Present Security to Executive Stakeholders

Learn how to communicate security effectively to obtain support from decision makers.

Analyst Perspective

Build and deliver an effective security communication to your executive stakeholders.

As a security leader, you’re tasked with various responsibilities to ensure your organization can achieve its goals while its most important assets are being protected. However, when communicating security to executive stakeholders, challenges can arise in determining what topics are pertinent to present. Changes in the security threat landscape coupled with different business goals make identifying how to present security more challenging. Having a communication framework for presenting security to executive stakeholders will enable you to effectively identify, develop, and deliver your communication goals while obtaining the support you need to achieve your objectives. Ahmad Jowhar Research Specialist, Security & Privacy Info-Tech Research Group

Executive Summary

Info-Tech Insight

Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.

Your challenge

As a security leader, you need to communicate security effectively to executive stakeholders in order to obtain support for your security objectives.

• When it comes to presenting security to executive stakeholders, many security leaders find it challenging to convey the necessary information in order to obtain support for security objectives.
• This is attributed to various factors, such as an increase in the threat landscape, changes to industry regulations and standards, and new organizational goals that security has to align with.
• Furthermore, with the limited time to communicate with executive stakeholders, both in frequency and duration, identifying the most important information to address can be challenging.

76% of security leaders struggle in conveying the effectiveness of a cybersecurity program.

62% find it difficult to balance the risk of too much detail and need-to-know information.

41% find it challenging to communicate effectively with a mixed technical and non-technical audience.

Source: Deloitte, 2022

Common obstacles

There is a disconnect between security leaders and executive stakeholders when it comes to the security posture of the organization:

• Executive stakeholders are not confident that their security leaders are doing enough to mitigate security risks.
• The issue has been amplified, with security threats constantly increasing across all industries.
• However, security leaders don’t feel that they are in a position to make themselves heard.
• The lack of organizational security awareness and support from cross-functional departments has made it difficult to achieve security objectives (e.g. education, investments).
• Defining an approach to remove that disconnect with executive stakeholders is of utmost importance for security leaders, in order to improve their organization’s security posture.

9% of boards are extremely confident in their organization’s cybersecurity risk mitigation measures.

77% of organizations have seen an increase in the number of attacks in 2021.

56% of security leaders claimed their team is not involved when leadership makes urgent security decisions.

Source: EY, 2021

Info-Tech’s methodology for presenting security to executive stakeholders

Develop a structured process for communicating security to your stakeholders

Security presentations are not a one-way street
The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.

Identifying your goals is the foundation of an effective presentation
Defining your drivers and goals for communicating security will enable you to better prepare and deliver your presentation, which will help you obtain your desired outcome.

Harness the power of data
Leveraging data and analytics will help you provide quantitative-based communication, which will result in a more meaningful and effective presentation.

Take your audience on a journey
Developing a storytelling approach will help engage with your audience.

Win your audience by building a rapport
Establishing credibility and trust with executive stakeholders will enable you to obtain their support for security objectives.

Tactical insight
Conduct background research on audience members (i.e. professional background) to help understand how best to communicate with them and overcome potential objections.

Tactical insight
Verifying your objectives at the end of the communication is important, as it ensures you have successfully communicated to executive stakeholders.

Project deliverables

This blueprint is accompanied by a supporting deliverable which includes five security presentation templates.

Report on Security Initiatives Template showing how to inform executive stakeholders of security initiatives.		Security Metrics Template showing how to inform executive stakeholders of current security metrics that would help drive future initiatives.
Security Incident Response & Recovery Template showing how to inform executive stakeholders of security incidents, their impact, and the response plan.		Security Funding Request Template showing how to inform executive stakeholders of security incidents, their impact, and the response plan.

Key template:

Template showing how to inform executive stakeholders of proactive security and risk initiatives.

Blueprint benefits

Measure the value of this blueprint

* The financial figure depicts the annual salary of a CISO in 2022

Source: Chief Information Security Officer Salary.” Salary.com, 2022

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Phase 1

Identify communication goals

This phase will walk you through the following activities:

• Understanding the different drivers for communicating security to executive stakeholders
• Identifying different communication goals

This phase involves the following participants:

• Security leader

1.1. Identify drivers for communicating to executive stakeholders

As a security leader, you meet with executives and stakeholders with diverse backgrounds, and you aim to showcase your organization’s security posture along with its alignment with the business’ goals.

However, with the constant changes in the security threat landscape, demands and drivers for security could change. Thus, understanding potential drivers that will influence your communication will assist you in developing and delivering an effective security presentation.

39% of organizations had cybersecurity on the agenda of their board’s quarterly meeting.

Source: EY, 2021.

Info-Tech Insight

Not all security presentations are the same. Keep your communication strategy and processes agile.

Know your drivers for security presentations

By understanding the influences for your security presentations, you will be able to better plan what to present to executive stakeholders.

• These meetings, which are usually held once per quarter, provide you with less than one hour of presentation time.
• Hence, it is crucial to know why you need to present security and whether these drivers are similar across the other presentations.

Understanding drivers will also help you understand how to present security to executive stakeholders.

• These drivers will shape the structure of your presentation and help determine your approach to communicating your goals.
• For example, financial-based presentations that are driven by budget requests might create a sense of urgency or assurance about investment in a security initiative.

Identify your communication drivers, which can stem from various initiatives and programs, including:

• Results from internal or external audit reports.
• Upcoming budget meetings.
• Briefing newly elected executive stakeholders on security.

When it comes to identifying your communication drivers, you can collaborate with subject matter experts, like your corporate secretary or steering committees, to ensure the material being communicated will align with some of the organizational goals.

Examples of drivers for security presentations

Audit
Upcoming internal or external audits might require updates on the organization’s compliance

Organizational restructuring
Restructuring within an organization could require security updates

Merger & Acquisition
An M&A would trigger presentations on organization’s current and future security posture

Cyber incident
A cyberattack would require an immediate presentation on its impact and the incident response plan

Ad hoc
Provide security information requested by stakeholders

1.2. Define your goals for communicating to executives

After identifying drivers for your communication, it’s important to determine what your goals are for the presentation.

• Communication drivers are mainly triggers for why you want to present security.
• Communication goals are the potential outcomes you are hoping to obtain from the presentation.
• Your communication goals would help identify what data and metrics to include in your presentation, the structure of your communication deck, and how you deliver your communication to executive stakeholders.

Identifying your communication goals could require the participation of the security team, IT leadership, and other business stakeholders.

• As a group, brainstorm the security goals that align with your business goals for the coming year.
  • Aim to have at least two business goals that align with each security goal.
• Identify what benefits and value the executive stakeholders will gain from the security goal being presented.
  • E.g. Increased security awareness, updates on organization's security posture.
• Identify what the ask is for this presentation.
  • E.g. Approval for increasing budget to support security initiatives, executive support to implement internal security programs.

Info-Tech Insight

There can be different reasons to communicate security to executive stakeholders. You need to understand what you want to get out of your presentation.

Examples of security presentation goals

Educate
Educate the board on security trends and/or latest risks in the industry

Update
Provide updates on security initiatives, relevant security metrics, and compliance posture

Inform
Provide an incident response plan due to a security incident or deliver updates on current threats and risks

Investment
Request funding for security investments or financial updates on past security initiatives

Ad hoc
Provide security information requested by stakeholders

Phase 2

Collect information to support goals

This phase will walk you through the following activities:

• Understanding what types of data to include in your security presentations
• Defining where and how to retrieve data

This phase involves the following participants:

• Security leader
• Network/security analyst

2.1 Identify data to collect

After identifying drivers and goals for your communication, it’s important to include the necessary data to justify the information being communicated.

• Leveraging data and analytics will assist in providing quantitative-based communication, which will result in a more meaningful and effective presentation.
• The data presented will showcase the visibility of an organization’s security posture along with potential risks and figures on how to mitigate those risks.
• Providing analysis of the quantitative data presented will also showcase further insights on the figures, allow the audience to better understand the data, and show its relevance to the communication goals.

Identifying data to collect doesn’t need to be a rigorous task; you can follow these steps to help you get started:

• Work with your security team to identify the main type of data applicable to the communication goals.
  • E.g. Financial data would be meaningful to use when communicating a budget presentation.
• Identify supporting data linked to the main data defined.
  • E.g. If a financial investment is made to implement a security initiative, then metrics on improvements to the security posture will be relevant.
• Show how both the main and supporting data align with the communication goals.
  • E.g. Improvement in security posture would increase alignment with regulation standards, which would result in additional contracts being awarded and increased revenue.

Info-Tech Insight

Understand how to present your information in a way that will be meaningful to your audience, for instance by quantifying security risks in financial terms.

Examples of data to present

Educate
Number of organizations in industry impacted by data breaches during past year; top threats and risks affecting the industries

Update
Degree of compliance with standards (e.g. ISO-27001); metrics on improvement of security posture due to security initiatives

Inform
Percentage of impacted clients and disrupted business functions; downtime; security risk likelihood and financial impact

Investment
Capital and operating expenditure for investment; ROI on past and future security initiatives

Ad hoc
Number of security initiatives that went over budget; phishing test campaign results

2.2 Plan how to retrieve the data

Once the data that is going to be used for the presentation has been identified, it is important to plan how the data can be retrieved, processed, and shared.

• Most of the data leveraged for security presentations are structured data, which are highly organized data that are often stored in a relational and easily searchable database.
  • This includes security log reports or expenditures for ongoing and future security investments.
• Retrieving the data, however, would require collaboration and cooperation from different team members.
• You would need to work with the security team and other appropriate stakeholders to identify where the data is stored and who the data owner is.

Once the data source and owner has been identified, you need to plan how the data would be processed and leveraged for your presentation

• This could include using queries to retrieve the relevant information needed (e.g. SQL, Microsoft Excel).
• Verify the accuracy and relevance of the data with other stakeholders to ensure it is the most appropriate data to be presented to the executive stakeholders.

Info-Tech Insight

Using a data-driven approach to help support your objectives is key to engaging with your audience.

Plan where to retrieve the data

Identifying the relevant data sources to retrieve your data and the appropriate data owner enables efficient collaboration between departments collecting, processing, and communicating the data and graphics to the audience.

Examples of where to retrieve your data

Phase 3

Develop communication

This phase will walk you through the following activities:

• Identifying a communication strategy for presenting security
• Identifying security templates that are applicable to your presentation

This phase involves the following participants:

• Security leader

3.1 Plan communication: Know who your audience is

• When preparing your communication, it's important to understand who your target audience is and to conduct background research on them.
• This will help develop your communication style and ensure your presentation caters to the expected audience in the room.

Examples of two profiles in a boardroom

3.1.1 Know what your audience cares about

• Understanding what your executive stakeholders value will equip you with the right information to include in your presentations.
• Ensure you conduct background research on your audience to assist you in knowing what their potential interests are.
• Your background research could include:
  • Researching the audience’s professional background through LinkedIn.
  • Reviewing their comments from past executive meetings.
  • Researching current security trends that align with organizational goals.
• Once the values and risks have been identified, you can document them in notes and share the notes with subject matter experts to verify if these values and risks should be shared in the coming meetings.

A board’s purpose can include the following:

• Sustaining and expanding the organization’s purpose and ability to execute in a competitive market.
• Determining and funding the organization’s future and direction.
• Protecting and increasing shareholder value.
• Protecting the company’s exposure to risks.

Examples of potential values and risks

• Business impact
• Financial impact
• Security and incidents

Info-Tech Insight
Conduct background research on audience members (e.g. professional background on LinkedIn) to help understand how best to communicate to them and overcome potential objections.

Understand your audience’s concerns

• Along with knowing what your audience values and cares about, understanding their main concerns will allow you to address those items or align them with your communication.
• By treating your executive stakeholders as your project sponsors, you would build a level of trust and confidence with your peers as the first step to tackling their concerns.
• These concerns can be derived from past stakeholder meetings, recent trends in the industry, or strategic business alignments.
• After capturing their concerns, you’ll be equipped with the necessary understanding on what material to include and prioritize during your presentations.

Examples of potential concerns for each profile of executive stakeholders

Build your presentation to tackle their main concerns

Your presentation should be well-rounded and compelling when it addresses the board’s main concerns about security.

Checklist:

• Research your target audience (their backgrounds, board composition, dynamics, executive team vs. external group).
• Include value and risk language in your presentation to appeal to your audience.
• Ensure your content focuses on one or more of the board’s main concerns with security (e.g. business impact, investments, or risk).
• Include information about what is in it for them and the organization.
• Research your board’s composition and skillsets to determine their level of technical knowledge and expertise. This helps craft your presentation with the right amount of technology vs. business-facing information.

Info-Tech Insight
The executive stakeholder’s main concerns will always boil down to one important outcome: providing a level of confidence to do business through IT products, services, and systems – including security.

3.1.2 Take your audience through a security journey

• Once you have defined your intended target and their potential concerns, developing the communication through a storytelling approach will be the next step to help build a compelling presentation.
• You need to help your executive stakeholders make sense of the information being conveyed and allow them to understand the importance of cybersecurity.
• Taking your audience through a story will allow them to see the value of the information being presented and better resonate with its message.
• You can derive insights for your storytelling presentation by doing the following:
  • Provide a business case scenario on the topic you are presenting.
  • Identify and communicate the business problem up front and answer the three questions (why, what, how).
  • Quantify the problems in terms of business impact (money, risk, value).

Info-Tech Insight
Developing a storytelling approach will help keep your audience engaged and allow the information to resonate with them, which will add further value to the communication.

Identify the purpose of your presentation

You should be clear about your bottom line and the intent behind your presentation. However, regardless of your bottom line, your presentation must focus on what business problems you are solving and why security can assist in solving the problem.

Examples of communication goals

Info-Tech Insight
Nobody likes surprises. Communicate early and often. The board should be pre-briefed, especially if it is a difficult subject. This also ensures you have support when you deliver a difficult message.

Gather the right information to include in your boardroom presentation

Once you understand your target audience, it’s important to tailor your presentation material to what they will care about.

Typical IT boardroom presentations include:

• Communicating the value of ongoing business technology initiatives.
• Requesting funds or approval for a business initiative that IT is spearheading.
• Security incident response/Risk/DRP.
• Developing a business program or an investment update for an ongoing program.
• Business technology strategy highlights and impacts.
• Digital transformation initiatives (value, ROI, risk).

Info-Tech Insight
You must always have a clear goal or objective for delivering a presentation in front of your board of directors. What is the purpose of your board presentation? Identify your objective and outcome up front and tailor your presentation’s story and contents to fit this purpose.

Info-Tech Insight
Telling a good story is not about the message you want to deliver but the one the executive stakeholders want to hear. Articulate what you want them to think and what you want them to take away, and be explicit about it in your presentation. Make your story logically flow by identifying the business problem, complication, the solution, and how to close the gap. Most importantly, communicate the business impacts the board will care about.

Structure your presentation to tell a logical story

To build a strong story for your presentation, ensure you answer these three questions:

Examples:

Scenario 1: The company has experienced a security incident.

Intent: To inform/educate the board about the security incident.

Scenario 2: Security is recommending investments based on strategic priorities.

Intent: To reach a decision with the board – approve investment proposal.

Time plays a key role in delivering an effective presentation

What you include in your story will often depend on how much time you have available to deliver the message.

Consider the following:

• Presenting to executive stakeholders often means you have a short window of time to deliver your message. The average executive stakeholder presentation is 15 minutes, and this could be cut short due to other unexpected factors.
• If your presentation is too long, you risk overwhelming or losing your audience. You must factor in the time constraints when building your board presentation.
• Your executive stakeholders have a wealth of experience and knowledge, which means they could jump to conclusions quickly based on their own experiences. Ensure you give them plenty of background information in advance. Provide your presentation material, a brief, or any other supporting documentation before the meeting to show you are well prepared.
• Be prepared to have deep conversations about the topic, but respect that the executive stakeholders might not be interested in hearing the tactical information. Build an elevator pitch, a one-pager, back-up slides that support your ask and the story, and be prepared to answer questions within your allotted presentation time to dive deeper.

Navigating through Q&A

Use the Q&A portion to build credibility with the board.

• It is always better to say, “I’m not certain about the answer but will follow up,” than to provide false or inaccurate information on the spot.
• When asked challenging or irrelevant questions, ensure you have an approach to deflect them. Questions can often be out of scope or difficult to answer in a group. Find what works for you to successfully navigate through these questions:
  • “Let’s work with the sub-committee to find you an answer.”
  • “Let’s take that offline to address in more detail.”
  • “I have some follow-up material I can provide you to discuss that further after our meeting.”
• And ensure you follow up! Make sure to follow through on your promise to provide information or answers after the meeting. This helps build trust and credibility with the board.

Info-Tech Insight
The average board presentation is 15 minutes long. Build no more than three or four slides of content to identify the business problem, the business impacts, and the solution. Leave five minutes for questions at the end, and be prepared with back-up slides to support your answers.

Storytelling checklist

Checklist:

• Tailor your presentation based on how much time you have.
• Find out ahead of time how much time you have.
• Identify if your presentation is to inform/educate or reach a decision.
• Identify and communicate the business problem up front and answer the three questions (why, what, how).
• Express the problem in terms of business impact (risk, value, money).
• Prepare and send pre-meeting collateral to the members of the board and executive team.
• Include no more than 5-6 slides for your presentation.
• Factor in Q&A time at the end of your presentation window.
• Articulate what you want them to think and what you want them to take away – put it right up front and remind them at the end.
• Have an elevator speech handy – one or two sentences and a one-pager version of your story.
• Consider how you will build your relationship with the members outside the boardroom.

3.1.3 Build a compelling communication document

Once you’ve identified your communication goals, data, and plan to present to your stakeholders, it’s important to build the compelling communication document that will attract all audiences.

A good slide design increases the likelihood that the audience will read the content carefully.

• Bad slide structure (flow) = Audience loses focus
  • You can have great content on a slide, but if a busy audience gets confused, they’ll just close the file or lose focus. Structure encompasses horizontal and vertical logic.
• Good visual design = Audience might read more
  • Readers will probably skim the slides first. If the slides look ugly, they will already have a negative impression. If the slides are visually appealing, they will be more inclined to read carefully. They may even use some slides to show others.
• Good content + Good structure + Visual appeal = Good presentation
  • A presentation is like a house. Good content is the foundation of the house. Good structure keeps the house strong. Visual appeal differentiates houses.

Slide design best practices

Leverage these slide design best practices to assist you in developing eye-catching presentations.

• Easy to read: Assume reader is tight on time. If a slide looks overwhelming, the reader will close the document.
• Concise and clear: Fewer words = more skim-able.
• Memorable: Use graphics and visuals or pithy quotes whenever you can do so appropriately.
• Horizontal logic: Good horizontal logic will have slide titles that cascade into a story with no holes or gaps.
• Vertical logic: People usually read from left to right, top to bottom, or in a Z pattern. Make sure your slide has an intuitive flow of content.
• Aesthetics: People like looking at visually appealing slides, but make sure your attempts to create visual appeal do not detract from the content.

Your presentation must have a logical flow

Vertical logic should be intuitive

The audience is unsure where to look and in what order.	The audience knows to read the heading first. Then look within the pie chart. Then look within the white boxes to the right.

Horizontal and vertical logic checklists

Make it easy to read

Unnecessary coloring makes it hard on the eyes Margins for title at top is too small Content is not skim-able (best to break up the slide)	Increase skim-ability: Emphasize the subheadings Bold important words Make it easier on the eyes: Declutter and add sections Have more white space

Be concise and clear

1. Write your thoughts down
   • This gets your content documented.
   • Don’t worry about clarity or concision yet.
2. Edit for clarity
   • Make sure the key message is very clear.
   • Find your thesis statement.
3. Edit for concision
   • Remove unnecessary words.
   • Use the active voice, not passive voice (see below for examples).

Be memorable

Easy to read, but hard to remember the stats.	The visuals make it easier to see the size of the problem and make it much more memorable. Remember to: Have some kind of visual (e.g. graphs, icons, tables). Divide the content into sections. Have a bit of color on the page.

Aesthetics

This draft slide is just content from the outline document on a slide with no design applied yet.	Have some kind of visual (e.g. graphs, icons, tables) as long as it’s appropriate. Divide the content into sections. Have a bit of color on the page. Bold or italicize important text.

Why use visuals?

How graphics affect us

Cognitively

• Engage our imagination
• Stimulate the brain
• Heighten creative thinking
• Enhance or affect emotions

Emotionally

• Enhance comprehension
• Increase recollection
• Elevate communication
• Improve retention

Visual clues

• Help decode text
• Attract attention
• Increase memory

Persuasion

• 43% more effective than text alone

Source: Management Information Systems Research Center

Presentation format

Often stakeholders prefer to receive content in a specific format. Make sure you know what you require so that you are not scrambling at the last minute.

• Is there a standard presentation template?
• Is a hard-copy handout required?
• Is there a deadline for draft submission?
• Is there a deadline for final submission?
• Will the presentation be circulated ahead of time?
• Do you know what technology you will be using?
• Have you done a dry run in the meeting room?
• Do you know the meeting organizer?

Checklist to build compelling visuals in your presentation

Leverage this checklist to ensure you are creating the perfect visuals and graphs for your presentation.

Checklist:

• Do the visuals grab the audience’s attention?
• Will the visuals mislead the audience/confuse them?
• Do the visuals facilitate data comparison or highlight trends and differences in a more effective manner than words?
• Do the visuals present information simply, cleanly, and accurately?
• Do the visuals display the information/data in a concentrated way?
• Do the visuals illustrate messages and themes from the accompanying text?

3.2 Security communication templates

Once you have identified your communication goals and plans for building your communication document, you can start building your presentation deck. These presentation templates highlight different security topics depending on your communication drivers, goals, and available data. Info-Tech has created five security templates to assist you in building a compelling presentation. These templates provide support for presentations on the following five topics: Security Initiatives Security & Risk Update Security Metrics Security Incident Response & Recovery Security Funding Request Each template provides instructions on how to use it and tips on ensuring the right information is being presented. All the templates are customizable, which enables you to leverage the sections you need while also editing any sections to your liking.

Download the Security Presentation Templates

Security template example

It’s important to know that not all security presentations for an organization are alike. However, these templates would provide a guideline on what the best practices are when communicating security to executive stakeholders.

Below is an example of instructions to complete the “Security Risk & Update” template. Please note that the security template will have instructions to complete each of its sections.

The first slide following the title slide includes a brief executive summary on what would be discussed in the presentation. This includes the main security threats that would be addressed and the associated risk mitigation strategies.	This slide depicts a holistic overview of the organization’s security posture in different areas along with the main business goals that security is aligning with. Ensure visualizations you include align with the goals highlighted.

Security template example (continued)

This slide displays any top threats and risks an organization is facing. Each threat consists of 2-3 risks and is prioritized based on the negative impact it could have on the organization (i.e. red bar = high priority; green bar = low priority). Include risks that have been addressed in the past quarter, and showcase any prioritization changes to those risks.

This slide follows the “Top Threats & Risks” slide and focuses on the risks that had medium or high priority. You will need to work with subject matter experts to identify risk figures (likelihood, financial impact) that will enable you to quantify the risks (Likelihood x Financial Impact). Develop a threshold for each of the three columns to identify which risks require further prioritization, and apply color coding to group the risks.

Security template example (continued)

This slide showcases further details on the top risks along with their business impact. Be sure to include recommendations for the risks and indicate whether further action is required from the executive stakeholders.	The last slide of the “Security Risk & Update” template presents a timeline of when the different initiatives to mitigate security risks would begin. It depicts what initiatives will be completed within each fiscal year and the total number of months required. As there could be many factors to a project’s timeline, ensure you communicate to your executive stakeholders any changes to the project.

