The First 100 Days As CIO

Partner with Info-Tech for success in this crucial period of transition.

Analyst Perspective

The first 100 days refers to the 10 days before you start and the first three months on the job.

“The original concept of ‘the first 100 days’ was popularized by Franklin Delano Roosevelt, who passed a battery of new legislation after taking office as US president during the Great Depression. Now commonly extended to the business world, the first 100 days of any executive role is a critically important period for both the executive and the organization.

But not every new leader should follow FDR’s example of an action-first approach. Instead, finding the right balance of listening and taking action is the key to success during this transitional period. The type of the organization and the mode that it’s in serves as the fulcrum that determines where the point of perfect balance lies. An executive facing a turnaround situation will want to focus on more action more quickly. One facing a sustaining success situation or a realignment situation will want to spend more time listening before taking action.” (Brian Jackson, Research Director, CIO, Info-Tech Research Group)

Executive summary

Situation

• You’ve been promoted from within to the role of CIO.
• You’ve been hired externally to take on the role of CIO.

Complication

Studies show that two years after a new executive transition, as many as half are regarded as failures or disappointments (McKinsey). First impressions are hard to overcome, and a CIO’s first 100 days are heavily weighted in terms of how others will assess their overall success. The best way to approach this period is determined by both the size and the mode of an organization.

Resolution

• Work with Info-Tech to prepare a 100-day plan that will position you for success.
• Collaborate to collect the details needed to identify the right mode for your organization and determine how it will influence your plan.
• Use Info-Tech’s diagnostic tools to align your vision with that of business executives and form a baseline for future reference.

Info-Tech Insight

1. Foundational understanding must be achieved before you start.
   Hit the ground running before day one by using company documents and initial discussions to pin down the company’s type and mode.
2. Listen before you act (usually).
   In most situations, executives benefit from listening to peers and staff before taking action.
3. Identify quick wins early and often.
   Fix problems as soon as you recognize them to set the tone for your tenure.

The First 100 Days: Roadmap

Concierge service overview

Organize a call with your executive advisor every two weeks during your first 100 days. Info-Tech recommends completing our diagnostics during this period. If you’re not able to do so, instead complete the alternative activities marked with (a).

Call 1

Before you start: Day -10 to Day 1

Interview your predecessor

Interviewing your predecessor can help identify the organization’s mode and type.

Before reaching out to your predecessor, get a sense of whether they were viewed as successful or not. Ask your manager. If the predecessor remains within the organization in a different role, understand your relationship with them and how you'll be working together.

During the interview, make notes about follow-up questions you'll ask others at the organization.

Ask these open-ended questions in the interview:

• Tell me about the team.
• Tell me about your challenges.
• Tell me about a major project your team worked on. How did it go?
• Who/what has been helpful during your tenure?
• Who/what created barriers for you?
• What do your engagement surveys reveal?
• Tell me about your performance management programs and issues.
• What mistakes would you avoid if you could lead again?
• Why are you leaving?
• Could I reach out to you again in the future?

Learn the corporate structure

Identify the organization’s corporate structure type based on your initial conversations with company leadership. The type of structure will dictate how much control you'll have as a functional head and help you understand which stakeholders you'll need to collaborate with.

To Do:

• Review the organization’s structure list and identify whether the structure is functional, prioritized, or a matrix. If it's a matrix organization, determine if it's a strong matrix (project manager holds more authority), weak matrix (functional manager holds more authority), or balanced matrix (managers hold equal authority).

This organization is a ___________________ type.

Presentation Deck, slide 6

Determine the mode of the organization: STARS

Based on your interview process and discussions with company leadership, and using Michael Watkins’ STARS assessment, determine which mode your organization is in: startup, turnaround, accelerated growth, realignment, or sustaining success.

Knowing the mode of your organization will determine how you approach your 100-day plan. Depending on the mode, you'll rebalance your activities around the three categories of assess, listen, and deliver.

To Do:

• Review the STARS table on the right.

Based on your situation, prioritize activities in this way:

• Startup: assess, listen, deliver
• Turnaround: deliver, listen, assess
• Accelerated Growth: assess, listen, deliver
• Realignment: listen, assess, deliver
• Sustaining success: listen, assess, deliver

This organization is a ___________________ type.

(Source: Watkins, 2013.)

Presentation Deck, slide 6

Determine the mode of the organization: STARS

Satya Nadella's listen, lead, and launch approach

CASE STUDY

Industry Software
Source Gregg Keizer, Computerworld, 2014

When Satya Nadella was promoted to the CEO role at Microsoft in 2014, he received a Glassdoor approval rating of 85% and was given an "A" grade by industry analysts after his first 100 days. What did he do right? Created a sense of urgency by shaking up the senior leadership team. Already understood the culture as an insider. Listened a lot and did many one-on-one meetings. Established a vision communicated with a mantra that Microsoft would be "mobile-first, cloud-first." Met his words with actions. He launched Office for iPad and made many announcements for cloud platform Azure.

Satya Nadella, CEO, Microsoft Corp. (Image source: Microsoft)

Listen to 'The First 100 Days' podcast – Alan Fong

Create a one-page introduction sheet to use in communications

As a new CIO, you'll have to introduce yourself to many people in the organization. To save time on communicating who you are as a person outside of the office, create a brief one-pager that includes a photo of you, where you were born and raised, and what your hobbies are. This helps make a connection more quickly so your conversations can focus on the business at hand rather than personal topics.

For your presentation deck, remove the personal details and just keep it professional. The personal aspects can be used as a one-pager for other communications. (Source: Personal interview with Denis Gaudreault, Country Lead, Intel.)

Presentation Deck, slide 5

Call 2

Day 1 to Day 15

Introduce yourself to your team

Prepare a 20-second pitch about yourself that goes beyond your name and title. Touch on your experience that's relevant to your new role or the industry you're in. Be straightforward about your own perceived strengths and weaknesses so that people know what to expect from you. Focus on the value you believe you'll offer the group and use humor and humility where you're comfortable. For example:

“Hi everyone, my name is John Miller. I have 15 years of experience marketing conferences like this one to vendors, colleges, and HR departments. What I’m good at, and the reason I'm here, is getting the right people, businesses, and great ideas in a room together. I'm not good on details; that's why I work with Tim. I promise that I'll get people excited about the conference, and the gifts and talents of everyone else in this room will take over from there. I'm looking forward to working with all of you.”

Have a structured set of questions ready that you can ask everyone.

For example:

• How well is the company performing based on expectations?
• What must the company do to sustain its financial performance and market competitiveness?
• How do you foresee the CIO contributing to the team?
• How have past CIOs performed from the perspective of the team?
• What would successful performance of this role look like to you? To your peers?
• What challenges and obstacles to success am I likely to encounter? What were the common challenges of my predecessor?
• How do you view the culture here and how do successful projects tend to get approved?
• What are your greatest challenges? How could I help you?

Get to know your sphere of influence: prepare to connect with a variety of people before you get down to work

Your ability to learn from others is critical at every stage in your first 100 days. Keep your sphere of influence in the loop as you progress through this period.

Write down the names, or at least the key people, in each segment of this diagram. This will serve as a quick reference when you're planning communications with others and will help you remember everyone as you're meeting lots of new people in your early days on the job.

• Everyone knows their networks are important.
• However, busy schedules can cause leaders to overlook their many audiences.
• Plan to meet and learn from all people in your sphere to gain a full spectrum of insights.

Presentation Deck, slide 29

Identify how your competitors are leveraging technology for competitive advantage

Competitor identification and analysis are critical steps for any new leader to assess the relative strengths and weaknesses of their organization and develop a sense of strategic opportunity and environmental awareness.

Today’s CIO is accountable for driving innovation through technology. A competitive analysis will provide the foundation for understanding the current industry structure, rivalry within it, and possible competitive advantages for the organization.

Surveying your competitive landscape prior to the first day will allow you to come to the table prepared with insights on how to support the organization and ensure that you are not vulnerable to any competitive blind spots that may exist in the evaluations conducted by the organization already.

You will not be able to gain a nuanced understanding of the internal strengths and weaknesses until you are in the role, so focus on the external opportunities and how competitors are using technology to their advantage.

Info-Tech Best Practice

For a more in-depth approach to identifying and understanding relevant industry trends and turning them into insights, leverage the following Info-Tech blueprints:

• Think Like a Futurist
• CIO Trend Report 2019

Presentation Deck, slide 9

Assess the external competitive environment

INPUT: External research

OUTPUT: Competitor array

1. Conduct a broad analysis of the industry as a whole. Seek to answer the following questions:
   1. Are there market developments or new markets?
   2. Are there industry or lifestyle trends, e.g. move to mobile?
   3. Are there geographic changes in the market?
   4. Are there demographic changes that are shaping decision making?
   5. Are there changes in market demand?
2. Create a competitor array by identifying and listing key competitors. Try to be as broad as possible here and consider not only entrenched close competitors but also distant/future competitors that may disrupt the industry.
3. Identify the strengths, weaknesses, and key brand differentiators that each competitor brings to the table. For each strength and differentiator, brainstorm ways that IT-based innovation enables each. These will provide a toolkit for deeper conversations with your peers and your business stakeholders as you move further into your first 100 days.

Complete the CEO-CIO Alignment Program

INPUT: CEO-CEO Alignment Program (recommended)

OUTPUT: Desired and target state of IT maturity, Innovation goals, Top priorities

Materials: Presentation Deck, slides 11-13

Participants: CEO, CIO

Introduce the concept of the CEO-CIO Alignment Program using slide 10 of your presentation deck and the brief email text below.

Talk to your advisory contact at Info-Tech about launching the program. More information is available on Info-Tech’s website.

Once the report is complete, import the results into your presentation:

• Slide 11, the CEO’s current and desired states
• Slide 12, IT innovation goals
• Slide 13, top projects and top departments from the CEO and the CIO

Include any immediate recommendations you have.

Hello CEO NAME,

I’m excited to get started in my role as CIO, and to hit the ground running, I’d like to make sure that the IT department is aligned with the business leadership. We will accomplish this using Info-Tech Research Group’s CEO-CIO Alignment Program. It’s a simple survey of 20 questions to be completed by the CEO and the CIO.

This survey will help me understand your perception and vision as I get my footing as CIO. I’ll be able to identify and build core IT processes that will automate IT-business alignment going forward and create an effective IT strategy that helps eliminate impediments to business growth.

Research shows that IT departments that are effectively aligned to business goals achieve more success, and I’m determined to make our IT department as successful as possible. I look forward to further detailing the benefits of this program to you and answering any questions you may have the next time we speak.

Regards,
CIO NAME

New KPIs for CEO-CIO Alignment — Recommended

Info-Tech CEO-CIO Alignment Program

Info-Tech's CEO-CIO Alignment Program is set up to build IT-business alignment in any organization. It helps the CIO understand CEO perspectives and priorities. The exercise leads to useful IT performance indicators, clarifies IT’s mandate and which new technologies it should invest in, and maps business goals to IT priorities.

Benefits

Master the Basics Cut through the jargon. Take a comprehensive look at the CEO perspective.	Target Alignment Identify how IT can support top business priorities. Address CEO-CIO differences.	Start on the Right Path Get on track with the CIO vision. Use correct indicators and metrics to evaluate IT from day one.

Additional materials are available on Info-Tech’s website.

The desired maturity level of IT — Alternative

Step 1: Where are we today? Determine where the CEO sees the current overall maturity level of the IT organization. Step 2: Where do we want to be as an organization? Determine where the CEO wants the IT organization to be in order to effectively support the strategic direction of the business.

Presentation Deck, slide 11

Tim Cook's powerful use of language

CASE STUDY

Industry Consumer technology
Source Carmine Gallo, Inc., 2019

Apple CEO Tim Cook, an internal hire, had big shoes to fill after taking over from the late Steve Jobs. Cook's ability to control how the company is perceived is a big credit to his success. How does he do it? His favorite five words are “The way I see it..." These words allow him to take a line of questioning and reframe it into another perspective that he wants to get across. Similarly, he'll often say, "Let me tell you the way I look at it” or "To put it in perspective" or "To put it in context." In your first two weeks on the job, try using these phrases in your conversations with peers and direct reports. It demonstrates that you value their point of view but are independently coming to conclusions about the situation at hand.

Tim Cook, CEO, Apple Inc. (Image source: Apple)

Listen to 'The First 100 Days' podcast – Denis Gaudreault

Inform your team that you plan to do an IT Management & Governance Diagnostic survey

Run the diagnostic program or use the alternative activities to complete your presentation

INPUT: IT Management & Governance Diagnostic (recommended)

OUTPUT: Process to improve first, Processes important to the business

Materials: Presentation Deck, slides 19-20

Participants: CIO, IT staff

Introduce the IT Management & Governance Diagnostic survey that will help you form your IT strategy.

Explain that you want to understand current IT capabilities and you feel a formal approach is best. You’ll also be using this approach as an important metric to track your department’s success. Tell them that Info-Tech Research Group will be conducting the survey and it’s important to you that they take action on the email when it’s sent to them.

Example email:

Hello TEAM,

I appreciate meeting each of you, and so far I’m excited about the talents and energy on the team. Now I need to understand the processes and capabilities of our department in a deeper way. I’d like to map our process landscape against an industry-wide standard, then dive deeper into those processes to understand if our team is aligned. This will help us be accountable to the business and plan the year ahead. Advisory firm Info-Tech Research Group will be reaching out to you with a simple survey that shouldn’t take too long to complete. It’s important to me that you pay attention to that message and complete the survey as soon as possible.

Regards,
CIO NAME

Call 3

Day 16 to Day 30

Leverage team interviews as a source of determining organizational culture

Info-Tech recommends that you hold group conversations with your team to uncover their opinions of the current organizational culture. This not only helps build transparency between you and your team but also gives you another means of observing behavior and reactions as you listen to team members’ characterizations of the current culture.

Note: It is inherently difficult for people to verbalize what constitutes a culture – your strategy for extracting this information will require you to ask indirect questions to solicit the highest value information.

Questions for Discussion:

• What about the current organizational environment do you think most contributes to your success?
• What barriers do you experience as you try to accomplish your work?
• What is your favorite quality that is present in our organization?
• What is the one thing you would most like to change about this organization?
• Do the organization's policies and procedures support your efforts to accomplish work or do they impede your progress?
• How effective do you think IT’s interactions are with the larger organization?
• What would you consider to be IT’s top three guiding principles?
• What kinds of people fail in this organization?

See Info-Tech’s Cultural Archetype Calculator.

Use the Competing Values Framework to define your organization’s cultural archetype

THE COMPETING VALUES FRAMEWORK (CVF):

CVF represents the synthesis of academic study of 39 indicators of effectiveness for organizations. Using a statistical analysis, two polarities that are highly predictive of differences in organizational effectiveness were isolated: Internal focus and integration vs. external focus and differentiation. Stability and control vs. flexibility and discretion. By plotting these dimensions on a matrix of competing values, four main cultural archetypes are identified with their own value drivers and theories of effectiveness.

Presentation Deck, slide 16

Create a cultural adjustment plan

Now that you've assessed the cultural archetype, you can plan an appropriate approach to shape the culture in a positive way. When new executives want to change culture, there are a few main options at hand:

Autonomous evolution: Encourage teams to learn from each other. Empower hybrid teams to collaborate and reward teams that perform well.

Planned and managed change: Create steering committee and project-oriented taskforces to work in parallel. Appoint employees that have cultural traits you'd like to replicate to hold responsibility for these bodies.

Cultural destruction: When a toxic culture needs to be eliminated, get rid of its carriers. Putting new managers or directors in place with the right cultural traits can be a swift and effective way to realign.

Each option boils down to creating the right set of incentives and deterrents. What behaviors will you reward and which ones will you penalize? What do those consequences look like? Sometimes, but not always, some structural changes to the team will be necessary. If you feel these changes should be made, it's important to do it sooner rather than later. (Source: “Enlarging Your Sphere of Influence in Your Organization,” MindTools Corporate, 2014.)

As you're thinking about shaping a desired culture, it's helpful to have an easy way to remember the top qualities you want to espouse. Try creating an acronym that makes it easy for staff to remember. For example: RISE could remind your staff to be Responsive, Innovative, Sustainable, and Engaging (RISE). Draw upon your business direction from your manager to help produce desired qualities (Source: Jennifer Schaeffer).

Presentation Deck, slide 17

Gary Davenport’s welcome “surprise”

CASE STUDY

Industry Telecom
Source Interview with Gary Davenport

After Gary Davenport was hired on as VP of IT at MTS Allstream, his first weekend on the job was spent at an all-executive offsite meeting. There, he learned from the CEO that the IT department had a budget reduction target of 25%, like other departments in the company. “That takes your breath away,” Davenport says. He decided to meet the CEO monthly to communicate his plans to reduce spending while trying to satisfy business stakeholders. His top priorities were: Stabilize IT after seven different leaders in a five-year period. Get the IT department to be respected. To act like business owners instead of like servants. Better manage finances and deliver on projects. During Davenport’s 7.5-year tenure, the IT department became one of the top performers at MTS Allstream.

Gary Davenport’s first weekend on the job at MTS Allstream included learning about a 25% reduction target. (Image source: Ryerson University)

Listen to 'The First 100 Days' podcast – David Penny & Andrew Wertkin

Initiate IT Management & Governance Diagnostic — Recommended

Info-Tech Management & Governance Diagnostic

Talk to your Info-Tech executive advisor about launching the survey shortly after informing your team to expect it. You'll just have to provide the names and email addresses of the staff you want to be involved. Once the survey is complete, you'll harvest materials from it for your presentation deck. See slides 19 and 20 of your deck and follow the instructions on what to include.

Benefits

Explore IT Processes Dive deeper into performance. Highlight problem areas.	Align IT Team Build consensus by identifying opposing views.	Ownership & Accountability Identify process owners and hold team members accountable.

Additional materials available on Info-Tech’s website.

Conduct a high-level analysis of current IT capabilities — Alternative

INPUT: Interviews with IT leadership team, Capabilities graphic on next slide

OUTPUT: High-level understanding of current IT capabilities

Run this activity if you're not able to conduct the IT Management & Governance Diagnostic.

Schedule meetings with your IT leadership team. (In smaller organizations, interviewing everyone may be acceptable.) Provide them a list of the core capabilities that IT delivers upon and ask them to rate them on an effectiveness scale of 1-5, with a short rationale for their score.

• 1. Not effective (NE)
• 2. Somewhat Effective (SE)
• 3. Effective (E)
• 4. Very Effective (VE)
• 5. Extremely Effective (EE)

Presentation Deck, slide 21

Use the following set of IT capabilities for your assessment

Quick wins: CEO-CIO Alignment Program

Complete this while waiting on the IT M&G survey results. Based on your completed CEO-CIO Alignment Report, identify the initiatives you can tackle immediately.

