Make the Case for Legacy Application Modernization

Revamp your business potential to improve agility, security, and user experience while reducing costs.

Analyst Perspective

An old application may have served us reliably, but it can prevent us from pursuing future business needs.

Legacy systems remain well-embedded in the fabric of many organizations' application portfolios. They were often custom-built to meet the needs of the business. Typically, these are core tools that the business leverages to accomplish its goals.

A legacy application becomes something we need to address when it no longer supports our business goals, is no longer supportable, bears an unsustainable ownership cost, or poses a threat to the organization's cybersecurity or compliance.

When approaching your legacy application strategy, you must navigate a complex web of business, stakeholder, software, hardware, resourcing, and financial decisions. To complicate matters, the full scope of required effort is not immediately clear. Years of development are embedded in these legacy applications, which must be uncovered and dealt with appropriately.

IT leaders require a proactive approach for evaluating the current state, developing a legacy application strategy, and executing in an agile manner. When coupled with a business case and communications strategy, the organization will have a clear decision-making framework that will maximize business outcomes and deliver value where needed.

Ricardo de Oliveira
Research Director, Enterprise Applications
Info-Tech Research Group

Executive Summary

Info-Tech Insight
Legacy modernization is a process, not a single event. Your modernization approach requires you to understand your landscape and decide on a path that minimizes business continuity risks, keeps investments under control, and is prepared for surprises but always has your final state in mind.

An approach to making the case for legacy application modernization

Understand Assess the challenges, lay out the reasons, define your legacy, and prepare to remove the barriers to modernization.
Assess Determine the benefits by business capability. Leverage APM foundations to select the candidate applications and prioritize.
Define Use the prioritized application list to drive the next steps to modernization.

Legacy application modernization is perceived as necessary to remain competitive

The 2022 State CIO Survey by NASCIO shows that legacy application modernization jumped from fifth to second in state CIO priorities.

"Be patient and also impatient. Patient because all states have a lot of legacy tech they are inheriting and government is NOT easy. But also, impatient because there is a lot to do - make your priorities clear but also find out what the CIO needs to accomplish those priorities."

Source: NASCIO, 2022

US government agencies feel pressured to deal with legacy applications

In fiscal year 2021, the US government planned to spend over $100 billion on information technology. Most of that was to be used to operate and maintain existing systems, including legacy applications, which can be both more expensive to maintain and more vulnerable to hackers. The Government Accountability Office (GAO) identified:

• 10 critical federal IT legacy systems
• In operation between 8 and 51 years
• Collectively cost $337 million per year to operate and maintain

Source: U.S. Government Accountability Office, 2021

Example: In banking, modern platforms are essential

Case Study

Delta takes off with a modernized blend of mainframes and cloud

INDUSTRY: Transportation
SOURCE: CIO Magazine, 2023

Phase 1: Make the Case for Legacy Application Modernization

Phase 1
1.1 Understand your challenges
1.2 Define legacy applications
1.3 Assess your barriers
1.4 Find the impacted capabilities
1.5 Define candidate applications
1.6 Now, Next, Later

This phase will walk you through the following activities:

• Understand your challenges with modernization
• Define legacy applications in your context
• Assess your barriers to modernization
• Find the impacted capabilities and their benefits
• Define candidate applications and dispositions

This phase involves the following participants:

• Application group leaders
• Individual application owners

Secure IT/OT Convergence

Create a holistic IT/OT security culture.

Analyst Perspective

Are you ready for secure IT/OT convergence?

IT/OT convergence is less of a convergence and more of a migration. The previously entirely separate OT ecosystem is migrating into the IT ecosystem, primarily to improve access via connectivity and to leverage other standard IT capabilities for economic benefit.

In the past, OT systems were engineered to be air gapped, relying on physical protection and with little or no security in design, (e.g. OT protocols without confidentiality properties). However, now, OT has become dependent on the IT capabilities of the organization, thus OT inherits IT’s security issues, that is, OT is becoming more vulnerable to attack from outside the system. IT/OT convergence is complex because the culture, policies, and rules of IT are quite foreign to OT processes such as change management, and the culture, policies, and rules of OT are likewise foreign to IT processes.

A secure IT/OT convergence can be conceived of as a negotiation of a strong treaty between two systems: IT and OT. The essential initial step is to begin with communication between IT and OT, followed by necessary components such as governing and managing OT security priorities and accountabilities, converging security controls between IT and OT environments, assuring compliance with regulations and standards, and establishing metrics for OT security.

Ida Siahaan Research Director, Security and Privacy Practice Info-Tech Research Group

Executive Summary

Info-Tech Insight

Returning to isolated OT is not beneficial for the organization, so IT and OT need to learn to collaborate, starting with communication to build trust and to overcome their differences. Next, negotiation is needed on components such as governance and management, security controls on OT environments, compliance with regulations and standards, and establishing metrics for OT security.

Consequences of unsecure IT/OT convergence

OT systems were built with no or little security design 90% of organizations that use OT experienced a security incident. (Fortinet, 2021. Ponemon, 2019.)

(Source: Fortinet, 2021.)

Lack of visibility 86% of OT security-related service engagements lack complete visibility of OT network in 2021 (90% in 2020, 81% in 2019). (Source: “Cybersecurity Year In Review” Dragos, 2022.)

The need for secure IT/OT convergence

Important Industrial Control System (ICS) cyber incidents

2000 Target: Australian sewage plant. Method: Insider attack. Impact: 265,000 gallons of untreated sewage released.	2012 Target: Middle East energy companies. Method: Shamoon. Impact: Overwritten Windows-based systems files.	2014 Target: German Steel Mill. Method: Spear-phishing. Impact: Blast furnace failed to shut down.	2017 Target: Middle East safety instrumented system (SIS). Method: TRISIS/TRITON. Impact: Modified SIS ladder logic.	2022 Target: Viasat’s KA-SAT network. Method: AcidRain. Impact: Significant loss of communication for the Ukrainian military, which relied on Viasat’s services.
1903 Target: Marconi wireless telegraph presentation. Method: Morse code. Impact: Fake message sent “Rats, rats, rats, rats. There was a young fellow of Italy, Who diddled the public quite prettily.”	2010 Target: Iranian uranium enrichment plant. Method: Stuxnet. Impact: Compromised programmable logic controllers (PLCs).	2013 Target: ICS supply chain. Method: Havex. Impact: Remote Access Trojan (RAT) collected information and uploaded data to command-and-control (C&C) servers	2016 Target: Ukrainian power grid. Method: BlackEnergy. Impact: For 1-6 hours, power outages for 230,000 consumers.	2021 Target: Colonial Pipeline. Method: DarkSide ransomware. Impact: Compromised billing infrastructure halted the pipeline operation.

(Source: US Department of Energy, 2018.

”Significant Cyber Incidents,” CSIS, 2022

MIT Technology Review, 2022.)

Info-Tech Insight

Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.

The Secure IT/OT Convergence Framework

Phases Plan Enhance Monitor & Optimize

Plan Outcomes Mapping business goals to IT/OT security goals RACI chart for priorities and accountabilities Compliance obligations register Readiness checklist Enhance Outcomes Security strategy for IT/OT convergence Risk management framework Security policies & procedures IR, DR, BCP Monitor & Optimize Outcomes Security awareness and training Security architecture and controls

Plan Benefits Improved flexibility and less divided IT/OT Improved compliance Enhance Benefits Increased strategic common goals Increased efficiency and versatility Monitor & Optimize Benefits Enhanced security Reduced costs

Plan

Initiate communication

Map organizational goals to IT/OT security goals

Input: Corporate, IT, and OT strategies

Output: Your goals for the security strategy

Materials: Secure IT/OT Convergence Requirements Gathering Tool

Participants: Executive leadership, OT leader, IT leader, Security leader, Compliance, Legal, Risk management

1. As a group, brainstorm organization goals.
   1. Review relevant corporate, IT, and OT strategies.
2. Record the most important business goals in the Secure IT/OT Convergence Requirements Gathering Tool. Try to limit the number of business goals to no more than 10 goals. This limitation will be critical to helping focus on your secure IT/OT convergence.
3. For each goal, identify one to two security alignment goals. These should be objectives for the security strategy that will support the identified organization goals.

Download the Secure IT/OT Convergence Requirements Gathering Tool

Record organizational goals

Refer to the Secure IT/OT Convergence Framework when filling in the following elements.

1. Record your identified organization goals in the Goals Cascade tab of the Secure IT/OT Convergence Requirements Gathering Tool.
2. For each of your organizational goals, identify IT alignment goals.
3. For each of your organizational goals, identify OT alignment goals.
4. For each of your organizational goals, select one to two IT/OT security alignment goals from the drop-down lists.

Establish scope and boundaries

It is important to know at the outset of the strategy: What are we trying to secure in IT/OT convergence ?
This includes physical areas we are responsible for, types of data we care about, and departments or IT/OT systems we are responsible for.

Record scope and boundaries

Refer to the Secure IT/OT Convergence Framework when filling in the following elements: Record your security-related organizational scope, physical location scope, IT systems scope, and OT systems scope in the Scope tab of the Secure IT/OT Convergence Requirements Gathering Tool. For each item scoped, give the rationale for including it in the comments column. Careful attention should be paid to any elements that are not in scope.

Plan

Define roles and responsibilities

Input: List of relevant stakeholders

Output: Roles and responsibilities for the secure IT/OT convergence program

Materials: Secure IT/OT Convergence RACI Chart Tool

Participants: Executive leadership, OT leader, IT leader, Security leader

There are many factors that impact an organization’s level of effectiveness as it relates to IT/OT convergence. How the two groups interact, what skill sets exist, the level of clarity around roles and responsibilities, and the degree of executive support and alignment are only a few. Thus, it is imperative in the planning phase to identify stakeholders who are:

• Responsible: The people who do the work to accomplish the activity; they have been tasked with completing the activity and/or getting a decision made.
• Accountable: The person who is accountable for the completion of the activity. Ideally, this is a single person and will often be an executive or program sponsor.
• Consulted: The people who provide information. This is usually several people, typically called subject matter experts (SMEs).
• Informed: The people who are updated on progress. These are resources that are affected by the outcome of the activities and need to be kept up to date.

Download the Secure IT/OT Convergence RACI Chart Tool

Define RACI Chart

Plan

Establish governance and build cross-functional team

To establish governance and build an IT/OT cross-functional team, it is important to understand the operation of OT systems and their interactions with IT within the organization, e.g. ad hoc, centralized, decentralized.

Info-Tech Insight

To determine IT/OT convergence maturity level, Info-Tech provides the IT/OT Convergence Self-Evaluation Tool.

Centralized security governance model example

Plan

Identify convergence elements and compliance obligations

Identify compliance obligations

Source: ENISA, 2013 DHS, 2009.

OT system has compliance obligations with industry regulations and security standards/regulations/guidelines. See the lists given. The lists are not exhaustive. OT system owner can use the standards/regulations/guidelines as a benchmark to determine and manage the security level provided by third parties. It is important to understand the various frameworks and to adhere to the appropriate compliance obligations, e.g. IEC/ISA 62443 - Security for Industrial Automation and Control Systems Series.

IEC/ISA 62443 - Security for Industrial Automation and Control Systems Series

(Source: Cooksley, 2021)

IEC/ISA 62443 is a comprehensive international series of standards covering security for ICS systems, which recognizes three roles, namely: asset owner, system integrator, and product manufacturer. In IEC/ISA 62443, requirements flow from the asset owner to the product manufacturer, while solutions flow in the opposite direction. For the asset owner who owns and operates a system, IEC 62443-2 enables defining target security level with reference to a threat level and using the standard as a benchmark to determine the current security level. For the system integrator, IEC 62443-3 assists to evaluate the asset owner’s requirements to create a system design. IEC 62443-3 also provides a method for verification that components provided by the product manufacturer are securely developed and support the functionality required.

Record your compliance obligations

Refer to the “Goals Cascade” tab of the Secure IT/OT Convergence Requirements Gathering Tool. Identify your compliance obligations. Most organizations have compliance obligations that must be adhered to. These can include both mandatory and voluntary obligations. Mandatory obligations include: Laws Government regulations Industry standards Contractual agreements Voluntary obligations include standards that the organization has chosen to follow for best practices and any obligations that are required to maintain certifications. Organizations will have many different compliance obligations. For the purposes of your secure IT/OT convergence, include only those that have OT security requirements. Record your compliance obligations, along with any notes, in your copy of the Secure IT/OT Convergence Requirements Gathering Tool. Refer to the “Compliance DB” tab for lists of standards/regulations/guidelines.

Plan

Assess readiness

Readiness checklist for secure IT/OT convergence

(Source: “Grid Modernization: Optimize Opportunities And Minimize Risks,” Info-Tech)

Enhance

Update security strategy

To update security strategy, it is important to actively encourage visible sponsorship across management and to provide regular updates.

(Source: NIST SP 800-82 Rev.3, “Guide to Operational Technology (OT) Security,” NIST, 2022.)

OT system life cycle is like the IT system life cycle, starting with architectural design and ending with decommissioning. Currently, IT only gets involved from installation or maintenance, so they may not fully understand the OT system. Therefore, if OT security is compromised, the same personnel who commissioned the OT system (e.g. engineering, electrical, and maintenance specialists) must be involved. Thus, it is important to have the IT team collaborate with the OT team in each stage of the OT system’s life cycle. Finally, it is necessary to have propositional sharing of responsibilities between IT leaders, security leaders, and OT leaders who have broader responsibilities.

Enhance

Update risk management framework

The need for asset and threat taxonomy

One of issues in IT/OT convergence is that OT systems focus on production, so IT solutions like security patching or updates may deteriorate a machine or take a machine offline and may not be applicable. For example, some facilities run with reliability of 99.999%, which only allows maximum of 5 minutes and 35 seconds or less of downtime per year. Managing risks requires an understanding of the assets and threats for IT/OT systems. Having a taxonomy of the assets and the threats cand help. Applying normal IT solutions to mitigate security risks may not be applicable in an OT environment, e.g. running an antivirus tool on OT system may remove essential OT operations files. Thus, this approach must be avoided; instead, systems must be rebuilt from golden images.

(Source: ENISA, 2018.)

Enhance

Update security policies and procedures

Policy hierarchy example

This example of a policy hierarchy features templates from Info-Tech’s Develop and Deploy Security Policies and Identify the Best Framework for Your Security Policies research.

Enhance

Update IR, DR, and BCP

A proactive approach to security is important, so actions such as updating and testing the incident response plan for OT are a must. (“Cybersecurity Year In Review” Dragos, 2022.)

1. Customize organizational chart for IT/OT IR, DR, BCP based on governance and management model.
   E.g. ad hoc, internal distributed, internal centralized, combined distributed, and decentralized. (Software Engineering Institute, 2003)
2. Adjust the authority of the new organizational chart and decide if it requires additional staffing.
   E.g. full authority, shared authority. (Software Engineering Institute, 2003)
3. Update IR plan, DR plan, and BCP for IT/OT convergence.
   E.g. incorporate zero trust principles for converge network
4. Testing updated IR plan, DR plan, and BCP.

Optimize

Implement awareness, induction, and cross-training

Awareness may not correspond to readiness

Certifications

One of issues in certification is the complexity on relevancy in topics with respect to roles and levels. An example solution is the European Union Agency for Cybersecurity (ENISA)’s approach to analyzing existing certifications by orientation, scope, and supporting bodies, grouped into specific certifications, relevant certifications, and safety certifications. Specific cybersecurity certification of ICS/SCADA Example: ISA-99/IEC 62443 Cybersecurity Certificate Program, GIAC Global Industrial Cyber Security Professional (GICSP), Certified SCADA Security Architect (CSSA), EC-Council ICS/SCADA Cybersecurity Training Course. Other relevant certification schemes Example: Network and Information Security (NIS) Driving License, ISA Certified Automation Professional (CAP), Industrial Security Professional Certification (NCMS-ISP). Safety Certifications Example: Board of Certified Safety Professionals (BCSP), European Network of Safety and Health Professional Organisations (ENSHPO).

(Source: ENISA, 2015.)

Optimize

Design and deploy converging security architecture and controls

IT/OT convergence architecture can be modeled as a layered structure based on security. In this structure, the bottom layer is referred as “OT High-Security Zone” and the topmost layer is “IT Low-Security Zone.” In this model, each layer has its own set of controls configured and acts like an additional layer of security for the zone underneath it. The data flows from the “OT High-Security Zone” to the topmost layer, the “IT Low-Security Zone,” and the traffic must be verified to pass to another zone based on the need-to-know principle. In the normal control flow within the “OT High-Security Zone” from level 3 to level 0, the traffic must be verified to pass to another level based on the principle of least privilege. Remote access (dotted arrow) is allowed under strict access control and change control based on the zero-trust principle with clear segmentation and a point for disconnection between the “OT High-Security Zone” and the “OT Low-Security Zone” This model simplifies the security process, as if the lower layers have been compromised, then the compromise can be confined on that layer, and it also prevents lateral movement as access is always verified.

(Source: “Purdue Enterprise Reference Architecture (PERA) model,” ISA-99.)

Off-the-shelf solutions

Getting the right recipe: What criteria to consider?

Visibility and Asset Management Passive data monitoring using various protocol layers, active queries to devices, or parsing configuration files of OT, IoT, and IT environments on assets, processes, and connectivity paths. Threat Detection, Mitigation, and Response (+ Hunting) Automation of threat analysis (signature-based, specification-based, anomaly-based, sandboxing) not only in IT but also in relevant environments, e.g. IoT, IIoT, and OT on assets, data, network, and orchestration with threat intelligence sharing and analytics. Risk Assessment and Vulnerability Management Risk scoring approach (qualitative, quantitative) based on variables such as behavioral patterns and geolocation. Patching and vulnerability management. Usability, Architecture, Cost The user and administrative experience, multiple deployment options and extensive integration capabilities, and affordability.

Optimize

Establish and monitor IT/OT security metrics for effectiveness and efficiency

Further information

Related Info-Tech Research

Build an Information Security Strategy Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations. This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current-state assessment, prioritizing initiatives, and building a security roadmap.

Preparing for Technology Convergence in Manufacturing Information technology (IT) and operational technology (OT) teams have a long history of misalignment and poor communication. Stakeholder expectations and technology convergence create the need to leave the past behind and build a culture of collaboration.

Implement a Security Governance and Management Program Your security governance and management program needs to be aligned with business goals to be effective. This approach also helps provide a starting point to develop a realistic governance and management program. This project will guide you through the process of implementing and monitoring a security governance and management program that prioritizes security while keeping costs to a minimum.

Bibliography

Bibliography

Research Contributors and Experts

Jeff Campbell Manager, Technology Shared Services Horizon Power, AU Jeff Campbell has more than 20 years' experience in information security, having worked in both private and government organizations in education, finance, and utilities sectors. Having focused on developing and implementing information security programs and controls, Jeff is tasked with enabling Horizon Power to capitalize on IoT opportunities while maintaining the core security basics of confidentiality, integrity and availability. As Horizon Power leads the energy transition and moves to become a digital utility, Jeff ensures the security architecture that supports these services provides safer and more reliable automation infrastructures.

Christopher Harrington Chief Technology Officer (CTO) Carolinas Telco Federal Credit Union Frank DePaola Vice President, Chief Information Security Officer (CISO) Enpro Kwasi Boakye-Boateng Cybersecurity Researcher Canadian Institute for Cybersecurity

AI Trends Report 2023

The eight trends:

1. Design for AI
2. Event-Based Insights
3. Synthetic Data
4. Edge AI
5. AI in Science and Engineering
6. AI Reasoning
7. Digital Twin
8. Combinatorial Optimization

Design for AI

Sustainable AI system design needs to consider several aspects: the business application of the system, data, software and hardware, governance, privacy, and security.