Phase 4

Deliver communication

This phase will walk you through the following activities:

• Identifying a strategy to deliver compelling presentations
• Ensuring you follow best practices for communicating and obtaining your security goals

This phase involves the following participants:

• Security leader

4.1 Deliver a captivating presentation

You’ve gathered all your data, you understand what your audience is expecting, and you are clear on the outcomes you require. Now, it’s time to deliver a presentation that both engages and builds confidence.

Follow these tips to assist you in developing an engaging presentation:

• Start strong: Give your audience confidence that this will be a good investment of their time. Establish a clear direction for what’s going to be covered and what the desired outcome is.
• Use your time wisely: Odds are, your audience is busy, and they have many other things on their minds. Be prepared to cover your content in the time allotted and leave sufficient time for discussion and questions.
• Be flexible while presenting: Do not expect that your presentation will follow the path you have laid out. Anticipate jumping around and spending more or less time than you had planned on a given slide.

Keep your audience engaged with these steps

• Be ready with supporting data. Don’t make the mistake of not knowing your content intimately. Be prepared to answer questions on any part of it. Senior executives are experts at finding holes in your data.
• Know your audience. Who are you presenting to? What are their specific expectations? Are there sensitive topics to be avoided? You can’t be too prepared when it comes to understanding your audience.
• Keep it simple. Don’t assume that your audience wants to learn the details of your content. Most just want to understand the bottom line, the impact on them, and how they can help. More is not always better.
• Focus on solving issues. Your audience members have many of their own problems and issues to worry about. If you show them how you can help make their lives easier, you’ll win them over.

Info-Tech Insight
Establishing credibility and trust with executive stakeholders is important to obtaining their support for security objectives.

Be honest and straightforward with your communication

• Be prepared. Being properly prepared means not only that your update will deliver the value that you expect, but also that you will have confidence and the flexibility you require when you’re taken off track.
• Don’t sugarcoat it. These are smart, driven people that you are presenting to. It is neither beneficial nor wise to try to fool them. Be open and transparent about problems and issues. Ask for help.
• No surprises. An executive stakeholder presentation is not the time or the place for a surprise. Issues seen as unexpected or contentious should always be dealt with prior to the meeting with those most impacted.

Hone presentation skills before meeting with the executive stakeholders

Checklist for presentation logistics

Optimize the timing of your presentation:

• Less is more: Long presentations are detrimental to your cause – they lead to your main points being diluted. Keep your presentation short and concise.
• Keep information relevant: Only present information that is important to your audience. This includes the information that they are expecting to see and information that connects to the business.
• Expect delays: Your audience will likely have questions. While it is important to answer each question fully, it will take away from the precious time given to you for your presentation. Expect that you will not get through all the information you have to present.

Script your presentation:

• Use a script to stay on track: Script your presentation before the meeting. A script will help you present your information in a concise and structured manner.
• Develop a second script: Create a script that is about half the length of the first script but still contains the most important points. This will help you prepare for any delays that may arise during the presentation.
• Prepare for questions: Consider questions that may be asked and script clear and concise answers to each.
• Practice, practice, practice: Practice your presentation until you no longer need the script in front of you.

Checklist for presentation logistics (continued)

Other considerations:

• After the introduction of your presentation, clearly state the objective – don’t keep people guessing and consequently lose focus on your message.
• After the presentation is over, document important information that came up. Write it down or you may forget it soon after.
• Rather than create a long presentation deck full of detailed slides that you plan to skip over during the presentation, create a second, compact deck that contains only the slides you plan to present. Send out the longer deck after the presentation.

Checklist for delivering a captivating presentation

Leverage this checklist to ensure you are prepared to develop and deliver an engaging presentation.

Checklist:

• Start with a story or something memorable to break the ice.
• Go in with the end state in mind (focus on the outcome/end goal and work back from there) – What’s your call to action?
• Content must compliment your end goal, filter out any content that doesn’t compliment the end goal.
• Be prepared to have less time to speak. Be prepared with shorter versions of your presentation.
• Include an appendix with supporting data, but don’t be data heavy in your presentation. Integrate the data into a story. The story should be your focus.

Checklist for delivering a captivating presentation (continued)

• Be deliberate in what you want to show your audience.
• Ensure you have clean slides so the audience can focus on what you’re saying.
• Practice delivering your content multiple times alone and in front of team members or your Info-Tech counselor, who can provide feedback.
• How will you handle being derailed? Be prepared with a way to get back on track if you are derailed.
• Ask for feedback.
• Record yourself presenting.

4.2 Obtain and verify support on security goals

Once you’ve delivered your captivating presentation, it’s imperative to communicate with your executive stakeholders.

• This is your opportunity to open the floor for questions and clarify any information that was conveyed to your audience.
• Leverage your appendix and other supporting documents to justify your goals.
• Different approaches to obtaining and verifying your goals could include:
  • Acknowledgment from the audience that information communicated aligns with the business’s goals.
  • Approval of funding requests for security initiatives.
  • Written and verbal support for implementation of security initiatives.
  • Identifying next steps for information to communicate at the next executive stakeholder meeting.

Info-Tech Insight
Verifying your objectives at the end of the presentation is important, as it ensures you have successfully communicated to executive stakeholders.

Checklist for obtaining and verify support on security goals

Follow this checklist to assist you in obtaining and verifying your communication goals.

Checklist:

• Be clear about follow-up and next steps if applicable.
• Present before you present: Meet with your executive stakeholders before the meeting to review and discuss your presentation and other supporting material and ensure you have executive/CEO buy-in.
• “Be humble, but don’t crumble” – demonstrate to the executive stakeholders that you are an expert while admitting you don’t know everything. However, don’t be afraid to provide your POV and defend it if need be. Strike the right balance to ensure the board has confidence in you while building a strong relationship.
• Prioritize a discussion over a formal presentation. Create an environment where they feel like they are part of the solution.

Summary of Accomplishment

Problem Solved

A better understanding of security communication drivers and goals

• Understanding the difference between communication drivers and goals
• Identifying your drivers and goals for security presentation

A developed a plan for how and where to retrieve data for communication

• Insights on what type of data can be leveraged to support your communication goals
• Understanding who you can collaborate with and potential data sources to retrieve data from

A solidified communication plan with security templates to assist in better presenting to your audience

• A guideline on how to prepare security presentations to executive stakeholders
• A list of security templates that can be customized and used for various security presentations

A defined guideline on how to deliver a captivating presentation to achieve your desired objectives

• Clear message on best practices for delivering security presentations to executive stakeholders
• Understanding how to verify your communication goals have been obtained

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information.

workshops@infotech.com

1-888-670-8889

Related Info-Tech Research

Build an Information Security Strategy
This blueprint will walk you through the steps of tailoring best practices to effectively manage information security.

Build a Security Metrics Program to Drive Maturity
This blueprint will assist you in identifying security metrics that can tie to your organizational goals and build those metrics to achieve your desired maturity level.

Bibliography

Bhadauriya, Amit S. “Communicating Cybersecurity Effectively to the Board.” Metricstream. Web.
Booth, Steven, et al. “The Biggest Mistakes Made When Presenting Cyber Security to Senior Leadership or the Board, and How to Fix Them.” Mandiant, May 2019. Web.
Bradford, Nate. “6 Slides Every CISO Should Use in Their Board Presentation.” Security Boulevard, 9 July 2020. Web.
Buckalew, Lauren, et al. “Get the Board on Board: Leading Cybersecurity from the Top Down.” Newsroom, 2 Dec. 2019. Web.
Burg, Dave, et al. “Cybersecurity: How Do You Rise above the Waves of a Perfect Storm?” EY US - Home, EY, 22 July 2021. Web.
Carnegie Endowment for International Peace. Web.
“Chief Information Security Officer Salary.” Salary.com, 2022. Web.
“CISO's Guide to Reporting to the Board - Apex Assembly.” CISO's Guide To Reporting to the Board. Web.
“Cyber Security Oversight in the Boardroom” KPMG, Jan. 2016. Web.
“Cybersecurity CEO: My 3 Tips for Presenting in the Boardroom.” Cybercrime Magazine, 31 Mar. 2020. Web.
Dacri , Bryana. Do's & Don'ts for Security Professionals Presenting to Executives. Feb. 2018. Web.
Froehlich, Andrew. “7 Cybersecurity Metrics for the Board and How to Present Them: TechTarget.” Security, TechTarget, 19 Aug. 2022. Web.
“Global Board Risk Survey.” EY. Web.
“Guidance for CISOs Presenting to the C-Suite.” IANS, June 2021. Web.
“How to Communicate Cybersecurity to the Board of Directors.” Cybersecurity Conferences & News, Seguro Group, 12 Mar. 2020. Web.
Ide, R. William, and Amanda Leech. “A Cybersecurity Guide for Directors” Dentons. Web.
Lindberg, Randy. “3 Tips for Communicating Cybersecurity to the Board.” Cybersecurity Software, Rivial Data Security, 8 Mar. 2022. Web.
McLeod, Scott, et al. “How to Present Cybersecurity to Your Board of Directors.” Cybersecurity & Compliance Simplified, Apptega Inc, 9 Aug. 2021. Web.
Mickle, Jirah. “A Recipe for Success: CISOs Share Top Tips for Successful Board Presentations.” Tenable®, 28 Nov. 2022. Web.
Middlesworth, Jeff. “Top-down: Mitigating Cybersecurity Risks Starts with the Board.” Spiceworks, 13 Sept. 2022. Web.
Mishra, Ruchika. “4 Things Every CISO Must Include in Their Board Presentation.” Security Boulevard, 17 Nov. 2020. Web.
O’Donnell-Welch, Lindsey. “CISOs, Board Members and the Search for Cybersecurity Common Ground.” Decipher, 20 Oct. 2022. Web.

Bibliography

“Overseeing Cyber Risk: The Board's Role.” PwC, Jan. 2022. Web.
Pearlson, Keri, and Nelson Novaes Neto. “7 Pressing Cybersecurity Questions Boards Need to Ask.” Harvard Business Review, 7 Mar. 2022. Web.
“Reporting Cybersecurity Risk to the Board of Directors.” Web.
“Reporting Cybersecurity to Your Board - Steps to Prepare.” Pondurance ,12 July 2022. Web.
Staynings, Richard. “Presenting Cybersecurity to the Board.” Resource Library. Web.
“The Future of Cyber Survey.” Deloitte, 29 Aug. 2022. Web.
“Top Cybersecurity Metrics to Share with Your Board.” Packetlabs, 10 May 2022. Web.
Unni, Ajay. “Reporting Cyber Security to the Board? How to Get It Right.” Cybersecurity Services Company in Australia & NZ, 10 Nov. 2022. Web.
Vogel, Douglas, et al. “Persuasion and the Role of Visual Presentation Support.” Management Information Systems Research Center, 1986.
“Welcome to the Cyber Security Toolkit for Boards.” NCSC. Web.

Research Contributors

• Fred Donatucci, New-Indy Containerboard, VP, Information Technology
• Christian Rasmussen, St John Ambulance, Chief Information Officer
• Stephen Rondeau, ZimVie, SVP, Chief Information Officer

Create a Transparent and Defensible IT Budget

Build in approvability from the start.

EXECUTIVE BRIEF

Analyst Perspective

A budget’s approvability is about transparency and rationale, not the size of the numbers.

It’s that time of year again – budgeting. Most organizations invest a lot of time and effort in a capital project selection process, tack a few percentage points onto last year’s OpEx, do a round of trimming, and call it a day. However, if you want to improve IT financial transparency and get your business stakeholders and the CFO to see the true value of IT, you need to do more than this. Yourcrea IT budget is more than a once-a-year administrative exercise. It’s an opportunity to educate, create partnerships, eliminate nasty surprises, and build trust. The key to doing these things rests in offering a range of budget perspectives that engage and make sense to your stakeholders, as well as providing iron-clad rationales that tie directly to organizational objectives. The work of setting and managing a budget never stops – it’s a series of interactions, conversations, and decisions that happen throughout the year. If you take this approach to budgeting, you’ll greatly enhance your chances of creating and presenting a defensible annual budget that gets approved the first time around.

Jennifer Perrier Principal Research Director IT Financial Management Practice Info-Tech Research Group

Executive Summary

Info-Tech Insight
CIOs need a straightforward way to create and present an approval-ready IT budget that demonstrates the value IT is delivering to the business and speaks directly to different stakeholder priorities.

IT struggles to get budgets approved due to low transparency and failure to engage

Reflect on the numbers…

To move forward, first you need to get unstuck

Today’s IT budgeting challenges have been growing for a long time. Overcoming these challenges means untangling yourself from the grip of the root causes.

The three principles above are all about IT’s changing relationship to the business. IT leaders need a systematic and repeatable approach to budgeting that addresses these principles by:

• Clearly illustrating the alignment between the IT budget and business objectives.
• Showing stakeholders the overall value that IT investment will bring them.
• Demonstrating where IT is already realizing efficiencies and economies of scale.
• Gaining consensus on the IT budget from all parties affected by it.

“The culture of the organization will drive your success with IT financial management.”

– Dave Kish, Practice Lead, IT Financial Management Practice, Info-Tech Research Group

Info-Tech’s approach

CIOs need a straightforward way to convince approval-granting CFOs, CEOs, boards, and committees to spend money on IT to advance the organization’s strategies.

IT budget approval cycle

The Info-Tech difference:

This blueprint provides a framework, method, and templated exemplars for building and presenting your IT budget to different stakeholders. These will speed the approval process and ensure that a higher percentage of your proposed spend is approved.

Info-Tech’s methodology for how to create a transparent and defensible it budget

Insight summary

Overarching insight: Create a transparent and defensible IT budget

CIOs need a straightforward way to create and present an approval-ready IT budget that demonstrates the value IT is delivering to the business and speaks directly to different stakeholder priorities.

Phase 1 insight: Lay your foundation

IT needs to step back and look at it’s budget-creation process by first understanding exactly what a budget is intended to do and learning what the IT budget means to IT’s various business stakeholders.

Phase 2 Insight: Get into budget-starting position

Presenting your proposed IT budget in the context of past IT expenditure demonstrates a pattern of spend behavior that is fundamental to next year’s expenditure rationale.

Phase 3 insight: Develop your forecasts

Forecasting costs according to a range of views, including CapEx vs. OpEx and project vs. non-project, and then positioning it according to different stakeholder perspectives, is key to creating a transparent budget.

Phase 4 insight: Build your proposed budget

Fine-tuning and hardening the rationales behind every aspect of your proposed budget is one of the most important steps for facilitating the budgetary approval process and increasing the amount of your budget that is ultimately approved.

Phase 5 insight: Create and deliver your budget presentation

Selecting the right content to present to your various stakeholders at the right level of granularity ensures that they see their priorities reflected in IT’s budget, driving their interest and engagement in IT financial concerns.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

IT Cost Forecasting and Budgeting Workbook This Excel tool allows you to capture and work through all elements of your IT forecasting from the perspective of multiple key stakeholders and generates compelling visuals to choose from to populate your final executive presentation.

Also download this completed sample:

Sample: IT Cost Forecasting and Budgeting Workbook

Key deliverable

IT Budget Executive Presentation Template

Phase 5: Create a focused presentation for your proposed IT budget that will engage your audience and facilitate approval.

Blueprint benefits

Measure the value of this blueprint

Ease budgetary approval and improve its accuracy.

Near-term goals

• Percentage of budget approved: Target 95%
• Percentage of IT-driven projects approved: Target 100%
• Number of iterations/re-drafts required to proposed budget: One iteration

Long-term goal

• Variance in budget vs. actuals: Actuals less than budget and within 2%

In Phases 1 and 2 of this blueprint, we will help you understand what your approvers are looking for and gather the right data and information.

In Phase 3, we will help you forecast your IT costs it terms of four stakeholder views so you can craft a more meaningful IT budget narrative.

In Phases 4 and 5, we will help you build a targeted presentation for your proposed IT budget.

Value you will receive:

1. Increased forecast accuracy through using a sound cost-forecasting methodology.
2. Improved budget accuracy by applying more thorough and transparent techniques.
3. Increased budget transparency and completeness by soliciting input earlier and validating budgeting information.
4. Stronger alignment between IT and enterprise goals through building a better understanding of the business values and using language they understand.
5. A more compelling budget presentation by offering targeted, engaging, and rationalized information.
6. A faster budgeting rework process by addressing business stakeholder concerns the first time.

An analogy…

“A budget isn’t like a horse and cart – you can’t get in front of it or behind it like that. It’s more like a river…

When developing an annual budget, you have a good idea of what the OpEx will be – last year’s with an annual bump. You know what that boat is like and if the river can handle it.

But sometimes you want to float bigger boats, like capital projects. But these boats don’t start at the same place at the same time. Some are full of holes. And does your river even have the capacity to handle a boat of that size?

Some organizations force project charters by a certain date and only these are included in the following year’s budget. The project doesn’t start until 8-12 months later and the charter goes stale. The river just can’t float all these boats! It’s a failed model. You have to have a great governance processes and clear prioritization so that you can dynamically approve and get boats on the river throughout the year.”

– Mark Roman, Managing Partner, Executive Services,
Info-Tech Research Group and Former Higher Education CIO

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 8 to 12 calls over the course of 4 to 6 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Phase 1

Lay Your Foundation

This phase will walk you through the following activities:

• Seeing your budget as a living governance tool
• Understanding the point of view of different stakeholders
• Gaining tactics for setting future IT spend expectations

This phase involves the following participants:

• Head of IT
• IT Financial Lead
• Other IT Management

Lay Your Foundation

Before starting any process, you need to understand exactly why you’re doing it.

This phase is about understanding the what, why, and who of your IT budget.

• Understand what your budget is and does. A budget isn’t just an annual administrative event – it’s an important governance tool. Understand exactly what a budget is and your budgetary accountabilities as an IT leader.
• Know your stakeholders. The CFO, CEO, and CXOs in your organization have their own priorities, interests, and professional mandates. Get to know what their objectives are and what IT’s budget means to them.
• Continuously pre-sell your budget. Identifying, creating, and capitalizing on opportunities to discuss your budget well in advance of its formal presentation will get influential stakeholders and approvers on side, foster collaborations, and avoid unpleasant surprises on all fronts.

“IT finance is more than budgeting. It’s about building trust and credibility in where we’re spending money, how we’re spending money. It’s about relationships. It’s about financial responsibility, financial accountability. I rely on my entire leadership team to all understand what their spend is. We are a steward of other people’s money.”

– Rick Hopfer, CIO, Hawaii Medical Service Association

What does your budget actually do?

A budget is not just a painful administrative exercise that you go through once a year.

Most people know what a budget is, but it’s important to understand its true purpose and how it’s used in your organization before you engage in any activity or dialogue about it.

In strictly objective terms:

• A budget is a calculated estimate of income vs. expenditure for a period in the future, often one year. Basically, it’s an educated guess about how much money will come into a business entity or unit and how much money will go out of it.
• A balanced budget is where income and expenditure amounts are equal.
• The goal in most organizations is for the income component of the budget to match or exceed the expenditure component.
  If it doesn’t, this results in a deficit that may lead to debt.

Simply put, a budget’s fundamental purpose is to plan and communicate how an organization will avoid deficit and debt and remain financially viable while meeting its various accountabilities and responsibilities to its internal and external stakeholders.

“CFOs are not thinking that they want to shut down IT spend. Nobody wants to do that. I always looked at things in terms of revenue streams – where the cash inflow is coming from, where it’s going to, and if I can align my cash outflows to my revenue stream. Where I always got suspicious as a CFO is if somebody can’t articulate spending in terms of a revenue stream. I think that’s how most CFOs operate.”

– Carol Carr, Technical Counselor,
Info-Tech Research Group and Former CFO

Put your IT budget in context

Your IT budget is just one of several budgets across your organization that, when combined, create an organization-wide budget. In this context, IT’s in a tough spot.

It’s a competition: The various units in your organization are competing for the biggest piece they can get of the limited projected income pie. It’s a zero-sum game. The organization’s strategic and operational priorities will determine how this projected income is divvied up.

Direct-to-revenue units win: Business units that directly generate revenue often get bigger relative percentages of the organizational budget since they’re integral to bringing in the projected income part of the budget that allows the expenditure across all business units to happen in the first place.

Indirect-to-revenue units lose: Unlike sales units, for example, IT’s relationship to projected income tends to be indirect, which means that IT must connect a lot more dots to illustrate its positive impact on projected income generation.

In financial jargon, IT really is a cost center: This indirect relationship to revenue also explains why the focus of IT budget conversations is usually on the expenditure side of the equation, meaning it doesn’t have a clear positive impact on income.

Contextual metrics like IT spend as a percentage of revenue, IT OpEx as a percentage of organizational OpEx, and IT spend per organizational employee are important baseline metrics to track around your budget, internally benchmark over time, and share, in order to illustrate exactly where IT fits into the broader organizational picture.

Budgeting isn’t a once-a-year thing

Yet, many organizations treat it like a “one and done” point of annual administration. This is a mistake that misses out on the real benefits of budgeting.

Many organizations have an annual budgeting and planning event that takes place during the back half of the fiscal year. This is where all formal documentation around planned projects and proposed spend for the upcoming year is consolidated, culminating in final presentation, adjustment, and approval. It’s basically a consolidation and ranking of organization-wide priorities at the highest level.

If things are running well, this culmination point in the overall budget development and management process is just a formality, not the beginning, middle, and end of the real work. Ideally:

• Budgets are actually used: The whole organization uses budgets as tools to actively manage day-to-day operations and guide decision making throughout the year in alignment with priorities as opposed to something that’s put on a shelf or becomes obsolete within a few months.
• Interdependencies are evident: No discrete area of spend focus is an island – it’s connected directly or indirectly with other areas of spend, both within IT and across the organization. For example, one server interacts with multiple business applications, IT and business processes, multiple IT staff, and even vendors or external managed service providers. Cost-related decisions about that one server – maintain, repurpose, consolidate, replace, discard – will drive other areas of spend up or down.
• There are no surprises: While this does happen, your budget presentation isn’t a great time to bring up a new point of significant spend for the first time. The items in next year’s proposed budget should be priorities that are already known, vetted, supported, and funded.

"A well developed and presented budget should be the numeric manifestation of your IT strategy that’s well communicated and understood by your peers. When done right, budgets should merely affirm what’s already been understood and should get approved with minimal pushback.“

– Patrick Gray, TechRepublic, 2020

Understand your budgetary responsibilities as the IT leader

It’s in your job description. For some stakeholders, it’s the most important part of it.

While not a contract per se, your IT budget is an objective and transparent statement made in good faith that shows:

• You know what it takes to keep the organization viable.
• You understand the organization’s accountabilities and responsibilities as well as those of its leaders.
• You’re willing and able to do your part to meet these accountabilities and responsibilities.
• You know what your part of this equation is, as well as what parts should and must be played by others.

When it comes to your budget (and all things financial), your job is to be ethical, careful, and wise:

1. Be honest. Business ethics matter.
2. Be as accurate as possible. Your expenditure predictions won’t be perfect, but they need to be best-effort and defensible.
3. Respect the other players. They have their own roles, motivations, and mandates. Accept and respect these by being a supporter of their success instead of an obstacle to them achieving it.
4. Connect the dots to income. Always keep the demonstration of business value in your sights. Often, IT can’t draw a straight line to income, but demonstrating how IT expenditure supports and benefits future, current, and past (but still relevant) business goals and strategies, which in turn affect income, is the best course.
5. Provide alternatives. There are only so many financial levers your organization can pull. An action on one lever will have wanted and unwanted consequences on another. Aim to put financial discussions in terms of risk-focused “what if” stories and let your business partners decide if those risks are satisfactory.