If you are here...	And want to be here...	Drive toward...	Innovate around...
Business Partner	Innovator	Leading business transformation	Emerging technologies Analytical capabilities Risk management Customer-facing tech Enterprise architecture
Trusted Operator	Business Partner	Optimizing business process and supporting business transformation	IT strategy and governance Business architecture Projects Resource management Data quality
Firefighter	Trusted Operator	Optimize IT processes and services	Business applications Service management Stakeholder management Work orders
Unstable	Firefighter	Reduce use disruption and adequately support the business	Network and infrastructure Service desk Security User devices

Call 4

Day 31 to Day 45

Inform your peers that you plan to do a CIO Business Vision survey to gauge your stakeholders’ satisfaction

Run the diagnostic program or use the alternative activities to complete your presentation

INPUT: CIO Business Vision survey (recommended)

OUTPUT: True measure of business satisfaction with IT

Materials: Presentation Deck, slide 30

Participants: CIO, IT staff

Meet the business leaders at your organization face-to-face if possible. If you can't meet in person, try a video conference to establish some rapport. At the end of your introduction and after listening to what your colleague has to say, introduce the CIO Business Vision Diagnostic.

Explain that you want to understand how to meet their business needs and you feel a formal approach is best. You'll also be using this approach as an important metric to track your department's success. Tell them that Info-Tech Research Group will be conducting the survey and it’s important to you that they take the survey when the email is sent to them.

Example email:

Hello PEER NAMES,

I'm arranging for Info-Tech Research Group to invite you to take a survey that will be important to me. The CIO Business Vision survey will help me understand how to meet your business needs. It will only take about 15 minutes of your time, and the top-line results will be shared with the organization. We will use the results to plan initiatives for the future that will improve your satisfaction with IT.

Regards,
CIO NAME

Gain feedback on your initial assessments from your IT team

There are two strategies for gaining feedback on your initial assessments of the organization from the IT team:

1. Review your personal assessments with the relevant members of your IT organization as a group. This strategy can help to build trust and an open channel for communication between yourself and your team; however, it also runs the risk of being impacted by groupthink.
2. Ask for your team to complete their own assessments for you to compare and contrast. This strategy can help extract more candor from your team, as they are not expected to communicate what may be nuanced perceptions of organizational weaknesses or criticisms of the way certain capabilities function.

Who you involve in this process will be impacted by the size of your organization. For larger organizations, involve everyone down to the manager level. In smaller organizations, you may want to involve everyone on the IT team to get an accurate lay of the land.

Areas for Review:

• Strategic Document Review: Are there any major themes or areas of interest that were not covered in my initial assessment?
• Competitor Array: Are there any initiatives in flight to leverage new technologies?
• Current State of IT Maturity: Does IT’s perception align with the CEO’s? Where do you believe IT has been most effective? Least effective?
• IT’s Key Priorities: Does IT’s perception align with the CEO’s?
• Key Performance Indicators: How has IT been measured in the past?

Info-Tech Best Practice

You need your team’s hearts and minds or you risk a short tenure. Overemphasizing business commitment by neglecting to address your IT team until after you meet your business stakeholders will result in a disenfranchised group. Show your team their importance.

Susan Bowen's talent maximization

CASE STUDY

Industry Infrastructure Services
Source Interview with Susan Bowen

Susan Bowen was promoted to be the president of Cogeco Peer 1, an infrastructure services firm, when it was still a part of Cogeco Communications. Part of her mandate was to help spin out the business to a new owner, which occurred when it was acquired by Digital Colony. The firm was renamed Aptum and Bowen was put in place as CEO, which was not a certainty despite her position as president at Cogeco Peer 1. She credits her ability to put the right talent in the right place as part of the reason she succeeded. After becoming president, she sought a strong commitment from her directors. She gave them a choice about whether they'd deliver on a new set of expectations – or not. She also asks her leadership on a regular basis if they are using their talent in the right way. While it's tempting for directors to want to hold on to their best employees, those people might be able to enable many more people if they can be put in another place. Bowen fully rounded out her leadership team after Aptum was formed. She created a chief operating officer and a chief infrastructure officer. This helped put in place more clarity around roles at the firm and put an emphasis on client-facing services.

Susan Bowen, CEO, Aptum (Image source: Aptum)

Listen to 'The First 100 Days' podcast – Susan Bowen

Initiate CIO Business Vision survey – new KPIs for stakeholder management — Recommended

Info-Tech CIO Business Vision

Be sure to effectively communicate the context of this survey to your business stakeholders before you launch it. Plan to talk about your plans to introduce it in your first meetings with stakeholders. When ready, let your executive advisor know you want to launch the tool and provide the names and email addresses of the stakeholders you want involved. After you have the results, harvest the materials required for your presentation deck. See slide 30 and follow the instructions on what to include.

Benefits

Key Stakeholders Clarify the needs of the business.	Credibility Create transparency.	Improve Measure IT’s progress.	Focus Find what’s important.

Additional materials are available on Info-Tech’s website.

Create a catalog of key stakeholder details to reference prior to future conversations — Alternative

Only conduct this activity if you’re not able to run the CIO Business Vision diagnostic.

Use the Organizational Catalog as a personal cheat sheet to document the key details around each of your stakeholders, including your CEO when possible.

The catalog will be an invaluable tool to keep the competing needs of your different stakeholders in line, while ensuring you are retaining the information to build the political capital needed to excel in the C-suite.

Note: It is important to keep this document private. While you may want to communicate components of this information, ensure your catalog remains under lock and (encryption) key.

Info-Tech Insight

While profiling your stakeholders is important, do not be afraid to profile yourself as well. Visualizing how your interests overlap with those of your stakeholders can provide critical information on how to manage your communications so that those on the receiving end are hearing exactly what they need.

Activity: Conduct interviews with your key business stakeholders — Alternative

1. Once you have identified your key stakeholders through your interviews with your boss and your IT team, schedule a set of meetings with those individuals.
2. Use the meetings to get to know your stakeholders, their key priorities and initiatives, and their perceptions of the effectiveness of IT.
   1. Use the probative questions to the right to elicit key pieces of information.
   2. Refer to the Organizational Catalog tool for more questions to dig deeper in each category. Ensure that you are taking notes separate from the tool and are keeping the tool itself secure, as it will contain private information specific to your interests.
3. Following each meeting, record the results of your conversation and any key insights in the Organizational Catalog. Refer to the following slide for more details.

Questions for Discussion:

• Be indirect about your personal questions – share stories that will elicit details about their interests, kids, etc.
• What are your most critical/important initiatives for the year?
• What are your key revenue streams, products, and services?
• What are the most important ways that IT supports your success? What is your satisfaction level with those services?
• Are there any current in-flight projects or initiatives that are a current pain point? How can IT assist to alleviate challenges?
• How is your success measured? What are your targets for the year on those metrics?

Presentation Deck, slide 34

Call 5

Day 46 to Day 60

Inform your team that you plan to do an IT staffing assessment

Introduce the IT Staffing Assessment that will help you get the most out of your team

INPUT: Email template

OUTPUT: Ready to launch diagnostic

Materials: Email template, List of staff, Sample of diagnostic

Participants: CIO, IT staff

Explain that you want to understand how the IT staff is currently spending its time by function and by activity. You want to take a formal approach to this task and also assess the team’s feelings about its effectiveness across different processes. The results of the assessment will serve as the foundation that helps you improve your team’s effectiveness within the organization.

Example email:

Hello PEER NAMES,

The feedback I've heard from the team since joining the company has been incredibly useful in beginning to formulate my IT strategy. Now I want to get a clear picture of how everyone is spending their time, especially across different IT functions and activities. This will be an opportunity for you to share feedback on what we're doing well, what we need to do more of, and what we're missing. Expect to receive an email invitation to take this survey from Info-Tech Research Group. It's important to me that you complete the survey as soon as you're can. Attached you’ll find an example of the report this will generate. Thank you again for providing your time and feedback.

Regards,
CIO NAME

Wayne Berger's shortcut to solve staffing woes

CASE STUDY

Industry Office leasing
Source Interview with Wayne Berger

Wayne Berger was hired to be the International Workplace Group (IWG) CEO for Canada and Latin America in 2014. Wayne approached his early days with the office space leasing firm as a tour of sorts, visiting nearly every one of the 48 office locations across Canada to host town hall meetings. He heard from staff at every location that they felt understaffed. But instead of simply hiring more staff, Berger actually reduced the workforce by 33%. He created a more flexible approach to staffing: Employees no longer just reported to work at one office; instead, they were ready to go to wherever they were most needed in a specific geographic area. He centralized all back-office functions for the company so that not every office had to do its own bookkeeping. Finally, he changed the labor profile to consist of full-time staff, part-time staff, and time-on-demand workers.

Wayne Berger, CEO, IWG Plc (Image source: IWG)

Listen to 'The First 100 Days' podcast – Wayne Berger

Initiate IT Staffing Assessment – new KPIs to track IT performance — Recommended

Info-Tech IT Staffing Assessment

Info-Tech’s IT Staffing Assessment provides benchmarking of key metrics against 4,000 other organizations. Dashboard-style reports provide key metrics at a glance, including a time breakdown by IT function and by activity compared against business priorities. Run this survey at about the 45-day mark of your first 90 days. Its insights will be used to inform your long-term IT strategy.

Benefits

Right-Size IT Headcount Find the right level for stakeholder satisfaction.	Allocate Staff Correctly Identify staff misalignments with priorities.	Maximize Teams Identify how to drive staff.

Additional materials are available on Info-Tech’s website.

Quick wins: Make recommendations based on IT Management & Governance Framework

Complete this exercise while waiting on the IT Staffing Assessment results. Based on your completed IT Management & Governance report, identify the initiatives you can tackle immediately. You can conduct this as a team exercise by following these steps:

1. Create a shortlist of initiatives based on the processes that were identified as high need but scored low in effectiveness. Think as broadly as possible during this initial brainstorming.
2. Write each initiative on a sticky note and conduct a high-level analysis of the amount of effort that would be required to complete it, as well as its alignment with the achievement of business objectives.
3. Draw the matrix below on a whiteboard and place each sticky note onto the matrix based on its potential impact and difficulty to address.

Call 6

Day 61 to Day 75

Run a start, stop, continue exercise with your IT staff — Alternative

This is an alternative activity to running an IT Staffing Assessment, which contains a start/stop/continue assessment. This activity can be facilitated with a flip chart or a whiteboard. Create three pages or three columns and label them Start, Stop, and Continue.

Hand out sticky notes to each team member and then allow time for individual brainstorming. Instruct them to write down their contributions for each category on the sticky notes. After a few minutes, have everyone stick their notes in the appropriate category on the board. Discuss as a group and see what themes emerge. Record the results that you want to share in your presentation deck (GroupMap).

Gather your team and explain the meaning of these categories:

Start: Activities you're not currently doing but should start doing very soon.

Stop: Activities you're currently doing but aren’t working and should cease.

Continue: Things you're currently doing and are working well.

Presentation Deck, slide 24

Determine the alignment of IT commitments with business objectives

INPUT: Interviews with IT leadership team

OUTPUT: High-level understanding of in-flight commitments and investments

Run this only as an alternative to the IT Management & Governance Diagnostic.

1. Schedule meetings with IT leadership to understand what commitments have been made to the business in terms of new products, projects, or enhancements.
2. Determine the following about IT’s current investment mix:
   1. What are the current IT investments and assets? How do they align to business goals?
   2. What investments in flight are related to which information assets?
   3. Are there any immediate risks identified for these key investments?
   4. What are the primary business issues that demand attention from IT consistently?
   5. What choices remain undecided in terms of strategic direction of the IT organization?
3. Document your key investments and commitments as well as any points of misalignment between objectives and current commitments as action items to address in your long-term plans. If they are small fixes, consider them during your quick-win identification.

Presentation Deck, slide 25

Determine the alignment of IT commitments with business objectives

Run this only as an alternative to the IT Staffing Assessment diagnostic.

Schedule meetings with IT leadership to understand what commitments have been made to the business in terms of new products, projects, or enhancements.

Determine the following about IT’s current investment mix:

• What are the current IT investments and assets?
• How do they align to business goals?
• What in-flight investments are related to which information assets?
• Are there any immediate risks identified for these key investments?
• What are the primary business issues that demand attention from IT consistently?
• What remains undecided in terms of strategic direction of the IT organization?

Document your key investments and commitments, as well as any points of misalignment between objectives and current commitments, as action items to address in your long-term plans. If they are small-effort fixes, consider them during your quick-win identification.

Presentation Deck, slide 25

Make a categorized vendor list by IT process

As part of learning the IT team, you should also create a comprehensive list of vendors under contract. Collaborate with the finance department to get a clear view of how much of the IT budget is spent on specific vendors. Try to match vendors to the IT processes they serve from the IT M&G framework.

You should also organize your vendors based on their budget allocation. Go beyond just listing how much money you’re spending with each vendor and categorize them into either “transactional” relationships or “strategic relationships.” Use the grid below to organize them. Ideally, you’ll want most relationships to be high spend and strategic (Source: Gary Davenport).

Where to source your vendor list:

• Finance department
• Infrastructure managers
• Vendor manager in IT

Further reading: Manage Your Vendors Before They Manage You

Presentation Deck, slide 26

Jennifer Schaeffer’s short-timeline turnaround

CASE STUDY

Industry Education
Source Interview with Jennifer Schaeffer

Jennifer Schaeffer joined Athabasca University as CIO in November 2017. She was entering a turnaround situation as the all-online university lacked an IT strategy and had built up significant technical debt. Armed with the mandate of a third-party consultant that was supported by the president, Schaeffer used a people-first approach to construct her strategy. She met with all her staff, listening to them carefully regardless of role, and consulted with the administrative council and faculty members. She reflected that feedback in her plan or explained to staff why it wasn’t relevant for the strategy. She implemented a “strategic calendaring” approach for the organization, making sure that her team members were participating in meetings where their work was assessed and valued. Drawing on Spotify as an inspiration, she designed her teams in a way that everyone was connected to the customer experience. Given her short timeline to execute, she put off a deep skills analysis of her team for a later time, as well as creating a full architectural map of her technology stack. The outcome is that 2.5 years later, the IT department is unified in using the same tooling and optimization standards. It’s more flexible and ready to incorporate government changes, such as offering more accessibility options.

Jennifer Schaeffer took on the CIO role at Athabasca University in 2017 and was asked to create a five-year strategic plan in just six weeks. (Image source: Athabasca University)

Listen to 'The First 100 Days' podcast – Eric Wright

Call 7

Day 76 to Day 90

Finalize your vision – mission – values statement

A clear statement for your values, vision, and mission will help crystallize your IT strategy and communicate what you're trying to accomplish to the entire organization.

Mission: This statement describes the needs that IT was created to meet and answers the basic question of why IT exists.

Vision: Write a statement that captures your values. Remember that the vision statement sets out what the IT organization wants to be known for now and into the future.

Values: IT core values represent the standard axioms by which the IT department operates. Similar to the core values of the organization as a whole, IT’s core values are the set of beliefs or philosophies that guide its strategic actions.

Further reading: IT Vision and Mission Statements Template

Presentation Deck, slide 42

John Chen's new strategic vision

CASE STUDY

Industry Mobile Services
Source Sean Silcoff, The Globe and Mail

John Chen, known in the industry as a successful turnaround executive, was appointed BlackBerry CEO in 2014 following the unsuccessful launch of the BlackBerry 10 mobile operating system and a new tablet. He spent his first three months travelling, talking to customers and suppliers, and understanding the company's situation. He assessed that it had a problem generating cash and had made some strategic errors, but there were many assets that could benefit from more investment. He was blunt about the state of BlackBerry, making cutting observations of the past mistakes of leadership. He also settled a key question about whether BlackBerry would focus on consumer or enterprise customers. He pointed to a base of 80,000 enterprise customers that accounted for 80% of revenue and chose to focus on that. His new mission for BlackBerry: to transform it from being a "mobile technology company" that pushes handset sales to "a mobile solutions company" that serves the mobile computing needs of its customers.

John Chen, CEO of BlackBerry, presents at BlackBerry Security Summit 2018 in New York City (Image source: Brian Jackson)

Listen to 'The First 100 Days' podcast – Erin Bury

Quick wins: Make recommendations based on the CIO Business Vision survey

Based on your completed CIO Business Vision survey, use the IT Satisfaction Scorecard to determine some initiatives. Focus on areas that are ranked as high importance to the business but low satisfaction. While all of the initiatives may be achievable given enough time, use the matrix below to identify the quick wins that you can focus on immediately. It’s important to not fail in your quick-win initiative.

• High Visibility, Low Risk: Best bet for demonstrating your ability to deliver value.
• Low Visibility, Low Risk: Worth consideration, depending on the level of effort required and the relative importance to the stakeholder.
• High Visibility, High Risk: Limit higher-risk initiatives until you feel you have gained trust from your stakeholders, demonstrating your ability to deliver.
• Low Visibility, High Risk: These will be your lowest value, quick-win initiatives. Keep them in a backlog for future consideration in case business objectives change.

Presentation Deck, slide 27

Create and communicate a post-100 plan

The last few slides of your presentation deck represent a roundup of all the assessments you’ve done and communicate your plan for the months ahead.

Slide 38. Based on the information on the previous slide and now knowing which IT capabilities need improvement and which business priorities are important to support, estimate where you'd like to see IT staff spend their time in the near future. Will you be looking to shift staff from one area to another? Will you be looking to hire staff?

Slide 39. Take your IT M&G initiatives from slide 19 and list them here. If you've already achieved a quick win, list it and mark it as completed to show what you've accomplished. Briefly outline the objectives, how you plan to achieve the result, and what measurement will indicate success.

Slide 40. Reflect your CIO Business Vision initiatives from slide 31 here.

Slide 41. Use this roadmap template to list your initiatives by roughly when they’ll be worked on and completed. Plan for when you’ll update your diagnostics.

Expert Contributors

	Alan Fong, Chief Technology Officer, Dealer-FX
	Andrew Wertkin, Chief Strategy Officer, BlueCat Networks David Penny, Chief Technology Officer, BlueCat Networks
	Susan Bowen, CEO, Aptum

	Erin Bury, CEO, Willful
	Denis Gaudreault, Country Manager, Intel Canada and Latin America
	Wayne Berger, CEO, IWG Plc

	Eric Wright, CEO, LexisNexis Canada
	Gary Davenport, past president of CIO Association” of Canada, former VP of IT, Enterprise Solutions Division, MTS AllStream
	Jennifer Schaeffer, VP of IT and CIO, Athabasca University

Bibliography

Beaudan, Eric. “Do you have what it takes to be an executive?” The Globe and Mail, 9 July 2018. Web.

