tech workplaces.” Geek Feminism Wiki, 10 Jan. 2012. Updated 18 Aug. 2016. Web.

    Seiter, Courtney. “Why We Removed the Word ‘Hacker’ From Buffer Job Descriptions.” Buffer Open blog, 13 March 2015. Updated 31 Aug. 2018. Web.

    Serebrin, Jacob. “With tech giants like Google going after female talent, how can startups compete?” The Globe and Mail, 18 Jan. 2016. Updated 16 May 2018. Web.

    Snyder, Kieran. “Why women leave tech: It's the culture, not because 'math is hard'.” Fortune, 2 Oct. 2014. Web.

    Stackpole, Beth. “5 ways to attract and retain female technologists.” Computerworld, 7 March 2016. Web.

    Sullivan, John. “4 Stay Interview Formats You Really Should Consider.” Talent Management & HT, 5 Dec. 2013. Web.

    Syed, Nurhuda. “IWD 2021: Why Are Women Underrepresented in the C-Suite?” HRD America, 5 March 2021. Web.

    Sylvester, Cheryl. “How to empower women in IT (and beyond) on #InternationalWomenDay.” ITBUSINESS.CA, 31 March 2016. Web.

    “The Power of Parity: Advancing Women’s Equality in the United States.” McKinsey Global Institute, April 2016. Web.

    White, Cindy. “How to Promote Gender Equality in the Workplace.” Chron, 8 Aug. 2018. Web.

    White, Sarah. “Women in Tech Statistics: The Hard Truths of an Uphill Battle.” CIO From IDG Communication, Inc., 8 March 2021. Accessed 24 Feb. 2022.

    Recruit and Retain People of Color in IT

    • Buy Link or Shortcode: {j2store}546|cart{/j2store}
    • member rating overall impact: 9.7/10 Overall Impact
    • member rating average dollars saved: $19,184 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • Organizations have been trying to promote equality for many years. Diversity and inclusion strategies and a myriad of programs have been implemented in companies across the world. Despite the attempts, many organizations still struggle to ensure that their workforce is representative of the populations they support or want to support.
    • IT brings another twist. Many IT companies and departments are based on the culture of white males, and underrepresented ethnic communities find it more of a challenge to fit in.
    • This sometimes means that talented minorities are less incentivized to join or stay in technology.

    Our Advice

    Critical Insight

    • Diversity and inclusion cannot be a one-time campaign or a one-off initiative.
    • For real change to happen, every leader needs to internalize the value of creating and retaining diverse teams.

    Impact and Result

    • To stay competitive, IT leaders need to be more involved and commit to a plan to recruit and retain people of color in their departments and organizations. A diverse team is an answer to innovation that can differentiate your company.
    • Treat recruiting and retaining a diverse team as a business challenge that requires full engagement. Info-Tech offers a targeted solution that will help IT leaders build a plan to attract, recruit, engage, and retain people of color.

    Recruit and Retain People of Color in IT Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should recruit and retain people of color in your IT department or organization, review Info-Tech’s methodology, and understand the ways we can support you in this endeavor.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Recruit people of color in IT

    Diverse teams are necessary to foster creativity and guide business strategies. Overcome limitations by recruiting people of color and creating a diverse workforce.

    • Recruit and Retain People of Color in IT – Phase 1: Recruit People of Color in IT
    • Support Plan
    • IT Behavioral Interview Question Library

    2. Retain people of color in IT

    Underrepresented employees benefit from an expansive culture. Create an inclusive environment and retain people of color and promote value within your organization.

    • Recruit and Retain People of Color in IT – Phase 2: Retain People of Color in IT

    Infographic

    Workshop: Recruit and Retain People of Color in IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Setting the Stage

    The Purpose

    Introduce challenges and concerns around recruiting and retaining people of color.

    Key Benefits Achieved

    Gain a sense of direction.

    Activities

    1.1 Introduction to diversity conversations.

    1.2 Assess areas to focus on and determine what is right, wrong, missing, and confusing.

    1.3 Obtain feedback from your team about the benefits of working at your organization.

    1.4 Establish your employee value proposition (EVP).

    1.5 Discuss and establish your recruitment goals.

    Outputs

    Current State Analysis

    Right, Wrong, Missing, Confusing Quadrant

    Draft EVP

    Recruitment Goals

    2 Refine Your Recruitment Process

    The Purpose

    Identify areas in your current recruitment process that are preventing you from hiring people of color.

    Establish a plan to make improvements.

    Key Benefits Achieved

    Optimized recruitment process

    Activities

    2.1 Brainstorm and research community partners.

    2.2 Review current job descriptions and equity statement.

    2.3 Update job description template and equity statement.

    2.4 Set team structure for interview and assessment.

    2.5 Identify decision-making structure.

    Outputs

    List of community partners

    Updated job description template

    Updated equity statement

    Interview and assessment structure

    Behavioral Question Library

    3 Culture and Management

    The Purpose

    Create a plan for an inclusive culture where your managers are supported.

    Key Benefits Achieved

    Awareness of how to better support employees of color.

    Activities

    3.1 Discuss engagement and belonging.

    3.2 Augment your onboarding materials.

    3.3 Create an inclusive culture plan.

    3.4 Determine how to support your management team.

    Outputs

    List of onboarding content

    Inclusive culture plan

    Management support plan

    4 Close the Loop

    The Purpose

    Establish mechanisms to gain feedback from your employees and act on them.

    Key Benefits Achieved

    Finalize the plan to create your diverse and inclusive workforce.

    Activities

    4.1 Ask and listen: determine what to ask your employees.

    4.2 Create your roadmap.

    4.3 Wrap-up and next steps.

    Outputs

    List of survey questions

    Roadmap

    Completed support plan

    The First 100 Days as CISO

    • Buy Link or Shortcode: {j2store}248|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 50 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Make a good first impression at your new job.
    • Obtain guidance on how you should approach the first 100 days.
    • Assess the current state of the security program and recommend areas of improvement and possible solutions.
    • Develop a high-level security strategy in three months.

    Our Advice

    Critical Insight

    • Every CISO needs to follow Info-Tech’s five-step approach to truly succeed in their new position. The meaning and expectations of a CISO role will differ from organization to organization and person to person, however, the approach to the new position will be relatively the same.
    • Eighty percent of your time will be spent listening. The first 100 days of the CISO role is an information gathering exercise that will involve several conversations with different stakeholders and business divisions. Leverage this collaborative time to understand the business, its internal and external operations, and its people. Unequivocally, active listening will build company trust and help you to build an information security vision that reflects that of the business strategy.
    • Start “working” before you actually start the job. This involves finding out as much information about the company before officially being an employee. Investigate the company website and leverage available organizational documents and initial discussions to better understand your employer’s leadership, company culture ,and business model.

    Impact and Result

    • Hit the ground running with Info-Tech’s ready-made agenda vetted by CISO professionals to impress your colleagues and superiors.
    • Gather details needed to understand the organization (i.e. people, process, technology) and determine the current state of the security program.
    • Track and assess high-level security gaps using Info-Tech’s diagnostic tools and compare yourself to your industry’s vertical using benchmarking data.
    • Deliver an executive presentation that shows key findings obtained from your security evaluation.

    The First 100 Days as CISO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why the first 100 days of being a CISO is a crucial time to be strategic. Review Info-Tech’s methodology and discover our five-step approach to CISO success.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare

    Review previous communications to prepare for your first day.

    • CISO Diary
    • Introduction Sheet

    2. Build relationships

    Understand how the business operates and develop meaningful relationships with your sphere of influence.

    3. Inventory components of the business

    Inventory company assets to know what to protect.

    4. Assess security posture

    Evaluate the security posture of the organization by leveraging Info-Tech’s IT Security diagnostic program.

    • Diagnostic Benchmarks: Security Governance & Management Scorecard
    • Diagnostic Benchmarks: Security Business Satisfaction Report

    5. Deliver plan

    Communicate your security vision to business stakeholders.

    • The First 100 Days as CISO Executive Presentation Template
    • The First 100 Days as CISO Executive Presentation Example
    [infographic]

    Learn the right way to manage metrics

    • Parent Category Name: Improve Your Processes
    • Parent Category Link: /improve-your-processes
    • byline: Short takes on topics

    Learn to use metrics in the right way. Avoid staff (subconciously) gaming the numbers, as it is only natural to try to achieve the objective. This is really a case of be careful what you wish for, you may just get it.

    Register to read more …

    Build a Data Warehouse

    • Buy Link or Shortcode: {j2store}200|cart{/j2store}
    • member rating overall impact: 8.7/10 Overall Impact
    • member rating average dollars saved: $94,499 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Relational data warehouses, although reliable, centralized repositories for corporate data, were not built to handle the speed and volume of data and analytics today.
    • IT is under immense pressure from business units to provide technology that will yield greater agility and insight.
    • While some organizations are benefitting from modernization technologies, the majority of IT departments are unfamiliar with the technologies and have not yet defined clear use cases.

    Our Advice

    Critical Insight

    • The vast majority of your corporate data is not being properly leveraged. Modernize the data warehouse to get value from the 80% of unstructured data that goes unused.
    • Avoid rip and replace. Develop a future state that complements your existing data warehouse with emerging technologies.
    • Be flexible in your roadmap. Create an implementation roadmap that’s incremental and adapts to changing business priorities.

    Impact and Result

    • Establish both the business and IT perspectives of today’s data warehouse environment.
    • Explore the art-of-the-possible. Don’t get stuck trying to gather technical requirements from business users who don’t know what they don’t know. Use Info-Tech’s interview guide to discuss the pains of the current environment, and more importantly, where stakeholders want to be in the future.
    • Build an internal knowledgebase with respect to emerging technologies. The technology landscape is constantly shifting and often difficult for IT staff to keep track of. Use Info-Tech’s Data Warehouse Modernization Technology Education Deck to ensure that IT is able to appropriately match the right tools to the business’ use cases.
    • Create a compelling business case to secure investment and support.

    Build a Data Warehouse Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should be looking to modernize the relational data warehouse, review Info-Tech’s framework for identifying modernization opportunities, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess the current data warehouse environment

    Review the business’ perception and architecture of the current data warehouse environment.

    • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 1: Assess the Current Data Warehouse Environment
    • Data Warehouse Maturity Assessment Tool

    2. Define modernization drivers

    Collaborate with business users to identify the strongest motivations for data warehouse modernization.

    • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 2: Define Modernization Drivers
    • Data Warehouse Modernization Stakeholder Interview Guide
    • Data Warehouse Modernization Technology Education Deck
    • Data Warehouse Modernization Initiative Building Tool

    3. Create the modernization future state

    Combine business ideas with modernization initiatives and create a roadmap.

    • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 3: Create the Modernization Future State
    • Data Warehouse Modernization Technology Architectural Template
    • Data Warehouse Modernization Deployment Plan
    [infographic]

    Workshop: Build a Data Warehouse

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Current Data Warehouse Environment

    The Purpose

    Discuss the general project overview for data warehouse modernization.

    Establish the business and IT perspectives of the current state.

    Key Benefits Achieved

    Holistic understanding of the current data warehouse.

    Business user engagement from the start of the project.

    Activities

    1.1 Review data warehouse project history.

    1.2 Evaluate data warehouse maturity.

    1.3 Draw architecture diagrams.

    1.4 Review supporting data management practices.

    Outputs

    Data warehouse maturity assessment

    Data architecture diagrams

    2 Explore Business Opportunities

    The Purpose

    Conduct a user workshop session to elicit the most pressing needs of business stakeholders.

    Key Benefits Achieved

    Modernization technology selection is directly informed by business drivers.

    In-depth IT understanding of the business pains and opportunities.

    Activities

    2.1 Review general trends and drivers in your industry.

    2.2 Identify primary business frustrations, opportunities, and risks.

    2.3 Identify business processes to target for modernization.

    2.4 Capture business ideas for the future state.

    Outputs

    Business ideas for modernization

    Defined strategic direction for data warehouse modernization

    3 Review the Technology Landscape

    The Purpose

    Educate IT staff on the most common technologies for data warehouse modernization.

    Key Benefits Achieved

    Improved ability for IT to match technology with business ideas.

    Activities

    3.1 Appoint Modernization Advisors.

    3.2 Hold an open education and discussion forum for modernization technologies.

    Outputs

    Modernization Advisors identified

    Modernization technology education deck

    4 Define Modernization Solutions

    The Purpose

    Consolidate business ideas into modernization initiatives.

    Key Benefits Achieved

    Refinement of the strategic direction for data warehouse modernization.

    Activities

    4.1 Match business ideas to technology solutions.

    4.2 Group similar ideas to create modernization initiatives.

    4.3 Create future-state architecture diagrams.

    Outputs

    Identified strategic direction for data warehouse modernization

    Defined modernization initiatives

    Future-state architecture for data warehouse

    5 Establish a Modernization Roadmap

    The Purpose

    Validate and build out initiatives with business users.

    Define benefits and costs to establish ROI.

    Identify enablers and barriers to modernization.

    Key Benefits Achieved

    Completion of materials for a compelling business case and roadmap.

    Activities

    5.1 Validate use cases with business users.

    5.2 Define initiative benefits.

    5.3 Identify enablers and barriers to modernization.

    5.4 Define preliminary activities for initiatives.

    5.5 Evaluate initiative costs.

    5.6 Determine overall ROI.

    Outputs

    Validated modernization initiatives

    Data warehouse modernization roadmap

    Build a Roadmap for Service Management Agility

    • Buy Link or Shortcode: {j2store}280|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • Business is moving faster than ever and IT is getting more demands at a faster pace.
    • Many IT organizations have traditional structures and approaches that have served them well in the past. However, these frameworks and approaches alone are no longer sufficient for today’s challenges and rapidly changing environment.
    • The inability to adaptively design and deliver services as requirements change has led to diminishing service quality and an increase in shadow IT.

    Our Advice

    Critical Insight

    • Being Agile is a mindset. It is not meant to be prescriptive, but to encourage you to leverage the best approaches, frameworks, and tools to meet your needs and get the job done now.
    • The goal of service management is to enable and drive value for the business. Service management practices have to be flexible and adaptable enough to manage and deliver the right service value at the right time at the right level of quality.

    Impact and Result

    • Understand Agile principles, how they align with service management principles, and what the optimal states for agility look like.
    • Use Info-Tech’s advice and tools to perform an assessment of your organization’s state of agility, identify the gaps, and create a custom roadmap to incorporate agility into your service management practice.
    • Increase business satisfaction. The ultimate outcome of having agility in your service delivery is satisfied customers.

    Build a Roadmap for Service Management Agility Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create a roadmap for service management agility, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the optimal state for agility

    Understand the components of agility and what the optimal states are for service management agility.

    • Build a Roadmap for Service Management Agility – Phase 1: Understand the Optimal States for Agility

    2. Assess your current state of agility

    Determine the current state of agility in the service management practice.

    • Build a Roadmap for Service Management Agility – Phase 2: Assess Your Current State of Agility
    • Service Management Agility Assessment Tool

    3. Build the roadmap

    Create a roadmap for service management agility and present it to key stakeholders to obtain their support.

    • Build a Roadmap for Service Management Agility – Phase 3: Build the Roadmap for Service Management Agility
    • Service Management Agility Roadmap Template
    • Building Agility Into Our Service Management Practice Stakeholders Presentation Template
    [infographic]

    Workshop: Build a Roadmap for Service Management Agility

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Optimal States for Agility in Service Management

    The Purpose

    Understand agility and how it can complement service management.

    Understand how the components of culture, structure, processes, and resources enable agility in service management.

    Key Benefits Achieved

    Clear understanding of Agile principles.

    Identifying opportunities for agility.

    Understanding of how Agile principles align with service management.

    Activities

    1.1 Understand agility.

    1.2 Understand how Agile methodologies can complement service management through culture, structure, processes, and resources.

    Outputs

    Summary of Agile principles.

    Summary of optimal components in culture, structure, processes, and resources that enable agility.

    2 Assess Your Current State of Agility in Service Management

    The Purpose

    Assess your current organizational agility with respect to culture, structure, processes, and resources.

    Identify your agility strengths and weaknesses with the agility score.

    Key Benefits Achieved

    Understand your organization’s current enablers and constraints for agility.

    Have metrics to identify strengths or weaknesses in culture, structure, processes, and resources.

    Activities

    2.1 Complete an agility assessment.

    Outputs

    Assessment score of current state of agility.

    3 Build the Roadmap for Service Management Agility

    The Purpose

    Determine the gaps between the current and optimal states for agility.

    Create a roadmap for service management agility.

    Create a stakeholders presentation.

    Key Benefits Achieved

    Have a completed custom roadmap that will help build sustainable agility into your service management practice.

    Present the roadmap to key stakeholders to communicate your plans and get organizational buy-in.

    Activities

    3.1 Create a custom roadmap for service management agility.

    3.2 Create a stakeholders presentation on service management agility.

    Outputs

    Completed roadmap for service management agility.

    Completed stakeholders presentation on service management agility.

    Design Data-as-a-Service

    • Buy Link or Shortcode: {j2store}129|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $1,007 Average $ Saved
    • member rating average days saved: 31 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Lack of a consistent approach in accessing internal and external data within the organization and sharing data with third parties.
    • Data consumed by most organizations lacks proper data quality, data certification, standards tractability, and lineage.
    • Organizations are looking for guidance in terms of readily accessible data from others and data that can be shared with others or monetized.

    Our Advice

    Critical Insight

    • Despite data being everywhere, most organizations struggle to find accurate, trustworthy, and meaningful data when required.
    • Connecting to data should be as easy as connecting to the internet. This is achievable if all organizations start participating in the data marketplace ecosystem by leveraging a Data-as-a-Service (DaaS) framework.

    Impact and Result

    • Data marketplaces facilitate data sharing between the data producer and the data consumer. The data product must be carefully designed to truly benefit in today’s connected data ecosystem.
    • Follow Info-Tech’s step-by-step approach to establish your DaaS framework:
      1. Understand Data Ecosystem
      2. Design Data Products
      3. Establish DaaS framework

    Design Data-as-a-Service Research & Tools

    Start here – Read the Executive Brief

    Read our concise Executive Brief to find out why you should design Data-as-a-Service (DaaS), review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand data ecosystem

    Provide clear benefits of adopting the DaaS framework and solid rationale for moving towards a more connected data ecosystem and avoiding data silos.

    • Design Data-as-a-Service – Phase 1: Understand Data Ecosystem

    2. Design data product

    Leverage design thinking methodology and templates to document your most important data products.

    • Design Data-as-a-Service – Phase 2: Design Data Product

    3. Establish a DaaS framework

    Capture internal and external data sources critical to data products success for the organization and document an end-to-end DaaS framework.

    • Design Data-as-a-Service – Phase 3: Establish a DaaS Framework
    [infographic]

    Workshop: Design Data-as-a-Service

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Data Marketplace and DaaS Explained

    The Purpose

    The purpose of this module is to provide a clear understanding of the key concepts such as data marketplace, data sharing, and data products.

    Key Benefits Achieved

    This module will provide clear benefits of adopting the DaaS framework and solid rationale for moving towards a more connected data ecosystem and avoiding data silos.

    Activities

    1.1 Review the business context

    1.2 Understand the data ecosystem

    1.3 Draft products ideas and use cases

    1.4 Capture data product metrics

    Outputs

    Data product ideas

    Data sharing use cases

    Data product metrics

    2 Design Data Product

    The Purpose

    The purpose of this module is to leverage design thinking methodology and templates to document the most important data products.

    Key Benefits Achieved

    Data products design that incorporates end-to-end customer journey and stakeholder map.

    Activities

    2.1 Create a stakeholder map

    2.2 Establish a persona

    2.3 Data consumer journey map

    2.4 Document data product design

    Outputs

    Data product design

    3 Assess Data Sources

    The Purpose

    The purpose of this module is to capture internal and external data sources critical to data product success.

    Key Benefits Achieved

    Break down silos by integrating internal and external data sources

    Activities

    3.1 Review the conceptual data model

    3.2 Map internal and external data sources

    3.3 Document data sources

    Outputs

    Internal and external data sources relationship map

    4 Establish a DaaS Framework

    The Purpose

    The purpose of this module is to document end-to-end DaaS framework.

    Key Benefits Achieved

    End-to-end framework that breaks down silos and enables data product that can be exchanged for long-term success.

    Activities

    4.1 Design target state DaaS framework

    4.2 Document DaaS framework

    4.3 Assess the gaps between current and target environments

    4.4 Brainstorm initiatives to develop DaaS capabilities

    Outputs

    Target DaaS framework

    DaaS initiative

    Domino – Maintain, Commit to, or Vacate?

    • Buy Link or Shortcode: {j2store}113|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    If you have a Domino/Notes footprint that is embedded within your business units and business processes and is taxing your support organization, you may have met resistance from the business and been asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses and a multipurpose solution that, over the years, became embedded within core business applications and processes.

    Our Advice

    Critical Insight

    For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

    Impact and Result

    The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

    Domino – Maintain, Commit to, or Vacate? Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Domino – Maintain, Commit to, or Vacate? – A brief deck that outlines key migration options for HCL Domino platforms.

    This blueprint will help you assess the fit, purpose, and price of Domino options; develop strategies for overcoming potential challenges; and determine the future of Domino for your organization.

    • Domino – Maintain, Commit to, or Vacate? Storyboard

    2. Application Rationalization Tool – A tool to understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

    Use this tool to input the outcomes of your various application assessments.

    • Application Rationalization Tool
    [infographic]

    Further reading

    Domino – Maintain, Commit to, or Vacate?

    Lotus Domino still lives, and you have options for migrating away from or remaining with the platform.

    Executive Summary

    Info-Tech Insight

    “HCL announced that they have somewhere in the region of 15,000 Domino customers worldwide, and also claimed that that number is growing. They also said that 42% of their customers are already on v11 of Domino, and that in the year or so since that version was released, it’s been downloaded 78,000 times. All of which suggests that the Domino platform is, in fact, alive and well.”
    – Nigel Cheshire in Team Studio

    Your Challenge

    You have a Domino/Notes footprint embedded within your business units and business processes. This is taxing your support organization; you are meeting resistance from the business, and you are now asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses as a multipurpose solution that, over the years, became embedded within core business applications and processes.

    Common Obstacles

    For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

    Info-Tech Approach

    The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

    Review

    Is “Lotus” Domino still alive?

    Problem statement

    The number of member engagements with customers regarding the Domino platform has, as you might imagine, dwindled in the past couple of years. While many members have exited the platform, there are still many members and organizations that have entered a long exit program, but with how embedded Domino is in business processes, the migration has slowed and been met with resistance. Some organizations had replatformed the applications but found that the replacement target state was inadequate and introduced friction because the new solution was not a low-code/business-user-driven environment. This resulted in returning the Domino platform to production and working through a strategy to maintain the environment.

    This research is designed for:

    • IT strategic direction decision-makers
    • IT managers responsible for an existing Domino platform
    • Organizations evaluating migration options for mission-critical applications running on Domino

    This research will help you:

    1. Evaluate migration options.
    2. Assess the fit and purpose.
    3. Consider strategies for overcoming potential challenges.
    4. Determine the future of this platform for your organization.

    The “everything may work” scenario

    Adopt and expand

    Believe it or not, Domino and Notes are still options to consider when determining a migration strategy. With HCL still committed to the platform, there are options organizations should seek to better understand rather than assuming SharePoint will solve all. In our research, we consider:

    Importance to current business processes

    • Importance of use
    • Complexity in migrations
    • Choosing a new platform

    Available tools to facilitate

    • Talent/access to skills
    • Economies of scale/lower cost at scale
    • Access to technology

    Info-Tech Insight

    With multiple options to consider, take the time to clearly understand the application rationalization process within your decision making.

    • Archive/retire
    • Application migration
    • Application replatform
    • Stay right where you are

    Eliminate your bias – consider the advantages

    “There is a lot of bias toward Domino; decisions are being made by individuals who know very little about Domino and more importantly, they do not know how it impacts business environment.”

    – Rob Salerno, Founder & CTO, Rivet Technology Partners

    Domino advantages include:

    Modern Cloud & Application

    • No-code/low-code technology

    Business-Managed Application

    • Business written and supported
    • Embrace the business support model
    • Enterprise class application

    Leverage the Application Taxonomy & Build

    • A rapid application development platform
    • Develop skill with HCL training

    HCL Domino is a supported and developed platform

    Why consider HCL?

    • Consider scheduling a Roadmap Session with HCL. This is an opportunity to leverage any value in the mission and brand of your organization to gain insights or support from HCL.
    • Existing Domino customers are not the only entities seeking certainty with the platform. Software solution providers that support enterprise IT infrastructure ecosystems (backup, for example) will also be seeking clarity for the future of the platform. HCL will be managing these relationships through the channel/partner management programs, but our observations indicate that Domino integrations are scarce.
    • HCL Domino should be well positioned feature-wise to support low-code/NoSQL demands for enterprises and citizen developers.

    Visualize Your Application Roadmap

    1. Focus on the application portfolio and crafting a roadmap for rationalization.
      • The process is intended to help you determine each application’s functional and technical adequacy for the business process that it supports.
    2. Document your findings on respective application capability heatmaps.
      • This drives your organization to a determination of application dispositions and provides a tool to output various dispositions for you as a roadmap.
    3. Sort the application portfolio into a disposition status (keep, replatform, retire, consolidate, etc.)
      • This information will be an input into any cloud migration or modernization as well as consolidation of the infrastructure, licenses, and support for them.

    Our external support perspective

    by Darin Stahl

    Member Feedback

    • Some members who have remaining Domino applications in production – while the retire, replatform, consolidate, or stay strategy is playing out – have concerns about the challenges with ongoing support and resources required for the platform. In those cases, some have engaged external services providers to augment staff or take over as managed services.
    • While there could be existing support resources (in house or on retainer), the member might consider approaching an external provider who could help backstop the single resource or even provide some help with the exit strategies. At this point, the conversation would be helpful in any case. One of our members engaged an external provider in a Statement of Work for IBM Domino Administration focused on one-time events, Tier 1/Tier 2 support, and custom ad hoc requests.
    • The augmentation with the managed services enabled the member to shift key internal resources to a focus on executing the exit strategies (replatform, retire, consolidate), since the business knowledge was key to that success.
    • The member also very aggressively governed the Domino environment support needs to truly technical issues/maintenance of known and supported functionality rather than coding new features (and increasing risk and cost in a migration down the road) – in short, freezing new features and functionality unless required for legal compliance or health and safety.
    • There obviously are other providers, but at this point Info-Tech no longer maintains a market view or scan of those related to Domino due to low member demand.

    Domino database assessments

    Consider the database.

    • Domino database assessments should be informed through the lens of a multi-value database, like jBase, or an object system.
    • The assessment of the databases, often led by relational database subject matter experts grounded in normalized databases, can be a struggle since Notes databases must be denormalized.
    Key/Value Column

    Use case: Heavily accessed, rarely updated, large amounts of data
    Data Model: Values are stored in a hash table of keys.
    Fast access to small data values, but querying is slow
    Processor friendly
    Based on amazon's Dynamo paper
    Example: Project Voldemort used by LinkedIn

    		 this is a Key/Value example

    Use case: High availability, multiple data centers
    Data Model: Storage blocks of data are contained in columns
    Handles size well
    Based on Google's BigTable
    Example: Hadoop/Hbase used by Facebook and Yahoo

    		 This is a Column Example
    Document Graph

    Use case: Rapid development, Web and programmer friendly
    Data Model: Stores documents made up of tagged elements. Uses Key/Value collections
    Better query abilities than Key/Value databases.
    Inspired by Lotus Notes.
    Example: CouchDB used by BBC

    		 This is a Document Example

    Use case: Best at dealing with complexity and relationships/networks
    Data model: Nodes and relationships.
    Data is processed quickly
    Inspired by Euler and graph theory
    Can easily evolve schemas
    Example: Neo4j

    		 This is a Graph Example

    Understand your options

    Archive/Retire

    Store the application data in a long-term repository with the means to locate and read it for regulatory and compliance purposes.

    Migrate

    Migrate to a new version of the application, facilitating the process of moving software applications from one computing environment to another.

    Replatform

    Replatforming is an option for transitioning an existing Domino application to a new modern platform (i.e. cloud) to leverage the benefits of a modern deployment model.

    Stay

    Review the current Domino platform roadmap and understand HCL’s support model. Keep the application within the Domino platform.

    Archive/retire

    Retire the application, storing the application data in a long-term repository.

    Abstract

    The most common approach is to build the required functionality in whatever new application/solution is selected, then archive the old data in PDFs and documents.

    Typically this involves archiving the data and leveraging Microsoft SharePoint and the new collaborative solutions, likely in conjunction with other software-as-a-service (SaaS) solutions.

    Advantages

    • Reduce support cost.
    • Consolidate applications.
    • Reduce risk.
    • Reduce compliance and security concerns.
    • Improve business processes.

    Considerations

    • Application transformation
    • eDiscovery costs
    • Legal implications
    • Compliance implications
    • Business process dependencies

    Info-Tech Insights

    Be aware of the costs associated with archiving. The more you archive, the more it will cost you.