Budgeting processes tend to be similar – it’s budgeting cultures that drive differences

The basic rules of good budgeting are the same everywhere. Bad budgeting processes, however, are usually caused by cultural factors and can be changed.

1.1 Review your budgeting process and culture

1 hour

1. Review the following components of your budget process using the questions provided for each as a guideline.
1. Legal and regulatory mandates. What are the external rules that govern how we do financial tracking and reporting? How do they manifest in our processes?
2. Accounting rules used. What rules does our finance department use and why? Do these rules allow for more meaningful representations of IT spend? Are there policies or practices in place that don’t appear to be backed by any external standards?
3. Timeframes and deadlines. Are we starting the budgeting process too late? Do we have enough time to do proper due diligence? Will expenditures approved now be out of date when we go to execute? Are there mechanisms to update spend plans mid-cycle?
4. Order of operations. What areas of spend do we always look at first, such as CapEx? Are there any benefits to changing the order in which we do things, such as examining OpEx first?
5. Areas of focus. Is CapEx taking up most of our budgeting cycle time? Are we spending enough time examining OpEx? Is IT getting enough time from the CFO compared to other units?
6. Funding sources and ownership. Is IT footing most of the technology bills? Are business unit leaders fronting any technology business case pitches? Is IT appropriately included in business case development? Is there any benefit to implementing show-back or charge-back?
7. Review/approval mechanisms. Are strategies and priorities used to rank proposed spend clear and well communicated? Are spend approvers objective in their decision making? Do different approvers apply the same standards and tools?
8. Templates and tools. Are the ones provided by Finance, the PMO, and other groups sufficient to document what we need to document? Are they accessible and easy to use? Are they automated and integrated so we only have to enter data once?
2. On the slide following these activity instructions, rate how effective each of the above is on a scale of 1-10 (where 10 is very effective) in supporting the budgeting process. Note specific areas of challenge and opportunity for change.

1.1 Review your budgeting process and culture

Budget process and culture assessment

Document the outcomes of your assessment. Examples are provided below.

Receptive audiences make communication a lot easier

To successfully communicate anything, you need to be heard and understood.

The key to being heard and understood is first to hear and understand the perspective of the people with whom you’re trying to communicate – your stakeholders. This means asking some questions:

• What context are they operating in?
• What are their goals and responsibilities?
• What are their pressures and stresses?
• How do they deal with novelty and uncertainty?
• How do they best take in information and learn?

The next step of this blueprint shows the perspectives of IT’s key stakeholders and how they’re best able to absorb and accept the important information contained in your IT budget. You will:

• Learn a process for discovering these stakeholders’ IT budget information needs within the context of your organization’s industry, goals, culture, organizational structure, personalities, opportunities, and constraints.
• Document key objectives and messages when communicating with these various key stakeholders.

There are certain principles, mandates, and priorities that drive your stakeholders; they’ll want to see these reflected in you, your work, and your budget.

Your IT budget means different things to different stakeholders

Info-Tech’s ITFM Cost Model lays out what matters most from various points of view.

The CFO: Understand their role

The CFO is the first person that comes to mind in dealing with budgets. They’re personally and professionally on the line if anything runs amiss with the corporate purse.

What are the CFO’s role and responsibilities?

• Tracking cash flow and balancing income with expenditures.
• Ensuring fiscal reporting and legal/regulatory compliance.
• Working with the CEO to ensure financial-strategic alignment.
• Working with business unit heads to set aligned budgets.
• Seeing the big picture.

What’s important to the CFO?

• Costs
• Benefits
• Value
• Analysis
• Compliance
• Risk Management
• Strategic alignment
• Control
• Efficiency
• Effectiveness
• Reason
• Rationale
• Clarity
• Objectivity
• Return on investment

“Often, the CFO sees IT requests as overhead rather than a need. And they hate increasing overhead.”

– Larry Clark, Executive Counselor, Info-Tech Research Group and Former CIO

The CFO carries big responsibilities focused on mitigating organizational risks. It’s not their job to be generous or flexible when so much is at stake. While the CEO appears higher on the organizational chart than the CFO, in many ways the CFO’s accountabilities and responsibilities are on par with, and in some cases greater than, those of the CEO.

The CFO: What they want from the IT budget

What they need should look familiar, so do your homework and be an open book.

The CFO: Budget challenges and opportunities

Budget season is a great time to start changing the conversation and building trust.

The CXO: Understand their role

CXOs are a diverse group who lead a range of business functions including admin, operations, HR, legal, production, sales and service, and marketing, to name a few.

What are the CXO’s role and responsibilities?

Like you, the CXO’s job is to help the organization realize its goals and objectives. How each CXO does this is specific to the domain they lead. Variations in roles and responsibilities typically revolve around:

• Law and regulation. Some functions have compliance as a core mandate, including legal, HR, finance, and corporate risk groups.
• Finance and efficiency. Other functions prioritize time, money, and process such as finance, sales, customer service, marketing, production, operations, and logistics units.
• Quality. These functions prioritize consistency, reliability, relationship, and brand such as production, customer service, and marketing.

What’s important to the CXO?

• Staffing
• Skills
• Reporting
• Funding
• Planning
• Performance
• Predictability
• Customers
• Visibility
• Inclusion
• Collaboration
• Reliability
• Information
• Knowledge
• Acknowledgement

Disagreement is common between business-function leaders – they have different primary focus areas, and conflict and misalignment are natural by-products of that fact. It’s also hard to make someone care as much about your priorities as you do. Focus your efforts on sharing and partnering, not converting.

The CXO: What they want from the IT budget

Focus on their unique part of the organization and show that you see them.

The CXO: Budget challenges and opportunities

Seek out your common ground and be the solution for their real problems.

The CEO: Understand their role

A CEO sets the tone for an organization, from its overall direction and priorities to its values and culture. What’s possible and what’s not is usually determined by them.

What are the CEO’s role and responsibilities?

• Assemble an effective team of executives and advisors.
• Establish, communicate, and exemplify the organizations core values.
• Study the ecosystem within which the organization exists.
• Identify and evaluate opportunities.
• Set long-term directions, priorities, goals, and strategies.
• Ensure ongoing organizational performance, profitability, and growth.
• Connect the inside organization to the outside world.
• Make the big decisions no one else can make.

What’s important to the CEO?

• Strategy
• Leadership
• Vision
• Values
• Goals
• Priorities
• Performance
• Metrics
• Accountability
• Stakeholders
• Results
• Insight
• Growth
• Cohesion
• Context

Unlike the CFO and CXOs, the CEO is responsible for seeing the big picture. That means they’re operating in the realm of big problems and big ideas – they need to stay out of the weeds. IT is just one piece of that big picture, and your problems and ideas are sometimes small in comparison. Use any time you get with them wisely.

The CEO: What they want from the IT budget

The CEO wants what the CFO wants, but at a higher level and with longer-term vision.

The CEO: Budget challenges and opportunities

Strategically address the big issues, but don’t count on their direct assistance.

What about the CIO view on the IT budget?

IT leaders tend to approach budgeting from an IT services perspective. After all, that’s how their departments are typically organized.

The CFO expense view, CXO business view, and CEO innovation view represent IT’s stakeholders. The CIO service view, however, represents you, the IT budget creator. This means that the CIO service view plays a slightly different role in developing your IT budget communications.

1.2 Assess your stakeholders

1 hour

1. Use the “Stakeholder alignment assessment” template slide following this one to document the outcomes of this activity.
2. As an IT management team, identify your key budget stakeholders and specifically those in an approval position.
3. Use the information provided in this blueprint about various stakeholder responsibilities, areas of focus, and what’s typically important to them to determine each key stakeholder’s needs regarding the information contained in your IT budget. Note their stated needs, any idiosyncrasies, and IT’s current relationship status with the stakeholder (positive, neutral, or negative).
4. Assess previous years’ IT budgets to determine how well they targeted each different stakeholder’s needs. Note any gaps or areas for future improvement.
5. Develop a high-level list of items or elements to stop, start, or continue during your next budgeting cycle.

Stakeholder alignment assessment

Document the outcomes of your assessment below. Examples are provided below.

Set your IT budget pre-selling strategy

Pre-selling is all about ongoing communication with your stakeholders. This is the most game-changing thing you can do to advance a proposed IT budget’s success.

When IT works well, nobody notices. When it doesn’t, the persistent criticism about IT not delivering value will pop up, translating directly into less funding. Cut this off at the pass with an ongoing communications strategy based on facts, transparency, and perspective taking.

1. Know your channels

Identify all the communication channels you can leverage including meetings, committees, reporting cycles, and bulletins. Set up new channels if they don’t exist.

2. Identify partners

Nothing’s better than having a team of supporters when pitch day comes. Quietly get them on board early and be direct about the role each of you will play.

3. Always be prepared

Have information and materials about proposed initiatives at-the-ready. You never know when you’ll get your chance. But if your facts are still fuzzy, do more homework first.

4. Don’t be annoying

Talking about IT all the time will turn people off. Plan chats that don’t mention IT at all. Ask questions about their world and really listen. Empathy’s a powerful tool.

5. Communicate IT initiatives at launch

Describe what you will be doing and how it will benefit the business in language that makes sense to the beneficiaries of the initiative.

6. Communicate IT successes

Carry the same narrative forward through to the end and tell the whole story. Include comments from stakeholders and beneficiaries about the value they’re receiving.

Pre-selling with partners

The thing with pre-selling to partners is not to take a selling approach. Take a collaborative approach instead.

A partner is an influencer, advocate, or beneficiary of the expenditure or investment you’re proposing. Partners can:

• Advise you on real business impacts.
• Voice their support for your funding request.
• Present the initial business case for funding approval themselves.
• Agree to fund all or part of an initiative from their own budget.

When partners agree to pitch or fund an initiative, IT can lose control of it. Make sure you set specific expectations about what IT will help with or do on an ongoing basis, such as:

• Calculating the upfront and ongoing technology maintenance/support costs of the initiative.
• Leading the technology vetting and selection process, including negotiating with vendors, setting service-level agreements, and finalizing contracts.
• Implementing selected technologies and training users.
• Maintaining and managing the technology, including usage metering.
• Making sure the bills get paid.

A collaborative approach tends to result in a higher level of commitment than a selling approach.

Put yourself in their shoes using their language. Asking “How will this affect you?” focuses on what’s in it for them.

Example:

CIO: “We’re thinking of investing in technology that marketing can use to automate posting content to social media. Is that something you could use?”

CMO: “Yes, we currently pay two employees to post on Facebook and Twitter, so if it could make that more efficient, then there would be cost savings there.”

Pre-selling with approvers

The key here is to avoid surprises and ensure the big questions are answered well in advance of decision day.

An approver is the CFO, CEO, board, council, or committee that formally commits funding support to a program or initiative. Approvers can:

• Point out factors that could derail realization of intended benefits.
• Know that a formal request is coming and factor it into their planning.
• Connect your idea with others to create synergies and efficiencies.
• Become active advocates.

When approvers cool to an idea, it’s hard to warm them up again. Gradually socializing an idea well in advance of the formal pitch gives you the chance to isolate and address those cooling factors while they’re still minor. Things you can address if you get an early start with future approvers include:

• Identify and prepare for administrative, regulatory, or bureaucratic hurdles.
• Incorporate approvers’ insights about organizational realities and context.
• Further reduce the technical jargon in your language.
• Fine tune the relevance and specificity of your business benefits statements.
• Get a better sense of the most compelling elements to focus on.

Blindsiding approvers with a major request at a budget presentation could trigger an emotional response, not the rational and objective one you want.

Make approvers part of the solution by soliciting their advice and setting their expectations well in advance.

Example:

CIO: “The underwriting team and I think there’s a way to cut new policyholder approval turnaround from 8 to 10 days down to 3 or 4 using an online intake form. Do you see any obstacles?”

CFO: “How do the agents feel about it? They submit to underwriting differently and might not want to change. They’d all need to agree on it. Exactly how does this impact sales?”

1.3 Set your budget pre-selling strategy

1 hour

1. Use the “Stakeholder pre-selling strategy” template slide following this instruction slide to document the outcomes of this activity.
2. Carry forward your previously-generated stakeholder alignment assessment from Step 1.2. As a management team, discuss the following for each stakeholder:
   1. Forums and methods of contact and interaction.
   2. Frequency of interaction.
   3. Content or topics typically addressed during interactions.
3. Discuss what the outcomes of an ideal interaction would look like with each stakeholder.
4. List opportunities to change or improve the nature of interactions and specific actions you plan to take.

Stakeholder pre-selling strategy

Document the outcomes of your discussion. Examples are provided below.

Phase recap: Lay your foundation

Build in the elements from the start that you need to facilitate budgetary approval.

You should now have a deeper understanding of the what, why, and who of your IT budget. These elements are foundational to streamlining the budget process, getting aligned with peers and the executive, and increasing your chances of winning budgetary approval in the end.

In this phase, you have:

• Reviewed what your budget is and does. Your budget is an important governance and communication tool that reflects organizational priorities and objectives and IT’s understanding of them.
• Taken a closer look at your stakeholders. The CFO, CEO, and CXOs in your organization have accountabilities of their own to meet and need IT and its budget to help them succeed.
• Developed a strategy for continuously pre-selling your budget. Identifying opportunities and approaches for building relationships, collaborating, and talking meaningfully about IT and IT expenditure throughout the year is one of the leading things you can do to get on the same page and pave the way for budget approval.

“Many departments have mostly labor for their costs. They’re not buying a million and a half or two million dollars’ worth of software every year or fixing things that break. They don’t share IT’s operations mindset and I think they get frustrated.”

– Matt Johnson, IT Director Governance and Business Solutions, Milwaukee County

Phase 2

Get Into Budget-Starting Position

This phase will walk you through the following activities:

• Putting together your budget team and gather your data.
• Selecting which views of the ITFM Cost Model you’ll use.
• Mapping and analyzing IT’s historical expenditure.
• Setting goals and metrics for the next budgetary cycle.

This phase involves the following participants:

• Head of IT
• IT Financial Lead
• Other IT Management

Get into budget-starting position

Now’s the time to pull together your budgeting resources and decision-making reference points.

This phase is about clarifying your context and defining your boundaries.

• Assemble your resources. This includes the people, data, and other information you’ll need to maximize insight into future spend requirements.
• Understand the four views of the IT Cost Model. Firm up your understanding of the CFO expense view, CIO service view, CXO business view, and CEO innovation view and decide which ones you’ll use in your analysis and forecasting.
• Review last year’s budget versus actuals. You need last year’s context to inform next year’s numbers as well as demonstrate any cost efficiencies you successfully executed.
• Review five-year historical trends. This long-term context gives stakeholders and approvers important information about where IT fits into the business big picture and reminds them how you got to where you are today.
• Set your high-level goals. You need to decide if you’re increasing, decreasing, or holding steady on your budget and whether you can realistically meet any mandates you’ve been handed on this front. Set a target as a reference point to guide your decisions and flag areas where you might need to have some tough conversations.

“A lot of the preparation is education for our IT managers so that they understand what’s in their budgets and all the moving parts. They can actually help you keep it within bounds.”

– Trisha Goya, Director, IT Governance & Administration, Hawaii Medical Service Association

Gather your budget-building team

In addition to your CFO, CXOs, and CEO, there are other people who will provide important information, insight, and skill in identifying IT budget priorities and costs.

As the head of IT, your role is as the budgeting team lead. You understand both the business and IT strategies, and have relationships with key business partners. Your primary responsibilities are to guide and approve all budget components and act as a liaison between finance, business units, and IT.

Set expectations with your budgeting team

Be clear on your goals and ensure everyone has what they need to succeed.

2.1 Brief and mobilize your IT budgeting team

2 hours

1. Download the IT Cost Forecasting and Budgeting Workbook
2. Organize a meeting with your IT department management team, team leaders, and project managers.
3. Review their general financial management accountabilities and responsibilities.
4. Discuss the purpose and context of the budgeting exercise, different budget components, and the organization’s milestones/deadlines.
5. Identify specific tasks and activities that each member of the team must complete in support of the budgeting exercise.
6. Set up additional checkpoints, working sessions, or meetings that will take you through to final budget submission.
7. Document your budget team members, responsibilities, deliverables, and due dates on the “Planning Variables” tab in the IT Cost Forecasting & Budgeting Workbook.

Download the IT Cost Forecasting and Budgeting Workbook

Leverage the ITFM Cost Model

Each of the four views breaks down IT costs into a different array of categories so you and your stakeholders can see expenditure in a way that’s meaningful for them.

You may decide not to use all four views based on your goals, audience, and available time. However, let’s start with how you can use the first two views, the CFO expense view and the CIO service view.

Extend your dialogue to the business

Applying the business optimization views of the ITFM Cost Model can bring a level of sophistication to your IT cost analysis and forecasting efforts.

Some views take a bit more work to map out, but they can be powerful tools for communicating the value of IT to the business. Let’s look at the last two views, the CXO business view and the CEO innovation view.

2.2 Select the ITFM Cost Model views you plan to complete based on your goals

30 minutes

The IT Cost Forecasting and Budgeting Workbook contains standalone sections for each view, as well as rows for each lowest-tier sub-category in a view, so each view can be analyzed and forecasted independently.

1. Review Info-Tech’s ITFM Cost Model and the expenditure categories and sub-categories each view contains.
2. Revisit your stakeholder analysis for the budgeting exercise. Plan to:
   1. Complete the CFO expense view regardless.
   2. Complete the CIO service view – consider doing this one first for forecasting purposes as it may be most familiar to you and serve as an easier entry point into the forecasting process.
   3. Complete the CXO business view – consider doing this only for select business units if you have the objective of enhancing awareness of their true consumption of IT resources or if you have (or plan to have) a show-back/chargeback mechanism.
   4. Complete the CEO innovation view only if your data allows it and there’s a compelling reason to discuss the strategic or innovative role of IT in the organization.

Gather your budget-building data

Your data not only forms the content of your budget but also serves as the supporting evidence for the decisions you’ve made.

Ensure you have the following data and information available to you and your budgeting team before diving in:

Past data

• Last fiscal year’s budget.
• Actuals for the past five fiscal years.
• Pre-set capital depreciation/amortization amounts to be applied to next fiscal year’s budget.

Current data

• Current-year IT positions and salaries.
• Active vendor contracts with payment schedules and amounts (including active multi-year agreements).
• Cost projections for remainder of any projects that are committed or in-progress, including projected OpEx for ongoing maintenance and support.

Future data

• Estimated market value for any IT positions to be filled next year (both backfill of current vacancies and proposed net-new positions).
• Pricing data on proposed vendor purchases or contracts.
• Cost estimates for any capital/strategic projects that are being proposed but not yet committed, including resulting maintenance/support OpEx.
• Any known pending credits to be received or applied in the next fiscal year.

If you’re just getting started building a repeatable budgeting process, treat it like any other project, complete with a formal plan/ charter and a central repository for all related data, information, and in-progress and final documents.

Once you’ve identified a repeatable approach that works for you, transition the budgeting project to a regular operational process complete with policies, procedures, and tools.

Review last year’s budget vs. actuals

This is the starting point for building your high-level rationale around what you’re proposing for next fiscal year.

But first, some quick definitions:

• Budgeted: What you planned to spend when you started the fiscal year.
• Actual: What you ended up spending in real life by the end of the fiscal year.
• Variance: The difference between budgeted expenditure and actual expenditure.

For last fiscal year, pinpoint the following metrics and information:

Next, review your five-year historical expenditure trends

The longer-term pattern of IT expenditure can help you craft a narrative about the overarching story of IT.

For the previous five fiscal years, focus on the following:

Actual IT expenditure as a percentage of organizational revenue.

Again, for historical years 2-5, you can break this down into granular cost categories like workforce, software, and infrastructure like you did for last fiscal year. Avoid getting bogged down and focusing on the past – you ultimately want to redirect stakeholders to the future.

Percentage expenditure increase/decrease year to year.

You may choose to show overall IT expenditure amounts, breakdowns by CapEx and OpEx, as well as high-level cost categories.

As you go back in time, some data may not be available to you, may be unreliable or incomplete, or employ the same cost categories you’re using today. Use your judgement on the level of granularity you want to and can apply when going back two to five years in the past.

So, what’s the trend? Consider these questions:

• Is the year-over-year trend on a steady trajectory or are there notable dips and spikes?
• Are there any one-time capital projects that significantly inflated CapEx and overall spend in a given year or that forced maintenance-and support-oriented OpEx commitments in subsequent years?
• Does there seem to be an overall change in the CapEx-to-OpEx ratio due to factors like increased use of cloud services, outsourcing, or contract-based staff?

Take a close look at financial data showcasing the cost-control measures you’ve taken

Your CFO will look for evidence that you’re gaining efficiencies by controlling costs, which is often a prerequisite for them approving any new funding requests.

Your objective here is threefold:

1. Demonstrate IT’s track record of fiscal responsibility and responsiveness to business priorities.
2. Acknowledge and celebrate your IT-as-cost-center efficiency gains to clear the way for more strategic discussions.
3. Identify areas where you can potentially source and reallocate recouped funds to bolster other initiatives or business cases for net-new spend.

This step is about establishing credibility, demonstrating IT value, building trust, and showing the CFO you’re on their team.

Do the following:

• List any specific cost-control initiatives and their initial objectives and targets.
• Identify any changes made to those targets and your approaches due to changing conditions, with rationales for the decisions made. For example:
  • Mid-year, the business decided to allow approximately half the workforce to work from home on a permanent basis.
  • As a result, remote-worker demand on the service desk remained high and actually increased in some areas. You were unable to reduce service desk staff headcount as originally planned.
  • You’re now exploring ways to streamline ticket intake and assignment to increase throughput and speed resolution.
• Report on completed cost-control initiatives first, including targets, actuals, and related impacts. Include select feedback from business stakeholders and users about the impact of your cost-control measure on them.
• For in-progress initiatives, report progress made to-date, benefits realized to date, and plans for continuation next fiscal year.

“Eliminate the things you don’t need. People will give you what you need when you need it if you’re being responsible with what you already have.”

– Angela Hintz, VP of PMO & Integrated Services,
Blue Cross and Blue Shield of Louisiana

2.3 Review your historical IT expenditure

8 hours

1. Download the IT Cost Forecasting and Budgeting Workbook.
2. On Tab 1, “Historical Events & Projects,” note the cost-driving and cost-saving events that occurred last fiscal year that drove any variance between budgeted and actual expenditure. Describe the nature of their impact and current status (ongoing, resolved – temporary impact, or resolved – permanent impact).
3. Also on Tab 1, “Historical Events & Projects”, summarize the work done on capital or strategic projects, expenditures, and status (in progress, deferred, canceled, or complete).
4. On Tab 2, “Historical Expenditure”:
   1. Enter the budgeted and actuals data for last fiscal year in columns D-H for the views of the ITFM Cost Model you’re opted to do, i.e. CFO expense view, CIO service view, CXO business view, and CEO innovation view.
   2. Enter a brief rationale for any notable budgeted-versus-actuals variances or other interesting items in column K.
   3. Enter actuals data for the remaining past five fiscal years in columns L-O. Year-over-year comparative metrics will be calculated for you.
   4. Enter FTEs by business function in columns R-AA, rows 34-43.
      Expenditure per FTE and year-over year comparative metrics will be
      calculated for you.
5. Using Tabs 2, “Historical Expenditure” and 3, “Historical Analysis”, review and analyze the resulting data sets and graphs to identify overall patterns, specifically notable increases or decreases in a particular category of expenditure or where rationales are repeated across categories or views (these are significant).
6. Finally, flag any data points that help demonstrate achievement of, or progress toward, any cost-control measures you implemented.