Bersohn, Diana. “Go Live on Day One: The Path to Success for a New CIO.” PDF document. Accenture, 2015. Web.

Bradt, George. “Executive Onboarding When Promoted From Within To Follow A Successful Leader.” Forbes, 15 Nov. 2018. Web.

“CIO Stats: Length of CIO Tenure Varies By Industry.” CIO Journal, The Wall Street Journal. 15 Feb. 2017. Web.

“Enlarging Your Sphere of Influence in Your Organization: Your Learning and Development Guide to Getting People on Side.” MindTools Corporate, 2014.

“Executive Summary.” The CIO's First 100 Days: A Toolkit. PDF document. Gartner, 2012. Web.

Forbes, Jeff. “Are You Ready for the C-Suite?” KBRS, n.d. Web.

Gallo, Carmine. “Tim Cook Uses These 5 Words to Take Control of Any Conversation.” Inc., 9 Aug. 2019. Web.

Giles, Sunnie. “The Most Important Leadership Competencies, According to Leaders Around the World.” Harvard Business Review, 15 March 2016. Web.

Godin, Seth. “Ode: How to tell a great story.” Seth's Blog. 27 April 2006. Web.

Green, Charles W. “The horizontal dimension of race: Social culture.” Hope College Blog Network, 19 Oct. 2014. Web.

Hakobyan, Hayk. “On Louis Gerstner And IBM.” Hayk Hakobyan, n.d. Web.

Bibliography

Hargrove, Robert. Your First 100 Days in a New Executive Job, edited by Susan Youngquist. Kindle Edition. Masterful Coaching Press, 2011.

Heathfield, Susan M. “Why ‘Blink’ Matters: The Power of Your First Impressions." The Balance Careers, 25 June 2019. Web.

Hillis, Rowan, and Mark O'Donnell. “How to get off to a flying start in your new job.” Odgers Berndtson, 29 Nov. 2018. Web.

Karaevli, Ayse, and Edward J. Zajac. “When Is an Outsider CEO a Good Choice?” MIT Sloan Management Review, 19 June 2012. Web.

Keizer, Gregg. “Microsoft CEO Nadella Aces First-100-Day Test.” Computerworld, 15 May 2014. Web.

Keller, Scott, and Mary Meaney. “Successfully transitioning to new leadership roles.” McKinsey & Company, May 2018. Web.

Kress, R. “Director vs. Manager: What You Need to Know to Advance to the Next Step.” Ivy Exec, 2016. Web.

Levine, Seth. “What does it mean to be an ‘executive’.” VC Adventure, 1 Feb. 2018. Web.

Lichtenwalner, Benjamin. “CIO First 90 Days.” PDF document. Modern Servant Leader, 2008. Web.

Nawaz, Sabina. “The Biggest Mistakes New Executives Make.” Harvard Business Review, 15 May 2017. Web.

Pruitt, Sarah. “Fast Facts on the 'First 100 Days.‘” History.com, 22 Aug. 2018. Web.

Rao, M.S. “An Action Plan for New CEOs During the First 100 Days.” Training, 4 Oct. 2014. Web.

Reddy, Kendra. “It turns out being a VP isn't for everyone.” Financial Post, 17 July 2012. Web.

Silcoff, Sean. “Exclusive: John Chen’s simple plan to save BlackBerry.” The Globe & Mail, 24 Feb. 2014. Web.

Bibliography

“Start Stop Continue Retrospective.” GroupMap, n.d. Web.

Surrette, Mark. “Lack of Rapport: Why Smart Leaders Fail.” KBRS, n.d. Web.

“Understanding Types of Organization – PMP Study.” Simplilearn, 4 Sept. 2019. Web.

Wahler, Cindy. “Six Behavioral Traits That Define Executive Presence.” Forbes, 2 July 2015. Web.

Watkins, Michael D. The First 90 Days, Updated and Expanded. Harvard Business Review Press, 2013.

Watkins, Michael D. “7 Ways to Set Up a New Hire for Success.” Harvard Business Review, 10 May 2019. Web.

“What does it mean to be a business executive?” Daniels College of Business, University of Denver, 12 Aug. 2014. Web.

Yeung, Ken. “Turnaround: Marissa Mayer’s first 300 days as Yahoo’s CEO.” The Next Web, 19 May 2013. Web.

Enterprise Network Design Considerations

It is not just about connectivity.

Executive Summary

Info-Tech Insight

Connectivity and security are tightly coupled

Security, risk, and trust models play into how networks are designed and deployed. If these models are not considered during network design, band-aids and workarounds will be deployed to achieve the needed goals, potentially bypassing network controls.

Many services are no longer within the network

The cloud “gold rush” has made it attractive for many enterprises to migrate services off the traditional network and into the cloud. These services are now outside of the traditional network and associated controls. This shifts the split of east-west vs. north-south traffic patterns, as well as extending the network to encompass services outside of enterprise IT’s locus of control.

Users are demanding an anywhere, any device access model

Where users access enterprise data or services and from which devices dictate the connectivity needed. With the increasing shift of work that the business is completing remotely, not all devices and data paths will be under the control of IT. This shift does not allow IT to abdicate from the responsibility to provide a secure network.

Enterprise networks are changing

The new network reality

The enterprise network of 2020 and beyond is changing:

• Services are becoming more distributed.
• The number of services provided “off network” is growing.
• Users are more often remote.
• Security threats are rapidly escalating.

The above statements are all accurate for enterprise networks, though each potentially to differing levels depending on the business being supported by the network. Depending on how affected the network in question currently is and will be in the near future, there are different common network archetypes that are best able to address these concerns while delivering business value at an appropriate price point.

High-Level Design Considerations

1. Understand Business Needs

Understand what the business needs are and where users and resources are located.

2. Define Your Trust Model

Trust is a spectrum and tied tightly to security.

3. Align With an Archetype

How will the network be deployed?

4. Understand Available Tooling

What tools are in the market to help achieve design principles?

Understand business needs

Mission

Never ignore the basics. Start with revisiting the mission and vision of the business to address relevant needs.

Users

Identify where users will be accessing services from. Remote vs. “on net” is a design consideration now more than ever.

Resources

Identify required resources and their locations, on net vs. cloud.

Controls

Identify required controls in order to define control points and solutions.

Define a trust model

Trust is a spectrum

• There is a spectrum of trust, from fully trusted to not trusted at all. Each organization must decide for their network (or each area thereof) the appropriate level of trust to assign.
• The ease of network design and deployment is directly proportional to the trust spectrum.
• When resources and users are outside of direct IT control, the level of appropriate trust should be examined closely.

Implicit

Trust everything within the network. Security is perimeter based and designed to stop external actors from entering the large trusted zone.

Controlled

Multiple zones of trust within the network. Segmentation is a standard practice to separate areas of higher and lower trust.

Zero

Verify trust. The network is set up to recognize and support the principle of least privilege where only required access is supported.

Align with an archetype

Archetypes are a good guide

• Using a defined archetype as a guiding principle in network design can help clarify appropriate tools or network structures.
• Different aspects of a network can have different archetypes where appropriate (e.g. IT vs. OT [operational technology] networks).

Traditional

Services are provided from within the traditional network boundaries and security is provided at the network edge.

Hybrid

Services are provided both externally and from within the traditional network boundaries, and security is primarily at the network edge.

Inverted

Services are provided primarily externally, and security is cloud centric.

Traditional networks

Resources within network boundaries

Moat and castle security perimeter

Abstract

A traditional network is one in which there are clear boundaries defined by a security perimeter. Trust can be applied within the network boundaries as appropriate, and traffic is generally routed through internally deployed control points that may be centralized. Traditional networks commonly include large firewalls and other “big iron” security and control devices.

Network Design Tenets

• The full network path from resource to user is designed, deployed, and controlled by IT.
• Users external to the network must first connect to the network to gain access to resources.
• Security, risk, and trust controls will be implemented by internal enterprise hardware/software devices.

Control

In the traditional network, it is assumed that all required control points can be adequately deployed across hardware/software that is “on prem” and under the control of central IT.

Info-Tech Insight

With increased cloud services provided to end users, this network is now more commonly used in data centers or OT networks.

Traditional networks

Defining Characteristics

• Traffic flows in a defined path under the control of IT to and from central IT resources.
• Due to visibility into, and the control of, the traffic between the end user and resources, IT can relatively simply implement the required security controls on owned hardware.

Common Components

• Traditional offices
• Remote users/road warriors
• Private data center/colocation space

Hybrid networks

Resources internal and external to network

Network security perimeter combined with cloud protection

Abstract

A hybrid network is one that combines elements of a traditional network with cloud resources. As some of these resources are not fully under the control of IT and may be completely “offnet” or loosely coupled to the on-premises network, the security boundaries and control points are less likely to be centralized. Hybrid networks allow the flexibility and speed of cloud deployment without leaving behind traditional network constructs. This generally makes them expensive to secure and maintain.

Network Design Tenets

• The network path from resource to user may not be in IT’s locus of control.
• Users external to the network must first connect to the network to gain access to internal resources but may directly access publicly hosted ones.
• Security, risk, and trust controls may potentially be implemented by a mixture of internal enterprise hardware/software devices and external control points.

Control

The hallmark of a hybrid network is the blending of public and private resources. This blending tends to necessitate both public and private points of control that may not be homogenous.

Info-Tech Insight

With multiple control points to address, take care in simplifying designs while addressing all concerns to ease operational load.

Hybrid networks

Defining Characteristics

• Traffic flows to central resources across a defined path under the control of IT.
• Traffic to cloud assets may be partially under the control of IT.
• For central resources, the traffic to and from the end user can have the required security controls relatively simply implemented on owned hardware.
• For public cloud assets, IT may or may not have some control over part of the path.

Common Components

• Traditional offices
• Remote users/road warriors
• Private data center/colocation space
• Public cloud assets (IaaS/PaaS/SaaS)

Inverted perimeter

Resources primarily external to the network

Security control points are cloud centric

Abstract

An inverted perimeter network is one in which security and control points cover the entire workflow, on or off net, from the consumer of services through to the services themselves with zero trust. Since the control plane is designed to encompass the workflow in a secure manner, much of the underlying connectivity can be abstracted. In an extreme version of this deployment, IT would abstract end-user access, and any cloud-based or on-premises resources would be securely published through the control plane with context-aware precision access.

Network Design Tenets

• The network path from resource to user is abstracted and controlled by IT through services like secure access service edge (SASE).
• Users only need internet access and appropriate credentials to gain access to resources.
• Security, risk, and trust controls will be implemented through external cloud based services.

Control

An inverted network abstracts the lower-layer connectivity away and focuses on implementing a cloud-based zero trust control plane.

Info-Tech Insight

This model is extremely attractive for organizations that consume primarily cloud services and have a large remote work force.

Inverted networks

Defining Characteristics

• The end user does not have to be in a defined location.
• All central resources that are to be accessed are hosted on cloud resources.
• IT has little to no control of the path between the end user and central resources.

Common Components

• Traditional offices
• Regent offices/shared workspaces
• Remote users/road warriors
• Public cloud assets (IaaS/PaaS/SaaS)

Understand available tooling

Don’t buy a hammer and go looking for nails

• A network archetype must be defined in order to understand what tools (hardware or software) are appropriate for consideration in a network build or refresh.
• Tools are purpose built and generally designed to solve specific problems if implemented and operated correctly. Choose the tools to align with the challenges that you are solving as opposed to choosing tools and then trying to use those purchases to overcome challenges.
• The purchase of a tool does not allow for abdication of proper design. Tools must be chosen appropriately and integrated properly to orchestrate the best solutions. Purchasing a tool and expecting the tool to solve all your issues rarely succeeds.

“It is essential to have good tools, but it is also essential that the tools should be used in the right way.” — Wallace D. Wattles

Software-defined WAN (SD-WAN)

Simplified branch office connectivity

Archetype Value: Traditional Networks

What It Is Not

SD-WAN is generally not a way to slash spending by lowering WAN circuit costs. Though it is traditionally deployed across lower cost access, to minimize risk and realize the most benefits from the platform many organizations install multiple circuits with greater bandwidths at each endpoint when replacing the more costly traditional circuits. Though this maximizes the value of the technology investment, it will result in the end cost being similar to the traditional cost plus or minus a small percentage.

What It Is

SD-WAN is a subset of software-defined networking (SDN) designed specifically to deploy a secure, centrally managed, connectivity agnostic, overlay network connecting multiple office locations. This technology can be used to replace, work in concert with, or augment more traditional costly connectivity such as MPLS or private point to point (PtP) circuits. In addition to the secure overlay, SD-WAN usually also enables policy-based, intelligent controls, based on traffic and circuit intelligence.

Why Use It

You have multiple endpoint locations connected by expensive lower bandwidth traditional circuits. Your target is to increase visibility and control while controlling costs if and where possible. Ease of centralized management and the ability to more rapidly turn up new locations are attractive.

Cloud access security broker (CASB)

Inline policy enforcement placed between users and cloud services

Archetype Value: Hybrid Networks

What It Is Not

CASBs do not provide network protection; they are designed to provide compliance and enforcement of rules. Though CASBs are designed to give visibility and control into cloud traffic, they have limits to the data that they generally ingest and utilize. A CASB does not gather or report on cloud usage details, licencing information, financial costing, or whether the cloud resource usage is aligned with the deployment purpose.

What It Is

A CASB is designed to establish security controls beyond a company’s environment. It is commonly deployed to augment traditional solutions to extend visibility and control into the cloud. To protect assets in the cloud, CASBs are designed to provide central policy control and apply services primarily in the areas of visibility, data security, threat protection, and compliance.

Why Use It

You a mixture of on-premises and cloud assets. In moving assets out to the cloud, you have lost the traditional controls that were implemented in the data center. You now need to have visibility and apply controls to the usage of these cloud assets.

Secure access service edge (SASE)

Convergence of security and service access in the cloud

Archetype Value: Inverted Networks

What It Is Not

Though the service will consist of many service offerings, SASE is not multiple services strung together. To present the value proposed by this platform, all functionality proposed must be provided by a single platform under a “single pane of glass.” SASE is not a mature and well-established service. The market is still solidifying, and the full-service definition remains somewhat fluid.

What It Is

SASE exists at the intersection of network-as-a-service and network-security-as-a-service. It is a superset of many network and security cloud offerings such as CASB, secure web gateway, SD-WAN, and WAN optimization. Any services offered by a SASE provider will be cloud hosted, presented in a single stack, and controlled through a single pane of glass.

Why Use It

Your network is inverting, and services are provided primarily as cloud assets. In a full realization of this deployment’s value, you would abstract how and where users gain initial network access yet remain in control of the communications and data flow.

Activity

Understand your enterprise network options

Activity: Network assessment in an hour

• Learn about the Enterprise Network Roadmap Technology Assessment Tool
• Complete the Enterprise Network Roadmap Technology Assessment Tool

This activity involves the following participants:

• IT strategic direction decision makers.
• IT managers responsible for network.
• Organizations evaluating platforms for mission critical applications.

Outcomes of this step:

• Completed Enterprise Network Roadmap Technology Assessment Tool

Info-Tech Insight

Review your design options with security and compliance in mind. Infrastructure is no longer a standalone entity and now tightly integrates with software-defined networks and security solutions.

Build an assessment in an hour

Learn about the Enterprise Network Roadmap Technology Assessment Tool.

This workbook provides a high-level analysis of a technology’s readiness for adoption based on your organization’s needs.

• The workbook then places the technology on a graph that measures both the readiness and fit for your organization. In addition, it provides warnings for specific issues and lets you know if you have considerable uncertainty in your answers.
• At a glance you can now communicate what you are doing to help the company:
  • Grow
  • Save money
  • Reduce risk
• Regardless of your specific audience, these are important stories to be able to tell.

Build an assessment in an hour

Complete the Enterprise Network Roadmap Technology Assessment Tool.

Dispense with detailed analysis and customizations to present a quick snapshot of the road ahead.

1. Weightings: Adjust the Weighting tab to meet organizational needs. The provided weightings for the overall solution areas are based on a generic firm; individual firms will have different needs.
2. Data Entry: For each category, answer the questions for the technology you are considering. When you have completed the questionnaire, go to the next tab for the results.
3. Results: The Enterprise Network Roadmap Technology Assessment Tool provides a value versus readiness assessment of your chosen technology customized to your organization.

Related Info-Tech Research

Effectively Acquire Infrastructure Services

Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.

Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery

There are very few IT infrastructure components you should be housing internally – outsource everything else.

Build Your Infrastructure Roadmap

Move beyond alignment: Put yourself in the driver’s seat for true business value.

Drive Successful Sourcing Outcomes With a Robust RFP Process

Leverage your vendor sourcing process to get better results.

Research Authors

Scott Young, Principal Research Advisor, Info-Tech Research Group

Scott Young is a Director of Infrastructure Research at Info-Tech Research Group. Scott has worked in the technology field for over 17 years, with a strong focus on telecommunications and enterprise infrastructure architecture. He brings extensive practical experience in these areas of specialization, including IP networks, server hardware and OS, storage, and virtualization.

Troy Cheeseman, Practice Lead, Info-Tech Research Group

Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.

Bibliography

Ahlgren, Bengt. “Design considerations for a network of information.” ACM Digital Library, 21 Dec. 2008.

Cox Business. “Digital transformation is here. Is your business ready to upgrade your mobile work equation?” BizJournals, 1 April 2022. Accessed April 2022.

Elmore, Ed. “Benefits of integrating security and networking with SASE.” Tech Radar, 1 April 2022. Web.

Greenfield, Dave. “From SD-WAN to SASE: How the WAN Evolution is Progressing.” Cato Networks, 19 May 2020. Web

Korolov, Maria. “What is SASE? A cloud service that marries SD-WAN with security.” Network World, 7 Sept. 2020. Web.

Korzeniowski, Paul, “CASB tools evolve to meet broader set of cloud security needs.” TechTarget, 26 July 2019. Accessed March 2022.

IBM i Migration Considerations

Don’t be overwhelmed by IBM i migration options.

Executive Summary

Your Challenge

IBM i remains a vital platform and now many CIO, CTO, and IT leaders are faced with the same IBM i challenges regardless of industry focus; how do you evaluate the future viability of this platform, assess the future fit and purpose, develop strategies, and determine the future of this platform for your organization?

Common Obstacles

For organizations that are struggling with the iSeries/IBM i platform, resourcing challenges are typically the culprit. An aging population of RPG programmers and system administrators means organizations need to be more proactive in maintaining in-house expertise. Migrating off the iSeries/IBM i platform is a difficult option for most organizations due to complexity, switching costs in the short term, and a higher long-term TCO.