    Application migration

    Migrate to a new version of the application

    Abstract

    An application migration is the managed process of migrating or moving applications (software) from one infrastructure environment to another.

    This can include migrating applications from one data center to another data center, from a data center to a cloud provider, or from a company’s on-premises system to a cloud provider’s infrastructure.

    Advantages

    • Reduce hardware costs.
    • Leverage cloud technologies.
    • Improve scalability.
    • Improve disaster recovery.
    • Improve application security.

    Considerations

    • Data extraction, starting from the document databases in NSF format and including security settings about users and groups granted to read and write single documents, which is a powerful feature of Lotus Domino documents.
    • File extraction, starting from the document databases in NSF format, which can contain attachments and RTF documents and embedded files.
    • Design of the final relational database structure; this activity should be carried out without taking into account the original structure of the data in Domino files or the data conversion and loading, from the extracted format to the final model.
    • Design and development of the target-state custom applications based on the new data model and the new selected development platform.

    Application replatform

    Transition an existing Domino application to a new modern platform

    Abstract

    This type of arrangement is typically part of an application migration or transformation. In this model, client can “replatform” the application into an off-premises hosted provider platform. This would yield many benefits of cloud but in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.

    Two challenges are particularly significant when migrating or replatforming Domino applications:

    • The application functionality/value must be reproduced/replaced with not one but many applications, either through custom coding or a commercial-off-the-shelf/SaaS solution.
    • Notes “databases” are not relational databases and will not migrate simply to an SQL database while retaining the same business value. Notes databases are essentially NoSQL repositories and are difficult to normalize.

    Advantages

    • Leverage cloud technologies.
    • Improve scalability.
    • Align to a SharePoint platform.
    • Improve disaster recovery.
    • Improve application security.

    Considerations

    • Application replatform resource effort
    • Network bandwidth
    • New platform terms and conditions
    • Secure connectivity and communication
    • New platform security and compliance
    • Degree of complexity

    Info-Tech Insights

    There is a difference between a migration and a replatform application strategy. Determine which solution aligns to the application requirements.

    Stay with HCL

    Stay with HCL, understanding its future commitment to the platform.

    Abstract

    Following the announced acquisition of IBM Domino and up until around December 2019, HCL had published no future roadmap for the platform. The public-facing information/website at the time stated that HCL acquired “the product family and key lab services to deliver professional services.” Again, there was no mention or emphasis on upcoming new features for the platform. The product offering on their website at the time stated that HCL would leverage its services expertise to advise clients and push applications into four buckets:

    1. Replatform
    2. Retire
    3. Move to cloud
    4. Modernize

    That public-facing messaging changed with release 11.0, which had references to IBM rebranded to HCL for the Notes and Domino product – along with fixes already inflight. More information can be found on HCL’s FAQ page.

    Advantages

    • Known environment
    • Domino is a supported platform
    • Domino is a developed platform
    • No-code/low-code optimization
    • Business developed applications
    • Rapid application framework

    This is the HCL Domino Logo

    Understand your tools

    Many tools are available to help evaluate or migrate your Domino Platform. Here are a few common tools for you to consider.

    Notes Archiving & Notes to SharePoint

    Summary of Vendor

    “SWING Software delivers content transformation and archiving software to over 1,000 organizations worldwide. Our solutions uniquely combine key collaborative platforms and standard document formats, making document production, publishing, and archiving processes more efficient.”*

    Tools

    Lotus Notes Data Migration and Archiving: Preserve historical data outside of Notes and Domino

    Lotus Note Migration: Replacing Lotus Notes. Boost your migration by detaching historical data from Lotus Notes and Domino.

    Headquarters

    Croatia

    Best fit

    • Application archive and retire
    • Migration to SharePoint

    This is an image of the SwingSoftware Logo

    * swingsoftware.com

    Domino Migration to SharePoint

    Summary of Vendor

    “Providing leading solutions, resources, and expertise to help your organization transform its collaborative environment.”*

    Tools

    Notes Domino Migration Solutions: Rivit’s industry-leading solutions and hardened migration practice will help you eliminate Notes Domino once and for all.

    Rivive Me: Migrate Notes Domino applications to an enterprise web application

    Headquarters

    Canada

    Best fit

    • Application Archive & Retire
    • Migration to SharePoint

    This is an image of the RiVit Logo

    * rivit.ca

    Lotus Notes to M365

    Summary of Vendor

    “More than 300 organizations across 40+ countries trust skybow to build no-code/no-compromise business applications & processes, and skybow’s community of customers, partners, and experts grows every day.”*

    Tools

    SkyBow Studio: The low-code platform fully integrated into Microsoft 365

    Headquarters:

    Switzerland

    Best fit

    • Application Archive & Retire
    • Migration to SharePoint

    This is an image of the SkyBow Logo

    * skybow.com | About skybow

    Notes to SharePoint Migration

    Summary of Vendor

    “CIMtrek is a global software company headquartered in the UK. Our mission is to develop user-friendly, cost-effective technology solutions and services to help companies modernize their HCL Domino/Notes® application landscape and support their legacy COBOL applications.”*

    Tools

    CIMtrek SharePoint Migrator: Reduce the time and cost of migrating your IBM® Lotus Notes® applications to Office 365, SharePoint online, and SharePoint on premises.

    Headquarters

    United Kingdom

    Best fit

    • Application replatform
    • Migration to SharePoint

    This is an image of the CIMtrek Logo

    * cimtrek.com | About CIMtrek

    Domino replatform/Rapid application selection framework

    Summary of Vendor

    “4WS.Platform is a rapid application development tool used to quickly create multi-channel applications including web and mobile applications.”*

    Tools

    4WS.Platform is available in two editions: Community and Enterprise.
    The Platform Enterprise Edition, allows access with an optional support pack.

    4WS.Platform’s technical support provides support services to the users through support contracts and agreements.

    The platform is a subscription support services for companies using the product which will allow customers to benefit from the knowledge of 4WS.Platform’s technical experts.

    Headquarters

    Italy

    Best fit

    • Application replatform

    This is an image of the 4WS PLATFORM Logo

    * 4wsplatform.org

    Activity

    Understand your Domino options

    Application Rationalization Exercise

    Info-Tech Insight

    Application rationalization is the perfect exercise to fully understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

    This activity involves the following participants:

    • IT strategic direction decision-makers.
    • IT managers responsible for an existing Domino platform
    • Organizations evaluating platforms for mission-critical applications.

    Outcomes of this step:

    • Completed Application Rationalization Tool

    Application rationalization exercise

    Use this Application Rationalization Tool to input the outcomes of your various application assessments

    In the Application Entry tab:

    • Input your application inventory or subset of apps you intend to rationalize, along with some basic information for your apps.

    In the Business Value & TCO Comparison tab, determine rationalization priorities.

    • Input your business value scores and total cost of ownership (TCO) of applications.
    • Review the results of this analysis to determine which apps should require additional analysis and which dispositions should be prioritized.

    In the Disposition Selection tab:

    • Add to or adapt our list of dispositions as appropriate.

    In the Rationalization Inputs tab:

    • Add or adapt the disposition criteria of your application rationalization framework as appropriate.
    • Input the results of your various assessments for each application.

    In the Disposition Settings tab:

    • Add or adapt settings that generate recommended dispositions based on your rationalization inputs.

    In the Disposition Recommendations tab:

    • Review and compare the rationalization results and confirm if dispositions are appropriate for your strategy.

    In the Timeline Considerations tab:

    • Enter the estimated timeline for when you execute your dispositions.

    In the Portfolio Roadmap tab:

    • Review and present your roadmap and rationalization results.

    Follow the instructions to generate recommended dispositions and populate an application portfolio roadmap.

    This image depicts a scatter plot graph where the X axis is labeled Business Value, and the Y Axis is labeled Cost. On the graph, the following datapoints are displayed: SF; HRIS; ERP; ALM; B; A; C; ODP; SAS

    Info-Tech Insight

    Watch out for misleading scores that result from poorly designed criteria weightings.

    Related Info-Tech Research

    Build an Application Rationalization Framework

    Manage your application portfolio to minimize risk and maximize value.

    Embrace Business-Managed Applications

    Empower the business to implement their own applications with a trusted business-IT relationship.

    Satisfy Digital End Users With Low- and No-Code

    Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    Leverage your vendor sourcing process to get better results.

    Research Authors

    Darin Stahl, Principal Research Advisor, Info-Tech Research Group

    Darin Stahl, Principal Research Advisor,
    Info-Tech Research Group

    Darin is a Principal Research Advisor within the Infrastructure practice, leveraging 38+ years of experience. His areas of focus include IT operations management, service desk, infrastructure outsourcing, managed services, cloud infrastructure, DRP/BCP, printer management, managed print services, application performance monitoring, managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).

    Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy Cheeseman, Practice Lead,
    Info-Tech Research Group

    Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.

    Research Contributors

    Rob Salerno, Founder & CTO, Rivit Technology Partners

    Rob Salerno, Founder & CTO, Rivit Technology Partners

    Rob is the Founder and Chief Technology Strategist for Rivit Technology Partners. Rivit is a system integrator that delivers unique IT solutions. Rivit is known for its REVIVE migration strategy which helps companies leave legacy platforms (such as Domino) or move between versions of software. Rivit is the developer of the DCOM Application Archiving solution.

    Bibliography

    Cheshire, Nigel. “Domino v12 Launch Keeps HCL Product Strategy On Track.” Team Studio, 19 July 2021. Web.

    “Is LowCode/NoCode the best platform for you?” Rivit Technology Partners, 15 July 2021. Web.

    McCracken, Harry. “Lotus: Farewell to a Once-Great Tech Brand.” TIME, 20 Nov. 2012. Web.

    Sharwood, Simon. “Lotus Notes refuses to die, again, as HCL debuts Domino 12.” The Register, 8 June 2021. Web.

    Woodie, Alex. “Domino 12 Comes to IBM i.” IT Jungle, 16 Aug. 2021. Web.

    Modernize Your Microsoft Licensing for the Cloud Era

    • Buy Link or Shortcode: {j2store}304|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $102,414 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Microsoft licensing is complicated. Often, the same software can be licensed a number of ways. It’s difficult to know which edition and licensing model is best.
    • Licensing and features often change with the release of new software versions, compounding the problem by making it difficult to stay current.
    • In tough economic times, IT is asked to reduce capital and operating expenses wherever possible. As one of the top five expense items in most enterprise software budgets, Microsoft licensing is a primary target for cost reduction.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough needs assessment and document the results. Well-documented needs will be your best asset in navigating Microsoft licensing and negotiating your agreement.
    • Beware the bundle. Be aware when purchasing the M365 suite that there is no way out. Negotiating a low price is critical, as all leverage swings to Microsoft once it is on your agreement.
    • If the cloud doesn’t fit, be ready to pay up or start making room. Microsoft has drastically reduced discounting for on-premises products, support has been reduced, and product rights have been limited. If you are planning to remain on premises, be prepared to pay up.

    Impact and Result

    • Understand what your organization needs and what your business requirements are. It’s always easier to purchase more later than try to reduce your spend.
    • Complete cost calculations carefully, as the cloud might end up costing significantly more for the desired feature set. However, in some scenarios, it may be more cost efficient for organizations to license in the cloud.
    • If there are significant barriers to cloud adoption, discuss and document them. You’ll need this documentation in three years when it’s time to renew your agreement.

    Modernize Your Microsoft Licensing for the Cloud Era Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Modernize Your Microsoft Licensing Deck – A deck to help you build a strategy for your Microsoft licensing renewal.

    This storyboard will help you build a strategy for your Microsoft licensing renewal from conducting a thorough needs assessment to examining your licensing position, evaluating Microsoft's licensing options, and negotiations.

    • Modernize Your Microsoft Licensing for the Cloud Era – Phases 1-4

    2. Microsoft Cloud Products Cost Modeler – A tool to model estimated costs for Microsoft's cloud products.

    The Microsoft Cloud Products Cost Modeler will provide a rough estimate of what you can expect to pay for Office 365 or Dynamics CRM licensing, before you enter into negotiations. This is not your final cost, but it will give you an idea.

    • Microsoft Cloud Products Cost Modeler

    3. Microsoft Licensing Purchase Reference Guide - A template to capture licensing stakeholder information, proposed changes to licensing, and negotiation items.

    The Microsoft Licensing Purchase Reference Guide can be used throughout the process of licensing review: from initial meetings to discuss compliance state and planned purchases, to negotiation meetings with resellers. Use it in conjunction with Info-Tech's Microsoft Licensing Effective License Position Template.

    • Microsoft Licensing Purchase Reference Guide

    4. Negotiation Timeline for Microsoft – A template to navigate your negotiations with Microsoft.

    This tool will help you plot out your negotiation timeline, depending on where you are in your contract negotiation process.

  • 6-12 months
  • Less than 3 months

    • Negotiation Timeline for Microsoft – Visio
    • Negotiation Timeline for Microsoft – PDF

    5. Effective Licensing Position Tool – A template to help you create an effective licensing position and determine your compliance position.

    This template helps organizations to determine the difference between the number of software licenses they own and the number of software copies deployed. This is known as the organization’s effective license position (ELP).

    • Effective Licensing Position Tool
    [infographic]

    Improve Requirements Gathering

    • Buy Link or Shortcode: {j2store}523|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $153,578 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Requirements & Design
    • Parent Category Link: /requirements-and-design
    • Poor requirements are the number one reason that projects fail. Requirements gathering and management has been an ongoing issue for IT professionals for decades.
    • If proper due diligence for requirements gathering is not conducted, then the applications that IT is deploying won’t meet business objectives and will fail to deliver adequate business value.
    • Inaccurate requirements definition can lead to significant amounts of project rework and hurt the organization’s financial performance. It will also create significant damage to the working relationship between IT and the business.
    • Often, business analysts haven’t developed the right competencies to successfully execute requirements gathering processes, even when they are in place.

    Our Advice

    Critical Insight

    • To avoid makeshift solutions, an organization needs to gather requirements with the desired future state in mind.
    • Creating a unified set of standard operating procedures is essential for effectively gathering requirements, but many organizations fail to do it.
    • Centralizing governance of requirements processes with a requirements gathering steering committee or requirements gathering center of excellence can bring greater uniformity and cohesion when gathering requirements across projects.
    • Business analysts must be targeted for competency development to ensure that the processes developed above are being successfully executed and the right questions are being asked of project sponsors and stakeholders.

    Impact and Result

    • Enhanced requirements analysis will lead to tangible reductions in cycle time and reduced project overhead.
    • An improvement in requirements analysis will strengthen the relationship between business and IT, as more and more applications satisfy stakeholder needs.
    • More importantly, the applications delivered by IT will meet all of the must-have and at least some of the nice-to-have requirements, allowing end users to successfully execute their day-to-day responsibilities.

    Improve Requirements Gathering Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should invest in optimizing your requirements gathering processes.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the target state for the requirements gathering process

    Capture a clear understanding of the target needs for the requirements process.

    • Build a Strong Approach to Business Requirements Gathering – Phase 1: Build the Target State for the Requirements Gathering Process
    • Requirements Gathering SOP and BA Playbook
    • Requirements Gathering Maturity Assessment
    • Project Level Selection Tool
    • Business Requirements Analyst
    • Requirements Gathering Communication Tracking Template

    2. Define the elicitation process

    Develop best practices for conducting and structuring elicitation of business requirements.

    • Build a Strong Approach to Business Requirements Gathering – Phase 2: Define the Elicitation Process
    • Business Requirements Document Template
    • Scrum Documentation Template

    3. Analyze and validate requirements

    Standardize frameworks for analysis and validation of business requirements.

    • Build a Strong Approach to Business Requirements Gathering – Phase 3: Analyze and Validate Requirements
    • Requirements Gathering Documentation Tool
    • Requirements Gathering Testing Checklist

    4. Create a requirements governance action plan

    Formalize change control and governance processes for requirements gathering.

    • Build a Strong Approach to Business Requirements Gathering – Phase 4: Create a Requirements Governance Action Plan
    • Requirements Traceability Matrix
    [infographic]

    Workshop: Improve Requirements Gathering

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Current State and Target State for Requirements Gathering

    The Purpose

    Create a clear understanding of the target needs for the requirements gathering process.

    Key Benefits Achieved

    A comprehensive review of the current state for requirements gathering across people, processes, and technology.

    Identification of major challenges (and opportunity areas) that should be improved via the requirements gathering optimization project.

    Activities

    1.1 Understand current state and document existing requirement process steps.

    1.2 Identify stakeholder, process, outcome, and training challenges.

    1.3 Conduct target state analysis.

    1.4 Establish requirements gathering metrics.

    1.5 Identify project levels 1/2/3/4.

    1.6 Match control points to project levels 1/2/3/4.

    1.7 Conduct project scoping and identify stakeholders.

    Outputs

    Requirements Gathering Maturity Assessment

    Project Level Selection Tool

    Requirements Gathering Documentation Tool

    2 Define the Elicitation Process

    The Purpose

    Create best practices for conducting and structuring elicitation of business requirements.

    Key Benefits Achieved

    A repeatable framework for initial elicitation of requirements.

    Prescribed, project-specific elicitation techniques.

    Activities

    2.1 Understand elicitation techniques and which ones to use.

    2.2 Document and confirm elicitation techniques.

    2.3 Create a requirements gathering elicitation plan for your project.

    2.4 Build the operating model for your project.

    2.5 Define SIPOC-MC for your selected project.

    2.6 Practice using interviews with business stakeholders to build use case models.

    2.7 Practice using table-top testing with business stakeholders to build use case models.

    Outputs

    Project Elicitation Schedule

    Project Operating Model

    Project SIPOC-MC Sub-Processes

    Project Use Cases

    3 Analyze and Validate Requirements

    The Purpose

    Build a standardized framework for analysis and validation of business requirements.

    Key Benefits Achieved

    Policies for requirements categorization, prioritization, and validation.

    Improved project value as a result of better prioritization using the MOSCOW model.

    Activities

    3.1 Categorize gathered requirements for use.

    3.2 Consolidate similar requirements and eliminate redundancies.

    3.3 Practice prioritizing requirements.

    3.4 Build the business process model for the project.

    3.5 Rightsize the requirements documentation template.

    3.6 Present the business requirements document to business stakeholders.

    3.7 Identify testing opportunities.

    Outputs

    Requirements Gathering Documentation Tool

    Requirements Gathering Testing Checklist

    4 Establish Change Control Processes

    The Purpose

    Create formalized change control processes for requirements gathering.

    Key Benefits Achieved

    Reduced interjections and rework – strengthened formal evaluation and control of change requests to project requirements.

    Activities

    4.1 Review existing CR process.

    4.2 Review change control process best practices and optimization opportunities.

    4.3 Build guidelines for escalating changes.

    4.4 Confirm your requirements gathering process for project levels 1/2/3/4.

    Outputs

    Requirements Traceability Matrix

    Requirements Gathering Communication Tracking Template

    5 Establish Ongoing Governance for Requirements Gathering

    The Purpose

    Establish governance structures and ongoing oversight for business requirements gathering.

    Key Benefits Achieved

    Consistent governance and oversight of the requirements gathering process, resulting in fewer “wild west” scenarios.

    Better repeatability for the new requirements gathering process, resulting in less wasted time and effort at the outset of projects.

    Activities

    5.1 Define RACI for the requirements gathering process.

    5.2 Define the requirements gathering steering committee purpose.

    5.3 Define RACI for requirements gathering steering committee.

    5.4 Define the agenda and cadence for the requirements gathering steering committee.

    5.5 Identify and analyze stakeholders for communication plan.

    5.6 Create communication management plan.

    5.7 Build the action plan.

    Outputs

    Requirements Gathering Action Plan

    Further reading

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Analyst Perspective

    A strong process for business requirements gathering is essential for application project success. However, most organizations do not take a strategic approach to optimizing how they conduct business analysis and requirements definition.

    "Robust business requirements are the basis of a successful project. Without requirements that correctly articulate the underlying needs of your business stakeholders, projects will fail to deliver value and involve significant rework. In fact, an Info-Tech study found that of projects that fail over two-thirds fail due to poorly defined business requirements.

    Despite the importance of good business requirements to project success, many organizations struggle to define a consistent and repeatable process for requirements gathering. This results in wasted time and effort from both IT and the business, and generates requirements that are incomplete and of dubious value. Additionally, many business analysts lack the competencies and analytical techniques needed to properly execute the requirements gathering process.

    This research will help you get requirements gathering right by developing a set of standard operating procedures across requirements elicitation, analysis, and validation. It will also help you identify and fine-tune the business analyst competencies necessary to make requirements gathering a success."

    – Ben Dickie, Director, Enterprise Applications, Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • The IT applications director who has accountability for ensuring that requirements gathering procedures are both effective and efficient.
    • The designated business analyst or requirements gathering professional who needs a concrete understanding of how to execute upon requirements gathering SOPs.

    This Research Will Help You:

    • Diagnose your current state and identify (and prioritize) gaps that exist between your target requirements gathering needs and your current capabilities and processes.
    • Build a requirements gathering SOP that prescribes a framework for requirements governance and technology usage, as well as techniques for elicitation, analysis, and validation.

    This Research Will Also Assist:

    • The business partner/stakeholder who is interested in ways to work with IT to improve upon existing procedures for requirements gathering.
    • Systems analysts and developers who need to understand how business requirements are effectively gathered upstream.

    This Research Will Help Them:

    • Understand the significance and importance of business requirements gathering on overall project success and value alignment.
    • Create rules of engagement for assisting IT with the collection of requirements from the right stakeholders in a timely fashion.

    Executive summary

    Situation

    • Strong business requirements are essential to project success – inadequate requirements are the number one reason that projects fail.
    • Organizations need a consistent, repeatable, and prescriptive set of standard operating procedures (SOPs) that dictate how business requirements gathering should be conducted.

    Complication

    • If proper due diligence for requirements gathering is not conducted, then the applications that IT is deploying won’t meet business objectives, and they will fail to deliver adequate business value.
    • Inaccurate requirements definition can lead to significant amounts of project rework and hurt the organization’s financial performance. It will also damage the relationship between IT and the business.

    Resolution

    • To avoid delivering makeshift solutions (paving the cow path), organizations need to gather requirements with the desired future state in mind. Organizations need to keep an open mind when gathering requirements.
    • Creating a unified set of SOPs is essential for effectively gathering requirements; these procedures should cover not just elicitation, analysis, and validation, but also include process governance and documentation.
    • BAs who conduct requirements gathering must demonstrate proven competencies for stakeholder management, analytical techniques, and the ability to speak the language of both the business and IT.
    • An improvement in requirements analysis will strengthen the relationship between business and IT, as more and more applications satisfy stakeholder needs. More importantly, the applications delivered by IT will meet all of the must-have and at least some of the nice-to-have requirements, allowing end users to execute their day-to-day responsibilities.

    Info-Tech Insight

    1. Requirements gathering SOPs should be prescriptive based on project complexity. Complex projects will require more analytical rigor. Simpler projects can be served by more straightforward techniques like user story development.
    2. Business analysts (BA) can make or break the execution of the requirements gathering process. A strong process still needs to be executed well by BAs with the right blend of skills and knowledge.

    Understand what constitutes a strong business requirement

    A business requirement is a statement that clearly outlines the functional capability that the business needs from a system or application. There are several attributes to look at in requirements:

    Verifiable
    Stated in a way that can be easily tested

    Unambiguous
    Free of subjective terms and can only be interpreted in one way

    Complete
    Contains all relevant information

    Consistent
    Does not conflict with other requirements

    Achievable
    Possible to accomplish with budgetary and technological constraints

    Traceable
    Trackable from inception through to testing

    Unitary
    Addresses only one thing and cannot be decomposed into multiple requirements

    Agnostic
    Doesn’t pre-suppose a specific vendor or product

    Not all requirements will meet all of the attributes.

    In some situations, an insight will reveal new requirements. This requirement will not follow all of the attributes listed above and that’s okay. If a new insight changes the direction of the project, re-evaluate the scope of the project.

    Attributes are context specific.

    Depending on the scope of the project, certain attributes will carry more weight than others. Weigh the value of each attribute before elicitation and adjust as required. For example, verifiable will be a less-valued attribute when developing a client-facing website with no established measuring method/software.

    Build a firm foundation: requirements gathering is an essential step in any project, but many organizations struggle

    Proper requirements gathering is critical for delivering business value from IT projects, but it remains an elusive and perplexing task for most organizations. You need to have a strategy for end-to-end requirements gathering, or your projects will consistently fail to meet business expectations.

    50% of project rework is attributable to problems with requirements. (Info-Tech Research Group)

    45% of delivered features are utilized by end users. (The Standish Group)

    78% of IT professionals believe the business is “usually” or “always” out of sync with project requirements. (Blueprint Software Systems)

    45% of IT professionals admit to being “fuzzy” about the details of a project’s business objectives. (Blueprint Software Systems)

    Requirements gathering is truly an organization-spanning issue, and it falls directly on the IT directors who oversee projects to put prudent SOPs in place for managing the requirements gathering process. Despite its importance, the majority of organizations have challenges with requirements gathering.

    What happens when requirements are no longer effective?

    • Poor requirements can have a very visible and negative impact on deployed apps.
    • IT receives the blame for any project shortcomings or failures.
    • IT loses its credibility and ability to champion future projects.
    • Late projects use IT resources longer than planned.

    Requirements gathering is a core component of the overall project lifecycle that must be given its due diligence

    PMBOK’s Five Phase Project Lifecycle

    Initiate – Plan: Requirements Gathering Lives Here – Execute – Control – Close

    Inaccurate requirements is the 2nd most common cause of project failure (Project Management Institute ‒ Smartsheet).

    Requirements gathering is a critical stage of project planning.

    Depending on whether you take an Agile or Waterfall project management approach, it can be extended into the initiate and execute phases of the project lifecycle.

    Strong stakeholder satisfaction with requirements gathering results in higher satisfaction in other areas

    Organizations that had high satisfaction with requirements gathering were more likely to be highly satisfied with the other areas of IT. In fact, 72% of organizations that had high satisfaction with requirements gathering were also highly satisfied with the availability of IT capacity to complete projects.

    A bar graph measuring % High Satisfaction when projects have High Requirements Gathering vs. Not High Requirements Gathering. The graph shows a substantially higher percentage of high satisfaction on projects with High Requirements Gathering

    Note: High satisfaction was classified as organizations with a score greater or equal to 8. Not high satisfaction was every other organization that scored below 8 on the area questions.

    N=395 organizations from Info-Tech’s CIO Business Vision diagnostic

    Requirements gathering efforts are filled with challenges; review these pitfalls to avoid in your optimization efforts

    The challenges that afflict requirements gathering are multifaceted and often systemic in nature. There isn’t a single cure that will fix all of your requirements gathering problems, but an awareness of frequently encountered challenges will give you a basis for where to consider establishing better SOPs. Commonly encountered challenges include:

    Process Challenges

    • Requirements may be poorly documented, or not documented at all.
    • Elicitation methods may be inappropriate (e.g. using a survey when collaborative whiteboarding is needed).
    • Elicitation methods may be poorly executed.
    • IT and business units may not be communicating requirements in the same terms/language.
    • Requirements that conflict with one another may not be identified during analysis.
    • Requirements cannot be traced from origin to testing.

    Stakeholder Challenges

    • Stakeholders may be unaware of the requirements needed for the ideal solution.
    • Stakeholders may have difficulty properly articulating their desired requirements.
    • Stakeholders may have difficulty gaining consensus on the ideal solution.
    • Relevant stakeholders may not be consulted on requirements.
    • Sign-off may not be received from the proper stakeholders.

    70% of projects fail due to poor requirements. (Info-Tech Research Group)

    Address the root cause of poor requirements to increase project success

    Root Causes of Poor Requirements Gathering:

    • Requirements gathering procedures don’t exist.
    • Requirements gathering procedures exist but aren’t followed.
    • There isn't enough time allocated to the requirements gathering phase.
    • There isn't enough involvement or investment secured from business partners.
    • There is no senior leadership involvement or mandate to fix requirements gathering.
    • There are inadequate efforts put towards obtaining and enforcing sign-off.

    Outcomes of Poor Requirements Gathering:

    • Rework due to poor requirements leads to costly overruns.
    • Final deliverables are of poor quality.
    • Final deliverables are implemented late.
    • Predicted gains from deployed applications are not realized.
    • There are low feature utilization rates by end users.
    • There are high levels of end-user dissatisfaction.
    • There are high levels of project sponsor dissatisfaction.

    Info-Tech Insight

    Requirements gathering is the number one failure point for most development or procurement projects that don’t deliver value. This has been and continues to be the case as most organizations still don't get requirements gathering right. Overcoming organizational cynicism can be a major obstacle when it is time to optimize the requirements gathering process.

    Reduce wasted project work with clarity of business goals and analysis of requirements

    You can reduce the amount of wasted work by making sure you have clear business goals. In fact, you could see an improvement of as much as 50% by going from a low level of satisfaction with clarity of business goals (<2) to a high level of satisfaction (≥5).

    A line graph demonstrating that as the amount of wasted work increases, clarity of business goals satisfaction decreases.