2.3 Review your historical IT expenditure

Pull historical trends into a present-day context when setting your high-level goals

What’s happening to your organization and the ecosystem within which it’s operating right now? Review current business concerns, priorities, and strategies.

Knowing what happened in the past can provide good insights and give you a chance to show stakeholders your money-management track record. However, what stakeholders really care about is “now” and “next”. For them, it’s all about current business context.

Ask these questions about your current context to assess the relevance of your historical trend data:

Set metrics and targets for some broader budget effectiveness improvement efforts

Budget goalsetting isn’t limited to CapEx and OpEx targets. There are several effectiveness metrics to track overall improvement in your budgeting process.

Step back and think about other budget and expenditure goals you have.
Do you want to:

• Better align the budget with organizational objectives?
• Increase cost forecasting accuracy?
• Increase budget transparency and completeness?
• Improve the effectiveness of your budget presentation?
• Reduce the amount of budget rework?
• Increase the percentage of the budget that’s approved?
• Reduce variance between what was budgeted and actuals?

Establish appropriate metrics and targets that will allow you to define success, track progress, and communicate achievement on these higher-level goals.

Check out some example metrics in the table below.

Set your high-level OpEx budget targets

The high-level targets you set now don’t need to be perfect. Think of them as reference points or guardrails to sanity-check the cost forecasting exercise to come.

If cost-cutting or optimization is a priority, then a zero-based approach is the right decision. If doing this every year is too onerous, plan to do it for your OpEx at least every few years to examine what’s actually in there, clean house, and re-set.

Set your high-level CapEx budget targets

A lot of IT CapEx is conceived in business projects, so your proposed expenditure here may not be up to you. Exercise as much influence as you can.

Unanticipated hiring and the need to buy end-user hardware is cited as a top cause of budget grief by IT leaders – get ahead of this. Project CapEx, however, is usually determined via business-based capital project approval mechanisms well in advance. And don’t forget to factor in pre-established capital asset depreciation amounts generated by all the above!

2.4 Set your high-level IT budget targets and metrics

8 hours

1. Download the IT Cost Forecasting and Budgeting Workbook to document the outcomes of this activity.
2. Review the context in which your organization is currently operating and expects to operate in the next fiscal year. Specifically, look at:
   1. The state of the economy.
   2. Stated goals, objectives, and targets.
   3. The executive’s point of view on budget increase requests.
   Document your factors, assessment, rationale, and considerations in the “Business Context Assessment” table on the “Planning Variables” tab in the IT Cost Forecasting and Budgeting Workbook.
3. Based on the business context, anticipated flips of former CapEx to OpEx, and realization of previous years’ efficiency measures, set a general non-project OpEx target as a percentage increase or decrease for next fiscal year to serve as a guideline in the cost forecasting guideline. Document this in the “Budget Targets & Metrics” table on the “Planning Variables” tab in the IT Cost Forecasting and Budgeting Workbook. sed on known capital projects, changes in headcount, typical “business as usual” equipment expenditure, and pre-established capital asset depreciation amounts, set general project CapEx and non-project CapEx targets. Document these in the “Budget Targets & Metrics” table on the “Planning Variables” tab in the IT Cost Forecasting and Budgeting Workbook.
4. Finally, set your overarching IT budget process success metrics. Also document these in the “Budget Targets & Metrics” table on the “Planning Variables” tab in the IT Cost Forecasting and Budgeting Workbook.

Download the IT Cost Forecasting and Budgeting Workbook

2.4 Set your high-level IT budget targets and metrics

Phase recap: Get into budget-starting position

Now you’re ready to do the deep dive into forecasting your IT budget for next year.

In this phase, you clarified your business context and defined your budgetary goals, including:

• Assembling your resources. You’ve built and organized your IT budgeting team, as well as gathered the data and information you’ll need to do your historical expenditure analysis and future forecasting
• Understanding the four views of the IT Cost Model. You’ve become familiar with the four views of the model and have selected which ones you’ll map for historical analysis and forecasting purposes.
• Reviewing last year’s budget versus actuals and five-year historical trends. You now have the critical rationale-building context to inform next year’s numbers and demonstrate any cost efficiencies you’ve successfully executed.
• Setting your high-level goals. You’ve established high-level targets for project and non-project CapEx and OpEx, as well as set some IT budget process improvement goals.

“We only have one dollar but five things. Help us understand how to spend that dollar.”

– Trisha Goya, Director, IT Governance & Administration, Hawaii Medical Service Association

Phase 3

Develop Your Forecasts

This phase will walk you through the following activities:

• Documenting the assumptions behind your proposed budget and develop alternative scenarios.
• Forecasting your project CapEx.
• Forecasting your non-project CapEx and OpEx.

This phase involves the following participants:

• Head of IT
• IT Financial Lead
• Other IT Management

Develop your forecasts

Start making some decisions.

This phase focuses on putting real numbers on paper based on the research and data you’ve collected. Here, you will:

• Develop assumptions and alternative scenarios. The assumptions you make are the logical foundation for your decisions, and your primary and alternative scenarios focus your thinking and demonstrate that you’ve thoroughly examined your organization’s current and future context.
• Forecast your project CapEx costs. These costs are comprised of all the project-related capital expenditures for strategic or capital projects, including in-house labor.
• Forecast your non-project CapEx and OpEx costs. These costs are the ongoing “business as usual” expenditures incurred via the day-to-day operations of IT and delivery of IT services.

“Our April forecast is what really sets the bar for what our increase is going to be next fiscal year. We realized that we couldn’t change it later, so we needed to do more upfront to get that forecast right.

If we know that IT projects have been delayed, if we know we pulled some things forward, if we know that a project isn’t starting until next year, let’s be really clear on those things so that we’re starting from a better forecast because that’s the basis of deciding two percent, three percent, whatever it’s going to be.”

– Kristen Thurber, IT Director, Office of the CIO, Donaldson Company

When pinning down assumptions, start with negotiable and non-negotiable constraints

Assumptions are things you hold to be true. They may not actually be true, but they are your logical foundation and must be shared with stakeholders so they can follow your thinking.

Start with understanding your constraints. These are either negotiable (adjustable) or non-negotiable (non-adjustable). However, what is non-negotiable for IT may be negotiable for the organization as a whole, such as its strategic objectives. Consider each of the constraints below, determine how it relates to IT expenditure options, and decide if it’s ultimately negotiable or non-negotiable.

Identifying your negotiable and non-negotiable constraints is about knowing what levers you can pull. Government entities have more non-negotiable constraints than private companies, which means IT and the organization as a whole have fewer budgetary levers to pull and a lot less flexibility.

An un-pullable lever and a pullable lever (and how much you can pull it) have one important thing in common – they are all fundamental assumptions that influence your decisions.

Brainstorm your assumptions even further

The tricky thing about assumptions is that they’re taken for granted – you don’t always realize you’ve made them. Consider these common assumptions and test them for validity.

You won’t put some of these assumptions into your final budget presentation. It’s simply worthwhile knowing what they are so you can challenge them when forecasting.

Based on your assumptions, define the primary scenario that will frame your budget

Your primary scenario is the one you believe is most likely to happen and upon which you’ll build your IT cost forecasts.

Now it’s time to outline your primary scenario.

• A scenario is created by identifying the variable factors embedded in your assumptions and manipulating them across the range of possibilities. This manipulation of variables will result in different scenarios, some more likely or feasible than others.
• Your primary scenario is the one you believe is the most feasible and/or likely to happen (i.e. most probable). This is based on:
  • Your understanding of past events and patterns.
  • Your understanding of your organization’s current context.
  • Your understanding of IT’s current context.
  • Your understanding of the organization’s objectives.
  • Your assessment of negotiable and non-negotiable constraints and other assumptions for both IT and the organization.

A note on probability…

• A non-negotiable constraint doesn’t have any variables to manipulate. It’s a 100% probability that must be rigidly accommodated and protected in your scenario. An example is a long-standing industry regulation that shows no signs of being updated or altered and must be complied with in its current state.
• A negotiable constraint has many more variables in play. Your goal is to identify the different potential values of the variables and determine the degree of probability that one value is more likely to be true or feasible than another. An example is that you’re directed to cut costs, but the amount could be as little as 3% or as much as 20%.
• And then there are the unknowns. These are circumstances, events, or initiatives that inevitably happen, but you can’t predict when, what, or how much. This is what contingency planning and insurance are for. Examples include a natural disaster, a pandemic, a supply chain crisis, or the CEO simply changing their mind. Its safe to assume something is going to happen, so if you’re able to establish a contingency fund or mechanisms that let you respond, then do it.

What could or will be your organization’s new current state at the end of next fiscal year?

Next, explore alternative scenarios, even those that may seem a bit outrageous

Offering alternatives demonstrates that you weighed all the pertinent factors and that you’ve thought broadly about the organization’s future and how best to support it.

Primary scenario approval can be helped by putting that scenario alongside alternatives that are less attractive due to their cost, priority, or feasibility. Alternative scenarios are created by manipulating or eliminating your negotiable constraints or treating specific unknowns as knowns. Here are some common alternative scenarios.

The high-cost scenario: Assumes very positive economic prospects. Characterized by more of everything – people and skills, new or more sophisticated technologies, projects, growth, and innovation. Remember to consider the long-term impact on OpEx that higher capital spend may bring in subsequent years.

Target 10-20% more expenditure than your primary scenario

The low-cost scenario: Assumes negative economic prospects or cost-control objectives. Characterized by less of everything, specifically capital project investment, other CapEx, and OpEx. Must assume that business service-level expectations will be down-graded and other sacrifices will be made.

Target 5-15% less expenditure than your primary scenario

The dark horse scenario: This is a more radical proposition that challenges the status quo. For example, what would the budget look like if all data specialists in the organization were centralized under IT? What if IT ran the corporate PMO? What if the entire IT function was 100% outsourced?

No specific target

Case Study

INDUSTRY: Manufacturing

SOURCE: Anonymous

A manufacturing IT Director gets budgetary approval by showing what the business would have to sacrifice to get the cheap option.

3.1 Document your assumptions and alternative scenarios

2 hours

1. Download the IT Cost Forecasting and Budgeting Workbook and document the outcomes of this activity on Tab 9, “Alternative Scenarios.”
2. As a management team, identify and discuss your non-negotiable and negotiable constraints. Document these in rows 4 and 5 respectively in the Workbook.
3. Brainstorm, list, and challenge any other assumptions being made by IT or the organization’s executive in terms of what can and cannot be done.
4. Identify the most likely or feasible scenario (primary) and associated assumptions. You will base your initial forecasting on this scenario.
5. Identify alternative scenarios. Document each scenario’s name, description, and key assumptions, and major opportunities in columns B-D on Tab 9, “Alternative Scenarios.” You will do any calculations for these scenarios after you have completed the forecast for your primary scenario.

Download the IT Cost Forecasting and Budgeting Workbook

Before diving into actual forecasting, get clear on project and non-project CapEx and OpEx

Traditional, binary “CapEx vs. OpEx” distinctions don’t seem adequate for showing where expenditure is really going. We’ve added a new facet to help further differentiate one-time project costs from recurring “business as usual” expenses.

Project CapEx
Includes all workforce and vendor costs associated with planning and execution of projects largely focused on the acquisition or creation of new capital assets.

Non-project CapEx
Includes “business as usual” capital asset acquisition in the interest of managing, maintaining, or supporting ongoing performance of existing infrastructure or services, such as replacement network equipment, end-user hardware (e.g. laptops), or disaster recovery/business continuity redundancies. Also includes ongoing asset depreciation amounts.

Non-project OpEx
Includes all recurring, non-CapEx “business as usual” costs such as labor compensation and training, cloud-based software fees, outsourcing costs, managed services fees, subscriptions, and other discretionary spend.

Depreciation is technically CapEx. However, for practical purposes, most organizations list it under OpEx, which can cause it to get lost in the noise. Here, depreciation is under non-project CapEx to keep its true CapEx nature visible and in the company of other “business as usual” capital purchases that will ultimately join the depreciation ranks.

Forecast your project CapEx costs

This process can be simple as far as overall budget forecasting is concerned. If it isn’t simple now, plan to make it simpler next time around.

What to expect…

• Ideally, the costs for all projects should have been thoroughly estimated, reviewed, and accepted by a steering committee, your CFO, or other approving entity at the start of the budgeting season, and funding already committed to. In a nutshell, forecasting your project costs should already have been done and will only require plugging in those numbers.
• If projects have yet to be pitched and rubber stamped, know that your work is cut out for you. Doing things in a rush or without proper due diligence will result in certain costs being missed. This means that you risk going far over budget in terms of actuals next year, or having to borrow from other areas in your budget to cover unplanned or underestimated project costs.

Key forecasting principles…

Develop rigorous business cases
Secure funding approval well in advance
Tie back costs benefitting business units
Consider the longer-term OpEx impact

For more information about putting together sound business cases for different projects and circumstances, see the following Info-Tech blueprints:

Build a Comprehensive Business Case

Fund Innovation with a Minimum Viable Business Case

Reduce Time to Consensus with an Accelerated Business Case

Apply these project CapEx forecasting tips

A good project CapEx forecast requires steady legwork, not last-minute fast thinking.

Tip #1: Don’t surprise your approvers. Springing a capital project on approvers at your formal presentation isn’t a good idea and stands a good chance of rejection, so do whatever you can to lock these costs down well in advance.

Tip #2: Project costs should be entirely comprised of CapEx if possible. Keep in mind that some of these costs will convert to depreciated non-project CapEx and non-project OpEx as they transition from project costs to ongoing “business as usual” costs, usually in the fiscal year following the year of expenditure. Creating projections for the longer-term impacts of these project CapEx costs on future types of expenditure is a good idea. Remember that a one-time project is not the same thing as a one-time cost.

Tip #3: Capitalize any employee labor costs on capital projects. This ensures the true costs of projects are not underestimated and that operational staff aren’t being used for free at the expense of their regular duties.

Tip #4: Capitalizing cloud costs in year one of a formal implementation project is usually acceptable. It’s possible to continue treating cloud costs as CapEx with some vendors via something called reserved instances, but organizations report that this is a lot of work to set up. In the end, most capitalized cloud will convert into non-project OpEx in years two and beyond.

Tip #5: Build in some leeway. By the time a project is initiated, circumstances may have changed dramatically from when it was first pitched and approved, including business priorities and needs, vendor pricing, and skillset availability. Your costing may become completely out of date. It’s a good practice to work within more general cost ranges than with specific numbers, to give you the flexibility to respond and adapt during actual execution.

3.2 Forecast your project CapEx

Time: Depends on size of project portfolio

1. Download the IT Cost Forecasting and Budgeting Workbook and navigate to Tab 5, “Project CapEx Forecast”. Add more columns as required. Enter the following for all projects:
   • Row 5 – Its name and/or unique identifier.
   • Row 6 – Its known or estimated project start/end dates.
   • Row 7 – Its status (in proposal, committed, or in progress).
2. Distribute each project’s costs across the categories listed for each view you’ve selected to map. Do not include any OpEx here – it will be mapped separately under non-project OpEx.
3. Rationalize your values. A running per-project total for each view, as well as totals for all projects combined, are in rows 16, 28, 39, and 43. Ensure these totals match or are very close across all the views you are mapping. If they don’t match, review the views that are lower-end outliers as there’s a good chance something has been overlooked.

Download the IT Cost Forecasting and Budgeting Workbook

Forecast your non-project OpEx

Most of your budget will be non-project OpEx, so plan to spend most of your forecasting effort here.

What to expect…

Central to the definition of OpEx is the fact that it’s ongoing. It rarely stops, and tends to steadily increase over time due to factors like inflation, rising vendor prices, growing organizational growth, increases in the salary expectations of employees, and other factors.

The only certain ways to reduce OpEx are to convert it to capitalizable expenditure, decrease staffing costs, not pursue cloud technologies, or for the organization to simply not grow. For most organizations, none of these approaches are feasible. Smaller scale efficiencies and optimizations can keep OpEx from running amok, but they won’t change its overall upward trajectory over time. Expect it to increase.

Key forecasting principles…

Focus on optimization and efficiency.
Aim for full spend transparency.
Think about appropriate chargeback options.
Give it the time it deserves.

For more information about how to make the most out of your IT OpEx, see the following Info-Tech blueprints:

Develop Your Cost Optimization Roadmap

Achieve IT Spend & Staffing Transparency

Discover the Hidden Costs of Outsourcing

Apply these non-project OpEx forecasting tips

A good forecast is in the details, so take a very close look to see what’s really there.

Tip #1: Consider zero-based budgeting. You don’t have to do this every year, but re-rationalizing your OpEx every few years, or a just a segment of it on a rotational basis, will not only help you readily justify the expenditure but also find waste and inefficiencies you didn’t know existed.

Tip #2: Capitalize your employee capital project work. While some organizations aren’t allowed to do this, others who can simply don’t bother. Unfortunately, this act can bloat the OpEx side of the equation substantially. Many regular employees spend a significant amount of their time working on capital projects, but this fact is invisible to the business. This is why the business keeps asking why it takes so many people to run IT.

Tip #3: Break out your cloud vs. on-premises costs. Burying cloud apps costs in a generic software bucket works against any transparency ambitions you may have. If you have anything resembling a cloud strategy, you need to track, report, and plan for these costs separately in order to measure benefits realization. This goes for cloud infrastructure costs, too.

Tip #4: Spend time on your CIO service view forecast. Completing this view counts as a first step toward service-based costing and is a good starting point for setting up an accurate service catalog. If looking for cost reductions, you’ll want to examine your forecasts in this view as there will likely be service-level reductions you’ll need to propose to hit your cost-cutting goals.

Tip #5: Budget with consideration for chargeback. chargeback mechanisms for OpEx can be challenging to manage and have political repercussions, but they do shift accountability back to the business, guarantee that the IT bills get paid, and reduce IT’s OpEx burden. Selectively charging business units for applications that only they use may be a good entry point into chargeback. It may also be as far as you want to go with it. Doing the CXO business view forecast will provide insight into your opportunities here.

Forecast your non-project CapEx

These costs are often the smallest percentage of overall expenditure but one of the biggest sources of financial grief for IT.

What to expect…

• These costs can be hard to predict. Anticipating expenditure on end-user hardware such as laptops depends on knowing how many new staff will be hired by the organization next year. Predicting the need to buy networking hardware depends on knowing if, and when, a critical piece of equipment is going to spontaneously fail. You can never be completely sure.
• IT often must reallocate funds from other areas of its budget to cover non-project CapEx costs. Unfortunately, keeping the network running and ensuring employees have access to that network is seen exclusively as an IT problem, not a business problem. Plan to change this mindset.

Key forecasting principles…

Discuss hiring plans with the business.
Pay close attention to your asset lifecycles.
Prepare to advise about depreciation schedules.
Build in contingency for the unexpected.

For more information about ensuring IT isn’t left in the lurch when it comes to non-project CapEx, see the following Info-Tech blueprints:

Manage End-User Devices

Develop an Availability and Capacity Management Plan

Modernize the Network

Apply these non-project CapEx forecasting tips

A good forecast relies on your ability to accurately predict the future.

Tip #1: Top up new hire estimations: Talk to every business unit leader about their concrete hiring plans, not their aspirations. Get a number, increase that number by 25% or 20 FTEs (whichever is less), and use this new number to calculate your end-user non-project CapEx.

Tip #2: Make an arrangement for who’s paying for operational technology (OT) devices and equipment. OT involves specialized devices such as in-the-field sensors, scanners, meters, and other networkable equipment. Historically, operational units have handled this themselves, but this has created security problems and they still rely on IT for support. Sort the financials out now, including whose budget device and equipment purchases appear on, as well as what accommodations IT will need to make in its own budget to support them.

Tip #3: Evaluate cloud infrastructure and managed services. These can dramatically reduce your non-project CapEx, particularly on the network and data center fronts. However, these solutions aren’t necessarily less expensive and will drive up OpEx, so tread cautiously.

Tip #4: Definitely do an inventory. If you haven’t invested in IT asset management, put it on your project and budgetary agenda. You can’t manage what you don’t know you have, so asset discovery should be your first order of business. From there, start gathering asset lifecycle information and build in alerting to aid your spend planning.

Tip #5: Think about retirement: What assets are nearing end of life or the end of their depreciation schedule? What impact is this having on non-project OpEx in terms of maintenance and support? Deciding to retire, replace, or extend an IT operational asset will change your non-project CapEx outlook and will affect costs in other areas.

Tip #6: Create a contingency fund: You need one to deal with surprises and emergencies, so why wait?

Document the organization’s projected FTEs by business function

This data point is usually missing from IT’s budget forecasting data set. Try to get it.

A powerful metric to share with business stakeholders is expenditure per employee or FTE. It’s powerful because:

• It’s one of the few metrics that’s intuitively understood by most people
• It can show changes in IT expenditure over time at both granular and general levels.

This metric is one of the simplest to calculate. The challenge is in getting your hands on the data in the first place.

• Most business unit leaders struggle to pin down this number in terms of actuals as they have difficulty determining what an FTE actually is. Does it include contract staff? Part-time staff? Seasonal workers? Volunteers and interns? And if the business unit has high turnover, this number can fluctuate significantly.
• Encourage your business peers to produce a rational estimate. Unlike the headcount number you’re seeking to forecast for non-project capital expenditure for end-user hardware, this FTE number should strive to be more in the ballpark, as you’re not using it to ensure sufficient funds but comparatively track expenditure year to year.
• Depending on your industry, employees or FTEs may not be the best measurement. Use what works best for you. Number of unique users is a common one. Other industry-specific examples include per student, per bed, per patient, per account, and per resident.

Start to build in long-term and short-term forecasting into your budgeting process

These are growing practices in mature IT organizations that afford significant flexibility.

3.4 Forecast your non-project OpEx and CapEx

Time: Depends on size of vendor portfolio and workforce

1. Download the IT Cost Forecasting and Budgeting Workbook and navigate to Tab 4, “Business as Usual Forecast”. This tab assumes an incremental budgeting approach. Last year’s actuals have been carried forward for you to build upon.
2. Enter expected percentage-based cost increases/decreases for next fiscal year for each of the following variables (columns E-I): inflation, vendor pricing, labor costs, service levels, and depreciation. Do this for all sub-categories for the ITFM cost model views you’ve opted to map. Provide rationales for your percentage values in column K.
3. In columns M and N, enter the anticipated percentage allocation of cost to non-project CapEx versus non-project OpEx.
4. In column O, rows 29-38, enter the projected FTEs for each business function (if available).
5. If you choose, make longer-term, high-level forecasts for 2-3 years in the future in columns P-U. Performing longer-term forecasts for at least the CFO expense view categories is recommended.

Download the IT Cost Forecasting and Budgeting Workbook

Case Study

INDUSTRY: Insurance

SOURCE: Anonymous

Phase recap: Develop your forecasts

The hard math is done. Now it’s time to step back and craft your final proposed budget and its key messages.

This phase focused on developing your forecasts and proposed budget for next fiscal year. It included:

• Developing assumptions and alternative scenarios. These will showcase your understanding of business context as well as what’s most likely to happen (or should happen) next year.
• Forecasting your project CapEx costs. If these costs weren’t laid out already in formal, approved project proposals or plans, now you know why it’s the better approach for developing a budget.
• Forecasting your non-project CapEx and OpEx costs. Now you should have more clarity and transparency concerning where these costs are going and exactly why they need to go there.