Info-Tech Approach

The most common tactic is for the organization to better understand its IBM i options and adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house. To make the evident, obvious: the options here for the non-commodity are not as broad as with commodity server platforms. Options include co-location, onsite outsourcing, managed hosting, and public cloud services.

Info-Tech Insight

“For over twenty years, IBM was ‘king,’ dominating the large computer market. By the 1980s, the world had woken up to the fact that the IBM mainframe was expensive and difficult, taking a long time and a lot of work to get anything done. Eager for a new solution, tech professionals turned to the brave new concept of distributed systems for a more efficient alternative. On June 21, 1988, IBM announced the launch of the AS/400, their answer to distributed computing.” (Dale Perkins)

Review

We help IT leaders make the most of their IBM i environment.

Problem Statement:

The IBM i remains a vital platform for many businesses and continues to deliver exceptional reliability and performance and play a key role in the enterprise. With the limited resources at hand, CIOs and the like must continually review and understand their migration path with the same regard as any other distributed system roadmap.

This research is designed for:

• IT strategic direction decision makers
• IT managers responsible for an existing iSeries or IBM i platform
• Organizations evaluating platforms for mission-critical applications

This research will help you:

1. Evaluate the future viability of this platform.
2. Assess the fit, purpose, and price.
3. Develop strategies for overcoming potential challenges.
4. Determine the future of this platform for your organization.

The “fit for purpose” plot

Thought Model We will investigate the aspect of different IBM i scenarios as they impact business, what that means, and how that can guide the questions that you are asking as you move to an aligned IBM i IT strategy. Our model considers: Importance to Business Outcomes Important to strategic objectives Provides competitive advantage Non-commodity IT service or process Specialized in-house knowledge required Vendor’s Performance Advantage Talent or access to skills Economies of scale or lower cost at scale Access to technology Info-Tech Insights With multiple control points to be addressed, care must be taken in simplifying your options while addressing all concerns to ease operational load.

IBM i environments are challenging

Understand your options

Co-Location

Provider manages the data center hardware environment.

Onsite Sourcing

A provider will support the hardware/system environment at the client’s site.

Managed Hosting

Transition legacy application environment to an off-prem hosted multi-tenanted environment.

Public Cloud

Leverage “public cloud” alternatives with AWS, Google, or Microsoft AZURE.

Understand your vendors

Activity

Understand your vendor options

Activities:

1. Create your vendor profiles
2. Score vendor responses
3. Develop and manage your vendor agenda

This activity involves the following participants:

• IT strategic direction decision makers
• IT managers responsible for an existing iSeries or IBM i platform

Outcomes of this step:

• Vendor Profile Template
• Completed IT Infrastructure Outsourcing Scoring Tool

Info-Tech Insights

This check-point process creates transparency around agreement costs with the business and gives the business an opportunity to re-evaluate its requirements for a potentially leaner agreement.

1. Create your vendor profiles

Define what you are looking for:

2. Score your vendor responses

Use the IT Infrastructure Outsourcing Scoring Tool to manage vendor responses.

Use Info-Tech’s IT Infrastructure Outsourcing Scoring Tool to systematically score your vendor responses. The overall quality of the IBM i questions can help you understand what it might be like to work with the vendor. Consider the following questions: Is the vendor clear about what it’s able to offer? Is its response transparent? How much effort did the vendor put into answering the questions? Does the vendor seem like someone you would want to work with? Once you have the vendor responses, you will select two or three vendors to continue assessing in more depth leading to an eventual final selection.

Info-Tech Insights

Watch out for misleading scores that result from poorly designed criteria weightings.

3. Develop your vendor agenda

Related Info-Tech Research

Effectively Acquire Infrastructure Services
Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.

Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery
There are very few IT infrastructure components you should be housing internally – outsource everything else.

Build Your Infrastructure Roadmap
Move beyond alignment: Put yourself in the driver’s seat for true business value.

Define Your Cloud Vision
Make the most of cloud for your organization.

Document Your Cloud Strategy
Drive consensus by outlining how your organization will use the cloud.

Create a Right-Sized Disaster Recovery Plan
Close the gap between your DR capabilities and service continuity requirements.

Create a Better RFP Process
Improve your RFPs to gain leverage and get better results.

Research Authors

Darin Stahl, Principal Research Advisor, Info-Tech Research Group Principal Research Advisor within the Infrastructure Practice and leveraging 38+ years of experience, his areas of focus include: IT Operations Management, Service Desk, Infrastructure Outsourcing, Managed Services, Cloud Infrastructure, DRP/BCP, Printer Management, Managed Print Services, Application Performance Monitoring (APM), Managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).

Troy Cheeseman, Practice Lead, Info-Tech Research Group Troy has over 24 years of experience and has championed large, enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT Operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) start-ups.

Research Contributors

Dan Duffy, President & Owner, Mid-Range Dan Duffy is the President and Founder of Mid-Range Computer Group Inc., an IBM Platinum Business Partner. Dan and his team have been providing the Canadian and American IBM Power market with IBM infrastructure solutions including private cloud, hosting and disaster recovery, high availability and data center services since 1988. He has served on numerous boards and associations including the Toronto Users Group for Mid-Range Systems (TUG), the IBM Business Partners of the Americas Advisory Council, the Cornell Club of Toronto, and the Notre Dame Club of Toronto. Dan holds a Bachelor of Science from Cornell University.

George Goodall, Executive Advisor, Info-Tech Research Group George Goodall is an Executive Advisor in the Research Executive Services practice at Info-Tech Research Group. George has over 20 years of experience in IT consulting, enterprise software sales, project management, and workshop delivery. His primary focus is the unique challenges and opportunities in organizations with small and constrained IT operations. In his long tenure at Info-Tech, George has covered diverse topics including voice communications, storage, and strategy and governance.

Bibliography

“Companies using IBM i (formerly known as i5/OS).” Enlyft, 21 July 2021. Web.

Connor, Clare. “IBM i and Meeting the Challenges of Modernization.” Ensono, 22 Mar. 2022. Web.

Huntington, Tom. “60+ IBM i User Groups and Communities to Join?” HelpSystems, 16 Dec. 2021. Web.

Perkins, Dale. “The Road to Power Cloud: June 21st 1988 to now. The Journey Continues.” Mid-Range, 1 Nov. 2021. Web.

Prickett Morgan, Timothy. “How IBM STACKS UP POWER8 AGAINST XEON SERVERS.” The Next Platform, 13 Oct. 2015. Web.

“Why is AS/400 still used? Four reasons to stick with a classic.” NTT, 21 July 2016. Web.

Appendix

Public Cloud Provider Notes

Featured Research Projects 2023 (Q2/Q3)

“Here are my selections for the top research projects of the last quarter.”

Gord Harrison
Head of Research & Advisory
Info-Tech Research Group

CIO

01
Build Your Generative AI Roadmap

Generative AI is here, and it's time to find its best uses – systematically and responsibly.

02
CIO Priorities 2023

Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

03
Build an IT Risk Taxonomy

If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

04
Navigate the Digital ID Ecosystem to Enhance Customer Experience

Beyond the hype: How it can help you become more customer-focused?

05
Effective IT Communications

Generative AI is here, and it's time to find its best uses – systematically and responsibly.

06
Develop a Targeted Flexible Work Program for IT

Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

07
Effectively Manage CxO Relations

Make relationship management a daily habit with a personalized action plan.

08
Establish High-Value IT Performance Dashboards and Metrics

Spend less time struggling with visuals and more time communicating about what matters to your executives.

Applications

09
Build Your Enterprise Application Implementation Playbook

Your implementation doesn't start with technology but with an effective plan that the team can align on.

10
Develop Your Value-First Business Process Automation Strategy

As you scale your business automations, focus on what matters most.

11
Manage Requirements in an Agile Environment

Agile and requirements management are complementary, not competitors.

Security

12
Assess Your Cybersecurity Insurance Policy

Adapt to changes in the cyber insurance market.

13
Design and Implement a Business-Aligned Security Program

Focus first on business value.

Infrastructure & Operations

14
Automate IT Asset Data Collection

Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.

Industry | Retail

15
Leveraging AI to Create Meaningful Insights and Visibility in Retail

AI prominence across the enterprise value chain.

Industry | Education

16
Understand the Implications of Generative AI in Education

Bans aren't the answer, but what is?

Industry | Wholesale

17
Wholesale Industry Business Reference Architecture

Business capability maps, value streams, and strategy maps for the wholesale industry.

Industry | Retail Banking

18
Mainframe Modernization for Retail Banking

A strategy for modernizing mainframe systems to meet the needs of modern retail banking.

Industry | Utilities

19
Data Analytics Use Cases for Utilities

Building upon the collective wisdom for the art of the possible.

Build Your Generative AI Roadmap

Generative AI is here, and it's time to find its best uses – systematically and responsibly.

CIO
Strategy & Governance

Bill Wong
Principal Research Director

Download this research or book an analyst call on this topic

CIO Priorities 2023

Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

CIO
Strategy & Governance

Brian Jackson
Principal Research Director

Download this report or book an analyst call on this topic

Build an IT Risk Taxonomy

If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

CIO
Strategy & Governance

Donna Bales
Principal Research Director

Download this research or book an analyst call on this topic

Navigate the Digital ID Ecosystem to Enhance Customer Experience

Beyond the hype: How it can help you become more customer-focused?

CIO
Strategy & Governance

Manish Jain
Principal Research Director

Download this research or book an analyst call on this topic

Effective IT Communications

Empower IT employees to communicate well with any stakeholder across the organization.

CIO
People & Leadership

Brittany Lutes
Research Director

Diana MacPherson
Senior Research Analyst

Download this research or book an analyst call on this topic

Develop a Targeted Flexible Work Program for IT

Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

CIO
People & Leadership

Jane Kouptsova
Research Director

Download this research or book an analyst call on this topic

Effectively Manage CxO Relations

Make relationship management a daily habit with a personalized action plan.

CIO
Value & Performance

Mike Tweedle
Practice Lead

Download this research or book an analyst call on this topic

Establish High-Value IT Performance Dashboards and Metrics

Spend less time struggling with visuals and more time communicating about what matters to your executives.

CIO
Value & Performance

Diana MacPherson
Senior Research Analyst

Download this research or book an analyst call on this topic

Build Your Enterprise Application Implementation Playbook

Your implementation doesn't start with technology but with an effective plan that the team can align on.

Applications
Business Processes

Ricardo de Oliveira
Research Director

Download this research or book an analyst call on this topic

Develop Your Value-First Business Process Automation Strategy

As you scale your business automations, focus on what matters most.

Applications
Business Processes

Andrew Kum-Seun
Research Director

Download this research or book an analyst call on this topic

Manage Requirements in an Agile Environment

Agile and requirements management are complementary, not competitors.

Applications
Application Development

Vincent Mirabelli
Principal Research Director

Download this research or book an analyst call on this topic

Assess Your Cybersecurity Insurance Policy

Adapt to changes in the cyber insurance market.

Security
Security Risk, Strategy & Governance

Logan Rohde
Senior Research Analyst

Download this research or book an analyst call on this topic

Design and Implement a Business-Aligned Security Program

Focus first on business value.

Security
Security Risk, Strategy & Governance

Michel Hébert
Research Director

Download this research or book an analyst call on this topic

Automate IT Asset Data Collection

Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.

Infrastructure & Operations
I&O Process Management

Andrew Sharp
Research Director

Download this research or book an analyst call on this topic

Leveraging AI to Create Meaningful Insights and Visibility in Retail

AI prominence across the enterprise value chain.

Industry Coverage
Retail

Rahul Jaiswal
Principal Research Director

Download this research or book an analyst call on this topic

Understand the Implications of Generative AI in Education

Bans aren't the answer, but what is?

Industry Coverage
Education

Mark Maby
Research Director

Download this research or book an analyst call on this topic

Wholesale Industry Business Reference Architecture

Business capability maps, value streams, and strategy maps for the wholesale industry.

Industry Coverage
Wholesale

Rahul Jaiswal
Principal Research Director

Download this research or book an analyst call on this topic

Mainframe Modernization for Retail Banking

A strategy for modernizing mainframe systems to meet the needs of modern retail banking.

Industry Coverage
Retail Banking

David Tomljenovic
Principal Research Director

Download this research or book an analyst call on this topic

Data Analytics Use Cases for Utilities

Building upon the collective wisdom for the art of the possible.

Industry Coverage
Utilities

Jing Wu
Principal Research Director

Download this research or book an analyst call on this topic

Sneak Peaks: Research coming in next quarter!

“Next quarter we have a big lineup of reports and some great new research!”

Gord Harrison
Head of Research & Advisory
Info-Tech Research Group

1. Build MLOps and Engineering for AI and ML

   Enabling you to develop your Engineering and ML Operations to support your current & planned use cases for AI and ML.

2. Leverage Gen AI to Improve Your Test Automation Strategy

   Enabling you to embed Gen AI to assist your team during testing broader than Gen AI compiling code.

3. Make Your IT Financial Data Accessible, Reliable, and Usable

   This project will provide a recipe for bringing IT's financial data to a usable state through a series of discovery, standardization, and policy-setting actions.

4. Implement Integrated AI Governance

   Enabling you to implement best-practice governance principles when implementing Gen AI.

5. Develop Exponential IT Capabilities

   Enabling you to understand and develop your strategic Exponential IT capabilities.

6. Build Your AI Strategy and Roadmap

   This project will provide step-by-step guidance in development of your AI strategy with an AI strategy exemplar.

7. Priorities for Data Leaders in 2024 and Beyond

   This report will detail the top five challenges expected in the upcoming year and how you as the CDAO can tackle them.

8. Deploy AIOps More Effectively

   This research is designed to assess the process maturity of your IT operations and help identify pain pains and opportunities for AI deployment within your IT operations.

9. Design Your Edge Computing Architecture

   This research will provide deployment guidelines and roadmap to address your edge computing needs.

10. Manage Change in the AI-Enabled Enterprise

    Managing change is complex with the disruptive nature of emerging tech like AI. This research will assist you from an organizational change perspective.

11. Assess the Security and Privacy Impacts of Your AI Vendors

    This research will allow you to enhance transparency, improve risk management, and ensure the security and privacy of data when working with AI vendors.

12. Prepare Your Board for AI Disruption

    This research will arm you with tools to educate your board on the impact of Gen AI, addressing the potential risks and the potential benefits.

Info-Tech Research Leadership Team

“We have a world-class team of experts focused on providing practical, cutting-edge IT research and advice.”

Gord Harrison
Head of Research & Advisory
Info-Tech Research Group

Jack Hakimian
Senior Vice President
Research Development

Aaron Shum
Vice President
Security & Privacy Research

Larry Fretz
Vice President
Industry Research

Mark Tauschek
Vice President
Research Fellowships

Tom Zehren
Chief Product Officer

Rick Pittman
Vice President
Advisory Quality & Delivery

Nora Fisher
Vice President
Shared Services

Becca Mackey
Vice President
Workshops

Geoff Nielson
Senior Vice President
Global Services & Delivery

Brett Rugroden
Senior Vice President
Global Market Programs

Hannes Scheidegger
Senior Vice President
Global Public Sector

About Info-Tech Research Group

Info-Tech Research Group produces unbiased and highly relevant research to help leaders make strategic, timely, and well-informed decisions. We partner closely with your teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for the organization.

Drive Measurable Results

Our world-class leadership team is continually focused on building disruptive research and products that drive measurable results and save money.

Better Research Than Anyone

Our team of experts is composed of the optimal mix of former CIOs, CISOs, PMOs, and other IT leaders and IT and management consultants as well as academic researchers and statisticians.

Dramatically Outperform Your Peers

Leverage Industry Best Practices

We enable over 30,000 members to share their insights and best practices that you can use by having direct access to over 100 analysts as an extension of your team.

Become an Info-Tech influencer:

• Help shape our research by talking with our analysts.
• Discuss the challenges, insights, and opportunities in your chosen areas.
• Suggest new topic ideas for upcoming research cycles.

Contact
Jack Hakimian
jhakimian@infotech.com

We interview hundreds of experts and practitioners to help ensure our research is practical and focused on key member challenges.

Why participate in expert interviews?

• Discuss market trends and stay up to date.
• Influence Info-Tech's research direction with your practical experience.
• Preview our analysts' perspectives and preliminary research.
• Build on your reputation as a thought leader and research contributor.
• See your topic idea transformed into practical research.

Thank you!

Join us at our webinars to discuss more topics.

For information on Info-Tech's products and services and to participate in our research process, please contact:

Jack Hakimian
jhakimian@infotech.com

Network Segmentation

Protect your network by controlling the conversations within it.

Executive Summary

Info-Tech Insight

Executive Summary

Info-Tech Insight

The aim of networking is communication, but unfettered communication can be a liability. Appropriate segmentation in networks, blocking communications where they are not required or desired, restricts lateral movement within the network, allowing for better risk mitigation and management.

Network segmentation

How do you execute on network segmentation?

Identify risks by understanding access across the network

Understand the network space

Info-Tech Insight

The more granular you are in the definition of the network space, the more granular you can be in your segmentation. The unfortunate corollary to this is that the difficulty of managing your end solution grows with the granularity of your segmentation.

Create appropriate policy

Prioritize the potential segmentation

Info-Tech Insight

Be sure to keep this exercise relative so that a clear ranking occurs. If it turns out that everything is a priority, then nothing is a priority. When ranking things relative to others in the exercise, we ensure clear “winners” and “losers.”

Assess risk and prioritize action

1-3 hours

1. Define a list of users and services that define the network space to be addressed. If the lists are too long, use an exercise like affinity diagramming to appropriately group them into a smaller subset.
2. Create a matrix from the lists (put users and services along the rows and columns). In the intersecting points, label how the traffic should be treated (e.g. Permissive, Restricted, Rejected).
3. Examine the matrix and assess the intersections for risk using the lens of impact and likelihood of an adverse event. Label the intersections for risk level with one of green (low impact/likelihood), yellow (medium impact/likelihood), or red (high impact/likelihood).
4. Find commonalities within the medium/high areas and list the users or services as priorities to be addressed.

Design segmentation

Segmentation comes in many flavors; decide which is right for the specific circumstance.

Decide on which methods work for your circumstances

You always have options…

There are multiple lenses to look through when making the decision of what the correct segmentation method might be for any given user group or service. A potential subset could include:

• Effort to deploy
• Cost of the solution
• Skills required to operate
• Granularity of the segmentation
• Adaptability of the solution
• Level of automation in the solution

Info-Tech Insight

Network segmentation within an organization is rarely a one-size-fits-all proposition. Be sure to look at each situation that has been identified to need segmentation and align it with an appropriate solution. The overall number of solutions deployed has to maintain a balance between that appropriateness and the effort to manage multiple environments.