    Likewise, you could see an improvement of as much as 43% by going from a low level of satisfaction with analysis of requirements (less than 2) to a high level of satisfaction (greater than or equal to 5).

    A line graph demonstrating that as the Amount of Wasted Work decreases, the level of satisfaction with analysis of requirements shifts from low to high.

    Note: Waste is measured by the amount of cancelled projects; suboptimal assignment of resources; analyzing, fixing, and re-deploying; inefficiency, and unassigned resources.

    N=200 teams from the Project Portfolio Management diagnostic

    Effective requirements gathering supports other critical elements of project management success

    Good intentions and hard work aren’t enough to make a project successful. As you proceed with a project, step back and assess the critical success factors. Make sure that the important inputs and critical activities of requirements gathering are supporting, not inhibiting, project success.

    1. Streamlined Project Intake
    2. Strong Stakeholder Management
    3. Defined Project Scope
    4. Effective Project Management
    5. Environmental Analysis

    Don’t improvise: have a structured, end-to-end approach for successfully gathering useful requirements

    Creating a unified SOP guide for requirements elicitation, analysis, and validation is a critical step for requirements optimization; it gives your BAs a common frame of reference for conducting requirements gathering.

    • The key to requirements optimization is to establish a strong set of SOPs that provide direction on how your organization should be executing requirements gathering processes. This SOP guide should be a holistic document that walks your BAs through a requirements gathering project from beginning to end.
    • An SOP that is put aside is useless; it must be well communicated to BAs. It should be treated as the veritable manifesto of requirements management in your organization.

    Info-Tech Insight

    Having a standardized approach to requirements management is critical, and SOPs should be the responsibility of a group. The SOP guide should cover all of the major bases of requirements management. In addition to providing a walk-through of the process, an SOP also clarifies requirements governance.

    Leverage Info-Tech’s proven Requirements Gathering Framework as the basis for building requirements processes

    A graphic with APPLICATIONS THAT DELIVER BUSINESS VALUE written in the middle. Three steps are named: Elicit; Analyze; Validate. Around the outer part of the graphic are 4 arrows arranged in a circle, with the labels: Plan; Monitor; Communicate; Manage.

    Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework has been extensively road-tested with our clients to ensure that it balances the needs of IT and business stakeholders to give a holistic, end-to-end approach for requirements gathering. It covers the foundational issues (elicitation, analysis, and validation) and prescribes techniques for planning, monitoring, communicating, and managing the requirements gathering process.

    Don’t forget resourcing: the best requirements gathering process will still fail if you don’t develop BA competencies

    When creating the process for requirements gathering, think about how it will be executed by your BAs, and what the composition of your BA team should look like. A strong BA needs to serve as an effective translator, being able to speak the language of both the business and IT.

    1. To ensure alignment of your BAs to the requirements gathering process, undertake a formal skills assessment to identify areas where analysts are strong, and areas that should be targeted for training and skills development.
    2. Training of BAs on the requirements gathering process and development of intimate familiarity with SOPs is essential; you need to get BAs on the same page to ensure consistency and repeatability of the requirements process.
    3. Consider implementing a formal mentorship and/or job shadowing program between senior and junior BAs. Many of our members report that leveraging senior BAs to bootstrap the competencies of more junior team members is a proven approach to building skillsets for requirements gathering.

    What are some core competencies of a good BA?

    • Strong stakeholder management.
    • Proven track record in facilitating elicitation sessions.
    • Ability to bridge the gulf between IT and the business by speaking both languages.
    • Ability to ask relevant probing questions to uncover latent needs.
    • Experience with creating project operating models and business process diagrams.
    • Ability to set and manage expectations throughout the process.

    Throughout this blueprint, look for the “BA Insight” box to learn how steps in the requirements gathering process relate to the skills needed by BAs to facilitate the process effectively.

    A mid-sized local government overhauls its requirements gathering approach and sees strong results

    CASE STUDY

    Industry

    Government

    Source

    Info-Tech Research Group Workshop

    The Client

    The organization was a local government responsible for providing services to approximately 600,000 citizens in the southern US. Its IT department is tasked with deploying applications and systems (such as HRIS) that support the various initiatives and mandate of the local government.

    The Requirements Gathering Challenge

    The IT department recognized that a strong requirements gathering process was essential to delivering value to its stakeholders. However, there was no codified process in place – each BA unilaterally decided how they would conduct requirements gathering at the start of each project. IT recognized that to enhance both the effectiveness and efficiency of requirements gathering, it needed to put in place a strong, prescriptive set of SOPs.

    The Improvement

    Working with a team from Info-Tech, the IT leadership and BA team conducted a workshop to develop a new set of SOPs that provided clear guidance for each stage of the requirements process: elicitation, analysis, and validation. As a result, business satisfaction and value alignment increased.

    The Requirements Gathering SOP and BA Playbook offers a codified set of SOPs for requirements gathering gave BAs a clear playbook.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Strong Approach to Business Requirements Gathering – project overview

    1. Build the Target State for Requirements Gathering 2. Define the Elicitation Process 3. Analyze and Validate Requirements 4. Create a Requirements Governance Action Plan
    Best-Practice Toolkit

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    Guided Implementations
    • Review Info-Tech’s requirements gathering methodology.
    • Assess current state for requirements gathering – pains and challenges.
    • Determine target state for business requirements gathering – areas of opportunity.
    • Assess elicitation techniques and determine best fit to projects and business environment.
    • Review options for structuring the output of requirements elicitation (i.e. SIPOC).
    • Create policies for requirements categorization and prioritization.
    • Establish best practices for validating the BRD with project stakeholders.
    • Discuss how to handle changes to requirements, and establish a formal change control process.
    • Review options for ongoing governance of the requirements gathering process.
    Onsite Workshop Module 1: Define the Current and Target State Module 2: Define the Elicitation Process Module 3: Analyze and Validate Requirements Module 4: Governance and Continuous Improvement Process
    Phase 1 Results: Clear understanding of target needs for the requirements process. Phase 2 Results: Best practices for conducting and structuring elicitation. Phase 3 Results: Standardized frameworks for analysis and validation of business requirements. Phase 4 Results: Formalized change control and governance processes for requirements.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Define Current State and Target State for Requirements Gathering

    • Understand current state and document existing requirement process steps.
    • Identify stakeholder, process, outcome, and reigning challenges.
    • Conduct target state analysis.
    • Establish requirements gathering metrics.
    • Identify project levels 1/2/3/4.
    • Match control points to project levels 1/2/3/4.
    • Conduct project scoping and identify stakeholders.

    Define the Elicitation Process

    • Understand elicitation techniques and which ones to use.
    • Document and confirm elicitation techniques.
    • Create a requirements gathering elicitation plan for your project.
    • Practice using interviews with business stakeholders to build use case models.
    • Practice using table-top testing with business stakeholders to build use case models.
    • Build the operating model for your project

    Analyze and Validate Requirements

    • Categorize gathered requirements for use.
    • Consolidate similar requirements and eliminate redundancies.
    • Practice prioritizing requirements.
    • Rightsize the requirements documentation template.
    • Present the business requirements document (BRD) to business stakeholders.
    • Identify testing opportunities.

    Establish Change Control Processes

    • Review existing CR process.
    • Review change control process best practices & optimization opportunities.
    • Build guidelines for escalating changes.
    • Confirm your requirements gathering process for project levels 1/2/3/4.

    Establish Ongoing Governance for Requirements Gathering

    • Define RACI for the requirements gathering process.
    • Define the requirements gathering governance process.
    • Define RACI for requirements gathering governance.
    • Define the agenda and cadence for requirements gathering governance.
    • Identify and analyze stakeholders for communication plan.
    • Create communication management plan.
    • Build the action plan.
    Deliverables
    • Requirements gathering maturity assessment
    • Project level selection tool
    • Requirements gathering documentation tool
    • Project elicitation schedule
    • Project operating model
    • Project use cases
    • Requirements gathering documentation tool
    • Requirements gathering testing checklist
    • Requirements traceability matrix
    • Requirements gathering communication tracking template
    • Requirements gathering action plan

    Phase 1: Build the Target State for the Requirements Gathering Process

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Build the Target State

    Proposed Time to Completion: 2 weeks

    Step 1.1: Understand the Benefits of Requirements Optimization

    Start with an analyst kick off call:

    • Review Info-Tech’s requirements gathering methodology.

    Then complete these activities…

    • Hold a fireside chat.

    With these tools & templates:

    Requirements Gathering SOP and BA Playbook

    Step 1.2: Determine Your Target State for Requirements Gathering

    Review findings with analyst:

    • Assess current state for requirements gathering – pains and challenges.
    • Determine target state for business requirements gathering – areas of opportunity.

    Then complete these activities…

    • Identify your business process model.
    • Define project levels.
    • Match control points to project level.
    • Identify and analyze stakeholders.

    With these tools & templates:

    • Requirements Gathering Maturity Assessment
    • Project Level Selection Tool
    • Business Requirements Analyst job description
    • Requirements Gathering Communication Tracking Template

    Phase 1 Results & Insights:

    Clear understanding of target needs for the requirements process.

    Step 1.1: Understand the Benefits of Requirements Optimization

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Identifying challenges with requirements gathering and identifying objectives for the workshop.
    This step involves the following participants:
    • Business stakeholders
    • BAs
    Outcomes of this step
    • Stakeholder objectives identified.

    Requirements optimization is powerful, but it’s not free; gauge the organizational capital you’ll need to make it a success

    Optimizing requirements management is not something that can be done in isolation, and it’s not necessarily going to be easy. Improving your requirements will translate into better value delivery, but it takes real commitment from IT and its business partners.

    There are four “pillars of commitment” that will be necessary to succeed with requirements optimization:

    1. Senior Management Organizational Capital
      • Before organizations can establish revised SOPs for requirements gathering, they’ll need a strong champion in senior management to ensure that updated elicitation and sign-off techniques do not offend people. A powerful sponsor can lead to success, especially if they are in the business.
    2. End-User Organizational Capital
      • To overcome cynicism, you need to focus on convincing end users that there is something to be gained from participating in requirements gathering (and the broader process of requirements optimization). Frame the value by focusing on how good requirements mean better apps (e.g. faster, cheaper, fewer errors, less frustration).
    3. Staff Resourcing
      • You can have a great SOP, but if you don’t have the right resources to execute on it you’re going to have difficulty. Requirements gathering needs dedicated BAs (or equivalent staff) who are trained in best practices and can handle elicitation, analysis, and validation successfully.
    4. Dedicated Cycle Time
      • IT and the business both need to be willing to demonstrate the value of requirements optimization by giving requirements gathering the time it needs to succeed. If these parties are convinced by the concept in theory, but still try to rush moving to the development phase, they’re destined for failure.

    Rethink your approach to requirements gathering: start by examining the business process, then tackle technology

    When gathering business requirements, it’s critical not to assume that layering on technology to a process will automatically solve your problems.

    Proper requirements gathering views projects holistically (i.e. not just as an attempt to deploy an application or technology, but as an endeavor to enable new or re-engineered business processes). Neglecting to see requirements gathering in the context of business process enablement leads to failure.

    • Far too often, organizations automate an existing process without putting much thought into finding a better way to do things.
    • Most organizations focus on identifying a series of small improvements to make to a process and realize limited gains.
    • The best way to generate transformational gains is to reinvent how the process should be performed and work backwards from there.
    • You should take a top-down approach and begin by speaking with senior management about the business case for the project and their vision for the target state.
    • You should elicit requirements from the rank-and-file employees while centering the discussion and requirements around senior management’s target state. Don’t turn requirements gathering into a griping session about deficiencies with a current application.

    Leverage Info-Tech’s proven Requirements Gathering Framework as the basis for building requirements processes

    A graphic with APPLICATIONS THAT DELIVER BUSINESS VALUE written in the middle. Three steps are named: Elicit; Analyze; Validate. Around the outer part of the graphic are 4 arrows arranged in a circle, with the labels: Plan; Monitor; Communicate; Manage.

    Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework has been extensively road-tested with our clients to ensure that it balances the needs of IT and business stakeholders to give a holistic, end-to-end approach for requirements gathering. It covers both the foundational issues (elicitation, analysis, and validation) as well as prescribing techniques for planning, monitoring, communicating, and managing the requirements gathering process.

    Requirements gathering fireside chat

    1.1.1 – 45 minutes

    Output
    • Stakeholder objectives
    Materials
    • Whiteboard, markers, sticky notes
    Participants
    • BAs

    Identify the challenges you’re experiencing with requirements gathering, and identify objectives.

    1. Hand out sticky notes to participants, and ask the group to work independently to think of challenges that exist with regards to requirements gathering. (Hint: consider stakeholder challenges, process challenges, outcome challenges, and training challenges.) Ask participants to write their current challenges on sticky notes, and place them on the whiteboard.
    2. As a group, review all sticky notes and group challenges into themes.
    3. For each theme you uncover, work as a group to determine the objective that will overcome these challenges throughout the workshop and write this on the whiteboard.
    4. Discuss how these challenges will be addressed in the workshop.

    Don’t improvise: have a structured, prescriptive end-to-end approach for successfully gathering useful requirements

    Creating a unified SOP guide for requirements elicitation, analysis, and validation is a critical step for requirements optimization; it gives your BAs a common frame of reference for conducting requirements gathering.

    • The key to requirements optimization is to establish a strong set of SOPs that provide direction on how your organization should be executing requirements gathering processes. This SOP guide should be a holistic document that walks your BAs through a requirements gathering project from beginning to end.
    • An SOP that is put aside is useless; it must be well communicated to BAs. It should be treated as the veritable manifesto of requirements management in your organization.

    Info-Tech Insight

    Having a standardized approach to requirements management is critical, and SOPs should be the responsibility of a group. The SOP guide should cover all of the major bases of requirements management. In addition to providing a walk-through of the process, an SOP also clarifies requirements governance.

    Use Info-Tech’s Requirements Gathering SOP and BA Playbook to assist with requirements gathering optimization

    Info-Tech’s Requirements Gathering SOP and BA Playbook template forms the basis of this blueprint. It’s a structured document that you can fill out with defined procedures for how requirements should be gathered at your organization.

    Info-Tech’s Requirements Gathering SOP and BA Playbook template provides a number of sections that you can populate to provide direction for requirements gathering practitioners. Sections provided include: Organizational Context Governance Procedures Resourcing Model Technology Strategy Knowledge Management Elicitation SOPs Analysis SOPs Validation SOPs.

    The template has been pre-populated with an example of requirements management procedures. Feel free to customize it to fit your specific needs.

    Download the Requirements Gathering SOP and BA Playbook template.

    Step 1.2: Determine Your Target State for Requirements Gathering

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Conduct a current and target state analysis.
    • Identify requirements gathering business process model.
    • Establish requirements gathering performance metrics.
    • Define project levels – level 1/2/3/4.
    • Match control points to project level.
    • Conduct initial brainstorming on the project.
    This step involves the following participants:
    • BAs
    Outcomes of this step:
    • Requirements gathering maturity summary.
    • Requirements gathering business process model.
    • Identification of project levels.
    • Identification of control points.

    Plan for requirements gathering

    The image is the Requirements Gathering Framework from earlier slides, but with all parts of the graphic grey-out, except for the arrows containing Plan and Monitor, at the top.

    Establishing an overarching plan for requirements governance is the first step in building an SOP. You must also decide who will actually execute the requirements gathering processes, and what technology they will use to accomplish this. Planning for governance, resourcing, and technology is something that should be done repeatedly and at a higher strategic level than the more sequential steps of elicitation, analysis, and validation.

    Establish your target state for requirements gathering processes to have a cogent roadmap of what needs to be done

    Visualize how you want requirements to be gathered in your organization. Do not let elements of the current process restrict your thinking.

    • First, articulate the impetus for optimizing requirements management and establish clear goals.
    • Use these goals to drive the target state.

    For example:

    • If the goal is to improve the accuracy of requirements, then restructure the validation process.
    • If the goal is to improve the consistency of requirements gathering, then create SOPs or use electronic templates and tools.

    Refrain from only making small changes to improve the existing process. Think about the optimal way to structure the requirements gathering process.

    Define the attributes of a good requirement to help benchmark the type of outputs that you’re looking for

    Attributes of Good Requirements

    Verifiable – It is stated in a way that can be tested.

    Unambiguous – It is free of subjective terms and can only be interpreted in one way.

    Complete – It contains all relevant information.

    Consistent – It does not conflict with other requirements.

    Achievable – It is possible to accomplish given the budgetary and technological constraints.

    Traceable – It can tracked from inception to testing.

    Unitary – It addresses only one thing and cannot be decomposed into multiple requirements.

    Accurate – It is based on proven facts and correct information.

    Other Considerations:

    Organizations can also track a requirement owner, rationale, priority level (must have vs. nice to have), and current status (approved, tested, etc.).

    Info-Tech Insight

    Requirements must be solution agnostic – they should focus on the underlying need rather than the technology required to satisfy the need as it can be really easy to fall into the technology solution trap.

    Use Info-Tech’s Requirements Gathering Maturity Assessment tool to help conduct current and target state analysis

    Use the Requirements Gathering Maturity Assessment tool to help assess the maturity of your requirements gathering function in your organization, and identify the gaps between the current state and the target state. This will help focus your organization's efforts in closing the gaps that represent high-value opportunities.

    • On tab 2. Current State, use the drop-down responses to provide the answer that best matches your organization, where 1= Strongly disagree and 5 = Strongly agree. On tab 3. Target State, answer the same questions in relation to where your organization would like to be.
    • Based on your responses, tab 4. Maturity Summary will display a visual of the gap between the current and target state.

    Conduct a current and target state analysis

    1.2.1 – 1 hour

    Complete the Requirements Gathering Maturity Assessment tool to define your target state, and identify the gaps in your current state.

    Input
    • Current and target state maturity rating
    Output
    • Requirements gathering maturity summary
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    1. For each component of requirements gathering, write out a series of questions to evaluate your current requirements gathering practices. Use the Requirements Gathering Maturity Assessment tool to assist you in drafting questions.
    2. Review the questions in each category, and agree on a rating from 1-5 on their current maturity: 1= Strongly disagree and 5 = Strongly agree. (Note: it will likely be very rare that they would score a 5 in any category, even for the target state.)
    3. Once the assigned categories have been completed, have groups present their assessment to all, and ensure that there is consensus. Once consensus has been reached, input the information into the Current State tab of the tool to reveal the overall current state of maturity score for each category.
    4. Now that the current state is complete, go through each category and define the target state goals.
    5. Document any gaps or action items that need to be addressed.

    Example: Conduct a current and target state analysis

    The Requirements Gathering Maturity Assessment - Target State, with example data inputted.

    Select the project-specific KPIs that will be used to track the value of requirements gathering optimization

    You need to ensure your requirements gathering procedures are having the desired effect and adjust course when necessary. Establishing an upfront list of key performance indicators that will be benchmarked and tracked is a crucial step.

    • Without following up on requirements gathering by tracking project metrics and KPIs, organizations will not be able to accurately gauge if the requirements process re-engineering is having a tangible, measurable effect. They will also not be able to determine what changes (if any) need to be made to SOPs based on project performance.
    • This is a crucial step that many organizations overlook. Creating a retroactive list of KPIs is inadequate, since you must benchmark pre-optimization project metrics in order to assess and isolate the value generated by reducing errors and cycle time and increasing value of deployed applications.

    Establish requirements gathering performance metrics

    1.2.2 – 30 minutes

    Input
    • Historical metrics
    Output
    • Target performance metrics
    Materials
    • Whiteboard
    • Markers
    • Paper
    Participants
    • BAs
    1. Identify the following information for the last six months to one year:
      1. Average number of reworks to requirements.
      2. Number of change requests.
      3. Percent of feature utilization by end users.
      4. User adoption rate.
      5. Number of breaches in regulatory requirements.
      6. Percent of final deliverables implemented on time.
      7. End-user satisfaction score (if possible).
    2. As a group, look at each metric in turn and set your target metrics for six months to one year for each of these categories.

    Document the output from this exercise in section 2.2 of the Requirements Gathering SOP and BA Playbook.

    Visualize your current and target state process for requirements gathering with a business process model

    A business process model (BPM) is a simplified depiction of a complex process. These visual representations allow all types of stakeholders to quickly understand a process, how it affects them, and enables more effective decision making. Consider these areas for your model:

    Stakeholder Analysis

    • Identify who the right stakeholders are
    • Plan communication
    • Document stakeholder responsibilities in a RACI

    Elicitation Techniques

    • Get the right information from stakeholders
    • Document it in the appropriate format
    • Define business need
    • Enterprise analysis

    Documentation

    • How are outputs built?
    • Process flows
    • Use cases
    • Business rules
    • Traceability matrix
    • System requirements

    Validation & Traceability

    • Make sure requirements are accurate and complete
    • Trace business needs to requirements

    Managing Requirements

    • Organizing and prioritizing
    • Gap analysis
    • Managing scope
    • Communicating
    • Managing changes

    Supporting Tools

    • Templates to standardize
    • Checklists
    • Software to automate the process

    Your requirements gathering process will vary based on the project level

    It’s important to determine the project levels up front, as each project level will have a specific degree of elicitation, analysis, and validation that will need to be completed. That being said, not all organizations will have four levels.

    Level 4

    • Very high risk and complexity.
    • Projects that result in a transformative change in the way you do business. Level 4 projects affect all lines of business, multiple technology areas, and have significant costs and/or risks.
    • Example: Implement ERP

    Level 3

    • High risk and complexity.
    • Projects that affect multiple lines of business and have significant costs and/or risks.
    • Example: Implement CRM

    Level 2

    • Medium risk and complexity.
    • Projects with broader exposure to the business that present a moderate level of risk to business operations.
    • Example: Deploy Office 365

    Level 1

    • Low risk and complexity.
    • Routine/straightforward projects with limited exposure to the business and low risk of negative business impact.
    • Example: SharePoint Update

    Use Info-Tech’s Project Level Selection Tool to classify your project level and complexity

    1.3 Project Level Selection Tool

    The Project Level Selection Tool will classify your projects into four levels, enabling you to evaluate the risk and complexity of a particular project and match it with an appropriate requirements gathering process.

    Project Level Input

    • Consider the weighting criteria for each question and make any needed adjustments to better reflect how your organization values each of the criterion.
    • Review the option levels 1-4 for each of the six questions, and make any modifications necessary to better suit your organization.
    • Review the points assigned to each of the four buckets for each of the six questions, and make any modifications needed.

    Project Level Selection

    • Use this tab to evaluate the project level of each new project.
    • To do so, answer each of the questions in the tool.

    Define project levels – Level 1/2/3/4

    1.2.3 – 1 hour

    Input
    • Project level assessment criteria
    Output
    • Identification of project levels
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs

    Define the project levels to determine the appropriate requirements gathering process for each.

    1. Begin by asking participants to review the six criteria for assessing project levels as identified in the Project Level Selection Tool. Have participants review the list and ensure agreement around the factors. Create a chart on the board using Level 1, Level 2, Level 3, and Level 4 as column headings.
    2. Create a row for each of the chosen factors. Begin by filling in the chart with criteria for a level 4 project: What constitutes a level 4 project according to these six factors?
    3. Repeat the exercise for Level 3, Level 2, and Level 1. When complete, you should have a chart that defines the four project levels at your organization.
    4. Input this information into the tool, and ask participants to review the weighting factors and point allocations and make modifications where necessary.
    5. Input the details from one of the projects participants had selected prior to the workshop beginning and determine its project level. Discuss whether this level is accurate, and make any changes needed.

    Document the output from this exercise in section 2.3 of the Requirements Gathering SOP and BA Playbook.

    Define project levels

    1.2.3 – 1 hour

    Category Level 4 Level 3 Level 2 Level 1
    Scope of Change Full system update Full system update Multiple modules Minor change
    Expected Duration 12 months + 6 months + 3-6 months 0-3 months
    Impact Enterprise-wide, globally dispersed Enterprise-wide Department-wide Low users/single division
    Budget $1,000,000+ $500,000-1,000,000 $100,000-500,000 $0-100,000
    Services Affected Mission critical, revenue impacting Mission critical, revenue impacting Pervasive but not mission critical Isolated, non-essential
    Confidentiality Yes Yes No No

    Define project levels

    1.2.3 – 1 hour

    The tool is comprised of six questions, each of which is linked to at least one type of project risk.

    Using the answers provided, the tool will calculate a level for each risk category. Overall project level is a weighted average of the individual risk levels, based on the importance weighting of each type of risk set by the project manager.

    This tool is an excerpt from Info-Tech’s exhaustive Project Level Assessment Tool.

    The image shows the Project Level Tool, with example data filled in.

    Build your initial requirements gathering business process models: create different models based on project complexity

    1.2.4 – 30 minutes

    Input
    • Current requirements gathering process flow
    Output
    • Requirements gathering business process model
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs

    Brainstorm the ideal target business process flows for your requirements gathering process (by project level).

    1. As a group, create a process flow on the whiteboard that covers the entire requirements gathering lifecycle, incorporating the feedback from exercise 1.2.1. Draw the process with input from the entire group.
    2. After the process flow is complete, compare it to the best practice process flow on the following slide. You may want to create different process flows based on project level (i.e. a process model for Level 1 and 2 requirements gathering, and a process model for how to collect requirements for Level 3 and 4). As you work through the blueprint, revisit and refine these models – this is the initial brainstorming!

    Document the output from this exercise in section 2.4 of the Requirements Gathering SOP and BA Playbook.

    Example: requirements gathering business process model

    An example of the requirements gathering business process model. The model depicts the various stages of the requirements gathering process.

    Develop your BA team to accelerate collecting, analyzing, and translating requirements

    Having an SOP is important, but it should be the basis for training the people who will actually execute the requirements gathering process. Your BA team is critical for requirements gathering – they need to know the SOPs in detail, and you need to have a plan for recruiting those with an excellent skill set.

    • The designated BA(s) for the project have responsibility for end-to-end requirements management – they are responsible for executing the SOPs outlined in this blueprint, including elicitation, analysis, and validation of requirements during the project.
    • Designated BAs must work collaboratively with their counterparts in the business and IT (e.g. developer teams or procurement professionals) to ensure that the approved requirements are met in a timely and cost-effective manner.

    The ideal candidates for requirements gathering are technically savvy analysts (but not necessarily computer science majors) from the business who are already fluent with the business’ language and cognizant of the day-to-day challenges that take place. Organizationally, these BAs should be in a group that bridges IT and the business (such as an RGCOE or PMO) and be specialists rather than generalists in the requirements management space.

    A BA resourcing strategy is included in the SOP. Customize it to suit your needs.

    "Make sure your people understand the business they are trying to provide the solution for as well if not better than the business folks themselves." – Ken Piddington, CIO, MRE Consulting

    Use Info-Tech’s Business Requirements Analyst job description template for sourcing the right talent

    1.4 Business Requirements Analyst

    If you don’t have a trained group of in-house BAs who can execute your requirements gathering process, consider sourcing the talent from internal candidates or calling for qualified applicants. Our Business Requirements Analyst job description template can help you quickly get the word out.

    • Sometimes, you will have a dedicated set of BAs, and sometimes you won’t. In the latter case, the template covers:
      • Job Title
      • Description of Role
      • Responsibilities
      • Target Job Skills
      • Target Job Qualifications
    • The template is primarily designed for external hiring, but can also be used to find qualified internal candidates.

    Info-Tech Deliverable
    Download the Business Requirements Analyst job description template.

    Standardizing process begins with establishing expectations

    CASE STUDY

    Industry Government

    Source Info-Tech Workshop

    Challenge

    A mid-sized US municipality was challenged with managing stakeholder expectations for projects, including the collection and analysis of business requirements.

    The lack of a consistent approach to requirements gathering was causing the IT department to lose credibility with department level executives, impacting the ability of the team to engage project stakeholders in defining project needs.

    Solution

    The City contracted Info-Tech to help build an SOP to govern and train all BAs on a consistent requirements gathering process.

    The teams first set about establishing a consistent approach to defining project levels, defining six questions to be asked for each project. This framework would be used to assess the complexity, risk, and scope of each project, thereby defining the appropriate level of rigor and documentation required for each initiative.

    Results

    Once the project levels were defined, the team established a formalized set of steps, tools, and artifacts to be created for each phase of the project. These tools helped the team present a consistent approach to each project to the stakeholders, helping improve credibility and engagement for eliciting requirements.

    The project level should set the level of control

    Choose a level of control that facilitates success without slowing progress.

    No control Right-sized control Over-engineered control
    Final deliverable may not satisfy business or user requirements. Control points and communication are set at appropriate stage-gates to allow for deliverables to be evaluated and assessed before proceeding to the next phase. Excessive controls can result in too much time spent on stage-gates and approvals, which creates delays in the schedule and causes milestones to be missed.

    Info-Tech Insight

    Throughout the requirements gathering process, you need checks and balances to ensure that the projects are going according to plan. Now that we know our stakeholder, elicitation, and prioritization processes, we will set up the control points for each project level.

    Plan your communication with stakeholders

    Determine how you want to receive and distribute messages to stakeholders.