“Ninety percent of your projects will get started but a good 10% will never get off the ground because of capacity or the business changes their mind or other priorities are thrown in. There are always these sorts of challenges that come up.”

– Theresa Hughes, Executive Counselor,
Info-Tech Research Group
and Former IT Executive

Phase 4

Build Your Proposed Budget

This phase will walk you through the following activities:

• Pulling your forecasts together into a comprehensive IT budget for next fiscal year.
• Double checking your forecasts to ensure they’re accurate.
• Fine tuning the rationales behind your proposals.

This phase involves the following participants:

• Head of IT
• IT Financial Lead
• Other IT Management

Build your proposed budget

Triple check your numbers and put the finishing touches on your approval-winning rationales.

This phase is where your analysis and decision making finally come together into a coherent budget proposal. Key steps include:

• Aggregating your numbers. This step involves pulling together your project CapEx, non-project CapEx, and non-project OpEx forecasts into a comprehensive whole and sanity-checking your expenditure-type ratios.
• Stress-testing your forecasts. Do some detailed checks to ensure everything’s accounted for and you haven’t overlooked any significant information or factors that could affect your forecasted costs.
• Challenging and perfecting your rationales. Your ability to present hard evidence and rational explanations in support of your proposed budget is often the difference between a yes or a no. Look at your proposals from different stakeholder perspectives and ask yourself, “Would I say yes to this if I were them?”

“We don’t buy servers and licenses because we want to. We buy them because we have to. IT doesn’t need those servers out at our data center provider, network connections, et cetera. Only a fraction of these costs are to support us in the IT department. IT doesn’t have control over these costs because we’re not the consumers.”

– Matt Johnson, IT Director Governance and Business Solutions, Milwaukee County

Great rationales do more than set you up for streamlined budgetary approval

Rationales build credibility and trust in your business capabilities. They can also help stop the same conversations happening year after year.

Any item in your proposed budget can send you down a rabbit hole if not thoroughly defensible.

You probably won’t need to defend every item, but it’s best to be prepared to do so. Ask yourself:

• What areas of spend does the CFO come back to year after year? Is it some aspect of OpEx, such as workforce costs or cloud software fees? Is it the relationship between proposed project spend and business benefits? Provide detailed and transparent rationales for these items to start re-directing long-term conversations to more strategic issues.
• What areas of spend seem to be recurring points of conflict with business unit leaders? Is it surprise spend that comes from business decisions that didn’t include IT? Is it business-unit leaders railing against chargeback? Have frank, information-sharing conversations focused on business applications, service-level requirements, and true IT costs to support them.
• What’s on the CEO’s mind? Are they focused on entering a new overseas market, which will require capital investment? Are they interested in the potential of a new technology because competitors are adopting it? It may not be the same focus as last year, so ensure you have fresh rationales that show how IT will help deliver on these business goals.

“Budgets get out of control when one department fails to care for the implications of change within another department's budget. This wastes time, reduces accuracy and causes conflict.”

– Tara Kinney, Atomic Revenue, LLC.

Rationalizing costs depends on the intention of the spend

Not all spending serves the same purpose. Some types require deeper or different justifications than others.

For the business, there are two main purposes for spend:

1. Spending that drives revenues or the customer experience. Think in terms of return on investment (ROI), i.e. when will the expenditure pay for itself via the revenue gains it helps create?
2. Spending that mitigates and manages risk. Think in terms of cost-benefit, i.e. what are the costs of doing something versus doing nothing at all?

Source: Kris Blackmon, NetSuite Brainyard.

“Approval came down to ROI and the ability to show benefits realization for years one, two, and three through five.”

– Duane Cooney, Executive Counselor, Info-Tech Research Group, and Former Healthcare CIO

Regardless of its ultimate purpose, all expenditure needs statements of assumptions, obstacles, and likelihood of goals being realized behind it.

• What are the assumptions that went into the calculation?
• Is the spend new or a reallocation (and from where)?
• What’s the likelihood of realizing returns or benefits?
• What are potential obstacles to realizing returns or benefits?

Rationales aren’t only for capital projects – they can and should be applied to all proposed OpEx and CapEx. Business project rationales tend to drive revenue and the customer experience, demanding ROI calculations. Internal IT-projects and non-project expenditure are often focused on mitigating and managing risk, requiring cost-benefit analysis.

First, make sure your numbers add up

There are a lot of numbers flying around during a budgeting process. Now’s the time to get out of the weeds, look at the big picture, and ensure everything lines up.

4.1 Aggregate your proposed budget numbers and stress test your forecasts

2 hours

1. Download the IT Cost Forecasting and Budgeting Workbook for this activity. If you have been using it thus far, the Workbook will have calculated your numbers for you across the four views of the ITFM Cost Model on Tab 7, “Proposed Budget”, including:
   1. Forecasted non-project OpEx, non-project CapEx (including depreciation values), project CapEx, and total values.
   2. Numerical and percentage variances from the previous year.
2. Test and finalize your forecasts by applying the questions on the previous slide.
3. Flag cost categories where large variances from the previous year or large numbers in general appear – you will need to ensure your rationales for these variances are rigorous in the next step.
4. Make amendments if needed to Tabs 4, “Business as Usual Forecast” and 5, “Project CapEx Forecast” in the IT Cost Forecasting and Budgeting Workbook.

Download the IT Cost Forecasting and Budgeting Workbook

Case Study

INDUSTRY: Healthcare

SOURCE: Anonymous

The strength of your rationales will determine how readily your budget is approved

When proposing expenditure, you need to thoroughly consider the organization’s goals, its governance culture, and the overall feasibility of what’s being asked.

First, recall what budgets are really about.

The completeness, accuracy, and granularity of your numbers and thorough ROI calculations for projects are essential. They will serve you well in getting the CFO’s attention. However, the numbers will only get you halfway there. Despite what some people think, the work in setting a budget is more about the what, how, and why – that is, the rationale – than about the how much.

Next, revisit Phase 1 of this blueprint and review:

• Your organization’s budgeting culture and processes.
• The typical accountabilities, priorities, challenges, opportunities, and expectations associated with your CFO, CEO, and CXO IT budget stakeholders.
• Your budgetary mandate as the head of IT.

Then, look at each component of your proposed budget through each of these three rationale-building lenses.

Business goals
What are the organization’s strategic priorities?

Governance culture
How constrained is the decision-making process?

Feasibility
Can we make it happen?

Linking proposed spend to strategic goals isn’t just for strategic project CapEx

Tie in your “business as usual” non-project OpEx and CapEx, as well.

Your governance culture will determine what you need to show and when you show it

The rigor of your rationales is entirely driven by “how things are done around here.”

No matter which way your goals and culture lean, ground all your rationales in reality

Objective, unapologetic facts are your strongest rationale-building tool.

Double-check to ensure your bases are covered

For more on creating detailed business cases for projects and investments, see Info-Tech’s comprehensive blueprint, Build a Comprehensive Business Case.

4.2 Challenge and perfect your rationales

2 hours

1. Based on your analysis in Phase 1, review your organization’s current and near-term business goals (context, lifecycle position, opportunities), governance culture (risk tolerance, control, speed to action), and feasibility (funding, capabilities, risk) to understand what’s possible, what’s not, and your general boundaries.
2. Review your proposed budget in its current form and flag items that may be difficult or impossible to sell, given the above.
3. Systematically go through each item in you proposed budget and apply the detailed data and information and high-level rationale checklists on the previous slide to ensure you have considered it from every angle and have all the information you need to defend it.
4. Track down any additional information needed to fill gaps and fine-tune your budget based on any discoveries, including eliminating or adding elements if needed.

Download the IT Cost Forecasting and Budgeting Workbook

Phase recap: Build your proposed budget

You can officially say your proposed IT budget is done. Now for the communications part.

This phase is where everything came together into a coherent budget proposal. You were able to:

• Aggregate your numbers. This involved pulling for project and non-project CapEx and OpEx forecasts into a single proposed IT budget total.
• Stress-test your forecasts. Here, you ensured that all your numbers were accurate and made sense.
• Challenge and perfect your rationales. Finally, you made sure you have all your evidence in place and can defend every component in your proposed IT budget regardless of who’s looking at it.

“Current OpEx is about supporting and aligning with past business strategies. That’s alignment. If the business wants to give up on those past business strategies, that’s up to them.”

– Darin Stahl, Distinguished Analyst and Research Fellow, Info-Tech Research Group

Phase 5

Create and Deliver Your Presentation

This phase will walk you through the following activities:

• Planning the content you’ll include in your budget presentation.
• Pulling together your formal presentation.
• Presenting, finalizing, and submitting your budget.

This phase involves the following participants:

• Head of IT
• IT Financial Lead
• Other IT Management

Create and deliver your presentation

Pull it all together into something you can show your approvers and stakeholders and win IT budgetary approval.

This phase focuses on developing your final proposed budget presentation for delivery to your various stakeholders. Here you will:

• Plan your final content. Decide the narrative you want to tell and select the visualizations and words you want to include in your presentation (or presentations) depending on the makeup of your target audience.
• Build your presentation. Pull together all the key elements in a PowerPoint template in a way that best tells the IT budget story.
• Present to stakeholders. Deliver your IT budgetary message.
• Make final adjustments and submit your budget. Address any questions, make final changes, and deconstruct your budget into the account categories mandated by your Finance Department to plug into the budget template they’ve provided.

“I could have put the numbers together in a week. The process of talking through what the divisions need and spending time with them is more time consuming than the budget itself.”

– Jay Gnuse, IT Director, Chief Industries

The content you select to present depends on your objectives and constraints

Info-Tech classifies potential content according to three basic types: mandatory, recommended, and optional. What’s the difference?

Deciding what to include or exclude depends 100% on your target audience. What will fulfill their basic information needs as well as increase their engagement in IT financial issues?

Revisit your assumptions and alternative scenarios first

These represent the contextual framework for your proposal and explain why you made the decisions you did.

Stating your assumptions and presenting at least two alternative scenarios helps in the following ways:

1. Identifies the factors you considered when setting budget targets and proposing specific expenditures, and shows that you know what the important factors are.
2. Lays the logical foundation for all the rationales you will be presenting.
3. Demonstrates that you’ve thought broadly about the future of the organization and how IT is best able to support that future organization regardless of its state and circumstances.

Your assumptions and alternative scenarios may not appear back-to-back in your presentation, yet they’re intimately connected in that every unique scenario is based on adjustments to your core assumptions. These tweaks – and the resulting scenarios – reflect the different degrees of probability that a variable is likely to land on a certain value (i.e. an alternative assumption).

Your primary scenario is the one you believe is most likely to happen and is represented by the complete budget you’re recommending and presenting.

Target timeframe for presentation: 2 minutes

Key objectives: Setting context, demonstrating breadth of thought.

Potential content for section:

• List of assumptions for the budget being presented (primary target scenario).
• Two or more alternative scenarios.

“Things get cut when the business
doesn’t know what something is,
doesn’t recognize it, doesn’t understand it. There needs to be an education.”

– Angie Reynolds, Principal Research Director, ITFM Practice,
Info-Tech Research Group,

Select your assumptions and scenarios

See Tabs “Planning Variables” and 9, “Alternative Scenarios” in your IT Cost Forecasting and Budgeting Workbook for these outputs.

The first major section of your presentation will be a retrospective

Plan to kick things off with a review of last year’s results, factors that affected what transpired, and longer-term historical IT expenditure trends.

This retrospective on IT expenditure is important for three reasons:

1. Clarifying definitions and the different categories of IT expenditure.
2. Showing your stakeholders how, and how well you aligned IT expenditure with business objectives.
3. Setting stakeholder expectations about what next year’s budget will look like based on past patterns.

You probably won’t have a lot of time for this section, so everything you select to share should pack a punch and perform double duty by introducing concepts you’ll need your stakeholders to have internalized when you present next year’s budget details.

Target timeframe for presentation: 7 minutes

Key objectives: Definitions, alignment, expectations-setting.

Potential content for section:

• Last fiscal year budgeted vs. actuals
• Expenditure by type
• Major capital projects completed
• Top vendor spend
• Drivers of last year’s expenditures and efficiencies
• Last fiscal year in in detail (expense view, service view, business view, innovation view)
• Expenditure trends for the past five years

“If they don’t know the consequences of their actions, how are they ever going to change their actions?”

– Angela Hintz, VP of PMO & Integrated Services,
Blue Cross and Blue Shield of Louisiana

Start at the highest level

See Tabs 1 “Historical Events & Projects,” 3 “Historical Analysis,” and 6 “Vendor Worksheet” in your IT Cost Forecasting and Budgeting Workbook for these outputs.

Describe drivers of costs and savings

See Tab 1, “Historical Events & Projects” in your IT Cost Forecasting and Budgeting Workbook for these outputs.

Also calculate and list the magnitude of costs incurred or savings realized in hard financial terms so that the full impact of these events is truly understood by your stakeholders.

“What is that ongoing cost?
If we brought in a new platform, what
does that do to our operating costs?”

– Kristen Thurber, IT Director, Office of the CIO, Donaldson Company

End with longer-term five-year trends

See Tab 3 “Historical Analysis” in your IT Cost Forecasting and Budgeting Workbook for these outputs.

The historical analysis you can do is endless. You can generate many more cuts of the data or go back even further – it’s up to you.

Keep in mind that you won’t have a lot of time during your presentation, so stick to the high-level, high-impact graphs that demonstrate overarching trends or themes.

Show different views of the details

See Tab 3 “Historical Analysis” in your IT Cost Forecasting and Budgeting Workbook for these outputs.

5.1a Select your retrospective content

30 minutes

1. Open your copy of the IT Cost Forecasting and Budgeting Workbook.
2. From Tabs 1, “Historical Events & Projects, 3 “Historical Analysis”, and 6, “Vendor Worksheet,” select the visual outputs (graphs and lists) you plan to include in the retrospective section of your presentation. Consider the following when determining what to include or exclude:
   1. Fundamentals: Elements such as budgeted vs. actual, distribution across expenditure types, and drivers of variance are mandatory.
   2. Key clarifications: What expectations need to be set or common misunderstandings cleared up? Strategically insert visuals that introduce and explain important concepts early.
   3. Your time allowance. Plan for a maximum of seven minutes for every half hour of total presentation time.
3. Note what you plan to include in your presentation and set aside.

Download the IT Cost Forecasting and Budgeting Workbook

Next, transition from past expenditure to your proposal for the future

Build a logical bridge between what happened in the past to what’s coming up next year using a comparative approach and feature major highlights.

This transitional phase between the past and the future is important for the following reasons:

1. It illustrates any consistent patterns of IT expenditure that may exist and be relevant in the near term.
2. It sets the stage for explaining any deviations from historical patterns that you’re about to propose.
3. It grounds proposed IT expenditure within the context of commitments made in previous years.

Consider this the essential core of your presentation – this is the key message and what your audience came to hear.

Target timeframe for presentation: 10 minutes

Key objectives: Transition, reveal proposed budget.

Potential content for section:

• Last year’s actuals vs. next year’s proposed.
• Next year’s proposed budget in context of the past five years’ year-over-year actuals.
• Last year’s actual expenditure type distribution vs. next year’s proposed budget distribution.
• Major projects to be started next year.

“The companies...that invest the most in IT aren’t necessarily the best performers.
On average, the most successful small and medium companies are more frugal when it comes to
company spend on IT (as long as they do it judiciously).”

– Source: Techvera, 2023

Compare next year to last year

See Tab 8, “Proposed Budget Analysis” in your IT Cost Forecasting and Budgeting Workbook for these outputs.

Last year’s total actuals vs. next year’s total forecast	Proposed budget in context: Year-over-year expenditure	Last year’s actuals vs. next year’s proposed by expenditure type	Last year’s expenditure per FTE vs. next year’s proposed
Graph	Graph	Graph	Graph
Mandatory: This is the most important graph for connecting the past with the future and is also the first meaningful view your audience will have of your proposed budget for next year.	Mandatory: Here, you will continue the long-term view introduced in your historical data by adding on next year’s projections to your existing five-year historical trend. The percentage change from last year to next year will be the focus.	Recommended: A double-comparative breakdown of last year vs. next year by non-project OpEx, non-project CapEx, and project CapEx illustrates where major events, decisions, and changes are having their impact.	Optional: This graph is particularly useful in demonstrating the success of cost-control if the actual proposed budget is higher that the previous year but the IT cost per employee has gone down.

Select business projects to profile

See Tab 5, “Project CapEx Forecast” in your IT Cost Forecasting and Budgeting Workbook for the data and information to create these outputs.

You can’t profile every project on the list, but it’s important that your stakeholders see their priorities clearly reflected in your budget; projects are the best way to do this.

If you’ve successfully pre-sold your budget and partnered with business-unit leaders to define IT initiatives, your stakeholders should already be very familiar with the project summaries you put in front of them in your presentation.

5.1b Select your transitional past-to-future content

30 minutes

1. Open your copy of the IT Cost Forecasting and Budgeting Workbook.
2. From Tabs 5, “Project CapEx Forecast” and 7, “Proposed Budget Analysis”, select the visual outputs (graphs and lists) you plan to include in the transitional section of your presentation. Consider the following when determining what to include or exclude:
   1. Shift from CapEx to OpEx: If this has been a point of contention or confusion with your CFO in the past, or if your organization has actively committed to greater cloud or outsourcing intensity, you’ll want to show this year-to-year shift in expenditure type.
   2. Strategic priorities: Profile major capital projects that reflect stakeholder priorities. If your audience is already very familiar with these projects, you may be able to skip detailed profiles and simply list them.
   3. Your time allowance. Plan for a maximum of 10 minutes for every half hour of total presentation time.
3. Note what you plan to include in your presentation and set aside.

Download the IT Cost Forecasting and Budgeting Workbook

Finally, carefully select detailed drill-downs that add clarity and depth to your proposed budget

The graphs you select here will be specific to your audience and any particular message you need to send.

This detailed phase of your presentation is important because it allows you to:

1. Highlight specific areas of IT expenditure that often get buried under generalities.
2. View your proposed budget from different perspectives that are most meaningful to your audience, such as traditional workforce vs. vendor allocations, expenditure by IT service, business-unit consumption, and the allocation of funds to innovation and growth versus daily IT operations.
3. Get stakeholder attention. For example, laying out exactly how much money will be spent next year in support of the Sales Department compared to other units will get the VP of Sales’ attention…and everyone else’s, for that matter. This kind of transparency is invaluable for enabling meaningful conversations and thoughtful decision-making about IT spend.

Target timeframe for presentation: 7 minutes, but this phase of the presentation may naturally segue into the final Q&A.

Key objectives: Transparency, dialogue, buy-in.

Potential content for section:

• Allocation across workforce vs. vendors
• Top vendors by expenditure
• Allocation across on-premises vs. cloud
• Allocation across core IT services
• Allocation across core business units
• Allocation across business focus area

“A budget is a quantified version of
your service-level agreements.”

– Darin Stahl, Distinguished Analysis & Research Fellow,
Info-Tech Research Group,

Start with the expense view details

See Tab 8, “Proposed Budget Analysis” in your IT Cost Forecasting and Budgeting Workbook for these outputs.

If you have a diverse audience with diverse interests, be very selective – you don’t want to bore them with things they don’t care about.

Offer choice details on the other views

See Tab 8, “Proposed Budget Analysis” in your IT Cost Forecasting and Budgeting Workbook for these outputs.

Inclusion of these graphs really depends on the makeup of your audience. It’s a good decision to show all of them to your CFO at some point before the formal presentation. Consider getting their advice on what to include and exclude.

5.1c Select next year’s expenditure sub-category details

30 minutes

1. Open your copy of the IT Cost Forecasting and Budgeting Workbook.
2. From Tab 8, “Proposed Budget Analysis,” select the visual outputs (graphs) you plan to include in the targeted expenditure sub-category details section of your presentation. Consider the following when determining what to include or exclude:
   1. The presence of important fence-sitters. If there are key individuals who require more convincing, this is where you show them the reality of what it costs to deliver their most business-critical IT services to them.
   2. The degree to which you’ve already gone over the numbers previously with your audience. Again, if you’ve done your pre-selling, this data may be old news and not worth going over again.
   3. Your time allowance. Plan for a maximum of seven minutes for every half hour of total presentation time.
3. Note what you plan to include in your presentation and set aside.

Download the IT Cost Forecasting and Budgeting Workbook

Finalize your line-up and put your selected content into a presentation template

This step is about nailing down the horizontal logic of the story you want to tell. Start by ordering and loading the visualizations of your budget data.

Download Info-Tech’s IT Budget Executive Presentation Template

If you prefer, use your own internal presentation standard template instead and Info-Tech’s template as a structural guide.

Regardless of the template you use, Info-Tech recommends the following structure:

1. Summary: An overview of your decision-making assumptions, initial targets given the business context, and the total proposed IT budget amount.
2. Retrospective: An overview of previous years’ performance, with a specific focus on last fiscal year.
3. Proposed budget overview: A high-level view of the proposed budget for next fiscal year in the context of last year’s performance (i.e. the bridge from past to future), including alternative scenarios considered and capital projects on the roster.
4. Proposed budget details by category: Detailed views of the proposed budget by expense type, IT service, business unit, and business focus category.
5. Next steps: Include question-and-answer and itemization of your next actions through to submitting your final budget to the CFO.

Draft the commentary that describes and highlights your data’s key messages

This is where the rationales that you perfected earlier come into play.

Leave the details for the speaker’s notes.
Remember that this is an executive presentation. Use tags, pointers, and very brief sentences in the body of the presentation itself. Avoid walls of text. You want your audience to be listening to your words, not reading a slide.

Speak to everything that represents an increase or decrease of more than 5% or that simply looks odd.
Being transparent is essential. Don’t hide anything. Acknowledge the elephant in the room before your audience does to quickly stop suspicious or doubtful thoughts

Identify causes and rationales.
This is why your numbers are as they are. However, if you’re not 100% sure what all driving factors are, don’t make them up. Also, if the line between cause and effect isn’t straight, craft in advance a very simple way of explaining it that you can offer whenever needed.

Be neutral and objective in your language.
You need to park strong feelings at the door. You’re presenting rational facts and thoroughly vetted recommendations. The best defense is not to be defensive, or even offensive for that matter. You don’t need to argue, plead, or apologize – let your information speak for itself and allow the audience to arrive at their own logical conclusions.

Re-emphasize your core themes to create connections.
If a single strategic project is driving cost increases across multiple cost categories, point it out multiple times if needed to reinforce its importance. If an increase in one area is made possible by a significant offset in another, say so to demonstrate your ongoing commitment to efficiencies. If a single event from last year will continue having cost impacts on several IT services next year, spell this out.

5.2 Develop an executive presentation

Duration: 2 hours

1. Download the IT Budget Executive Presentation PowerPoint template.
2. Open your working version of the IT Cost Forecasting and Budgeting Workbook and copy and paste your selected graphs and tables into the template. Note: Pasting as an image will preserve graph formatting.
3. Incorporate observations and insights about your proposed budget and other analysis into the template where indicated.
4. Conduct an internal review of the final presentation to ensure it includes all the elements you need and is error-free.

Note: Refer to your organization’s standards and norms for executive-level presentations and either adapt the Info-Tech template accordingly or use your own.

Download the IT Budget Executive Presentation template

Now it’s time to present your proposed IT budget for next fiscal year

If you’ve done your homework and pre-sold your budget, the presentation itself should be a mere formality with no surprises for anyone, including you.