It is important to define from the beginning how AI will be used by and for the application to clearly articulate business value, manage expectations, and set goals for the implementation.

Design for AI will change how we store and manage data and how we approach the use of data for development and operation of AI systems.

An AI system design approach should cover all stages of AI lifecycle, from design to maintenance. It should also support and enable iterative development of an AI system.

To take advantage of different tools and technologies for AI system development, deployment, and monitoring, the design of an AI system should consider software and hardware needs and design for seamless and efficient integrations of all components of the system and with other existing systems within the enterprise.

AI in Science and Engineering

AI helps sequence genomes to identify variants in a person’s DNA that indicate genetic disorders. It allows researchers to model and calculate complicated physics processes, to forecast the genesis of the universe’s structure, and to understand planet ecosystem to help advance the climate research. AI drives advances in drug discovery and can assist with molecule synthesis and molecular property identification.

AI finds application in all areas of science and engineering. The role of AI in science will grow and allow scientists to innovate faster.

AI will further contribute to scientific understanding by assisting scientists in deriving new insights, generating new ideas and connections, generalizing scientific concepts, and transferring them between areas of scientific research.

Using synthetic data and combining physical and machine learning models and other advances of AI/ML – such as graphs, use of unstructured data (language models), and computer vision – will accelerate the use of AI in science and engineering.

Event- and Scenario-Driven AI

AI-driven signal-gathering systems analyze a continuous stream of data to generate insights and predictions that enable strategic decision modeling and scenario planning by providing understanding of how and what areas of business might be impacted by certain events.

AI enables the scenario-based approach to drive insights through pattern identification in addition to familiar pattern recognition, helping to understand how events are related.

A system with anticipatory capabilities requires an event-driven architecture that enables gathering and analyzing different types of data (text, video, images) across multiple channels (social media, transactional systems, news feeds, etc.) for event-driven and event-sequencing modeling.

ML simulation-based training of the model using advanced techniques under the umbrella of Reinforcement Learning in conjunction with statistically robust Bayesian probabilistic framework will aid in setting up future trends in AI.

AI Reasoning

Most of the applications of machine learning and AI today is about predicting future behaviors based on historical data and past behaviors. We can predict what product the customer would most likely buy or the price of a house when it goes on sale.

Most of the current algorithms use the correlation between different parameters to make a prediction, for example, the correlation between the event and the outcome can look like “When X occurs, we can predict that Y will occur.” This, however, does not translate into “Y occurred because of X.”

The development of a causal AI that uses causal inference to reason and identify the root cause and the causal relationships between variables without mistaking correlation and causation is still in its early stages but rapidly evolving.

Some of the algorithms that the researchers are working with are casual graph models and algorithms that are at the intersection of causal inference with decision making and reinforcement learning (Causal Artificial Intelligence Lab, 2022).

Synthetic Data

Synthetic data is artificially generated data that mimics the structure of real-life data. It should also have the same mathematical and statistical properties as the real-world data that it is created to replicate.

Synthetic data is used to train machine learning models when there is not enough real data or the existing data does not meet specific needs. It allows users to remove contextual bias from data sets containing personal data, prevent privacy concerns, and ensure compliance with privacy laws and regulations.

Another application of synthetic data is solving data-sharing challenges.

Researchers learned that quite often synthetic data sets outperform real-world data. Recently, a team of researchers at MIT built a synthetic data set of 150,000 video clips capturing human actions and used that data set to train the model. The researchers found that “the synthetically trained models performed even better than models trained on real data for videos that have fewer background objects” (MIT News Office, 2022).

Today, synthetic data is used in language systems, in training self-driving cars, in improving fraud detection, and in clinical research, just to name a few examples.

Synthetic data opens the doors for innovation across all industries and applications of AI by enabling access to data for any scenario and technology and business needs.

Digital Twins

Digital twins (DT) are virtual replicas of physical objects, devices, people, places, processes, and systems. In Manufacturing, almost every product and manufacturing process can have a complete digital replica of itself thanks to IoT, streaming data, and cheap cloud storage.

All this data has allowed for complex simulations of, for example, how a piece of equipment will perform over time to predict future failures before they happen, reducing costly maintenance and extending equipment lifetime.

In addition to predictive maintenance, DT and AI technologies have enabled organizations to design and digitally test complex equipment such as aircraft engines, trains, offshore oil platforms, and wind turbines before physically manufacturing them. This helps to improve product and process quality, manufacturing efficiency, and costs. DT technology also finds applications in architecture, construction, energy, infrastructure industries, and even retail.

Digital twins combined with the metaverse provide a collaborative and interactive environment with immersive experience and real-time physics capabilities (as an example, Siemens presented an Immersive Digital Twin of a Plant at the Collision 2022 conference).

Future trends include enabling autonomous behavior of a DT. An advanced DT can replicate itself as it moves into several devices, hence requiring the autonomous property. Such autonomous behavior of the DT will in turn influence the growth and further advancement of AI.

Edge AI

A simple definition for edge AI: A combination of edge computing and artificial intelligence, it enables the deployment of AI applications in devices of the physical world, in the field, where the data is located, such as IoT devices, devices on the manufacturing floor, healthcare devices, or a self-driving car.

Edge AI integrates AI into edge computing devices for quicker and improved data processing and smart automation.

The main benefits of edge AI include:

• Real-time data processing capabilities to reduce latency and enable near real-time analytics and insights.
• Reduced cost and bandwidth requirements as there is no need to transfer data to the cloud for computing.
• Increased data security as the data is processed locally, on the device, reducing the risk of loss of sensitive data.
• Improved automation by training machines to perform automated tasks.

Edge AI is already used in a variety of applications and use cases including computer vision, geospatial intelligence, object detection, drones, and health monitoring devices.

Combinatorial Optimization

“Combinatorial optimization is a subfield of mathematical optimization that consists of finding an optimal object from a finite set of objects” (Wikipedia, retrieved December 2022).

Applications of combinatorial optimization include:

• Supply chain optimization
• Scheduling and logistics, for example, vehicle routing where the trucks are making stops for pickup and deliveries
• Operations optimization

Classical combinatorial optimization (CO) techniques were widely used in operations research and played a major role in earlier developments of AI.

The introduction of deep learning algorithms in recent years allowed researchers to combine neural network and conventional optimization algorithms; for example, incorporating neural combinatorial optimization algorithms in the conventional optimization framework. Researchers confirmed that certain combinations of these frameworks and algorithms can provide significant performance improvements.

The research in this space continues and we look forward to learning how machine learning and AI (backtracking algorithms, reinforcement learning, deep learning, graph attention networks, and others) will be used for solving challenging combinatorial and decision-making problems.

References

“AI Can Power Scenario Planning for Real-Time Strategic Insights.” The Wall Street Journal, CFO Journal, content by Deloitte, 7 June 2021. Accessed 11 Dec. 2022.
Ali Fdal, Omar. “Synthetic Data: 4 Use Cases in Modern Enterprises.” DATAVERSITY, 5 May 2022. Accessed
11 Dec. 2022.
Andrews, Gerard. “What Is Synthetic Data?” NVIDIA, 8 June 2021. Accessed 11 Dec. 2022.
Bareinboim, Elias. “Causal Reinforcement Learning.” Causal AI, 2020. Accessed 11 Dec. 2022.
Bengio, Yoshua, Andrea Lodi, and Antoine Prouvost. “Machine learning for combinatorial optimization: A methodological tour d’horizon.” European Journal of Operational Research, vol. 290, no. 2, 2021, pp. 405-421, https://doi.org/10.1016/j.ejor.2020.07.063. Accessed 11 Dec. 2022.
Benjamins, Richard. “Four design principles for developing sustainable AI applications.” Telefónica S.A., 10 Sept. 2018. Accessed on 11 Dec. 2022.
Blades, Robin. “AI Generates Hypotheses Human Scientists Have Not Thought Of.” Scientific American, 28 October 2021. Accessed 11 Dec. 2022.
“Combinatorial Optimization.” Wikipedia article, Accessed 11 Dec. 2022.
Cronholm, Stefan, and Hannes Göbel. “Design Principles for Human-Centred Artificial Intelligence.” University of Borås, Sweden, 11 Aug. 2022. Accessed on 11 Dec. 2022
Devaux, Elise. “Types of synthetic data and 4 real-life examples.” Statice, 29 May 2022. Accessed 11 Dec. 2022.
Emmental, Russell. “A Guide to Causal AI.” ITBriefcase, 30 March 2022. Accessed 11 Dec. 2022.
“Empowering AI Leadership: AI C-Suite Toolkit.” World Economic Forum, 12 Jan. 2022. Accessed 11 Dec 2022.
Falk, Dan. “How Artificial Intelligence Is Changing Science.” Quanta Magazine, 11 March 2019. Accessed 11 Dec. 2022.
Fritschle, Matthew J. “The Principles of Designing AI for Humans.” Aumcore, 17 Aug. 2018. Accessed 8 Dec. 2022.
Garmendia, Andoni I., et al. Neural Combinatorial Optimization: a New Player in the Field.” IEEE, arXiv:2205.01356v1, 3 May 2022. Accessed 11 Dec. 2022.
Gülen, Kerem. “AI Is Revolutionizing Every Field and Science is no Exception.” Dataconomy Media GmbH, 9 Nov. 9, 2022. Accessed 11 Dec. 2022
Krenn, Mario, et al. “On scientific understanding with artificial intelligence.” Nature Reviews Physics, vol. 4, 11 Oct. 2022, pp. 761–769. https://doi.org/10.1038/s42254-022-00518-3. Accessed 11 Dec. 2022.
Laboratory for Information and Decision Systems. “The real promise of synthetic data.” MIT News, 16 Oct. 2020. Accessed 11 Dec. 2022.
Lecca, Paola. “Machine Learning for Causal Inference in Biological Networks: Perspectives of This Challenge.” Frontiers, 22 Sept. 2021. Accessed 11 Dec. 2022. Mirabella, Lucia. “Digital Twin x Metaverse: real and virtual made easy.” Siemens presentation at Collision 2022 conference, Toronto, Ontario. Accessed 11 Dec. 2022. Mitchum, Rob, and Louise Lerner. “How AI could change science.” University of Chicago News, 1 Oct. 2019. Accessed 11 Dec. 2022.
Okeke, Franklin. “The benefits of edge AI.” TechRepublic, 22 Sept. 2022, Accessed 11 Dec. 2022.
Perlmutter, Nathan. “Machine Learning and Combinatorial Optimization Problems.” Crater Labs, 31 July 31, 2019. Accessed 11 Dec. 2022.
Sampson, Ovetta. “Design Principles for a New AI World.” UX Magazine, 6 Jan. 2022. Accessed 11 Dec. 2022.
Sgaier, Sema K., Vincent Huang, and Grace Charles. “The Case for Causal AI.” Stanford Social Innovation Review, Summer 2020. Accessed 11 Dec. 2022.
“Synthetic Data.” Wikipedia article, Accessed 11 Dec. 2022.
Take, Marius, et al. “Software Design Patterns for AI-Systems.” EMISA Workshop 2021, CEUR-WS.org, Proceedings 30. Accessed 11 Dec. 2022.
Toews, Rob. “Synthetic Data Is About To Transform Artificial Intelligence.” Forbes, 12 June 2022. Accessed
11 Dec. 2022.
Zewe, Adam. “In machine learning, synthetic data can offer real performance improvements.” MIT News Office, 3 Nov. 2022. Accessed 11 Dec. 2022.
Zhang, Junzhe, and Elias Bareinboim. “Can Humans Be out of the Loop?” Technical Report, Department of Computer Science, Columbia University, NY, June 2022. Accessed 11 Dec. 2022.

Contributors

Irina Sedenko Advisory Director Info-Tech	Anu Ganesh Technical Counselor Info-Tech	Amir Feizpour Co-Founder & CEO Aggregate Intellect Inc.	David Glazer VP of Analytics Kroll	Delina Ivanova Associate Director, Data & Analytics HelloFresh	Usman Lakhani DevOps WeCloudData

Infrastructure &Operations Priorities 2023

Navigate the liminal space between threats and opportunities.

2023: A liminal space between threats and opportunities

Introduction

Welcome to the Info-Tech 2023 I&O Priorities Report

Infrastructure & Operations priorities

The I&O priorities were determined by combining I&O member responses from the Tech Trends and Priorities 2023 survey with insightful signals from secondary research, economic markets, regulatory bodies, industry organizations, and vendors.

I&O Priorities 2023

I&O priorities framework

Challenge: Expand the I&O border

The hidden message in this report is that I&O priorities extend beyond the traditional scope of I&O functions. I&O members need to collaborate across functional areas to successfully address the priorities presented in this report. Info-Tech can help! Align your priorities with our material on how to Build a Business-Aligned IT Strategy. Use a modified version of the Strategy Initiative Template (next slide) to convey your strong opinion on the priorities you need your stakeholders to know about. And do so in a way that is familiar so they will easily understand.

Info-Tech 2023 Trends Survey Results

Call your Executive Advisor or Counselor to help identify the one or two key messages you want to bring forward for success in 2023!

Info-Tech IT Strategy Initiative Template, from the IT Strategy Presentation Template & Priorities Report Initiative Template .

Protect from threats

Get out of your silo. Forget your job description and just start doing what needs to be done.

Enhance I&O Cybersecurity

Produce ESG Reporting

Recession Readiness

Enhance cybersecurity response

SIGNALS

Enhance cybersecurity response

SIGNALS

Enhance cybersecurity response

SIGNALS

Enhance cybersecurity response

CALL TO ACTION

Get out of your I&O silo and form cross-functional cybersecurity teams.

I&O priority actions

Establish a cross-functional security steering committee to coordinate security processes and technologies. The complexity of managing security across modern applications, cloud, IoT, and network infrastructure that members operate is greater than ever before and requires coordinated teamwork.

Contain the cyber threat with zero trust (ZT) architecture. Extend ZT to network and critical infrastructure to limit exposure.

Leverage AI to build vigilant security intelligence. Smart I&O operators will make use of AI automation to augment their security technologies to help detect threats and contain security incidents on critical infrastructure.

Enhance cybersecurity response

I&O priority actions

Build specialized cybersecurity incident management protocols with your service desk. Build integrated security focused teams within service desk operations that continually test and improve security incident response protocols internally and with specialized security vendors. In some organizations, security incident response teams extend beyond traditional infrastructure into social media. Work cross-functionally to determine the risk exposure to misinformation and incident response procedures.

Treat lost or stolen equipment as a security incident. Develop hardware asset management protocols for tracking and reporting on these incidents and keep a record of equipment disposal. Implement tools that allow for remote deletion of data and report on lost or stolen equipment.

Produce ESG reporting

SIGNALS

Produce ESG reporting

SIGNALS

ESG mandates are being rolled out globally.

ESG reporting has greatly expanded since a 2017 report by Task Force on Climate-Related Financial Disclosures (TCFD, 2017) which recommended that organizations disclose climate-related financial metrics for investors to appropriately price climate-related risks to share price. In 2021, the Swiss Finance Institute research paper (Sautner, 2021) identified 29 countries that require ESG reporting, primarily for larger public companies, financial institutions, and state-owned corporations.

Global ESG mandates

29 nations with ESG mandates identified by the Swiss Finance Institute

Produce ESG reporting

SIGNALS

Produce ESG reporting

CALL TO ACTION

Being unprepared for new ESG reporting mandates without a clear and validated ESG reporting process puts your organization at risk.

I&O priority actions

Understand ESG risk exposure. Define the gap between what ESG reporting is required in your jurisdiction and current reporting capabilities to meet them. Build the I&O role with responsibility for ESG reporting.

Include vendors in ESG reporting. Review infrastructure facilities with landlords, utilities, and hosting providers to see if they can provide ESG reporting on sustainable power generation, then map it to I&O power consumption as part of their contractual obligations. Ask equipment vendors to provide ESG reporting on manufacturing materials and energy consumption to boot-strap data collection.

Implement a HAM process to track asset disposal and other types of e-waste. Update agreements with disposal vendors to get reporting on waste and recycle volumes.

Produce ESG reporting

I&O priority actions

Implement an ESG reporting framework. There are five major ESG reporting frameworks being used globally. Select one of the frameworks below that makes sense for your organization, and implement it.

ISO 14001 Environmental Management: Part of the ISO Technical Committee family of standards that allows your organization to understand its legal requirements to become certified in ESG.

Global Reporting Initiative (GRI) Sustainability Reporting Standards: GRI has been developing ESG reporting standards since 1997. GRI provides a modular ESG framework applicable to all sizes and sectors of organizations worldwide.

Principles for Responsible Investment: UN-developed framework for ESG reporting framework for disclosure in responsible investments.

Sustainability Accounting Standards Board (SASB): ESG report framework to be used by investors.

UN Global Compact: ESG reporting framework based on 10 principles that organizations can voluntarily contribute data to.

Implement a HAM process to track asset disposal and other types of e-waste. Update agreements with disposal vendors to get reports on waste and recycle volumes.

Recession readiness

SIGNALS

Recession readiness

SIGNALS

Recession readiness

SIGNALS

Tough choices on budgetary spends.

The responses indicated that I&O members expect decreased reinvestment for 2023 for the following:

• API programming (-21.7%)
• Cloud computing (-19.4%)
• 44% of I&O members indicated if 2023 requires costs cutting, 5-20% of their cloud computing investment will be at risk of the chopping block!
• Workforce management (-9.4%)
• No-code /low-code infrastructure (-5.3%)

Make sure you can clearly measure the value of all budgeted I&O activities.

Anything that can't demonstrate clear value to leadership is potentially on the chopping block.

Recession readiness

CALL TO ACTION

Get ahead of inflationary pressures with early budgetary planning, and identify the gap between the catch-up projects and required critical net new investments.

II&O priority actions

Hedge against inflation on infrastructure projects. Develop and communicate value-based strategies to lock in pricing and mitigate inflationary risk with vendors.

Communicate value-add on all I&O budgeted items. Define an infrastructure roadmap to highlight which projects are technical debt and which are new strategic investments, and note their value to the organization.

Look for cost saving technologies. Focus on I&O projects that automate services to increase productivity and optimize head count.

Realize opportunities

Build on a record of COVID-related innovation success and position the enterprise to take advantage of 2023.

AI governance: Watching the watchers

Data stewardship: Cornerstone of value

Prep for a brave new metaverse

AI governance: Watching the watchers

SIGNALS

AI governance: Watching the watchers

SIGNALS

AI governance: Watching the watchers

CALL TO ACTION

Establish I&O within an AI governance program to build trust in AI results and behaviors and limit legal exposure.

I&O priority actions

Define who has overall AI accountability for AI governance within I&O. This role is responsible for establishing strategic governance metrics over AI use and results, and identifying liability risks.

Maintain an inventory of AI use. Conduct an audit of where AI is used within I&O, and identify gaps in documentation and alignment with I&O processes and organizational values.

Define an I&O success map. Provide transparency of AI use by generating pseudo code of AI models, and scorecard AI decision making with expected predictions and behavioral actions taken.

AI governance: Watching the watchers

Manage bias in AI decision making. Work with AI technology vendors to identify how unethical bias can enter the results, using operational data sets for validation prior to rollout.

Protect AI data sets from manipulation. Generate new secure storage for AI technology audit trails on AI design making and results. Work with your security team to ensure data sets used by AI for training can’t be corrupted.

Data governance: Cornerstone of value

SIGNALS

Data governance: Cornerstone of value

SIGNALS

Approach to data analysis is primarily done in-house.

85% of surveyed I&O members are doing data analysis with custom-made or external tools. Interestingly, 10% of I&O members do not conduct any data analysis.

Members are missing a formal data governance process.

81% of surveyed I&O members do not have a formal or automated process for data governance. Ironically, 24% of members responded that they aim to have publicly accessible data-as-a-service or information repositories.