    Communication Milestones Audience Artifact Final Goal
    Project Initiation Project Sponsor Project Charter Communicate Goals and Scope of Project
    Elicitation Scheduling Selected Stakeholders (SMEs, Power Users) Proposed Solution Schedule Elicitation Sessions
    Elicitation Follow-Up Selected Stakeholders Elicitation Notes Confirm Accuracy of Notes
    First Pass Validation Selected Stakeholders Consolidated Requirements Validate Aggregated Requirements
    Second Pass Validation Selected Stakeholders Prioritized Requirements Validate Requirements Priority
    Eliminated Requirements Affected Stakeholders Out of Scope Requirements Affected Stakeholders Understand Impact of Eliminated Requirements
    Solution Selection High Authority/Expertise Stakeholders Modeled Solutions Select Solution
    Selected Solution High Authority/Expertise Stakeholders and Project Sponsor Requirements Package Communicate Solution
    Requirements Sign-Off Project Sponsor Requirements Package Obtain Sign-Off

    Setting control points – approvals and sign-offs

    # – Control Point: A decision requiring specific approval or sign-off from defined stakeholders involved with the project. Control points result in accepted or rejected deliverables/documents.

    A – Plan Approval: This control point requires a review of the requirements gathering plan, stakeholders, and elicitation techniques.

    B – Requirements Validation: This control point requires a review of the requirements documentation that indicates project and product requirements.

    C – Prioritization Sign-Off: This requires sign-off from the business and/or user groups. This might be sign-off to approve a document, prioritization, or confirm that testing is complete.

    D – IT or Peer Sign-Off: This requires sign-off from IT to approve technical requirements or confirm that IT is ready to accept a change.

    Match control points to project level and identify these in your requirements business process models

    1.2.5 – 45 minutes

    Input
    • Activity 1.2.4 business process diagram
    Output
    • Identify control points
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • Business stakeholders
    • BAs

    Define all of the key control points, required documentation, and involved stakeholders.

    1. On the board, post the initial business process diagram built in exercise 1.2.4. Have participants suggest appropriate control points. Write the control point number on a sticky note and place it where the control point should be.
    2. Now that we have identified the control points, consider each control point and define who will be involved in each one, who provides the approval to move forward, the documentation required, and the overall goal.

    Document the output from this exercise in section 6.1 of the Requirements Gathering SOP and BA Playbook.

    A savvy BA should clarify and confirm project scope prior to embarking on requirements elicitation

    Before commencing requirements gathering, it’s critical that your practitioners have a clear understanding of the initial business case and rationale for the project that they’re supporting. This is vital for providing the business context that elicitation activities must be geared towards.

    • Prior to commencing the requirements gathering phase, the designated BA should obtain a clear statement of scope or initial project charter from the project sponsor. It’s also advisable for the BA to have an in-person meeting with the project sponsor(s) to understand the overarching strategic or tactical impetus for the project. This initial meeting should be less about eliciting requirements and more about understanding why the project is moving forward, and the business processes it seeks to enable or re-engineer (the target state).
    • During this meeting, the BA should seek to develop a clear understanding of the strategic rationale for why the project is being undertaken (the anticipated business benefits) and why it is being undertaken at this time. If the sponsor has any business process models they can share, this would be a good time to review them.

    During requirements gathering, BAs should steer clear of solutions and focus on capturing requirements. Focus on traceable, hierarchical, and testable requirements. Focusing on solution design means you are out of requirements mode.

    Identify constraints early and often, and ensure that they are adequately communicated to project sponsors and end users

    Constraints come in many forms (i.e. financial, regulatory, and technological). Identifying these constraints prior to entering requirements gathering enables you to remain alert; you can separate what is possible from what is impossible, and set stakeholder expectations accordingly.

    • Most organizations don’t inventory their constraints until after they’ve gathered requirements. This is dangerous, as clients may inadvertently signal to end users or stakeholders that an infeasible requirement is something they will pursue. As a result, stakeholders are disappointed when they don’t see it materialize.
    • Organizations need to put advanced effort into constraint identification and management. Too much time is wasted pursuing requirements that aren't feasible given existing internal (e.g. budgets and system) and external (e.g. legislative or regulatory) constraints.
    • Organizations need to manage diverse stakeholders for requirements analysis. Communication will not always be solely with internal teams, but also with suppliers, customers, vendors, and system integrators.

    Stakeholder management is a critical aspect of the BA’s role. Part of the BA’s responsibility is prioritizing solutions and demonstrating to stakeholders the level of effort required and the value attained.

    A graphic, with an arrow running down the left side, pointing downward, which is labelled Constraint Malleability. On the right side of the arrow are three rounded arrows, stacked. The top arrow is labelled Legal/Regulatory Constraints, the second is labelled System/Technical Constraints and the third is labelled Stakeholder Constraints

    Conduct initial brainstorming on the scope of a selected enterprise application project (real or a sample of your choice)

    1.2.6 – 30 minutes

    Input
    • Project details
    Output
    • Initial project scoping
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Begin the requirements gathering process by conducting some initial scoping on why we are doing the project, the goals, and the constraints.

    1. Share the project intake form/charter with each member of the group, and give them a few minutes to read over the project details.
    2. On the board write the project topic and three sub-topics:
      • Why does the business want this?
      • What do you want customers (end users) to be able to do?
      • What are the constraints?
    3. As a group, brainstorm answers to each of these questions and write them on the board.

    Example: Conduct initial brainstorming on the project

    Image shows an example for initial brainstorming on a project. The image shows the overall idea, Implement CRM, with question bubbles emerging out of it, and space left blank to brainstorm the answers to those questions.

    Identify stakeholders that must be consulted during the elicitation part of the process; get a good spectrum of subject matter experts (SMEs)

    Before you can dive into most elicitation techniques, you need to know who you’re going to speak with – not all stakeholders hold the same value.

    There are two broad categories of stakeholders:

    Customers: Those who ask for a system/project/change but do not necessarily use it. These are typically executive sponsors, project managers, or interested stakeholders. They are customers in the sense that they may provide the funding or budget for a project, and may have requests for features and functionality, but they won’t have to use it in their own workflows.

    Users: Those who may not ask for a system but must use it in their routine workflows. These are your end users, those who will actually interact with the system. Users don’t necessarily have to be people – they can also be other systems that will require inputs or outputs from the proposed solution. Understand their needs to best drive more granular functional requirements.

    "The people you need to make happy at the end of the day are the people who are going to help you identify and prioritize requirements." – Director of IT, Municipal Utilities Provider

    Need a hand with stakeholder identification? Leverage Info-Tech’s Stakeholder Planning Tool to catalog and prioritize the stakeholders your BAs will need to contact during the elicitation phase.

    Exercise: Identify and analyze stakeholders for the application project prior to beginning formal elicitation

    1.2.7 – 45 minutes

    Input
    • List of stakeholders
    Output
    • Stakeholder analysis
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs

    Practice the process for identifying and analyzing key stakeholders for requirements gathering.

    1. As a group, generate a complete list of the project stakeholders. Consider who is involved in the problem and who will be impacted by the solution, and record the names of these stakeholders/stakeholder groups on a sticky note. Categories include:
      1. Who is the project sponsor?
      2. Who are the user groups?
      3. Who are the project architects?
      4. Who are the specialty stakeholders (SMEs)?
      5. Who is your project team?
    2. Now that you’ve compiled a complete list, review each user group and indicate their level of influence against their level of involvement in the project to create a stakeholder power map by placing their sticky on a 2X2 grid.
    3. At the end of the day, record this list in the Requirements Gathering Communication Tracking Template.

    Use Info-Tech’s Requirements Gathering Communication Tracking Template

    1.5 Requirements Gathering Communication Tracking Template

    Use the Requirements Gathering Communication Tracking Template for structuring and managing ongoing communications among key requirements gathering implementation stakeholders.

    An illustration of the Stakeholder Power Map Template tab of the Requirements Gathering Communication Tracking Template

    Use the Stakeholder Power Map tab to:

    • Identify the stakeholder's name and role.
    • Identify their position on the power map using the drop-down menu.
    • Identify their level of support.
    • Identify resisters' reasons for resisting as: unwilling, unable, and/or unknowing.
    • Identify which committees they currently sit on, and which they will sit on in the future state.
    • Identify any key objections the stakeholder may have.

    Use the Communication Management Plan tab to:

    • Identify the vehicle/communication medium (status update, meeting, training, etc.).
    • Identify the audience for the communication.
    • Identify the purpose for communication.
    • Identify the frequency.
    • Identify who is responsible for the communication.
    • Identify how the communication will be distributed, and the level of detail.

    Right-size your investments in requirements management technology; sometimes the “suite spot” isn’t necessary

    Recording and analyzing requirements needs some kind of tool, but don’t overinvest in a dedicated suite if you can manage with a more inexpensive solution (such as Word, Excel, and/or Visio). Top-tier solutions may be necessary for an enterprise ERP deployment, but you can use a low-cost solution for low-level productivity application.

    • Many companies do things in the wrong order. Organizations need to right-size the approach that they take to recording and analyzing requirements. Taking the suite approach isn’t always better – often, inputting the requirements into Word or Excel will suffice. An RM suite won’t solve your problems by itself.
    • If you’re dealing with strategic approach or calculated approach projects, their complexity likely warrants a dedicated RM suite that can trace system dependencies. If you’re dealing with primarily elementary or fundamental approach projects, use a more basic tool.

    Your SOP guide should specify the technology platform that your analysts are expected to use for initial elicitation as well as analysis and validation. You don’t want them to use Word if you’ve invested in a full-out IBM RM solution.

    The graphic shows a pyramid shape next to an arrow, pointing up. The arrow is labelled Project Complexity. The pyramid includes three text boxes, reading (from top to bottom) Dedicated RM Suite; RM Module in PM Software; and Productivity APP (Word/Excel/Visio)

    If you need to opt for a dedicated suite, these vendors should be strong contenders in your consideration set

    Dedicated requirements management suites are a great (although pricey) way to have full control over recording, analysis, and hierarchical categorization of requirements. Consider some of the major vendors in the space if Word, Excel, and Visio aren’t suitable for you.

    • Before you purchase a full-scale suite or module for requirements management, ensure that the following contenders have been evaluated for your requirements gathering technology strategy:
      • Micro Focus Requirements Management
      • IBM Requisite Pro
      • IBM Rational DOORS
      • Blueprint Requirements Management
      • Jama Software
      • Polarion Software (a Siemens Company)

    A mid-sized consulting company overhauls its requirement gathering software to better understand stakeholder needs

    CASE STUDY

    Industry Consulting

    Source Jama Software

    Challenge

    ArcherPoint is a leading Microsoft Partner responsible for providing business solutions to its clients. Its varied customer base now requires a more sophisticated requirements gathering software.

    Its process was centered around emailing Word documents, creating versions, and merging issues. ArcherPoint recognized the need to enhance effectiveness, efficiency, and accuracy of requirements gathering through a prescriptive set of elicitation procedures.

    Solution

    The IT department at ArcherPoint recognized that a strong requirements gathering process was essential to delivering value to stakeholders. It needed more scalable and flexible requirements gathering software to enhance requirements traceability. The company implemented SaaS solutions that included traceability and seamless integration features.

    These features reduced the incidences of repetition, allowed for tracing of requirements relationships, and ultimately led to an exhaustive understanding of stakeholders’ needs.

    Results

    Projects are now vetted upon an understanding of the business client’s needs with a thorough requirements gathering collection and analysis.

    A deeper understanding of the business needs also allows ArcherPoint to better understand the roles and responsibilities of stakeholders. This allows for the implementation of structures and policies which makes the requirements gathering process rigorous.

    There are different types of requirements that need to be gathered throughout the elicitation phase

    Business Requirements

    • Higher-level statements of the goals, objectives, or needs of the enterprise.
    • Describe the reasons why a project has been initiated, the objectives that the project will achieve, and the metrics that will be used to measure its success.
    • Business requirements focus on the needs of the organization as a whole, not stakeholders within it.
    • Business requirements provide the foundation on which all further requirements analysis is based:
      • Ultimately, any detailed requirements must map to business requirements. If not, what business need does the detailed requirement fulfill?

    Stakeholder Requirements

    • Statements of the needs of a particular stakeholder or class of stakeholders, and how that stakeholder will interact with a solution.
    • Stakeholder requirements serve as a bridge between business requirements and the various classes of solution requirements.
    • When eliciting stakeholder requirements, other types of detailed requirements may be identified. Record these for future use, but keep the focus on capturing the stakeholders’ needs over detailing solution requirements.

    Solution options or preferences are not requirements. Be sure to identify these quickly to avoid being forced into untimely discussions and sub-optimal solution decisions.

    Requirement types – a quick overview (continued)

    Solution Requirements: Describe the characteristics of a solution that meet business requirements and stakeholder requirements. They are frequently divided into sub-categories, particularly when the requirements describe a software solution:

    Functional Requirements

    • Describe the behavior and information that the solution will manage. They describe capabilities the system will be able to perform in terms of behaviors or operations, i.e. specific information technology application actions or responses.
    • Functional requirements are not detailed solution specifications; rather, they are the basis from which specifications will be developed.

    Non-Functional Requirements

    • Capture conditions that do not directly relate to the behavior or functionality of the solution, but rather describe environmental conditions under which the solution must remain effective or qualities that the systems must have. These can include requirements related to capacity, speed, security, availability, and the information architecture and presentation of the user interface.
    • Non-functional requirements often represent constraints on the ultimate solution. They tend to be less negotiable than functional requirements.
    • For IT solutions, technical requirements would fit in this category.
    Info-Tech Insight

    Remember that solution requirements are distinct from solution specifications; in time, specifications will be developed from the requirements. Don’t get ahead of the process.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.2.1 Conduct current and target state analysis

    An analyst will facilitate a discussion to assess the maturity of your requirements gathering process and identify any gaps in the current state.

    1.2.2 Establish requirements gathering performance metrics

    Speak to an analyst to discuss and determine key metrics for measuring the effectiveness of your requirements gathering processes.

    1.2.4 Identify your requirements gathering business process model

    An analyst will facilitate a discussion to determine the ideal target business process flow for your requirements gathering.

    1.2.3; 1.2.5 Define control levels and match control points

    An analyst will assist you with determining the appropriate requirements gathering approach for different project levels. The discussion will highlight key control points and define stakeholders who will be involved in each one.

    1.2.6; 1.2.7 Conduct initial scoping and identify key stakeholders

    An analyst will facilitate a discussion to highlight the scope of the requirements gathering optimization project as well as identify and analyze key stakeholders in the process.

    Phase 2: Define the Elicitation Process

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Define the Elicitation Process

    Proposed Time to Completion: 2 weeks

    Step 2.1: Determine Elicitation Techniques

    Start with an analyst kick off call:

    • Understand and assess elicitation techniques.
    • Determine best fit to projects and business environment.

    Then complete these activities…

    • Understand different elicitation techniques.
    • Record the approved elicitation techniques.
    Step 2.2: Structure Elicitation Output

    Review findings with analyst:

    • Review options for structuring the output of requirements elicitation.
    • Build the requirements gathering operating model.

    Then complete these activities…

    • Build use case model.
    • Use table-top testing to build use case models.
    • Build the operating model.

    With these tools & templates:

    • Business Requirements Document Template
    • Scrum Documentation Template
    Phase 2 Results & Insights:
    • Best practices for conducting and structuring elicitation.

    Step 2.1: Determine Elicitation Techniques

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:

    • Understand requirements elicitation techniques.

    This step involves the following participants:

    • BAs
    • Business stakeholders

    Outcomes of this step

    • Select and record best-fit elicitation techniques.

    Eliciting requirements is all about effectively creating the initial shortlist of needs the business has for an application

    The image is the Requirements Gathering Framework, shown earlier. All parts of the framework are greyed-out, except for the arrow containing the word Elicit in the center of the image, with three bullet points beneath it that read: Prepare; Conduct; Confirm.

    The elicitation phase is where the BAs actually meet with project stakeholders and uncover the requirements for the application. Major tasks within this phase include stakeholder identification, selecting elicitation techniques, and conducting the elicitation sessions. This phase involves the most information gathering and therefore requires a significant amount of time to be done properly.

    Good requirements elicitation leverages a strong elicitation framework and executes the right elicitation techniques

    A mediocre requirements practitioner takes an order taker approach to elicitation: they elicit requirements by showing up to a meeting with the stakeholder and asking, “What do you want?” This approach frequently results in gaps in requirements, as most stakeholders cannot free-form spit out an accurate inventory of their needs.

    A strong requirements practitioner first decides on an elicitation framework – a mechanism to anchor the discussion about the business requirements. Info-Tech recommends using business process modelling (BPM) as the most effective framework. The BA can now work through several key questions:

    • What processes will this application need to support?
    • What does the current process look like?
    • How could we improve the process?
    • In a target state process map, what are the key functional requirements necessary to support this?

    The second key element to elicitation is using the right blend of elicitation techniques: the tactical approach used to actually collect the requirements. Interviews are the most popular means, but focus groups, JAD sessions, and observational techniques can often yield better results – faster. This section will touch on BPM/BPI as an elicitation framework, then do deep dive on different elicitation techniques.

    The elicitation phase of most enterprise application projects follows a similar four-step approach

    Prepare

    Stakeholders must be identified, and elicitation frameworks and techniques selected. Each technique requires different preparation. For example, brainstorming requires ground rules; focus groups require invitations, specific focus areas, and meeting rooms (perhaps even cameras). Look at each of these techniques and discuss how you would prepare.

    Conduct

    A good elicitor has the following underlying competencies: analytical thinking, problem solving, behavioral characteristics, business knowledge, communication skills, interaction skills, and proficiency in BA tools. In both group and individual elicitation techniques, interpersonal proficiency and strong facilitation is a must. A good BA has an intuitive sense of how to manage the flow of conversations, keep them results-oriented, and prevent stakeholder tangents or gripe sessions.

    Document

    How you document will depend on the technique you use. For example, recording and transcribing a focus group is probably a good idea, but you still need to analyze the results and determine the actual requirements. Use cases demand a software tool – without one, they become cumbersome and unwieldy. Consider how you would document the results before you choose the technique. Some analysts prefer to use solutions like OneNote or Evernote for capturing the raw initial notes, others prefer pen and paper: it’s what works best for the BA at hand.

    Confirm

    Review the documentation with your stakeholder and confirm the understanding of each requirement via active listening skills. Revise requirements as necessary. Circulating the initial notes of a requirements interview or focus group is a great practice to get into – it ensures jargon and acronyms are correctly captured, and that nothing has been lost in the initial translation.

    BPM is an extremely useful framework for framing your requirements elicitation discussions

    What is BPM? (Source: BPMInstitute.org)

    BPMs can take multiple forms, but they are created as visual process flows that depict a series of events. They can be customized at the discretion of the requirements gathering team (swim lanes, legends, etc.) based on the level of detail needed from the input.

    When to use them?

    BPMs can be used as the basis for further process improvement or re-engineering efforts for IT and applications projects. When the requirements gathering process owner needs to validate whether or not a specific step involved in the process is necessary, BPM provides the necessary breakdown.

    What’s the benefit?

    Different individuals absorb information in a variety of ways. Visual representations of a process or set of steps tend to be well received by a large sub-set of individuals, making BPMs an effective analysis technique.

    This related Info-Tech blueprint provides an extremely thorough overview of how to leverage BPM and process improvement approaches.

    Use a SIPOC table to assist with zooming into a step in a BPM to help define requirements

    Build a Sales Report
    • Salesforce
    • Daily sales results
    • Sales by product
    • Sales by account rep
    • Receive customer orders
    • Process invoices
    • GL roll-up
    • Sales by region
    • Sales by rep
    • Director of Sales
    • CEO
    • Report is accurate
    • Report is timely
    • Balance to GL
    • Automated email notification

    Source: iSixSigma

    Example: Extract requirements from a BPM for a customer service solution

    Look at an example for a claims process, and focus on the Record Claim task (event).

    Task Input Output Risks Opportunities Condition Sample Requirements
    Record Claim Customer Email Case Record
    • An agent accidentally misses the email and the case is not submitted.
    • The contents of the email are not properly ported over into the case for the claim.
    • The claim is routed to the wrong recipient within the claims department.
    • There is translation risk when the claim is entered in another language from which it is received.
    • Reduce the time to populate a customer’s claim information into the case.
    • Automate the data capture and routing.
    • Pre-population of the case with the email contents.
    • Suggested routing based on the nature of the case.
    • Multi-language support.

    Business:

    • The system requires email-to-case functionality.

    Non-Functional:

    • The cases must be supported in multiple languages.
    • Case management requires Outlook integration.

    Functional:

    • The case must support the following information:
    • Title; Customer; Subject; Case Origin; Case Type; Owner; Status; Priority
    • The system must pre-populate the claims agent based on the nature of the case.

    The image is an excerpt from a table, with the title Claims Process at the top. The top row is labelled Customer Service, and includes a textbox that reads Record Claim. The bottom row is labelled Claims, and includes a textbox that reads Manage Claim. A downward-pointing arrow connects the two textboxes.

    Identify the preferred elicitation techniques in your requirements gathering SOP: outline order of operations

    Conducting elicitation typically takes the greatest part of the requirements management process. During elicitation, the designated BA(s) should be reviewing documentation, and conducting individual and group sessions with key stakeholders.

    • When eliciting requirements, it’s critical that your designated BAs use multiple techniques; relying only on stakeholder interviews while neglecting to conduct focus groups and joint whiteboarding sessions will lead to trouble.
    • Avoid makeshift solutions by focusing on target state requirements, but don’t forget about the basic user needs. These can often be neglected because one party assumes that the other already knows about them.
    • The SOP guide should provide your BAs with a shortlist of recommended/mandated elicitation techniques based on business scenarios (examples in this section). Your SOP should also suggest the order in which BAs use the techniques for initial elicitation. Generally, document review comes first, followed by group, individual, and observational techniques.

    Elicitation is an iterative process – requirements should be refined in successive steps. If you need more information in the analysis phases, don’t be afraid to go back and conduct more elicitation.

    Understand different elicitation techniques

    2.1.1 – 1 hour

    Input
    • Elicitation techniques
    Output
    • Elicitation technique assessment
    Materials
    • Whiteboard
    • Markers
    • Paper
    Participants
    • BAs
    1. For this exercise, review the following elicitation techniques: observation, document review, surveys, focus groups, and interviews. Use the material in the next slides to brainstorm around the following questions:
      1. What types of information can the technique be used to collect?
      2. Why would you use this technique over others?
      3. How will you prepare to use the technique?
      4. How will you document the technique?
      5. Is this technique suitable for all projects?
      6. When wouldn’t you use it?
    2. Have each group present their findings from the brainstorming to the group.

    Document any changes to the elicitation techniques in section 4.0 of the Requirements Gathering SOP and BA Playbook.

    Understand different elicitation techniques – Interviews

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Structured One-on-One Interview In a structured one-on-one interview, the BA has a fixed list of questions to ask the stakeholder and follows up where necessary. Structured interviews provide the opportunity to quickly home in on areas of concern that were identified during process mapping or group elicitation techniques. They should be employed with purpose, i.e. to receive specific stakeholder feedback on proposed requirements or to help identify systemic constraints. Generally speaking, they should be 30 minutes or less. Low Medium
    Unstructured One-on-One Interview In an unstructured one-on-one interview, the BA allows the conversation to flow free form. The BA may have broad themes to touch on but does not run down a specific question list. Unstructured interviews are most useful for initial elicitation, when brainstorming a draft list of potential requirements is paramount. Unstructured interviews work best with senior stakeholders (sponsors or power users), since they can be time consuming if they’re applied to a large sample size. It’s important for BAs not to stifle open dialogue and allow the participants to speak openly. They should be 60 minutes or less. Medium Low
    Info-Tech Insight

    Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements, as well as allow effective communication around requirements at a later point (i.e. during the analysis and validation phases).

    Understand the diverse approaches for interviews

    Use a clear interview approach to guide the preparation, facilitation styles, participants, and interview schedules you manage for a specific project.

    Depending on your stakeholder audience and interview objectives, apply one or more of the following approaches to interviews.

    Interview Approaches

    • Unstructured
    • Semi-structured
    • Structured

    The Benefits of Interviews

    Fosters direct engagement

    IT is able to hear directly from stakeholders about what they are looking to do with a solution and the level of functionality that they expect from it.

    Offers greater detail

    With interviews, a greater degree of insight can be gained by leveraging information that wouldn’t be collected through traditional surveys. Face-to-face interactions provide thorough answers and context that helps inform requirements.

    Removes ambiguity

    Face-to-face interactions allow opportunities for follow-up around ambiguous answers. Clarify what stakeholders are looking for and expect in a project.

    Enables stakeholder management

    Interviews are a direct line of communication with a project stakeholder. They provide input and insight, and help to maintain alignment, plan next steps, and increase awareness within the IT organization.

    Select an interview structure based on project objectives and staff types

    Consider stakeholder types and characteristics, in conjunction with the best way to maximize time, when selecting which of the three interview structures to leverage during the elicitation phase of requirements gathering.

    Structured Interviews

    • Interviews conducted using this structure are modelled after the typical Q&A session.
    • The interviewer asks the participant a variety of closed-ended questions.
    • The participant’s response is limited to the scope of the question.

    Semi-Structured Interviews

    • The interviewer may prepare a guide, but it acts as more of an outline.
    • The goal of the interview is to foster and develop conversation.
    • Participants have the ability to answer questions on broad topics without compromising the initial guide.

    Unstructured Interviews

    • The interviewer may have a general interview guide filled with open-ended questions.
    • The objective of the questions is to promote discussion.
    • Participants may discuss broader themes and topics.

    Select the best interview approach

    Review the following questions to determine what interview structure you should utilize. If you answer the question with “Yes,” then follow the corresponding recommendations for the interview elements.

    Question Structure Type Facilitation Technique # of Participants
    Do you have to interview multiple participants at once because of time constraints? Semi-structured Discussion 1+
    Does the business or stakeholders want you to ask specific questions? Structured Q&A 1
    Have you already tried an unsuccessful survey to gather information? Semi-structured Discussion 1+
    Are you utilizing interviews to understand the area? Unstructured Discussion 1+
    Do you need to gather requirements for an immediate project? Structured Q&A 1+

    Decisions to make for interviews

    Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements and allow for effective communication around requirements during the analysis and validation stages.

    Who to engage?

    • Individuals with an understanding of the project scope, constraints and considerations, and high-level objectives.
    • Project stakeholders from across different functional units to solicit a varied set of requirement inputs.

    How to engage?

    • Approach selected interview candidate(s) with a verbal invitation to participate in the requirements gathering process for [Project X].
    • Take the initiative to book time in the candidate’s calendar. Include in your calendar invitation a description of the preparation required for the interview, the anticipated outputs, and a brief timeline agenda for the interview itself.

    How to drive participant engagement?

    • Use introductory interview questions to better familiarize yourself with the interviewee and to create an environment in which the individual feels welcome and at ease.
    • Once acclimatized, ensure that you hold the attention of the interviewee by providing further probing, yet applicable, interview questions.

    Manage each point of the interaction in the interview process

    Interviews generally follow the same workflow regardless of which structure you select. You must manage the process to ensure that the interview runs smoothly and results in an effective gathering requirements process.

    1. Prep Schedule
      • Recommended Actions
        • Send an email with a proposed date and time for the meeting.
        • Include an overview of what you will be discussing.
        • Mention if other people will be joining (if group interview).
    2. Meeting Opening
      • Recommended Actions
        • Provide context around the meeting’s purpose and primary focal points.
        • Let interviewee(s) know how long the interview will last.
        • Ask if they have any blockers that may cause the meeting to end early.
    3. Meeting Discussion
      • Recommended Actions
        • Ask questions and facilitate discussion in accordance with the structure you have selected.
        • Ensure that the meeting’s dialogue is being either recorded using written notes (if possible) or a voice recorder.
    4. Meeting Wrap-Up
      • Recommended Actions
        • Provide a summary of the big findings and what was agreed upon.
        • Outline next steps or anything else you will require from the participant.
        • Let the interviewee(s) know that you will follow up with interview notes, and will require feedback from them.
    5. Meeting Follow-Up
      • Recommended Actions
        • Send an overview of what was covered and agreed upon during the interview.
        • Show the mock-ups of your work based on the interview, and solicit feedback.
        • Give the interviewee(s) the opportunity to review your notes or recording and add value where needed.

    Solve the problem before it occurs with interview troubleshooting techniques

    The interview process may grind to a halt due to challenging situations. Below are common scenarios and corresponding troubleshooting techniques to get your interview back on track.

    Scenario Technique
    Quiet interviewee Begin all interviews by asking courteous and welcoming questions. This technique will warm the interviewee up and make them feel more comfortable. Ask prompting questions during periods of silence in the interview. Take note of the answers provided by the interviewee in your interview guide, along with observations and impact statements that occur throughout the duration of the interview process.
    Disgruntled interviewee Avoid creating a hostile environment by eliminating the interviewee’s perception that you are choosing to focus on issues that the interviewee feels will not be resolved. Ask questions to contextualize the issue. For example, ask why they feel a particular way about the issue, and determine whether they have valid concerns that you can resolve.
    Interviewee has issues articulating their answer Encourage the interviewee to use a whiteboard or pen and paper to kick start their thought process. Make sure you book a room with these resources readily available.