Some final advice on presenting your proposed budget…

The only other thing that can boost your chances is if you’re lucky enough to be scheduled to present between 10:00 and 11:00 on a Thursday morning when people are most agreeable. Beyond that, apply the standard rules of good presentations to optimize your success.

Your presentation is done – now re-focus on budget finalization and submission

This final stage tends to be very administrative. Follow the rules and get it done.

• Incorporate feedback: Follow up on comments from your first presentation and reflect them in your budget if appropriate. This may include:
  • Having follow-up conversations with stakeholders.
  • Further clarifying the ROI projections or business benefits.
  • Adjusting proposed expenditure amounts based on new information or a shift in priorities.
  • Adding details or increasing granularity around specific issues of interest.
• Trim: Almost every business unit leader will need to make cuts to their initial budget proposal. After all, the CFO has a finite pool of money to allocate. If all’s gone well, it may only be a few percent. Resurrect your less-costly alternative scenario and selectively apply the options you laid out there. Focus on downsizing or deferring capital projects if possible. If you must trim OpEx, remind the CFO about any service-level adjustments that will need to happen to make the less expensive alternatives work.
• Re-present: It’s not unusual to have to present your budget one more time after you’ve made your adjustments. In some organizations, the first presentation is to an internal executive group while the second one is to a governing board. The same rules apply to this second presentation as to your first one.
• Submit: Slot your final budget into the list of accounts prescribed in the budget template provided by Finance. These templates often don’t align with IT’s budget categories, but you’ll have to make do.

Phase recap: Create and deliver your presentation

You’ve reached the end of the budget creation and approval process. Now you can refocus on using your budget as a living governance tool.

This phase focused on developing your final proposed budget presentation for delivery to your various stakeholders. Here, you:

• Planned your final content. You selected the data and visuals to include and highlight.
• Built your presentation. You pulled everything together into a PowerPoint template and crafted commentary to tell a cohesive IT budget story.
• Presented to stakeholders. You delivered your proposed IT budget and solicited their comments and feedback.
• Made final adjustments and submitted your budget. You applied final tweaks, deconstructed your budget to fit Finance’s template, and submitted it for entry into Finance’s system.

“Everyone understands that there’s never enough money. The challenge is prioritizing the right work and funding it.”

– Trisha Goya, Director, IT Governance & Administration, Hawaii Medical Service Association

Next Steps

“Keep that conversation going throughout the year so that at budgeting time no one is surprised…Make sure that you’re telling your story all year long and keep track of that story.”

– Angela Hintz, VP of PMO & Integrated Services,
Blue Cross and Blue Shield of Louisiana

This final section will provide you with:

• An overall summary of accomplishment.
• Recommended next steps.
• A list of contributors to this research.
• Some related Info-Tech resources.

Summary of Accomplishment

You’ve successfully created a transparent IT budget and gotten it approved.

By following the phases and steps in this blueprint, you have:

1. Learned more about what an IT budget does and what it means to your key stakeholders.
2. Assembled your budgeting team and critical data needed for forecasting and budgeting, as well as set expenditure goals for next fiscal year, and metrics for improving the budgeting process overall.
3. Forecasted your project and non-project CapEx and OpEx for next fiscal year and beyond.
4. Fine-tuned your proposed expenditure rationales.
5. Crafted and delivered an executive presentation and got your budget approved.

What’s next?

Use your approved budget as an ongoing IT financial management governance tool and track your budget process improvement metrics.

If you would like additional support, have our analysts guide you through an Info-Tech full-service engagement or Guided Implementation.

Contact your account representative for more information.

1-888-670-8889

Research Contributors and Experts

Research Contributors and Experts

Related Info-Tech Research & Services

Achieve IT Spend & Staffing Transparency

• IT spend has increased in volume and complexity, but how IT spend decisions are made has not kept pace.
• Lay a foundation for meaningful conversations and informed decision making around IT spend by transparently mapping exactly where IT funds are really going.

IT Spend & Staffing Benchmarking Service

• Is a do-it-yourself approach to achieving spend transparency too onerous? Let Info-Tech do the heavy lifting for you.
• Using Info-Tech’s ITFM Cost Model, our analysts will map your IT expenditure to four different stakeholder views – CFO Expense View, CIO Service View, CXO Business View, and CEO Innovation View – so that you clearly show where expenditure is going in terms that stakeholders can relate to and better demonstrate IT’s value to the business.
• Get a full report that shows how your spend is allocated plus benchmarks that compare your results to those of your industry peers.

Build Your IT Cost Optimization Roadmap

• Cost optimization is usually thought about in terms of cuts, when it’s really about optimizing IT’s cost-to-value ratio.
• Develop a cost-optimization strategy based on your organization’s circumstances and timeline focused on four key areas of IT expenditure: assets, vendors, projects, and workforce.

Bibliography

“How Much Should a Company Spend on IT?” Techvera, no date. Accessed 3 Mar. 2023.
“State of the CIO Study 2023.” Foundry, 25 Jan. 2023. Accessed 3 Mar. 2023.
Aberdeen Strategy & Research. “The State of IT 2023.” Spiceworks. Ziff Davis, 2022. Accessed 28 Feb. 2023.
Ainsworth, Paul. “Responsibilities of the Modern CFO - A Function in Transition.” TopTal, LLC., no date. Accessed 15 Feb. 2023.
Balasaygun, Kaitlin. “For the first time in a long time, CFOs can say no to tech spending.” CNBC CFO Council, 19 Jan. 2023. Accessed 17 Feb. 2023.
Bashir, Ahmad. “Objectives of Capital Budgeting and factors affecting Capital Budget Decisions.” LinkedIn, 27 May 2017. Accessed 14 Apr. 2023.
Blackmon, Kris. “Building a Data-Driven Budget Pitch the C-Suite Can't Refuse.” NetSuite Brainyard, 21 Sep. 2021. Accessed 17 Feb. 2023
Butcher, Daniel. “CFO to CFO: Budgeting to Fund Strategic Plans.” Strategic Finance Magazine/Institute of Management Accountants, 1 Dec. 2021. Accessed 17 Feb. 2023
Gray, Patrick. “IT Budgeting: A Cheat Sheet.” TechRepublic, 29 Jul. 2020. Accessed 28 Feb. 2023.
Greenbaum, David. “Budget vs. Actuals: Budget Variance Analysis & Guide.” OnPlan, 15 Mar. 2022. Accessed 22 Mar. 2023.
Huber, Michael and Joan Rundle. “How to Budget for IT Like a CFO.” Huber & Associates, no date. Accessed 15 Feb. 2023.
Kinney, Tara. “Executing Your Department Budget Like a CFO.” Atomic Revenue, LLC., no date. Accessed 15 Feb. 2023.
Lafley, A.G. “What Only the CFO Can Do.” Harvard Business Review, May 2009. Accessed 15 Mar. 2009.
Moore, Peter D. “IN THE DIGITAL WORLD, IT should be run as a profit center, not a cost center.” Wild Oak Enterprise, 26 Feb. 2020. Accessed 3 Mar. 2023.
Nordmeyer, Bille. “What Factors Are Going to Influence Your Budgeting Decisions?” bizfluent, 8 May 2019. Accessed 14 Apr. 2023
Ryan, Vincent. “IT Spending and 2023 Budgets Under Close Scrutiny.” CFO, 5 Dec. 2022. Accessed 3 Mar. 2023.
Stackpole, Beth. “State of the CIO, 2022: Focus turns to IT fundamentals.” CIO Magazine, 21 Mar. 2022. Accessed 3 Mar. 2023.

Applications Priorities 2023

Applications are the engine of the business: keep them relevant and modern

What we are facing today is transforming the ways in which we work, live, and relate to one another. Applications teams and portfolios MUST change to meet this reality.

Economic, social, and regulatory conditions have changed livelihoods, businesses, and marketplaces. Modern tools and technologies have acted as lifelines by minimizing operating and delivery costs, and in the process, establishing a strong foundation for growth and maturity.

As organizations continue to strengthen business continuity, disaster recovery, and system resilience, activities to simply "keep the lights on" are not enough. Be pragmatic in the prioritization and planning of your applications initiatives, and use your technologies as a foundation for your growth.

Your applications must meet the top business goals of your CXOs

• Ensure service continuity
• Improve customer experience
• Make data-driven decisions
• Maximize stakeholder value
• Manage risk

Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022, n=568.

Select and align your applications priorities to your business goals and objectives

Applications are critical components in any business strategic plan. They can directly influence an organization's internal and external brand and reputation, such as their:

• Uniqueness, competitiveness, and innovativeness in the industry.
• Ability to be dynamic, flexible, and responsive to changing expectations, business conditions, and technologies.

Therefore, business leaders are continuously looking for innovative ways to better position their application portfolios to satisfy their goals and objectives, i.e. applications priorities. Given the scope and costs often involved, these priorities must be carefully crafted to clearly state achievable business outcomes that satisfy
the different needs of very different customers, stakeholders, and users.

Today's business applications are good but leave room for improvement

72%
Average business application satisfaction score among IT leadership in 1582 organizations.

Source: CIO Business Vision, August 2021 to July 2022, N=190.

Five Applications Priorities for 2023

In this report, we explore five priorities for emerging and leading-edge technologies and practices that can improve on capabilities needed to meet the Ambitions of your organization.

Strengthen your foundations to better support your applications priorities

These key capabilities are imperative to the success of your applications strategy.

KPI and Metrics

Easily attainable and insightful measurements to gauge the progress of meeting strategic objectives and goals (KPIs), and the performance of individual teams, practices and processes (metrics).

BUSINESS ALIGNMENT

Gain an accurate understanding and interpretation of stakeholder, end-user, and customer expectations and priorities. These define the success of business products and services considering the priorities of individual business units and teams.

EFFICIENT DELIVERY & SUPPORT PRACTICE

Software delivery and support roles, processes, and tools are collaborative, well equipped and resourced, and optimized to meet changing stakeholder expectations.

Data Management & Governance

Ensuring data is continuously reliable and trustworthy. Data structure and integrations are defined, governed, and monitored.

Product & Service Ownership

Complete inventory and rationalization of the product and service portfolio, prioritized backlogs, roadmaps, and clear product and service ownership with good governance. This helps ensure this portfolio is optimized to meet its goals and objectives.

Strengthen your foundations to better support your applications priorities (cont'd)

These key capabilities are imperative to the success of your applications strategy.

Organizational Change Management

Manage the adoption of new and modified processes and technologies considering reputational, human, and operational concerns.

IT Operational Management

Continuous monitoring and upkeep of products and services to assure business continuity, and system reliability, robustness and disaster recovery.

Architectural Framework

A set of principles and standards that guides the consistent, sustainable and scalable growth of enterprise technologies. Changes to the architecture are made in collaboration with affected parties, such as security and infrastructure.

Application Security

The measures, controls, and tactics at the application layer that prevent vulnerabilities against external and internal threats and ensure compliance to industry and regulatory security frameworks and standards.

There are many factors that can stand in your team's way

Expectations on your applications team have increased, while the gap between how stakeholders and applications teams perceive effectiveness remains wide. This points to a need to clarify the requirements to deliver valuable and quality applications and address the pressures challenging your teams.

1. Attracting and retaining talent
2. Maximizing the return on technology
3. Confidently shifting to digital
4. Addressing competing priorities
5. Fostering a collaborative culture
6. Creating high-throughput teams

CIOs agree that at least some improvement is needed across key IT activities

Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022, n=568.

Pressure Point 1:
Attracting and Retaining Talent

Recent environmental pressures impacted traditional working arrangements and showed more workplace flexibility is often possible. At the same time, many employees' expectations about how, when, and where they choose to work have also evolved. Recruitment and retention are reflections of different sides of the same employee value proposition coin. Organizations that fail to reinvent their approach to attracting and retaining talent by focusing on candidate and employee experience risk turnover, vacancies, and lost opportunities that can negatively impact the bottom line.

Address the underlying challenges

• Lack of employee empowerment and few opportunities for learning and development.
• Poor coworker and manager relationships.
• Compensation and benefits are inadequate to maintain desired quality of life.
• Unproductive work environment and conflicting balance of work and life.
• Unsatisfactory employee experience, including lack of employee recognition
  and transparency of organizational change.

While workplace flexibility comes with many benefits, longer work hours jeopardize wellbeing.
62% of organizations reported increased working hours, while 80% reported an increase in flexibility.
Source: McLean & Company, 2022; n=394.

Be strategic in how you fill and train key IT skills and capabilities

• Cybersecurity
• Big Data/Analytics
• Technical Architecture
• DevOps
• Development
• Cloud

Source: Harvey Nash Group, 2021; n=2120.

Pressure Point 2:
Maximizing the Return of Technology

Recent environmental pressures impacted traditional working arrangements and showed more workplace flexibility is often possible. At the same time, many employees' expectations about how, when, and where they choose to work have also evolved. Recruitment and retention are reflections of different sides of the same employee value proposition coin. Organizations that fail to reinvent their approach to attracting and retaining talent by focusing on candidate and employee experience risk turnover, vacancies, and lost opportunities that can negatively impact the bottom line.

Address the underlying challenges

• Inability to analyze, propose, justify, and communicate modernization solutions in language the stakeholders understand and in a way that shows they clearly support business priorities and KPIs and mitigate risks.
• Little interest in documenting and rationalizing products and services through business-IT collaboration.
• Lack of internal knowledge of the system and loss of vendor support.
• Undefined, siloed product and service ownership and governance, preventing solutions from working together to collectively deliver more value.
• Little stakeholder appetite to invest in activities beyond "keeping the lights on."

Only 64% of applications were identified as effective by end users.
Effective applications are identified as at least highly important and have high feature and usability satisfaction.
Source: Application Portfolio Assessment, August 2021 to July 2022; N=315.

"Regardless of the many definitions of modernization floating around, the one characteristic that we should be striving for is to ensure our applications do an outstanding job of supporting the users and the business in the most effective and efficient manner possible."
Source: looksoftware.

Pressure Point 3:
Confidently Shifting to Digital

"Going digital" reshapes how the business operates and drives value by optimizing how digital and traditional technologies and tactics work together. This shift often presents significant business and technical risks to business processes, enterprise data, applications, and systems which stakeholders and teams are not aware of or prepared to accommodate.

Address the underlying challenges

• Differing perspectives on digital can lead to disjointed transformation initiatives, oversold benefits, and a lack of synergy among digital technologies and processes.
• Organizations have difficulty adapting to new technologies or rethinking current business models, processes, and ways of working because of the potential human, ethical, and reputational impacts and restrictions from legacy systems.
• Management lacks a framework to evaluate how their organization manages and governs business value delivery.
• IT is not equipped or resourced to address these rapidly changing business, customer, and technology needs.
• The wrong tools and technologies were chosen to support the shift to digital.

The shift to digital processes is starting, but slowly.
62% of respondents indicated that 1-20% of their processes were digitized during the past year.
Source: Tech Trends and Priorities 2023; N=500

Resistance to change and time/budget constraints are top barriers preventing companies from modernizing their applications.
Source: Konveyor, 2022; n=600.

Pressure Point 4:
Addressing Competing Priorities

Enterprise products and services are not used, operated, or branded in isolation. The various parties involved may have competing priorities, which often leads to disagreements on when certain business and technology changes should be made and how resources, budget, and other assets should be allocated. Without a broader product vision, portfolio vision, and roadmap, the various dependent or related products and services will not deliver the same level of value as if they were managed collectively.

Address the underlying challenges

• Undefined product and service ownership and governance, including escalation procedures when consensus cannot be reached.
• Lack of a unified and grounded set of value and quality definitions, guiding principles, prioritization standards, and broad visibility across portfolios, business capabilities, and business functions.
• Distrust between business units and IT teams, which leads to the scaling of unmanaged applications and fragmented changes and projects.
• Decisions are based on opinions and experiences without supporting data.

55% of CXOs stated some improvement is necessary in activities to understand business goals.
Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

CXOs are moderately satisfied with IT's performance as a business partner (average score of 69% among all CXOs). This sentiment is similarly felt among CIOs (64%).
Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

Pressure Point 5:
Fostering a Collaborative Culture

Culture impacts business results, including bottom-line revenue and productivity metrics. Leaders appreciate the impact culture can have on applications initiatives and wish to leverage this. How culture translates from an abstract concept to something that is measurable and actionable is not straightforward. Executives need to clarify how the desired culture will help achieve their applications strategy and need to focus on the items that will have the most impact.

Address the underlying challenges

• Broad changes do not consider the unique subcultures, personalities, and behaviors of the various teams and individuals in the organization.
• Leaders mandate cultural changes without alleviating critical barriers and do not embody the principles of the target state.
• Bureaucracy and politics restrict changes and encourage the status quo.
• Industry standards, technologies, and frameworks do not support or cannot be tailored to fit the desired culture.
• Some teams are deliberately excluded from the scoping, planning, and execution of key product and service delivery and management activities.

Agile does not solve team culture challenges.
43% of organizations cited organizational culture as a significant barrier to adopting and scaling Agile practices.
Source: Digital.ai, 2021.

"Providing a great employee experience" as the second priority (after recruiting) highlights the emphasis organizations are placing on helping employees adjust after having been forced to change the way work gets done.
Source: McLean & Company, 2022; N=826.

Use your applications priorities to help address your pressure points

Success can be dependent on your ability to navigate around or alleviate your pressure points. Design and market your applications priorities to bring attention to your pressure points and position them as key risk factors to their success.

Digital Experience (DX)

PRIORITY 1

• Deliver Valuable User, Customer, Employee, and Brand Experiences

Delivering valuable digital experiences requires the adoption of good management, governance, and operational practices to accommodate stakeholder, employee, customer, and end-user expectations of digital experiences (e.g. product management, automation, and iterative delivery). Technologies are chosen based on what best enables, delivers, and supports these expectations.

Introduction

Digital transformation is not just about new tools and technologies. It is also about delivering a valuable digital experience

What is digital experience (DX)?

Digital experience (DX) refers to the interaction between a user and an organization through digital products and services. Digital products and services are tools, systems, devices, and resources that gather, store, and process data; are continuously modernized; and embody eight key attributes that are described on the following slide. DX is broken down into four distinct perspectives*:

• Customer Experience – The immediate perceptions of transactions and interactions experienced through a customer's journey in the use of the organization's digital
  products and services.
• End-User Experience – Users' emotions, beliefs, and physical and psychological responses
  that occur before, during, or after interacting with a digital product or service.
• Brand Experience – The broader perceptions, emotions, thoughts, feelings and actions the public associate with the organization's brand and reputation or its products and services. Brand experience evolves over time as customers continuously engage with the brand.
• Employee Experience – The satisfaction and experience of an employee through their journey with the organization, from recruitment and hiring to their departure. How an employee embodies and promotes the organization brand and culture can affect their performance, trust, respect, and drive to innovate and optimize.

Digital products and services have a common set of attributes

Digital transformation is not just about new tools and technologies. It is also about delivering a valuable digital experience

• Digital products and services must keep pace with changing business and end-user needs as well as tightly supporting your maturing business model with continuous modernization. Focus your continuous modernization on the key characteristics that drive business value.
• Fit for purpose: Functionalities are designed and implemented for the purpose of satisfying the end user's needs and solving their problems.
• User-centric: End users see the product as rewarding, engaging, intuitive, and emotionally satisfying. They want to come back to it.
• Adaptable: The product can be quickly tailored to meet changing end-user and technology needs with reusable and customizable components.
• Accessible: The product is available on demand and on the end user's preferred interface.
  End users have a seamless experience across all devices.
• Private and secured: The end user's activity and data are protected from unauthorized access.
• Informative and insightful: The product delivers consumable, accurate, and trustworthy real-time data that is important to the end user.
• Seamless application connection: The product facilitates direct interactions with one or more other products through an uninterrupted user experience.
• Relationship and network building: The product enables and promotes the connection and interaction of people.

Signals

DX is critical for business growth and maturity, but the organization may not be ready

A good DX has become a key differentiator that gives organizations an advantage over their competition and peers. Shifts in working environments; employee, customer, and stakeholder expectations; and the advancements in modern technologies have raised the importance of adopting and transitioning to digital processes and tools to stay relevant and responsive to changing business and technology conditions.

Applications teams are critical to ensuring the successful delivery and operation of these digital processes and tools. However, they are often under-resourced and challenged to meet their DX goals.

• 7% of both business and IT respondents think IT has the resources needed to keep up with digital transformation initiatives and meet deadlines (Cyara, 2021).
• 43% of respondents said that the core barrier to digital transformation is a lack of skilled resources (Creatio, 2021).

	of organizations stated that at least 1% of processes were shifted from being manually completed to digitally completed in the last year. 29% of organizations stated at least 21% were shifted. Source: Tech Trends and Priorities 2023; N=500.
	of organizations recognized digital transformation is important for competitive advantage. 94% stated it is important to enhance customer experience, and 91% stated it will have a positive impact on revenue. Source: Cyara, 2021.

Drivers

Brand and reputation

Customers are swayed by the innovations and advancements in digital technologies and expect your applications team to deliver and support them. Your leaders recognize the importance of these expectations and are integrating them into their business strategy and brand (how the organization presents itself to its customers, employees and the public). They hope that their actions will improve and shape the company's reputation (public perception of the company) as effective, customer-focused, and forward-thinking.

Worker productivity

As you evolve and adopt more complex tools and technology, your stakeholders will expect more from business units and IT teams. Unfortunately, teams employing manual processes and legacy systems will struggle to meet these expectations. Digital products and services promote the simplification of complex operations and applications and help the business and your teams better align operational practices with strategic goals and deliver valuable DX.

Organization modernization

Legacy processes, systems, and ways of working are no longer suitable for meeting the strategic digital objectives and DX needs stakeholders expect. They drive up operational costs without increased benefits, impede business growth and innovation, and consume scarce budgets that could be used for other priorities. Shifting to digital tools and technologies will bring these challenges to light and demonstrate how modernization is an integral part of DX success.

Benefits & Risks

Benefits

• Flexibility & Satisfaction
• Adoption
• Reliability

Employees and customers can choose how they want to access, modify, and consume digital products and services. They can be tailored to meet the specific functional needs, behaviors, and habits of the end user.

The customer, end user, brand, and employee drive selection, design, and delivery of digital products and services. Even the most advanced technologies will fail if key roles do not see the value in their use.

Digital products and services are delivered with technical quality built into them, ensuring they meet the industry, regulatory, and company standards throughout their lifespan and in various conditions.

Risks

• Legacy & Lore
• Bureaucracy & Politics
• Process Inefficiencies
• No Quality Standards

Some stakeholders may not be willing to change due to their familiarity and comfort of business practices.

Competing and conflicting priorities of strategic products and services undermine digital transformation and broader modernization efforts.

Business processes are often burdened by wasteful activities. Digital products and services are only as valuable as the processes they support.

The performance and support of your digital products and services are hampered due to unmanageable technical debt because of a deliberate decision to bypass or omit quality good practices.

Address your pressure points to fully realize the benefits of this priority

Success can be dependent on your ability to address your pressure points.

Recommendations

Build a digital business strategy

A digital business strategy clearly articulates the goals and ambitions of the business to adopt digital practices, tools, and technologies. This document:

• Looks for ways to transform the business by identifying what technologies to embrace, what processes to automate, and what new business models to create.
• Unifies digital possibilities with your customer experiences.
• Establishes accountability with the executive leadership.
• States the importance of cross-functional participation from senior management across the organization.