Despite investment in data initiatives, organizations carry high levels of data debt.

Info-Tech research, Establish Data Governance, points out that data debt, the accumulated cost associated with sub-optimal governance of data assets, is a problem for 78% of organizations.

What the enterprise expects out of enterprise storage is much more complicated in 2023.

Data protection and governance are non-negotiable aspects of enterprise storage, even when it’s unstructured.

Data governance: Cornerstone of value

SIGNALS

Data governance: Cornerstone of value

CALL TO ACTION

Develop a data governance program that includes an I&O data steward for oversight.

I&O priority actions

Establish an I&O data steward. Make data governance by establishing a data steward role with accountability for governance. The steward works collaboratively with DataOPs to control access to I&O data, enforce policies, and reduce the time to make use of the data.

Define a comprehensive storage architecture. If you thought you had a data sprawl problem before, wait until you see the volume of data generated from IoT and Web 3.0 applications. Get ahead of the problem by creating an infrastructure roadmap for structured and unstructured data storage.

Build a solid backbone for AI Operations using data quality best practices. Data quality is the foundation for generation of operational value from the data and artificial intelligence efforts. Focus on using a methodology to build a culture of data quality within I&O systems and applications that generate data rather than reactive fixes.

Look to partner with third-party vendors for your master data management (MDM) efforts. Modern MDM vendors can work with your existing data fabrics/lake and help leverage your data governance policies into the cloud.

Prep for a brave new metaverse

SIGNALS

From science fiction to science fact.

The term metaverse was coined in 1992 by Neal Stephenson and is a common theme in science fiction. For most I&O surveyed professionals, the term metaverse conjures up more confusion than clarity, as it’s not one place, but multiple metaverse worlds. The primordial metaverse was focused on multiplayer gaming and some educational experiences. It wasn’t until recently that it gained a critical mass in the fashion and entertainment industries with the use of non-fungible tokens (NFT). The pandemic created a unique opportunity for metaverse-related technologies to expand Web 3.0.

Related Info-Tech Research

• Into the Metaverse
• Establish a Foresight Capability
• Double Your Organization’s Effectiveness With a Digital Twin
• Adopt Blockchain for Supply Chain Transparency

Prep for a brave new metaverse

SIGNALS

Collaboration and beyond.

On one hand, metaverse technologies virtual reality(VR)/augmented reality (AR) headsets can be a method of collaborating internally within a single organization. About 10% of our surveyed I&O members engaged this type of collaborative metaverse in 2022, with another 24% looking to run proof of concept projects in 2023. However, there is a much larger terrain for metaverse projects outside of workforce collaboration, which 17% of surveyed I&O members are planning to engage with in 2023.

These are sophisticated new metaverse worlds, and digital twins of production environments are being created for B2B collaboration, operations, engineering, healthcare, architecture, and education that include the use of block chain, NFTs, smart contracts, and other Web 3.0 technologies

“They are the audiovisual bodies that people use to communicate with each other in the Metaverse.”

Neal Stephenson,
Snow Crash 1992

Prep for a brave new metaverse

SIGNALS

Metaverse requires multidimensional security.

Security in the context of the metaverse presents new challenges to I&O. The infrastructure that runs the metaverse is still vulnerable to “traditional” security threats. New attack vectors include financial and identity fraud, privacy and data loss, along with new cyber-physical threats which are predicted to occur as the metaverse begins to integrate with IoT and other 3D objects in the physical world.

The ultimate in "not a product" – the metaverse promises to be a hodgepodge of badly standardized technologies for the near future.

Be prepared to take care of pets and not cattle for the foreseeable future, but keep putting the fencing around the ranch.

Prep for a brave new metaverse

SIGNALS

Prep for a brave new metaverse

CALL TO ACTION

Ready or not, the metaverse is coming to an infrastructure near you. Start expanding I&O technologies and processes to support a metaverse infrastructure.

I&O priority actions

Develop a plan for network upgrades.

A truly immersive VR/AR experience requires very low latency. Identify gaps and develop a plan to enhance your network infrastructure surrounding your metaverse space(s) and end users.

Extend security posture into the metaverse.

Securing the infrastructure that runs your metaverse is going to extend the end-user equipment used to navigate it. More importantly, security policies need to encompass the avatars that navigate it and the spatial web that they interact with, which can include physical world items like IoT.

Prep for a brave new metaverse

I&O priority actions

Metaverse theft prevention

Leverage existing strategies to identify management in the metaverse. Privacy policies need to extend their focus to data loss prevention within the metaverse.

Collaborate

The skill set required to build, deploy, manage, and support the metaverse is complex. Develop a metaverse support organization that extends beyond I&O functions into security, DevOps, and end-user experiences.

Educate

Web 3.0 technologies and business models are complex. Education of I&O technical- and commerce-focused team members is going to help prevent you from getting blindsided. Seek out specialized training programs for technical staff and strategic education for executives, like the Wharton School of Business certification program.

Authors

John Annand Principal Research Director	Theo Antoniadis Principal Research Director	Contributors Paul Sparks, CTO at Brookshire Grocery Company 2 Anonymous Contributors
Figuring out the true nature of the “Turbo” button of his 486DX100 launched John on a 20-year career in managed services and solution architecture, exploring the secrets of HPC, virtualization, and DIY WANs built with banks of USR TotalControl modems. Today he focuses his research and advisory on software-defined infrastructure technologies, strategy, organization, and service design in an increasingly Agile and DevOps world.	Theo has decades of operational and project management experience with start-ups and multinationals across North America and Europe. He has held various consulting, IT management and operations leadership positions within telecommunications, SaaS, and software companies.

Bibliography

“3 Cybersecurity Trends that are Changing Financial Data Management." FIMA US. Accessed August 2022.
Arti. “While much of the world is just discovering the Metaverse, a number of universities have already established centers for studying Web 3." Analytics Insight. 10 July 2022.
“Artificial intelligence (AI) for cybersecurity." IBM. Accessed September 2022
“Business in the Metaverse Economy." Wharton School of University of Pennsylvania. Accessed October 2022.
“Cost of a data breach 2022: A million-dollar race to detect and respond." IBM. Accessed September 2022.
“Countries affected by mandatory ESG reporting – here’s the list." New Zealand Ministry of Business, Innovation & Employment. Accessed September 2022.
“Countries affected by mandatory ESG reporting – here’s the list.” WorldFavor. Accessed September 2022.
Crenshaw, Caroline A. “SEC Proposes to Enhance Disclosures by Certain Investment Advisers and Investment Companies About ESG Investment Practices." U.S. Securities and Exchange Commission. May 2022.
“Cutting through the metaverse hype: Practical guidance and use cases for business." Avanade. Accessed October 2022.
“Data Governance Global Market Sees Growth Rate Of 25% Through 2022." The Business Research Company. August 2022.
“DIRECTIVE 2014/95/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 22 October 2014 amending Directive 2013/34/EU as regards disclosure of non-financial and diversity information by certain large undertakings and groups." UER-Lex. Accessed September 2022.
"Ethically Aligned Design: A Vision for Prioritizing Human Well-being with Autonomous and Intelligent Systems." IEEE. March 2019.
“European Parliament resolution of 20 October 2020 with recommendations to the Commission on a civil liability regime for artificial intelligence." European Parliament. Accessed October 2022.
Ghose, Ronit et al. "Metaverse and Money." Citi GPS. March 2022.
Hernandez, Roberto, et al. “Demystifying the metaverse." PWC. Accessed August 2022.
Info-Tech Trends Report Survey, 2023; N=813.
“ISO 14000 Family: Environmental Management." ISO. Accessed October 2022.
Knight, Michelle & Bishop, Annie, ”The 2022 State of Cloud Data Governance.“ Zaloni DATAVERSITY. 2022.

Bibliography

Kompella, Kashyap, “What is AI governance and why do you need it?“ TechTarget. March 2022.
“Management of electronic waste worldwide in 2019, by method." Statista. 2022.
“Model Artificial Intelligence Governance Framework and Assessment Guide.“ World Economic Forum. Accessed September 2022.
“Model Artificial Intelligence Governance Framework." PDPC Singapore. Accessed October 2022.
“New rules on corporate sustainability reporting: provisional political agreement between the Council and the European Parliament.“ European Council. June 2022.
"OECD Economic Outlook Volume 2022." OECD iLibrary. June 2022.
"Recommendations of the Task Force on Climate-related Financial Disclosures." TCFD. Accessed August 2022.
“Risk of Global Recession in 2023 Rises Amid Simultaneous Rate Hikes.” World Bank Organization. September 2022.
Sautner, Zacharias, et al. “The Effects of Mandatory ESG Disclosure around the World.” SSRN. November 2021.
Sondergaard, Peter. “AI GOVERNANCE – WHAT ARE THE KPIS? AND WHO IS ACCOUNTABLE?“ The Sondergaard Group. November 2019.
Srivastavam Sudeep, “How can your business enter the Metaverse?." Appinventiv.
September 2022.
“Standards Overview." SASB. Accessed October 2022.
Stephenson, Neal. Snow Crash. Bantam Books, 1992.
“Sustainability Reporting Standards." Global Reporting Initiative. Accessed October 2022.
“The Ten Principles of the UN Global Compact." UN Global Compact. Accessed October 2022.
Tian Tong Lee, Sheryl. "China Unveils ESG Reporting Guidelines to Catch Peers.” Bloomberg. May 2022.
“What are the Principles for Responsible Investment?" UNPRI. Accessed October 2022.
"What is the EU's Corporate Sustainability Reporting Directive (CSRD)?" WorldFavor.
June 2022.
West, Darrell M. “Six Steps to Responsible AI in the Federal Government.“ Brookings Institution. March 2022. Web.

Considerations to Optimize Container Management

Design a custom reference architecture that meets your requirements.

Analyst Perspective

Containers have become popular as enterprises use DevOps to develop and deploy applications faster. Containers require managed services because the sheer number of containers can become too complex for IT teams to handle. Orchestration platforms like Kubernetes can be complex, requiring management to automatically deploy container-based applications to operating systems and public clouds. IT operations staff need container management skills and training.

Installing and setting up container orchestration tools can be laborious and error-prone. IT organizations must first implement the right infrastructure setup for containers by having a solid understanding of the scope and scale of containerization projects and developer requirements. IT administrators also need to know how parts of the existing infrastructure connect and communicate to maintain these relationships in a containerized environment. Containers can run on bare metal servers, virtual machines in the cloud, or hybrid configurations, depending on your IT needs

Nitin Mukesh
Senior Research Analyst, Infrastructure and Operations
Info-Tech Research Group

Executive Summary

Your challenge

Choosing the right container technology: IT is a rapidly changing and evolving market, with startups and seasoned technology vendors maintaining momentum in everything from container platforms to repositories to orchestration tools. The rapid evolution of container platform components such as orchestration, storage, networking, and system services such as load balancing has made the entire stack a moving target.

However, waiting for the industry to be standardized can be a recipe for paralysis, and waiting too long to decide on solutions and approaches can put a company's IT operations in catch-up mode.

Keeping containers secure: Security breaches in containers are almost identical to operating system level breaches in virtual machines in terms of potential application and system vulnerabilities. It is important for any DevOps team working on container and orchestration architecture and management to fully understand the potential vulnerabilities of the platforms they are using.

Optimize your infrastructure strategy for containers: One of the challenges enterprise IT operations management teams face when it comes to containers is the need to rethink the underlying infrastructure to accommodate the technology. While you may not want to embrace the public cloud for your critical applications just yet, IT operations managers will need an on-premises infrastructure so that applications can scale up and down the same way as they are containerized.

Common ways organizations use containers

A Separation of responsibilities
Containerization provides a clear separation of responsibilities as developers can focus on application logic and dependencies, while IT operations teams can focus on deployment and management instead of application details such as specific software versions and configurations.

B Workload portability
Containers can run almost anywhere: physical servers or on-premise data centers on virtual machines or developer machines, as well as public clouds on Linux, Windows, or Mac operating systems, greatly easing development and deployment.

“Lift and shift” existing applications into a modern cloud architecture. Some organizations even use containers to migrate existing applications to more modern environments. While this approach provides some of the basic benefits of operating system virtualization, it does not provide all the benefits of a modular, container-based application architecture.

C Application isolation
Containers virtualize CPU, memory, storage, and network resources at the operating system level, providing developers with a logically isolated view of the operating system from other applications.

Source: TechTarget, 2021

What are containers and why should I containerize?

A container is a partially isolated environment in which an application or parts of an application can run. You can use a single container to run anything from small microservices or software processes to larger applications. Inside the container are all the necessary executable, library, and configuration files. Containers do not contain operating system images. This makes them lighter and more portable with much less overhead. Large application deployments can deploy multiple containers into one or more container clusters (CapitalOne, 2020).

Containers have the following advantages:

• Reduce overhead costs: Because containers do not contain operating system images, they require fewer system resources than traditional or hardware virtual machine environments.
• Enhanced portability: Applications running in containers can be easily deployed on a variety of operating systems and hardware platforms.
• More consistent operations: DevOps teams know that applications in containers run the same no matter where they are deployed.
• Efficiency improvement: Containers allow you to deploy, patch, or scale applications faster.
• Develop better applications: Containers support Agile and DevOps efforts to accelerate development and production cycles.

Source: CapitalOne, 2020

Container on the cloud or on-premise?

Info-Tech Insight
Start-ups and small businesses that don't typically need to be closely connected to hardware can easily move (or start) to the cloud. Large (e.g. enterprise-class) companies and companies that need to manage and control local hardware resources are more likely to prefer an on-premises infrastructure. For enterprises, on-premises container deployments can serve as a bridge to full public cloud deployments or hybrid private/public deployments. The answer to the question of public cloud versus on premises depends on the specific needs of your business.

Container management

From container labeling that identifies workloads and ownership to effective reporting that meets the needs of different stakeholders across the organization, it is important that organizations establish an effective framework for container management.

Four key considerations for your container management strategy:

01 Container Image Supply Chain
How containers are built

02 Container Infrastructure and Orchestration
Where and how containers run together

03 Container Runtime Security and Policy Enforcement
How to make sure your containers only do what you want them to do

04 Container Observability
Runtime metrics and debugging

To effectively understand container management solutions, it is useful to define the various components that make up a container management strategy.

1: Container image supply chain

To run a workload as a container, it must first be packaged into a container image. The image supply chain includes all libraries or components that make up a containerized application. This includes CI/CD tools to test and package code into container images, application security testing tools to check for vulnerabilities and logic errors, registries and mirroring tools for hosting container images, and attribution mechanisms such as image signatures for validating images in registries.

Important functions of the supply chain include the ability to:

• Scan container images in registries for security issues and policy compliance.
• Verify in-use image hashes have been scanned and authorized.
• Mirror images from public registries to isolate yourself from outages in these services.
• Attributing images to the team that created them.

Source: Rancher, 2022

Info-Tech Insight
It is important to consider disaster recovery for your image registry. As mentioned above, it is wise to isolate yourself from registry disruptions. However, external registry mirroring is only one part of the equation. You also want to make sure you have a high availability plan for your internal registry as well as proper backup and recovery processes. A highly available, fault-tolerant container management platform is not just a runtime environment.

2: Container infrastructure and orchestration

Orchestration tools

Once you have a container image to run, you need a location to run it. That means both the computer the container runs on and the software that schedules it to run. If you're working with a few containers, you can make manual decisions about where to run container images, what to run with container images, and how best to manage storage and network connectivity. However, at scale, these kinds of decisions should be left to orchestration tools like Kubernetes, Swarm, or Mesos. These platforms can receive workload execution requests, determine where to run based on resource requirements and constraints, and then actually launch that workload on its target. And if a workload fails or resources are low, it can be restarted or moved as needed.

Source: DevOpsCube, 2022

Storage

Storage is another important consideration. This includes both the storage used by the operating system and the storage used by the container itself. First, you need to consider the type of storage you actually need. Can I outsource my storage concerns to a cloud provider using something like Amazon Relational Database Service instead? If not, do you really need block storage (e.g. disk) or can an external object store like AWS S3 meet your needs? If your external object storage service can meet your performance and durability requirements as well as your governance and compliance needs, you're in luck. You may not have to worry about managing the container's persistent storage. Many external storage services can be provisioned on demand, support discrete snapshots, and some even allow dynamic scaling on demand.

Networking

Network connectivity inside and outside the containerized environment is also very important. For example, Kubernetes supports a variety of container networking interfaces (CNIs), each providing different functionality. Questions to consider here are whether you can set traffic control policies (and the OSI layer), how to handle encryption between workloads and between workloads and external entities, and how to manage traffic import for containerized workloads. The impact of these decisions also plays a role on performance.

Backups

Backups are still an important task in containerized environments, but the backup target is changing slightly. An immutable, read-only container file system can be recreated very easily from the original container image and does not need to be backed up. Backups or snapshots on permanent storage should still be considered. If you are using a cloud provider, you should also consider fault domain and geo-recovery scenarios depending on the provider's capabilities. For example, if you're using AWS, you can use S3 replication to ensure that EBS snapshots can be restored in another region in case of a full region outage.

3: Container runtime security and policy enforcement

Ensuring that containers run in a place that meets the resource requirements and constraints set for them is necessary, but not sufficient. It is equally important that your container management solution performs continuous validation and ensures that your workloads comply with all security and other policy requirements of your organization. Runtime security and policy enforcement tools include a function for detecting vulnerabilities in running containers, handling detected vulnerabilities, ensuring that workloads are not running with unnecessary or unintended privileges, and ensuring that only other workloads that need to be allowed can connect.

One of the great benefits of (well implemented) containerized software is reducing the attackable surface of the application. But it doesn't completely remove it. This means you need to think about how to observe running applications to minimize security risks. Scanning as part of the build pipeline is not enough. This is because an image without vulnerabilities at build time can become a vulnerable container because new flaws are discovered in its code or support libraries. Instead, some modern tools focus on detecting unusual behavior at the system call level. As these types of tools mature, they can make a real difference to your workload’s security because they rely on actual observed behavior rather than up-to-date signature files.

4: Container observability

What’s going on in there?

Finally, if your container images are being run somewhere by orchestration tools and well managed by security and policy enforcement tools, you need to know what your containers are doing and how well they are doing it. Orchestration tools will likely have their own logs and metrics, as will networking layers, and security and compliance checking tools; there is a lot to understand in a containerized environment. Container observability covers logging and metrics collection for both your workloads and the tools that run them.

One very important element of observability is the importance of externalizing logs and metrics in a containerized environment. Containers come and go, and in many cases the nodes running on them also come and go, so relying on local storage is not recommended.

The importance of a container management strategy

A container management platform typically consists of a variety of tools from multiple sources. Some container management software vendors or container management services attempt to address all four key components of effective container management. However, many organizations already have tools that provide at least some of the features they need and don't want to waste existing licenses or make significant changes to their entire infrastructure just to run containers.

When choosing tools from multiple sources, it's important to understand what needs each tool meets and what it doesn't. This holistic approach is necessary to avoid gaps and duplication of effort.

For example, scanning an image as part of the build pipeline and then rescanning the image while the container is running is a waste of CPU cycles in the runtime environment. Similarly, using orchestration tools and separate host-based agents to aggregate logs or metrics can waste CPU cycles as well as storage and network resources.

Planning a container management strategy

Source: Kubernetes, 2022; Rancher, 2022

Infrastructure considerations

It's important to describe your organization’s current and future infrastructure strategy and how it fits into your container management strategy. It’s all basic for now, but if you plan to move to a virtual machine or cloud provider next year, your container management solution should be able to adapt to your environment now and in the future. Similarly, if you’ve already chosen a public cloud, you may want to make sure that the tool you choose supports some of the cloud options, but full compatibility may not be an important feature.