Framework to examine segmentation methods

To assess we need to understand.

To assess when technologies or methodologies are appropriate for a segmentation use case, we need to understand what those options are. We will be examining potential segmentation methods and concepts within the following framework:

WHAT

A description of the segmentation technology, method, or concept.

WHY

Why would this be used over other choices and/or in what circumstances?

HOW

A high-level overview of how this option could or would be deployed.

Notional assessments will be displayed in a sidebar to give an idea of Effort, Cost, Skills, Granularity, Adaptability, and Automation.

Air gap

… And never the twain shall meet.

– Rudyard Kipling, “The Ballad of East and West.”

WHAT

Air gapping is a strategy to protect portions of a network by segmenting those portions and running them on completely separate hardware from the primary network. In an air gap scenario, the segmented network cannot have connectivity to outside networks. This difference makes air gapping a very specific implementation of parallel networks (which are still segmented and run on separate hardware but can be connected through a control point).

WHY

Air gap is a traditional choice when environments need to be very secure. Examples where air gaps exist(ed) are:

• Operational technology (OT) networks
• Military networks
• Critical infrastructure

HOW

Most networks are not overprovisioned to a level that physical segmentation can be done without purchasing new equipment. The major steps required for constructing an air gap include:

• Design segmentation
• Purchase and install new hardware
• Cable to new hardware

Info-Tech Insight

An air gapped network is the ultimate in segmentation and security … as long as the network does not require connectivity. It is unfortunately rare in today’s world that a network will stand on its own without any need for external connectivity.

VLAN

Do what you can, with what you’ve got…

– Theodore Roosevelt

WHAT

Virtual local area networks (VLANs) are a standard feature on today’s firewalls, routers, and manageable switches. This configuration option allows for network traffic to be segmented into separate virtual networks (broadcast domains) on existing hardware. This segmentation is done at layer 2 of the OSI model. All traffic will share the same hardware but be partitioned based on “tags” that the local device applies to the traffic. Because of these tags, traffic is handled separately at layer 2 of the OSI model, but traffic can pass between segments at layer 3 (e.g. IP layer).

WHY

VLANs are commonly used because most existing deployments already have the technology available without extra licensing. VLANs are also potentially used as foundational components in more complex segmentation strategies such as static or dynamic overlays.

HOW

VLANs allow for segmentation of a device at the port level. VLAN strategies are generally on a location level (e.g. most VLAN deployments are local to a site, though the same structure may be used among sites). To deploy VLANs you must:

• Define VLAN segments
• Assign ports appropriately

Info-Tech Insight

VLANs are tried and true segmentation workhorses. The fact that they are already included in modern manageable solutions means that there is very little reason to not have some level of segmentation within a network.

Micro-segmentation

Everyone is against micromanaging, but macro managing means you’re working on the big picture but don’t understand the details.

– Henry Mintzberg

WHAT

Micro-segmentation is used to secure and control network traffic between workloads. This is a foundational technology when implementing zero trust or least-privileged access network designs. Segmentation is done at or directly adjacent to the workload (on the system or its direct network connectivity) through firewall or similar policy controls. The controls are set to only allow the network communication required to execute the workload and is limited to appropriate endpoints. This restrictive design restricts all traffic (including east-west) and reduces the attack surface.

WHY

Micro-segmentation is primarily used:

• In server-to-server communication.
• When lateral movement by bad actors is identified as a concern.

HOW

Micro-segmentation can be deployed at different places within the connectivity depending on the technologies used:

• Workload/server (e.g. server firewall)
• VM network overlay (e.g. VMware NSX)
• Network port (e.g. ACL, firewall, ACI)
• Cloud native (e.g. Azure Firewall)

Info-Tech Insight

Micro-segmentation is necessary in the data center to limit lateral movement. Just be sure to be thorough in defining required communication as this technology works on allowlists, not traditional blocklists.

Static overlay

Adaptability is key.

– Marc Andreessen

WHAT

Static overlays are a form of virtual segmentation that allows multiple network segments to exist on the same device. Most of these solutions will also allow for these segments to expand across multiple devices or sites, creating overlay virtual networks on top of the existing physical networks. The static nature of the solution is because the ports that participate in the overlays are statically assigned and configured. Connectivity between devices and sites is done through encapsulation and may have a dynamic component of the control plane handled through routing protocols.

WHY

Static overlays are commonly deployed when the need is to segment different use cases or areas of the organization consistently across sites while allowing easy access within the segments between sites. This could be representative of segmenting a department like Finance or extending a layer 2 segment across data centers.

HOW

Static overlays are can segment and potentially extend a layer 2 or layer 3 network. These solutions could be executed with technologies such as:

• VXLAN (Virtual eXtensible LAN)
• MPLS (Multi Protocol Label Switching)
• VRF (Virtual Routing & Forwarding)

Info-Tech Insight

Static overlays are commonly deployed by telecommunications providers when building out their service offerings due to the multitenancy requirements of the network.

Dynamic overlay

Never tell people how to do things. Tell them what to do and they will surprise you with their ingenuity.

– George S. Patton

WHAT

A dynamic overlay segmentation solution has the ability to make security or traffic decisions based on policy. Rather than designing and hardcoding the network architecture, the policy is architected and the network makes decisions based on that policy. Differing levels of control exist in this space, but the underlying commonality is that the segmentation would be considered “software defined” (SDN).

WHY

Dynamic overlay solutions provide the most flexibility of the presented solutions. Some use cases such as BYOD or IoT devices may not be easily identified or controlled through static means. As a general rule of thumb, the less static the network is, the more dynamic your segmentation solution must be.

HOW

Policy is generally applied at the network ingress. When applying policy, which policy to be applied can be identified through different methodologies such as:

• Authentication (e.g. 802.1x)
• Device agents
• Device profiling

Info-Tech Insight

Dynamic overlays allow for more flexibility through its policy-based configurations. These solutions can provide the highest value when positioned where we have less control of the points within a network (e.g. BYOD scenarios).

Define how your segments will communicate

No segment is an island…

Network segmentation allows for protection of devices, users, or data through the act of separating the physical or virtual networks they are on. Counter to this protective stance, especially in today’s networks, these devices, users, or data tend to need to interact with each other outside of the neat lines we draw for them. Proper network segmentation has to allow for the transfer of assets between networks in a safe and secure manner.

Info-Tech Insight

The solutions used to facilitate the controlled communication between segments has to consider the friction to the users. If too much friction is introduced, people will try to find a way around the controls, potentially negating the security that is intended with the solution.

Potential access methods

A ship in harbor is safe, but that is not what ships are built for.

– John A. Shedd

Operate and optimize

Security is not static. Monitor and iterate on policies within the environment.

Monitor for efficacy, compliance, and the unknown

Monitor to ensure your intended results and to identify new potential risks.

Monitoring network segments

A combination of passive and active monitoring is required to ensure that:

• The rules that have been deployed are working as expected.
• Appropriate proof of compliance is in place for auditing and insurance purposes.
• Environments are being monitored for unexpected traffic.

Active monitoring goes beyond the traditional gathering of information for alerts and dashboards and moves into the space of synthetic users and anomaly detection. Using these strategies helps to ensure that security is enforced appropriately and responses to issues are timely.

"We discovered in our research that insider threats are not viewed as seriously as external threats, like a cyberattack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever."

– Dr. Larry Ponemon, Chairman Ponemon Institute, at SecureWorld Boston

Info-Tech Insight

Using solutions like network detection and response (NDR) will allow for monitoring to take advantage of advanced analytical techniques like artificial intelligence (AI) and machine learning (ML). These technologies can help identify anomalies that a human might miss.

Monitoring options

It’s not what you look at that matters, it’s what you see.

– Henry David Thoreau

Gather feedback, assess the situation, and iterate

Take input from operating the environment and use that to optimize the process and the outcome.

Optimize through iteration

Output from monitoring must be fed back into the process of maintaining and optimizing segmentation. Network segmentation should be viewed as an ongoing process as opposed to a singular structured project.

Monitoring can and will highlight where and when the segmentation design is successful and when new traffic flows arise. If these inputs are not fed back through the process, designs will become stagnant and admins or users will attempt to find ways to circumvent solutions for ease of use.

"I think it's very important to have a feedback loop, where you're constantly thinking about what you've done and how you could be doing it better. I think that's the single best piece of advice: constantly think about how you could be doing things better and questioning yourself."

– Elon Musk, qtd. in Mashable, 2012

Info-Tech Insight

The network environment will not stay static; flows will change as often as required for the business to succeed. Take insights from monitoring the environment and integrate them into an iterative process that will maintain relevance and usability in your segmentation.

Bibliography

Andreessen, Marc. “Adaptability is key.” BrainyQuote, n.d.
Barry Schwartz. The Paradox of Choice: Why More Is Less. Harper Perennial, 18 Jan. 2005.
Capers, Zach. “GetApp’s 2022 Data Security Report—Seven Startling Statistics.” GetApp,
19 Sept. 2022.
Cisco Systems, Inc. “Cybersecurity resilience emerges as top priority as 62 percent of companies say security incidents impacted business operations.” PR Newswire, 6 Dec. 2022.
“Dynamic Network Segmentation: A Must-Have for Digital Businesses in the Age of Zero Trust.” Forescout Whitepaper, 2021. Accessed Nov. 2022.
Eaves, Johnothan. “Segmentation Strategy - An ISE Prescriptive Guide.” Cisco Community,
26 Oct. 2020. Accessed Nov. 2022.
Kambic, Dan, and Jason Fricke. “Network Segmentation: Concepts and Practices.” Carnegie Mellon University SEI Blog, 19 Oct. 2020. Accessed Nov. 2022.
Kang, Myong H., et al. “A Network Pump.” IEEE Transactions on Software Engineering, vol. 22 no. 5, May 1996.
Kipling, Rudyard. “The Ballad of East and West.” Ballads and Barrack-Room Ballads, 1892.
Mintzberg, Henry. “Everyone is against micro managing but macro managing means you're working at the big picture but don't know the details.” AZ Quotes, n.d.
Murphy, Greg. “A Reimagined Purdue Model For Industrial Security Is Possible.” Forbes Magazine, 18 Jan. 2022. Accessed Oct. 2022.
Patton, George S. “Never tell people how to do things. Tell them what to do and they will surprise you with their ingenuity.” BrainyQuote, n.d.
Ponemon, Larry. “We discovered in our research […].” SecureWorld Boston, n.d.
Roosevelt, Theodore. “Do what you can, with what you've got, where you are.” Theodore Roosevelt Center, n.d.
Sahoo, Narendra. “How Does Implementing Network Segmentation Benefit Businesses?” Vista Infosec Blog. April 2021. Accessed Nov. 2022.
“Security Outcomes Report Volume 3.” Cisco Secure, Dec 2022.
Shedd, John A. “A ship in harbor is safe, but that is not what ships are built for.” Salt from My Attic, 1928, via Quote Investigator, 9 Dec. 2023.
Singleton, Camille, et al. “X-Force Threat Intelligence Index 2022” IBM, 17 Feb. 2022.
Accessed Nov. 2022.
Stone, Mark. “What is network segmentation? NS best practices, requirements explained.” AT&T Cyber Security, March 2021. Accessed Nov. 2022.
“The State of Breach and Attack Simulation and the Need for Continuous Security Validation: A Study of US and UK Organizations.” Ponemon Institute, Nov. 2020. Accessed Nov. 2022.
Thoreau, Henry David. “It’s not what you look at that matters, it’s what you see.” BrainyQuote, n.d.
Ulanoff, Lance. “Elon Musk: Secrets of a Highly Effective Entrepreneur.” Mashable, 13 April 2012.
“What Is Microsegmenation?” Palo Alto, Accessed Nov. 2022.
“What is Network Segmentation? Introduction to Network Segmentation.” Sunny Valley Networks, n.d.

Mergers & Acquisitions: The Buy Blueprint

For IT leaders who want to have a role in the transaction process when their business is engaging in an M&A purchase.

EXECUTIVE BRIEF

Analyst Perspective

Don’t wait to be invited to the M&A table, make it.

Brittany Lutes
Research Analyst,
CIO Practice
Info-Tech Research Group

Ibrahim Abdel-Kader
Research Analyst,
CIO Practice
Info-Tech Research Group

IT has always been an afterthought in the M&A process, often brought in last minute once the deal is nearly, if not completely, solidified. This is a mistake. When IT is brought into the process late, the business misses opportunities to generate value related to the transaction and has less awareness of critical risks or inaccuracies.

To prevent this mistake, IT leadership needs to develop strong business relationships and gain respect for their innovative suggestions. In fact, when it comes to modern M&A activity, IT should be the ones suggesting potential transactions to meet business needs, specifically when it comes to modernizing the business or adopting digital capabilities.

IT needs to stop waiting to be invited to the acquisition or divestiture table. IT needs to suggest that the table be constructed and actively work toward achieving the strategic objectives of the business.

Executive Summary

Your Challenge

There are four key scenarios or entry points for IT as the acquiring organization in M&As:

• IT can suggest an acquisition to meet the business objectives of the organization.
• IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspectives.
• IT participates in due diligence activities and valuates the organization potentially being acquired.
• IT needs to reactively prepare its environment to enable the integration.

Consider the ideal scenario for your IT organization.

Common Obstacles

Some of the obstacles IT faces include:

• IT is often told about the transaction once the deal has already been solidified and is now forced to meet unrealistic business demands.
• The business does not trust IT and therefore does not approach IT to define value or reduce risks to the transaction process.
• The people and culture element are forgotten or not given adequate priority.

These obstacles often arise when IT waits to be invited into the transaction process and misses critical opportunities.

Info-Tech's Approach

Prepare for a growth/integration transaction by:

• Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
• Creating a standard strategy that will enable strong program management.
• Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

Info-Tech Insight

As the number of merger, acquisition, and divestiture transactions continues to increase, so too does IT’s opportunity to leverage the growing digital nature of these transactions and get involved at the onset.

The changing M&A landscape

Businesses will embrace more digital M&A transactions in the post-pandemic world

• When the pandemic occurred, businesses reacted by either pausing (61%) or completely cancelling (46%) deals that were in the mid-transaction state (Deloitte, 2020). The uncertainty made many organizations consider whether the risks would be worth the potential benefits.
• However, many organizations quickly realized the pandemic is not a hindrance to M&A transactions but an opportunity. Over 16,000 American companies were involved in M&A transactions in the first six months of 2021 (The Economist). For reference, this had been averaging around 10,000 per six months from 2016 to 2020.
• In addition to this transaction growth, organizations have increasingly been embracing digital. These trends increase the likelihood that, as an IT leader, you will engage in an M&A transaction. However, it is up to you when you get involved in the transactions.

The total value of transactions in the year after the pandemic started was $1.3 billion – a 93% increase in value compared to before the pandemic. (Nasdaq)

Virtual deal-making will be the preferred method of 55% of organizations in the post-pandemic world. (Wall Street Journal, 2020)

Your challenge

IT is often not involved in the M&A transaction process. When it is, it’s often too late.

• The most important driver of an acquisition is the ability to access new technology (DLA Piper), and yet 50% of the time, IT isn’t involved in the M&A transaction at all (IMAA Institute, 2017).
• Additionally, IT’s lack of involvement in the process negatively impacts the business:
  • Most organizations (60%) do not have a standardized approach to integration (Steeves and Associates).
  • Weak integration teams contribute to the failure of 70% of M&A integrations (The Wall Street Journal, 2019).
  • Less than half (47%) of organizations actually experience the positive results sought by the M&A transaction (Steeves and Associates).
• Organizations pursuing M&A and not involving IT are setting themselves up for failure.

Only half of M&A deals involve IT (Source: IMAA Institute, 2017)

Common Obstacles

These barriers make this challenge difficult to address for many organizations:

• IT is rarely afforded the opportunity to participate in the transaction deal. When IT is invited, this often happens later in the process where integration will be critical to business continuity.
• IT has not had the opportunity to demonstrate that it is a valuable business partner in other business initiatives.
• One of the most critical elements that IT often doesn’t take the time or doesn’t have the time to focus on is the people and leadership component.
• IT waits to be invited to the process rather then actively involving themselves and suggesting how value can be added to the process.

In hindsight, it’s clear to see: Involving IT is just good business.

47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion. (Source: IMAA Institute, 2017)

“40% of acquiring businesses discovered a cybersecurity problem at an acquisition.” (Source: Okta)

Info-Tech's approach

Acquisitions & Divestitures Framework

Acquisitions and divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

1. The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
2. Transactions that are driven by digital motivations, requiring IT’s expertise.
3. A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
4. There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.

The business’ view of IT will impact how soon IT can get involved

There are four key entry points for IT

1. Innovator: IT suggests an acquisition to meet the business objectives of the organization.
2. Business Partner: IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspective.
3. Trusted Operator: IT participates in due diligence activities and valuates the organization potentially being acquired.
4. Firefighter: IT reactively engages in the integration with little time to prepare.

Merger, acquisition, and divestiture defined

Merger

A merger looks at the equal combination of two entities or organizations. Mergers are rare in the M&A space, as the organizations will combine assets and services in a completely equal 50/50 split. Two organizations may also choose to divest business entities and merge as a new company.

Acquisition

The most common transaction in the M&A space, where an organization will acquire or purchase another organization or entities of another organization. This type of transaction has a clear owner who will be able to make legal decisions regarding the acquired organization.

Divestiture

An organization may decide to sell partial elements of a business to an acquiring organization. They will separate this business entity from the rest of the organization and continue to operate the other components of the business.

Info-Tech Insight

A true merger does not exist, as there is always someone initiating the discussion. As a result, most M&A activity falls into acquisition or divestiture categories.

Buying vs. selling

The M&A process approach differs depending on whether you are the executive IT leader on the buy side or sell side

This blueprint is only focused on the buy side:

• More than two organizations could be involved in a transaction.
• Examples of buy-related scenarios include:
  • Your organization is buying another organization with the intent of having the purchased organization keep its regular staff, operations, and location. This could mean minimal integration is required.
  • Your organization is buying another organization in its entirety with the intent of integrating it into your original company.
  • Your organization is buying components of another organization with the intent of integrating them into your original company.
• As the purchasing organization, you will probably be initiating the purchase and thus will be valuating the selling organization during due diligence and leading the execution plan.