    Understand different elicitation techniques – Observation

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Casual Observation The process of observing stakeholders performing tasks where the stakeholders are unaware they are being observed. Capture true behavior through observation of stakeholders performing tasks without informing them they are being observed. This information can be valuable for mapping business process; however, it is difficult to isolate the core business activities from unnecessary actions. Low Medium
    Formal Observation The process of observing stakeholders performing tasks where the stakeholders are aware they are being observed. Formal observation allows BAs to isolate and study the core activities in a business process because the stakeholder is aware they are being observed. Stakeholders may become distrusting of the BA and modify their behavior if they feel their job responsibilities or job security are at risk Low Medium

    Info-Tech Insight

    Observing stakeholders does not uncover any information about the target state. Be sure to use contextual observation in conjunction with other techniques to discover the target state.

    Understand different elicitation techniques – Surveys

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Closed-Response Survey A survey that has fixed responses for each answer. A Likert-scale (or similar measures) can be used to have respondents evaluate and prioritize possible requirements. Closed response surveys can be sent to large groups and used to quickly gauge user interest in different functional areas. They are easy for users to fill out and don’t require a high investment of time. However, their main deficit is that they are likely to miss novel requirements not listed. As such, closed response surveys are best used after initial elicitation or brainstorming to validate feature groups. Low Medium
    Open-Response Survey A survey that has open-ended response fields. Questions are fixed, but respondents are free to populate the field in their own words. Open-response surveys take longer to fill out than closed, but can garner deeper insights. Open-response surveys are a useful supplement (and occasionally replacement) for group elicitation techniques, like focus groups, when you need to receive an initial list of requirements from a broad cross-section of stakeholders. Their primary shortcoming is the analyst can’t immediately follow up on interesting points. However, they are particularly useful for reaching stakeholders who are unavailable for individual one-on-ones or group meetings. Low Medium

    Info-Tech Insight

    Surveys can be useful mechanisms for initial drafting of raw requirements (open-response) and gauging user interest in proposed requirements or feature sets (closed-response). However, they should not be the sole focus of your elicitation program due to lack of interactivity and two-way dialogue with the BA.

    Be aware: Know the implications of leveraging surveys

    What are surveys?

    Surveys take a sample population’s written responses for data collection. Survey respondents can identify themselves or choose to remain anonymous. Anonymity removes the fear of repercussions for giving critical responses to sensitive topics.

    Who needs to be involved?

    Participants of a survey include the survey writer, respondent(s), and results compiler. There is a moderate amount of work that comes from both the writer and compiler, with little work involved on the end of the respondent.

    What are the benefits?

    The main benefit of surveys is their ability to reach large population groups and segments without requiring personal interaction, thus saving money. Surveys are also very responsive and can be created and modified rapidly to address needs as they arise on an on-going basis.

    When is it best to employ a survey method?

    Surveys are most valuable when completed early in the requirements gathering stage.

    Intake and Scoping → Requirements Gathering → Solution Design → Development/ Procurement → Implementation/ Deployment

    When a project is announced, develop surveys to gauge what users consider must-have, should-have, and could-have requirements.

    Use surveys to profile the demand for specific requirements.

    It is often difficult to determine if requirements are must haves or should haves. Surveys are a strong method to assist in narrowing down a wide range of requirements.

    • If all survey respondents list the same requirement, then that requirement is a must have.
    • If no participants mention a requirement, then that requirement is not likely to be important to project success.
    • If the results are scattered, it could be that the organization is unsure of what is needed.

    Are surveys worth the time and effort? Most of the time.

    Surveys can generate insights. However, there are potential barriers:

    • Well-constructed surveys are difficult to make – asking the right questions without being too long.
    • Participants may not take surveys seriously, giving non-truthful or half-hearted answers.

    Surveys should only be done if the above barriers can easily be overcome.

    Scenario: Survey used to gather potential requirements

    Scenario

    There is an unclear picture of the business needs and functional requirements for a solution.

    Survey Approach

    Use open-ended questions to allow respondents to propose requirements they see as necessary.

    Sample questions

    • What do you believe _______ (project) should include to be successful?
    • How can _______ (project) be best made for you?
    • What do you like/dislike about ________ (process that the project will address)?

    What to do with your results

    Take a step back

    If you are using surveys to elicit a large number of requirements, there is probably a lack of clear scope and vision. Focus on scope clarification. Joint development sessions are a great technique for defining your scope with SMEs.

    Moving ahead

    • Create additional surveys. Additional surveys can help narrow down the large list of requirements. This process can be reiterated until there is a manageable number of requirements.
    • Move onto interviews. Speak directly with the users to get a grasp of the importance of the requirements taken from surveys.

    Employ survey design best practices

    Proper survey design determines how valuable the responses will be. Review survey principles released by the University of Wisconsin-Madison.

    Provide context

    Include enough detail to contextualize questions to the employee’s job duties.

    Where necessary:

    • Include conditions
    • Timeline considerations
    • Additional pertinent details

    Give clear instructions

    When introducing a question identify if it should be answered by giving one answer, multiple answers, or a ranking of answers.

    Avoid IT jargon

    Ensure the survey’s language is easily understood.

    When surveying colleagues from the business use their own terms, not IT’s.

    E.g. laptops vs. hardware

    Saying “laptops” is more detailed and is a universal term.

    Use ranges

    Recommended:

    In a month your Outlook fails:

    • 1-3 times
    • 4-7 times
    • 7+ times

    Not Recommended:

    Your Outlook fails:

    • Almost never
    • Infrequently
    • Frequently
    • Almost always

    Keep surveys short

    Improve responses and maintain stakeholder interest by only including relevant questions that have corresponding actions.

    Recommended: Keep surveys to ten or less prompts.

    Scenario: Survey used to narrow down requirements

    Scenario

    There is a large list of requirements and the business is unsure of which ones to further pursue.

    Survey Approach

    Use closed-ended questions to give degrees of importance and rank requirements.

    Sample questions

    • How often do you need _____ (requirement)?
      • 1-3 times a week; 4-6 times a week; 7+ times a week
    • Given the five listed requirements below, rank each requirement in order of importance, with 1 being the most important and 5 being the least important.
    • On a scale from 1-5, how important is ________ (requirement)?
      • 1 – Not important at all; 2 – Would provide minimal benefit; 3 – Would be nice to have; 4 – Would provide substantial benefit; 5 – Crucial to success

    What to do with your results

    Determine which requirements to further explore

    Avoid simply aggregating average importance and using the highest average as the number-one priority. Group the highest average importance requirements to be further explored with other elicitation techniques.

    Moving ahead

    The group of highly important requirements needs to be further explored during interviews, joint development sessions, and rapid development sessions.

    Scenario: Survey used to discover crucial hidden requirements

    Scenario

    The business wanted a closer look into a specific process to determine if the project could be improved to better address process issues.

    Survey Approach

    Use open-ended questions to allow employees to articulate very specific details of a process.

    Sample questions

    • While doing ________ (process/activity), what part is the most frustrating to accomplish? Why?
    • Is there any part of ________ (process/activity) that you feel does not add value? Why?
    • How would you improve _________ (process/activity)?

    What to do with your results

    Set up prototyping

    Prototype a portion with the new requirement to see if it meets the user’s needs. Joint application development and rapid development sessions pair developers and users together to collaboratively build a solution.

    Next steps

    • Use interviews to begin solution mapping. Speak to SMEs and the users that the requirement would affect. Understand how to properly incorporate the discovered requirement(s) into the solution.
    • Create user stories. User stories allow developers to step into the shoes of the users. Document the user’s requirement desires and their reason for wanting it. Give those user stories to the developers.

    Explore mediums for survey delivery

    Online

    Free online surveys offer quick survey templates but may lack customization. Paid options include customizable features. Studies show that most participants find web-based surveys more appealing, as web surveys tend to have a higher rate of completion.

    Potential Services (Not a comprehensive list)

    SurveyMonkey – free and paid options

    Good Forms – free options

    Ideal for:

    • Low complexity surveys
    • High complexity surveys
    • Quick responses
    • Low cost (free survey options)

    Paper

    Paper surveys offer complete customizability. However, paper surveys take longer to distribute and record, and are also more expensive to administer.

    Ideal for:

    • Low complexity surveys
    • High complexity surveys
    • Quick responses
    • Low cost

    Internally-developed

    Internally-developed surveys can be distributed via the intranet or email. Internal surveys offer the most customization. Cost is the creator’s time, but cost can be saved on distribution versus paper and paid online surveys.

    Ideal for:

    • Low complexity surveys
    • High complexity surveys
    • Quick responses
    • Low cost (if created quickly)

    Understand different elicitation techniques – Focus Groups

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Focus Group Focus groups are sessions held between a small group (typically ten individuals or less) and an experienced facilitator who leads the conversation in a productive direction. Focus groups are highly effective for initial requirements brainstorming. The best practice is to structure them in a cross-functional manner to ensure multiple viewpoints are represented, and the conversation doesn’t become dominated by one particular individual. Facilitators must be wary of groupthink in these meetings (i.e. the tendency to converge on a single POV). Medium Medium
    Workshop Workshops are larger sessions (typically ten people or more) that are led by a facilitator, and are dependent on targeted exercises. Workshops may be occasionally decomposed into smaller group sessions. Workshops are highly versatile: they can be used for initial brainstorming, requirement prioritization, constraint identification, and business process mapping. Typically, the facilitator will use exercises or activities (such as whiteboarding, sticky note prioritization, role-playing, etc.) to get participants to share and evaluate sets of requirements. The main downside to workshops is a high time commitment from both stakeholders and the BA. Medium High

    Info-Tech Insight

    Group elicitation techniques are most useful for gathering a wide spectrum of requirements from a broad group of stakeholders. Individual or observational techniques are typically needed for further follow-up and in-depth analysis with critical power users or sponsors.

    Conduct focus groups and workshops

    There are two specific types of group interviews that can be utilized to elicit requirements: focus groups and workshops. Understand each type’s strengths and weaknesses to determine which is better to use in certain situations.

    Focus Groups Workshops
    Description
    • Small groups are encouraged to speak openly about topics with guidance from a facilitator.
    • Larger groups are led by a facilitator to complete target exercises that promote hands-on learning.
    Strengths
    • Highly effective for initial requirements brainstorming.
    • Insights can be explored in depth.
    • Any part of the requirements gathering process can be done in a workshop.
    • Use of activities can increase the learning beyond simple discussions.
    Weaknesses
    • Loudest voice in the room can induce groupthink.
    • Discussion can easily veer off topic.
    • Extremely difficult to bring together such a large group for extended periods of time.
    Facilitation Guidance
    • Make sure the group is structured in a cross-functional manner to ensure multiple viewpoints are represented.
    • If the group is too large, break the members into smaller groups. Try putting together members who would not usually interact.

    Solution mapping and joint review sessions should be used for high-touch, high-rigor BPM-centric projects

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Solution Mapping Session A one-on-one session to outline business processes. BPM methods are used to write possible target states for the solution on a whiteboard and to engineer requirements based on steps in the model. Solution mapping should be done with technically savvy stakeholders with a firm understanding of BPM methodologies and nomenclature. Generally, this type of elicitation method should be done with stakeholders who participated in tier one elicitation techniques who can assist with reverse-engineering business models into requirement lists. Medium Medium
    Joint Requirements Review Session This elicitation method is sometimes used as a last step prior to moving to formal requirements analysis. During the review session, the rough list of requirements is vetted and confirmed with stakeholders. A one-on-one (or small group) requirements review session gives your BAs the opportunity to ensure that what was recorded/transcribed during previous one-on-ones (or group elicitation sessions) is materially accurate and representative of the intent of the stakeholder. This elicitation step allows you to do a preliminary clean up of the requirements list before entering the formal analysis phase. Low Low

    Info-Tech Insight

    Solution mapping and joint requirements review sessions are more advanced elicitation techniques that should be employed after preliminary techniques have been utilized. They should be reserved for technically sophisticated, high-value stakeholders.

    Interactive whiteboarding and joint development sessions should be leveraged for high-rigor BPM-based projects

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Interactive White- boarding A group session where either a) requirements are converted to BPM diagrams and process flows, or b) these flows are reverse engineered to distil requirement sets. While the focus of workshops and focus groups is more on direct requirements elicitation, interactive whiteboarding sessions are used to assist with creating initial solution maps (or reverse engineering proposed solutions into requirements). By bringing stakeholders into the process, the BA benefits from a greater depth of experience and access to SMEs. Medium Medium
    Joint Application Development (JAD) JAD sessions pair end-user teams together with developers (and BA facilitators) to collect requirements and begin mapping and developing prototypes directly on the spot. JAD sessions fit well with organizations that use Agile processes. They are particularly useful when the overall project scope is ambiguous; they can be used for project scoping, requirements definition, and initial prototyping. JAD techniques are heavily dependent on having SMEs in the room – they should preference knowledge power users over the “rank and file.” High High

    Info-Tech Insight

    Interactive whiteboarding should be heavily BPM-centric, creating models that link requirements to specific workflow activities. Joint development sessions are time-consuming but create greater cohesion and understanding between BAs, developers, and SMEs.

    Rapid application development sessions add some Agile aspects to requirements elicitation

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Rapid Application Development A form of prototyping, RAD sessions are akin to joint development sessions but with greater emphasis on back-and-forth mock-ups of the proposed solution. RAD sessions are highly iterative – requirements are gathered in sessions, developers create prototypes offline, and the results are validated by stakeholders in the next meeting. This approach should only be employed in highly Agile-centric environments. High High

    For more information specific to using the Agile development methodology, refer to the project blueprint Implement Agile Practices That Work.

    The role of the BA differs with an Agile approach to requirements gathering. A traditional BA is a subset of the Agile BA, who typically serves as product owner. Agile BAs have elevated responsibilities that include bridging communication between stakeholders and developers, prioritizing and detailing the requirements, and testing solutions.

    Overview of JAD and RDS techniques (Part 1)

    Use the following slides to gain a thorough understanding of both JAD and rapid development sessions (RDS) to decide which fits your project best.

    Joint Application Development Rapid Development Sessions
    Description JAD pairs end users and developers with a facilitator to collect requirements and begin solution mapping to create an initial prototype. RDS is an advanced approach to JAD. After an initial meeting, prototypes are developed and validated by stakeholders. Improvements are suggested by stakeholders and another prototype is created. This process is iterated until a complete solution is created.
    Who is involved? End users, SMEs, developers, and a facilitator (you).
    Who should use this technique? JAD is best employed in an Agile organization. Agile organizations can take advantage of the high amount of collaboration involved. RDS requires a more Agile organization that can effectively and efficiently handle impromptu meetings to improve iterations.
    Time/effort versus value JAD is a time/effort-intensive activity, requiring different parties at the same time. However, the value is well worth it. JAD provides clarity for the project’s scope, justifies the requirements gathered, and could result in an initial prototype. RDS is even more time/effort intensive than JAD. While it is more resource intensive, the reward is a more quickly developed full solution that is more customized with fewer bugs.

    Overview of JAD and RDS techniques (Part 2)

    Joint Application Development

    Timeline

    Projects that use JAD should not expect dramatically quicker solution development. JAD is a thorough look at the elicitation process to make sure that the right requirements are found for the final solution’s needs. If done well, JAD eliminates rework.

    Engagement

    Employees vary in their project engagement. Certain employees leverage JAD because they care about the solution. Others are asked for their expertise (SMEs) or because they perform the process often and understand it well.

    Implications

    JAD’s thorough process guarantees that requirements gathering is done well.

    • All requirements map back to the scope.
    • SMEs are consulted throughout the duration of the process.
    • Prototyping is only done after final solution mapping is complete.

    Rapid Development Sessions

    Timeline

    Projects that use RDS can either expect quicker or slower requirements gathering depending on the quality of iteration. If each iteration solves a requirement issue, then one can expect that the solution will be developed fairly rapidly. If the iterations fail to meet requirements the process will be quite lengthy.

    Engagement

    Employees doing RDS are typically very engaged in the project and play a large role in helping to create the solution.

    Implications

    RDS success is tied to the organization’s ability to collaborate. Strong collaboration will lead to:

    • Fewer bugs as they are eliminated in each iteration.
    • A solution that is highly customized to meet the user’s needs.

    Poor collaboration will lead to RDS losing its full value.

    When is it best to use JAD?

    JAD is best employed in an Agile organization for application development and selection. This technique best serves relatively complicated, large-scale projects that require rapid or sequential iterations on a prototype or solution as a part of requirements gathering elicitation. JAD effectuates each step in the elicitation process well, from initial elicitation to narrowing down requirements.

    When tackling a project type you’ve never attempted

    Most requirement gathering professionals will use their experience with project type standards to establish key requirements. Avoid only relying on standards when tackling a new project type. Apply JAD’s structured approach to a new project type to be thorough during the elicitation phase.

    In tandem with other elicitation techniques

    While JAD is an overarching requirements elicitation technique, it should not be the only one used. Combine the strengths of other elicitation techniques for the best results.

    When is it best to use RDS?

    RDS is best utilized when one, but preferably both, of the below criteria is met.

    When the scope of the project is small to medium sized

    RDS’ strengths lie in being able to tailor-make certain aspects of the solution. If the solution is too large, tailor-made sections are impossible as multiple user groups have different needs or there is insufficient resources. When a project is small to medium sized, developers can take the time to custom make sections for a specific user group.

    When most development resources are readily available

    RDS requires developers spending a large amount of time with users, leaving less time for development. Having developers at the ready to take on users’ improvement maintains the effectiveness of RDS. If the same developer who speaks to users develops the entire iteration, the process would be slowed down dramatically, losing effectiveness.

    Techniques to compliment JAD/RDS

    1. Unstructured conversations

    JAD relies on unstructured conversations to clarify scope, gain insights, and discuss prototyping. However, a structure must exist to guarantee that all topics are discussed and meetings are not wasted.

    2. Solution mapping and interactive white-boarding

    JAD often involves visually illustrating how high-level concepts connect as well as prototypes. Use solution mapping and interactive whiteboarding to help users and participants better understand the solution.

    3. Focus groups

    Having a group development session provides all the benefits of focus groups while reducing time spent in the typically time-intensive JAD process.

    Plan how you will execute JAD

    Before the meeting

    1. Prepare for the meeting

    Email all parties a meeting overview of topics that will be discussed.

    During the meeting

    2. Discussion

    • Facilitate the conversation according to what is needed (e.g. skip scope clarification if it is already well defined).
    • Leverage solution mapping and other visual aids to appeal to all users.
    • Confirm with SMEs that requirements will meet the users’ needs.
    • Discuss initial prototyping.

    After the meeting

    3. Wrap-up

    • Provide a key findings summary and set of agreements.
    • Outline next steps for all parties.

    4. Follow-up

    • Send the mock-up of any agreed upon prototype(s).
    • Schedule future meetings to continue prototyping.

    JAD provides a detail-oriented view into the elicitation process. As a facilitator, take detailed notes to maximize the outputs of JAD.

    Plan how you will execute RDS

    Before the meeting

    1. Prepare for the meeting

    • Email all parties a meeting overview.
    • Ask employees and developers to bring their vision of the solution, regardless of its level of detail.

    During the meeting

    2. Hold the discussion

    • Facilitate the conversation according to what is needed (e.g. skip scope clarification if already well defined).
    • Have both parties explain their visions for the solution.
    • Talk about initial prototype and current iteration.

    After the meeting

    3. Wrap-up

    • Provide a key findings summary and agreements.
    • Outline next steps for all parties.

    4. Follow-up

    • Send the mock-up of any agreed upon prototype(s).
    • Schedule future meeting to continue prototyping.

    RDS is best done in quick succession. Keep in constant contact with both employees and developers to maintain positive momentum from a successful iteration improvement.

    Develop a tailored facilitation guide for JAD and RDS

    JAD/RDS are both collaborative activities, and as with all group activities, issues are bound to arise. Be proactive and resolve issues using the following guidelines.

    Scenario Technique
    Employee and developer visions for the solution don’t match up Focus on what both solutions have in common first to dissolve any tension. Next, understand the reason why both parties have differences. Was it a difference in assumptions? Difference in what is a requirement? Once the answer has been determined, work on bridging the gaps. If there is no resolution, appoint a credible authority (or yourself) to become the final decision maker.
    Employee has difficulty understanding the technical aspect of the developer’s solution Translate the developer’s technical terms into a language that the employee understands. Encourage the employee to ask questions to further their understanding.
    Employee was told that their requirement or proposed solution is not feasible Have a high-level member of the development team explain how the requirement/solution is not feasible. If it’s possible, tell the employee that the requirement can be done in a future release and keep them updated.

    Harvest documentation from past projects to uncover reusable requirements

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Legacy System Manuals The process of reviewing documentation and manuals associated with legacy systems to identify constraints and exact requirements for reuse. Reviewing legacy systems and accompanying documentation is an excellent way to gain a preliminary understanding of the requirements for the upcoming application. Be careful not to overly rely on requirements from legacy systems; if legacy systems have a feature set up one way, this does not mean it should be set up the same way on the upcoming application. If an upcoming application must interact with other systems, it is ideal to understand the integration points early. None High
    Historical Projects The process of reviewing documentation from historical projects to extract reusable requirements. Previous project documentation can be a great source of information and historical lessons learned. Unfortunately, historical projects may not be well documented. Historical mining can save a great deal of time; however, the fact that it was done historically does not mean that it was done properly. None High

    Info-Tech Insight

    Document mining is a laborious process, and as the term “mining” suggests the yield will vary. Regardless of the outcome, document mining must be performed and should be viewed as an investment in the requirements gathering process.

    Extract internal and external constraints from business rules, policies, and glossaries

    Technique Description Assessment and Best Practices Stakeholder Effort BA Effort
    Rules The process of extracting business logic from pre-existing business rules (e.g. explicit or implied workflows). Stakeholders may not be fully aware of all of the business rules or the underlying rationale for the rules. Unfortunately, business rule documents can be lengthy and the number of rules relevant to the project will vary. None High
    Glossary The process of extracting terminology and definitions from glossaries. Terminology and definitions do not directly lead to the generation of requirements. However, reviewing glossaries will allow BAs to better understand domain SMEs and interpret their requirements. None High
    Policy The process of extracting business logic from business policy documents (e.g. security policy and acceptable use). Stakeholders may not be fully aware of the different policies or the underlying rationale for why they were created. Going directly to the source is an excellent way to identify constraints and requirements. Unfortunately, policies can be lengthy and the number of items relevant to the project will vary. None High

    Info-Tech Insight

    Document mining should be the first type of elicitation activity that is conducted because it allows the BA to become familiar with organizational terminology and processes. As a result, the stakeholder facing elicitation sessions will be more productive.

    Review the different types of formal documentation (Part 1)

    1. Glossary

    Extract terminology and definitions from glossaries. A glossary is an excellent source to understand the terminology that SMEs will use.

    2. Policy

    Pull business logic from policy documents (e.g. security policy and acceptable use). Policies generally have mandatory requirements for projects, such as standard compliance requirements.

    3. Rules

    Review and reuse business logic that comes from pre-existing rules (e.g. explicit or implied workflows). Like policies, rules often have mandatory requirements or at least will require significant change for something to no longer be a requirement.

    Review the different types of formal documentation (Part 2)

    4. Legacy System

    Review documents and manuals of legacy systems, and identify reusable constraints and requirements. Benefits include:

    • Gain a preliminary understanding of general organizational requirements.
    • Ease of solution integration with the legacy system if needed.

    Remember to not use all of the basic requirements of a legacy system. Always strive to find a better, more productive solution.

    5. Historical Projects

    Review documents from historical projects to extract reusable requirements. Lessons learned from the company’s previous projects are more applicable than case studies. While historical projects can be of great use, consider that previous projects may not be well documented.

    Drive business alignment as an output from documentation review

    Project managers frequently state that aligning projects to the business goals is a key objective of effective project management; however, it is rarely carried out throughout the project itself. This gap is often due to a lack of understanding around how to create true alignment between individual projects and the business needs.

    Use company-released statements and reports

    Extract business wants and needs from official statements and reports (e.g. press releases, yearly reports). Statements and reports outline where the organization wants to go which helps to unearth relevant project requirements.

    Ask yourself, does the project align to the business?

    Documented requirements should always align with the scope of the project and the business objectives. Refer back frequently to your set of gathered requirements to check if they are properly aligned and ensure the project is not veering away from the original scope and business objectives.

    Don’t just read for the sake of reading

    The largest problem with documentation review is that requirements gathering professionals do it for the sake of saying they did it. As a result, projects often go off course due to not aligning to business objectives following the review sessions.

    • When reading a document, take notes to avoid projects going over time and budget and business dissatisfaction. Document your notes and schedule time to review the set of complete notes with your team following the individual documentation review.

    Select elicitation techniques that match the elicitation scenario

    There is a time and place for each technique. Don’t become too reliant on the same ones. Diversify your approach based on the elicitation goal.

    A chart showing Elicitation Scenarios and Techniques, with each marked for their efficacy.

    This table shows the relative strengths and weaknesses of each elicitation technique compared against the five basic elicitation scenarios.

    A typical project will encounter most of the elicitation scenarios. Therefore, it is important to utilize a healthy mix of techniques to optimize effectiveness.

    Very Strong = Very Effective

    Strong = Effective

    Medium = Somewhat Effective

    Weak = Minimally Effective

    Very Weak = Not Effective

    Record the approved elicitation techniques that your BAs should use

    2.1.2 – 30 minutes

    Input
    • Approved elicitation techniques
    Output
    • Execution procedure
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders
    • BAs

    Record the approved elicitation methods and best practices for each technique in the SOP.

    Identify which techniques should be utilized with the different stakeholder classes.

    Segment the different techniques based by project complexity level.

    Use the following chart to record the approved techniques.

    Stakeholder L1 Projects L2 Projects L3 Projects L4 Projects
    Senior Management Structured Interviews
    Project Sponsor Unstructured Interviews
    SME (Business) Focus Groups Unstructured Interviews
    Functional Manager Focus Groups Structured Interviews
    End Users Surveys; Focus Groups; Follow-Up Interviews; Observational Techniques

    Document the output from this exercise in section 4.0 of the Requirements Gathering SOP and BA Playbook.

    Confirm initial elicitation notes with stakeholders

    Open lines of communication with stakeholders and keep them involved in the requirements gathering process; confirm the initial elicitation before proceeding.

    Confirming the notes from the elicitation session with stakeholders will result in three benefits:

    1. Simple miscommunications can compound and result in costly rework if they aren’t caught early. Providing stakeholders with a copy of notes from the elicitation session will eliminate issues before they manifest themselves in the project.
    2. Stakeholders often require an absorption period after elicitation sessions to reflect on the meeting. Following up with stakeholders gives them an opportunity to clarify, enhance, or change their responses.
    3. Stakeholders will become disinterested in the project (and potentially the finished application) if their involvement in the project ends after elicitation. Confirming the notes from elicitation keeps them involved in the process and transitions stakeholders into the analysis phase.

    This is the Confirm stage of the Confirm, Verify, Approve process.

    “Are these notes accurate and complete?”

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 Understand the different elicitation techniques

    An analyst will walk you through the different elicitation techniques including observations, document reviews, surveys, focus groups, and interviews, and highlight the level of effort required for each.

    2.1.2 Select and record the approved elicitation techniques

    An analyst will facilitate the discussion to determine which techniques should be utilized with the different stakeholder classes.

    Step 2.2: Structure Elicitation Output

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Build use-case models.
    • Practice using elicitation techniques with business stakeholders to build use-case models.
    • Practice leveraging user stories to convey requirements.
    This step involves the following participants:
    • BAs
    • Business stakeholders
    Outcomes of this step
    • Understand the value of use-case models for requirements gathering.
    • Practice different techniques for building use-case models with stakeholders.

    Record and capture requirements in solution-oriented formats

    Unstructured notes for each requirement are difficult to manage and create ambiguity. Using solution-oriented formats during elicitation sessions ensures that the content can be digested by IT and business users.

    This table shows common solution-oriented formats for recording requirements. Determine which formats the development team and BAs are comfortable using and create a list of acceptable formats to use in projects.

    Format Description Examples
    Behavior Diagrams These diagrams describe what must happen in the system. Business Process Models, Swim Lane Diagram, Use Case Diagram
    Interaction Diagrams These diagrams describe the flow and control of data within a system. Sequence Diagrams, Entity Diagrams
    Stories These text-based representations take the perspective of a user and describe the activities and benefits of a process. Scenarios, User Stories

    Info-Tech Insight

    Business process modeling is an excellent way to visually represent intricate processes for both IT and business users. For complex projects with high business significance, business process modeling is the best way to capture requirements and create transformational gains.

    Use cases give projects direction and guidance from the business perspective

    Use Case Creation Process

    Define Use Cases for Each Stakeholder

    • Each stakeholder may have different uses for the same solution. Identify all possible use cases attributed to the stakeholders.
    • All use cases are possible test case scenarios.