Infrastructure considerations extend beyond computing. Choosing a container management platform should be compatible with the existing network infrastructure and storage capacity available to your organization. If you have existing policy enforcement, monitoring, and alerting tools, the ideal solution should be able to take advantage of them. Moving to containers can be a game changer for developers and operations teams, so continuing to use existing tools to reduce complexity where possible can save time and money.

Leverage the reference architecture to guide your container management strategy

Using the examples as a guide, complete the tool to strategize your container management

Download the Reference Architecture

Bibliography

Mell, Emily. “What is container management and why is it important?” TechTarget, April 2021.
https://www.techtarget.com/searchitoperations/definition/container-management-software#:~:text=A%20container%20management%20ecosystem%20automates,operator%20to%20keep%20up%20with

Conrad, John. “What is Container Orchestration?” CapitalOne, 24 August 2020.
https://www.capitalone.com/tech/cloud/what-is-container-orchestration/?v=1673357442624

Kubernetes. “Cluster Networking.” Kubernetes, 2022.
https://kubernetes.io/docs/concepts/cluster-administration/networking/

Rancher. “Comparing Kubernetes CNI Providers: Flannel, Calico, Canal, and Weave.” Rancher, 2022.
https://www.suse.com/c/rancher_blog/comparing-kubernetes-cni-providers-flannel-calico-canal-and-weave/

Wilson, Bob. “16 Best Container Orchestration Tools and Services.” DevopsCube, 5 January 2022.
https://devopscube.com/docker-container-clustering-tools/

Get the Most Out of Workday

In today’s connected world, the continuous optimization of enterprise applications to realize your digital strategy is key.

EXECUTIVE BRIEF

Analyst Perspective

Focus optimization on organizational value delivery.

HR, finance, and planning systems are the core foundation of enterprise resource systems (ERP) systems. These are core tools that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business.

Workday is expensive, benefits can be difficult to quantify, and optimization can be difficult to navigate. Over time, technology evolves, organizational goals change, and the health of these systems is often not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.

Too often organizations jump into selecting replacement systems without understanding the health of their systems. We can do better than this.

IT leaders need to take a proactive approach to continually monitor and optimize their enterprise applications. Strategically realign business goals, identify business application capabilities, complete a process assessment, evaluate user satisfaction, measure module satisfaction, and improve vendor relations to create an optimization plan that will drive a cohesive technology strategy that delivers results.

Lisa Highfield

Research Director, Enterprise Applications

Info-Tech Research Group

Executive Summary

Your Challenge

Your Workday systems are critical to supporting the organization’s business processes. They are expensive. Direct benefits and ROI can be hard to measure.

Workday application portfolios are often behemoths to support. With complex integration points and unique business processes, stabilization is the norm.

Application optimization is essential to staying competitive and productive in today’s digital environment.

Common Obstacles

Balancing optimization with stabilization is one of the most difficult decisions for Workday application leaders.

Competing priorities and often unclear enterprise application strategies make it difficult to make decisions about what, how, and when to optimize.

Enterprise applications involve large numbers of processes, users, and evolving vendor roadmaps.

Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand.

Info-Tech's Approach

In today’s changing world, it is imperative to evaluate your applications for optimization and to look for opportunities to capitalize on rapidly expanding technologies, integrated data, and employee solutions that meet the needs of your organization.

Assess your Workday applications and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.

Validate capabilities, user satisfaction, and issues around data, vendor management, and costs to build out an overall roadmap and optimization strategy.

Pull this all together to prioritize optimization efforts and develop a concrete roadmap.

Info-Tech Insight

Workday is investing heavily in expanding and deepening its finance and expanded product offerings, but we cannot stand still on our optimization efforts. Understand your product(s), processes, user satisfaction, integration points, and the availability of data to business decision makers. Examine these areas to develop a personalized Workday optimization roadmap that fits the needs of your organization. Incorporate these methodologies into an ongoing optimization strategy aimed at enabling the business, increasing productivity, and reducing costs.

Insight summary

Continuous assessment and optimization of your Workday ERP is critical to the success of your organization.

• Applications and the environments in which they live are constantly evolving.
• This blueprint provides business and application managers with a method to complete a health assessment of their Workday systems to identify areas for improvement and optimization.
• Put optimization practices into effect by:
  • Aligning and prioritizing key business and technology drivers.
  • Identifying ERP process classification and performing a gap analysis.
  • Measuring user satisfaction across key departments.
  • Evaluating vendor relations.
  • Understanding how data plays into the mix.
  • Pulling it all together into an optimization roadmap.

Workday enterprise resource planning (ERP) facilitates the flow of information across business units. It allows for the seamless integration of data across financial and people systems to create a holistic view of the enterprise to support decision making.

In many organizations, Workday is considered the core people systems and is becoming more widely adopted for finance and a full ERP system.

ERP systems are considered the lifeblood of organizations. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.

Workday enterprise resource planning (ERP)

Workday

• Finance
• Human Resources Management
• Talent and Performance
• Payroll and Workforce Management
• Employee Experience
• Student Information Systems
• Professional Services Automation
• Analytics and Reporting
• Spend Management
• Enterprise Planning

What is Workday?

Workday has many modules that work together to facilitate the flow of information across the business. Workday’s unique data platform allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making.

In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

Workday operates in many industry verticals and performs well in service organizations.

An ERP system:

• Automates processes, reducing the amount of manual, routine work.
• Integrates with core modules, eliminating the fragmentation of systems.
• Centralizes information for reporting from multiple parts of the value chain to a single point.

Workday Fast Facts

Product Description

• Workday offers HR, Finance, planning systems, and extended offerings. Workday prides itself on rapidly expanding its product portfolio to meet the needs of organizations in a changing world.
• The integrated cloud data model Workday has been built on allows for seamless end-to-end organizational data.
• Offerings include Financial Management, Human Capital Management, Workday Adaptive Planning, Spend Management, Talent Management, Payroll & Workforce Management, Analytics & Reporting, Student, Professional Services Automation, Platform & Product Extensions, Workday Peakon Employee Voice, and most recently VNDLY (contract and vendor management).

Evolution of Workday

Workday HCM 2006

Workday Financial Management 2007

Workday 10 (Finance & HCM) 2010

Workday Student (Higher Education) 2011

Workday Cloud (PAAS) 2017

Acquisition of Adaptive Insights 2018

Acquisition of VNDLY 2021

Vendor Description

• Workday was founded in 2005 by Aneel Bhusri and Dave Duffield (former PeopleSoft founder.)
• The platform-as-a-service (PaaS) bundles and modules are sold in a subscription model to customers.
• Workday has untaken several acquisitions in recent years to grow the product and invests in early-stage companies through Workday Ventures.
• Workday is publicly traded (2012); Nasdaq: WDAY.

Employees: 12,500

Headquarters: Pleasanton, CA

Website: workday.com

Founded: 2005

Presence: Global, Publicly Traded

Workday by the numbers

77%

77% of clients were satisfied with the product’s business value created. 78% of clients were satisfied that the cost is fair relative to value, and 95% plan to renew. (SoftwareReviews, 2022)

50% of Fortune 500

Workday has seen steady growth working with over 50% of Fortune 500 companies. 4,100 of those are HCM and finance customers. It has seen great success in service industries and has a 95% gross retention rate. (Diginomica)

40%

Workday reported a 40% year-over-year increase in Workday Financial Management deployments for both new and existing customers, as accelerated demand for Workday cloud-based continues. (Workday, June 2021)

Workday Finance

A great opportunity for Workday

Workday continues to invest in Workday Finance

• 35% of the Fortune 500 and 50% of the Fortune 50 use Workday HCM products (Seeking Alpha, 2019).
• The customer base for Workday Financial Management has increased from 45 in 2014 to 530 in 2019 with 9 Fortune 500 companies in the mix. This infers that Financial Management is a product that will drive future growth for Workday.

Recent Finance-Related Acquisitions

• Zimit - Quotation Management
• Stories.bi - Augmented Analytics
• Adaptive Insights - Business Planning
• SkipFlag - Machine Learning (AI)
• Platfora - Analytics
• VNDLY - Contractor and Vendor Management

Workday challenges and dissatisfaction

Workday challenges and dissatisfaction

Organizational

• Competing Priorities
• Lack of Strategy
• Budget Challenges

People and teams

• Knowledgeable Staff/Turnover
• Lack of Internal Skills
• Ability to Manage New Products
• Lack of Training

Technology

• Integration Issues
• Selecting Tools & Technology
• Keeping Pace With Technology Changes
• Update Challenges

Data

• Access to Data
• Data Literacy
• Data Hygiene
• One View of the Customer

Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.

Info-Tech Insight

While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.

Where are applications leaders focusing?

Big growth numbers

Year-over-year call topic requests

Enterprise Application Optimization - 124%

Product - 65%

Enterprise Application Selection - 76%

Agile - 79%

(Info-Tech case data, 2022; N=3,293)

We are seeing Applications leaders’ priorities change year over year, driven by a shift in their approach to problem solving. Leaders are moving from a process-centric approach to a collaborative approach that breaks down boundaries and brings teams together.

Other changes

Year-over-year call topic requests

Application Portfolio Management - 13%

Business Process Management - 4%

Software Development Lifecycle -25%

(Info-Tech case data, 2022; N=3,293)

Software development lifecycle topics are tactical point solutions. Organizations have been “shifting left” to tackle the strategic issues such as product vision and Agile mindset to optimize the whole organization.

Application optimization is risky without a plan

Avoid these common pitfalls:

• Not considering how this pays into the short-, medium-, and long-term ERP strategy.
• Not considering application optimization as a business and IT partnership, which requires the continuous formal engagement of all participants.
• Not having a good understanding of your current state, including integration points and data.
• Not adequately accommodating feedback and changes after digital applications are deployed and employed.
• Not treating digital applications as a motivator for potential future IT optimization efforts and incorporating digital assets in strategic business planning.
• Not involving department leads, management, and other subject-matter experts to facilitate the organizational change digital applications bring.

“A successful application optimization strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.” – Norelus, Pamidala, and Senti, 2020

Info-Tech’s methodology for getting the most out of your ERP

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Get the Most Out of Your Workday Workbook

Identify and prioritize your Workday optimization goals.

Application Portfolio Assessment

Assess IT-enabled user satisfaction across your Workday portfolio.

Key deliverable:

Workday Optimization Roadmap

Complete an assessment of processes, user satisfaction, data quality, and vendor management.

Case Study

MANAGED AP AUTOMATION with OneSource Virtual

TripAdvisor + OneSource

INDUSTRY: Travel

SOURCE: OneSource Virtual, 2017

Challenge

TripAdvisor needed a solution that would decrease administrative labor from its accounting department.

“We needed something that was already compatible with our Workday tenant, that didn’t require a lot of customizations and would be an enhancement to our processes.” – Director of Accounting Operations, Scott Garner

Requirements included:

• Easy implementation
• Existing system compatibility
• Enhancement to the company’s process
• Competitive pricing
• Secure

Solution

TripAdvisor chose to outsource its accounts payable services to OneSource Virtual (OSV).

OneSource Virtual offers the comprehensive finance and accounting outsourcing solutions needed to improve efficiency, eliminate paper processes, reduce errors, and improve cash flow.

Managed AP services include scanning and auditing all extracted invoice data for accuracy, transmitting AP files with line-item details from invoices, and creating full invoice images in Workday.

Results

• Accurate and timely invoice processing for over 3,000 invoices per month.
• Empowered employees to focus on higher-level tasks rather than day-to-day data entry.
• 50+ hours saved per week on routine data entry.
• Employees had 30% of their time freed up to focus on high-value tasks.
• Allowed TripAdvisor to become more scalable across departments and as an organization.

Info-Tech offers various levels of support to suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

Phase 1

Call #1: Scope requirements, objectives, and your specific challenge.

Phase 2

Call #2:

• Build the Workday team.
• Align organizational goals.

Call #3:

• Map current state.
• Inventory Workday capabilities and processes.
• Explore Workday-related costs.

Phase 3

Call #4: Understand product satisfaction and vendor management.

Call #5: Review APA results.

Call #6: Understand Workday optimization opportunities.

Call #7: Determine the right Workday path for your organization.

Phase 4

Call #8: Build out optimization roadmap and next steps.

Workshop Overview

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

Phase 1

Map Current-State Capabilities

Phase 1

1.1 Identify Stakeholders and Build Your Optimization Team

1.2 Build an ERP Strategy Model

1.3 Inventory Current System State

1.4 Define Optimization Timeframe

1.5 Understand Workday Costs

Phase 2

2.1 Assess Workday Capabilities

2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

Phase 3

3.1 Prioritize Optimization Opportunities

3.2 Discover Optimization Initiatives

Phase 4

4.1 Build Your Optimization Roadmap

This phase will guide you through the following activities:

• Align your organizational goals
• Gain a firm understanding of your current state
• Inventory Workday and related applications
• Confirm the organization’s capabilities

This phase involves the following participants:

• CFO
• Department Leads – Finance, Procurement, Asset Management
• Applications Director
• Senior Business Analyst
• Senior Developer
• Procurement Analysts

Step 1.1

Identify Stakeholders and Build Your Optimization Team

Activities

1.1.1 Identify Stakeholders Critical to Success

1.1.2 Map Your Workday Optimization Stakeholders

1.1.3 Determine Your Workday Optimization Team

Map Current State Capabilities

Step 1.1

Step 1.2

Step 1.3

Step 1.4

Step 1.5

This step will guide you through the following activities:

• Identify ERP drivers and objectives
• Explore ERP challenges and pain points
• Discover ERP benefits and opportunities
• Align the ERP foundation with your corporate strategy

This step involves the following participants:

• Stakeholders
• Project sponsors and leaders

Outcomes of this step

• Stakeholder map
• Workday optimization team

ERP optimization stakeholders

• Understand the roles necessary to Get the Most Out of Your Workday.
• Understand the role of each player within your project structure. Look for listed participants on the activities slides to determine when each player should be involved.

Info-Tech Insight

Do not limit project input or participation. Include subject-matter experts and internal stakeholders at stages within the project. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to create your ERP optimization strategy.

1.1.1 Identify Workday optimization stakeholders

1 hour

1. Hold a meeting to identify the Workday optimization stakeholders.
2. Use the next slide as a guide.

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Understand how to navigate the complex web of stakeholders in ERP

Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

Activity 1.1.2 Map your Workday optimization stakeholders

1 hour

1. Use the list of Workday optimization stakeholders.
2. Map each stakeholder on the quadrant based on their expected Influence and involvement in the project.

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Map the organization’s stakeholders

The Workday optimization team

Consider the core team functions when putting together the project team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, and Operations) to create a well-aligned ERP optimization strategy.

Don’t let your project team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units such as Human Resources, Operations, Manufacturing, Marketing, Sales, Service, and Finance as well as IT.

1.1.3 Determine your Workday optimization team

1 hour

1. Have the project manager and other key stakeholders discuss and determine who will be involved in the Workday optimization project.
   • The size of the team will depend on the initiative and size of your organization.
   • Key business leaders in key areas and IT representatives should be involved.

Note: Depending on your initiative and size of your organization, the size of this team will vary.

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Step 1.2

Build an ERP Strategy Model

Activities

1.2.1 Explore Organizational Goals and Business Needs

1.2.2 Discover Environmental Factors and Technology Drivers

1.2.3 Consider Potential Barriers to Achieving Workday Optimization

1.2.4 Set the Foundation for Success

1.2.5 Discuss Workday Strategy and Develop Your ERP Optimization Goals

Map Current State Capabilities

Step 1.1

Step 1.2

Step 1.3

Step 1.4

Step 1.5

This step will guide you through the following activities:

• Identify ERP drivers and objectives
• Explore ERP challenges and pain points
• Discover ERP benefits and opportunities
• Align the ERP foundation with the corporate strategy

This step involves the following participants:

• Workday Optimization Team

Outcomes of this step

• ERP business model
• Strategy alignment

Align your Workday strategy with the corporate strategy

Corporate Strategy

Your corporate strategy:

• Conveys the current state of the organization and the path it wants to take.
• Identifies future goals and business aspirations.
• Communicates the initiatives that are critical for getting the organization from its current state to the desired future state.

Unified ERP Strategy

• The ideal ERP strategy is aligned with overarching organizational business goals and broader IT initiatives.
• Include all affected business units and departments in these conversations.
• The ERP optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives.

IT Strategy

Your IT strategy:

• Communicates the organization’s budget and spending on ERP.
• Identifies IT initiatives that will support the business and key ERP objectives.
• Outlines staffing and resourcing for ERP initiatives.

ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just need to occur at the executive level but at each level of the organization.

ERP Business Model Template

Conduct interviews to elicit the business context

Stakeholder Interviews

Begin by conducting interviews of your executive team. Interview the following leaders:

1. Chief Information Officer
2. Chief Executive Officer
3. Chief Financial Officer
4. Chief Revenue Officer/Sales Leader
5. Chief Operating Officer/Supply Chain & Logistics Leader
6. Chief Technology Officer/Chief Product Officer

INTERVIEWS MUST UNCOVER:

1. Your organization’s mission & vision
2. Your organization’s top business goals
3. Your organization’s top business initiatives
4. The stakeholder’s top goals and initiatives
5. Tools and systems needed to facilitate organizational and departmental goals

Understand the mission, vision, and goals of the organization and supporting departments

Info-Tech Insight

One of the biggest drivers for ERP adoption is the ability to make quicker decisions from timely information. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.

1.2.1 Explore organizational goals and business needs

60 minutes

1. Discuss organizational mission, vision, and goals. What are the top initiatives underway? Are you contracting, expanding, or innovating?
2. Discuss business needs to support organizational goals. What are identified goals and initiatives at the departmental level? What tools and resources within the Workday system will help make this successful?
3. Understand how the company is running today and what the organization’s future will look like. Envision the future system state.

Record this information in the Get the Most Out of Your Workday Workbook.

Organizational Goals

• Organization’s mission and vision
• Top business goals
• Initiatives underway

Business Needs

• Departmental goals
• Business drivers
• Key initiatives
• Key capabilities to support the organization
• Requirements to support the business capability and process

Download the Get the Most Out of Your Workday Workbook

ERP Business Model

Organizational Goals

• Organization’s mission and vision
• Top business goals (~3)
• Initiatives underway
• KPIs and metrics that are important to the organization in achieving its goals and objectives

Business Needs

• Departmental goals
• Key initiatives
• Key capabilities to support the organization
• Tools and systems required to support business capability or process
• KPIs and metrics that are important to the department/stakeholder in achieving its goals and objectives

Understand the technology drivers and environmental factors

Info-Tech Insight

A comprehensive plan that takes into consideration organizational goals, departmental needs, technology drivers, and environmental factors will allow for a collaborative approach to defining your Workday strategy.

1.2.2 Discover environmental factors and technology drivers

30 minutes

1. Identify business drivers that are contributing to the organization’s need for ERP.
2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard or flip charts and markers to capture key findings.
3. Consider external considerations, organizational drivers, technology drivers, and key functional requirements.

Record this information in the Get the Most Out of Your Workday Workbook.

External Considerations

• Funding constraints
• Regulations

Technology Considerations

• Data accuracy
• Data quality
• Better reporting

Functional Requirements

• Information availability
• Integration between systems
• Secure data

Download the Get the Most Out of Your Workday Workbook

Create a realistic ERP foundation by identifying the challenges and barriers the project will bestow

There are several different factors that may stifle the success of an ERP implementation. Organizations that are creating an ERP foundation must scan their current environment to identify internal barriers and challenges.

Common Internal Barriers

1.2.3 Consider potential barriers to achieving Workday optimization

1-3 hours

1. Open tab 1.2, “Strategy & Goals,” in the Get the Most Out of Your Workday Workbook.
2. Identify barriers to ERP optimization success.
3. Review the ERP critical success factors and how they relate to your optimization efforts.
4. Discuss potential barriers to successful ERP optimization.