The sell side is focused on:

• Examples of sell-related scenarios include:
  • Your organization is selling to another organization with the intent of keeping its regular staff, operations, and location. This could mean minimal separation is required.
  • Your organization is selling to another organization with the intent of separating to be a part of the purchasing organization.
  • Your organization is engaging in a divestiture with the intent of:
    • Separating components to be part of the purchasing organization permanently.
    • Separating components to be part of a spinoff and establish a unit as a standalone new company.
• As the selling organization, you could proactively seek out suitors to purchase all or components of your organization, or you could be approached by an organization.

For more information on divestitures or selling your entire organization, check out Info-Tech’s Mergers & Acquisitions: The Sell Blueprint.

Core business timeline

For IT to be valuable in M&As, you need to align your deliverables and your support to the key activities the business and investors are working on.

Info-Tech’s methodology for Buying Organizations in Mergers, Acquisitions, or Divestitures

Potential metrics for each phase

The IT executive’s role in the buying transaction is critical

And IT leaders have a greater likelihood than ever of needing to support a merger, acquisition, or divestiture.

1. Reduced Risk

   IT can identify risks that may go unnoticed when IT is not involved.

2. Increased Accuracy

   The business can make accurate predictions around the costs, timelines, and needs of IT.

3. Faster Integration

   Faster integration means faster value realization for the business.

4. Informed Decision Making

   IT leaders hold critical information that can support the business in moving the transaction forward.

5. Innovation

   IT can suggest new opportunities to generate revenue, optimize processes, or reduce inefficiencies.

The IT executive’s critical role is demonstrated by:

• Reduced Risk

  47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion (IMAA Institute, 2017).

• Increased Accuracy

  87% of respondents to a Deloitte survey effectively conducted a virtual deal, with a focus on cybersecurity and integration (Deloitte, 2020).

• Faster Integration

  Integration costs range from as low as $4 million to as high as $3.8 billion, making the process an investment for the organization (CIO Dive).

• Informed Decision Making

  Only 38% of corporate and 22% of private equity firms include IT as a significant aspect in their transaction approach (IMAA Institute, 2017).

• Innovation

  Successful CIOs involved in M&As can spend 70% of their time on aspects outside of IT and 30% of their time on technology and delivery (CIO).

Playbook benefits

IT Benefits

• IT will be seen as an innovative partner to the business, and its suggestions and involvement in the organization will lead to benefits, not hindrances.
• Develop a streamlined method to valuate the potential organization being purchased and ensure risk management concerns are brought to the business’ attention immediately.
• Create a comprehensive list of items that IT needs to do during the integration that can be prioritized and actioned.

Business Benefits

• The business will get accurate and relevant information about the organization being acquired, ensuring that the anticipated value of the transaction is correctly planned for.
• Fewer business interruptions will happen, because IT can accurately plan for and execute the high-priority integration tasks.
• The business can make a fair offer to the purchased organization, having properly valuated all aspects being bought, including the IT environment.

Insight summary

Overarching Insight

As an IT executive, take control of when you get involved in a growth transaction. Do this by proactively identifying acquisition targets, demonstrating the value of IT, and ensuring that integration of IT environments does not lead to unnecessary and costly decisions.

Proactive Insight

CIOs on the forefront of digital transformation need to actively look for and suggest opportunities to acquire or partner on new digital capabilities to respond to rapidly changing business needs.

Discovery & Strategy Insight

IT organizations that have an effective M&A program plan are more prepared for the buying transaction, enabling a successful outcome. A structured strategy is particularly necessary for organizations expected to deliver M&As rapidly and frequently.

Due Diligence & Preparation Insight

Most IT synergies can be realized in due diligence. It is more impactful to consider IT processes and practices (e.g. contracts and culture) in due diligence rather than later in the integration.

Execution & Value Realization Insight

IT needs to realize synergies within the first 100 days of integration. The most successful transactions are when IT continuously realizes synergies a year after the transaction and beyond.

Blueprint deliverables

Key Deliverable: M&A Buy Playbook

The M&A Buy Playbook should be a reusable document that enables your IT organization to successfully deliver on any acquisition transaction.

M&A Buy One-Pager

See a one-page overview of each phase of the transaction.

M&A Buy Case Studies

Read a one-page case study for each phase of the transaction.

M&A Integration Project Management Tool (SharePoint)

Manage the integration process of the acquisition using this SharePoint template.

M&A Integration Project Management Tool (Excel)

Manage the integration process of the acquisition using this Excel tool if you can’t or don’t want to use SharePoint.

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 6 to 10 calls over the course of 2 to 4 months.

Proactive Phase

• Call #1: Scope requirements, objectives, and your specific challenges.

Discovery & Strategy Phase

• Call #2: Determine stakeholders and their perspectives of IT.
• Call #3: Identify how M&A could support business strategy and how to communicate.

Due Diligence & Preparation Phase

• Call #4: Establish a transaction team and acquisition strategic direction.
• Call #5: Create program metrics and identify a standard integration strategy.
• Call #6: Assess the potential organization(s).
• Call #7: Identify the integration program plan.

Execution & Value Realization Phase

• Call #8: Establish employee transitions to retain key staff.
• Call #9: Assess IT’s ability to deliver on the acquisition transaction.

The Buy Blueprint

Phase 1

Proactive

This phase will walk you through the following activities:

• Conduct the CEO-CIO Alignment diagnostic
• Conduct the CIO Business Vision diagnostic
• Visualize relationships among stakeholders to identify key influencers
• Group stakeholders into categories
• Prioritize your stakeholders
• Plan to communicate
• Valuate IT
• Assess the IT/digital strategy
• Determine pain points and opportunities
• Align goals to opportunities
• Recommend growth opportunities

This phase involves the following participants:

• IT and business leadership

What is the Proactive phase?

Embracing the digital drivers

As the number of merger, acquisition, or divestiture transactions driven by digital means continues to increase, IT has an opportunity to not just be involved in a transaction but actively seek out potential deals.

In the Proactive phase, the business is not currently considering a transaction. However, the business could consider one to reach its strategic goals. IT organizations that have developed respected relationships with the business leaders can suggest these potential transactions.

Understand the business’ perspective of IT, determine who the critical M&A stakeholders are, valuate the IT environment, and examine how it supports the business goals in order to suggest an M&A transaction.

In doing so, IT isn’t waiting to be invited to the transaction table – it’s creating it.

Goal: To support the organization in reaching its strategic goals by suggesting M&A activities that will enable the organization to reach its objectives faster and with greater-value outcomes.

Proactive Prerequisite Checklist

Before coming into the Proactive phase, you should have addressed the following:

• Understand what mergers, acquisitions, and divestitures are.
• Understand what mergers, acquisitions, and divestitures mean for the business.
• Understand what mergers, acquisitions, and divestitures mean for IT.

Review the Executive Brief for more information on mergers, acquisitions, and divestitures for purchasing organizations.

Proactive

Step 1.1

Identify M&A Stakeholders and Their Perspective of IT

Activities

• 1.1.1 Conduct the CEO-CIO Alignment diagnostic
• 1.1.2 Conduct the CIO Business Vision diagnostic
• 1.1.3 Visualize relationships among stakeholders to identify key influencers
• 1.1.4 Group stakeholders into categories
• 1.1.5 Prioritize your stakeholders
• 1.16 Plan to communicate

This step involves the following participants:

• IT executive leader
• IT leadership
• Critical M&A stakeholders

Outcomes of Step

Understand how the business perceives IT and establish strong relationships with critical M&A stakeholders.

Business executives' perspectives of IT

Leverage diagnostics and gain alignment on IT’s role in the organization

• To suggest or get involved with a merger, acquisition, or divestiture, the IT executive leader needs to be well respected by other members of the executive leadership team and the business.
• Specifically, the Proactive phase relies on the IT organization being viewed as an Innovator within the business.
• Identify how the CEO/business executive currently views IT and where they would like IT to move within the Maturity Ladder.
• Additionally, understand how other critical department leaders view IT and how they view the partnership with IT.

Misalignment in target state requires further communication between the CIO and CEO to ensure IT is striving toward an agreed-upon direction.

Info-Tech’s CIO Business Vision (CIO BV) diagnostic measures a variety of high-value metrics to provide a well-rounded understanding of stakeholder satisfaction with IT.

Business Satisfaction and Importance for Core Services

The core services of IT are important when determining what IT should focus on. The most important services with the lowest satisfaction offer the largest area of improvement for IT to drive business value.

1.1.1 Conduct the CEO-CIO Alignment diagnostic

Input: IT organization expertise and the CEO-CIO Alignment diagnostic

Output: An understanding of an executive business stakeholder’s perception of IT

Materials: CEO-CIO Alignment diagnostic, M&A Buy Playbook

Participants: IT executive/CIO, Business executive/CEO

1. The CEO-CIO Alignment diagnostic can be a powerful input. Speak with your Info-Tech account representative to conduct the diagnostic. Use the results to inform current IT capabilities.
2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret and draw conclusions from the results.
3. Examine the results of the survey and note where there might be specific capabilities that could be improved.
4. Determine whether there are any areas of significant disagreement between the you and the CEO. Mark down those areas for further conversations. Additionally, take note of areas that could be leveraged to support growth transactions or support your rationale in recommending growth transactions.

Download the sample report.

Record the results in the M&A Buy Playbook.

1.1.2 Conduct the CIO Business Vision diagnostic

2 weeks

Input: IT organization expertise, CIO BV diagnostic

Output: An understanding of business stakeholder perception of certain IT capabilities and services

Materials: CIO Business Vision diagnostic, Computer, Whiteboard and markers, M&A Buy Playbook

Participants: IT executive/CIO, Senior business leaders

1. The CIO Business Vision (CIO BV) diagnostic can be a powerful tool for identifying IT capability focus areas. Speak with your account representative to conduct the CIO BV diagnostic. Use the results to inform current IT capabilities.
2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret the results and draw conclusions from the diagnostic.
3. Examine the results of the survey and take note of any IT services that have low scores.
4. Read through the diagnostic comments and note any common themes. Especially note which stakeholders identified they have a favorable relationship with IT and which stakeholders identified they have an unfavorable relationship. For those who have an unfavorable relationship, identify if they will have a critical role in a growth transaction.

Download the sample report.

Record the results in the M&A Buy Playbook.

Create a stakeholder network map for M&A transactions

Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

Example:

Legend
• Black arrows indicate the direction of professional influence
• Dashed green arrows indicate bidirectional, informal influence relationships

Info-Tech Insight

Your stakeholder map defines the influence landscape that the M&A transaction will occur within. This will identify who holds various levels of accountability and decision-making authority when a transaction does take place.

Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.

1.1.3 Visualize relationships among stakeholders to identify key influencers

1-3 hours

Input: List of M&A stakeholders

Output: Relationships among M&A stakeholders and influencers

Materials: M&A Buy Playbook

Participants: IT executive leadership

1. The purpose of this activity is to list all the stakeholders within your organization that will have a direct or indirect impact on the M&A transaction.
2. Determine the critical stakeholders, and then determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
4. Construct a diagram linking stakeholders and their influencers together.
   • Use black arrows to indicate the direction of professional influence.
   • Use dashed green arrows to indicate bidirectional, informal influence relationships.

Record the results in the M&A Buy Playbook.

Categorize your stakeholders with a prioritization map

A stakeholder prioritization map helps IT leaders categorize their stakeholders by their level of influence and ownership in the merger, acquisition, or divestiture process.

There are four areas in the map, and the stakeholders within each area should be treated differently.

Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

1.1.4 Group stakeholders into categories

30 minutes

Input: Stakeholder map, Stakeholder list

Output: Categorization of stakeholders and influencers

Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

Participants: IT executive leadership, Stakeholders

1. Identify your stakeholders’ interest in and influence on the M&A process as high, medium, or low by rating the attributes below.
2. Map your results to the model to the right to determine each stakeholder’s category.

Level of Influence

• Power: Ability of a stakeholder to effect change.
• Urgency: Degree of immediacy demanded.
• Legitimacy: Perceived validity of stakeholder’s claim.
• Volume: How loud their “voice” is or could become.
• Contribution: What they have that is of value to you.

Level of Interest

How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

Record the results in the M&A Buy Playbook.

Prioritize your stakeholders

There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How significant is that stakeholder to the M&A or divestiture process?

These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.

1.1.5 Prioritize your stakeholders

30 minutes

Input: Stakeholder matrix

Output: Stakeholder and influencer prioritization

Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

Participants: IT executive leadership, M&A/divestiture stakeholders

1. Identify the level of support of each stakeholder by answering the following question: How significant is that stakeholder to the M&A transaction process?
2. Prioritize your stakeholders using the prioritization scheme on the previous slide.

Record the results in the M&A Buy Playbook.

Define strategies for engaging stakeholders by type

Info-Tech Insight

Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying stakeholder groups, the IT executive leader can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of Mediators and Players are met.

1.1.6 Plan to communicate

30 minutes

Input: Stakeholder priority, Stakeholder categorization, Stakeholder influence

Output: Stakeholder communication plan

Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

Participants: IT executive leadership, M&A/divestiture stakeholders

The purpose of this activity is to make a communication plan for each of the stakeholders identified in the previous activities, especially those who will have a critical role in the M&A transaction process.

1. In the M&A Buy Playbook, input the type of influence each stakeholder has on IT, how they would be categorized in the M&A process, and their level of priority. Use this information to create a communication plan.
2. Determine the methods and frequency of communication to keep the necessary stakeholder satisfied and maintain or enhance IT’s profile within the organization.

Record the results in the M&A Buy Playbook.

Proactive

Step 1.2

Assess IT’s Current Value and Method to Achieve a Future State

Activities

• 1.2.1 Valuate IT
• 1.2.2 Assess the IT/digital strategy

This step involves the following participants:

• IT executive leader
• IT leadership
• Critical stakeholders to M&A

Outcomes of Step

Identify critical opportunities to optimize IT and meet strategic business goals through a merger, acquisition, or divestiture.

How to valuate your IT environment

And why it matters so much

• Valuating your current organization’s IT environment is a critical step that all IT organizations should take, whether involved in an M&A or not, to fully understand what it might be worth.
• The business investments in IT can be directly translated into a value amount. For every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
• Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT is so critical.
• There are three ways a business or asset can be valuated:
  • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
  • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
  • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.
(Source: “Valuation Methods,” Corporate Finance Institute)

Four ways to create value through digital

1. Reduced costs
2. Improved customer experience
3. New revenue sources
4. Better decision making
(Source: McKinsey & Company)

1.2.1 Valuate IT

1 day

Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

Output: Valuation of IT

Materials: Relevant templates/tools listed on the following slides, Capital budget, Operating budget, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership

The purpose of this activity is to demonstrate that IT is not simply an operational functional area that diminishes business resources. Rather, IT contributes significant value to the business.

1. Review each of the following slides to valuate IT’s data, applications, infrastructure and operations, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount.
2. Input the financial amounts identified for each critical area into a summary slide. Use this information to determine where IT is delivering value to the organization.

Info-Tech Insight

Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

Record the results in the M&A Buy Playbook.

Data valuation

Data valuation identifies how you monetize the information that your organization owns.

Create a data value chain for your organization

When valuating the information and data that exists in an organization, there are many things to consider.

Info-Tech has two tools that can support this process:

1. Information Asset Audit Tool: Use this tool first to take inventory of the different information assets that exist in your organization.
2. Data Valuation Tool: Once information assets have been accounted for, valuate the data that exists within those information assets.

Instructions

1. Using the Data Valuation Tool, start gathering information based on the eight steps above to understand your organization’s journey from data to value.
2. Identify the data value spectrum. (For example: customer sales service, citizen licensing service, etc.)
3. Fill out the columns for data sources, data collection, and data first.
4. Capture data analysis and related information.
5. Then capture the value in data.
6. Add value dimensions such as usage, quality, and economic dimensions.
   • Remember that economic value is not the only dimension, and usage/quality has a significant impact on economic value.
7. Collect evidence to justify your data valuation calculator (market research, internal metrics, etc.).
8. Finally, calculate the value that has a direct correlation with underlying value metrics.

Application valuation

Calculate the value of your IT applications

When valuating the applications and their users in an organization, consider using a business process map. This shows how business is transacted in the company by identifying which IT applications support these processes and which business groups have access to them. Info-Tech has a business process mapping tool that can support this process:

• Enterprise Integration Process Mapping Tool: Complete this tool first to map the different business processes to the supporting applications in your organization.

Instructions

1. Start by calculating user costs. This is the product of the (# of users) × (% of time spent using IT) × (fully burdened salary).
2. Identify the revenue per employee and divide that by the average cost per employee to calculate the derived productivity ratio (DPR).
3. Once you have calculated the user costs and DPR, multiply those total values together to get the application value.

User Costs			Total User Costs	Derived Productivity Ratio (DPR)		Total DPR	Application Value
# of users	% time spent using IT	Fully burdened salary	Multiply values from the 3 user costs columns	Revenue per employee	Average cost per employee	(Revenue P.E) ÷ (Average cost P.E)	(User costs) X (DPR)



4. Once the total application value is established, calculate the combined IT and business costs of delivering that value. IT and business costs include inflexibility (application maintenance), unavailability (downtime costs, including disaster exposure), IT costs (common costs statistically allocated to applications), and fully loaded cost of active (full-time equivalent [FTE]) users.
5. Calculate the net value of applications by subtracting the total IT and business costs from the total application value calculated in step 3.

IT and Business Costs				Total IT and Business Costs	Net Value of Applications
Application maintenance	Downtime costs (include disaster exposure)	Common costs allocated to applications	Fully loaded costs of active (FTE) users	Sum of values from the four IT and business costs columns	(Application value) – (IT and business costs)

(Source: CSO)

Infrastructure valuation

Assess the foundational elements of the business’ information technology

The purpose of this exercise is to provide a high-level infrastructure valuation that will contribute to valuating your IT environment.

Calculating the value of the infrastructure will require different methods depending on the environment. For example, a fully cloud-hosted organization will have different costs than a fully on-premises IT environment.

Instructions:

1. Start by listing all of the infrastructure-related items that are relevant to your organization.
2. Once you have finalized your items column, identify the total costs/value of each item.
   • For example, total software costs would include servers and storage.
3. Calculate the total cost/value of your IT infrastructure by adding all of values in the right column.

For additional support, download the M&A Runbook for Infrastructure and Operations.

Risk and security

Assess risk responses and calculate residual risk

The purpose of this exercise is to provide a high-level risk assessment that will contribute to valuating your IT environment. For a more in-depth risk assessment, please refer to the Info-Tech tools below:

1. Risk Register Tool
2. Security M&A Due Diligence Tool

Instructions

1. Review the probability and impact scales below and ensure you have the appropriate criteria that align to your organization before you conduct a risk assessment.
2. Identify the probability of occurrence and estimated financial impact for each risk category detail and fill out the table on the right. Customize the table as needed so it aligns to your organization.