    Define Applications for Each Use Case

    • Applications are the engines behind the use cases. Defining the applications to satisfy use cases will pinpoint the areas where development or procurement is necessary.

    Consider the following guidelines:

    1. Don’t involve systems in the use cases. Use cases just identify the key end-user interaction points that the proposed solution is supposed to cover.
    2. Some use cases are dependent on other use cases or multiple stakeholders may be involved in a single use case. Depending on the availability of these use cases, they can either be all identified up front (Waterfall) or created at various iterations (Agile).
    3. Consider the enterprise architecture perspective. Existing enterprise architecture designs can provide a foundation of current requirement mappings and system structure. Reuse these resources to reduce efforts.
    4. Avoid developing use cases in isolation. Reusability is key in reducing designing efforts. By involving multiple departments, requirement clashes can be avoided and the likelihood of reusability increases.

    Develop practical use cases to help drive the development effort in the right direction

    Evaluating the practicality and likelihood of use cases is just as important as developing them.

    Use cases can conflict with each other. In certain situations, specific requirements of these use cases may clash with one another even though they are functionally sound. Evaluate use-case requirements and determine how they satisfy the overall business need.

    Use cases are not necessarily isolated; they can be nested. Certain functionalities are dependent on the results of another action, often in a hierarchical fashion. By mapping out the expected workflows, BAs can determine the most appropriate way to implement.

    Use cases can be functionally implemented in many ways. There could be multiple ways to accomplish the same use case. Each of these needs to be documented so that functional testing and user documentation can be based on them.

    Nested Use Case Examples:

    Log Into Account ← Depends on (Nested) Ordering Products Online
    Enter username and password Complete order form
    Verify user is a real person Process order
    Send user forgotten password message Check user’s account
    Send order confirmation to user

    Build a use-case model

    2.2.1 – 45 minutes

    Input
    • Sub processes
    Output
    • Use case model
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders
    • BAs
    Demonstrate how to use elicitation techniques to build use cases for the project.
    1. Identify a sub-process to build the use-case model. Begin the exercise by giving a brief description of the purpose of the meeting.
    2. For each stakeholder, draw a stick figure on the board. Pose the question “If you need to do X, what is your first step?” Go through the process until the end goal and draw each step. Ensure that you capture triggers, causes, decision points, outcomes, tools, and interactions.
    3. Starting at the beginning of the diagram, go through each step again and check with stakeholders if the step can be broken down into more granular steps.
    4. Ask the stakeholder if there are any alternative flows that people use, or any exceptions to process steps. If there are, map these out on the board.
    5. Go back through each step and ask the stakeholder where the current process is causing them grief, and where modification should be made.
    6. Record this information in the Business Requirements Document Template.

    Build a use-case model

    2.2.1

    Example: Generate Letters

    Inspector: Log into system → Search for case → Identify recipient → Determine letter type → Print letter

    Admin: Receive letter from inspector → Package and mail letter

    Citizen: Receive letter from inspector

    Understand user stories and profiles

    What are they?

    User stories describe what requirement a user wants in the solution and why they want it. The end goal of a user story is to create a simple description of a requirement for developers.

    When to use them

    User stories should always be used in requirements gathering. User stories should be collected throughout the elicitation process. Try to recapture user stories as new project information is released to capture any changes in end-customer needs.

    What’s the benefit?

    User stories help capture target users, customers, and stakeholders. They also create a “face” for individual user requirements by providing user context. This detail enables IT leaders to associate goals and end objectives with each persona.

    Takeaway

    To better understand the characteristics driving user requirements, begin to map objectives to separate user personas that represent each of the project stakeholders.

    Are user stories worth the time and effort?

    Absolutely.

    A user’s wants and needs serve as a constant reminder to developers. Developers can use this information to focus on how a solution needs to accomplish a goal instead of only focusing on what goals need to be completed.

    Create customized user stories to guide or structure your elicitation output

    Instructions

    1. During surveys, interviews, and development sessions, ask participants the following questions:
      • What do you want from the solution?
      • Why do you want that?
    2. Separate the answer into an “I want to” and “So that” format.
      • For users who give multiple “I want to” and “So that” statements, separate them into their respective pairs.
    3. Place each story on a small card that can easily be given to developers.
    As a I want to So that Size Priority
    Developer Learn network and system constraints The churn between Operations and I will be reduced. 1 point Low

    Team member

    		Increase the number of demonstrations I can achieve greater alignment with business stakeholders. 3 points High
    Product owner Implement a user story prioritization technique I can delegate stories in my product backlog to multiple Agile teams. 3 points Medium

    How to make an effective and compelling user story

    Keep your user stories short and impactful to ensure that they retain their impact.

    Follow a simple formula:

    As a [stakeholder title], I want to [one requirement] so that [reason for wanting that requirement].

    Use this template for all user stories. Other formats will undermine the point of a user story. Multiple requirements from a single user must be made into multiple stories and given to the appropriate developer. User stories should fit onto a sticky note or small card.

    Example

    As an: I want to: So that:
    Administrator Integrate with Excel File transfer won’t possibly lose information
    X Administrator Integrate with Excel and Word File transfer won’t possibly lose information

    While the difference between the two may be small, it would still undermine the effectiveness of a user story. Different developers may work on the integration of Excel or Word and may not receive this user story.

    Assign user stories a size and priority level

    Designate a size to user stories

    Size is an estimate of how many resources must be dedicated to accomplish the want. Assign a size to each user story to help determine resource allocation.

    Assign business priority to user stories

    Based on how important the requirement is to project success, assign each user story a rating of high, medium, or low. The priority given will dictate which requirements are completed first.

    Example:

    Scope: Design software to simplify financial reporting

    User Story Estimated Size Priority
    As an administrator, I want to integrate with Excel so that file transfer won’t possibly lose information. Low High
    As an administrator, I want to simplify graph construction so that I can more easily display information for stakeholders. High Medium

    Combine both size and priority to decide resource allocation. Low-size, high-priority tasks should always be done first.

    Group similar user stories together to create greater impact

    Group user stories that have the same requirement

    When collecting user stories, many will be centered around the same requirement. Group similar user stories together to show the need for that requirement’s inclusion in the solution.

    Even if it isn’t a must-have requirement, if the number of similar user stories is high enough, it would become the most important should-have requirement.

    Group together user stories such as these:
    As an I want So that
    Administrator To be able to create bar graphs Information can be more easily illustrated
    Accountant To be able to make pie charts Budget information can be visually represented

    Both user stories are about creating charts and would be developed similarly.

    Leave these user stories separate
    As an I want So that
    Administrator The program to auto-save Information won’t be lost during power outages
    Accountant To be able to save to SharePoint My colleagues can easily view and edit my work

    While both stories are about saving documents, the development of each feature is vastly different.

    Create customized user profiles

    User profiles are a way of grouping users based on a significant shared details (e.g. in the finance department, website user).

    Go beyond the user profile

    When creating the profile, consider more than the group’s name. Ask yourself the following questions:

    • What level of knowledge and expertise does this user profile have with this type of software?
    • How much will this user profile interact with the solution?
    • What degree of dependency will this user profile have on the solution?

    For example, if a user profile has low expertise but interacts and depends heavily on the program, a more thorough tutorial of the FAQ section is needed.

    Profiles put developers in user’s shoes

    Grouping users together helps developers put a face to the name. Developers can then more easily empathize with users and develop an end solution that is directly catered to their needs.

    Leverage group activities to break down user-story sizing techniques

    Work in groups to run through the following story-sizing activities.

    Planning Poker: This approach uses the Delphi method where members estimate the size of each user story by revealing numbered cards. These estimates are then discussed and agreed upon as a group.

    • Planning poker generates discussion about variances in estimates but dominant personalities may lead to biased results or groupthink.

    Team Sort: This approach can assist in expediting estimation when you are handling numerous user stories.

    • Bucket your user stories into sizes (e.g. extra-small, small, medium, large, and extra-large) based on an acceptable benchmark that may change from project to project.
    • Collaborate as a team to conclude the final size.
    • Next, translate these sizes into points.

    The graphic shows the two activities described, Planning Poker and Team Sort. In the Planning Poker image, 3 sets of cards are shown, with the numbers 13, 5, and 1 on the top of each set. At the bottom of the image are 7 cards, labelled with: 1, 2, 3, 5, 8, 13, 21. In the Team Sort section, there is an arrow pointing in both directions, representing a spectrum from XS to XL. Each size is assigned a point value: XS is 1; S is 3; M is 5; L is 10; and XL is 20. Cards with User Story # written on them are arranged along the spectrum.

    Create a product backlog to communicate business needs to development teams

    Use the product backlog to capture expected work and create a roadmap for the project by showing what requirements need to be delivered.

    How is the product owner involved?

    • The product owner is responsible for keeping in close contact with the end customer and making the appropriate changes to the product backlog as new ideas, insights, and impediments arise.
    • The product owner should have good communication with the team to make accurate changes to the product backlog depending on technical difficulties and needs for clarification.

    How do I create a product backlog?

    • Write requirements in user stories. Use the format: “As a (user role), I want (function) so that (benefit).” Identify end users and understand their needs.
    • Assign each requirement a priority. Decide which requirements are the most important to deliver. Ask yourself, “Which user story will create the most value?”

    What are the approaches to generate my backlog?

    • Team Brainstorming – The product owner, team, and scrum master work together to write and prioritize user stories in a single or a series of meetings.
    • Business Case – The product owner translates business cases into user stories as per the definition of “development ready.”

    Epics and Themes

    As you begin to take on larger projects, it may be advantageous to organize and group your user stories to simplify your release plan:

    • Epics are collections of similar user stories and are used to describe significant and large development initiatives.
    • Themes are collections of similar epics and are normally used to define high-level business objectives.

    To avoid confusion, the pilot product backlog will be solely composed of user stories.

    Example:

    Theme: Increase user exposure to corporate services through mobile devices
    Epic: Access corporate services through a mobile application Epic: Access corporate services through mobile website
    User Story: As a user, I want to find the closest office so that I can minimize travel time As a user, I want to find the closest office so that I can minimize travel time User Story: As a user, I want to submit a complaint so that I can improve company processes

    Simulate product backlog creation

    Overview

    Leverage Info-Tech’s Scrum Documentation Template, using the Backlog and Planning tab, to help walk you through this activity.

    Instructions

    1. Have your product owner describe the business objectives of the pilot project.
    2. Write the key business requirements as user stories.
    3. Based on your business value drivers, identify the business value of your user stories (high, medium, low).
    4. Have your team review the user stories and question the story’s value, priority, goal, and meaning.
    5. Break down the user stories if the feature or business goal is unclear or too large.
    6. Document the perceived business value of each user story, as well as the priority, goal, and meaning.

    Examples:

    As a citizen, I want to know about road construction so that I can save time when driving. Business Value: High

    As a customer, I want to find the nearest government office so that I can register for benefits. Business Value: Medium

    As a voter, I want to know what each candidate believes in so that I can make an informed decision. Business Value: High

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.2.1 Build use-case models

    An analyst will assist in demonstrating how to use elicitation techniques to build use-case models. The analyst will walk you through the table testing to visually map out and design process flows for each use case.

    Phase 3: Analyze and Validate Requirements

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Analyze and Validate Requirements

    Proposed Time to Completion: 1 week
    Step 3.1: Create Analysis Framework

    Start with an analyst kick off call:

    • Create policies for requirements categorization and prioritization.

    Then complete these activities…

    • Create functional requirements categories.
    • Consolidate similar requirements and eliminate redundancies.
    • Prioritize requirements.

    With these tools & templates:

    • Requirements Gathering Documentation Tool
    Step 3.2: Validate Business Requirements

    Review findings with analyst:

    • Establish best practices for validating the BRD with project stakeholders.

    Then complete these activities…

    • Right-size the BRD.
    • Present the BRD to business stakeholders.
    • Translate business requirements into technical requirements.
    • Identify testing opportunities.

    With these tools & templates:

    • Business Requirements Document Template
    • Requirements Gathering Testing Checklist

    Phase 3 Results & Insights:

    • Standardized frameworks for analysis and validation of business requirements

    Step 3.1: Create Analysis Framework

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Categorize requirements.
    • Eliminate redundant requirements.
    This step involves the following participants:
    • BAs
    Outcomes of this step
    • Prioritized requirements list.

    Analyze requirements to de-duplicate them, consolidate them – and most importantly – prioritize them!

    he image is the Requirements Gathering Framework, shown earlier. All parts of the framework are greyed-out, except for the arrow containing the word Analyze in the center of the image, with three bullet points beneath it that read: Organize; Prioritize; Verify

    The analysis phase is where requirements are compiled, categorized, and prioritized to make managing large volumes easier. Many organizations prematurely celebrate being finished the elicitation phase and do not perform adequate diligence in this phase; however, the analysis phase is crucial for a smooth transition into validation and application development or procurement.

    Categorize requirements to identify and highlight requirement relationships and dependencies

    Eliciting requirements is an important step in the process, but turning endless pages of notes into something meaningful to all stakeholders is the major challenge.

    Begin the analysis phase by categorizing requirements to make locating, reconciling, and managing them much easier. There are often complex relationships and dependencies among requirements that do not get noted or emphasized to the development team and as a result get overlooked.

    Typically, requirements are classified as functional and non-functional at the high level. Functional requirements specify WHAT the system or component needs to do and non-functional requirements explain HOW the system must behave.

    Examples

    Functional Requirement: The application must produce a sales report at the end of the month.

    Non-Functional Requirement: The report must be available within one minute after midnight (EST) of the last day of the month. The report will be available for five years after the report is produced. All numbers in the report will be displayed to two decimal places.

    Categorize requirements to identify and highlight requirement relationships and dependencies

    Further sub-categorization of requirements is necessary to realize the full benefit of categorization. Proficient BAs will even work backwards from the categories to drive the elicitation sessions. The categories used will depend on the type of project, but for categorizing non-functional requirements, the Volere Requirements Resources has created an exhaustive list of sub-categories.

    Requirements Category Elements

    Example

    Look & Feel Appearance, Style

    User Experience

    Usability & Humanity Ease of Use, Personalization, Internationalization, Learning, Understandability, Accessibility Language Support
    Performance Speed, Latency, Safety, Precision, Reliability, Availability, Robustness, Capacity, Scalability, Longevity Bandwidth
    Operational & Environmental Expected Physical Environment, Interfacing With Adjacent Systems, Productization, Release Heating and Cooling
    Maintainability & Support Maintenance, Supportability, Adaptability Warranty SLAs

    Security

    		Access, Integrity, Privacy, Audit, Immunity Intrusion Prevention
    Cultural & Political Global Differentiation Different Statutory Holidays
    Legal Compliance, Standards Hosting Regulations

    What constitutes good requirements

    Complete – Expressed a whole idea or statement.

    Correct – Technically and legally possible.

    Clear – Unambiguous and not confusing.

    Verifiable – It can be determined that the system meets the requirement.

    Necessary – Should support one of the project goals.

    Feasible – Can be accomplished within cost and schedule.

    Prioritized – Tracked according to business need levels.

    Consistent – Not in conflict with other requirements.

    Traceable – Uniquely identified and tracked.

    Modular – Can be changed without excessive impact.

    Design-independent – Does not pose specific solutions on design.

    Create functional requirement categories

    3.1.1 – 1 hour

    Input
    • Activity 2.2.1
    Output
    • Requirements categories
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs
    Practice the techniques for categorizing requirements.
    1. Divide the list of requirements that were elicited for the identified sub-process in exercise 2.2.1 among smaller groups.
    2. Have groups write the requirements on red, yellow, or green sticky notes, depending on the stakeholder’s level of influence.
    3. Along the top of the whiteboard, write the eight requirements categories, and have each group place the sticky notes under the category where they believe they should fit.
    4. Once each group has posted the requirements, review the board and discuss any requirements that should be placed in another category.

    Document any changes to the requirements categories in section 5.1 of the Requirements Gathering SOP and BA Playbook.

    Create functional requirement categories

    The image depicts a whiteboard with different colored post-it notes grouped into the following categories: Look & Feel; Usability & Humanity; Legal; Maintainability & Support; Operational & Environmental; Security; Cultural & Political; and Performance.

    Consolidate similar requirements and eliminate redundancies

    Clean up requirements and make everyone’s life simpler!

    After elicitation, it is very common for an organization to end up with redundant, complementary, and conflicting requirements. Consolidation will make managing a large volume of requirements much easier.

    Redundant Requirements Owner Priority
    1. The application shall feed employee information into the payroll system. Payroll High
    2. The application shall feed employee information into the payroll system. HR Low
    Result The application shall feed employee information into the payroll system. Payroll & HR High
    Complementary Requirements Owner Priority
    1. The application shall export reports in XLS and PDF format. Marketing High
    2. The application shall export reports in CSV and PDF format. Finance High
    Result The application shall export reports in XLS, CSV, and PDF format. Marketing & Finance High

    Info-Tech Insight

    When collapsing redundant or complementary requirements, it is imperative that the ownership and priority metadata be preserved for future reference. Avoid consolidating complementary requirements with drastically different priority levels.

    Identify and eliminate conflict between requirements

    Conflicting requirements are unavoidable; identify and resolve them as early as possible to minimize rework and grief.

    Conflicting requirements occur when stakeholders have requirements that either partially or fully contradict one another, and as a result, it is not possible or practical to implement all of the requirements.

    Steps to Resolving Conflict:

    1. Notify the relevant stakeholders of the conflict and search for a basic solution or compromise.
    2. If the stakeholders remain in a deadlock, appoint a final decision maker.
    3. Schedule a meeting to resolve the conflict with the relevant stakeholders and the decision maker. If multiple conflicts exist between the same stakeholder groups, try to resolve as many as possible at once to save time and encourage reciprocation.
    4. Give all parties the opportunity to voice their rationale and objectively rate the priority of the requirement. Attempt to reach an agreement, consensus, or compromise.
    5. If the parties remain in a deadlock, encourage the final decision maker to weigh in. Their decision should be based on which party has the greater need for the requirement, the difficulty to implement the requirement, and which requirement better aligns with the project goals.

    Info-Tech Insight

    Resolve conflicts whenever possible during the elicitation phase by using cross-functional workshops to facilitate discussions that address and settle conflicts in the room.

    Consolidate similar requirements and eliminate redundancies

    3.1.2 – 30 minutes

    Input
    • Activity 3.1.1
    Output
    • Requirements categories
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs

    Review the outputs from the last exercise and ensure that the list is mutually exclusive by consolidating similar requirements and eliminating redundancies.

    1. Looking at each category in turn, review the sticky notes and group similar, complementary, and conflicting notes together. Put a red dot on any conflicting requirements to be used in a later exercise.
    2. Have the group start by eliminating the redundant requirements.
    3. Have the group look at the complementary requirements, and consolidate each into a single requirement. Discard originals.
    4. Record this information in the Requirements Gathering Documentation Tool.

    Prioritize requirements to assist with solution modeling

    Prioritization is the process of ranking each requirement based on its importance to project success. Hold a separate meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure efforts are targeted towards the proper requirements as well as to plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.

    The MoSCoW Model of Prioritization

    The image shows the MoSCoW Model of Prioritization, which is shaped like a pyramid. The sections, from top to bottom (becoming incrementally larger) are: Must Have; Should Have; Could Have; and Won't Have. There is additional text next to each category, as follows: Must have - Requirements must be implemented for the solution to be considered successful.; Should have: Requirements are high priority that should be included in the solution if possible.; Could Have: Requirements are desirable but not necessary and could be included if resources are available.; Won't Have: Requirements won’t be in the next release, but will be considered for the future releases.

    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994 (Source: ProductPlan).

    Base your prioritization on the right set of criteria

    Effective Prioritization Criteria

    Criteria

    Description

    Regulatory & Legal Compliance These requirements will be considered mandatory.
    Policy Compliance Unless an internal policy can be altered or an exception can be made, these requirements will be considered mandatory.
    Business Value Significance Give a higher priority to high-value requirements.
    Business Risk Any requirement with the potential to jeopardize the entire project should be given a high priority and implemented early.
    Likelihood of Success Especially in proof-of-concept projects, it is recommended that requirements have good odds.
    Implementation Complexity Give a higher priority to low implementation difficulty requirements.
    Alignment With Strategy Give a higher priority to requirements that enable the corporate strategy.
    Urgency Prioritize requirements based on time sensitivity.
    Dependencies A requirement on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it.

    Info-Tech Insight

    It is easier to prioritize requirements if they have already been collapsed, resolved, and rewritten. There is no point in prioritizing every requirement that is elicited up front when some of them will eventually be eliminated.

    Use the Requirements Gathering Documentation Tool to steer your requirements gathering approach during a project

    3.1 Requirements Gathering Documentation Tool

    Use the Requirements Gathering Documentation Tool to identify and track stakeholder involvement, elicitation techniques, and scheduling, as well as to track categorization and prioritization of requirements.

    • Use the Identify Stakeholders tab to:
      • Identify the stakeholder's name and role.
      • Identify their influence and involvement.
      • Identify the elicitation techniques that you will be using.
      • Identify who will be conducting the elicitation sessions.
      • Identify if requirements were validated post elicitation session.
      • Identify when the elicitation will take place.
    • Use the Categorize & Prioritize tab to:
      • Identify the stakeholder.
      • Identify the core function.
      • Identify the business requirement.
      • Describe the requirement.
      • Identify the categorization of the requirement.
      • Identify the level of priority of the requirement.

    Prioritize requirements

    3.1.3 – 30 minutes

    Input
    • Requirements list
    • Prioritization criteria
    Output
    • Prioritized requirements
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • BAs
    • Business stakeholders

    Using the output from the MoSCoW model, prioritize the requirements according to those you must have, should have, could have, and won’t have.

    1. As a group, review each requirement and decide if the requirement is:
      1. Must have
      2. Should have
      3. Could have
      4. Won’t have
    2. Beginning with the must-have requirements, determine if each has any dependencies. Ensure that each of the dependencies are moved to the must-have category. Group and circle the dependent requirements.
    3. Continue the same exercise with the should-have and could-have options.
    4. Record the results in the Requirements Gathering Documentation Tool.

    Step 1 – Prioritize requirements

    3.1.3

    The image shows a whiteboard, with four categories listed at the top: Must Have; Should Have; Could Have; Won't Have. There are yellow post-it notes under each category.

    Step 2-3 – Prioritize requirements

    This image is the same as the previous image, but with the additions of two dotted line squares under the Must Have category, with arrows pointing to them from post-its in the Should have category.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    3.1.1 Create functional requirements categories

    An analyst will facilitate the discussion to brainstorm and determine criteria for requirements categories.

    3.1.2 Consolidate similar requirements and eliminate redundancies

    An analyst will facilitate a session to review the requirements categories to ensure the list is mutually exclusive by consolidating similar requirements and eliminating redundancies.

    3.1.3 Prioritize requirements

    An analyst will facilitate the discussion on how to prioritize requirements according to the MoSCoW prioritization framework. The analyst will also walk you through the exercise of determining dependencies for each requirement.

    Step 3.2: Validate Business Requirements

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Build the BRD.
    • Translate functional requirements to technical requirements.
    • Identify testing opportunities.

    This step involves the following participants:

    • BAs

    Outcomes of this step

    • Finalized BRD.

    Validate requirements to ensure that they meet stakeholder needs – getting sign-off is essential

    The image is the Requirements Gathering Framework shown previously. In this instance, all aspects of the graphic are greyed out with the exception of the Validate arrow, right of center. Below the arrow are three bullet points: Translate; Allocate; Approve.

    The validation phase involves translating the requirements, modeling the solutions, allocating features across the phased deployment plan, preparing the requirements package, and getting requirement sign-off. This is the last step in the Info-Tech Requirements Gathering Framework.

    Prepare a user-friendly requirements package

    Before going for final sign-off, ensure that you have pulled together all of the relevant documentation.

    The requirements package is a compilation of all of the business analysis and requirements gathering that occurred. The document will be distributed among major stakeholders for review and sign-off.

    Some may argue that the biggest challenge in the validation phase is getting the stakeholders to sign off on the requirements package; however, the real challenge is getting them to actually read it. Often, stakeholders sign the requirements document without fully understanding the scope of the application, details of deployment, and how it affects them.

    Remember, this document is not for the BAs; it’s for the stakeholders. Make the package with the stakeholders in mind. Create multiple versions of the requirements package where the length and level of technical details is tailored to the audience. Consider creating a supplementary PowerPoint version of the requirements package to present to senior management.

    Contents of Requirements Package:

    • Project Charter (if available)
    • Overarching Project Goals
    • Categorized Business Requirements
    • Selected Solution Proposal
    • Rationale for Solution Selection
    • Phased Roll-Out Plan
    • Proposed Schedule/Timeline
    • Signatures Page

    "Sit down with your stakeholders, read them the document line by line, and have them paraphrase it back to you so you’re on the same page." – Anonymous City Manager of IT Project Planning Info-Tech Interview

    Capture requirements in a dedicated BRD

    The BRD captures the original business objectives and high-level business requirements for the system/process. The system requirements document (SRD) captures the more detailed functional and technical requirements.

    The graphic is grouped into two sections, indicated by brackets on the right side, the top section labelled BRD and the lower section labelled as SRD. In the BRD section, a box reads Needs Identified in the Business Case. An arrow points from the bottom of the box down to another box labelled Use Cases. In the SRD section, there are three arrows pointing from the Use Cases box to three boxes in a row. They are labelled Functionality; Usability; and Constraints. Each of these boxes has a plus sign between it and the next in the line. At the bottom of the SRD section is a box with text that reads: Quality of Service Reliability, Supportability, and Performance

    Use Info-Tech’s Business Requirements Document Template to specify the business needs and expectations

    3.2 Business Requirements Document Template

    The Business Requirements Document Template can be used to record the functional, quality, and usability requirements into formats that are easily consumable for future analysis, architectural and design activities, and most importantly in a format that is understandable by all business partners.

    The BRD is designed to take the reader from a high-level understanding of the business processes down to the detailed automation requirements. It should capture the following:

    • Project summary and background
    • Operating model
    • Business process model
    • Use cases
    • Requirements elicitation techniques
    • Prioritized requirements
    • Assumptions and constraints

    Rightsize the BRD

    3.2.1 – 30 minutes

    Input
    • Project levels
    • BRD categories
    Output
    • BRD
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Business stakeholders

    Build the required documentation for requirements gathering.

    1. On the board, write out the components of the BRD. As a group, review the headings and decide if all sections are needed for level 1 & 2 and level 3 & 4 projects. Your level 3-4 project business cases will have the most detailed business cases; consider your level 1-2 projects, and remove any categories you don’t believe are necessary for the project level.
    2. Now that you have a right-sized template, break the team into two groups and have each group complete one section of the template for your selected project.
      1. Project overview
      2. Implementation considerations
    3. Once complete, have each group present its section, and allow the group to make additions and modifications to each section.

    Document the output from this exercise in section 6 of the Requirements Gathering SOP and BA Playbook.

    Present the BRD to business stakeholders

    3.2.2 – 1 hour

    Input
    • Activity 3.2.1
    Output
    • BRD presentation
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Practice presenting the requirements document to business stakeholders.

    1. Hold a meeting with a group of selected stakeholders, and have a representative present each section of the BRD for your project.
    2. Instruct participants that they should spend the majority of their time on the requirements section, in particular the operating model and the requirements prioritization.
    3. At the end of the meeting, have the business stakeholders validate the requirements, and approve moving forward with the project or indicate where further requirements gathering must take place.

    Example:

    Typical Requirements Gathering Validation Meeting Agenda
    Project overview 5 minutes
    Project operating model 10 minutes
    Prioritized requirements list 5 minutes
    Business process model 30 minutes
    Implementation considerations 5 minutes

    Translate business requirements into technical requirements

    3.2.3 – 30 minutes

    Input
    • Business requirements
    Output
    • BRD presentation
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders
    • BAs
    • Developers

    Practice translating business requirements into system requirements.

    1. Bring in representatives from the development team, and have a representative walk them through the business process model.
    2. Present a detailed account of each business requirement, and work with the IT team to build out the system requirements for each.
    3. Document the system requirements in the Requirements Gathering Documentation Tool.

    For requirements traceability, ensure you’re linking your requirements management back to your test strategy

    After a solution has been fully deployed, it’s critical to create a strong link between your software testing strategy and the requirements that were collected. User acceptance testing (UAT) is a good approach for requirement verification.

    • Many organizations fail to create an explicit connection between their requirements gathering and software testing strategies. Don’t follow their example!
    • When conducting UAT, structure exercises in the context of the requirements; run through the signed-off list and ask users whether or not the deployed functionality was in line with the expectations outlined in the finalized requirements documentation.
    • If not – determine whether it was a miscommunication on the requirements management side or a failure of the developers (or procurement team) to meet the agreed-upon requirements.

    Download the Requirements Gathering Testing Checklist template.

    Identify the testing opportunities

    3.2.4 – 30 minutes

    Input
    • List of requirements
    Output
    • Requirements testing process
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Developers

    Identify how to test the effectiveness of different requirements.