Record this information in the Get the Most Out of Your Workday Workbook.

Functional Gaps

• No online purchase order requisitions

Technical Gaps

• Inconsistent reporting – data quality concerns

Process Gaps

• Duplication of data
• Lack of system integration

Barriers to Success

• Cultural mindset
• Resistance to change
• Lack of training
• Funding

Download the Get the Most Out of Your Workday Workbook

ERP Business Model

Organizational Goals

• Efficiency
• Effectiveness
• Integrity
• One source of truth for data
• One team
• Customer service, external and internal

Barriers

• Organizational silos
• Lack of formal process documentation
• Funding availability
• What goes first? Organizational priorities

What does success look like?

Top 15 Critical Success Factors for ERP System Implementation

(Epizitone and Olugbara, 2019; CC BY 4.0)

Info-Tech Insight

Complement your ability to deliver on your critical success factors with the capabilities of your implementation partner to drive a successful ERP implementation.

“Implementation partners can play an important role in successful ERP implementations. They can work across the organizational departments and layers creating a synergy and a communications mechanism.” – Ayogeboh Epizitone, Durban University of Technology

1.2.3 Set the foundation for success

1-3 hours

1. Open tab 1.2, “Strategy & Goals,” in the Get the Most Out of Your Workday Workbook.
2. Identify barriers to ERP optimization success.
3. Review the ERP critical success factors and how they relate to your optimization efforts.
4. Discuss potential barriers to successful ERP optimization.

Record this information in the Get the Most Out of Your Workday Workbook.

Business Benefits

• Business-IT alignment

IT Benefits

• Compliance
• Scalability
• Operational efficiency

Organizational Benefits

• Data accuracy
• Data quality
• Better reporting

Enablers of Success

• Change management
• Training
• Alignment with strategic objectives

Download the Get the Most Out of Your Workday Workbook

ERP Business Model

Organizational Goals

• Efficiency
• Effectiveness
• Integrity
• One source of truth for data
• One team
• Customer service, external and internal

Enablers

• Cross-trained employees
• Desire to focus on value-add activities
• Collaborative
• Top-level executive support
• Effective change management process

The Business Value Matrix

Rationalizing and quantifying the value of Workday

Benefits can be realized internally and externally to the organization or department and have different drivers of value.

• Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.
• Human benefits refer to how an application can deliver value through a user’s experience.
• Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
• Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

Organizational Goals

Increased Revenue

Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

Reduced Costs

Reduction of overhead. The ways in which an application limits the operational costs of business functions.

Enhanced Services

Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

Reach Customers

Application functions that enable and improve the interaction with customers or produce market information and insights.

Business Value Matrix

1.2.4 Define your Workday strategy and optimization goals

30 minutes

1. Discuss the Workday business model exercises and ERP critical success factors.
2. Through the lens of corporate goals and objectives think about the supporting ERP technology. How can the ERP system bring value to the organization? What are the top things that will make this initiative a success? What major themes are emerging?
3. Develop five to ten optimization goals that will form the basis for the success of this initiative.
   • What is a strong statement that will help guide decision making throughout the life of the ERP project?
   • What are your overarching requirements for business processes?
   • What do you ultimately want to achieve?
   • What is a statement that will ensure all stakeholders are on the same page for the project?

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Workday strategy and optimization goals

Key Themes Emerging / Workday Strategy

• Efficiency
• Effectiveness
• Integrity
• One source of truth for data
• One team
• Customer service, external and internal

Optimization Goals

• Support Business Agility: A flexible and adaptable integrated business system providing a seamless user experience.
• Use ERP best practices: Do not recreate or replicate what we have today; focus on modernization. Exercise customization governance by focusing on those customizations that are strategically differentiating.
• Automate: Take manual work out where we can, empowering staff and improving productivity through automation and process efficiencies.
• Stay focused: Focus on scope around core business capabilities. Maintain scope control. Prioritize demand in line with the strategy.
• Strive for “One Source of Truth”: Unified data model and integrate processes where possible. Assess integration needs carefully.

Step 1.3

Inventory Current System State

Activities

1.3.1 Inventory Workday Applications and Interactions

1.3.2 Draw Your Workday System Diagram

1.3.3 Inventory Your Workday Modules and Business Capabilities (or Business Processes)

1.3.4 Define Your Key Workday Optimization Modules and Business Capabilities

Map Current-State Capabilities

Step 1.1

Step 1.2

Step 1.3

Step 1.4

Step 1.5

This step will guide you through the following activities:

• Inventory of applications
• Mapping interactions between systems

This step involves the following participants:

• Workday Optimization Team
• Enterprise Architect
• Data Architect

Outcomes of this step

• Systems inventory
• Systems diagram

1.3.1 Inventory Workday applications and interfaces

1-3+ hours

1. Enter your Workday systems, Workday extended applications, and integrated applications within scope.
2. Include any abbreviated names or nicknames.
3. List the application type or main function. List the modules the organization has licensed.
4. List any integrations.

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

ERP Data Flow

When assessing the current application portfolio that supports your ERP, the tendency will be to focus on the applications under the ERP umbrella. These relate mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from, ERP or similar applications.

1.3.2 Draw your Workday system diagram (optional)

1-3+ hours

1. From the Workday application inventory, diagram your network. Include:
   • Any internal or external systems
   • Integration points
   • Data flow

Download the Get the Most Out of Your Workday Workbook

Sample Workday and integrations map

Business capability map (Level 0)

In business architecture, the primary view of an organization is known as a business capability map.

A business capability defines what a business does to enable value creation, rather than how.

Business capabilities:

• Represent stable business functions.
• Are unique and independent of each other.
• Will typically have a defined business outcome.

A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

The value stream

Value stream defined:

Value Streams:

Design Product

• Manufacturers work proactively to design products and services that will meet consumer demand.
• Products are driven by consumer demand and government regulations.

Produce Product

• Production processes and labor costs are constantly analyzed for efficiencies and accuracies.
• Quality of product and services are highly regulated through all levels of the supply chain.

Sell Product

• Sales networks and sales staff deliver the product from the organization to the end consumer.
• Marketing plays a key role throughout the value stream connecting consumers’ wants and needs to the products and services offered.

Customer Service

• Relationships with consumers continue after the sale of products and services.
• Continued customer support and data mining is important to revenue streams.

Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates. There are two types of value streams: core value streams and support value streams.

• Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
• Support value streams are internally facing and provide the foundational support for an organization to operate.

Taking a value stream approach to process mapping allows you to move across departmental and system boundaries to understand the underlying business capability.

Some mistakes organizations make are over-customizing processes, or conversely, not customizing when required. Workday provides good baseline process that work for most organizations. However, if a process is broken or not working efficiently take the time to investigate it, including underlying policies, roles, workflows, and integrations.

Process frameworks

Help define your inventory of sales, marketing, and customer services processes.

(APQC)

If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes.

APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

APQC’s Process Classification Framework

Process mapping hierarchy

A process classification framework is helpful for organizations to effectively define their processes and manage them appropriately.

Use Info-Tech’s related industry resources or publicly available process frameworks (such as APQC) to develop and map your business processes.

These processes can then be mapped to supporting applications and modules. Policies, roles, and workflows also play a role and should be considered in the overall functioning.

APQC’s Process Classification Framework

(APQC)

Focus on level-1 processes

Info-Tech Insight

Focus your initial assessment on the level-1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners.

You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.

Process mapping and supporting ERP modules

The operating model

An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of ERP and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output.

From your developed processes and your Workday license agreements you will be able to pinpoint the scope for investigation, including the processes and modules.

Workday modules and process enablement

Workday Finance

• Accounts Receivable and Collections
• Accounts Payable and Payments
• Asset Management
• Audit and Controls
• Billing and Invoicing
• Cash Management
• Contracts
• Financial Reporting and Analysis
• [Global] Close and Consolidation
• Multi-GAAP/Multi-book/Multi-chart of Accounts
• Revenue Management

Spend Management

• Strategic Sourcing
• Procure to Pay
• Inventory
• Expenses

Professional Services Automation

• Project and Resource Management
• Project Financials
• Project Billing
• Expense Management
• Time Tracking

Enterprise Planning

• Financial planning
• Reporting
• Analytics
• Budgets
• Insights
• Workforce planning
• Sales planning
• Operational planning

Analytics and Reporting

• Financial Management Core Reporting
• Human Capital Management Core Reporting
• Benchmarking
• Data Hub
• Augmented Analytics

Student

• Admissions
• Financial Aid
• Advising
• Student Finance
• Student Records

Human Capital Management (HCM)

• Human Resource Management
• Organization Management
• Business Process Management
• Reporting and Analytics
• Employee and Manager Self-Service
• Contingent Labor Management
• Skills Cloud
• Absence Management
• Benefits Administration
• ACA Management
• Compensation
• Talent Optimization

Payroll and Workforce Management

• Scheduling and Labor Management
• Time and Attendance
• Absence
• Payroll

Employee Experience

• Employee Engagement Insights
• Diversity, Inclusion, and Belonging Measurement
• Health and Well-Being Metrics
• Back-to-Workplace Readiness
• Confidential Employee-Manager Conversations
• Attrition Prediction
• Continuous Industry Benchmarks

Talent and Performance

• Talent Profile
• Continuous Feedback
• Survey Campaigns
• Embedded Analytics
• Goal Management
• Performance Management
• Talent Review
• Calibration
• Competencies
• Career and Development Planning
• Succession Planning
• Talent Marketplace
• Mobile
• Expenses

1.3.3 Inventory your Workday modules and business capabilities

1-3+ hours

1. Look at the major functions or processes within the scope of ERP.
2. From the inventory of current systems, choose the submodules or processes that you want to investigate and are within scope for this optimization initiative.
3. List the top modules, capabilities, or processes that will be within the scope of this optimization initiative.

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

1.3.4 Define your key Workday optimization modules and business capabilities

1-3+ hours

1. Look at the major functions or processes within the scope of ERP.
2. From the inventory of current systems, choose the submodules or processes for this optimization initiative. Base this on those that are most critical to the business, those with the lowest levels of satisfaction, or those that perhaps need more knowledge around them.

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Step 1.4

Define Optimization Timeframe

Activities

1.4.1 Define Workday Key Dates, and Workday Optimization Roadmap Timeframe and Structure

Map Current-State Capabilities

Step 1.1

Step 1.2

Step 1.3

Step 1.4

Step 1.5

This step will guide you through the following activities:

• Defining key dates related to your optimization initiative
• Identifying key building blocks for your optimization roadmap

This step involves the following participants:

• Workday Optimization Team
• Vendor Management

Outcomes of this step

• Optimization Key Dates
• Optimization Roadmap Timeframe and Structure

1.4.1 Optimization roadmap timeframe and structure

1-3+ hours

1. Key items and dates relevant to your optimization initiatives, such as any products reaching end of life or end of contract, or budget proposal submission deadlines.
2. Enter the expected Optimization Initiative Start Date.
3. Enter the Roadmap Length. This is the total amount of time you expect to participate in the Workday Optimization Initiative. This includes short-, medium-, and long-term initiatives.
4. Enter your Roadmap Date markers – how you want dates displayed on the roadmap.
5. Enter column time values – what level of granularity will be helpful for this initiative?
6. Enter the sprint or cycle timeframe – use this if following Agile.

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Step 1.5

Understand Workday Costs

Activities

1.5.1 Document Costs Associated With Workday

Map Current-State Capabilities

Step 1.1

Step 1.2

Step 1.3

Step 1.4

Step 1.5

This step will walk you through the following activities:

• Define your Workday direct and indirect costs
• List your Workday expense line items

This step involves the following participants:

• Finance representatives
• Workday Optimization Team

Outcomes of this step

• Current Workday and related costs

1.5.1 Document costs associated with Workday

1-3 hours

Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

1. Identify the types of technology costs associated with each current system:
   1. System Maintenance
   2. Annual Renewal
   3. Licensing
2. Identify the cost of people associated with each current system:
   1. Full-Time Employees
   2. Application Support Staff
   3. Help Desk Tickets

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Phase 2

Assess Your Current State

Phase 1

1.1 Identify Stakeholders and Build Your Optimization Team

1.2 Build an ERP Strategy Model

1.3 Inventory Current System State

1.4 Define Optimization Timeframe

1.5 Understand Workday Costs

Phase 2

2.1 Assess Workday Capabilities

2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

Phase 3

3.1 Prioritize Optimization Opportunities

3.2 Discover Optimization Initiatives

Phase 4

4.1 Build Your Optimization Roadmap

This phase will guide you through the following activities:

• Determine process relevance
• Perform a gap analysis
• Perform a user satisfaction survey
• Assess software and vendor satisfaction

This phase involves the following participants:

• Workday Optimization Team
• Users across functional areas of your ERP and related technologies

Step 2.1

Assess Workday Capabilities

Activities

2.1.1 Rate Capability Relevance to Organizational Goals

2.1.2 Complete a Workday Application Portfolio Assessment

2.1.3 (Optional) Assess Workday Process Maturity

Assess Workday Capabilities

Step 2.1

Step 2.2

This step will guide you through the following activities:

• Capability Relevance
• Process Gap Analysis
• Application Portfolio Assessment

This step involves the following participants:

• Workday Users

Outcomes of this step

• Workday Capability Assessment

Benefits of the Application Portfolio Assessment

Assess the health of the application portfolio

• Get a full 360-degree view of the effectiveness, criticality, and prevalence of all relevant applications to get a comprehensive view of the health of the applications portfolio.
• Identify opportunities to drive more value from effective applications, retire nonessential applications, and immediately address at-risk applications that are not meeting expectations.

Provide targeted department feedback

• Share end-user satisfaction and importance ratings for core IT services, IT communications, and business enablement to focus on the right end-user groups or lines of business, and ramp up satisfaction and productivity.

Gain insight into the state of data quality

• Data quality is one of the key issues causing poor ERP user satisfaction and business results. This can include the relevance, accuracy, timeliness, or usability of the organization’s data.
• Targeted, open-ended feedback around data quality will provide insight into where optimization efforts should be focused.

2.1.1 Complete a current state assessment (via the Application Portfolio Assessment)

3 hours

Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around Workday.

1. Download the Workday Application Inventory Tool.
2. Complete the “Demographics” tab (tab 2).
3. Complete the “Inventory” tab (tab 3).
   1. Complete the inventory by treating each module within your Workday system as an application.
   2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
   3. Include data quality for all applications applicable.

Option 2: Create a survey manually.

1. Use tab Reference 2.1 “APA Questions” as a guide for creating your survey.
2. Send out surveys to end users.
3. Modify tab 2.1 “Workday Assessment” if required.

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

2.1.2 Complete the Application Portfolio Assessment

3 hours

Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around Workday.

1. Download the Workday Application Inventory Tool.
2. Complete the “Demographics” tab (tab 2).
3. Complete the “Inventory” tab (tab 3).
   1. Complete the inventory by treating each module within your Workday system as an application.
   2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
   3. Include data quality for all applications applicable.

Option 2: Create a survey manually.

1. Use tab Reference 2.1 “APA Questions” as a guide for creating your survey.
2. Send out surveys to end users.
3. Modify tab 2.1 “Workday Assessment” if required.

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

2.1.3 (Optional) Assess Workday process maturity

1. As with any ERP system, the issues encountered may not be related to the system itself but processes that have developed over time.
2. Use this opportunity to interview key stakeholders to learn about deeper capability processes.
   1. Identify key stakeholders.
   2. Hold sessions to document deeper processes.
   3. Discuss processes and technical enablement in each area.

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Process Maturity Assessment

Process Assessment

Strong

Moderate

Weak

1.1 Financial Planning and Analysis

1.2 Accounting and Financial Close

1.3 Treasury Management

1.4 Financial Operations

1.5 Governance, Risk & Compliance

2.1 Core HR

Stakeholders Interviewed:

The process is formalized, documented, optimized, and audited.

The process is poorly documented. More than one person knows how to do it. Inefficient and error-prone.

The process is not documented. One person knows how to do it. The process is ad hoc, not formalized, inconsistent.

Capability Processes:

General Ledger

Accounts Receivable

Incentives Management

Accounts Payable

General Ledger Consolidation

Treasury Management

Cash Management

Subscription / recurring payments

Treasury Transactions

Step 2.2

Review Your Satisfaction With the Vendor/Product and Willingness for Change

Activities

2.2.1 Rate Your Vendor and Product Satisfaction

2.2.2 Review Workday Product Scores (if applicable)

2.2.3 Evaluate Your Product Satisfaction

2.2.4 Check Your Business Process Change Tolerance

Product Satisfaction

Step 2.1

Step 2.2

This step will guide you through the following activities:

• Rate your vendor and product satisfaction
• Compare with survey data from SoftwareReviews

This step involves the following participants:

• Workday Product Owner(s)
• Procurement Representative
• Vendor Contracts Manager

Outcomes of this step

• Quantified satisfaction with vendor and product

2.2.1 Rate your vendor and product satisfaction

30 minutes

Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your ERP product(s) and vendor(s).

1. Option 1 (recommended): Conduct a satisfaction survey using SoftwareReviews. This option allows you to see your results in the context of the vendor landscape.
2. Option 2: Use the Get the Most Out of Your Workday Workbook to review your satisfaction with your Workday software.

Record this information in the Get the Most Out of Your Workday Workbook

SoftwareReviews’ Enterprise Resource Planning Category

Download the Get the Most Out of Your Workday Workbook

2.2.2 Review Workday product scores (if applicable)

30 minutes

1. Download the scorecard for your Workday product from the SoftwareReviews website. (Note: Not all products are represented or have sufficient data, so a scorecard may not be available.)
2. Use the Get the Most Out of Your Workday Workbook tab 2.3 to record the scorecard results.
3. Use your Get the Most Out of Your Workday Workbook to flag areas where your score may be lower than the product scorecard. Brainstorm ideas for optimization.

Record this information in the Get the Most Out of Your Workday Workbook.

SoftwareReviews’ Enterprise Resource Planning Category

Download the Get the Most Out of Your Workday Workbook

2.2.3 How does your satisfaction compare with your peers?

Use SoftwareReviews to explore product features, vendor experience, and capability satisfaction.

(SoftwareReviews ERP Mid-Market, 2022; SoftwareReviews ERP Enterprise, 2022)

2.2.4 Check your business process change tolerance

1 hours

Input

• Business process capability map

Output

• Heat map of risk areas that require more attention to validate best practices or minimize customization

Materials

• Whiteboard/flip charts
• Get the Most Out of Your Workday Workbook

Participants

• Implementation team
• SMEs
• Departmental Leaders

1. As a group, list your level-0 and level-1 business capabilities. Sample on the next slide.
2. Assess the department’s willingness for change and the risk of maintaining the status quo.
3. Color-code the level-0 business capabilities based on:
   1. Green – Willing to follow best practices
   2. Yellow – May be challenging or unique business model
   3. Red – Low tolerance for change

Record this information in the Get the Most Out of Your Workday Workbook

Heat map representing desire for best practice or those having the least tolerance for change

Legend:

Willing to follow best practice

May be challenging or unique business model

Low tolerance for change

Out of Scope

Determine the areas of risk to conform to best practice and minimize customization. These will be areas needing focus from the vendor, supporting change and guiding best practice.

For example: Must be able to support our unique process manufacturing capabilities and enhance planning and visibility to detailed costing.