Probability of Risk Occurrence	Occurrence Criteria (Classification; Probability of Risk Event Within One Year)
Negligible	Very Unlikely; ‹20%
Very Low	Unlikely; 20 to 40%
Low	Possible; 40 to 60%
Moderately Low	Likely; 60 to 80%
Moderate	Almost Certain; ›80%

Note: If needed, you can customize this scale with the severity designations that you prefer. However, make sure you are always consistent with it when conducting a risk assessment.

1.2.2 Assess the IT/digital strategy

4 hours

Input: IT strategy, Digital strategy, Business strategy

Output: An understanding of an executive business stakeholder’s perception of IT, Alignment of IT/digital strategy and overall organization strategy

Materials: Computer, Whiteboard and markers, M&A Buy Playbook

Participants: IT executive/CIO, Business executive/CEO

The purpose of this activity is to review the business and IT strategies that exist to determine if there are critical capabilities that are not being supported.

Ideally, the IT and digital strategies would have been created following development of the business strategy. However, sometimes the business strategy does not directly call out the capabilities it requires IT to support.

1. On the left half of the corresponding slide in the M&A Buy Playbook, document the business goals, initiatives, and capabilities. Input this information from the business or digital strategies. (If more space for goals, initiatives, or capabilities is needed, duplicate the slide).
2. On the other half of the slide, document the IT goals, initiatives, and capabilities. Input this information from the IT strategy and digital strategy.

For additional support, see Build a Business-Aligned IT Strategy.

Record the results in the M&A Buy Playbook.

Proactive

Step 1.3

Drive Innovation and Suggest Growth Opportunities

Activities

• 1.3.1 Determine pain points and opportunities
• 1.3.2 Align goals with opportunities
• 1.3.3 Recommend growth opportunities

This step involves the following participants:

• IT executive leader
• IT leadership
• Critical M&A stakeholders

Outcomes of Step

Establish strong relationships with critical M&A stakeholders and position IT as an innovative business partner that can suggest growth opportunities.

1.3.1 Determine pain points and opportunities

1-2 hours

Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade

Output: List of pain points or opportunities that IT can address

Materials: Computer, Whiteboard and markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Business stakeholders

The purpose of this activity is to determine the pain points and opportunities that exist for the organization. These can be external or internal to the organization.

1. Identify what opportunities exist for your organization. Opportunities are the potential positives that the organization would want to leverage.
2. Next, identify pain points, which are the potential negatives that the organization would want to alleviate.
3. Spend time considering all the options that might exist, and keep in mind what has been identified previously.

Opportunities and pain points can be trends, other departments’ initiatives, business perspectives of IT, etc.

Record the results in the M&A Buy Playbook.

1.3.2 Align goals with opportunities

1-2 hours

Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade, List of pain points and opportunities

Output: An understanding of an executive business stakeholder’s perception of IT, Foundations for growth strategy

Materials: Computer, Whiteboard and markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Business stakeholders

The purpose of this activity is to determine whether a growth or separation strategy might be a good suggestion to the business in order to meet its business objectives.

1. For the top three to five business goals, consider:
   1. Underlying drivers
   2. Digital opportunities
   3. Whether a growth or reduction strategy is the solution
2. Just because a growth or reduction strategy is a solution for a business goal does not necessarily indicate M&A is the way to go. However, it is important to consider before you pursue suggesting M&A.

Record the results in the M&A Buy Playbook.

1.3.3 Recommend growth opportunities

1-2 hours

Input: Growth or separation strategy opportunities to support business goals, Stakeholder communication plan, Rationale for the suggestion

Output: M&A transaction opportunities suggested

Materials: M&A Buy Playbook

Participants: IT executive/CIO, Business executive/CEO

The purpose of this activity is to recommend a merger, acquisition, or divestiture to the business.

1. Identify which of the business goals the transaction would help solve and why IT is the one to suggest such a goal.
2. Leverage the stakeholder communication plan identified previously to give insight into stakeholders who would have a significant level of interest, influence, or support in the process.

Info-Tech Insight

With technology and digital driving many transactions, leverage this opening and begin the discussions with your business on how and why an acquisition would be a great opportunity.

Record the results in the M&A Buy Playbook.

By the end of this Proactive phase, you should:

Be prepared to suggest M&A opportunities to support your company’s goals through growth or acquisition transactions

Key outcome from the Proactive phase

Develop progressive relationships and strong communication with key stakeholders to suggest or be aware of transformational opportunities that can be achieved through growth or reduction strategies such as mergers, acquisitions, or divestitures.

Key deliverables from the Proactive phase

• Business perspective of IT examined
• Key stakeholders identified and relationship to the M&A process outlined
• Ability to valuate the IT environment and communicate IT’s value to the business
• Assessment of the business, digital, and IT strategies and how M&As could support those strategies
• Pain points and opportunities that could be alleviated or supported through an M&A transaction
• Acquisition or buying recommendations

The Buy Blueprint

Phase 2

Discovery & Strategy

This phase will walk you through the following activities:

• Create the mission and vision
• Identify the guiding principles
• Create the future-state operating model
• Determine the transition team
• Document the M&A governance
• Create program metrics
• Establish the integration strategy
• Conduct a RACI
• Create the communication plan
• Assess the potential organization(s)

This phase involves the following participants:

• IT executive/CIO
• IT senior leadership
• Company M&A team

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

What is the Discovery & Strategy phase?

Pre-transaction state

The Discovery & Strategy phase during an acquisition is a unique opportunity for many IT organizations. IT organizations that can participate in the acquisition transaction at this stage are likely considered a strategic partner of the business.

For one-off acquisitions, IT being invited during this stage of the process is rare. However, for organizations that are preparing to engage in many acquisitions over the coming years, this type of strategy will greatly benefit from IT involvement. Again, the likelihood of participating in an M&A transaction is increasing, making it a smart IT leadership decision to, at the very least, loosely prepare a program plan that can act as a strategic pillar throughout the transaction.

During this phase of the pre-transaction state, IT will also be asked to participate in ensuring that the potential organization being sought will be able to meet any IT-specific search criteria that was set when the transaction was put into motion.

Goal: To identify a repeatable program plan that IT can leverage when acquiring all or parts of another organization’s IT environment, ensuring customer satisfaction and business continuity

Discovery & Strategy Prerequisite Checklist

Before coming into the Discovery & Strategy phase, you should have addressed the following:

• Understand the business perspective of IT.
• Know the key stakeholders and have outlined their relationships to the M&A process.
• Be able to valuate the IT environment and communicate IT's value to the business.
• Understand the rationale for the company's decisions to pursue an acquisition and the opportunities or pain points the acquisition should address.

Discovery & Strategy

Step 2.1

Establish the M&A Program Plan

Activities

• 2.1.1 Create the mission and vision
• 2.1.2 Identify the guiding principles
• 2.1.3 Create the future-state operating model
• 2.1.4 Determine the transition team
• 2.1.5 Document the M&A governance
• 2.1.6 Create program metrics

This step involves the following participants:

• IT executive/CIO
• IT senior leadership
• Company M&A team

Outcomes of Step

Establish an M&A program plan that can be repeated across acquisitions.

The vision and mission statements clearly articulate IT’s aspirations and purpose

The IT vision statement communicates a desired future state of the IT organization, whereas the IT mission statement portrays the organization’s reason for being. While each serves its own purpose, they should both be derived from the business context implications for IT.

2.1.1 Create the mission and vision statements

2 hours

Input: Business objectives, IT capabilities, Rationale for the transaction

Output: IT’s mission and vision statements for growth strategies tied to mergers, acquisitions, and divestitures

Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create mission and vision statements that reflect IT’s intent and method to support the organization as it pursues a growth strategy.

1. Review the definitions and characteristics of mission and vision statements.
2. Brainstorm different versions of the mission and vision statements.
3. Edit the statements until you get to a single version of each that accurately reflects IT’s role in the growth process.

Record the results in the M&A Buy Playbook.

Guiding principles provide a sense of direction

IT guiding principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting IT investment portfolio management, solution development, and procurement decisions.

IT principles must be carefully constructed to make sure they are adhered to and relevant

Info-Tech has identified a set of characteristics that IT principles should possess. These characteristics ensure the IT principles are relevant and followed in the organization.

Approach focused. IT principles should be focused on the approach – how the organization is built, transformed, and operated – as opposed to what needs to be built, which is defined by both functional and non-functional requirements.

Business relevant. Create IT principles that are specific to the organization. Tie IT principles to the organization’s priorities and strategic aspirations.

Long lasting. Build IT principles that will withstand the test of time.

Prescriptive. Inform and direct decision making with actionable IT principles. Avoid truisms, general statements, and observations.

Verifiable. If compliance can’t be verified, people are less likely to follow the principle.

Easily Digestible. IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren’t a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.

Followed. Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously communicated to all stakeholders to achieve and maintain buy-in.

In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.

Consider the example principles below

2.1.2 Identify the guiding principles

2 hours

Input: Business objectives, IT capabilities, Rationale for the transaction, Mission and vision statements

Output: IT’s guiding principles for growth strategies tied to mergers, acquisitions, and divestitures

Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create the guiding principles that will direct the IT organization throughout the growth strategy process.

1. Review the role of guiding principles and the examples of guiding principles that organizations have used.
2. Brainstorm different versions of the guiding principles. Each guiding principle should start with the phrase “We will…”
3. Edit and consolidate the statements until you have a list of approximately eight to ten statements that accurately reflect IT’s role in the growth process.
4. Review the guiding principles every six months to ensure they continue to support the delivery of the business’ growth strategy goals.

Record the results in the M&A Buy Playbook.

Create two IT teams to support the transaction

IT M&A Transaction Team

• The IT M&A Transaction Team should consist of the strongest members of the IT team who can be expected to deliver on unusual or additional tasks not asked of them in normal day-to-day operations.
• The roles selected for this team will have very specific skills sets or deliver on critical integration capabilities, making their involvement in the combination of two or more IT environments paramount.
• These individuals need to have a history of proving themselves very trustworthy, as they will likely be required to sign an NDA as well.
• Expect to have to certain duplicate capabilities or roles across the M&A transaction team and operational team.

IT Operational Team

• This group is responsible for ensuring the business operations continue.
• These employees might be those who are newer to the organization but can be counted on to deliver consistent IT services and products.
• The roles of this team should ensure that end users or external customers remain satisfied.

Key capabilities to support M&A

Consider the following capabilities when looking at who should be a part of the M&A transaction team.

Employees who have a significant role in ensuring that these capabilities are being delivered will be a top priority.

Infrastructure

• Systems Integration
• Data Management

Business Focus

• Service-Level Management
• Enterprise Architecture
• Stakeholder Management
• Project Management

Risk & Security

• Privacy Management
• Security Management
• Risk & Compliance Management

Build a lasting and scalable operating model

An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy.

It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design.

The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.

As you assess the current operating model, consider the following:

• Does the operating model contain all the necessary capabilities your IT organization requires to be successful?
• What capabilities should be duplicated?
• Are there individuals with the skill set to support those roles? If not, is there a plan to acquire or develop those skills?
• A dedicated project team strictly focused on M&A is great. However, is it feasible for your organization? If not, what blockers exist?

Info-Tech Insight

Investing time up-front getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and allowing your model to change as the business changes.

2.1.3 Create the future-state operating model

4 hours

Input: Current operating model, IT strategy, IT capabilities, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

Output: Future-state operating model

Materials: Operating model, Capability overlay, Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to establish what the future-state operating model will be if your organization needs to adjust to support a growth transaction.

1. Ensuring that all the IT capabilities are identified by the business and IT strategy, document your organization’s current operating model.
2. Identify what core capabilities would be critical to the buying transaction process and integration. Highlight and make copies of those capabilities in the M&A Buy Playbook.
3. Arrange the capabilities to clearly show the flow of inputs and outputs. Identify critical stakeholders of the process (such as customers or end users) if that will help the flow.
4. Ensure the capabilities that will be decentralized are clearly identified. Decentralized capabilities do not exist within the central IT organization but rather in specific lines of businesses or products to better understand needs and deliver on the capability.

An example operating model is included in the M&A Buy Playbook. This process benefits from strong reference architecture and capability mapping ahead of time.

Record the results in the M&A Buy Playbook.

2.1.4 Determine the transition team

Input: IT capabilities, Future-state operating model, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

Output: Transition team

Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create a team that will support your IT organization throughout the transaction. Determining which capabilities and therefore which roles will be required ensures that the business will continue to get the operational support it needs.

1. Based on the outcome of activity 2.1.3, review the capabilities that your organization will require on the transition team. Group capabilities into functional groups containing capabilities that are aligned well with one another because they have similar responsibilities and functionalities.
2. Replace the capabilities with roles. For example, stakeholder management, requirements gathering, and project management might be one functional group. Project management and stakeholder management might combine to create a project manager role.
3. Review the examples in the M&A Buy Playbook and identify which roles will be a part of the transition team.

For more information, see Redesign Your Organizational Structure

What is governance?

And why does it matter so much to IT and the M&A process?

• Governance is the method in which decisions get made, specifically as they impact various resources (time, money, and people).
• Because M&A is such a highly governed transaction, it is important to document the governance bodies that exist in your organization.
• This will give insight into what types of governing bodies there are, what decisions they make, and how that will impact IT.
• For example, funds to support integration need to be discussed, approved, and supplied to IT from a governing body overseeing the acquisition.
• A highly mature IT organization will have automated governance, while a seemingly non-existent governance process will be considered ad hoc.

2.1.5 Document M&A governance

1-2 hours

Input: List of governing bodies, Governing body committee profiles, Governance structure

Output: Documented method on how decisions are made as it relates to the M&A transaction

Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to determine the method in which decisions are made throughout the M&A transaction as it relates to IT. This will require understanding both governing bodies internal to IT and those external to IT.

1. First, determine the other governance structures within the organization that will impact the decisions made about M&A. List out these bodies or committees.
2. Create a profile for each committee that looks at the membership, purpose of the committee, decision areas (authority), and the process of inputs and outputs. Ensure IT committees that will have a role in this process are also documented. Consider the benefits realized, risks, and resources required for each.
3. Organize the committees into a structure, identifying the committees that have a role in defining the strategy, designing and building, and running.

Record the results in the M&A Buy Playbook.

Current-state structure map – definitions of tiers

Strategy: These groups will focus on decisions that directly connect to the strategic direction of the organization.

Design & Build: The second tier of groups will oversee prioritization of a certain area of governance as well as design and build decisions that feed into strategic decisions.

Run: The lowest level of governance will be oversight of more-specific initiatives and capabilities within IT.

Expect tier overlap. Some committees will operate in areas that cover two or three of these governance tiers.

Measure the IT program’s success in terms of its ability to support the business’ M&A goals

Upper management will measure IT’s success based on your ability to support the underlying reasons for the M&A. Using business metrics will help assure business stakeholders that IT understands their needs and is working with the business to achieve them.

Business-Specific Metrics

• Revenue Growth: Increase in the top line as seen by market expansion, product expansion, etc. by percentage/time.
• Synergy Extraction: Reduction in costs as determined by the ability to identify and eliminate redundancies over time.
• Profit Margin Growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs over time.

IT-Specific Metrics

• IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure over time.
• Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
• Meeting or improving on IT budget estimates: Delivering successful IT integration on a budget that is the same or lower than the budget estimated during due diligence.
• Meeting or improving on IT time-to-integration estimates: Delivering successful IT integration on a timeline that is the same or shorter than the timeline estimated during due diligence.
• Business capability support: Delivering the end state of IT that supports the expected business capabilities and growth.

Establish your own metrics to gauge the success of IT

Establish SMART M&A Success Metrics

• What should IT consider when looking to identify potential additions, deletions, or modifications that will either add value to the organization or reduce costs/risks?
• Provide a definition of synergies.
• IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure.
• Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
• Meeting or improving on IT budget estimates: Delivering successful IT integration on a budget that is the same or lower than the budget estimated during due diligence.
• Meeting or improving on IT time-to-integration estimates: Delivering successful IT integration on a timeline that is the same or shorter than the timeline estimated during due diligence.
• Revenue growth: Increase in the top line as a result, as seen by market expansion, product expansion, etc.
• Synergy extraction: Reduction in costs, as determined by the ability to identify and eliminate redundancies.
• Profit margin growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs.

Metrics for each phase

2.1.6 Create program metrics

1-2 hours

Input: IT capabilities, Mission, vision, and guiding principles, Rationale for the acquisition

Output: Program metrics to support IT throughout the M&A process

Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to determine how IT’s success throughout a growth transaction will be measured and determined.

1. Document a list of appropriate metrics on the whiteboard. Remember to include metrics that demonstrate the business impact. You can use the sample metrics listed on the previous slide as a starting point.
2. Set a target and deadline for each metric. This will help the group determine when it is time to evaluate progression.
3. Establish a baseline for each metric based on information collected within your organization.
4. Assign an owner for tracking each metric as well as someone to be accountable for performance.

Record the results in the M&A Buy Playbook.

Discovery & Strategy

Step 2.2

Prepare IT to Engage in the Acquisition

Activities

• 2.2.1 Establish the integration strategy
• 2.2.2 Conduct a RACI
• 2.2.3 Create the communication plan
• 2.2.4 Assess the potential organization(s)

This step involves the following participants:

• IT executive/CIO
• IT senior leadership
• Company M&A team

Outcomes of Step

Identify IT’s plan of action when it comes to the acquisition and align IT’s integration strategy with the business’ M&A strategy.

Integration strategies

There are several IT integration strategies that will help you achieve your target technology environment.

IT Integration Strategies

• Absorption. Convert the target organization’s strategy, structure, processes, and/or systems to that of the acquiring organization.
• Best-of-Breed. Pick and choose the most effective people, processes, and technologies to form an efficient operating model.
• Transformation Retire systems from both organizations and use collective capabilities, data, and processes to create something entirely new.
• Preservation Retain individual business units that will operate within their own capability. People, processes, and technologies are unchanged.

The approach IT takes will depend on the business objectives for the M&A.

• Generally speaking, the integration strategy is well understood and influenced by the frequency of and rationale for acquiring.
• Based on the initiatives generated by each business process owner, you need to determine the IT integration strategy that will best support the desired target technology environment.

Key considerations when choosing an IT integration strategy include:

• What are the main business objectives of the M&A?
• What are the key synergies expected from the transaction?
• What IT integration best helps obtain these benefits?
• What opportunities exist to position the business for sustainable growth?

Absorption and best-of-breed

Review highlights and drawbacks of absorption and best-of-breed integration strategies

Absorption

Highlights
• Recommended for businesses striving to reduce costs and drive efficiency gains.
• Economies of scale realized through consolidation and elimination of redundant applications.
• Quickest path to a single company operation and systems as well as lower overall IT cost.