    1. Ask the group to review the list of requirements and identify:
      1. Which kinds of requirements enable constructive testing efforts?
      2. Which kinds of requirements enable destructive testing efforts?
      3. Which kinds of requirements support end-user acceptance testing?
      4. What do these validation-enabling objectives mean in terms of requirement specificity?
    2. For each, identify who will do the testing and at what stage.

    Verify that the requirements still meet the stakeholders’ needs

    Keep the stakeholders involved in the process in between elicitation and sign-off to ensure that nothing gets lost in transition.

    After an organization’s requirements have been aggregated, categorized, and consolidated, the business requirements package will begin to take shape. However, there is still a great deal of work to complete. Prior to proceeding with the process, requirements should be verified by domain SMEs to ensure that the analyzed requirements continue to meet their needs. This step is often overlooked because it is laborious and can create additional work; however, the workload associated with verification is much less than the eventual rework stemming from poor requirements.

    All errors in the requirements gathering process eventually surface; it is only a matter of time. Control when these errors appear and minimize costs by soliciting feedback from stakeholders early and often.

    This is the Verify stage of the Confirm, Verify, Approve process.

    “Do these requirements still meet your needs?”

    Put it all together: obtain final requirements sign-off

    Use the sign-off process as one last opportunity to manage expectations, obtain commitment from the stakeholders, and minimize change requests.

    Development or procurement of the application cannot begin until the requirements package has been approved by all of the key stakeholders. This will be the third time that the stakeholders are asked to review the requirements; however, this will be the first time that the stakeholders are asked to sign off on them.

    It is important that the stakeholders understand the significance of their signatures. This is their last opportunity to see exactly what the solution will look like and to make change requests. Ensure that the stakeholders also recognize which requirements were omitted from the solution that may affect them.

    The sign-off process needs to mean something to the stakeholders. Once a signature is given, that stakeholder must be accountable for it and should not be able to make change requests. Note that there are some requests from senior stakeholders that can’t be refused; use discretion when declining requests.

    This is the Approve stage of the Confirm, Verify, Approve process.

    "Once requirements are signed off, stay firm on them!" – Anonymous Hospital Business Systems Analyst Info-Tech Interview

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with out Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.2.1; 3.2.2 Rightsize the BRD and present it to business stakeholders

    An analyst will facilitate the discussion to gather the required documentation for building the BRD. The analyst will also assist with practicing the presenting of each section of the document to business stakeholders.

    3.2.3; 3.2.4 Translate business requirements into technical requirements and identify testing opportunities

    An analyst will facilitate the session to practice translating business requirements into testing requirements and assist in determining how to test the effectiveness of different requirements.

    Phase 4: Create a Requirements Governance Action Plan

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Create a Requirements Governance Action Plan

    Proposed Time to Completion: 3 weeks

    Step 4.1: Create Control Processes for Requirements Changes

    Start with an analyst kick off call:

    • Discuss how to handle changes to requirements and establish a formal change control process.

    Then complete these activities…

    • Develop a change control process.
    • Build the guidelines for escalating changes.
    • Confirm your requirements gathering process.
    • Define RACI for the requirements gathering process.

    With these tools & templates:

    • Requirements Traceability Matrix
    Step 4.2: Build Requirements Governance and Communication Plan

    Review findings with analyst:

    • Review options for ongoing governance of the requirements gathering process.

    Then complete these activities…

    • Define the requirements gathering steering committee purpose.
    • Define the RACI for the RGSC.
    • Define procedures, cadence, and agenda for the RGSC.
    • Identify and analyze stakeholders.
    • Create a communications management plan.
    • Build the requirements gathering process implementation timeline.

    With these tools & templates:

    Requirements Gathering Communication Tracking Template

    Phase 4 Results & Insights:
    • Formalized change control and governance processes for requirements.

    Step 4.1: Create Control Processes for Requirements Changes

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:
    • Develop change control process.
    • Develop change escalation process.
    This step involves the following participants:
    • BAs
    • Business stakeholders
    Outcomes of this step
    • Requirements gathering process validation.
    • RACI completed.

    Manage, communicate, and test requirements

    The image is the Requirement Gathering Framework graphic from previous sections. In this instance, all parts of the image are greyed out, with the exception of the arrows labelled Communicate and Manage, located at the bottom of the image.

    Although the manage, communicate, and test requirements section chronologically falls as the last section of this blueprint, that does not imply that this section is to be performed only at the end. These tasks are meant to be completed iteratively throughout the project to support the core requirements gathering tasks.

    Prevent requirements scope creep

    Once the stakeholders sign off on the requirements document, any changes need to be tracked and managed. To do that, you need a change control process.

    Thoroughly validating requirements should reduce the amount of change requests you receive. However, eliminating all changes is unavoidable.

    The BAs, sponsor, and stakeholders should have agreed upon a clearly defined scope for the project during the planning phase, but there will almost always be requests for change as the project progresses. Even a high number of small changes can negatively impact the project schedule and budget.

    To avoid scope creep, route all changes, including small ones, through a formal change control process that will be adapted depending on the level of project and impact of the change.

    Linking change requests to requirements is essential to understanding relevance and potential impact

    1. Receive project change request.
    2. Refer to requirements document to identify requirements associated with the change.
      • Matching requirement is found: The change is relevant to the project.
      • Multiple requirements are associated with the proposed change: The change has wider implications for the project and will require closer analysis.
      • The request involves a change or new business requirements: Even if the change is within scope, time, and budget, return to the stakeholder who submitted the request to identify the potentially new requirements that relate to this change. If the sponsor agrees to the new requirements, you may be able to approve the change.
    3. Findings influence decision to escalate/approve/reject change request.

    Develop a change control process

    4.1.1 – 45 minutes

    Input
    • Current change control process
    Output
    • Updated change control process
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Developers
    1. Ask the team to consider their current change control process. It might be helpful to discuss a project that is currently underway, or already completed, to provide context. Draw the process on the whiteboard through discussion with the team.
    2. If necessary, provide some cues. Below are some change control process activities:
      • Submit project change request form.
      • PM assesses change.
      • Project sponsor assesses change.
      • Bring request to project steering committee to assess change.
      • Approve/reject change.
    3. Ask participants to brainstorm a potential separate process for dealing with small changes. Add a new branch for minor changes, which will allow you to make decisions on when to bundle the changes versus implementing directly.

    Document any changes from this exercise in section 7.1 of the Requirements Gathering SOP and BA Playbook.

    Example change control process

    The image is an example of a change control process, depicted via a flowchart.

    Build guidelines for escalating changes

    4.1.2 – 1 hour

    Input
    • Current change control process
    Output
    • Updated change control process
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs
    • Developers

    Determine how changes will be escalated for level 1/2/3/4 projects.

    1. Write down the escalation options for level 3 & 4 projects on the whiteboard:
      • Final decision rests with project manager.
      • Escalate to sponsor.
      • Escalate to project steering committee.
      • Escalate to change control board.
    2. Brainstorm categories for assessing the impact of a change and begin creating a chart on the whiteboard by listing these categories in the far left column. Across the top, list the escalation options for level 3 & 4 projects.
    3. Ask the team to agree on escalation conditions for each escalation option. For example, for the final decision to rest with the project manager one condition might be:
      • Change is within original project scope.
    4. Review the output from exercise 4.1.1 and tailor the process model to meet level 3 & 4 escalation models.
    5. Repeat steps 1-4 for level 1 & 2 projects.

    Document any changes from this exercise in section 7.2 of the Requirements Gathering SOP and BA Playbook.

    Example: Change control process – Level 3 & 4

    Impact Category Final Decision Rests With Project Manager If: Escalate to Steering Committee If: Escalate to Change Control Board If: Escalate to Sponsor If:
    Scope
    • Change is within original project scope.
    • Change is out of scope.
    Budget
    • Change can be absorbed into current project budget.
    • Change will require additional funds exceeding any contingency reserves.
    • Change will require the release of contingency reserves.
    Schedule
    • Change can be absorbed into current project schedule.
    • Change will require the final project close date to be delayed.
    • Change will require a delay in key milestone dates.
    Requirements
    • Change can be linked to an existing business requirement.
    • Change will require a change to business requirements, or a new business requirement.

    Example: Change control process – Level 1 & 2

    Impact CategoryFinal Decision Rests With Project Manager If:Escalate to Steering Committee If:Escalate to Sponsor If:
    Scope
    • Change is within original project scope.
    • Change is out of scope.
    Budget
    • Change can be absorbed into current project budget, even if this means releasing contingency funds.
    • Change will require additional funds exceeding any contingency reserves.
    Schedule
    • Change can be absorbed into current project schedule, even if this means moving milestone dates.
    • Change will require the final project close date to be delayed.
    Requirements
    • Change can be linked to an existing business requirement.
    • Change will require a change to business requirements, or a new business requirement.

    Leverage Info-Tech’s Requirements Traceability Matrix to help create end-to-end traceability of your requirements

    4.1 Requirements Traceability Matrix

    Even if you’re not using a dedicated requirements management suite, you still need a way to trace requirements from inception to closure.
    • Ensuring traceability of requirements is key. If you don’t have a dedicated suite, Info-Tech’s Requirements Traceability Matrix can be used as a form of documentation.
    • The traceability matrix covers:
      • Association ID
      • Technical Assumptions and Needs
      • Functional Requirement
      • Status
      • Architectural Documentation
      • Software Modules
      • Test Case Number

    Info-Tech Deliverable
    Take advantage of Info-Tech’s Requirements Traceability Matrix to track requirements from inception through to testing.

    You can’t fully validate what you don’t test; link your requirements management back to your test strategy

    Create a repository to store requirements for reuse on future projects.

    • Reuse previously documented requirements on future projects to save the organization time, money, and grief. Well-documented requirements discovered early can even be reused in the same project.
    • If every module of the application must be able to save or print, then the requirement only needs to be written once. The key is to be able to identify and isolate requirements with a high likelihood of reuse. Typically, requirements pertaining to regulatory and business rule compliance are prime candidates for reuse.
    • Build and share a repository to store historical requirement documentation. The repository must be intuitive and easy to navigate, or users will not take advantage of it. Plan the information hierarchy in advance. Requirements management software suites have the ability to create a repository and easily migrate requirements over from past projects.
    • Assign one person to manage the repository to create consistency and accountability. This person will maintain the master requirements document and ensure the changes that take place during development are reflected in the requirements.

    Confirm your requirements gathering process

    4.1.3 – 45 minutes

    Input
    • Activity 1.2.4
    Output
    • Requirements gathering process model
    Materials
    • Whiteboard
    • Markers
    Participants
    • BAs

    Review the requirements gathering process and control levels for project levels 1/2/3/4 and add as much detail as possible to each process.

    1. Draw out the requirements gathering process for a level 4 project as created in exercise 1.2.4 on a whiteboard.
    2. Review each process step as a group, and break down each step so that it is at its most granular. Be sure to include each decision point, key documentation, and approvals.
    3. Once complete, review the process for level 3, 2 & 1. Reduce steps as necessary. Note: there may not be a lot of differentiation between your project level 4 & 3 or level 2 & 1 processes. You should see differentiation in your process between 2 and 3.

    Document the output from this exercise in section 2.4 of the Requirements Gathering SOP and BA Playbook.

    Example: Confirm your requirements gathering process

    The image is an example of a requirements gathering process, representing in the format of a flowchart.

    Define RACI for the requirements gathering process

    4.1.4 – 45 minutes

    Input
    • List of stakeholders
    Output
    • RACI matrix
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Understand who is responsible, accountable, consulted, and informed for key elements of the requirements gathering process for project levels 1/2/3/4.

    1. As a group, identify the key stakeholders for requirements gathering and place those names along the top of the board.
    2. On the left side of the board, list the process steps and control points for a level 4 project.
    3. For each process step, identify who is responsible, accountable, informed, and consulted.
    4. Repeat this process for project levels 3, 2 & 1.

    Example: RACI for requirements gathering

    Project Requestor Project Sponsor Customers Suppliers Subject Matter Experts Vendors Executives Project Management IT Management Developer/ Business Analyst Network Services Support
    Intake Form A C C I R
    High-Level Business Case R A C C C C I I C
    Project Classification I I C I R A R
    Project Approval R R I I I I I I A I I
    Project Charter R C R R C R I A I R C C
    Develop BRD R I R C C C R A C C
    Sign-Off on BRD/ Project Charter R A R R R R
    Develop System Requirements C C C R I C A R R
    Sign-Off on SRD R R R I A R R
    Testing/Validation A I R C R C R I R R
    Change Requests R R C C A I R C
    Sign-Off on Change Request R A R R R R
    Final Acceptance R A R I I I I R R R I I

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    4.1.1; 4.1.2 Develop a change control process and guidelines for escalating changes

    An analyst will facilitate the discussion on how to improve upon your organization’s change control processes and how changes will be escalated to ensure effective tracking and management of changes.

    4.1.3 Confirm your requirements gathering process

    With the group, an analyst will review the requirements gathering process and control levels for the different project levels.

    4.1.4 Define the RACI for the requirements gathering process

    An analyst will facilitate a whiteboard exercise to understand who is responsible, accountable, informed, and consulted for key elements of the requirements gathering process.

    Step 4.2: Build Requirements Governance and Communication Plan

    Phase 1

    1.1 Understand the Benefits of Requirements Optimization

    1.2 Determine Your Target State for Requirements Gathering

    Phase 2

    2.1 Determine Elicitation Techniques

    2.2 Structure Elicitation Output

    Phase 3

    3.1 Create Analysis Framework

    3.2 Validate Business Requirements

    Phase 4

    4.1 Create Control Processes for Requirements Changes

    4.2 Build Requirements Governance and Communication Plan

    This step will walk you through the following activities:

    • Developing a requirements gathering steering committee.
    • Identifying and analyzing stakeholders for requirements governance.
    • Creating a communication management plan.

    This step involves the following participants:

    • Business stakeholders
    • BAs

    Outcomes of this step

    • Requirements governance framework.
    • Communication management plan.

    Establish proper governance for requirements gathering that effectively creates and communicates guiding principles

    If appropriate governance oversight doesn’t exist to create and enforce operating procedures, analysts and developers will run amok with their own processes.

    • One of the best ways to properly govern your requirements gathering process is to establish a working committee within the framework of your existing IT steering committee. This working group should be given the responsibility of policy formulation and oversight for requirements gathering operating procedures. The governance group should be comprised of both business and IT sponsors (e.g. a director, BA, and “voice of the business” line manager).
    • The governance team will not actually be executing the requirements gathering process, but it will be deciding upon which policies to adopt for elicitation, analysis, and validation. The team will also be responsible for ensuring – either directly or indirectly through designated managers – that BAs or other requirements gathering processionals are following the approved steps.

    Requirements Governance Responsibilities

    1. Provide oversight and review of SOPs pertaining to requirements elicitation, analysis, and validation.

    2. Establish corporate policies with respect to requirements gathering SOP training and education of analysts.

    3. Prioritize efforts for requirements optimization.

    4. Determine and track metrics that will be used to gauge the success (or failure) of requirements optimization efforts and make process and policy changes as needed.

    Right-size your governance structure to your organization’s complexity and breadth of capabilities

    Not all organizations will be best served by a formal steering committee for requirements gathering. Assess the complexity of your projects and the number of requirements gathering practitioners to match the right governance structure.

    Level 1: Working Committee
    • A working committee is convened temporarily as required to do periodic reviews of the requirements process (often annually, or when issues are surfaced by practitioners). This governance mechanism works best in small organizations with an ad hoc culture, low complexity projects, and a small number of practitioners.
    Level 2: IT Steering Committee Sub-Group
    • For organizations that already have a formal IT steering committee, a sub-group dedicated to managing the requirements gathering process is desirable to a full committee if most projects are complexity level 1 or 2, and/or there are fewer than ten requirements gathering practitioners.
    Level 3: Requirements Gathering Steering Committee
    • If your requirements gathering process has more than ten practitioners and routinely deals with high-complexity projects (like ERP or CRM), a standing formal committee responsible for oversight of SOPs will provide stronger governance than the first two options.
    Level 4: Requirements Gathering Center of Excellence
    • For large organizations with multiple business units, matrix organizations for BAs, and a very large number of requirements gathering practitioners, a formal center of excellence can provide both governance as well as onboarding and training for requirements gathering.

    Identify and analyze stakeholders

    4.2.1A – 1 hour

    Input
    • Number of practitioners, project complexity levels
    Output
    • Governance structure selection
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    Use a power map to determine which governance model best fits your organization.

    The image is a square, split into four equal sections, labelled as follows from top left: Requirements Steering Committee; Requirements Center of Excellence; IT Steering Committee Sub-Group; Working Committee. The left and bottom edges of the square are labelled as follows: on the left, with an arrow pointing upwards, Project Complexity; on the bottom, with arrow pointing right, # of Requirements Practitioners.

    Define your requirements gathering governance structure(s) and purpose

    4.2.1B – 30 minutes

    Input
    • Requirements gathering elicitation, analysis, and validation policies
    Output
    • Governance mandate
    Materials
    • Whiteboard
    • Markers
    Participants
    • Business stakeholders

    This exercise will help to define the purpose statement for the applicable requirements gathering governance team.

    1. As a group, brainstorm key words that describe the unique role the governance team will play. Consider value, decisions, and authority.
    2. Using the themes, come up with a set of statements that describe the overall purpose statement.
    3. Document the outcome for the final deliverable.

    Example:

    The requirements gathering governance team oversees the procedures that are employed by BAs and other requirements gathering practitioners for [insert company name]. Members of the team are appointed by [insert role] and are accountable to [typically the chair of the committee].

    Day-to-day operations of the requirements gathering team are expected to be at the practitioner (i.e. BA) level. The team is not responsible for conducting elicitation on its own, although members of the team may be involved from a project perspective.

    Document the output from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.

    A benefits provider established a steering committee to provide consistency and standardization in requirements gathering

    CASE STUDY

    Industry Not-for-Profit

    Source Info-Tech Workshop

    Challenge

    This organization is a not-for-profit benefits provider that offers dental coverage to more than 1.5 million people across three states.

    With a wide ranging application portfolio that includes in-house, custom developed applications as well as commercial off-the-shelf solutions, the company had no consistent method of gathering requirements.

    Solution

    The organization contracted Info-Tech to help build an SOP to put in place a rigorous and efficient methodology for requirements elicitation, analysis, and validation.

    One of the key realizations in the workshop was the need for governance and oversight over the requirements gathering process. As a result, the organization developed a Requirements Management Steering Committee to provide strategic oversight and governance over requirements gathering processes.

    Results

    The Requirements Management Steering Committee introduced accountability and oversight into the procedures that are employed by BAs. The Committee’s mandate included:

    • Provide oversight and review SOPs pertaining to requirements elicitation, analysis, and validation.
    • Establish corporate policies with respect to training and education of analysts on requirements gathering SOPs.
    • Prioritize efforts for requirements optimization.
    • Determine metrics that can be used to gauge the success of requirements optimization efforts.

    Authority matrix – RACI

    There needs to be a clear understanding of who is accountable, responsible, consulted, and informed about matters brought to the attention of the requirements gathering governance team.

    • An authority matrix is often used within organizations to indicate roles and responsibilities in relation to processes and activities.
    • Using the RACI model as an example, there is only one person accountable for an activity, although several people may be responsible for executing parts of the activity.
    • In this model, accountable means end-to-end accountability for the process. Accountability should remain with the same person for all activities of a process.

    RResponsible

    The one responsible for getting the job done.

    A – Accountable

    Only one person can be accountable for each task.

    C – Consulted

    Involvement through input of knowledge and information.

    I – Informed

    Receiving information about process execution and quality.

    Define the RACI for effective requirements gathering governance

    4.2.2 – 30 minutes

    Input
    • Members’ list
    Output
    • Governance RACI
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • Governance team members

    Build the participation list and authority matrix for the requirements gathering governance team.

    1. Have each participant individually consider the responsibilities of the governance team, and write five participant roles they believe should be members of the governance team.
    2. Have each participant place the roles on the whiteboard, group participants, and agree to five participants who should be members.
    3. On the whiteboard, write the responsibilities of the governance team in a column on the left, and place the sticky notes of the participant roles along the top of the board.
    4. Under the appropriate column for each activity, identify who is the “accountable,” “responsible,” “consulted,” and “informed” role for each activity.
    5. Agree to a governance chair.

    Document any changes from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.

    Example: Steps 2-5: Build the governance RACI

    The image shows an example governance RACI, with the top of the chart labelled with Committee Participants, and the left hand column labelled Committee Responsibilities. Some of the boxes have been filled in.

    Define your requirements gathering governance team procedures, cadence, and agenda

    4.2.3 – 30 minutes

    Input
    • Governance responsibilities
    Output
    • Governance procedures and agenda
    Materials
    • Whiteboard
    • Markers
    Participants
    • Steering committee members

    Define your governance team procedures, cadence, and agenda.

    1. Review the format of a typical agenda as well as the list of responsibilities for the governance team.
    2. Consider how you will address each of these responsibilities in the meeting, who needs to present, and how long each presentation should be.
    3. Add up the times to define the meeting duration.
    4. Consider how often you need to meet to discuss the information: monthly, quarterly, or annually? Are there different actions that need to be taken at different points in the year?
    5. As a group, decide how the governance team will approve changes and document any voting standards that should be included in the charter. Will a vote be taken during or prior to the meeting? Who will have the authority to break a tie?
    6. As a group, decide how the committee will review information and documentation. Will members commit to reviewing associated documents before the meeting? Can associated documentation be stored in a knowledge repository and/or be distributed to members prior to the meeting? Who will be responsible for this? Can a short meeting/conference call be held with relevant reviewers to discuss documentation before the official committee meeting?

    Review the format of a typical agenda

    4.2.3 – 30 minutes

    Meeting call to order [Committee Chair] [Time]
    Roll call [Committee Chair] [Time]
    Review of SOPs
    A. Requirements gathering dashboard review [Presenters, department] [Time]
    B. Review targets [Presenters, department] [Time]
    C. Policy Review [Presenters, department] [Time]

    Define the governance procedures and cadence

    4.2.3 – 30 minutes

    • The governance team or committee will be chaired by [insert role].
    • The team shall meet on a [insert time frame (e.g. monthly, semi-annual, annual)] basis. These meetings will be scheduled by the team or committee chair or designated proxy.
    • Approval for all SOP changes will be reached through a [insert vote consensus criteria (majority, uncontested, etc.)] vote of the governance team. The vote will be administered by the governance chair. Each member of the committee shall be entitled to one vote, excepting [insert exceptions].
    • The governance team has the authority to reject any requirements gathering proposal which it deems not to have made a sufficient case or which does not significantly contribute to the strategic objectives of [insert company name].
    • [Name of individual] will record and distribute the meeting minutes and documentation of business to be discussed in the meeting.

    Document any changes from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.

    Changing the requirements gathering process can be disruptive – be successful by gaining business support

    A successful communication plan involves making the initiative visible and creating staff awareness around it. Educate the organization on how the requirements gathering process will differ.

    People can be adverse to change and may be unreceptive to being told they must “comply” to new policies and procedures. Demonstrate the value in requirements gathering and show how it will assist people in their day-to-day activities.

    By demonstrating how an improved requirements gathering process will impact staff directly, you create a deeper level of understanding across lines-of-business, and ultimately a higher level of acceptance for new processes, rules, and guidelines.

    A proactive communication plan will:
    • Assist in overcoming issues with prioritization, alignment resourcing, and staff resistance.
    • Provide a formalized process for implementing new policies, rules, and guidelines.
    • Detail requirements gathering ownership and accountability for the entirety of the process.
    • Encourage acceptance and support of the initiative.

    Identify and analyze stakeholders to communicate the change process

    Who are the requirements gathering stakeholders?

    Stakeholder:

    • A stakeholder is any person, group, or organization who is the end user, owner, sponsor, or consumer of an IT project, change, or application.
    • When assessing an individual or group, ask whether they can impact or be impacted by any decision, change, or activity executed as part of the project. This might include individuals outside of the organization.

    Key Stakeholder:

    • Someone in a management role or someone with decision-making power who will be able to influence requirements and/or be impacted by project outcomes.

    User Group Representatives:

    • For impacted user groups, follow best practice and engage an individual to act as a representative. This individual will become the primary point of contact when making decisions that impact the group.

    Identify the reasons for resistance to change

    Stakeholders may resist change for a variety of reasons, and different strategies are necessary to address each.

    Unwilling – Individuals who are unwilling to change may need additional encouragement. For these individuals, you’ll need to reframe the situation and emphasize how the change will benefit them specifically.

    Unable – All involved requirements gathering will need some form of training on the process, committee roles, and responsibilities. Be sure to have training and support available for employees who need it and communicate this to staff.

    Unaware – Until people understand exactly what is going on, they will not be able to conform to the process. Communicate change regularly at the appropriate detail to encourage stakeholder support.

    Info-Tech Insight

    Resisters who have influence present a high risk to the implementation as they may encourage others to resist as well. Know where and why each stakeholder is likely to resist to mitigate risk. A detailed plan will ensure you have the needed documentation and communications to successfully manage stakeholder resistance.

    Identify and analyze stakeholders

    4.2.4 – 1 hour

    Input
    • Requirements gathering stakeholders list
    Output
    • Stakeholder power map
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • RGSC members

    Identify the impact and level of resistance of all stakeholders to come up with the right communication plan.

    1. Through discussion, generate a complete list of stakeholders for requirements gathering and record the names on the whiteboard or flip chart. Group related stakeholders together.
    2. Using the template on the next slide, draw the stakeholder power map.
    3. Evaluate each stakeholder on the list based on:
      1. Influence: To what degree can this stakeholder impact progress?
      2. Involvement: How involved is the stakeholder already?
      3. Support: Label supporters with green sticky notes, resisters with red notes, and the rest with a third color.
    4. Based on the assessment, write the stakeholder’s name on a green, red, or other colored sticky note, and place the sticky note in the appropriate place on the power map.
    5. For each of the stakeholders identified as resisters, determine why you think they would be resistant. Is it because they are unwilling, unable, and/or unknowing?
    6. Document changes to the stakeholder analysis in the Requirements Gathering Communication Tracking Template.

    Identify and analyze stakeholders

    4.2.4 – 1 hour

    Use a power map to plot key stakeholders according to influence and involvement.

    The image shows a power map, which is a square divided into 4 equally-sized sections, labelled from top left: Focused Engagement; Key Players; Keep Informed; Minimal Engagement. On the left side of the square, there is an arrow pointing upwards labelled Influence; at the bottom of the square, there is an arrow pointing right labelled Involvement. On the right side of the image, there is a legend indicating that a green dot indicates a Supporter; a grey dot indicated Neutral; and a red dot indicates a Resister.

    Example: Identify and analyze stakeholders

    Use a power map to plot key stakeholders according to influence and involvement.

    The image is the same power map image from the previous section, with some additions. A red dot is located at the top left, with a note: High influence with low involvement? You need a strategy to increase engagement. A green dot is located mid-high on the right hand side. Grey dots are located left and right in the bottom of the map. The bottom right grey dot has the note: High involvement with lower influence? Make sure to keep these stakeholders informed at regular intervals and monitor engagement.

    Stakeholder analysis: Reading the power map

    High Risk:

    Stakeholders with high influence who are not as involved in the project or are heavily impacted by the project are less likely to give feedback throughout the project lifecycle and need to be engaged. They are not as involved but have the ability to impact project success, so stay one step ahead.

    Do not limit your engagement to kick-off and close – you need to continue seeking input and support at all stages of the project.

    Mid Risk:

    Key players have high influence, but they are also more involved with the project or impacted by its outcomes and are thus easier to engage.

    Stakeholders who are heavily impacted by project outcomes will be essential to your organizational change management strategy. Do not wait until implementation to engage them in preparing the organization to accept the project – make them change champions.

    Low Risk:

    Stakeholders with low influence who are not impacted by the project do not pose as great of a risk, but you need to keep them consistently informed of the project and involve them at the appropriate control points to collect feedback and approval.

    Inputs to the communications plan

    Stakeholder analysis should drive communications planning.

    Identify Stakeholders
    • Who is impacted by this project?
    • Who can affect project outcomes?
    Assess Stakeholders
    • Influence
    • Involvement
    • Support
    Stakeholder Change Impact Assessment
    • Identify change supporters/resistors and craft change messages to foster acceptance.
    Stakeholder Register
    • Record assessment results and preferred methods of communication.
    The Communications Management Plan:
    • Who will receive information?
    • What information will be distributed?
    • How will information be distributed?
    • What is the frequency of communication?
    • What will the level of detail be?
    • Who is responsible for distributing information?

    Communicate the reason for the change and stay on message throughout the change

    Leaders of successful change spend considerable time developing a powerful change message: a compelling narrative that articulates the desired end state and makes the change concrete and meaningful to staff. They create the change vision with staff to build ownership and commitment.

    The change message should:

    • Explain why the change is needed.
    • Summarize the things that will stay the same.
    • Highlight the things that will be left behind.
    • Emphasize the things that are being changed.
    • Explain how the change will be implemented.
    • Address how the change will affect the various roles in the organization.
    • Discuss staff’s role in making the change successful.