Phase 3

Identify Key Optimization Opportunities

Phase 1

1.1 Identify Stakeholders and Build Your Optimization Team

1.2 Build an ERP Strategy Model

1.3 Inventory Current System State

1.4 Define Optimization Timeframe

1.5 Understand Workday Costs

Phase 2

2.1 Assess Workday Capabilities

2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

Phase 3

3.1 Prioritize Optimization Opportunities

3.2 Discover Optimization Initiatives

Phase 4

4.1 Build Your Optimization Roadmap

This phase will walk you through the following activities:

• Identify key optimization areas
• Create an optimization roadmap

This phase involves the following participants:

• Workday Optimization Team

Step 3.1

Prioritize optimization opportunities

Activities

3.1.1 Prioritize Optimization Capability Areas

Build Your Optimization Roadmap

Step 3.1

Step 3.2

This step will guide you through the following activities:

• Explore existing process gaps
• Identify the impact of processes on user satisfaction
• Identify the impact of data quality on user satisfaction
• Review your overall product satisfaction and vendor management

This step involves the following participants:

• Workday Optimization Team

Outcomes of this step

• Application optimization plan

Info-Tech Insight

Enabling a high-performing organization requires excellent management practices and continuous optimization efforts. Your technology portfolio and architecture are important, but we must go deeper. Taking a holistic view of ERP technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results. Using a formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

Address process gaps:

• ERP and related technologies are invaluable to the goal of organizational enablement, but they must have supported processes driven by business goals.
• Identify areas where capabilities need to be improved and work toward optimization.

Support user satisfaction:

• The best technology in the world won’t deliver business results if it’s not working for the users who need it.
• Understand concerns, communicate improvements, and support users in all roles.

Improve data quality:

• Data quality is unique to each business unit and requires tolerance, not perfection.
• Implement data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.

Proactively manage vendors:

• Vendor management is a critical component of technology enablement and IT satisfaction.
• Assess your current satisfaction against that of your peers and work toward building a process that is best fit for your organization.

Assessing application business value

The Business

Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the applications.

Business Value of Applications

IT

Technical subject matter experts of the applications they deliver and maintain. Each IT function works together to ensure quality applications are delivered to stakeholder expectations.

First, the authorities on business value need to define and weigh their value drivers that describe the priorities of the organization. This will allow the applications team to apply a consistent, objective, and strategically aligned evaluation of applications across the organization.

In this context…

business value is

the value of the business outcome that the application produces. Additionally, it is how effective the application is at producing that outcome.

Business value IS NOT

the user’s experience or satisfaction with the application.

Brainstorm IT initiatives to enable high areas of opportunity to support the business

Create or Improve:

• ERP Capabilities
• Optimization Initiatives

Capabilities are what the system and business do that creates value for the organization.

Optimization initiatives are projects with a definitive start and end date, and they enhance, create, maintain, or remove capabilities with the goal of increasing value.

Brainstorm ERP optimization initiatives in each area. Ensure you are looking for all-encompassing opportunities within the context of IT, the business, and Workday systems.

• Process
• Technology
• Organization

Discover the value drivers of your applications

Financial vs. Human Benefits

Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.

Human benefits refer to how an application can deliver value through a user’s experience.

Inward vs. Outward Orientation

Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.

Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

Increased Revenue

Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

Reduced Costs

Reduction of overhead. The ways in which an application limits the operational costs of business functions.

Enhanced Services

Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

Reach Customers

Application functions that enable and improve the interaction with customers or produce market information and insights.

Prioritize Workday optimization areas that will bring the most value to the organization

Review your ERP capability areas and rate them according to relevance to organizational goals. This will allow you to eliminate optimization ideas that may not bring value to the organization.

Value vs. Effort

How important is it? vs. How difficult is it?

(Roadmunk)

RICE method

Measure the “total impact per time worked”

(Intercom)

3.1.1 Prioritize and rate optimization capability areas

1-3 hours

1. Use tab 3.1 Optimization Priorities.
2. From the Workday Key Capabilities (pulled from tab 1.3 Key Capabilities), discuss areas of scope for the Workday optimization initiative.
3. Discuss the four areas of the business value matrix and identify how each module, along with organizational goals, can bring value to the organization.
4. Rate each of your Workday capabilities for the level of importance to your organization. The levels of importance are:
   • Crucial
   • Important
   • Secondary
   • Unimportant
   • Not applicable

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Step 3.2

Discover Optimization Initiatives

Activities

3.2.1 Discover Product and Vendor Satisfaction Opportunities

3.2.2 Discover Capability and Feature Optimization Opportunities

3.2.3 Discover Process Optimization Opportunities

3.2.4 Discover Integration Optimization Opportunities

3.2.5 Discover Data Optimization Opportunities

3.2.6 Discover Workday Cost-Saving Opportunities

Build Your Optimization Roadmap

Step 3.1

Step 3.2

This step will guide you through the following activities:

• Explore existing process gaps
• Identify the impact of processes on user satisfaction
• Identify the impact of data quality on user satisfaction
• Review your overall product satisfaction and vendor management

This step involves the following participants:

• Workday Optimization Team

Outcomes of this step

• Application optimization plan

Workday’s partner landscape

Workday uses an extensive partner network to help deliver results.

ADVISORY PARTNERS

Workday Advisory Partners have in-depth knowledge to help customers determine what’s best for their needs and how to maximize business value. They guide you through digital acceleration strategy and planning, product selection, change management, and more.

SERVICES PARTNERS

Workday Services Partners represent a curated community of global systems integrators and regional firms that help companies deploy Workday and continually adopt new capabilities.

SOFTWARE PARTNERS

Workday Software Partners are a global ecosystem of application, content, and technology software companies that design, build, and deploy solution extensions to help customers enhance the capabilities of Workday.

Global payroll PARTNERS

Workday’s Global Payroll Cloud (GPC) program makes it easy to expand payroll (outside of the US, Canada, the UK, and France) to third-party payroll providers around the world using certified, prebuilt integrations from Workday Partners. Payroll partners provide solutions in more than 100 countries.

Adaptive planning PARTNERS

Adaptive planning partners guide you through all aspects of everything from integration to deployment.

With large-scale ERP and HCM systems, the success of the system can be as much about the SI (Systems Integrator) or vendor partners as it is about the core product.

In evaluating your Workday system, think about Workday’s extensive partner network to understand how you can capitalize on your installation.

You do not need to reinvent the system; you may just need an additional service partner or bolt-on solution to round out your product functionality.

Improving vendor management

Create a right-size, right-fit strategy for managing the vendors relevant to your organization.

Info-Tech Insight

A vendor management initiative is an organization’s formalized process for evaluating, selecting, managing, and optimizing third-party providers of goods and services.

The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in Info-Tech’s Jump Start Your Vendor Management Initiative blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.

Note: Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”

Jump Start Your Vendor Management Initiative

3.2.1 Discover product and vendor satisfaction

1-2 hours

1. Review tab 2.2 Vend. & Prod. Sat. to review the overall Product (and Vendor) satisfaction of your Workday system.
2. Use tab 3.2 Optimization Initiatives to answer the following questions in the Overall Product (and Vendor) Evaluation area.
   • Document overall product satisfaction.
   • How does your satisfaction compare with your peers?
   • Is the overall system fit for use?
   • Do you have a proactive vendor management strategy in place?
   • Is the product dissatisfaction at the point that you need to evaluate if it is time to replace the product?
   • Could your vendor or SI help you achieve better results?

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

3.2.2 Discover capability and feature optimization opportunities

1-2 hours

1. Review tab 2.2 Vend. & Prod. Sat. and tab 3.1 Optimization Priorities to review the satisfaction with the capabilities and features of your Workday system.
2. Use tab 3.2 Optimization Initiatives to answer the following questions in the Capabilities and Features Evaluation area to answer the following questions:
   • What capabilities and features are performing the worst?
   • Do other organizations and users struggle with these areas?
   • Why is it not performing well?
   • Is there an opportunity for improvement?
   • What are some optimization initiatives that could be undertaken?

Record this information in the Get the Most Out of Your Workday Workbook

Download the Get the Most Out of Your Workday Workbook

Process optimization: the hidden goldmine

Know your strategic goals and KPIs that will deliver results.

3.2.3 Discover process optimization opportunities

1-2 hours

1. Use tab 3.1 Optimization Priorities and tab 2.2 Bus Proc Change Tolerance to review process optimization opportunities.
2. Use tab 3.2 Optimization Initiatives to answer the following questions in the Capabilities and Features Evaluation area to answer the following questions:
   • List underperforming capabilities around process.
   • Answer the following:
     • What is the state of the current processes?
     • Is there an opportunity for process improvement?
     • What are some optimization initiatives that could be undertaken in this area?

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Integration provides long-term usability

Balance the need for secure, compliant data availability with organizational agility.

The benefits of integration

• The largest benefit is the extended use of data. The ERP data can be used in the enterprise-level business intelligence suite rather than the application-specific analytics.
• Enhanced data security. Integrated approaches lend themselves to auditable processes such as sign-on and limit the email movement of data.
• Regulatory compliance. Large multi-site organizations have many layers of regulation. A clear understanding of where orders, deliveries, and payments were made streamlines the audit process.

The challenges of integration

• Extending a single instance ERP to multiple sites. The challenge for data management is the same as any SaaS application. The connection and data replication present challenges.
• Combining data from equally high-volume systems. For Workday it is recommended that one instance is set to primary and all other sites are read-only to maintain data integrity.
• Incorporating data from the separate system(s). The proprietary and locked-in nature of the data collection and definitions for ERP systems often limit the movement of data between separate systems.

Common integration and consolidation scenarios

For more information: Implement a Multi-site ERP

3.2.4 Discover integration optimization opportunities

1-2 hours

1. Use tab 3.2 Optimization Initiatives to answer the following questions in the Integration Evaluation area:
   1. Are there some areas where integration could be improved?
   2. Is there an opportunity for process improvement?
   3. What are some optimization initiatives that could be undertaken in this area?

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Use a data strategy that fixes the enterprise-wide data management issues

Your data management must allow for flexibility and scalability for future needs.

IT has several concerns around ERP data and wide dissemination of that data across sites. Large organizations can benefit from building a data warehouse or at least adopting some of the principles of data warehousing. The optimal way to deal with the issue of integration is to design a metadata-driven data warehouse that acts as a central repository for all ERP data. This serves as the storage facility for millions of transactions, formatted to allow analysis and comparison.

Key considerations:

• Technical: At what stage does data move to the warehouse? Can processes be automated to dump data or to do a scheduled data movement?
• Process: Data integration requires some level of historical context for all data. Ensure that all data has multiple metadata tags to future-proof the data.
• People: Who will be accessing the data and what are the key items that users will need to adapt to the data warehouse process?

Info-Tech Insight

Data warehouse solutions can be expensive. See Info-Tech’s Build a Data Warehouse on a Solid Foundation for guidance on what options are available to meet your budget and data needs.

Optimizing Workday data, additional considerations

3.2.5 Discover data optimization opportunities

1-2 hours

1. Use your 2.1 APA survey and/or tab 2.2 Vendor & Prod Sat to better understand issues related to data.

• Note: Data issues happen for a number of reasons:
  • Poor underlying data in the system
  • More than one source of truth
  • Inability to consolidate data
  • Inability to measure KPIs (key performance indicators) effectively
  • Reporting that is cumbersome or non-existent

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Info-Tech Insight

The number one reason organizations leave Workday is because of cost. Do not be strong-armed into a contract you do not feel comfortable with. Do your homework, know your leverage points, be fully prepared for cost negotiations, use their competition to your advantage, and get support – such as Info-Tech’s vendor management resources and team.

Approach contracts and pricing strategically

Don’t go into contract negotiation blind.

• Understand the vendor – year-end, market strategy, and competitive position.
• Take the time to understand the contract. including contract details such as length of the contract, full-service equivalent (FSE, employee count,) innovation fees, modules included, and renewal clauses.
• Be fully prepared to take a proactive approach to cost negotiations.
  • Use Info-Tech’s vendor management services to support you.
  • Go in prepared.
  • Use your leverage points – FSE count, Module Bundles, CPI & Innovation Fees.
  • Use competition to your advantage.

Since 2007, Workday has been steadily growing its market share and footprint in human capital management, finance, and student information systems.

Organizations considering additional modules or undergoing contract renewal need to gain insight into areas of leverage and other relevant vendor information.

Key issues that occur include pricing transparency and contractual flexibility on terms and conditions. Adequate planning and communication need to be taken into consideration before entering into any agreement.

3.2.6 Discover Workday cost-saving opportunities

1-2 hours

1. Use tab 1.5 Current Costs, as an input for this exercise. Another great resource is Info-Tech’s Workday vendor management resources which you can use to help understand cost-saving strategies.
2. Use tab 3.2 Optimization Initiatives Costs Evaluation area to list cost savings initiatives and opportunities.

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Other optimization opportunities

There are many opportunities to improve your Workday portfolio. Choose the ones that are right for your business.

• Artificial intelligence (AI) (and management of the AI lifecycle)
• Machine learning (ML)
• Augment business interactions
• Automatically execute sales pipelines
• Process mining
• Workday application monitoring
• Be aware of the Workday product roadmap
• Implement and take advantage of Workday tools and product offerings

Phase 4

Build Your Optimization Roadmap

Phase 1

1.1 Identify Stakeholders and Build Your Optimization Team

1.2 Build an ERP Strategy Model

1.3 Inventory Current System State

1.4 Define Optimization Timeframe

1.5 Understand Workday Costs

Phase 2

2.1 Assess Workday Capabilities

2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

Phase 3

3.1 Prioritize Optimization Opportunities

3.2 Discover Optimization Initiatives

Phase 4

4.1 Build Your Optimization Roadmap

This phase will walk you through the following activities:

• Review the different options to solve the identified pain points
• Build out a roadmap showing how you will get to those solutions
• Build a communication plan that includes the stakeholder presentation

This phase involves the following participants:

• Primary stakeholders in each value stream supported by the ERP
• ERP Applications support team

Get the Most Out of Your Workday

Step 4.1

4.1 Build Your Optimization Roadmap

Activities

4.1.1 Evaluate Optimization Initiatives

4.1.2 Prioritize Your Workday Initiatives

4.1.3 Build a Roadmap

4.1.4 Build a Visual Roadmap

Next steps

Step 4.1

This step will walk you through the following activities:

• Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution.

This step involves the following participants:

• Primary stakeholders in each value stream supported by the ERP
• ERP Applications support team

Outcomes of this step

• A strategic direction is set
• An initial roadmap is laid out

Evaluate your optimization initiatives and determine next steps to build out your optimization roadmap

Activity 4.1.1 Evaluate optimization Initiatives

1 hour

1. Evaluate your optimization initiatives from tab 3.2, Optimization Initiatives.
2. Complete Value Drivers:

• Relevance to Organizational Goals and Objectives
• Applications Portfolio Assessment Survey:
  • Impact: Number of Users, Importance to Role
  • Current State: Satisfaction With Features, Usability, and Data Quality.
• Value Drivers: Increase Revenue, Decrease Costs, Enhanced Services, or Reach Customers.
• Additional Factors:
  • Current to Future Risk Profile
  • Number of Departments to Benefit
  • Importance to Stakeholder Relations

• Resources: Do we have resources available and the skillset?
• Cost
• Overall Effort Rating

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Activity 4.1.2 Determine your optimization roadmap building blocks

1 hour

Optimization initiatives: Determine which if any to proceed with.

1. Identify initiatives.
2. For each item on your roadmap assign an owner who will be accountable to the completion of the roadmap item.
3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.
5. Include periphery tasks such as communication strategy.

Record this information in the Get the Most Out of Your Workday Workbook.

Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

Download the Get the Most Out of Your Workday Workbook

Activity 4.1.3 – Build a visual Workday optimization roadmap (optional)

1 hour

For some, a visual representation of a roadmap is easier to comprehend.

Consider taking the roadmap built in 4.1.2 and creating a visual roadmap.

Record this information in the Get the Most Out of Your Workday Workbook.

Download the Get the Most Out of Your Workday Workbook

Summary of Accomplishment

Get the Most Out of Your Workday

ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.

Get the Most Out of Your Workday allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:

• Alignment and prioritization of key business and technology drivers.
• Identification of processes, including classification and gap analysis.
• Measurement of user satisfaction across key departments.
• Improved vendor relations.
• Data quality initiatives.

This formal Workday optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information.

workshops@infotech.com

1-888-670-8889

Research Contributors

Ben Dickie

Research Practice Lead

Info-Tech Research Group

Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications.

Scott Bickley

Practice Lead and Principal Research

Director Info-Tech Research Group

Scott Bickley is a Practice Lead and Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement along with a deep background in operations, engineering, and quality systems management.

Andy Neil

Practice Lead, Applications

Info-Tech Research Group

Andy is a Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry standard data models.

Bibliography

“9 product prioritization frameworks for product managers.” Roadmunk, n.d. Accessed 15 May 2022.

Armel, Kate. "New Article: Data-Driven Estimation, Management Lead to High Quality." QSM: Quantitative Software Management, 14 May 2013. Accessed 4 Feb. 2021.

Collins, George, et al., “Connecting Small Businesses in the US.” Deloitte Commissioned by Google, 2017. Web.

Epizitone, Ayogeboh, and Oludayo O. Olugbara. "Critical Success Factors for ERP System Implementation to Support Financial Functions." Academy of Accounting and Financial Studies Journal, vol. 23, no. 6, 2019. Accessed 12 Oct. 2021

Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub, 2018. Accessed 21 Feb. 2021.

Karlsson, Johan. "Product Backlog Grooming Examples and Best Practices." Perforce, 18 May 2018. Accessed 4 Feb. 2021.

Lauchlan, Stuart. “Workday accelerates into fiscal 2023 with a strong year end as cloud adoption gets a COVID-bounce.” diginomica, 1 March 2022. Web.

"Maximizing the Emotional Economy: Behavioral Economics." Gallup, n.d. Accessed 21 Feb. 2021.

Noble, Simon-Peter. “Workday: A High-Quality Business That's Fairly Valued.” Seeking Alpha, 8 Apr. 2019. Web.

Norelus, Ernese, Sreeni Pamidala, and Oliver Senti. "An Approach to Application Modernization: Discovery and Assessment Phase," Medium, 24 Feb. 2020. Accessed 21 Feb. 2021.

"Process Frameworks." APQC, n.d. Accessed 21 Feb. 2021.

Saxena, Deepak, and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, vol. 22, no. 1, 2019, pp. 29-37. Accessed 21 Feb. 2021.

“Workday Enterprise Management Cloud Product Scorecard.” SoftwareReviews, May 2022. Web.

“Workday Meets Growing Customer Demand with Record Number of Deployments and Industry-Leading Customer Satisfaction Score.” Workday, Inc., 7 June 2021. Web.

Demystify the New PMBOK Guide and the PMI Certifications

The PMP certification is still valuable and worth your time in 2023.

Analyst Perspective

The PMP (Project Management Professional) certification is still worth your time.

I often get asked, “Is the PMP worth it?” I then proceed with a question of my own: “If it gets you an interview or a foot in the door or bolsters your salary, would it be worth it?” Typically, the answer is a resounding “YES!”

CIO magazine ranked the PMP as the top project management certification in North America because it demonstrates that you have the specific skills employers seek, dedication to excellence, and the capacity to perform at the highest levels.

Given its popularity and the demand in the marketplace, I strongly believe it is still worth your time and investment. The PMP is a globally recognized certification that has dominated for decades. It is hard to overlook the fact that the Project Management Institute (PMI) has more than 1.2 million PMP certification holders worldwide and is still considered the gold standard for project management.

Yes, it’s worth it. It gets you interviews, a foot in the door, and bolsters your salary. Oh, and it makes you a more complete project manager.

Long Dam, PMP, PMI-ACP, PgMP, PfMP

Executive Summary

Info-Tech Insight

The PMP certification is still valuable and worthy of your time in 2023.

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks are used throughout all four options.

The PMP dominated the market for decades and got over 1 million people certified

Info-Tech Insight

The PMI’s flagship PMP certification numbers have not significantly increased from 2021 to 2022. However, PMP substantially outpaces all competitors with over 1.2 million certified PMPs.