Related Research:

• Define Your Digital Business Strategy

Learn, understand, and empathize with your users, employees, and customers

• To create a better product, solution, or service, understanding those who use it, their needs, and their context is critical.
• A great experience design practice can help you balance those goals so that they are in harmony with those of your users.
• IT leaders must find ways to understand the needs of the business and develop empathy on a much deeper level. This empathy is the foundation for a thriving business partnership.

Related Research:

• Apply Design Thinking to Build Empathy With the Business
• Implement and Mature Your User Experience Design Practice

Recommendations

Center product and service delivery decisions and activities on DX and quality

User, customer, employee, and brand are integral perspectives on the software development lifecycle (SDLC) and the management and governance practices supporting digital products and services. It ensures quality standards and controls are consistently upheld while maintaining alignment with various needs and priorities. The goal is to come to a consensus on a universal definition and approach to embed quality and DX-thinking throughout the delivery process.

Related Research:

• Modernize Your SDLC
• Make the Case for Product Delivery
• Build a Software Quality Assurance Program

Instill collaborative delivery practices

Today's rapidly scaling and increasingly complex digital products and services create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality. This pressure is further compounded by the competing priorities of individual stakeholders and the nuances among different personas of digital products and services.

A collaborative delivery practice sets the activities, channels, and relationships needed to deliver a valuable and quality product or service with cross-functional awareness, accountability, and agreement.

Related Research:

• Implement Agile Practices That Work
• Implement DevOps Practices That Work
• Build Your BizDevOps Playbook

Recommendations

Continuously monitor and modernize your digital products and services

Today's modern digital products and services are tomorrow's shelfware. They gradually lose their value, and the supporting technologies will become obsolete. Modernization is a continuous need.

Data-driven insights help decision makers decide which products and services to retire, upgrade, retrain on, or maintain to meet the demands of the business.

Enhancements focusing on critical business capabilities strengthen the case for investment and build trust with all stakeholders.

Related Research:

• Application Portfolio Assessment: End User Feedback
• Application Portfolio Management Foundations
• Modernize Your Applications

CASE STUDY
Mastercard in Asia

Focus on the customer journey

Chief Marketing Officer M.V. Rajamannar (Raja) wanted to change Mastercard's iconic "Priceless" ad campaign (with the slogan "There are some things money can't buy. For everything else there's Mastercard."). The main reasons were that the campaign relied on one-way communication and targeted end customers, even though Mastercard doesn't issue cards directly to customers; partner banks do. To drive the change in campaign, Raja and his team created a digital engine that leveraged digital and social media. Digital engine is a seven-step process based on insights gleaned from data and real-time optimization.

1. Emotional spark: Using data to understand customers' passion points, Mastercard builds videos and creatives to ignite an emotional spark and give customers a reason to engage. For example, weeks before New Year's Eve, Mastercard produced a video with Hugh Jackman to encourage customers to submit a story about someone who deeply mattered to them. The authors of the winning story would be flown to reunite with those both distant and dear.
2. Engagement: Mastercard targets the right audience with a spark video through social media to encourage customers to share their stories.
3. Offers: To help its partner banks and merchants in driving their business, the company identifies the best offers to match consumers' interests. In the above campaign, Mastercard's Asia-Pacific team found that Singapore was a favorite destination for Indian customers, so they partnered with Singapore's Resorts World Sentosa with an attractive offer.
4. Real-time optimization: Mastercard optimizes, in real time, a portfolio of several offers through A/B testing and other analysis.
5. Amplification: Real-time testing provides confidence to Mastercard about the potential success of these offers and encourages its bank and merchant partners to co-market and co-fund these campaigns.
6. Network effects: A few weeks after consumers submitted their stories about distant loved ones, Mastercard selected winners, produced videos of them surprising their friends and families, and used these videos in social media to encourage sharing.
7. Incremental transactions: These programs translate into incremental business for banks who issue cards, for merchants where customers spend money, and for Mastercard, which gets a portion of every transaction.

Source: Harvard Business Review Press

CASE STUDY
Mastercard in Asia (cont'd)

Focus on the customer journey

1. Emotional Spark
   Drives genuine personal stories
2. Engagement
   Through Facebook
   and social media
3. Offers
   From merchants
   and Mastercard assets
4. Optimization
   Real-time testing of offers and themes
5. Amplification
   Paid and organic programmatic buying
6. Network Effects
   Sharing and
   mass engagement
7. Incremental Transactions
   Win-win for all parties

CASE STUDY
Mastercard in Asia (cont'd)

The Mastercard case highlights important lessons on how to engage customers:

• Have a broad message. Brands need to connect with consumers over how they live and spend their time. Organizations need to go beyond the brand or product message to become more relevant to consumers' lives. Dove soap was very successful in creating a conversation among consumers with its "Real Beauty" campaign, which focused not on the brand or even the product category, but on how women and society view beauty.
• Shift from storytelling to story making. To break through the clutter of advertising, companies need to move from storytelling to story making. A broader message that is emotionally engaging allows for a two-way conversation.
• Be consistent with the brand value. The brand needs to stand for something, and the content should be relevant to and consistent with the image of the brand. Pepsi announced an award of $20 million in grants to individuals, businesses, and nonprofits that promote a new idea to make a positive impact on community. A large number of submissions were about social causes that had nothing to do with Pepsi, and some, like reducing obesity, were in conflict with Pepsi's product.
• Create engagement that drives business. Too much entertainment in ads may engage customers but detract from both communicating the brand message and increasing sales. Simply measuring the number of video views provides only a partial picture of a program's success.

Intelligent Automation

PRIORITY 2

• Extend Automation Practices with AI and ML

AI and ML are rapidly growing. Organizations see the value of machines intelligently executing high-performance and dynamic tasks such as driving cars and detecting fraud. Senior leaders see AI and ML as opportunities to extend their business process automation investments.

Introduction

Intelligent automation is the next step in your business process automation journey

What is intelligent automation (IA)?

Intelligent automation (IA) is the combination of traditional automation technologies, such as business process management (BPM) and robotic process automation (RPA), with AI and ML. The goal is to further streamline and scale decision making across various business processes by:

• Removing human interactions.
• Addressing decisions that involve complex variables.
• Automatically adapting processes to changing conditions.
• Bridging disparate automation technologies into an integrated end-to-end value delivery pipeline.

"For IA to succeed, employees must be involved in the transformation journey so they can experience firsthand the benefits of a new way of working and creating business value," (Cognizant).

What is the difference between IA and hyperautomation?

"Hyperautomation is the act of automating everything in an organization that can be automated. The intent is to streamline processes across an organization using intelligent automation, which includes AI, RPA and other technologies, to run without human intervention. … Hyperautomation is a business-driven, disciplined approach that organizations use to rapidly identify, vet, and automate as many business and IT processes as possible" (IBM, 2021).

Note that hyperautomation often enables IA, but teams solely adopting IA do not need to abide to its automation-first principles.

IA is a combination of various tools and technologies

What tools and technologies are involved in IA?

• Artificial intelligence (AI) & Machine Learning (ML) – AI systems perform tasks mimicking human intelligence such as learning from experience and problem solving. AI is making its own decisions without human intervention. Machine learning systems learn from experience and without explicit instructions. They learn patterns from data then analyze and make predictions based on past behavior and the patterns learned. AI is a combination of technologies and can include machine learning.
• Intelligent Business Process Management System (iBPMS) – Combination of BPM tools with AI and other intelligence capabilities.
• Robotic Process Automation (RPA) – Robots leveraging an application's UI rather than programmatic access. Automate rules-based, repetitive tasks performed by human workers with AI/ML.
• Process Mining & Discovery – Process mining involves reading system event logs and application transactions and applying algorithmic analysis to automatically identify and map inferred business processes. Process discovery involves unintrusive virtual agents that sit on a user's desktop and record and monitor how they interact with applications to perform tasks and processes. Algorithms are then used to map and analyze the processes.
• Intelligent Document Processing – The conversion of physical or unstructured documents into a structured, digital format that can be used in automation solutions. Optical character recognition (OCR) and natural language processing (NPL) are common tools used to enable this capability.
• Advanced Analytics – The gathering, synthesis, transformation, and delivery of insightful and consumable information that supports data-driven decision making. Data is queried from various disparate sources and can take on a variety of structured and unstructured formats.

Signals

Process automation is an executive priority and requires organizational buy-in

Stakeholders recognize the importance of business process automation and AI and are looking for ways to deliver more value using these technologies.

• 90% of executives stated automating business workflows post-COVID-19 will ensure business continuity (Kofax, 2022).
• 88% of executives stated they need to fast-track their end-to-end digital transformation (Kofax, 2022).

However, the advertised benefits to vendors of enabling these desired automations may not be easily achievable because of:

• Manual and undocumented business processes.
• Fragmented and inaccessible systems.
• Poor data quality, insights, and security.
• The lack of process governance and management practice.

	of CXOs stated staff sufficiency, skill and engagement issues as a minor IT pain point compared to 51% of CIOs stated this issue as a major pain point. Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.
	of organizations have already invested in AI or machine learning. Source: Tech Trends and Priorities 2023; N=662

Drivers

Quality & throughput

Products and services delivered through an undefined and manual process risk the creation of preventable and catchable defects, security flaws and holes, missing information, and other quality issues. IA solutions consistently reinforce quality standards the same way across all products and services while tailoring outputs to meet an individual's specific needs. Success is dependent on the accurate interpretation and application of quality standards and the user's expectations.

Worker productivity

IA removes the tedious, routine, and mundane tasks that distract and restrict employees from doing more valuable, impactful, and cognitively focused activities. Practical insights can also be generated through IA tools that help employees make data-driven decisions, evaluate problems from different angles, and improve the usability and value of the products and services they produce.

Good process management practices

Automation magnifies existing inefficiencies of a business process management practice, such as unclear and outdated process documentation and incorrect assumptions. IA reinforces the importance of good business process optimization practices, such as removing waste and inefficiencies in a thoughtful way, choosing the most appropriate automation solution, and configuring the process in the right way to maximize the solution's value.

Benefits & Risks

Benefits

• Documentation
• Hands-Off
• Reusability

All business processes must be mapped and documented to be automated, including business rules, data entities, applications, and control points.

IA can be configured and orchestrated to automatically execute when certain business, process, or technology conditions are met in an unattended or attended manner.

IA is applicable in use cases beyond traditional business processes, such as automated testing, quality control, audit, website scraping, integration platform, customer service, and data transfer.

Risks

• Data Quality & Bias
• Ethics
• Recovery & Security
• Management

The accuracy and relevance of the decisions IA makes are dependent on the overall quality of the data
used to train it.

Some decisions can have significant reputational, moral, and ethical impacts if made incorrectly.
The question is whether it is appropriate for a non-human to make that decision.

IA is composed of technologies that can be compromised or fail. Without the proper monitoring, controls,
and recovery protocols, impacted IA will generate significant business and IT costs and can potentially harm customers, employees, and the organization.

Low- and no-code capabilities ease and streamline IA development, which makes it susceptible to becoming unmanageable. Discipline is needed to ensure IA owners are aware of the size and health of the IA portfolio.

Address your pressure points to fully realize the benefits of this priority

Success can be dependent on your ability to address your pressure points.

Recommendations

Build your business process automation playbook and practice

Formalize your business process automation practice with a good toolkit and a repeatable set of tactics and techniques.

• Clarify the problem being solved with IA.
• Optimate your processes. Apply good practices to first optimize (opti-) and then automate (-mate) key business processes.
• Deliver minimum viable automations (MVAs). Maximize the learning of automation solutions and business operational changes through small, strategic automation use cases.

Related Research:

• Build a Winning Business Process Automation Playbook

Explore the various IA tooling options

Each IA tool will address a different problem. Which tool to choose is dependent on a variety of factors, such as functional suitability, technology suitability, delivery and support capabilities, alignment to strategic business goals, and the value it is designed to deliver.

Related Research:

• Build Your First RPA Bot
• Build a Chatbot Proof of Concept

Recommendations

Introduce AI and ML thoughtfully and with a plan

Despite the many promises of AI, organizations are struggling to fully realize its potential. The reasons boil down to a lack of understanding of when these technologies should and shouldn't be used, as well as a fear of the unknown. The plan to adopt AI should include:

• Understanding of what AI really means in practice.
• Identifying specific applications of AI in the business.
• Understanding the type of AI applicable for the situation.

Related Research:

• Get Started with Artificial Intelligence
• Create an Architecture for AI

Mitigate AI and ML bias

Biases can be introduced into an IA system at any stage of the development process, from the data you collect, to the way you collect it, to which algorithms are used and what assumptions were made. In most cases, AI and ML bias is a is a social, political, and business problem.

While bias may not be intentional nor completely prevented or eliminated, early detection, good design, and other proactive preventative steps can be taken to minimize its scope and impact.

Related Research:

• Mitigate Machine Bias

CASE STUDY
University Hospitals

Challenge

University Hospitals Cleveland (UH) faces the same challenge that every major hospital confronts regarding how to deliver increasingly complex, high-quality healthcare to a diverse population efficiently and economically. In 2017, UH embarked on a value improvement program aiming to improve quality while saving $400 million over a five-year period.

In emergency department (ED) and inpatient units, leaders found anticipating demand difficult, and consequently units were often over-staffed when demand was low and under-staffed when demand was high. Hospital leaders were uncertain about how to reallocate resources based on capacity needs.

Solution

UH turned to Hospital IQ's Census Solution to proactively manage capacity, staff, and flow in the ED and inpatient areas.

By applying AI, ML, and external data (e.g. weather forecasts) to the hospital's own data (including EMR data and hospital policies), the solution helped UH make two-day census forecasts that managers used to determine whether to open or close in-patient beds and, when necessary, divert low-acuity patients to other hospitals in the system to handle predicted patient volume.

Source: University Hospitals

Results

ED boarding hours have declined by 10% and the hospital has seen a 50% reduction in the number of patients who leave the hospital without
being seen.

UH also predicts in advance patients ready for discharge and identifies roadblocks, reducing the average length of stay by 15%. UH is able to better manage staff, reducing overtime and cutting overall labor costs.

The hospital has also increased staff satisfaction and improved patient safety by closing specific units on weekends and increasing the number of rooms that can be sterilized.

Proactive Application Management

PRIORITY 3

• Strengthen Applications to Prevent and Minimize the Impact of Future Issues

Application management is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on application management when it becomes a problem. The lack of governance and practice accountability leaves this practice in a chaotic state: politics take over, resources are not strategically allocated, and customers are frustrated. As a result, application management is often reactive and brushed aside for new development.

Introduction

What is application management?

Application management ensures valuable software is successfully delivered and is maintained for continuous and sustainable business operations. It contains a repeatable set of activities needed to rationalize and roadmap products and services while balancing priorities of new features and maintenance tasks.

Unfortunately, application management is commonly perceived as a practice that solely addresses issues, updates, and incidents. However, application management teams are also tasked with new value delivery that was not part of the original release.

Why is an effective application maintenance (reactive) practice not good enough?

Application maintenance is the "process of modifying a software system or its components after delivery to correct faults, improve performance or other attributes, or adapt to a changed environment or business process," (IEEE, 1998). While it is critical to quickly fix defects and issues when they occur, reactively addressing them is more expensive than discovering them early and employing the practices to prevent them.

Even if an application is working well, its framework, architecture, and technology may not be compatible with the possible upcoming changes stakeholders and vendors may want to undertake. Applications may not be problems now, but they soon can be.

What motivates proactive application changes?

Proactive application management must be disciplined and applied strategically

Proactive application management practices are critical to maintaining business continuity. They require continuous review and modification so that applications are resilient and can address current and future scenarios. Depending on the value of the application, its criticality to business operations, and its susceptibility to technology change, a more proactive management approach may be warranted. Stakeholders can then better manage resources and budget according to the needs of specific products.

Reactive Management

Run-to-Failure

Fix and enhance the product when it breaks. In most cases, a plan is in place ahead of a failure, so that the problem can be addressed without significant disruption and costs.

Preventive

Regularly inspect and optimize the product to reduce the likelihood that it will fail in the future. Schedule inspections based on a specific timeframe or usage threshold.

Predictive

Predict failures before they happen using performance and usage data to alert teams when products are at risk of failure according to specified conditions.

Reliability and Risk Based

Analyze all possible failure scenarios for each component of the product and create tailored delivery plans to improve the stability, reliability, and value of each product.

Proactive Management

Signals

Applications begin to degrade as soon as they are used

Today's applications are tomorrow's shelfware. They gradually lose their value, stability, robustness, and compatibility with other enterprise technologies. The longer these applications are left unattended or simply "keeping the lights on," the more risks they will bring to the application portfolio, such as:

• Discovery and exploitation of security flaws and gaps.
• Increasing the lock-in to specific vendor technologies.
• Inconsistent application performance across various workloads.

These impacts are further compounded by the continuous work done on a system burdened with technical debt. Technical debt describes the result of avoided costs that, over time, cause ongoing business impacts. Left unaddressed, technical debt can become an existential threat that risks your organization's ability to effectively compete and serve its customers. Unfortunately, most organizations have a significant, growing, unmanageable technical debt portfolio.

	of respondents stated they saw an increase in perceived change in technical debt during the past three years. A quarter of respondents indicated that it stayed the same. Source: McKinsey Digital, 2020.
US $4.35 Million	is the average cost of a data breach in 2022. This figure represents a 2.6% increase from last year. The average cost has climbed 12.7% since 2020. Source: IBM, 2022; N=537.

Drivers

Technical debt

Historical decisions to meet business demands by deferring key quality, architectural, or other software delivery activities often lead to inefficient and incomplete code, fragile legacy systems, broken processes, data quality problems, and the other contributors to technical debt. The impacts for this challenge is further heightened if organizations are not actively refactoring and updating their applications behind the scenes. Proactive application management is intended to raise awareness of application fragility and prioritize comprehensive refactoring activities alongside new feature development.

Long-term application value

Applications are designed, developed, and tested against a specific set of parameters which may become less relevant over time as the business matures, technology changes, and user behaviors and interactions shift. Continuous monitoring of the application system, regular stakeholder and user feedback, and active technology trend research and vendor engagement will reveal tasks to prepare an application for future value opportunities or stability and resilience concerns.

Security and resiliency

Innovative approaches to infiltrating and compromising applications are becoming prevailing stakeholder concerns. The loopholes and gaps in existing application security protocols, control points, and end-user training are exploited to gain the trust of unsuspecting users and systems. Proactive application management enforces continuous security reviews to determine whether applications are at risk. The goal is to prevent an incident from happening by hardening or complementing measures already in place.

Benefits & Risks

Benefits

• Consistent Performance
• Robustness
• Operating Costs

Users expect the same level of performance and experience from their applications in all scenarios. A proactive approach ensures the configurations meet the current needs of users and dependent technologies.

Proactively managed applications are resilient to the latest security concerns and upcoming trends.

Continuous improvements to the underlying architecture, codebase, and interfaces can minimize the cost to maintain and operate the application, such as the transition to a loosely coupled architecture and the standardization of REST APIs.

Risks

• Stakeholder Buy-In
• Delayed Feature Releases
• Team Capacity
• Discipline

Stakeholders may not see the association between the application's value and its technical quality.

Updates and enhancements are system changes much like any application function. Depending
on the priority of these changes, new functions may be pushed off to a future release cycle.

Applications teams require dedicated capacity to proactively manage applications, but they are often occupied meeting other stakeholder demands.

Overinvesting in certain application management activities (such as refactoring, re-architecture, and redesign) can create more challenges. Knowing how much to do is important.

Address your pressure points to fully realize the benefits of this priority

Success can be dependent on your ability to address your pressure points.

Recommendations

Reinforce your application maintenance practice

Maintenance is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on maintenance when it becomes a problem.

• Justify the necessity of streamlined maintenance.
• Strengthen triaging and prioritization practices.
• Establish and govern a repeatable process.

Ensure product issues, incidents, defects, and change requests are promptly handled to minimize business and IT risks.

Related Research:

• Streamline Application Maintenance

Build an application management practice

Apply the appropriate management approaches to maintain business continuity and balance priorities and commitments among maintenance and new development requests.

This practice serves as the foundation for creating exceptional customer experience by emphasizing cross-functional accountability for business value and product and service quality.

Related Research:

• Streamline Application Management

Recommendations

Manage your technical debt

Technical debt is a type of technical risk, which in turn is business risk. It's up to the business to decide whether to accept technical debt or mitigate it. Create a compelling argument to stakeholders as to why technical debt should be a business priority rather than just an IT one.

• Define and identify your technical debt.
• Conduct a business impact analysis.
• Identify opportunities to better manage technical debt.

Related Research:

• Manage Your Technical Debt

Gauge your application's health

Application portfolio management is nearly impossible to perform without an honest and thorough understanding of your portfolio's alignment to business capabilities, business value, total cost of ownership, end-user reception and satisfaction, and technical health.

Develop data-driven insights to help you decide which applications to retire, upgrade, retrain on, or maintain to meet the demands of the business.

Related Research:

• Application Portfolio Management Foundations

Recommendations

Adopt site reliability engineering (SRE) and DevOps practices

Site reliability engineering (SRE) is an operational model for running online services more reliably by a team of dedicated reliability-focused engineers.

DevOps, an operational philosophy promoting development and operations collaboration, can bring the critical insights to make application management practices through SRE more valuable.

Related Research:

• Implement DevOps Practices That Work
• Site Reliability Engineering: What Is It? Why Is It Important for Online Businesses?
• SLOs in Site Reliability Engineering

CASE STUDY
Government Agency

Goal

A government agency needed to implement a disciplined, sustainable application delivery, planning, and management process so their product delivery team could deliver features and changes faster with higher quality. The goal was to ensure change requests, fixes, and new features would relieve requester frustrations, reduce regression issues, and allow work to be done on agreeable and achievable priorities organization-wide. The new model needed to increase practice efficiency and visibility in order to better manage technical debt and focus on value-added solutions.

Solution

This organization recognized a number of key challenges that were inhibiting its team's ability to meet its goals:

• The product backlog had become too long and unmanageable.
• Delivery resources were not properly allocated to meet the skills and capabilities needed to successfully meet commitments.
• Quality wasn't defined or enforced, which generated mounting technical debt.
• There was a lack of clear metrics and defined roles and responsibilities.
• The business had unrealistic and unachievable expectations.

Source: Info-Tech Workshop

Key practices implemented

• Schedule quarterly business satisfaction surveys.
• Structure and facilitate regular change advisory board meetings.
• Define and enforce product quality standards.
• Standardize a streamlined process with defined roles.
• Configure management tools to better handle requests.

Multisource Systems

PRIORITY 4

• Manage an Ecosystem Composed of In-House and Outsourced Systems

Various market and company factors are motivating a review on resource and system sourcing strategies. The right sourcing model provides key skills, resources, and capabilities to meet innovation, time to market, financial, and quality goals of the business. However, organizations struggle with how best to support sourcing partners and to allocate the right number of resources to maximize success.

Introduction

A multisource system is an ecosystem of integrated internally and externally developed applications, data, and infrastructure. These technologies can be custom developed, heavily configured vendor solutions, or they may be commercial off-the-shelf (COTS) solutions. These systems can also be developed, supported, and managed by internal staff, in partnership with outsourced contractors, or be completely outsourced. Multisource systems should be configured and orchestrated in a way that maximizes the delivery of specific value drivers for the targeted audience.

Successfully selecting a sourcing approach is not a simple RFP exercise to choose the lowest cost

Defining and executing a sourcing approach can be a significant investment and risk because of the close interactions third-party services and partners will have with internal staff, enterprise applications and business capabilities. A careful selection and design is necessary.