    The five elements of communicating the reason for the change:

    COMMUNICATING THE CHANGE

    What is the change?

    Why are we doing it?

    How are we going to go about it?

    How long will it take us?

    What will the role be for each department and individual?

    Create a communications management plan

    4.2.5 – 45 minutes

    Input
    • Exercise 4.1.1
    Output
    • Communications management plan
    Materials
    • Whiteboard
    • Markers
    Participants
    • RGSC members

    Build the communications management plan around your stakeholders’ needs.

    1. Build a chart on the board using the template on the next slide.
    2. Using the list from exercise 4.1.1, brainstorm a list of communication vehicles that will need to be used as part of the rollout plan (e.g. status updates, training).
    3. Through group discussion, fill in all these columns for at least three communication vehicles:
      • (Target) audience
      • Purpose (description)
      • Frequency (of the communication)
        • The method, frequency, and content of communication vehicles will change depending on the stakeholder involved. This needs to be reflected by your plan. For example, you may have several rows for “Status Report” to cover the different stakeholders who will be receiving it.
      • Owner (of the message)
      • Distribution (method)
      • (Level of) details
        • High/medium/low + headings
    4. Document your stakeholder analysis in the Requirements Gathering Communication Tracking Template.

    Communications plan template

    4.2.5 – 45 minutes

    Sample communications plan: Status reports

    Vehicle Audience Purpose Frequency Owner Distribution Level of Detail
    Communications Guidelines
    • Regardless of complexity, it is important not to overwhelm stakeholders with information that is not relevant to them. Sending more detailed information than is necessary might mean that it does not get read.
    • Distributing reports too widely may lead to people assuming that someone else is reading it, causing them to neglect reading it themselves.
    • Only distribute reports to the stakeholders who need the information. Think about what information that stakeholder requires to feel comfortable.

    Example: Identify and analyze stakeholders

    Sample communications plan: Status reports

    Vehicle Audience Purpose Frequency Owner Distribution Level of Detail
    Status Report Sponsor Project progress and deliverable status Weekly Project Manager Email

    Details for

    • Milestones
    • Deliverables
    • Budget
    • Schedule
    • Issues
    Status Report Line of Business VP Project progress Monthly Project Manager Email

    High Level for

    • Major milestone update

    Build your requirements gathering process implementation timeline

    4.2.6 – 45 minutes

    Input
    • Parking lot items
    Output
    • Implementation timeline
    Materials
    • Whiteboard
    • Markers
    • Sticky notes
    Participants
    • RGSC members

    Build a high-level timeline for the implementation.

    1. Collect the action items identified throughout the week in the “parking lot.”
    2. Individually or in groups, brainstorm any additional action items. Consider communication, additional training required, approvals, etc.
      • Write these on sticky notes and add them to the parking lot with the others.
    3. As a group, start organizing these notes into logical groupings.
    4. Assign each of the tasks to a person or group.
    5. Identify any risks or dependencies.
    6. Assign each of the tasks to a timeline.
    7. Following the exercise, the facilitator will convert this into a Gantt chart using the roadmap for requirements gathering action plan.

    Step 3: Organize the action items into logical groupings

    4.2.6 – 45 minutes

    The image shows a board with 5 categories: Documentation, Approval, Communication, Process, and Training. There are groups of post-it notes under each category title.

    Steps 4-6: Organize the action items into logical groupings

    4.2.6 – 45 minutes

    This image shows a chart with Action Items to be listed in the left-most column, Person or Group Responsible in the next column, Risks/Dependencies in the next columns, and periods of time (i.e. 1-3 months, 2-6 months, etc.) in the following columns. The chart has been partially filled in as an exemplar.

    Recalculate the selected requirements gathering metrics

    Measure and monitor the benefits of requirements gathering optimization.

    • Reassess the list of selected and captured requirements management metrics.
    • Recalculate the metrics and analyze any changes. Don’t expect a substantial result after the first attempt. It will take a while for BAs to adjust to the Info-Tech Requirements Gathering Framework. After the third project, results will begin to materialize.
    • Understand that the project complexity and business significance will also affect how long it takes to see results. The ideal projects to beta the process on would be of low complexity and high business significance.
    • Realize that poor requirements gathering can have negative effects on the morale of BAs, IT, and project managers. Don’t forget to capture the impact of these through surveys.

    Major KPIs typically used for benchmarking include:

    • Number of application bugs/defects (for internally developed applications).
    • Number of support requests or help desk tickets for the application, controlled for user deployment levels.
    • Overall project cycle time.
    • Overall project cost.
    • Requirements gathering as a percentage of project time.

    Revisit the requirements gathering metrics selected in the planning phase and recalculate them after requirements gathering optimization has been attempted.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.2.1; 4.2.2; 4.2.3 – Build a requirements gathering steering committee

    The analyst will facilitate the discussion to define the purpose statement of the steering committee, build the participation list and authority matrix for its members, and define the procedures and agenda.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    4.2.4 Identify and analyze stakeholders

    An analyst will facilitate the discussion on how to identify the impact and level of resistance of all stakeholders to come up with the communication plan.

    4.2.5 Create a communications management plan

    An analyst will assist the team in building the communications management plan based on the stakeholders’ needs that were outlined in the stakeholder analysis exercise.

    4.2.6 Build a requirements gathering implementation timeline

    An analyst will facilitate a session to brainstorm and document any action items and build a high-level timeline for implementation.

    Insight breakdown

    Requirements gathering SOPs should be prescriptive based on project complexity.

    • Complex projects will require more analytical rigor. Simpler projects can be served by more straightforward techniques such as user stories.

    Requirements gathering management tools can be pricy, but they can also be beneficial.

    • Requirements gathering management tools are a great way to have full control over recording, analyzing, and categorizing requirements over complex projects.

    BAs can make or break the execution of the requirements gathering process.

    • A strong process still needs to be executed well by BAs with the right blend of skills and knowledge.

    Summary of accomplishment

    Knowledge Gained

    • Best practices for each stage of the requirements gathering framework:
      • Elicitation
      • Analysis
      • Validation
    • A clear understanding of BA competencies and skill sets necessary to successfully execute the requirements gathering process.

    Processes Optimized

    • Stakeholder identification and management.
    • Requirements elicitation, analysis, and validation.
    • Requirements gathering governance.
    • Change control processes for new requirements.
    • Communication processes for requirements gathering.

    Deliverables Completed

    • SOPs for requirements gathering.
    • Project level selection framework.
    • Communications framework for requirements gathering.
    • Requirements documentation standards.

    Organizations and experts who contributed to this research

    Interviews

    • Douglas Van Gelder, IT Manager, Community Development Commission of the County of Los Angeles
    • Michael Lyons, Transit Management Analyst, Metropolitan Transit Authority
    • Ken Piddington, CIO, MRE Consulting
    • Thomas Dong, Enterprise Software Manager, City of Waterloo
    • Chad Evans, Director of IT, Ontario Northland
    • Three anonymous contributors

    Note: This research also incorporates extensive insights and feedback from our advisory service and related research projects.

    Bibliography

    “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint Software Systems, 2012. Web.

    “BPM Definition.” BPMInstitute.org, n.d. Web.

    “Capturing the Value of Project Management.” PMI’s Pulse of the Profession, 2015. Web.

    Eby, Kate. “Demystifying the 5 Phases of Project Management.” Smartsheet, 29 May 2019. Web.

    “Product Management: MoSCoW Prioritization.” ProductPlan, n.d. Web.

    “Projects Delivered on Time & on Budget Result in Larger Market Opportunities.” Jama Software, 2015. Web.

    “SIPOC Table.” iSixSigma, n.d. Web.

    “Survey Principles.” University of Wisconsin-Madison, n.d. Web.

    “The Standish Group 2015 Chaos Report.” The Standish Group, 2015. Web.

    Drive Technology Adoption

    • Buy Link or Shortcode: {j2store}111|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    The project isn’t over if the new product or system isn’t being used. How do you ensure that what you’ve put in place isn’t going to be ignored or only partially adopted? People are more complicated than any new system and managing them through the change needs careful planning.

    Our Advice

    Critical Insight

    Cultivating a herd mentality, where people adopt new technology merely because everyone else is, is an important goal in getting the bulk of users using the new product or system. The herd needs to gather momentum though and this can be done by using the more tech-able and enthused to lead the rest on the journey. Identifying and engaging these key resources early in the process will greatly assist in starting the flow.

    Impact and Result

    While communication is key throughout, involving staff in proof-of-concept activities and contests and using the train-the-trainer techniques and technology champions will all start the momentum toward technology adoption. Group activities will address the bulk of users, but laggards may need special attention.

    Drive Technology Adoption Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive Technology Adoption – A brief deck describing how to encourage users to adopt newly implemented technology.

    This document will help you to ensure that newly implemented systems and technologies are correctly adopted by the intended recipients.

    • Drive Technology Adoption Storyboard
    [infographic]

    Further reading

    Drive Technology Adoption

    The project is over. The new technology is implemented. Now how do we make sure it's used?

    Executive Summary

    Your Challenge

    Technology endlessly changes and evolves. Similarly, business directions and requirements change, and these changes need to be supported by technology. Improved functionality and evolvement of systems, along with systems becoming redundant or unsupported, means that maintaining a static environment is virtually impossible.

    Enormous amounts of IT budget are allocated to these changes each year. But once the project is over, how do you manage that change and ensure the systems are being used? Planning your technology adoption is vital.

    Common Obstacles

    The obstacles to technology adoption can be many and various, covering a broad spectrum of areas including:

    • Reluctance of staff to let go of familiar processes and procedures.
    • Perception that any change will add complications but not add value, thereby hampering enthusiasm to adopt.
    • Lack of awareness of the change.
    • General fear of change.
    • Lack of personal confidence.

    Info-Tech’s Approach

    Start by identifying, understanding, categorizing, and defining barriers and put in place a system to:

    • Gain an early understanding of the different types of users and their attitudes to technology and change.
    • Review different adoption techniques and analyze which are most appropriate for your user types.
    • Use a “Follow the Leader” approach, by having technical enthusiasts and champions to show the way.
    • Prevent access to old systems and methods.

    Info-Tech Insight

    For every IT initiative that will be directly used by users, consider the question, “Will the final product be readily accepted by those who are going to use it?” There is no point in implementing a product that no one is prepared to use. Gaining user acceptance is much more than just ticking a box in a project plan once UAT is complete.

    The way change should happen is clear

    Prosci specializes in change. Its ADKAR model outlines what’s required to bring individuals along on the change journey.

    AWARENESS

    • Awareness means more than just knowing there’s a change occurring,
    • it means understanding the need for change.

    DESIRE

    • To achieve desire, there needs to be motivation, whether it be from an
    • organizational perspective or personal.

    KNOWLEDGE

    • Both knowledge on how to train during the transition and knowledge
    • on being effective after the change are required. This can only be done
    • once awareness and desire are achieved.

    ABILITY

    • Ability is not knowledge. Knowing how to do something doesn’t necessarily translate to having the skills to do it.

    REINFORCEMENT

    • Without reinforcement there can be a tendency to revert.

    When things go wrong

    New technology is not being used

    The project is seen as complete. Significant investments have been made, but the technology either isn’t being used or is only partially in use.

    Duplicate systems are now in place

    Even worse. The failure to adopt the new technology by some means that the older systems are still being used. There are now two systems that fail to interact; business processes are being affected and there is widespread confusion.

    Benefits not being realized

    Benefits promised to the business are not being realized. Projected revenue increases, savings, or efficiencies that were forecast are now starting to be seen as under threat.

    There is project blowout

    The project should be over, but the fact that the technology is not being used has created a perception that the implementation is not complete and the project needs to continue.

    Info-Tech Insight

    People are far more complicated than any technology being implemented.

    Consider carefully your approach.

    Why does it happen?

    POOR COMMUNICATION

    There isn’t always adequate communications about what’s changing in the workplace.

    FEAR

    Fear of change is natural and often not rational. Whether the fear is about job loss or not being able to adapt to change; it needs to be managed.

    TRAINING

    Training can be insufficient or ineffective and when this happens people are left feeling like they don’t have the skills to make the change.

    LACK OF EXECUTIVE SUPPORT

    A lack of executive support for change means the change is seen as less important.

    CONFLICTING VIEWS OF CHANGE

    The excitement the project team and business feels about the change is not necessarily shared throughout the business. Some may just see the change as more work, changing something that already works, or a reason to reduce staff levels.

    LACK OF CONFIDENCE

    Whether it’s a lack of confidence generally with technology or concern about a new or changing tool, a lack of confidence is a huge barrier.

    BUDGETARY CONSTRAINTS

    There is a cost with managing people during a change, and budget must be allocated to allow for it.

    Communications

    Info-Tech Insight

    Since Sigmund Freud there has been endless work to understand people’s minds.
    Don’t underestimate the effect that people’s reactions to change can have on your project.

    This is a Kubler-ross change curve graph, plotting the following Strategies: Create Alignment; Maximize Communication; Spark Motivation; Develop Capability; Share Knowledge

    Communication plans are designed to properly manage change. Managing change can be easier when we have the right tools and information to adapt to new circumstances. The Kubler-Ross change curve illustrates the expected steps on the path to acceptance of change. With the proper communications strategy, each can be managed appropriately

    Analyst perspective

    Paul Binns – Principal Research Advisor, Info-Tech

    The rapidly changing technology landscape in our world has always meant that an enthusiasm or willingness to embrace change has been advantageous. Many of us have seen how the older generation has struggled with that change and been left behind.

    In the work environment, the events of the past two years have increased pressure on those slow to adopt as in many cases they couldn't perform their tasks without new tools. Previously, for example, those who may have been reluctant to use digital tools and would instead opt for face-to-face meetings, suddenly found themselves without an option as physical meetings were no longer possible. Similarly, digital collaboration tools that had been present in the market for some time were suddenly more heavily used so everyone could continue to work together in the “online world.”

    At this stage no one is sure what the "new normal" will be in the post-pandemic world, but what has been clearly revealed is that people are prepared to change given the right motivation.

    “Technology adoption is about the psychology of change.”
    Bryan Tutor – Executive Counsellor, Info-Tech

    The Fix

    • Categorize Users
      • Gain a clear understanding of your user types.
    • Identify Adoption Techniques
      • Understand the range of different tools and techniques available.
    • Match Techniques To Categories
      • Determine the most appropriate techniques for your user base.
    • Follow-the-Leader
      • Be aware of the different skills in your environment and use them to your advantage.
    • Refresh, Retrain, Restrain
      • Prevent reversion to old methods or systems.

    Categories

    Client-Driven Insight

    Consider your staff and industry when looking at the Everett Rogers curve. A technology organization may have less laggards than a traditional manufacturing one.

    In Everett Rogers’ book Diffusion of Innovations 5th Edition (Free Press, 2005), Rogers places adopters of innovations into five different categories.

    This is an image of an Innovation Adoption Curve from Everett Rogers' book Diffusion of Innovations 5th Edition

    Category 1: The Innovator – 2.5%

    Innovators are technology enthusiasts. Technology is a central interest of theirs, either at work, at home, or both. They tend to aggressively pursue new products and technologies and are likely to want to be involved in any new technology being implemented as soon as possible, even before the product is ready to be released.

    For people like this the completeness of the new technology or the performance can often be secondary because of their drive to get new technology as soon as possible. They are trailblazers and are not only happy to step out of their comfort zone but also actively seek to do so.

    Although they only make up about 2.5% of the total, their enthusiasm, and hopefully endorsement of new technology, offers reassurance to others.

    Info-Tech Insight

    Innovators can be very useful for testing before implementation but are generally more interested in the technology itself rather than the value the technology will add to the business.

    Category 2: The Early Adopter – 13.5%

    Whereas Innovators tend to be technologists, Early Adopters are visionaries that like to be on board with new technologies very early in the lifecycle. Because they are visionaries, they tend to be looking for more than just improvement – a revolutionary breakthrough. They are prepared to take high risks to try something new and although they are very demanding as far as product features and performance are concerned, they are less price-sensitive than other groups.

    Early Adopters are often motivated by personal success. They are willing to serve as references to other adopter groups. They are influential, seen as trendsetters, and are of utmost importance to win over.

    Info-Tech Insight

    Early adopters are key. Their enthusiasm for technology, personal drive, and influence make them a powerful tool in driving adoption.

    Category 3: The Early Majority – 34%

    This group is comprised of pragmatists. The first two adopter groups belong to early adoption, but for a product to be fully adopted the mainstream needs to be won over, starting with the Early Majority.

    The Early Majority share some of the Early Adopters’ ability to relate to technology. However, they are driven by a strong sense of practicality. They know that new products aren’t always successful. Consequently, they are content to wait and see how others fare with the technology before investing in it themselves. They want to see well-established references before adopting the technology and to be shown there is no risk.

    Because there are so many people in this segment (roughly 34%), winning these people over is essential for the technology to be adopted.

    Category 4: The Late Majority – 34%

    The Late Majority are the conservatives. This group is generally about the same size as the Early Majority. They share all the concerns of the Early Majority; however, they are more resistant to change and are more content with the status quo than eager to progress to new technology. People in the Early Majority group are comfortable with their ability to handle new technology. People in the Late Majority are not.

    As a result, these conservatives prefer to wait until something has become an established standard and take part only at the end of the adoption period. Even then, they want to see lots of support and ensure that there is proof there is no risk in them adopting it.

    Category 5: The Laggard – 16%

    This group is made up of the skeptics and constitutes 16% of the total. These people want nothing to do with new technology and are generally only content with technological change when it is invisible to them. These skeptics have a strong belief that disruptive new technologies rarely deliver the value promised and are almost always worried about unintended consequences.

    Laggards need to be dealt with carefully as their criticism can be damaging and without them it is difficult for a product to become fully adopted. Unfortunately, the effort required for this to happen is often disproportional to the size of the group.

    Info-Tech Insight

    People aren’t born laggards. Technology projects that have failed in the past can alter people’s attitudes, especially if there was a negative impact on their working lives. Use empathy when dealing with people and respect their hesitancy.

    Adoption Techniques

    Different strokes for different folks

    Technology adoption is all about people; and therefore, the techniques required to drive that adoption need to be people oriented.

    The following techniques are carefully selected with the intention of being impactful on all the different categories described previously.

    Technology Adoption: Herd Mentality; Champions; Force; Group Training; One-on-One; Contests; Marketing; Proof of Concept; Train the Trainer

    There are multitudes of different methods to get people to adopt new technology, but which is the most appropriate for your situation? Generally, it’s a combination.

    Technology Adoption: Herd Mentality; Champions; Force; Group Training; One-on-One; Contests; Marketing; Proof of Concept; Train the Trainer

    Train the Trainer

    Use your staff to get your message across.

    Abstract

    This technique involves training key members of staff so they can train others. It is important that those selected are strong communicators, are well respected by others, and have some expertise in technology.

    Advantages

    • Cost effective
    • Efficient dissemination of information
    • Trusted internal staff

    Disadvantages

    • Chance of inconsistent delivery
    • May feel threatened by co-worker

    Best to worst candidates

    • Early Adopter: Influential trendsetters. Others receptive of their lead.
    • Innovator: Comfortable and enthusiastic about new technology, but not necessarily a trainer.
    • Early Majority: Tendency to take others’ lead.
    • Late Majority: Risk averse and tend to follow others, only after success is proven.
    • Laggard: Last to adopt usually. Unsuitable as Trainer.

    Marketing

    Marketing should be continuous throughout the change to encourage familiarity.

    Abstract

    Communication is key as people are comfortable with what is familiar to them. Marketing is an important tool for convincing adopters that the new product is mainstream, widely adopted and successful.

    Advantages

    • Wide communication
    • Makes technology appear commonplace
    • Promotes effectiveness of new technology

    Disadvantages

    • Reliant on staff interest
    • Can be expensive

    Best to worst candidates

    • Early Majority: Pragmatic about change. Marketing is effective encouragement.
    • Early Adopter: Receptive and interested in change. Marketing is supplemental.
    • Innovator: Actively seeks new technology. Does not need extensive encouragement.
    • Late Majority: Requires more personal approach.
    • Laggard: Resistant to most enticements.

    One-on-One

    Tailored for individuals.

    Abstract

    One-on-one training sometimes is the only way to train if you have staff with special needs or who are performing unique tasks.
    It is generally highly effective but inefficient as it only addresses individuals.

    Advantages

    • Tailored to specific need(s)
    • Only relevant information addressed
    • Low stress environment

    Disadvantages

    • Expensive
    • Possibility of inconsistent delivery
    • Personal conflict may render it ineffective

    Best to worst candidates

    • Laggard: Encouragement and cajoling can be used during training.
    • Late Majority: Proof can be given of effectiveness of new product.
    • Early Majority: Effective, but not cost efficient.
    • Early Adopter: Effective, but not cost-efficient.
    • Innovator: Effective, but not cost-efficient.

    Group Training

    Similar roles, attitudes, and abilities.

    Abstract

    Group training is one of the most common methods to start people on their journey toward new technology. Its effectiveness with the two largest groups, Early Majority and Late Majority, make it a primary tool in technology adoption.

    Advantages

    • Cost effective
    • Time effective
    • Good for team building

    Disadvantages

    • Single method may not work for all
    • Difficult to create single learning pace for all

    Best to worst candidates

    • Early Majority: Receptive. The formality of group training will give confidence.
    • Late Majority: Conservative attitude will be receptive to traditional training.
    • Early Adopter: Receptive and attentive. Excited about the change.
    • Innovator: Will tend to want to be ahead or want to move ahead of group.
    • Laggard: Laggards in group training may have a negative impact.

    Force

    The last resort.

    Abstract

    The transition can’t go on forever.

    At some point the new technology needs to be fully adopted and if necessary, force may have to be used.

    Advantages

    • Immediate full transition
    • Fixed delivery timeline

    Disadvantages

    • Alienation of some staff
    • Loss of faith in product if there are issues

    Best to worst candidates

    • Laggard: No choice but to adopt. Forces the issue.
    • Late Majority: Removes issue of reluctance to change.
    • Early Majority: Content, but worried about possible problems.
    • Early Adopter: Feel less personal involvement in change process.
    • Innovator: Feel less personal involvement in change process.

    Contests

    Abstract

    Contests can generate excitement and create an explorative approach to new technology. People should not feel pressured. It should be enjoyable and not compulsory.

    Advantages

    • Rapid improvement of skills
    • Bring excitement to the new technology
    • Good for team building

    Disadvantages

    • Those less competitive or with lower skills may feel alienated
    • May discourage collaboration

    Best to worst candidates

    • Early Adopter: Seeks personal success. Risk taker. Effective.
    • Innovator: Enthusiastic to explore limits of technology.
    • Early Majority: Less enthusiastic. Pragmatic. Less competitive.
    • Late Majority: Conservative. Not enthusiastic about new technology.
    • Laggard: Reluctant to get involved.

    Incentives

    Incentives don’t have to be large.

    Abstract

    For some staff, merely taking management’s lead is not enough. Using “Nudge” techniques to give that extra incentive is quite effective. Incentivizing staff either financially or through rewards, recognition, or promotion is a successful adoption technique for some.

    Advantages

    Encouragement to adopt from receiving tangible benefit

    Draws more attention to the new technology

    Disadvantages

    Additional expense to business or project

    Possible poor precedent for subsequent changes

    Best to worst candidates

    Early Adopter: Desire for personal success makes incentives enticing.

    Early Majority: Prepared to change, but extra incentive will assist.

    Late Majority: Conservative attitude means incentive may need to be larger.

    Innovator: Enthusiasm for new technology means incentive not necessary.

    Laggard: Sceptical about change. Only a large incentive likely to make a difference.

    Champions

    Strong internal advocates for your new technology are very powerful.

    Abstract

    Champions take on new technology and then use their influence to promote it in the organization. Using managers as champions to actively and vigorously promote the change is particularly effective.

    Advantages

    • Infectious enthusiasm encourages those who tend to be reluctant
    • Use of trusted internal staff

    Disadvantages

    • Removes internal staff from regular duties
    • Ineffective if champion not respected

    Best to worst candidates

    • Early Majority: Champions as references of success provide encouragement.
    • Late Majority: Management champions in particular are effective.
    • Laggard: Close contact with champions may be effective.
    • Early Adopter: Receptive of technology, less effective.
    • Innovator: No encouragement or promotion required.

    Herd Mentality

    Follow the crowd.

    Abstract

    Herd behavior is when people discount their own information and follow others. Ideally all adopters would understand the reason and advantages in adopting new technology, but practically, the result is most important.

    Advantages

    • New technology is adopted without question
    • Increase in velocity of adoption

    Disadvantages

    • Staff may not have clear understanding of the reason for change and resent it later
    • Some may adopt the change before they are ready to do so

    Best to worst candidates

    • Early Majority: Follow others’ success.
    • Late Majority: Likely follow an established proven standard.
    • Early Adopter: Less effective as they prefer to set trends rather than follow.
    • Innovator: Seeks new technology rather than following others.
    • Laggard: Suspicious and reluctant to change.

    Proof of Concepts

    Gain early input and encourage buy-in.

    Abstract

    Proof of concept projects give early indications of the viability of a new initiative. Involving the end users in these projects can be beneficial in gaining their support

    Advantages

    Involve adopters early on

    Valuable feedback and indications of future issues

    Disadvantages

    If POC isn’t fully successful, it may leave lingering negativity

    Usually, involvement from small selection of staff

    Best to worst candidates

    • Innovator: Strong interest in getting involved in new products.
    • Early Adopter: Comfortable with new technology and are influencers.
    • Early Majority: Less interest. Prefer others to try first.
    • Late Majority: Conservative attitude makes this an unlikely option.
    • Laggard: Highly unlikely to get involved.

    Match techniques to categories

    What works for who?

    This clustered column chart categorizes techniques by category

    Follow the leader

    Engage your technology enthusiasts early to help refine your product, train other staff, and act as champions. A combination of marketing and group training will develop a herd mentality. Finally, don’t neglect the laggards as they can prevent project completion.

    This is an inverted funnel chart with the output of: Change Destination. The inputs are: 16% Laggards; 34% Late Majority; 34% Early Majority; 13.3% Early Adopters; 2% Innovators

    Info-Tech Insight

    Although there are different size categories, none can be ignored. Consider your budget when dealing with smaller groups, but also consider their impact.

    Refresh, retrain, restrain

    We don’t want people to revert.

    Don’t assume that because your staff have been trained and have access to the new technology that they will keep using it in the way they were trained. Or that they won’t revert back to their old methods or system.

    Put in place methods to remove completely or remove access to old systems. Schedule refresh training or skill enhancement sessions and stay vigilant.

    Research Authors

    Paul Binns

    Paul Binns

    Principal Research Advisor, Info-Tech Research Group

    With over 30 years in the IT industry, Paul brings to his work his experience as a Strategic Planner, Consultant, Enterprise Architect, IT Business Owner, Technologist, and Manager. Paul has worked with both small and large companies, local and international, and has had senior roles in government and the finance industry.

    Scott Young

    Scott Young

    Principal Research Advisor, Info-Tech Research Group

    Scott Young is a Director of Infrastructure Research at Info-Tech Research Group. Scott has worked in the technology field for over 17 years, with a strong focus on telecommunications and enterprise infrastructure architecture. He brings extensive practical experience in these areas of specialization, including IP networks, server hardware and OS, storage, and virtualization.

    Related Info-Tech Research

    User Group Analysis Workbook

    Use Info-Tech’s workbook to gather information about user groups, business processes, and day-to-day tasks to gain familiarity with your adopters.

    Governance and Management of Enterprise Software Implementation

    Use our research to engage users and receive timely feedback through demonstrations. Our iterative methodology with a task list focused on the business’ must-have functionality allows staff to return to their daily work sooner.

    Quality Management User Satisfaction Survey

    This IT satisfaction survey will assist you with early information to use for categorizing your users.

    Master Organizational Change Management Practices

    Using a soft, empathetic approach to change management is something that all PMOs should understand. Use our research to ensure you have an effective OCM plan that will ensure project success.

    Bibliography

    Beylis, Guillermo. “COVID-19 accelerates technology adoption and deepens inequality among workers in Latin America and the Caribbean.” World Bank Blogs, 4 March 2021. Web.

    Cleland, Kelley. “Successful User Adoption Strategies.” Insight Voices, 25 Apr. 2017. Web.

    Hiatt, Jeff. “The Prosci ADKAR ® Model.” PROSCI, 1994. Web.

    Malik, Priyanka. “The Kübler Ross Change Curve in the Workplace.” whatfix, 24 Feb. 2022. Web.

    Medhaugir, Tore. “6 Ways to Encourage Software Adoption.” XAIT, 9 March 2021. Web.

    Narayanan, Vishy. “What PwC Australia learned about fast tracking tech adoption during COVID-19” PWC, 13 Oct. 2020. Web.

    Sridharan, Mithun. “Crossing the Chasm: Technology Adoption Lifecycle.” Think Insights, 28 Jun 2022. Web.

    More Articles …