Source: projectmanagement.com

The PMP penetrated over 200 countries

PMP is the global project management gold standard.

• CIO magazine ranked the PMP as the top project management certification because it demonstrates you have the specific skills employers seek, dedication to excellence, and the capacity to perform at the highest levels.
• It delivers real value in the form of professional credibility, deep knowledge, and increased earning potential. Those benefits have staying power.
• The PMP now includes predictive, Agile, and hybrid approaches.
• The PMP demonstrates expertise across the wide array of planning and work management styles.

Source: PMI, “PMP Certification.” PMI, “Why You Should Get the PMP.”

The PMP was valuable in the past specifically because it was the standard

79% of project managers surveyed have the PMP certification out of 30,000 respondents in 40 countries.

The PMP became table stakes for jobs in project management and PMO’s.

Source: PMI’s Earning Power: Project Management Salary Survey—Twelfth Edition (2021)

The PMP put itself on a collision course with Agile

• The Agile Certified Practitioner (PMI-ACP) was introduced in 2012 which initially clashed with the PMP for project management supremacy from the PMI.
• Then the Disciplined Agile (DA) was introduced in 2019, which further compounded the issue and caused even more confusion with both the PMP and the PMI-ACP certification.
• Instead of complementing the PMP, these certifications began to inadvertently compete with it head-to-head.

There is a new PMBOK Guide Seventh Edition in town

The PMI made its most significant changes between 2017 and 2021.

Timeline adapted from Wikipedia, “Project Management Body of Knowledge.”

Roughly every 3-5 years, the PMI has released a new PMBOK version. It’s unclear if there will be an eighth edition.

The market got confused by PMBOK Guide – Seventh Edition

• Die-hard traditional project managers have a hard time grasping why the PMI messed around with the PMBOK Guide. There is sentiment that the PMBOK Guide V7 got diluted.
• Naysayers do not think that the PMBOK Guide V7 hit the mark and found it to be a concession to Agilists.
• The PMBOK Guide V7 was significantly trimmed down by almost two-thirds to 274 pages whereas the PMBOK V6 ballooned to 756 pages!
• Some Agile practitioners found this to be a refreshing, bold move from the PMI. Most, however, ignored or resisted it.

PMBOK Guide – Seventh edition released in 2021

• The PMBOK Guide – Seventh Edition was released in late 2021. It was the most radical change since 1987. For the first time, the PMI went from a process-based standard to a principles-based standard, and the guide went from knowledge areas to project performance domains. This may have diluted the traditional predictive project management practices. However, it was offset by incorporating more iterative, Agile, and hybrid approaches.
• The market is confused and is clearly shifting toward Agile and away from the rigor that is typically associated with the PMI.
• The PMI transitioned most of the process-based standards & ITTO to their new digital PMIStandards+ online platform, which can be found here (access for PMI members only).
• The PMBOK Guide is not the sole basis of the certification exam; however, it can be used as one of several reference resources. Using the exam content outline (ECO) is the way forward, which can be found here.

The Agile certification seems to be the focus for the PMI in the coming years

• The PMI started to get into the Agile game with the introduction of Agile certifications, which is where all the confusion started. Although the PMI-ACP & the DASM have seen a steady uptake recently, it appears to be at the expense of the PMP certification.
• The PMI acquired the Discipline Agile (DA) in late 2019, which expanded their offerings and capabilities for project managers and teams to choose their “way of working.”
• This was an important milestone for the PMI to address the new way of working for Agile practitioners with this offering to provide more options and to better support enterprise agility.

Source: projectmanagement.com as of July 2022

The PMI has lost more certified PMPs than they have gained so far in 2022

PMP – Project Management Professional

It is a concerning trend that their bread and butter, the PMP flagship certification, has largely stalled in 2022. We are unsure if this was attributed to them being displaced by competitors such as the Agile Alliance, their own Agile offerings, or the market’s lackluster reaction to PMBOK Guide – Seventh Edition.

Source: projectmanagement.com as of July 2022

The PMI’s total memberships have stalled since September 2021

The PMI’s membership appears to have a direct correlation to the PMP numbers. As the PMP number stalls, so do the PMI’s memberships.

Source: projectmanagement.com as of July 2022

The PMP and the PMBOK Guide are more focused on project management

• It became evident that other certifications were more tightly aligned to program and portfolio management for the PMOs. The PMI provides the following:
  • Program Management Professional (PgMP)
  • Portfolio Management Professional (PfMP)
• Axelos also has certifications for program management and portfolio management, such as:
  • Managing Successful Programmes (MSP)
  • Management of Portfolios (MoP)
  • Portfolio, Programme, and Project Offices (P3O)

The market didn’t know what to do with the PgMP or the PfMP

These were relatively unknown certifications for Program and Portfolio Management.

• The PMI’s story was that you would start as a project manager with the PMP certification and then the natural progression would be toward either Program Management (PgMP) or Portfolio Management (PfMP).
• The uptake for the PgMP and the PfMP certification has been insignificant and underwhelming. The appetite and the demand for PMO-aligned certifications has been lackluster since their inception.

Source: projectmanagement.com as of July 2022

There are other non-PMI certifications to consider

Depending on your experience level

Other non-PMI project management certifications

PRINCE2 and CSM appear to be the more popular ones in the market.

In April 2022, CIO.com outlined other popular project management certifications outside of the PMI.

Source: CIO.com

Project managers have an image problem among senior leaders

There is a perception that PMs are just box-checkers and note-takers.

• Project managers are seen as tactical troubleshooters rather than strategic partners. This suggests a widespread lack of understanding of the value and impact of project management at the C-suite level.
• Very few C-suite executives associate project managers with "realizing visions," being "essential," or being "changemakers."
• Strong strategic alignment between the PMO and the C-suite helps to reinforce the value of project management capabilities in achieving wider strategic aims.

Source: PMI, Narrowing The Talent Gap, 2021

Hiring practices have yet to change in response to the PMI’s moves

The PMP is still the standard, even for organizations transitioning to Agile and PMO/portfolio jobs.

• Savvy business leaders are still unsure about how Agile will impact them in the long term.
• According to the Narrowing the Talent Gap report, PMI and PwC’s latest global research indicates that talent strategies haven’t changed much. There’s a widespread lack of focus on developing and retaining existing project managers, and a lack of variety and innovation in attracting and recruiting new talent. The core problem is that there isn’t a business case for investment in talent.

Noteworthy Agile certifications to consider

Source: PMI, “Agile Certifications,” and ScrumAlliance, “Become a Certified ScrumMaster.”

Info-Tech Insight

There is a lot of chatter about which Agile certification is better, and the jury is still out with no consensus. There are pros and cons to both certifications. We believe the PMI-ACP will give you more mileage and flexibility because of its breath of coverage in the Agile practice compared to the CSM.

The talent shortage is a considerable risk to organizations

• According to the PMI’s 2021 Talent Gap report1, the talent gap is likely to impact every region. By 2030, at least 13 million project managers are expected to have retired, creating additional challenges for recruitment. To close the gap, 25 million new project professionals are needed by 2030.
• Young project managers will change the profession. Millennials and Generation Z are bringing fresh perspectives to projects. Learning to work alongside these younger generations isn't optional, as they increasingly dominate the labor force and extend their influence.
• Millennials have already arrived: According to Pew Research2, this group surpassed Gen X in 2016 and is now the largest generation in the US labor force.

1. PMI, Talent Gap, 2021.
2. PM Network, 2019.

Money talks – the PMP is still your best payoff

It is a financially rewarding profession!

The median salary for PMP holders in the US is 25% higher than those without PMP certification.

On a global level, the Project Management Professional (PMP) certification has been shown to bolster salary levels. Holders of the PMP certification report higher median salaries than those without a PMP certification – 16% higher on average across the 40 countries surveyed.

Source: PMI, Earning Power, 2021

Determine which skills and capabilities are needed in the coming years

• A scan of 2022 PM and PMO postings still shows continued dominance of the PMP certification requirement.
• People and relationships have become more important than predicting budgets and timelines.
• The PMI and PwC Global Survey on Transformation and Project Management 2021 identified the top five skills/capabilities for project managers (in order of priority):
  1. Relationship building
  2. Collaborative leadership
  3. Strategic thinking
  4. Creative problem solving
  5. Commercial awareness

Source: PMI, Narrowing The Talent Gap, 2021.

Prepare for product delivery by focusing on top digital-age skills

According to the PMI Megatrends 2022 report, they have identified six areas as the top digital-age skills for product delivery:

1. Innovative mindset
2. Legal and regulatory compliance knowledge
3. Security and privacy knowledge
4. Data science skills
5. Ability to make data-driven decisions
6. Collaborative leadership skills

Many organizations aren’t considering candidates who don’t have project-related qualifications. Indeed, many more are increasing the requirements for their qualifications than those who are reducing it.

Source: PMI, Narrowing The Talent Gap, 2021

Prioritize training and development at the C-suite level

Currently, there is an imbalance with more emphasis of training on tools, processes, techniques, and methodologies rather than business acumen skills, collaboration, and management skills. With the explosion of remote work, training needs to be revamped and, in some cases, redesigned altogether to accommodate remote employees.

Lack of strategic prioritization is evident in how training and development is being done, with organizations largely not embracing a diversity of learning preferences and opportunities.

Source: PMI, Narrowing The Talent Gap, 2021

PM is evolving into a more strategic role

• Ensure program and portfolio management roles are supported by the most appropriate certifications.
• For project managers that have evolved beyond the iron triangle of managing projects, there is applicability to the PgMP and the PfMP for program managers, portfolio managers, and those in charge of PMOs.
• Although these certifications have not been widely adopted due to lack of awareness and engagement at the decision-maker level, they still hold merit and prestige within the project management community.

Project managers are evolving. No longer creatures of scope, schedule, and budget alone, they are now – enabled by new technology – focusing on influencing outcomes, building relationships, and achieving the strategic goals of their organizations.

Source: PMI, Narrowing the Talent Gap, 2021

Overhaul your recruitment practices to align with skills/capabilities

Talent managers will need to retool their toolbox to fill the capability gap and to look beyond where the role is geographically based by embracing flexible staffing models.

They will need to evolve their talent strategies in line with changing business priorities.

Organizations should be actively working to increase the diversity of candidates and upskilling young people in underrepresented communities as a priority.

Most organizations are still relying on traditional approaches to recruit talent. Although we are prioritizing power skills and business acumen, we are still searching in the same, shrinking pool of talent.

Source: PMI, Narrowing the Talent Gap, 2021.

Bibliography

“Agile Certifications for Every Step in Your Career.” PMI. Web.

“Become a Certified ScrumMaster and Help Your Team Thrive.” ScrumAlliance. Web.

“Become a Project Manager.” PMI. Accessed 14 Sept. 2022.

Bucero, A. “The Next Evolution: Young Project Managers Will Change the Profession: Here's What Organizations Need to Know.” PM Network, 2019, 33(6), 26–27.

“Certification Framework.” PMI. Accessed 14 Sept. 2022.

“Certifications.” PMI. Accessed 14 Sept. 2022.

DePrisco, Mike. Global Megatrends 2022. “Foreword.” PMI, 2022. Accessed 14 Sept. 2022.

Earning Power: Project Management Salary Survey. 12th ed. PMI, 2021. Accessed 14 Sept. 2022.

“Global Research From PMI and PwC Reveals Attributes and Strategies of the World’s Leading Project Management Offices.” PMI, 1 Mar. 2022. Press Release. Accessed 14 Sept. 2022.

Narrowing the Talent Gap. PMI, 2021. Accessed 14 Sept. 2022.

“PMP Certification.” PMI. Accessed 4 Aug. 2022.

“Project Management Body of Knowledge.” Wikipedia, Wikimedia Foundation, 29 Aug. 2022.

“Project Portfolio Management Pulse Survey 2021.” PwC. Accessed 30 Aug. 2022.

Talent Gap: Ten-Year Employment Trends, Costs, and Global Implications. PMI. Accessed 14 Sept. 2022.

“The Critical Path.” ProjectManagement.com. Accessed 14 Sept. 2022.

“True Business Agility Starts Here.” PMI. Accessed 14 Sept. 2022.

White, Sarah K. and Sharon Florentine. “Top 15 Project Management Certifications.” CIO.com, 22 Apr. 2022. Web.

“Why You Should Get the PMP.” PMI. Accessed 14 Sept. 2022.

Jump Start Your Vendor Management Initiative

Create and implement a vendor management framework to begin obtaining measurable results in 90 days.

EXECUTIVE BRIEF

Analyst Perspective

What is vendor management?

When you read the phrase “vendor management,” what comes to mind? This isn’t a rhetorical question. Take your time … I’ll wait.

Unfortunately, those words conjure up a lot of different meanings, and much of that depends on whom you ask. Those who work in the vendor management field will provide a variety of answers. To complicate matters, those who are vendor management “outsiders” will have a totally different view of what vendor management is. Why is this important? Because we need a common definition to communicate more effectively, even if the definition is broad.

Let’s start creating a working definition that is not circular. Vendor management is not simply managing vendors. That expression basically reorders the words and does nothing to advance our cause; it only adds to the existing confusion surrounding the concept.

Vendor management is best thought of as a spectrum or continuum with many points rather than a specific discipline like accounting or finance. There are many functions and activities that fall under the umbrella term of vendor management: some of them will be part of your vendor management initiative (VMI), some will not, and some will exist in your organization but be outside the VMI. This is the unique part of vendor management – the part that makes it fun, but also the part that leads to the confusion. For example, accounts payable sits within the accounting department almost exclusively, but contract management can sit within or outside the VMI. The beauty of vendor management is its flexibility; your VMI can be created to meet your specific needs and goals while leveraging common vendor management principles.

Every conversation around vendor management needs to begin with “What do you mean by that?” Only then can we home in on the scope and nature of what people are discussing. “Managing vendors” is too narrow because it often ignores many of the reasons organizations create VMIs in the first place: to reduce costs, to improve performance, to improve processes, to improve relationships, to improve communication, and to manage risk better.

Vendor management is a strategic initiative that takes the big picture into account … navigating the cradle to grave lifecycle to get the most out of your interactions and relationships with your vendors. It is flexible and customizable; it is not plug and play or overly prescriptive. Tools, principles, templates, and concepts are adapted rather than adopted as is. Ultimately, you define what vendor management is for your organization.

We look forward to helping you on your vendor management journey no matter what it looks like. But first, let’s have a conversation about how you want to define vendor management in your environment.

Phil Bode
Principal Research Director, Vendor Management
Info-Tech Research Group

Executive Summary

Your Challenge

Each year, IT organizations “outsource” tasks, activities, functions, and other items. During 2021:

• Spend on as-a-service providers increased 38% over 2020.*
• Spend on managed service providers increased 16% over 2020.*
• IT service providers increased their merger and acquisition numbers by 47% over 2020.*

*Source: Information Services Group, Inc., 2022.

Common Obstacles

As new contracts are negotiated and existing contracts are renegotiated or renewed, there is a perception that the contracts will yield certain results, output, performance, solutions, or outcomes. The hope is that these will provide a measurable expected value to IT and the organization. Oftentimes, much of the expected value is never realized. Many organizations don’t have a VMI to help:

• Ensure at least the expected value is achieved.
• Improve on the expected value through performance management.
• Significantly increase the expected value through a proactive VMI.

Info-Tech’s Approach

Vendor management is a proactive, cross-functional lifecycle. It can be broken down into four phases:

• Plan
• Build
• Run
• Review

The Info-Tech process addresses all four phases and provides a step-by-step approach to configure and operate your VMI. The content in this blueprint helps you quickly establish your VMI and set a solid foundation for its growth and maturity.

Info-Tech Insight

Vendor management is not a one-size-fits-all initiative. It must be configured:

• For your environment, culture, and goals.
• To leverage the strengths of your organization and personnel.
• To focus your energy and resources on your critical vendors.

Executive Summary

Your Challenge

Spend on managed service providers and as-a-service providers continues to increase. In addition, IT services vendors continue to be active in the mergers and acquisitions arena. This increases the need for a VMI to help with the changing IT vendor landscape. In 2021, there was increases of:

38%

Spend on As-a-Service Providers

16%

Spend on Managed Services Providers

47%

IT Services Merger & Acquisition Growth (Transactions)

Source: Information Services Group, Inc., 2022.

Executive Summary

Common Obstacles

When organizations execute, renew, or renegotiate a contract, there is an “expected value” associated with that contract. Without a robust VMI, most of the expected value will never be realized. With a robust VMI, the realized value significantly exceeds the expected value during the contract term.

A contract’s realized value with and without a vendor management initiative

Source: Based on findings from Geller & Company, 2003.

Executive Summary

Info-Tech’s Approach

A sound, cyclical approach to vendor management will help you create a VMI that meets your needs and stays in alignment with your organization as they both change (i.e. mature and grow).

Info-Tech’s Methodology for Creating and Operating Your VMI

Insight Summary

Insight 1

Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. While there are commonalities and leading practices associated with vendor management, your initiative won’t look exactly like another organization’s. The key is to adapt vendor management principles to fit your needs.

Insight 2

All vendors are not of equal importance to your organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization’s investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.

Insight 3

Having a solid foundation is critical to the VMI’s ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates “informally,” starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.

Blueprint Deliverables

The four phases of creating and running a vendor management initiative are supported with configurable tools, templates, and checklists to help you stay aligned internally and achieve your goals.

VMI Tools and Templates

Build a solid foundation for your VMI and configure tools and templates to help you manage your vendor relationships.

Key Deliverables:

1. Jump – Phase 1 Tools and Templates Compendium
2. Jump – Phase 2 Tools and Templates Compendium
3. Jump – Phase 2 Vendor Classification Tool
4. Jump – Phase 2 Vendor Risk Assessment Tool

A suite of tools and templates to help you create and implement your vendor management initiative.

Blueprint benefits

IT Benefits

• Identify and manage risk proactively.
• Reduce costs and maximize value.
• Increase visibility with your critical vendors.
• Improve vendor performance.
• Create a collaborative environment with key vendors.
• Segment vendors to allocate resources more effectively and more efficiently.

Business Benefits

• Improve vendor accountability.
• Increase collaboration between departments.
• Improve working relationships with your vendors.
• Create a feedback loop to address vendor or customer issues before they get out of hand or are more costly to resolve.
• Increase access to meaningful data and information regarding important vendors.

Establish Baseline Metrics

Baseline metrics will be improved through:

Using the Maturity Assessment and 90-Day Plan tools, track how well you are able to achieve your goals and objectives:

• Did you meet the targeted maturity level for each maturity category as determined by the point system?
• Did you finish each activity in the 90-Day Plan completely and on time?

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Phase 1: Plan

Get Organized

1.1 Mission Statement and Goals
1.2 Scope
1.3 Strengths and Obstacles
1.4 Roles and Responsibilities
1.5 Process Mapping
1.6 Charter
1.7 Vendor Inventory
1.8 Maturity Assessment
1.9 Structure

This phase will walk you through the following activities:

Organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI.

This phase involves the following participants:

• VMI team
• Applicable stakeholders and executives
• Procurement/Sourcing
• IT
• Others as needed

Jump Start Your Vendor Management Initiative

Phase 1: Plan

Get organized.

Phase 1: Plan focuses on getting organized. Foundational elements (mission statement, goals, scope, strengths and obstacles, roles and responsibilities, and process mapping) will help you define your VMI. These and the other elements of this Phase will follow you throughout the process of standing up your VMI and running it.

Spending time up front to ensure that everyone is on the same page will help avoid headaches down the road. The tendency is to skimp (or even skip) on these steps to get to “the good stuff.” To a certain extent, the process provided here is like building a house. You wouldn’t start building your dream home without having a solid blueprint. The same is true with vendor management. Leveraging vendor management tools and techniques without the proper foundation may provide some benefit in the short term, but in the long term it will ultimately be a house of cards waiting to collapse.