The selection of a sourcing partner is not simple. It involves the detailed inspection and examination of different candidates and matching their fit to the broader vision of the multisource system. In cases where control is critical, technology stack and resource sourcing consolidation to a few vendors and partners is preferred. In other cases, where worker productivity and system flexibility are highly prioritized, a plug-and-play best-of-breed approach is preferred.

Sourcing needs to be driven by your department and system strategies

How does the department want to be perceived?

The image that your applications department and teams want to reflect is frequently dependent on the applications they deliver and support, the resources they are composed of, and the capabilities they provide.

Therefore, choosing the right sourcing approach should be driven by understanding who the teams are and want to be (e.g. internal builder, an integrator, a plug-in player), what they can or want to do (e.g. custom-develop or implement), and what they can deliver or support (e.g. cloud or on-premises) must be established.

What value is the system delivering?

Well-integrated systems are the lifeblood of your organization. They provide the capabilities needed to deliver value to customers, employees, and stakeholders. However, underlying system components may not be sourced under a unified strategy, which can lead to duplicate vendor services and high operational costs.

The right sourcing approach ensures your partners address key capabilities in your system's delivery and support, and that they are positioned to maximize the value of critical and high-impact components.

Signals

Business demand may outpace what vendors can support or offer

Outsourcing and shifting to a buy-over-build applications strategy are common quick fixes to dealing with capacity and skills gaps. However, these quick fixes often become long-term implementations that are not accounted for in the sourcing selection process. Current application and resource sourcing strategies must be reviewed to ensure that vendor arrangements meet the current and upcoming demands and challenges of the business, customers, and enterprise technologies, such as:

• Pressure from stakeholders to lower operating costs while maintaining or increasing quality and throughput.
• Technology lock-in that addresses short-term needs but inhibits long-term growth and maturity.
• Team capacity and talent acquisition not meeting the needs of the business.

	of respondents stated they outsourced software development fully or partly in the last 12 months (2021). Source: Coding Sans, 2021.
	of respondents stated they were at least somewhat satisfied with the result of outsourcing software development. Source: Coding Sans, 2021.

Drivers

Business-managed applications

Employees are implementing and building applications without consulting, notifying, or heeding the advice of IT. IT is often ill-equipped and under-resourced to fight against shadow IT. Instead, organizations are shifting the mindset of "fight shadow IT" to "embrace business-managed applications," using good practices in managing multisource systems. A multisource approach strikes the right balance between user empowerment and centralized control with the solutions and architecture that can best enable it.

Unique problems to solve

Point solutions offer features to address unique use cases in uncommon technology environments. However, point solutions are often deployed in siloes with limited integration or overlap with other solutions. The right sourcing strategy accommodates the fragmented nature of point solutions into a broader enterprise system strategy, whether that be:

• Multisource best of breed – integrate various technologies that provide subsets of the features needed for supporting business functions.
• Multisource custom – integrate systems built in-house with technologies developed by external organizations.
• Vendor add-ons and integrations – enhance an existing vendor's offering by using their system add-ons as upgrades, new add-ons, or integrations.

Vendor services

Some vendor services in a multisource environment may be redundant, conflicting, or incompatible. Given that multisource systems are regularly changing, it is difficult to identify what services are affected, what would be needed to fill the gap of the removed solution, or which redundant services should be removed.

A multisource approach motivates the continuous rationalization of your vendor services and partners to determine the right mixture of in-house and outsourced resources, capabilities, and technologies.

Benefits & Risks

Benefits

• Business-Focused Solution
• Flexibility
• Cost Optimization

Multisource systems can be designed to support an employee's ability to select the tools they want and need.

The environment is architected in a loosely coupled approach to allow applications to be easily added, removed, and modified with minimized impact to other integrated applications.

Rather than investing in large solutions upfront, applications are adopted when they are needed and are removed when little value is gained. Disciplined application portfolio management is necessary to see the full value of this benefit.

Risks

• Manageable Sprawl
• Policy Adherence
• Integration & Compatibility

The increased number and diversity of applications in multisource system environments can overwhelm system managers who do not have an effective application portfolio management practice.

Fragmented application implementations risk inconsistent adherence to security and other quality policies, especially in situations where IT is not involved.

Application integration can quickly become tangled, untraceable, and unmanageable because of varying team and vendor preferences for specific integration technologies and techniques.

Address your pressure points to fully realize the benefits of this priority

Success can be dependent on your ability to address your pressure points.

Recommendations

Define the goals of your applications department and product vision

Understanding the applications team's purpose and image is critical in determining how the system they are managing and the skills and capacities they need should be sourced.

Changing and conflicting definitions of value and goals make it challenging to convey an agreeable strategy of the multisource system. An achievable vision and practical tactics ensure all parties in the multisource system are moving in the same direction.

Related Research:

• Build an Application Department Strategy
• Deliver On Your Digital Product Vision

Develop a sourcing partner strategy

Almost half of all sourcing initiatives do not realize projected savings, and the biggest reason is the choice of partner (Zhang et al., 2018). Making the wrong choice means inferior products, higher costs and the loss of both clients and reputation.

Choosing the right sourcing partner involves understanding current skills and capacities, finding the right matching partner based on a desired profile, and managing a good working relationship that sees short-term gains and supports long-term goals.

Related Research:

• Select a Sourcing Partner for Your Application Development Team
• Drive Successful Sourcing Outcomes with a Robust RFP Process
• Jump Start Your Vendor Management Initiative

Recommendations

Strengthen enterprise integration practices

Integration strategies that are focused solely on technology are likely to complicate rather than simplify because little consideration is given on how other systems and processes will be impacted. Enterprise integration needs to bring together business process, applications, and data – in that order.

Kick-start the process of identifying opportunities for improvement by mapping how applications and data are coordinated to support business activities.

Related Research:

• Build Effective Enterprise Integration on the Back of Business Process
• Build an Application Integration Strategy
• Build a Data Integration Strategy

Manage your solution architecture and application portfolio

Haphazardly implementing and integrating applications can generate significant security, performance, and data risks. A well-thought-through solution architecture is essential in laying the architecture quality principles and roadmap on how the multisource system can grow and evolve in a sustainable and maintainable way.

Good application portfolio management complements the solution architecture as it indicates when low-value and unused applications should be removed to reduce system complexity.

Related Research:

• Enhance Your Solution Architecture Practices
• Application Portfolio Management Foundations

Recommendations

Embrace business-managed applications

Multisource systems bring a unique opportunity to support the business and end users' desire to implement and develop their own applications. However, traditional models of managing applications may not accommodate the specific IT governance and management practices required to operate business-managed applications:

• A collaborative and trusting business-IT relationship is key.
• The role of IT must be reimagined.
• Business must be accountable for its decisions.

Related Research:

• Embrace Business-Managed Applications

CASE STUDY
Cognizant

Situation

• Strives to be primarily an industry-aligned organization that delivers multiple service lines in multiple geographies.
• Cognizant seeks to carefully consider client culture to create a one-team environment.
• Value proposition is a consultative approach bringing thought leadership and mutually adding value to the relationship vs. the more traditional order-taker development partner.
• Wants to share in solution development to facilitate shared successes. Geographic alignment drives knowledge of the client and their challenges, not just about time zone and supportability.
• Offers one of the largest offshore capabilities in the world, supported by local and nearshore resources to drive local knowledge.
• Today's clients don't typically want a black box, they are sophisticated and want transparency around the process and solution, to have a partner.
• Clients do want to know where the work is being delivered from, how it's being done.

Source: interview with Jay MacIsaac, Cognizant.

Approach

• Best relationship comes where teams operate as one.
• Clients are seeking value, not a development black box.
• Clients want to have a partner they can engage with, not just an order taker.
• Want to build a one-team culture with shared goals and deliver business value.
• Seek a partner that will add to their thinking not echo it.

Results

• Cognizant is continuing to deliver double-digit growth and continues to strive for top quartile performance.
• Growth in the client base has seen the company grow to over 340,000 associates worldwide.

Digital Organization as a Platform

PRIORITY 5

• Create a Common Digital Interface to Access All Products and Services

A digital platform enables organizations to leverage a flexible, reliable, and scalable foundation to create a valuable DX, ease delivery and management efforts, maximize existing investments, and motivate the broader shift to digital. This approach provides a standard to architect, integrate, configure, and modernize the applications that compose the platform.

Introduction

What is digital organization as a platform (DOaaP)?

Digital organization as a platform (DOaaP) is a collection of integrated digital services, products, applications, and infrastructure that is used as a vehicle to meet and exceed an organization's digital strategies. It often serves as an accessible "place for exchanges of information, goods, or services to occur between producers and consumers as well as the community that interacts
with said platform" (Watts, 2020).

DOaaP involves a strategy that paves the way for organizations to be digital. It helps organizations use their assets (e.g. data, processes, products, services) in the most effective ways and become more open to cooperative delivery, usage, and management. This opens opportunities for innovation and cross-department collaborations.

How is DOaaP described?

1. Open and Collaborative
   • Open organization: open data, open APIs, transparency, and user participation.
   • Collaboration, co-creation, crowdsourcing, and innovation
2. Accessible and Connected
   • Digital inclusion
   • Channel ubiquity
   • Integrity and interoperability
   • Digital marketplace
3. Digital and Programmable
   • Digital identity
   • Policies and processes as code
   • Digital products and services
   • Enabling digital platforms

Digital organizations follow a common set of principles and practices

Customer-centricity

Digital organizations are driven by customer focus, meeting and exceeding customer expectations. It must design its services with a "digital first" principle, providing access through every expected channel and including seamless integration and interoperability with various departments, partners, and third-party services. It also means creating trust in its ability to provide secure services and to keep privacy and ethics as core pillars.

Leadership, management, and strategies

Digital leadership brings customer focus to the enterprise and its structures and organizes efficient networks and ecosystems. Accomplishing this means getting rid of silos and a siloed mentality and aligning on a digital vision to design policies and services that are efficient, cost-effective, and provide maximum benefit to the user. Asset sharing, co-creation, and being open and transparent become cornerstones of a digital organization.

Infrastructure

Providing digital services across demographics and geographies requires infrastructure, and that in turn requires long-term vision, smart investments, and partnerships with various source partners to create the necessary foundational infrastructure upon which to build digital services.

Digitization and automation

Automation and digitization of processes and services, as well as creating digital-first products, lead to increased efficiency and reach of the organization across demographics and geographies. Moreover, by taking a digital-first approach, digital organizations future-proof their services and demonstrate their commitment to stakeholders.

Enabling platforms

DOaaP embraces open standards, designing and developing organizational platforms and ecosystems with a cloud-first mindset and sound API strategies. Developer experience must also take center stage, providing the necessary tools and embracing Agile and DevOps practices and culture become prerequisites. Cybersecurity and privacy are central to the digital platform; hence they must be part of the design and development principles and practices.

Signals

The business expects support for digital products and services

Digital transformation continues to be a high-priority initiative for many organizations, and they see DOaaP as an effective way to enable and exploit digital capabilities. However, DOaaP unleashes new strategies, opportunities, and challenges that are elusive or unfamiliar to business leaders. Barriers in current business operating models may limit DOaaP success, such as:

• Department and functional silos
• Dispersed, fragmented and poor-quality data
• Ill-equipped and under-skilled resources to support DOaaP adoption
• System fragmentation and redundancies
• Inconsistent integration tactics employed across systems
• Disjointed user experience leading to low engagement and adoption

DOaaP is not just about technology, and it is not the sole responsibility of either IT or business. It is the collective responsibility of the organization.

	of organizations plan to unlock new value through digital. 50% of organizations are planning major transformation over the next three years. Source: Nash Squared, 2022.
	of organizations are undertaking digital expansion projects focused on scaling their business with technology. This result is up from 57% in 2021. Source: F5 Inc, 2022.

Drivers

Unified brand and experience

Users should have the same experience and perception of a brand no matter what product or service they use. However, fragmented implementation of digital technologies and inconsistent application of design standards makes it difficult to meet this expectation. DOaaP embraces a single design and DX standard for all digital products and services, which creates a consistent perception of your organization's brand and reputation irrespective of what products and services are being used and how they are accessed.

Accessibility

Rapid advancement of end-user devices and changes to end-user behaviors and expectations often outpace an organization's ability to meet these requirements. This can make certain organization products and services difficult to find, access and leverage. DOaaP creates an intuitive and searchable interface to all products and services and enables the strategic combination of technologies to collectively deliver more value.

Justification for modernization

Many opportunities are left off the table when legacy systems are abstracted away rather than modernized. However, legacy systems may not justify the investment in modernization because their individual value is outweighed by the cost. A DOaaP initiative motivates decision makers to look at the entire system (i.e. modern and legacy) to determine which components need to be brought up to a minimum digital state. The conversation has now changed. Legacy systems should be modernized to increase the collective benefit of the entire DOaaP.

Benefits & Risks

Benefits

• Look & Feel
• User Adoption
• Shift to Digital

A single, modern, customizable interface enables a common look and feel no matter what and how the platform is being accessed.

Organizations can motivate and encourage the adoption and use of all products and services through the platform and increase the adoption of underused technologies.

DOaaP motivates and supports the modernization of data, processes, and systems to meet the goals and objectives outlined in the broader digital transformation strategy.

Risks

• Data Quality
• System Stability
• Ability to Modernize
• Business Model Change

Each system may have a different definition of commonly used entities (e.g. customer), which can cause data quality issues when information is shared among these systems.

DOaaP can stress the performance of underlying systems due to the limitations of some systems to handle increased traffic.

Some systems cannot be modernized due to cost constraints, business continuity risks, vendor lock-in, legacy and lore, or other blocking factors.

Limited appetite to make the necessary changes to business operations in order to maximize the value of DOaaP technologies.

Address your pressure points to fully realize the benefits of this priority

Success can be dependent on your ability to address your pressure points.

Recommendations

Define your platform vision

Organizations realize that a digital model is the way to provide more effective services to their customers and end users in a cost-effective, innovative, and engaging fashion. DOaaP is a way to help support this transition.

However, various platform stakeholders will have different interpretations of and preferences for what this platform is intended to solve, what benefits it is supposed to deliver, and what capabilities it will deliver. A grounded vision is imperative to steer the roadmap and initiatives.

Related Research:

• Drive Digital Transformation with Platform Strategies
• Gov 2.0: Government as a Platform
• Deliver Digital Products at Scale

Assess and modernize your applications

Certain applications may not sufficiently support the compatibility, flexibility, and efficiency requirements of DOaaP. While workaround technologies and tactics can be employed to overcome these application challenges, the full value of the DOaaP may not be realized.

Reviewing the current state of the application portfolio will indicate the functional and value limitations of what DOaaP can provide and an indication of the scope of investment needed to bring applications up to a minimum state.

Related Research:

• Application Portfolio Management Foundations
• Modernize Your Applications

Recommendations

Understand and evaluate end-user needs

Technology has reached a point where it's no longer difficult for teams to build functional and valuable digital platforms. Rather, the difficulty lies in creating an interface and platform that people want to use and use frequently.

While it is important to increase the access and promotion of all products and services, orchestrating and configuring them in a way to deliver a satisfying experience is even more important. Applications teams must first learn about and empathize with the needs of end users.

Related Research:

• Use Experience Design to Drive Empathy With the Business
• Implement and Mature Your User Experience Design Practice

Architect your platform

Formalizing and constructing DOaaP just for the sake of doing so often results in an initiative that is lengthy and costly and ends up being considered a failure.

The build and optimization of the platform must be predicated on a thorough understanding of the DOaaP's goals, objectives, and priorities and the business capabilities and process they are meant to support and enable. The appropriate architecture and delivery practices can then be defined and employed.

Related Research:

• Enhance Your Solution Architecture Practices
• Build Your Data Practice and Platform

CASE STUDY
e-Estonia

Situation

The digital strategy of Estonia resulted in e-Estonia, with the vision of "creating a society with more transparency, trust, and efficiency." Estonia has addressed the challenge by creating structures, organizations, and a culture of innovation, and then using the speed and efficiency of digital infrastructure, apps, and services. This strategy can reduce or eliminate bureaucracy through transparency and automation.

Estonia embarked on its journey to making digital a priority in 1994-1996, focusing on a committed investment in infrastructure and digital literacy. With that infrastructure in place, they started providing digital services like an e-banking service (1996), e-tax and mobile parking (2002), and then went full steam ahead with a digital information interoperability platform in 2001, digital identity in 2002, e-health in 2008, and e-prescription in 2010. The government is now strategizing for AI.

Results

Source: e-Estonia

Practices employed

The e-Estonia digital government model serves as a reference for governments across the world; this is acknowledged by the various awards it has received, like #2 in "internet freedom," awarded by Freedom House in 2019; #1 on the "digital health index," awarded by the Bertelsmann Foundation in 2019; and #1 on "start-up friendliness," awarded by Index Venture in 2018.

References

"15th State of Agile Report." Digital.ai, 2021. Web.
"2022 HR Trends Report." McLean & Company, 2022.
"2022: State of Application Strategy Report." F5 Inc, 2022.
"Are Executives Wearing Rose-Colored Glasses Around Digital Transformation?" Cyara, 2021. Web.
"Cost of a Data Breach Report 2022." IBM, 2022. Web.
Dalal, Vishal, et al. "Tech Debt: Reclaiming Tech Equity." McKinsey Digital, Oct. 2020. Web.
"Differentiating Between Intelligent Automation and Hyperautomation." IBM, 15 October 2021. Web.
"Digital Leadership Report 2021." Harvey Nash Group, 2021.
"Digital Leadership Report 2022: The State of Digital." Nash Squared, 2022. Web.
Gupta, Sunil. "Driving Digital Strategy: A Guide to Reimagining Your Business." Harvard Business Review Press, 2018. Web.
Haff, Gordon. "State of Application Modernization Report 2022." Konveyor, 2022. Web.
"IEEE Standard for Software Maintenance: IEEE Std 1219-1998." IEEE Standard for Software Maintenance, 1998. Accessed Dec. 2015.
"Intelligent Automation." Cognizant, n.d. Web.
"Kofax 2022: Intelligent Automation Benchmark Study". Kofax, 2021. Web.
McCann, Leah. "Barco's Virtual Classroom at UCL: A Case Study for the Future of All University Classrooms?" rAVe, 2 July 2020, Web.
"Proactive Staffing and Patient Prioritization to Decompress ED and Reduce Length of Stay." University Hospitals, 2018. Web.
"Secrets of Successful Modernization." looksoftware, 2013. Web.
"State of Software Development." Coding Sans, 2021. Web.
"The State of Low-Code/No-Code." Creatio, 2021. Web.
"We Have Built a Digital Society and We Can Show You How." e-Estonia. n.d. Web.
Zanna. "The 5 Types of Experience Series (1): Brand Experience Is Your Compass." Accelerate in Experience, 9 February 2020. Web.
Zhang, Y. et al. "Effects of Risks on the Performance of Business Process Outsourcing Projects: The Moderating Roles of Knowledge Management Capabilities." International Journal of Project Management, 2018, vol. 36 no. 4, 627-639.

Research Contributors and Experts

Chris Harrington
Chief Technology Officer
Carolinas Telco Federal Credit Union

Chris Harrington is Chief Technology Officer (CTO) of Carolinas Telco Federal Credit Union. Harrington is a proven leader with over 20 years of experience developing and leading information technology and cybersecurity strategies and teams in the financial industry space.

Benjamin Palacio
Senior Information Technology Analyst County of Placer

Benjamin Palacio has been working in the application development space since 2007 with a strong focus on system integrations. He has seamlessly integrated applications data across multiple states into a single reporting solution for management teams to evaluate, and he has codeveloped applications to manage billions in federal funding. He is also a CSAC-credentialed IT Executive (CA, USA).

Scott Rutherford
Executive Vice President, Technology
LGM Financial Services Inc.

Scott heads the Technology division of LGM Financial Services Inc., a leading provider of warranty and financing products to automotive OEMs and dealerships in Canada. His responsibilities include strategy and execution of data and analytics, applications, and technology operations.

Robert Willatts
IT Manager, Enterprise Business Solutions and Project Services
Town of Newmarket

Robert is passionate about technology, innovation, and Smart City Initiatives. He makes customer satisfaction as the top priority in every one of his responsibilities and accountabilities as an IT manager, such as developing business applications, implementing and maintaining enterprise applications, and implementing technical solutions. Robert encourages communication, collaboration, and engagement as he leads and guides IT in the Town of Newmarket.

Randeep Grewal
Vice President, Enterprise Applications
Red Hat

Randeep has over 25 years of experience in enterprise applications, advanced analytics, enterprise data management, and consulting services, having worked at numerous blue-chip companies. In his most recent role, he is the Vice President of Enterprise Applications at Red Hat. Reporting to the CIO, he is responsible for Red Hat's core business applications with a focus on enterprise transformation, application architecture, engineering, and operational excellence. He previously led the evolution of Red Hat into a data-led company by maturing the enterprise data and analytics function to include data lake, streaming data, data governance, and operationalization of analytics for decision support.

Prior to Red Hat, Randeep was the director of global services strategy at Lenovo, where he led the strategy using market data to grow Lenovo's services business by over $400 million in three years. Prior to Lenovo, Randeep was the director of advanced analytics at Alliance One and helped build an enterprise data and analytics function. His earlier work includes seven years at SAS, helping SAS become a leader in business analytics, and at KPMG consulting, where he managed services engagements at Fortune 100 companies.

Develop Infrastructure & Operations Policies and Procedures

Document what you need to document and forget the rest.

Table of contents

Project Rationale

Project Outlines

• Phase 1: Identify Policy and Procedure Gaps
• Phase 2: Develop Policies
• Phase 3: Document Effective Procedures

Bibliography

ANALYST PERSPECTIVE

Document what you need to document now and forget the rest.

Our understanding of the problem

This Research Is Designed For:

• Infrastructure Managers
• Chief Technology Officers
• IT Security Managers

This Research Will Help You:

• Address policy gaps
• Develop effective procedures and procedure documentation to support policy compliance

This Research Will Also Assist:

• Chief Information Officers
• Enterprise Risk and Compliance Officers
• Chief Human Resources Officers
• Systems Administrators and Engineers

This Research Will Help Them:

• Understand the importance of a coherent approach to policy development
• Understand the importance of Infrastructure & Operations policies
• Support Infrastructure & Operations policy development and enforcement

Info-Tech Best Practice

This blueprint supports templates for key policies and procedures that help Infrastructure & Operations teams to govern and manage internal operations. For security policies, see the NIST SP 800-171 aligned Info-Tech blueprint, Develop and Deploy Security Policies.

Executive Summary

Situation

• Time and money are wasted dealing with mistakes or missteps that should have been addressed by procedures or policies.
• Standard operating procedures are less effective without a policy to provide a clear mandate and direction.

Complication

• Existing policies were written, approved, signed – and forgotten for years because no one has time to maintain them.
• Adhering to policies is rarely a priority, as compliance often feels like an impediment to getting work done.
• Processes aren’t measured or audited to assess policy compliance, which makes enforcing the policies next to impossible.

Resolution

• Start with a comprehensive policy framework to help you identify policy gaps. Prioritize and address those policy gaps.
• Create effective policies that are reasonable, measurable, auditable, and enforceable.
• Create and document procedures to support policy changes.

Info-Tech Insight

1. Document what you need to document and forget the rest.
   Always check if a previously approved policy exists before you create a new one. You may only need to create new guidelines or standards rather than approve a new policy.
2. Support policies with documented procedures.
   Build procedures that embed policy adherence in daily operations. Find opportunities to automate policy adherence (e.g. removing local admin rights from user computers).