Drawbacks
• Potential for disruption of the target company’s business operations.
• Requires significant business process changes.
• Disregarding the target offerings altogether may lead to inferior system decisions that do not yield sustainable results.

Best-of-Breed

Highlights
• Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
• Each side has a unique offering but complementing capabilities.
• Potential for better buy-in from the target because some of their systems are kept, resulting in willingness to

Drawbacks
• May take longer to integrate because it tends to present increased complexity that results in higher costs and risks.
• Requires major integration efforts from both sides of the company. If the target organization is uncooperative, creating the desired technology environment will be difficult.

Transformation and preservation

Review highlights and drawbacks of transformation and preservation integration strategies

Transformation

Highlights
• This is the most customized approach, although it is rarely used.
• It is essential to have an established long-term vision of business capabilities when choosing this path.
• When executed correctly, this approach presents potential for significant upside and creation of sustainable competitive advantages.

Drawbacks
• This approach requires extensive time to implement, and the cost of integration work may be significant.
• If a new system is created without strategic capabilities, the organizations will not realize long-term benefits.
• The cost of correcting complexities at later stages in the integration effort may be drastic.

Preservation

Highlights
• This approach is appropriate if the merging organizations will remain fairly independent, if there will be limited or no communication between companies, and if the companies’ market strategies, products, and channels are entirely distinct.
• Environment can be accomplished quickly and at a low cost.

Drawbacks
• Impact to each business is minimal, but there is potential for lost synergies and higher operational costs. This may be uncontrollable if the natures of the two businesses are too different to integrate.
• Reduced benefits and limited opportunities for IT integration.

2.2.1 Establish the integration strategy

1-2 hours

Input: Business integration strategy, Guiding principles, M&A governance

Output: IT’s integration strategy

Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to determine IT’s approach to integration. The approach might differ slightly from transaction to transaction. However, the business’ approach to transactions should give insight into the general integration strategy IT should adopt.

1. Make sure you have clearly articulated the business objectives for the M&A, the technology end state for IT, and the magnitude of the overall integration.
2. Review and discuss the highlights and drawbacks of each type of integration.
3. Use Info-Tech’s Integration Posture Selection Framework on the next slide to select the integration posture that will appropriately enable the business. Consider these questions during your discussion:
   1. What are the main business objectives of the M&A? What key IT capabilities will need to support business objectives?
   2. What key synergies are expected from the transaction? What opportunities exist to position the business for sustainable growth?
   3. What IT integration best helps obtain these benefits?

Record the results in the M&A Buy Playbook.

Integration Posture Selection Framework

2.2.2 Conduct a RACI

1-2 hours

Input: IT capabilities, Transition team, Integration strategy

Output: Completed RACI for transition team

Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to identify the core accountabilities and responsibilities for the roles identified as critical to your transition team. While there might be slight variation from transaction to transaction, ideally each role should be performing certain tasks.

1. First, identify a list of critical tasks that need to be completed to support the purchase or acquisition. For example:
   • Communicate with the company M&A team.
   • Identify critical IT risks that could impact the organization after the transaction.
   • Identify key artifacts to collect and review during due diligence.
2. Next, identify at the activity level which role is accountable or responsible for each activity. Enter an A for accountable, R for responsible, or A/R for both.

Record the results in the M&A Buy Playbook.

Communication and change

Prepare key stakeholders for the potential changes

• Anytime you are starting a project or program that will depend on users and stakeholders to give up their old way of doing things, change will force people to become novices again, leading to lost productivity and added stress.
• Change management can improve outcomes for any project where you need people to adopt new tools and procedures, comply with new policies, learn new skills and behaviors, or understand and support new processes.
• M&As move very quickly, and it can be very difficult to keep track of which stakeholders you need to be communicating with and what you should be communicating.
• Not all organizations embrace or resist change in the same ways. Base your change communications on your organization’s cultural appetite for change in general.
  • Organizations with a low appetite for change will require more direct, assertive communications.
  • Organizations with a high appetite for change are more suited to more open, participatory approaches.

Three key dimensions determine the appetite for cultural change:

• Power Distance. Refers to the acceptance that power is distributed unequally throughout the organization.
  In organizations with a high power distance, the unequal power distribution is accepted by the less powerful employees.
• Individualism. Organizations that score high in individualism have employees who are more independent. Those who score low in individualism fall into the collectivism side, where employees are strongly tied to one another or their groups.
• Uncertainty Avoidance. Describes the level of acceptance that an organization has toward uncertainty. Those who score high in this area find that their employees do not favor uncertain situations, while those that score low in this area find that their employees are comfortable with change and uncertainty.

2.2.3 Create the communication plan

1-2 hours

Input: IT’s M&A mission, vision, and guiding principles, M&A transition team, IT integration strategy, RACI

Output: IT’s M&A communication plan

Materials: Flip charts/whiteboard, Markers, RACI, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create a communication plan that IT can leverage throughout the initiative.

1. Create a structured communication plan that allows for continuous communication with the integration management office, senior management, and the business functional heads.
2. Outline key topics of communication, with stakeholders, inputs, and outputs for each topic.
3. Review Info-Tech’s example communication plan in the M&A Buy Playbook and update it with relevant information.
4. Does this communication plan make sense for your organization? What doesn’t make sense? Adjust the communication guide to suit your organization.

Record the results in the M&A Buy Playbook.

Assessing potential organizations

As soon as you have identified organizations to consider, it’s imperative to assess critical risks. Most IT leaders can attest that they will receive little to no notice when they have to assess the IT organization of a potential purchase. As a result, having a standardized template to quickly gauge the value of the business can be critical.

Ways to Assess

1. News: Assess what sort of news has been announced in relation to the organization. Have they had any risk incidents? Has a critical vendor announced working with them?
2. LinkedIn: Scan through the LinkedIn profiles of employees. This will give you a sense of what platforms they have based on their employees.
3. Trends: Some industries will have specific solutions that are relevant and popular. Assess what the key players are (if you don’t already know) to determine the solution.
4. Business Architecture: While this assessment won’t perfect, try to understand the business’ value streams and the critical business and IT capabilities that would be needed to support them.

2.2.4 Assess the potential organization(s)

1-2 hours

Input: Publicized historical risk events, Solutions and vendor contracts likely in the works, Trends

Output: IT’s valuation of the potential organization(s) for acquisition

Materials: M&A Buy Playbook

Participants: IT executive/CIO

The purpose of this activity is to assess the organization(s) that your organization is considering purchasing.

1. Complete the Historical Valuation Worksheet in the M&A Buy Playbook to understand the type of IT organization that your company may inherit and need to integrate with.
   • The business likely isn’t looking for in-depth details at this time. However, as the IT leader, it is your responsibility to ensure critical risks are identified and communicated to the business.
2. Use the information identified to help the business narrow down which organizations should be targeted for the acquisition.

Record the results in the M&A Buy Playbook.

By the end of this pre-transaction phase you should:

Have a program plan for M&As and a repeatable M&A strategy for IT when engaging in growth transactions

Key outcomes from the Discovery & Strategy phase

• Be prepared to analyze and recommend potential organizations that the business can acquire or merge with, using a strong program plan that can be repeated across transactions.
• Create a M&A strategy that accounts for all the necessary elements of a transaction and ensures sufficient governance, capabilities, and metrics exist.

Key deliverables from the Discovery & Strategy phase

• Create vision and mission statements
• Establish guiding principles
• Create a future-state operating model
• Identify the key roles for the transaction team
• Identify and communicate the M&A governance
• Determine target metrics
• Identify the M&A operating model
• Select the integration strategy framework
• Conduct a RACI for key transaction tasks for the transaction team
• Document the communication plan

M&A Buy Blueprint

Phase 3

Due Diligence & Preparation

This phase will walk you through the following activities:

• Drive value with a due diligence charter
• Identify data room artifacts
• Assess technical debt
• Valuate the target IT organization
• Assess culture
• Prioritize integration tasks
• Establish the integration roadmap
• Identify the needed workforce supply
• Estimate integration costs
• Create an employee transition plan
• Create functional workplans for employees
• Align project metrics with identified tasks

This phase involves the following participants:

• IT executive/CIO
• IT senior leadership
• Company M&A team
• Business leaders
• Prospective IT organization
• Transition team

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

What is the Due Diligence & Preparation phase?

Mid-transaction state

The Due Diligence & Preparation phase during an acquisition is a critical time for IT. If IT fails to proactively participate in this phase, IT will have to merely react to integration expectations set by the business.

While not all IT organizations are able to participate in this phase, the evolving nature of M&As to be driven by digital and technological capabilities increases the rationale for IT being at the table. Identifying critical IT risks, which will inevitably be business risks, begins during the due diligence phase.

This is also the opportunity for IT to plan how it will execute the planned integration strategy. Having access to critical information only available in data rooms will further enable IT to successfully plan and execute the acquisition to deliver the value the business is seeking through a growth transaction.

Goal: To thoroughly evaluate all potential risks associated with the organization(s) being pursued and create a detailed plan for integrating the IT environments

Due Diligence Prerequisite Checklist

Before coming into the Due Diligence & Preparation phase, you must have addressed the following:

• Understand the rationale for the company's decisions to pursue an acquisition and what opportunities or pain points the acquisition should alleviate.
• Identify the key roles for the transaction team.
• Identify the M&A governance.
• Determine target metrics.
• Select an integration strategy framework.
• Conduct a RACI for key transaction tasks for the transaction team.

Before coming into the Due Diligence & Preparation phase, we recommend addressing the following:

• Create vision and mission statements.
• Establish guiding principles.
• Create a future-state operating model.
• Identify the M&A operating model.
• Document the communication plan.
• Examine the business perspective of IT.
• Identify key stakeholders and outline their relationship to the M&A process.
• Be able to valuate the IT environment and communicate IT’s value to the business.

The Technology Value Trinity

Delivery of Business Value & Strategic Needs

• Digital & Technology Strategy

  The identification of objectives and initiatives necessary to achieve business goals.

• IT Operating Model

  The model for how IT is organized to deliver on business needs and strategies.

• Information & Technology Governance

  The governance to ensure the organization and its customers get maximum value from the use of information and technology.

All three elements of the Technology Value Trinity work in harmony to deliver business value and achieve strategic needs. As one changes, the others need to change as well.

• Digital and IT Strategy tells you what you need to achieve to be successful.
• IT Operating Model and Organizational Design is the alignment of resources to deliver on your strategy and priorities.
• Information & Technology Governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy. It’s the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy. This oversight evaluates, directs, and monitors the delivery of outcomes to ensure that the use of resources results in the achieving the organization’s goals.

Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest – not based on what is in the best interest of the organization.

Due Diligence & Preparation

Step 3.1

Assess the Target Organization

Activities

• 3.1.1 Drive value with a due diligence charter
• 3.1.2 Identify data room artifacts
• 3.1.3 Assess technical debt
• 3.1.4 Valuate the target IT organization
• 3.1.5 Assess culture

This step involves the following participants:

• IT executive/CIO
• IT senior leadership
• Company M&A team
• Business leaders
• Prospective IT organization
• Transition team

Outcomes of Step

This step of the process is when IT should actively evaluate the target organization being pursued for acquisition.

3.1.1 Drive value with a due diligence charter

1-2 hours

Input: Key roles for the transaction team, M&A governance, Target metrics, Selected integration strategy framework, RACI of key transaction tasks for the transaction team

Output: IT Due Diligence Charter

Materials: M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create a charter leveraging the items completed in the previous phase, as listed on the Due Diligence Prerequisite Checklist slide, to gain executive sign-off.

1. In the IT Due Diligence Charter in the M&A Buy Playbook, complete the aspects of the charter that are relevant for you and your organization.
2. We recommend including these items in the charter:
   • Communication plan
   • Transition team roles
   • Goals and metrics for the transaction
   • Integration strategy
   • Acquisition RACI
3. Once the charter has been completed, ensure that business executives agree to the charter and sign off on the plan of action.

Record the results in the M&A Buy Playbook.

3.1.2 Identify data room artifacts

4 hours

Input: Future-state operating model, M&A governance, Target metrics, Selected integration strategy framework, RACI of key transaction tasks for the transaction team

Output: List of items to acquire and review in the data room

Materials: Critical domain lists on following slides, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

The purpose of this activity is to create a list of the key artifacts that should be asked for and reviewed during the due diligence process.

1. Review the lists on the following pages as a starting point. Identify which domains, stakeholders, artifacts, and information should be requested for the data room. This information should be directed to the target organization.
2. IT leadership may or may not be asked to enter the data room directly. Therefore, it’s important that you clearly identify these artifacts.
3. List each question or concern, select the associated workstream in the M&A Buy Playbook, and update the status of the information retrieval.
4. Use the comments section to document your discoveries or concerns.

Record the results in the M&A Buy Playbook.

Critical domains

Understand the key stakeholders and outputs for each domain

Each critical domain will likely have different stakeholders who know that domain best. Communicate with these stakeholders throughout the M&A process to make sure you are getting accurate information and interpreting it correctly.

Critical domains (continued)

Understand the key stakeholders and outputs for each domain

Assess the target organization’s technical debt

The other organization could be costly to purchase if not yet modernizing.

• Consider the potential costs that your business will have to spend to get the other IT organization modernized or even digital.
• This will be highly affected by your planned integration strategy.
• A best-of-breed strategy might simply mean there's little to bring over from the other organization’s environment.
• It’s often challenging to identify a direct financial cost for technical debt. Consider direct costs but also assess categories of impact that can have a long-term effect on your business: lost customer, staff, or business partner goodwill; limited flexibility and resilience; and health, safety, and compliance impacts.
• Use more objective measures to track subjective impact. For example, consider the number of customers who could be significantly affected by each tech debt in the next quarter.

Focus on solving the problems you need to address.

Analyzing technical debt has value in that the analysis can help your organization make better risk management and resource allocation decisions.

Review these examples of technical debt

Do you have any of these challenges?

Applications

• Inefficient or incomplete code
• Fragile or obsolete systems of record that limit the implementation of new functionality
• Out-of-date IDEs or compilers
• Unsupported applications

Data & Analytics

• Data presented via API that does not conform to chosen standards (EDI, NRF-ARTS, etc.)
• Poor data governance
• No transformation between OLTP and the data warehouse
• Heavy use of OLTP for reporting
• Lack of AI model and decision governance, maintenance

End-User Computing

• Aging and slow equipment
• No configuration management
• No MDM/UEM

Security

• Unpatched/unpatchable systems
• Legacy firewalls
• No data classification system
• “Perimeter” security architecture
• No documented security incident response
• No policies, or unenforced policies

Operations

• Incomplete, ineffective, or undocumented business continuity and disaster recovery plans
• Insufficient backups or archiving
• Inefficient MACD processes
• Application sprawl with no record of installed applications or licenses
• No ticketing or ITSM system
• No change management process
• No problem management process
• No event/alert management

Infrastructure

• End-of-life/unsupported equipment
• Aging power or cooling systems
• Water- or halon-based data center fire suppression systems
• Out-of-date firmware
• No DR site
• Damaged or messy cabling
• Lack of system redundancy
• Integrated computers on business equipment (e.g. shop floor equipment, medical equipment) running out-of-date OS/software

Project & Portfolio Management

• No project closure process
• Ineffective project intake process
• No resource management practices

“This isn’t a philosophical exercise. Knowing what you want to get out of this analysis informs the type of technical debt you will calculate and the approach you will take.” (Scott Buchholz, CTO, Deloitte Government & Public Services Practice, The Wall Street Journal, 2015)

3.1.3 Assess technical debt

1-2 hours

Input: Participant views on organizational tech debt, Five to ten key technical debts, Business impact scoring scales, Reasonable next-quarter scenarios for each technical debt, Technical debt business impact analysis

Output: Initial list of tech debt for the target organization

Materials: Whiteboard, Sticky notes, Technical Debt Business Impact Analysis Tool, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Business leaders, Transition team

The purpose of this activity is to assess the technical debt of the other IT organization. Taking on unnecessary technical debt is one of the biggest risks to the IT environment

1. This activity can be completed by leveraging the blueprint Manage Your Technical Debt, specifically the Technical Debt Business Impact Analysis Tool. Complete the following activities in the blueprint:
   • 1.2.1 Identify your technical debt
   • 1.2.2 Select tech debt for your impact analysis
   • 2.2.2 Estimate tech debt impact
   • 2.2.3 Identify the most-critical technical debts
2. Review examples of technical debt in the previous slide to assist you with this activity.
3. Document the results from tab 3, Impact Analysis, in the M&A Buy Playbook if you are trying to record all artifacts related to the transaction in one place.

Record the results in the M&A Buy Playbook.

How to valuate an IT environment

And why it matters so much

• Valuating the target organization’s IT environment is a critical step to fully understand what it might be worth. Business partners are often not in the position to valuate the IT aspects to the degree that you would be.
• The business investments in IT can be directly translated to a value amount. Meaning for every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
• Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT can be so critical.
• There are three ways a business or asset can be valuated:
  • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
  • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
  • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.

The IT valuation conducted during due diligence can have a significant impact on the final financials of the transaction for the business.

3.1.4 Valuate the target IT organization

1 day

Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

Output: Valuation of target organization’s IT

Materials: Relevant templates/tools, Capital budget, Operating budget, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Prospective IT organization

The purpose of this activity is to valuate the other IT organization.

1. Review each of slides 42 to 45 to generate a valuation of IT’s data, applications, infrastructure, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount. For more information on this activity, review Activity 1.2.1 from the Proactive phase.
2. Identify financial amounts for each critical area and add the financial output to the summary slide in the M&A Buy Playbook.
3. Compare this information against your own IT organization’s valuation.
   1. Does it add value to your IT organization?
   2. Is there too much risk to accept if this transaction goes through?

Info-Tech Insight

Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

Record the results in the M&A Buy Playbook.

Culture should not be overlooked, especially as it relates to the integration of IT environments

• There are three types of culture that need to be considered.
• Most importantly, this transition is an opportunity to change the culture that might exist in your organization’s IT environment.
• Make a decision on which type of culture you’d like IT to have post-transition.

Target Organization’s Culture

The culture that the target organization is currently embracing. Their established and undefined governance practices will lend insight into this.

Your Organization’s Culture

The culture that your organization is currently embracing. Examine people’s attitudes and behaviors within IT toward their jobs and the organization.

Ideal Culture

What will the future culture of the IT organization be once integration is complete? Are there aspects that your current organization and the target organization embrace that are worth considering?

Culture categories

Map the results of the IT Culture Diagnostic to an existing framework

Culture Considerations

• What culture category was dominant for each IT organization?
• Do you share the same dominant category?
• Is your current dominant culture category the most ideal to have post-integration?