Step 1.1: Mission statement and goals

Identify why the VMI exists and what it will achieve.

Whether you are starting your vendor management journey or are already down the path, it is important to know why the vendor management initiative exists and what it hopes to achieve. The easiest way to document this is with a written declaration in the form of a mission statement and goals. Although this is the easiest way to proceed, it is far from easy.

The mission statement should identify at a high level the nature of the services provided by the VMI, who it will serve, and some of the expected outcomes or achievements. The mission statement should be no longer than one or two sentences.

The complement to the mission statement is the list of goals for the VMI. Your goals should not be a reassertion of your mission statement in bullet format. At this stage it may not be possible to make them SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based), but consider making them as SMART as possible. Without some of the SMART parameters attached, your goals are more like dreams and wishes. At a minimum, you should be able to determine the level of success achieved for each of the VMI goals.

Although the VMI’s mission statement will stay static over time (other than for significant changes to the VMI or organization as a whole), the goals should be re-evaluated periodically using a SMART filter and adjusted as needed.

1.1.1: Mission statement and goals

20-40 minutes

1. Meet with the participants and use a brainstorming activity to list on a whiteboard or flip chart the reasons why the VMI will exist.
2. Review external mission statements for inspiration.
3. Review internal mission statements from other areas to ensure consistency.
4. Draft and document your mission statement in the Phase 1 Tools and Templates Compendium, Tab 1.1 Mission Statement and Goals.
5. Continue brainstorming and identify the high-level goals for the VMI.
6. Review the list of goals and make them as SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based) as possible.
7. Document your goals in the Phase 1 Tools and Templates Compendium, Tab 1.1 Mission Statement and Goals.
8. Obtain sign-off on the mission statement and goals from stakeholders and executives as required.

Input

• Brainstorming results
• Mission statements from other internal and external sources

Output

• Completed mission statement and goals

Materials

• Whiteboard/Flip Charts
• Jump – Phase 1 Tools and Templates Compendium, Tab 1.1 Mission Statement and Goals

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Step 1.2: Scope

Determine what is in scope and out of scope for the VMI

Regardless of where your VMI resides or how it operates, it will be working with other areas within your organization. Some of the activities performed by the VMI will be new and not currently handled by other groups or individuals internally; at the same time, some of the activities performed by the VMI may be currently handled by other groups or individuals internally. In addition, executives, stakeholders, and other internal personnel may have expectations or make assumptions about the VMI. As a result, there can be a lot of confusion about what the VMI does and doesn’t do, and the answers cannot always be found in the VMI’s mission statement and goals.

One component of helping others understand the VMI landscape is formalizing the VMI scope. The scope will define boundaries for the VMI. The intent is not to fence itself off and keep others out but provide guidance on where the VMI’s territory begins and ends. Ultimately, this will help clarify the VMI’s roles and responsibilities, improve workflow, and reduce errant assumptions.

When drafting your VMI scoping document, make sure you look at both sides of the equation (similar to what you would do when following best practices for a statement of work): Identify what is in scope and what is out of scope. Be specific when describing the individual components of the VMI scope, and make sure executives and stakeholders are on board with the final version.

1.2.1: Scope

20-40 minutes

1. Meet with the participants and use a brainstorming activity to list on a whiteboard or flip chart the activities and functions in scope and out of scope for the VMI.
   1. Be specific to avoid ambiguity and improve clarity.
   2. Go back and forth between in scope and out of scope as needed; it is not necessary to list all of the in-scope items and then turn your attention to the out-of-scope items.
2. Review the lists to make sure there is enough specificity. An item may be in scope or out of scope but not both.
3. Use the Phase 1 Tools and Templates Compendium, Tab 1.2 Scope, to document the results.
4. Obtain sign-off on the scope from stakeholders and executives as required.

Input

• Brainstorming
• Mission statement and goals

Output

• Completed list of items in and out of scope for the VMI

Materials

• Whiteboard/Flip Charts
• Jump – Phase 1 Tools and Templates Compendium, Tab 1.2 Scope

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Step 1.3: Strengths and obstacles

Pinpoint the VMI’s strengths and obstacles.

A SWOT analysis (strengths, weaknesses, opportunities, and threats) is a valuable tool, but it is overkill for your VMI at this point. However, using a modified and simplified form of this tool (strengths and obstacles) will yield significant results and benefit the VMI as it grows and matures.

Your output will be two lists: the strengths associated with the VMI and the obstacles facing the VMI. For example, strengths could include items such as smart people working within the VMI and executive support. Obstacles could include items such as limited headcount and training required for VMI staff.

The goals are 1) to harness the strengths to help the VMI be successful and 2) to understand the impact of the obstacles and plan accordingly. The output can also be used to enlighten executives and stakeholders about the challenges associated with their directives or requests (e.g. human bandwidth may not be sufficient to accomplish some of the vendor management activities and there is a moratorium on hiring until the next budget year).

For each strength identified, determine how you will or can leverage it when things are going well or when the VMI is in a bind. For each obstacle, list the potential impact on the VMI (e.g. scope, growth rate, and number of vendors that can actively be part of the VMI).

As you do your brainstorming, be as specific as possible and validate your lists with stakeholders and executives as needed.

1.3.1: Strengths and obstacles

20-40 minutes

1. Meet with the participants and use a brainstorming activity to list on a whiteboard or flip chart the VMI’s strengths and obstacles.
   1. Be specific to avoid ambiguity and improve clarity.
   2. Go back and forth between strengths and obstacles as needed; it is not necessary to list all of the strengths and then turn your attention to the obstacles.
   3. It is possible for an item to be a strength and an obstacle; when this happens, add details to distinguish the situations.
2. Review the lists to make sure there is enough specificity.
3. Determine how you will leverage each strength and how you will manage each obstacle.
4. Use the Phase 1 Tools and Templates Compendium, Tab 1.3 Strengths and Obstacles, to document the results.
5. Obtain sign-off on the strengths and obstacles from stakeholders and executives as required.

Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

Input

• Brainstorming
• Mission statement and goals
• Scope

Output

• Completed list of items impacting the VMI’s ability to be successful: strengths the VMI can leverage and obstacles the VMI must manage

Materials

• Whiteboard/Flip Charts
• Jump – Phase 1 Tools and Templates Compendium, Tab 1.3 Strengths and Obstacles

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Step 1.4: Roles and responsibilities

Obtain consensus on who is responsible for what.

One crucial success factor for VMIs is gaining and maintaining internal alignment. There are many moving parts to an organization, and a VMI must be clear on the various roles and responsibilities related to the relevant processes. Some of this information can be found in the VMI’s scope, referenced in Step 1.2, but additional information is required to avoid stepping on each other’s toes since many of the processes require internal departments to work together. (For example, obtaining requirements for a request for proposal takes more than one person or one department to complete this process.) While it is not necessary to get too granular, it is imperative that you have a clear understanding of how the VMI activities will fit within the larger vendor management lifecycle (which is comprised of many sub processes) and who will be doing what.

As we have learned through our workshops and guided implementations, a traditional RACI* or RASCI* chart does not work well for this purpose. These charts are not intuitive, and they lack the specificity required to be effective. For vendor management purposes, a higher-level view and a slightly different approach provide much better results.

This step will lead your through the creation of an OIC* chart to determine vendor management lifecycle roles and responsibilities. Afterward, you’ll be able to say, “Oh, I see clearly who is involved in each part of the process and what their role is.”

*RACI – Responsible, Accountable, Consulted, Informed
*RASCI – Responsible, Accountable, Support, Consulted, Informed
*OIC – Owner, Informed, Contributor

Step 1.4: Roles and responsibilities (cont.)

Obtain consensus on who is responsible for what.

To start, define the vendor management lifecycle steps or process applicable to your VMI. Next, determine who participates in the vendor management lifecycle. There is no need to get too granular – think along the lines of departments, subdepartments, divisions, agencies, or however you categorize internal operational units. Avoid naming individuals other than by title; this typically happens when a person oversees a large group (e.g. the CIO [chief information officer] or the CPO [chief procurement officer]). Be thorough, but the chart can get out of hand quickly. For each role and step of the lifecycle, ask whether the entry is necessary – does it add value to the clarity of understanding the responsibilities associated with the vendor management lifecycle? Consider two examples, one for roles and one for lifecycle steps: 1) Is IT sufficient or do you need IT Operations and IT Development? 2) Is “negotiate contract documents” sufficient or do you need “negotiate the contract” and “negotiate the renewal”? The answer will always depend on your culture and environment, but be wary of creating a spreadsheet that requires an 85-inch monitor to view it in its entirety.

After defining the roles (departments, divisions, agencies) and the vendor management lifecycle steps or process, assign one of three letters to each box in your chart:

• O – Owner – who owns the process; they may also contribute to it.
• I – Informed – who is informed about the progress or results of the process.
• C – Contributor – who contributes or works on the process; it can be tangible or intangible contributions.

This activity can be started by the VMI or done as a group with representatives from each of the named roles. If the VMI starts the activity, the resulting chart should be validated by the each of the named roles.

1.4.1: Roles and responsibilities

1-6 hours

1. Meet with the participants and configure the OIC Chart in the Jump – Phase 1 Tools and Templates Compendium, Tab 1.4 OIC Chart.
   1. Review the steps or activities across the top of the chart and modify as needed.
   2. Review the roles listed along the left side of the chart and modify as needed.
2. For each activity or step across the top of the chart, assign each role a letter – O for owner of that activity or step; I for informed; or C for contributor. Use only one letter per cell.
3. Work your way across the chart. Every cell should have an entry or be left blank if it is not applicable.
4. Review the results and validate that every activity or step has an O assigned to it; there must be an owner for every activity or step.
5. Obtain sign-off on the OIC chart from stakeholders and executives as required.

Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

Input

• A list of activities or steps to complete a project, starting with requirements gathering and ending with ongoing risk management
• A list of internal areas (departments, divisions, agencies, etc.) and stakeholders that contribute to completing a project

Output

• Completed OCI chart indicating roles and responsibilities for the VMI and other internal areas

Materials

• Jump – Phase 1 Tools and Templates Compendium, Tab 1.4 OIC Chart

Participants

• VMI team
• Procurement/Sourcing
• IT
• Representatives from other areas as needed
• Applicable stakeholders and executives as needed

Step 1.5: Process mapping

Diagram the workflow.

Although policies and procedures are important, their nature can make it difficult to grasp how things work at a high level (or even at the detail level). To help bridge the gap, map the applicable processes (determined by how deep and wide you want to go) involving the VMI. To start, look at the OIC chart from Step 1.4. You can expand the breadth and depth of your mapping to include the VMI scope, the 3-year roadmap (see Step 2.9), and the processes driven by the day-to-day work within the VMI.

Various mapping tools can be used. Three common approaches that can be mixed and matched are:

• Traditional flowcharts.
• Swimlane diagrams.
• Work breakdown structures.

Step 1.5: Process mapping (cont.)

Diagram the workflow.

Your goal is not to create an in-depth diagram for every step of the vendor management lifecycle. However, for steps owned by the VMI, the process map should include sufficient details for the owner and the contributors (see Step 1.4) to understand what is required of them to support that step in the lifecycle.

For VMI processes that don’t interact with other departments, follow the same pattern as outlined above for steps owned by the VMI.

Whatever methodology you use to create your process map, make sure it includes enough details so that readers and users can identify the following elements:

• Input:
  • What are the inputs?
  • Where do the inputs originate or come from?
• Process:
  • Who is involved/required for this step?
  • What happens to the inputs in this step?
  • What additional materials, tools, or resources are used or required during this step?
• Output:
  • What are the outputs?
  • Where do the outputs go next?

1.5.1: Process Mapping

1-8 hours (or more)

1. Meet with the participants and determine which processes you want to map.
   1. For processes owned by the VMI, map the entire process.
   2. For processes contributed to by the VMI, map the entire process at a high level and map the VMI portion of the process in greater detail.
2. Select the right charts/diagrams for your output.
   1. Flowchart
   2. Swimlane diagram
   3. Modified SIPOC (Supplier, Input, Process, Output, Customer)
   4. WBS (work breakdown structure)
3. Begin mapping the processes either in a tool or using sticky notes. You want to be able to move the steps and associated information easily; most people don’t map the entire process accurately or with sufficient detail the first time through. An iterative approach works best.
4. Obtain signoff on the process maps from stakeholders and executives as required. A copy of the final output can be kept in the Jump – Phase 1 Tools and Templates Compendium, Tab 1.5 Process Mapping, if desired.

Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

Input

• Existing processes (formal, informal, documented, and undocumented)
• OIC chart

Output

• Process maps for processes contributed to or owned by the VMI

Materials

• Sticky Notes
• Flowchart/process mapping software or something similar
• (Optional) Jump – Phase 1 Tools and Templates Compendium, Tab 1.5 Process Mapping

Participants

• VMI team
• Procurement/Sourcing
• IT
• Representatives from other areas as needed
• Applicable stakeholders and executives (as needed)

Step 1.6: Charter

Document how the VMI will operate.

As you continue getting organized by working through steps 1.1-1.5, you may want to document your progress in a charter and add some elements. Basically, a charter is a written document laying out how the VMI will operate within the organization. It clearly states the VMI’s mission, goals, scope, roles and responsibilities, and vendor governance model. In addition, it can include a list of team members and sponsors.

Whether you create a VMI charter will largely depend on:

• Your organization’s culture.
• Your organization’s formality.
• The perceived value of creating a charter.

If you decide to create a VMI charter, this is a good place in the process to create an initial draft. As you continue working through the blueprint and your VMI matures, update the VMI charter as needed.

VMI Charter:

• Purpose
• Sponsors
• Roles
• Responsibilities
• Governance

1.6.1: Charter

1-4 hours

1. Meet with the participants and review the template in Jump – Phase 1 Tools and Templates Compendium, Tab 1.6 Charter.
2. Determine whether the participants will use this template or add materials to your standard charter template.
3. Complete as much of the charter as possible, knowing that some information may not be available until later.
4. Return to the charter as needed until it is completed.
5. Obtain sign-off on the charter from stakeholders and executives as required.

Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

Input

• Mission statement and goals
• Scope
• Strengths and obstacles
• OIC chart
• List of stakeholders and executives and their VMI roles and responsibilities

Output

• Completed VMI charter

Materials

• Jump – Phase 1 Tools and Templates Compendium, Tab 1.6 Charter
• Your organization’s standard charter document

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Step 1.7: Vendor inventory

Compile a list of vendors and relevant vendor information.

As you prepare your VMI for being operational, it’s critical to identify all of your current vendors providing IT products or services to the organization. This can be tricky and may depend on how you view things internally. For example, you may have traditional IT vendors that are managed by IT, and you may have IT vendors that are managed by other internal departments (shadow IT or out-in-the-open IT). If it wasn’t determined with the help of stakeholders and executives before now, make sure you establish the purview of the VMI at this point. What types of vendors are included and excluded from the VMI?

You may find that a vendor can be included and excluded based on the product or service they provide. A vendor may provide a service that is managed by IT and a service that is managed/controlled by another department. In this instance, a good working relationship and clearly defined roles and responsibilities between the VMI and the other department will be required. But, it all starts with compiling a list of vendors and validating the VMI’s purview (and any limitations) for the vendors with stakeholders and executives.

Step 1.7: Vendor inventory (cont.)

Compile a list of vendors and relevant vendor information.

At a minimum, the VMI should be able to quickly retrieve key information about each of “its” vendors:

• Vendor Name
• Classification (see Steps 2.1 and 3.1)
• Categories of Service
• Names of Products and Services Provided
• Brief Descriptions of Products and Services Provided
• Annualized Vendor Spend
• Vendor Contacts
• Internal Vendor Relationship Owner

Not all of this information will be available at this point, but you can begin designing or configuring your tool to meet your needs. As your VMI enters Phase 3: Run and continues to mature, you will return to this tool and update the information. For example, the vendor classification category won’t be known until Phase 3, and it can change over time.

1.7.1: Vendor inventory

1-10 hours

Meet with the participants and review the Jump – Phase 1 Tools and Templates Compendium, Tab 1.7 Vendor Inventory. Determine whether the VMI wants to collect and/or monitor additional information and make any necessary modifications to the tool.

Enter the “Annual IT Vendor Spend” amount in the appropriate cell toward the top of the spreadsheet. This is for IT spend for vendor-related activities within the VMI’s scope; include shadow IT spend and “non-shadow” IT spend if those vendors will be included in the VMI’s scope.

Populate the data fields for your top 50 vendors by annual spend; you may need multiple entries for the same vendor depending on the nature of the products and services they provide.

Ignore the “Classification” column for now; you will return to this later when classification information is available.

Ignore the “Percentage of IT Budget” column as well; it uses a formula to calculate this information.

Input

• Data from various internal and external sources such as accounts payable, contracts, and vendor websites

Output

• List of vendors with critical information required to manage relationships with key vendors

Materials

• Jump – Phase 1 Tools and Templates Compendium, Tab 1.7 Vendor Inventory

Participants

• VMI team (directly)
• Other internal and external personnel (indirectly)

Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

Step 1.8: Maturity assessment

Establish a VMI maturity baseline and set an ideal future state.

Knowing where you are and where you want to go are essential elements for any journey in the physical world, and the same holds true for your VMI journey. Start by assessing your current-state VMI maturity. This will provide you with a baseline to measure progress against. Next, using the same criteria, determine the level of VMI maturity you would like to achieve one year in the future. This will be your future-state VMI maturity. Lastly, identify the gaps and plot your course.

The maturity assessment provides three main benefits:

1. Focus – you’ll know what is important to you moving forward.
2. 3-Year Roadmap (discussed more fully in Step 2.9) – you’ll have additional input for your short-term and long-term roadmap (1, 2, and 3 years out).
3. Quantifiable Improvement – you’ll be able to measure your progress and make midcourse corrections when necessary.

Step 1.8: Maturity assessment (cont.)

Establish a VMI maturity baseline and set an ideal future state.

The Info-Tech VMI Maturity Assessment tool evaluates your maturity across several criteria across multiple categories. Once completed, the assessment will specify:

• A current-state score by category and overall.
• A target-state score by category and overall.
• A quantifiable gap for each criterion.
• A priority assignment for each criterion.
• A level of effort required by criterion to get from the current state to the target state.
• A target due date by criterion for achieving the target state.
• A rank order for each criterion (note: limit your ranking to your top 7 or 9).

Many organizations will be tempted to mature too quickly. Resource constraints and other items from Step 1.3 (Strengths and Obstacles) will impact how quickly you can mature. Being aggressive is fine, but it must be tempered with a dose of reality. Otherwise, morale, perception, and results can suffer.

1.8.1: Maturity assessment

45-90 minutes

1. Meet with the participants and use Jump – Phase 1 Tools and Templates Compendium, Tab 1.8 Maturity Assessment Input, to complete the first part of this activity. Provide the required information indicated below.
   1. Review each statement in column B and enter a value in the “Current” column using the drop-down menus based on how much you disagree or agree (0-4) with the statement. This establishes a baseline maturity.
   2. Repeat this process for the “Future” column using a target date of one year from now to achieve this level. This is your desired maturity.
   3. Enter information regarding priority, level of effort, and target due date in the applicable columns using the drop-down menus. (Priority levels are critical, high, medium, low, and maintain; Levels of Effort are high, medium, and low; Target Due Dates are broken into timelines: 1-3 months, 4-6 months, 7-9 months, and 10-12 months.)
2. Review the information on Jump – Phase 1 Tools and Templates Compendium, Tab 1.8 Maturity Assessment Output; use the Distribution Tables to help you rank your top priorities. Enter a unique number into the Priority (Rank) column. Limit your ranking to the top 7 to 9 activities to provide focus.